Removing crypto/third_party/nss/ and removing crypto _win files
BUG=604728
Review-Url: https://codereview.chromium.org/1924093006
Cr-Commit-Position: refs/heads/master@{#391048}
diff --git a/crypto/BUILD.gn b/crypto/BUILD.gn
index 5c5ac48..479fe42 100644
--- a/crypto/BUILD.gn
+++ b/crypto/BUILD.gn
@@ -33,7 +33,6 @@
"hkdf.h",
"hmac.cc",
"hmac.h",
- "hmac_openssl.cc",
"mac_security_services_lock.cc",
"mac_security_services_lock.h",
@@ -72,10 +71,8 @@
"signature_creator.h",
"signature_verifier.cc",
"signature_verifier.h",
+ "symmetric_key.cc",
"symmetric_key.h",
- "symmetric_key_openssl.cc",
- "third_party/nss/chromium-sha256.h",
- "third_party/nss/sha512.cc",
]
# TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
@@ -141,16 +138,12 @@
"crypto_export.h",
"hmac.cc",
"hmac.h",
- "hmac_win.cc",
- "scoped_capi_types.h",
- "scoped_nss_types.h",
+ "openssl_util.cc",
+ "openssl_util.h",
"secure_util.cc",
"secure_util.h",
+ "symmetric_key.cc",
"symmetric_key.h",
- "symmetric_key_win.cc",
- "third_party/nss/chromium-blapi.h",
- "third_party/nss/chromium-sha256.h",
- "third_party/nss/sha512.cc",
]
deps = [
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
index 8849285..8ed2ab2 100644
--- a/crypto/crypto.gyp
+++ b/crypto/crypto.gyp
@@ -22,12 +22,6 @@
'defines': [
'CRYPTO_IMPLEMENTATION',
],
- 'sources!': [
- 'third_party/nss/chromium-nss.h',
- 'third_party/nss/chromium-prtypes.h',
- 'third_party/nss/chromium-sha256.h',
- 'third_party/nss/sha512.cc',
- ],
'conditions': [
[ 'os_posix == 1 and OS != "mac" and OS != "ios" and OS != "android"', {
'dependencies': [
@@ -42,11 +36,6 @@
},
],
],
- }, { # os_posix != 1 or OS == "mac" or OS == "ios" or OS == "android"
- 'sources!': [
- 'hmac_win.cc',
- 'symmetric_key_win.cc',
- ],
}],
[ 'OS != "mac" and OS != "ios"', {
'sources!': [
@@ -167,6 +156,7 @@
'dependencies': [
'../base/base.gyp:base_win64',
'../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations_win64',
+ '../third_party/boringssl/boringssl.gyp:boringssl_nacl_win64',
],
'sources': [
'<@(nacl_win64_sources)',
diff --git a/crypto/crypto.gypi b/crypto/crypto.gypi
index 0709ac1..dadc0ea 100644
--- a/crypto/crypto.gypi
+++ b/crypto/crypto.gypi
@@ -8,17 +8,15 @@
# This is required so that we can build them for nacl win64.
'variables': {
'hmac_win64_related_sources': [
+ 'crypto_export.h',
'hmac.cc',
'hmac.h',
- 'hmac_win.cc',
+ 'openssl_util.cc',
+ 'openssl_util.h',
'secure_util.cc',
'secure_util.h',
+ 'symmetric_key.cc',
'symmetric_key.h',
- 'symmetric_key_win.cc',
- 'third_party/nss/chromium-prtypes.h',
- 'third_party/nss/chromium-sha256.h',
- 'third_party/nss/sha512.cc',
- 'wincrypt_shim.h',
],
},
'crypto_sources': [
@@ -33,7 +31,6 @@
'auto_cbb.h',
'capi_util.cc',
'capi_util.h',
- 'crypto_export.h',
'cssm_init.cc',
'cssm_init.h',
'curve25519.cc',
@@ -48,7 +45,6 @@
'encryptor.h',
'hkdf.cc',
'hkdf.h',
- 'hmac_openssl.cc',
'mac_security_services_lock.cc',
'mac_security_services_lock.h',
'mock_apple_keychain.cc',
@@ -65,8 +61,6 @@
'nss_util_internal.h',
'openssl_bio_string.cc',
'openssl_bio_string.h',
- 'openssl_util.cc',
- 'openssl_util.h',
'p224.cc',
'p224.h',
'random.h',
@@ -83,7 +77,7 @@
'signature_creator.h',
'signature_verifier.cc',
'signature_verifier.h',
- 'symmetric_key_openssl.cc',
+ 'wincrypt_shim.h',
],
'nacl_win64_sources': [
'<@(hmac_win64_related_sources)',
diff --git a/crypto/crypto_nacl.gyp b/crypto/crypto_nacl.gyp
index 255c42c..c7c01a8 100644
--- a/crypto/crypto_nacl.gyp
+++ b/crypto/crypto_nacl.gyp
@@ -38,8 +38,6 @@
['exclude', '^cssm_'],
['exclude', '^nss_'],
['exclude', '^mac_'],
- ['exclude', '^third_party/nss/'],
- ['include', '^third_party/nss/sha512.cc'],
],
},
],
diff --git a/crypto/hmac.cc b/crypto/hmac.cc
index 333e357..c3c43da 100644
--- a/crypto/hmac.cc
+++ b/crypto/hmac.cc
@@ -4,24 +4,28 @@
#include "crypto/hmac.h"
+#include <openssl/hmac.h>
#include <stddef.h>
#include <algorithm>
-#include <memory>
#include "base/logging.h"
+#include "base/stl_util.h"
+#include "crypto/openssl_util.h"
#include "crypto/secure_util.h"
#include "crypto/symmetric_key.h"
namespace crypto {
-bool HMAC::Init(SymmetricKey* key) {
- std::string raw_key;
- bool result = key->GetRawKey(&raw_key) && Init(raw_key);
- // Zero out key copy. This might get optimized away, but one can hope.
- // Using std::string to store key info at all is a larger problem.
- std::fill(raw_key.begin(), raw_key.end(), 0);
- return result;
+HMAC::HMAC(HashAlgorithm hash_alg) : hash_alg_(hash_alg), initialized_(false) {
+ // Only SHA-1 and SHA-256 hash algorithms are supported now.
+ DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256);
+}
+
+HMAC::~HMAC() {
+ // Zero out key copy.
+ key_.assign(key_.size(), 0);
+ STLClearObject(&key_);
}
size_t HMAC::DigestLength() const {
@@ -36,6 +40,35 @@
}
}
+bool HMAC::Init(const unsigned char* key, size_t key_length) {
+ // Init must not be called more than once on the same HMAC object.
+ DCHECK(!initialized_);
+ initialized_ = true;
+ key_.assign(key, key + key_length);
+ return true;
+}
+
+bool HMAC::Init(SymmetricKey* key) {
+ std::string raw_key;
+ bool result = key->GetRawKey(&raw_key) && Init(raw_key);
+ // Zero out key copy. This might get optimized away, but one can hope.
+ // Using std::string to store key info at all is a larger problem.
+ std::fill(raw_key.begin(), raw_key.end(), 0);
+ return result;
+}
+
+bool HMAC::Sign(const base::StringPiece& data,
+ unsigned char* digest,
+ size_t digest_length) const {
+ DCHECK(initialized_);
+
+ ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length);
+ return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(),
+ key_.data(), key_.size(),
+ reinterpret_cast<const unsigned char*>(data.data()),
+ data.size(), result.safe_buffer(), NULL);
+}
+
bool HMAC::Verify(const base::StringPiece& data,
const base::StringPiece& digest) const {
if (digest.size() != DigestLength())
diff --git a/crypto/hmac.h b/crypto/hmac.h
index ec32ed7c..2421333 100644
--- a/crypto/hmac.h
+++ b/crypto/hmac.h
@@ -11,6 +11,7 @@
#include <stddef.h>
#include <memory>
+#include <vector>
#include "base/compiler_specific.h"
#include "base/macros.h"
@@ -20,7 +21,6 @@
namespace crypto {
// Simplify the interface and reduce includes by abstracting out the internals.
-struct HMACPlatformData;
class SymmetricKey;
class CRYPTO_EXPORT HMAC {
@@ -86,7 +86,8 @@
private:
HashAlgorithm hash_alg_;
- std::unique_ptr<HMACPlatformData> plat_;
+ bool initialized_;
+ std::vector<unsigned char> key_;
DISALLOW_COPY_AND_ASSIGN(HMAC);
};
diff --git a/crypto/hmac_openssl.cc b/crypto/hmac_openssl.cc
deleted file mode 100644
index d88c091..0000000
--- a/crypto/hmac_openssl.cc
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/hmac.h"
-
-#include <openssl/hmac.h>
-#include <stddef.h>
-
-#include <algorithm>
-#include <memory>
-#include <vector>
-
-#include "base/logging.h"
-#include "base/stl_util.h"
-#include "crypto/openssl_util.h"
-
-namespace crypto {
-
-struct HMACPlatformData {
- std::vector<unsigned char> key;
-};
-
-HMAC::HMAC(HashAlgorithm hash_alg) : hash_alg_(hash_alg) {
- // Only SHA-1 and SHA-256 hash algorithms are supported now.
- DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256);
-}
-
-bool HMAC::Init(const unsigned char* key, size_t key_length) {
- // Init must not be called more than once on the same HMAC object.
- DCHECK(!plat_);
- plat_.reset(new HMACPlatformData());
- plat_->key.assign(key, key + key_length);
- return true;
-}
-
-HMAC::~HMAC() {
- if (plat_) {
- // Zero out key copy.
- plat_->key.assign(plat_->key.size(), 0);
- STLClearObject(&plat_->key);
- }
-}
-
-bool HMAC::Sign(const base::StringPiece& data,
- unsigned char* digest,
- size_t digest_length) const {
- DCHECK(plat_); // Init must be called before Sign.
-
- ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length);
- return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(),
- plat_->key.data(), plat_->key.size(),
- reinterpret_cast<const unsigned char*>(data.data()),
- data.size(), result.safe_buffer(), NULL);
-}
-
-} // namespace crypto
diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc
deleted file mode 100644
index ab290815..0000000
--- a/crypto/hmac_win.cc
+++ /dev/null
@@ -1,210 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/hmac.h"
-
-#include <windows.h>
-#include <stddef.h>
-
-#include <algorithm>
-#include <vector>
-
-#include "base/logging.h"
-#include "crypto/scoped_capi_types.h"
-#include "crypto/third_party/nss/chromium-blapi.h"
-#include "crypto/third_party/nss/chromium-sha256.h"
-#include "crypto/wincrypt_shim.h"
-
-namespace crypto {
-
-namespace {
-
-// Implementation of HMAC-SHA-256:
-//
-// SHA-256 is supported in Windows XP SP3 or later. We still need to support
-// Windows XP SP2, so unfortunately we have to implement HMAC-SHA-256 here.
-
-enum {
- SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256.
-};
-
-// NSS doesn't accept size_t for text size, divide the data into smaller
-// chunks as needed.
-void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text,
- size_t text_len) {
- const unsigned int kChunkSize = 1 << 30;
- while (text_len > kChunkSize) {
- SHA256_Update(ctx, text, kChunkSize);
- text += kChunkSize;
- text_len -= kChunkSize;
- }
- SHA256_Update(ctx, text, (unsigned int)text_len);
-}
-
-// See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC).
-void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
- const unsigned char* text, size_t text_len,
- unsigned char* output, size_t output_len) {
- SHA256Context ctx;
-
- // Pre-process the key, if necessary.
- unsigned char key0[SHA256_BLOCK_SIZE];
- if (key_len > SHA256_BLOCK_SIZE) {
- SHA256_Begin(&ctx);
- Wrapped_SHA256_Update(&ctx, key, key_len);
- SHA256_End(&ctx, key0, NULL, SHA256_LENGTH);
- memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH);
- } else {
- memcpy(key0, key, key_len);
- if (key_len < SHA256_BLOCK_SIZE)
- memset(key0 + key_len, 0, SHA256_BLOCK_SIZE - key_len);
- }
-
- unsigned char padded_key[SHA256_BLOCK_SIZE];
- unsigned char inner_hash[SHA256_LENGTH];
-
- // XOR key0 with ipad.
- for (int i = 0; i < SHA256_BLOCK_SIZE; ++i)
- padded_key[i] = key0[i] ^ 0x36;
-
- // Compute the inner hash.
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
- Wrapped_SHA256_Update(&ctx, text, text_len);
- SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH);
-
- // XOR key0 with opad.
- for (int i = 0; i < SHA256_BLOCK_SIZE; ++i)
- padded_key[i] = key0[i] ^ 0x5c;
-
- // Compute the outer hash.
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
- SHA256_Update(&ctx, inner_hash, SHA256_LENGTH);
- SHA256_End(&ctx, output, NULL, (unsigned int) output_len);
-}
-
-} // namespace
-
-struct HMACPlatformData {
- ~HMACPlatformData() {
- if (!raw_key_.empty()) {
- SecureZeroMemory(&raw_key_[0], raw_key_.size());
- }
-
- // Destroy the key before releasing the provider.
- key_.reset();
- }
-
- ScopedHCRYPTPROV provider_;
- ScopedHCRYPTKEY key_;
-
- // For HMAC-SHA-256 only.
- std::vector<unsigned char> raw_key_;
-};
-
-HMAC::HMAC(HashAlgorithm hash_alg)
- : hash_alg_(hash_alg), plat_(new HMACPlatformData()) {
- // Only SHA-1 and SHA-256 hash algorithms are supported now.
- DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256);
-}
-
-bool HMAC::Init(const unsigned char* key, size_t key_length) {
- if (plat_->provider_ || plat_->key_ || !plat_->raw_key_.empty()) {
- // Init must not be called more than once on the same HMAC object.
- NOTREACHED();
- return false;
- }
-
- if (hash_alg_ == SHA256) {
- plat_->raw_key_.assign(key, key + key_length);
- return true;
- }
-
- if (!CryptAcquireContext(plat_->provider_.receive(), NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
- NOTREACHED();
- return false;
- }
-
- // This code doesn't work on Win2k because PLAINTEXTKEYBLOB and
- // CRYPT_IPSEC_HMAC_KEY are not supported on Windows 2000. PLAINTEXTKEYBLOB
- // allows the import of an unencrypted key. For Win2k support, a cubmbersome
- // exponent-of-one key procedure must be used:
- // http://support.microsoft.com/kb/228786/en-us
- // CRYPT_IPSEC_HMAC_KEY allows keys longer than 16 bytes.
-
- struct KeyBlob {
- BLOBHEADER header;
- DWORD key_size;
- BYTE key_data[1];
- };
- size_t key_blob_size = std::max(offsetof(KeyBlob, key_data) + key_length,
- sizeof(KeyBlob));
- std::vector<BYTE> key_blob_storage = std::vector<BYTE>(key_blob_size);
- KeyBlob* key_blob = reinterpret_cast<KeyBlob*>(&key_blob_storage[0]);
- key_blob->header.bType = PLAINTEXTKEYBLOB;
- key_blob->header.bVersion = CUR_BLOB_VERSION;
- key_blob->header.reserved = 0;
- key_blob->header.aiKeyAlg = CALG_RC2;
- key_blob->key_size = static_cast<DWORD>(key_length);
- memcpy(key_blob->key_data, key, key_length);
-
- if (!CryptImportKey(plat_->provider_, &key_blob_storage[0],
- (DWORD)key_blob_storage.size(), 0,
- CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) {
- NOTREACHED();
- return false;
- }
-
- // Destroy the copy of the key.
- SecureZeroMemory(key_blob->key_data, key_length);
-
- return true;
-}
-
-HMAC::~HMAC() {
-}
-
-bool HMAC::Sign(const base::StringPiece& data,
- unsigned char* digest,
- size_t digest_length) const {
- if (hash_alg_ == SHA256) {
- if (plat_->raw_key_.empty())
- return false;
- ComputeHMACSHA256(&plat_->raw_key_[0], plat_->raw_key_.size(),
- reinterpret_cast<const unsigned char*>(data.data()),
- data.size(), digest, digest_length);
- return true;
- }
-
- if (!plat_->provider_ || !plat_->key_)
- return false;
-
- if (hash_alg_ != SHA1) {
- NOTREACHED();
- return false;
- }
-
- ScopedHCRYPTHASH hash;
- if (!CryptCreateHash(plat_->provider_, CALG_HMAC, plat_->key_, 0,
- hash.receive()))
- return false;
-
- HMAC_INFO hmac_info;
- memset(&hmac_info, 0, sizeof(hmac_info));
- hmac_info.HashAlgid = CALG_SHA1;
- if (!CryptSetHashParam(hash, HP_HMAC_INFO,
- reinterpret_cast<BYTE*>(&hmac_info), 0))
- return false;
-
- if (!CryptHashData(hash, reinterpret_cast<const BYTE*>(data.data()),
- static_cast<DWORD>(data.size()), 0))
- return false;
-
- DWORD sha1_size = static_cast<DWORD>(digest_length);
- return !!CryptGetHashParam(hash, HP_HASHVAL, digest, &sha1_size, 0);
-}
-
-} // namespace crypto
diff --git a/crypto/symmetric_key_openssl.cc b/crypto/symmetric_key.cc
similarity index 97%
rename from crypto/symmetric_key_openssl.cc
rename to crypto/symmetric_key.cc
index 5aef1d4..4da8bd8 100644
--- a/crypto/symmetric_key_openssl.cc
+++ b/crypto/symmetric_key.cc
@@ -76,8 +76,9 @@
base::WriteInto(&key->key_, key_size_in_bytes + 1));
int rv = PKCS5_PBKDF2_HMAC_SHA1(
password.data(), password.length(),
- reinterpret_cast<const uint8_t*>(salt.data()), salt.length(), iterations,
- static_cast<int>(key_size_in_bytes), key_data);
+ reinterpret_cast<const uint8_t*>(salt.data()), salt.length(),
+ static_cast<unsigned>(iterations),
+ key_size_in_bytes, key_data);
return rv == 1 ? key.release() : NULL;
}
diff --git a/crypto/symmetric_key.h b/crypto/symmetric_key.h
index b24e2df..2b2e2ce 100644
--- a/crypto/symmetric_key.h
+++ b/crypto/symmetric_key.h
@@ -13,12 +13,6 @@
#include "build/build_config.h"
#include "crypto/crypto_export.h"
-#if defined(NACL_WIN64)
-// See comments for crypto_nacl_win64 in crypto.gyp.
-// Must test for NACL_WIN64 before OS_WIN since former is a subset of latter.
-#include "crypto/scoped_capi_types.h"
-#endif
-
namespace crypto {
// Wraps a platform-specific symmetric key and allows it to be held in a
@@ -57,11 +51,7 @@
// size for use with |algorithm|. The caller owns the returned SymmetricKey.
static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key);
-#if defined(NACL_WIN64)
- HCRYPTKEY key() const { return key_.get(); }
-#else
const std::string& key() { return key_; }
-#endif
// Extracts the raw key from the platform specific data.
// Warning: |raw_key| holds the raw key as bytes and thus must be handled
@@ -69,24 +59,8 @@
bool GetRawKey(std::string* raw_key);
private:
-#if defined(NACL_WIN64)
- SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key,
- const void* key_data, size_t key_size_in_bytes);
-
- ScopedHCRYPTPROV provider_;
- ScopedHCRYPTKEY key_;
-
- // Contains the raw key, if it is known during initialization and when it
- // is likely that the associated |provider_| will be unable to export the
- // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes
- // when using the default RSA provider.
- // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey
- // fails with NTE_BAD_KEY/NTE_BAD_LEN
- std::string raw_key_;
-#else
SymmetricKey() {}
std::string key_;
-#endif
DISALLOW_COPY_AND_ASSIGN(SymmetricKey);
};
diff --git a/crypto/symmetric_key_win.cc b/crypto/symmetric_key_win.cc
deleted file mode 100644
index 1acfcd0..0000000
--- a/crypto/symmetric_key_win.cc
+++ /dev/null
@@ -1,539 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/symmetric_key.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <memory>
-#include <vector>
-
-// TODO(wtc): replace scoped_array by std::vector.
-#include "base/sys_byteorder.h"
-
-namespace crypto {
-
-namespace {
-
-// The following is a non-public Microsoft header documented in MSDN under
-// CryptImportKey / CryptExportKey. Following the header is the byte array of
-// the actual plaintext key.
-struct PlaintextBlobHeader {
- BLOBHEADER hdr;
- DWORD cbKeySize;
-};
-
-// CryptoAPI makes use of three distinct ALG_IDs for AES, rather than just
-// CALG_AES (which exists, but depending on the functions you are calling, may
-// result in function failure, whereas the subtype would succeed).
-ALG_ID GetAESAlgIDForKeySize(size_t key_size_in_bits) {
- // Only AES-128/-192/-256 is supported in CryptoAPI.
- switch (key_size_in_bits) {
- case 128:
- return CALG_AES_128;
- case 192:
- return CALG_AES_192;
- case 256:
- return CALG_AES_256;
- default:
- NOTREACHED();
- return 0;
- }
-}
-
-// Imports a raw/plaintext key of |key_size| stored in |*key_data| into a new
-// key created for the specified |provider|. |alg| contains the algorithm of
-// the key being imported.
-// If |key_data| is intended to be used as an HMAC key, then |alg| should be
-// CALG_HMAC.
-// If successful, returns true and stores the imported key in |*key|.
-// TODO(wtc): use this function in hmac_win.cc.
-bool ImportRawKey(HCRYPTPROV provider,
- ALG_ID alg,
- const void* key_data, size_t key_size,
- ScopedHCRYPTKEY* key) {
- DCHECK_GT(key_size, 0u);
-
- DWORD actual_size =
- static_cast<DWORD>(sizeof(PlaintextBlobHeader) + key_size);
- std::vector<BYTE> tmp_data(actual_size);
- BYTE* actual_key = &tmp_data[0];
- memcpy(actual_key + sizeof(PlaintextBlobHeader), key_data, key_size);
- PlaintextBlobHeader* key_header =
- reinterpret_cast<PlaintextBlobHeader*>(actual_key);
- memset(key_header, 0, sizeof(PlaintextBlobHeader));
-
- key_header->hdr.bType = PLAINTEXTKEYBLOB;
- key_header->hdr.bVersion = CUR_BLOB_VERSION;
- key_header->hdr.aiKeyAlg = alg;
-
- key_header->cbKeySize = static_cast<DWORD>(key_size);
-
- HCRYPTKEY unsafe_key = NULL;
- DWORD flags = CRYPT_EXPORTABLE;
- if (alg == CALG_HMAC) {
- // Though it may appear odd that IPSEC and RC2 are being used, this is
- // done in accordance with Microsoft's FIPS 140-2 Security Policy for the
- // RSA Enhanced Provider, as the approved means of using arbitrary HMAC
- // key material.
- key_header->hdr.aiKeyAlg = CALG_RC2;
- flags |= CRYPT_IPSEC_HMAC_KEY;
- }
-
- BOOL ok =
- CryptImportKey(provider, actual_key, actual_size, 0, flags, &unsafe_key);
-
- // Clean up the temporary copy of key, regardless of whether it was imported
- // successfully or not.
- SecureZeroMemory(actual_key, actual_size);
-
- if (!ok)
- return false;
-
- key->reset(unsafe_key);
- return true;
-}
-
-// Attempts to generate a random AES key of |key_size_in_bits|. Returns true
-// if generation is successful, storing the generated key in |*key| and the
-// key provider (CSP) in |*provider|.
-bool GenerateAESKey(size_t key_size_in_bits,
- ScopedHCRYPTPROV* provider,
- ScopedHCRYPTKEY* key) {
- DCHECK(provider);
- DCHECK(key);
-
- ALG_ID alg = GetAESAlgIDForKeySize(key_size_in_bits);
- if (alg == 0)
- return false;
-
- ScopedHCRYPTPROV safe_provider;
- // Note: The only time NULL is safe to be passed as pszContainer is when
- // dwFlags contains CRYPT_VERIFYCONTEXT, as all keys generated and/or used
- // will be treated as ephemeral keys and not persisted.
- BOOL ok = CryptAcquireContext(safe_provider.receive(), NULL, NULL,
- PROV_RSA_AES, CRYPT_VERIFYCONTEXT);
- if (!ok)
- return false;
-
- ScopedHCRYPTKEY safe_key;
- // In the FIPS 140-2 Security Policy for CAPI on XP/Vista+, Microsoft notes
- // that CryptGenKey makes use of the same functionality exposed via
- // CryptGenRandom. The reason this is being used, as opposed to
- // CryptGenRandom and CryptImportKey is for compliance with the security
- // policy
- ok = CryptGenKey(safe_provider.get(), alg, CRYPT_EXPORTABLE,
- safe_key.receive());
- if (!ok)
- return false;
-
- key->swap(safe_key);
- provider->swap(safe_provider);
-
- return true;
-}
-
-// Returns true if the HMAC key size meets the requirement of FIPS 198
-// Section 3. |alg| is the hash function used in the HMAC.
-bool CheckHMACKeySize(size_t key_size_in_bits, ALG_ID alg) {
- DWORD hash_size = 0;
- switch (alg) {
- case CALG_SHA1:
- hash_size = 20;
- break;
- case CALG_SHA_256:
- hash_size = 32;
- break;
- case CALG_SHA_384:
- hash_size = 48;
- break;
- case CALG_SHA_512:
- hash_size = 64;
- break;
- }
- if (hash_size == 0)
- return false;
-
- // An HMAC key must be >= L/2, where L is the output size of the hash
- // function being used.
- return (key_size_in_bits >= (hash_size / 2 * 8) &&
- (key_size_in_bits % 8) == 0);
-}
-
-// Attempts to generate a random, |key_size_in_bits|-long HMAC key, for use
-// with the hash function |alg|.
-// |key_size_in_bits| must be >= 1/2 the hash size of |alg| for security.
-// Returns true if generation is successful, storing the generated key in
-// |*key| and the key provider (CSP) in |*provider|.
-bool GenerateHMACKey(size_t key_size_in_bits,
- ALG_ID alg,
- ScopedHCRYPTPROV* provider,
- ScopedHCRYPTKEY* key,
- std::unique_ptr<BYTE[]>* raw_key) {
- DCHECK(provider);
- DCHECK(key);
- DCHECK(raw_key);
-
- if (!CheckHMACKeySize(key_size_in_bits, alg))
- return false;
-
- ScopedHCRYPTPROV safe_provider;
- // See comment in GenerateAESKey as to why NULL is acceptable for the
- // container name.
- BOOL ok = CryptAcquireContext(safe_provider.receive(), NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
- if (!ok)
- return false;
-
- DWORD key_size_in_bytes = static_cast<DWORD>(key_size_in_bits / 8);
- std::unique_ptr<BYTE[]> random(new BYTE[key_size_in_bytes]);
- ok = CryptGenRandom(safe_provider, key_size_in_bytes, random.get());
- if (!ok)
- return false;
-
- ScopedHCRYPTKEY safe_key;
- bool rv = ImportRawKey(safe_provider, CALG_HMAC, random.get(),
- key_size_in_bytes, &safe_key);
- if (rv) {
- key->swap(safe_key);
- provider->swap(safe_provider);
- raw_key->swap(random);
- }
-
- SecureZeroMemory(random.get(), key_size_in_bytes);
- return rv;
-}
-
-// Attempts to create an HMAC hash instance using the specified |provider|
-// and |key|. The inner hash function will be |hash_alg|. If successful,
-// returns true and stores the hash in |*hash|.
-// TODO(wtc): use this function in hmac_win.cc.
-bool CreateHMACHash(HCRYPTPROV provider,
- HCRYPTKEY key,
- ALG_ID hash_alg,
- ScopedHCRYPTHASH* hash) {
- ScopedHCRYPTHASH safe_hash;
- BOOL ok = CryptCreateHash(provider, CALG_HMAC, key, 0, safe_hash.receive());
- if (!ok)
- return false;
-
- HMAC_INFO hmac_info;
- memset(&hmac_info, 0, sizeof(hmac_info));
- hmac_info.HashAlgid = hash_alg;
-
- ok = CryptSetHashParam(safe_hash, HP_HMAC_INFO,
- reinterpret_cast<const BYTE*>(&hmac_info), 0);
- if (!ok)
- return false;
-
- hash->swap(safe_hash);
- return true;
-}
-
-// Computes a block of the derived key using the PBKDF2 function F for the
-// specified |block_index| using the PRF |hash|, writing the output to
-// |output_buf|.
-// |output_buf| must have enough space to accomodate the output of the PRF
-// specified by |hash|.
-// Returns true if the block was successfully computed.
-bool ComputePBKDF2Block(HCRYPTHASH hash,
- DWORD hash_size,
- const std::string& salt,
- size_t iterations,
- uint32_t block_index,
- BYTE* output_buf) {
- // From RFC 2898:
- // 3. <snip> The function F is defined as the exclusive-or sum of the first
- // c iterates of the underlying pseudorandom function PRF applied to the
- // password P and the concatenation of the salt S and the block index i:
- // F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
- // where
- // U_1 = PRF(P, S || INT (i))
- // U_2 = PRF(P, U_1)
- // ...
- // U_c = PRF(P, U_{c-1})
- ScopedHCRYPTHASH safe_hash;
- BOOL ok = CryptDuplicateHash(hash, NULL, 0, safe_hash.receive());
- if (!ok)
- return false;
-
- // Iteration U_1: Compute PRF for S.
- ok = CryptHashData(safe_hash, reinterpret_cast<const BYTE*>(salt.data()),
- static_cast<DWORD>(salt.size()), 0);
- if (!ok)
- return false;
-
- // Iteration U_1: and append (big-endian) INT (i).
- uint32_t big_endian_block_index = base::HostToNet32(block_index);
- ok = CryptHashData(safe_hash,
- reinterpret_cast<BYTE*>(&big_endian_block_index),
- sizeof(big_endian_block_index), 0);
-
- std::vector<BYTE> hash_value(hash_size);
-
- DWORD size = hash_size;
- ok = CryptGetHashParam(safe_hash, HP_HASHVAL, &hash_value[0], &size, 0);
- if (!ok || size != hash_size)
- return false;
-
- memcpy(output_buf, &hash_value[0], hash_size);
-
- // Iteration 2 - c: Compute U_{iteration} by applying the PRF to
- // U_{iteration - 1}, then xor the resultant hash with |output|, which
- // contains U_1 ^ U_2 ^ ... ^ U_{iteration - 1}.
- for (size_t iteration = 2; iteration <= iterations; ++iteration) {
- safe_hash.reset();
- ok = CryptDuplicateHash(hash, NULL, 0, safe_hash.receive());
- if (!ok)
- return false;
-
- ok = CryptHashData(safe_hash, &hash_value[0], hash_size, 0);
- if (!ok)
- return false;
-
- size = hash_size;
- ok = CryptGetHashParam(safe_hash, HP_HASHVAL, &hash_value[0], &size, 0);
- if (!ok || size != hash_size)
- return false;
-
- for (DWORD i = 0; i < hash_size; ++i)
- output_buf[i] ^= hash_value[i];
- }
-
- return true;
-}
-
-} // namespace
-
-SymmetricKey::~SymmetricKey() {
- // TODO(wtc): create a "secure" string type that zeroes itself in the
- // destructor.
- if (!raw_key_.empty())
- SecureZeroMemory(const_cast<char *>(raw_key_.data()), raw_key_.size());
-}
-
-// static
-SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
- size_t key_size_in_bits) {
- DCHECK_GE(key_size_in_bits, 8u);
-
- ScopedHCRYPTPROV provider;
- ScopedHCRYPTKEY key;
-
- bool ok = false;
- std::unique_ptr<BYTE[]> raw_key;
-
- switch (algorithm) {
- case AES:
- ok = GenerateAESKey(key_size_in_bits, &provider, &key);
- break;
- case HMAC_SHA1:
- ok = GenerateHMACKey(key_size_in_bits, CALG_SHA1, &provider,
- &key, &raw_key);
- break;
- }
-
- if (!ok) {
- NOTREACHED();
- return NULL;
- }
-
- size_t key_size_in_bytes = key_size_in_bits / 8;
- if (raw_key == NULL)
- key_size_in_bytes = 0;
-
- SymmetricKey* result = new SymmetricKey(provider.release(),
- key.release(),
- raw_key.get(),
- key_size_in_bytes);
- if (raw_key != NULL)
- SecureZeroMemory(raw_key.get(), key_size_in_bytes);
-
- return result;
-}
-
-// static
-SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
- const std::string& password,
- const std::string& salt,
- size_t iterations,
- size_t key_size_in_bits) {
- // CryptoAPI lacks routines to perform PBKDF2 derivation as specified
- // in RFC 2898, so it must be manually implemented. Only HMAC-SHA1 is
- // supported as the PRF.
-
- // While not used until the end, sanity-check the input before proceeding
- // with the expensive computation.
- DWORD provider_type = 0;
- ALG_ID alg = 0;
- switch (algorithm) {
- case AES:
- provider_type = PROV_RSA_AES;
- alg = GetAESAlgIDForKeySize(key_size_in_bits);
- break;
- case HMAC_SHA1:
- provider_type = PROV_RSA_FULL;
- alg = CALG_HMAC;
- break;
- default:
- NOTREACHED();
- break;
- }
- if (provider_type == 0 || alg == 0)
- return NULL;
-
- ScopedHCRYPTPROV provider;
- BOOL ok = CryptAcquireContext(provider.receive(), NULL, NULL, provider_type,
- CRYPT_VERIFYCONTEXT);
- if (!ok)
- return NULL;
-
- // Convert the user password into a key suitable to be fed into the PRF
- // function.
- ScopedHCRYPTKEY password_as_key;
- BYTE* password_as_bytes =
- const_cast<BYTE*>(reinterpret_cast<const BYTE*>(password.data()));
- if (!ImportRawKey(provider, CALG_HMAC, password_as_bytes,
- password.size(), &password_as_key))
- return NULL;
-
- // Configure the PRF function. Only HMAC variants are supported, with the
- // only hash function supported being SHA1.
- // TODO(rsleevi): Support SHA-256 on XP SP3+.
- ScopedHCRYPTHASH prf;
- if (!CreateHMACHash(provider, password_as_key, CALG_SHA1, &prf))
- return NULL;
-
- DWORD hLen = 0;
- DWORD param_size = sizeof(hLen);
- ok = CryptGetHashParam(prf, HP_HASHSIZE,
- reinterpret_cast<BYTE*>(&hLen), ¶m_size, 0);
- if (!ok || hLen == 0)
- return NULL;
-
- // 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop.
- size_t dkLen = key_size_in_bits / 8;
- DCHECK_GT(dkLen, 0u);
-
- if ((dkLen / hLen) > 0xFFFFFFFF) {
- DLOG(ERROR) << "Derived key too long.";
- return NULL;
- }
-
- // 2. Let l be the number of hLen-octet blocks in the derived key,
- // rounding up, and let r be the number of octets in the last
- // block:
- size_t L = (dkLen + hLen - 1) / hLen;
- DCHECK_GT(L, 0u);
-
- size_t total_generated_size = L * hLen;
- std::vector<BYTE> generated_key(total_generated_size);
- BYTE* block_offset = &generated_key[0];
-
- // 3. For each block of the derived key apply the function F defined below
- // to the password P, the salt S, the iteration count c, and the block
- // index to compute the block:
- // T_1 = F (P, S, c, 1)
- // T_2 = F (P, S, c, 2)
- // ...
- // T_l = F (P, S, c, l)
- // <snip>
- // 4. Concatenate the blocks and extract the first dkLen octets to produce
- // a derived key DK:
- // DK = T_1 || T_2 || ... || T_l<0..r-1>
- for (uint32_t block_index = 1; block_index <= L; ++block_index) {
- if (!ComputePBKDF2Block(prf, hLen, salt, iterations, block_index,
- block_offset))
- return NULL;
- block_offset += hLen;
- }
-
- // Convert the derived key bytes into a key handle for the desired algorithm.
- ScopedHCRYPTKEY key;
- if (!ImportRawKey(provider, alg, &generated_key[0], dkLen, &key))
- return NULL;
-
- SymmetricKey* result = new SymmetricKey(provider.release(), key.release(),
- &generated_key[0], dkLen);
-
- SecureZeroMemory(&generated_key[0], total_generated_size);
-
- return result;
-}
-
-// static
-SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
- const std::string& raw_key) {
- DWORD provider_type = 0;
- ALG_ID alg = 0;
- switch (algorithm) {
- case AES:
- provider_type = PROV_RSA_AES;
- alg = GetAESAlgIDForKeySize(raw_key.size() * 8);
- break;
- case HMAC_SHA1:
- provider_type = PROV_RSA_FULL;
- alg = CALG_HMAC;
- break;
- default:
- NOTREACHED();
- break;
- }
- if (provider_type == 0 || alg == 0)
- return NULL;
-
- ScopedHCRYPTPROV provider;
- BOOL ok = CryptAcquireContext(provider.receive(), NULL, NULL, provider_type,
- CRYPT_VERIFYCONTEXT);
- if (!ok)
- return NULL;
-
- ScopedHCRYPTKEY key;
- if (!ImportRawKey(provider, alg, raw_key.data(), raw_key.size(), &key))
- return NULL;
-
- return new SymmetricKey(provider.release(), key.release(),
- raw_key.data(), raw_key.size());
-}
-
-bool SymmetricKey::GetRawKey(std::string* raw_key) {
- // Short circuit for when the key was supplied to the constructor.
- if (!raw_key_.empty()) {
- *raw_key = raw_key_;
- return true;
- }
-
- DWORD size = 0;
- BOOL ok = CryptExportKey(key_, 0, PLAINTEXTKEYBLOB, 0, NULL, &size);
- if (!ok)
- return false;
-
- std::vector<BYTE> result(size);
-
- ok = CryptExportKey(key_, 0, PLAINTEXTKEYBLOB, 0, &result[0], &size);
- if (!ok)
- return false;
-
- PlaintextBlobHeader* header =
- reinterpret_cast<PlaintextBlobHeader*>(&result[0]);
- raw_key->assign(reinterpret_cast<char*>(&result[sizeof(*header)]),
- header->cbKeySize);
-
- SecureZeroMemory(&result[0], size);
-
- return true;
-}
-
-SymmetricKey::SymmetricKey(HCRYPTPROV provider,
- HCRYPTKEY key,
- const void* key_data, size_t key_size_in_bytes)
- : provider_(provider), key_(key) {
- if (key_data) {
- raw_key_.assign(reinterpret_cast<const char*>(key_data),
- key_size_in_bytes);
- }
-}
-
-} // namespace crypto
diff --git a/crypto/third_party/nss/LICENSE b/crypto/third_party/nss/LICENSE
deleted file mode 100644
index 03671648..0000000
--- a/crypto/third_party/nss/LICENSE
+++ /dev/null
@@ -1,35 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
diff --git a/crypto/third_party/nss/README.chromium b/crypto/third_party/nss/README.chromium
deleted file mode 100644
index 1a63665..0000000
--- a/crypto/third_party/nss/README.chromium
+++ /dev/null
@@ -1,18 +0,0 @@
-Name: Network Security Services (NSS)
-URL: http://www.mozilla.org/projects/security/pki/nss/
-License: MPL 1.1/GPL 2.0/LGPL 2.1
-
-We extracted the SHA-256 source files, eliminated unneeded dependencies,
-deleted or commented out unused code, and tweaked them for Chrome's source
-tree. sha512.c is renamed sha512.cc so that it can include Chrome's C++
-header "base/basictypes.h". We define NOUNROLL256 to reduce the object code
-size.
-
-In blapi.h and sha512.cc, replaced uint32 by unsigned int so that they can
-be compiled with -DNO_NSPR_10_SUPPORT. NO_NSPR_10_SUPPORT turns off the
-definition of the NSPR 1.0 types int8 - int64 and uint8 - uint64 to avoid
-conflict with the same-named types defined in "base/basictypes.h".
-
-rsawrapr.c is copied from nss/lib/softoken/rsawrapr.c, with
-HASH_GetRawHashObject changed to HASH_GetHashObject. It contains the
-emsa_pss_verify function for verifying RSA-PSS signatures.
diff --git a/crypto/third_party/nss/chromium-blapi.h b/crypto/third_party/nss/chromium-blapi.h
deleted file mode 100644
index 2ca772e..0000000
--- a/crypto/third_party/nss/chromium-blapi.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * crypto.h - public data structures and prototypes for the crypto library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: blapi.h,v 1.27 2007/11/09 18:49:32 wtc%google.com Exp $ */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPI_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPI_H_
-
-#include "crypto/third_party/nss/chromium-blapit.h"
-
-/******************************************/
-
-extern SHA256Context *SHA256_NewContext(void);
-extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
-extern void SHA256_Begin(SHA256Context *cx);
-extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
- unsigned int inputLen);
-extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length);
-extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
-extern void SHA256_TraceState(SHA256Context *cx);
-extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
-extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
-extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
-extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
-
-/******************************************/
-
-extern SHA512Context *SHA512_NewContext(void);
-extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
-extern void SHA512_Begin(SHA512Context *cx);
-extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
- unsigned int inputLen);
-extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length);
-extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
-extern void SHA512_TraceState(SHA512Context *cx);
-extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
-extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
-extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
-extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
-
-/******************************************/
-
-extern SHA384Context *SHA384_NewContext(void);
-extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
-extern void SHA384_Begin(SHA384Context *cx);
-extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
- unsigned int inputLen);
-extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length);
-extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
-extern void SHA384_TraceState(SHA384Context *cx);
-extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
-extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
-extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
-extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPI_H_ */
diff --git a/crypto/third_party/nss/chromium-blapit.h b/crypto/third_party/nss/chromium-blapit.h
deleted file mode 100644
index 938547a2..0000000
--- a/crypto/third_party/nss/chromium-blapit.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * blapit.h - public data structures for the crypto library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com> and
- * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: blapit.h,v 1.20 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPIT_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPIT_H_
-
-#include "crypto/third_party/nss/chromium-prtypes.h"
-
-/*
-** A status code. Status's are used by procedures that return status
-** values. Again the motivation is so that a compiler can generate
-** warnings when return values are wrong. Correct testing of status codes:
-**
-** SECStatus rv;
-** rv = some_function (some_argument);
-** if (rv != SECSuccess)
-** do_an_error_thing();
-**
-*/
-typedef enum _SECStatus {
- SECWouldBlock = -2,
- SECFailure = -1,
- SECSuccess = 0
-} SECStatus;
-
-#define SHA256_LENGTH 32 /* bytes */
-#define SHA384_LENGTH 48 /* bytes */
-#define SHA512_LENGTH 64 /* bytes */
-#define HASH_LENGTH_MAX SHA512_LENGTH
-
-/*
- * Input block size for each hash algorithm.
- */
-
-#define SHA256_BLOCK_LENGTH 64 /* bytes */
-#define SHA384_BLOCK_LENGTH 128 /* bytes */
-#define SHA512_BLOCK_LENGTH 128 /* bytes */
-#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
-
-/***************************************************************************
-** Opaque objects
-*/
-
-struct SHA256ContextStr ;
-struct SHA512ContextStr ;
-
-typedef struct SHA256ContextStr SHA256Context;
-typedef struct SHA512ContextStr SHA512Context;
-/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
-typedef struct SHA512ContextStr SHA384Context;
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPIT_H_ */
diff --git a/crypto/third_party/nss/chromium-nss.h b/crypto/third_party/nss/chromium-nss.h
deleted file mode 100644
index 437e6bd..0000000
--- a/crypto/third_party/nss/chromium-nss.h
+++ /dev/null
@@ -1,79 +0,0 @@
- /* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_NSS_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_NSS_H_
-
-// This file contains some functions we borrowed from NSS.
-
-#include <prtypes.h>
-#include <hasht.h>
-#include <keyhi.h>
-#include <secmod.h>
-
-#include "crypto/crypto_export.h"
-
-extern "C" SECStatus emsa_pss_verify(const unsigned char *mHash,
- const unsigned char *em,
- unsigned int emLen,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- unsigned int sLen);
-
-// Like PK11_ImportEncryptedPrivateKeyInfo, but hardcoded for EC, and returns
-// the SECKEYPrivateKey.
-// See https://bugzilla.mozilla.org/show_bug.cgi?id=211546
-// When we use NSS 3.13.2 or later,
-// PK11_ImportEncryptedPrivateKeyInfoAndReturnKey can be used instead.
-SECStatus ImportEncryptedECPrivateKeyInfoAndReturnKey(
- PK11SlotInfo* slot,
- SECKEYEncryptedPrivateKeyInfo* epki,
- SECItem* password,
- SECItem* nickname,
- SECItem* public_value,
- PRBool permanent,
- PRBool sensitive,
- SECKEYPrivateKey** private_key,
- void* wincx);
-
-// Like SEC_DerSignData.
-CRYPTO_EXPORT SECStatus DerSignData(PLArenaPool *arena,
- SECItem *result,
- SECItem *input,
- SECKEYPrivateKey *key,
- SECOidTag algo_id);
-
-#endif // CRYPTO_THIRD_PARTY_NSS_CHROMIUM_NSS_H_
diff --git a/crypto/third_party/nss/chromium-prtypes.h b/crypto/third_party/nss/chromium-prtypes.h
deleted file mode 100644
index d5ea8a9..0000000
--- a/crypto/third_party/nss/chromium-prtypes.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* Emulates the real prtypes.h. Defines the types and macros that sha512.cc
- * needs. */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_PRTYPES_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_PRTYPES_H_
-
-#include <limits.h>
-#include <stdint.h>
-
-#include "build/build_config.h"
-
-#if defined(ARCH_CPU_LITTLE_ENDIAN)
-#define IS_LITTLE_ENDIAN 1
-#else
-#define IS_BIG_ENDIAN 1
-#endif
-
-/*
- * The C language requires that 'long' be at least 32 bits. 2147483647 is the
- * largest signed 32-bit integer.
- */
-#if LONG_MAX > 2147483647L
-#define PR_BYTES_PER_LONG 8
-#else
-#define PR_BYTES_PER_LONG 4
-#endif
-
-#define HAVE_LONG_LONG
-
-#if defined(__linux__)
-#define LINUX
-#endif
-
-typedef uint8_t PRUint8;
-typedef uint32_t PRUint32;
-
-typedef int PRBool;
-
-#define PR_MIN(x,y) ((x)<(y)?(x):(y))
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_PRTYPES_H_ */
diff --git a/crypto/third_party/nss/chromium-sha256.h b/crypto/third_party/nss/chromium-sha256.h
deleted file mode 100644
index 52815ca7..0000000
--- a/crypto/third_party/nss/chromium-sha256.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_SHA_256_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_SHA_256_H_
-
-#include "crypto/third_party/nss/chromium-prtypes.h"
-
-struct SHA256ContextStr {
- union {
- PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */
- PRUint8 b[256];
- } u;
- PRUint32 h[8]; /* 8 state variables */
- PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */
-};
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_SHA_256_H_ */
diff --git a/crypto/third_party/nss/sha512.cc b/crypto/third_party/nss/sha512.cc
deleted file mode 100644
index 78950cb5..0000000
--- a/crypto/third_party/nss/sha512.cc
+++ /dev/null
@@ -1,1390 +0,0 @@
-/*
- * sha512.c - implementation of SHA256, SHA384 and SHA512
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: sha512.c,v 1.9 2006/10/13 16:54:04 wtchang%redhat.com Exp $ */
-
-// Prevent manual unrolling in the sha256 code, which reduces the binary code
-// size from ~10k to ~1k. The performance should be reasonable for our use.
-#define NOUNROLL256 1
-
-#include "crypto/third_party/nss/chromium-prtypes.h" /* for PRUintXX */
-#if defined(_X86_) || defined(SHA_NO_LONG_LONG)
-#define NOUNROLL512 1
-#undef HAVE_LONG_LONG
-#endif
-#include "crypto/third_party/nss/chromium-blapi.h"
-#include "crypto/third_party/nss/chromium-sha256.h" /* for struct SHA256ContextStr */
-
-#include <stdlib.h>
-#include <string.h>
-#define PORT_New(type) static_cast<type*>(malloc(sizeof(type)))
-#define PORT_ZFree(ptr, len) do { memset(ptr, 0, len); free(ptr); } while (0)
-#define PORT_Strlen(s) static_cast<unsigned int>(strlen(s))
-#define PORT_Memcpy memcpy
-
-/* ============= Common constants and defines ======================= */
-
-#define W ctx->u.w
-#define B ctx->u.b
-#define H ctx->h
-
-#define SHR(x,n) (x >> n)
-#define SHL(x,n) (x << n)
-#define Ch(x,y,z) ((x & y) ^ (~x & z))
-#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
-
-/* Padding used with all flavors of SHA */
-static const PRUint8 pad[240] = {
-0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
- /* compiler will fill the rest in with zeros */
-};
-
-/* ============= SHA256 implemenmtation ================================== */
-
-/* SHA-256 constants, K256. */
-static const PRUint32 K256[64] = {
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
- 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
- 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
- 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
- 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
- 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
- 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
- 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
- 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-};
-
-/* SHA-256 initial hash values */
-static const PRUint32 H256[8] = {
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
- 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
-};
-
-#if defined(_MSC_VER) && defined(_X86_)
-#ifndef FORCEINLINE
-#if (_MSC_VER >= 1200)
-#define FORCEINLINE __forceinline
-#else
-#define FORCEINLINE __inline
-#endif
-#endif
-#define FASTCALL __fastcall
-
-static FORCEINLINE PRUint32 FASTCALL
-swap4b(PRUint32 dwd)
-{
- __asm {
- mov eax,dwd
- bswap eax
- }
-}
-
-#define SHA_HTONL(x) swap4b(x)
-#define BYTESWAP4(x) x = SHA_HTONL(x)
-
-#elif defined(LINUX) && defined(_X86_)
-#undef __OPTIMIZE__
-#define __OPTIMIZE__ 1
-#undef __pentium__
-#define __pentium__ 1
-#include <byteswap.h>
-#define SHA_HTONL(x) bswap_32(x)
-#define BYTESWAP4(x) x = SHA_HTONL(x)
-
-#else /* neither windows nor Linux PC */
-#define SWAP4MASK 0x00FF00FF
-#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \
- ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK))
-#define BYTESWAP4(x) x = SHA_HTONL(x)
-#endif
-
-#if defined(_MSC_VER) && defined(_X86_)
-#pragma intrinsic (_lrotr, _lrotl)
-#define ROTR32(x,n) _lrotr(x,n)
-#define ROTL32(x,n) _lrotl(x,n)
-#else
-#define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
-#define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
-#endif
-
-/* Capitol Sigma and lower case sigma functions */
-#define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
-#define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
-#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3))
-#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10))
-
-SHA256Context *
-SHA256_NewContext(void)
-{
- SHA256Context *ctx = PORT_New(SHA256Context);
- return ctx;
-}
-
-void
-SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
-{
- if (freeit) {
- PORT_ZFree(ctx, sizeof *ctx);
- }
-}
-
-void
-SHA256_Begin(SHA256Context *ctx)
-{
- memset(ctx, 0, sizeof *ctx);
- memcpy(H, H256, sizeof H256);
-}
-
-static void
-SHA256_Compress(SHA256Context *ctx)
-{
- {
- register PRUint32 t1, t2;
-
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP4(W[0]);
- BYTESWAP4(W[1]);
- BYTESWAP4(W[2]);
- BYTESWAP4(W[3]);
- BYTESWAP4(W[4]);
- BYTESWAP4(W[5]);
- BYTESWAP4(W[6]);
- BYTESWAP4(W[7]);
- BYTESWAP4(W[8]);
- BYTESWAP4(W[9]);
- BYTESWAP4(W[10]);
- BYTESWAP4(W[11]);
- BYTESWAP4(W[12]);
- BYTESWAP4(W[13]);
- BYTESWAP4(W[14]);
- BYTESWAP4(W[15]);
-#endif
-
-#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
-
- /* prepare the "message schedule" */
-#ifdef NOUNROLL256
- {
- int t;
- for (t = 16; t < 64; ++t) {
- INITW(t);
- }
- }
-#else
- INITW(16);
- INITW(17);
- INITW(18);
- INITW(19);
-
- INITW(20);
- INITW(21);
- INITW(22);
- INITW(23);
- INITW(24);
- INITW(25);
- INITW(26);
- INITW(27);
- INITW(28);
- INITW(29);
-
- INITW(30);
- INITW(31);
- INITW(32);
- INITW(33);
- INITW(34);
- INITW(35);
- INITW(36);
- INITW(37);
- INITW(38);
- INITW(39);
-
- INITW(40);
- INITW(41);
- INITW(42);
- INITW(43);
- INITW(44);
- INITW(45);
- INITW(46);
- INITW(47);
- INITW(48);
- INITW(49);
-
- INITW(50);
- INITW(51);
- INITW(52);
- INITW(53);
- INITW(54);
- INITW(55);
- INITW(56);
- INITW(57);
- INITW(58);
- INITW(59);
-
- INITW(60);
- INITW(61);
- INITW(62);
- INITW(63);
-
-#endif
-#undef INITW
- }
- {
- PRUint32 a, b, c, d, e, f, g, h;
-
- a = H[0];
- b = H[1];
- c = H[2];
- d = H[3];
- e = H[4];
- f = H[5];
- g = H[6];
- h = H[7];
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
- d += h; \
- h += S0(a) + Maj(a,b,c);
-
-#ifdef NOUNROLL256
- {
- int t;
- for (t = 0; t < 64; t+= 8) {
- ROUND(t+0,a,b,c,d,e,f,g,h)
- ROUND(t+1,h,a,b,c,d,e,f,g)
- ROUND(t+2,g,h,a,b,c,d,e,f)
- ROUND(t+3,f,g,h,a,b,c,d,e)
- ROUND(t+4,e,f,g,h,a,b,c,d)
- ROUND(t+5,d,e,f,g,h,a,b,c)
- ROUND(t+6,c,d,e,f,g,h,a,b)
- ROUND(t+7,b,c,d,e,f,g,h,a)
- }
- }
-#else
- ROUND( 0,a,b,c,d,e,f,g,h)
- ROUND( 1,h,a,b,c,d,e,f,g)
- ROUND( 2,g,h,a,b,c,d,e,f)
- ROUND( 3,f,g,h,a,b,c,d,e)
- ROUND( 4,e,f,g,h,a,b,c,d)
- ROUND( 5,d,e,f,g,h,a,b,c)
- ROUND( 6,c,d,e,f,g,h,a,b)
- ROUND( 7,b,c,d,e,f,g,h,a)
-
- ROUND( 8,a,b,c,d,e,f,g,h)
- ROUND( 9,h,a,b,c,d,e,f,g)
- ROUND(10,g,h,a,b,c,d,e,f)
- ROUND(11,f,g,h,a,b,c,d,e)
- ROUND(12,e,f,g,h,a,b,c,d)
- ROUND(13,d,e,f,g,h,a,b,c)
- ROUND(14,c,d,e,f,g,h,a,b)
- ROUND(15,b,c,d,e,f,g,h,a)
-
- ROUND(16,a,b,c,d,e,f,g,h)
- ROUND(17,h,a,b,c,d,e,f,g)
- ROUND(18,g,h,a,b,c,d,e,f)
- ROUND(19,f,g,h,a,b,c,d,e)
- ROUND(20,e,f,g,h,a,b,c,d)
- ROUND(21,d,e,f,g,h,a,b,c)
- ROUND(22,c,d,e,f,g,h,a,b)
- ROUND(23,b,c,d,e,f,g,h,a)
-
- ROUND(24,a,b,c,d,e,f,g,h)
- ROUND(25,h,a,b,c,d,e,f,g)
- ROUND(26,g,h,a,b,c,d,e,f)
- ROUND(27,f,g,h,a,b,c,d,e)
- ROUND(28,e,f,g,h,a,b,c,d)
- ROUND(29,d,e,f,g,h,a,b,c)
- ROUND(30,c,d,e,f,g,h,a,b)
- ROUND(31,b,c,d,e,f,g,h,a)
-
- ROUND(32,a,b,c,d,e,f,g,h)
- ROUND(33,h,a,b,c,d,e,f,g)
- ROUND(34,g,h,a,b,c,d,e,f)
- ROUND(35,f,g,h,a,b,c,d,e)
- ROUND(36,e,f,g,h,a,b,c,d)
- ROUND(37,d,e,f,g,h,a,b,c)
- ROUND(38,c,d,e,f,g,h,a,b)
- ROUND(39,b,c,d,e,f,g,h,a)
-
- ROUND(40,a,b,c,d,e,f,g,h)
- ROUND(41,h,a,b,c,d,e,f,g)
- ROUND(42,g,h,a,b,c,d,e,f)
- ROUND(43,f,g,h,a,b,c,d,e)
- ROUND(44,e,f,g,h,a,b,c,d)
- ROUND(45,d,e,f,g,h,a,b,c)
- ROUND(46,c,d,e,f,g,h,a,b)
- ROUND(47,b,c,d,e,f,g,h,a)
-
- ROUND(48,a,b,c,d,e,f,g,h)
- ROUND(49,h,a,b,c,d,e,f,g)
- ROUND(50,g,h,a,b,c,d,e,f)
- ROUND(51,f,g,h,a,b,c,d,e)
- ROUND(52,e,f,g,h,a,b,c,d)
- ROUND(53,d,e,f,g,h,a,b,c)
- ROUND(54,c,d,e,f,g,h,a,b)
- ROUND(55,b,c,d,e,f,g,h,a)
-
- ROUND(56,a,b,c,d,e,f,g,h)
- ROUND(57,h,a,b,c,d,e,f,g)
- ROUND(58,g,h,a,b,c,d,e,f)
- ROUND(59,f,g,h,a,b,c,d,e)
- ROUND(60,e,f,g,h,a,b,c,d)
- ROUND(61,d,e,f,g,h,a,b,c)
- ROUND(62,c,d,e,f,g,h,a,b)
- ROUND(63,b,c,d,e,f,g,h,a)
-#endif
-
- H[0] += a;
- H[1] += b;
- H[2] += c;
- H[3] += d;
- H[4] += e;
- H[5] += f;
- H[6] += g;
- H[7] += h;
- }
-#undef ROUND
-}
-
-#undef s0
-#undef s1
-#undef S0
-#undef S1
-
-void
-SHA256_Update(SHA256Context *ctx, const unsigned char *input,
- unsigned int inputLen)
-{
- unsigned int inBuf = ctx->sizeLo & 0x3f;
- if (!inputLen)
- return;
-
- /* Add inputLen into the count of bytes processed, before processing */
- if ((ctx->sizeLo += inputLen) < inputLen)
- ctx->sizeHi++;
-
- /* if data already in buffer, attemp to fill rest of buffer */
- if (inBuf) {
- unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
- if (inputLen < todo)
- todo = inputLen;
- memcpy(B + inBuf, input, todo);
- input += todo;
- inputLen -= todo;
- if (inBuf + todo == SHA256_BLOCK_LENGTH)
- SHA256_Compress(ctx);
- }
-
- /* if enough data to fill one or more whole buffers, process them. */
- while (inputLen >= SHA256_BLOCK_LENGTH) {
- memcpy(B, input, SHA256_BLOCK_LENGTH);
- input += SHA256_BLOCK_LENGTH;
- inputLen -= SHA256_BLOCK_LENGTH;
- SHA256_Compress(ctx);
- }
- /* if data left over, fill it into buffer */
- if (inputLen)
- memcpy(B, input, inputLen);
-}
-
-void
-SHA256_End(SHA256Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
- unsigned int inBuf = ctx->sizeLo & 0x3f;
- unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
- PRUint32 hi, lo;
-#ifdef SWAP4MASK
- PRUint32 t1;
-#endif
-
- hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
- lo = (ctx->sizeLo << 3);
-
- SHA256_Update(ctx, pad, padLen);
-
-#if defined(IS_LITTLE_ENDIAN)
- W[14] = SHA_HTONL(hi);
- W[15] = SHA_HTONL(lo);
-#else
- W[14] = hi;
- W[15] = lo;
-#endif
- SHA256_Compress(ctx);
-
- /* now output the answer */
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP4(H[0]);
- BYTESWAP4(H[1]);
- BYTESWAP4(H[2]);
- BYTESWAP4(H[3]);
- BYTESWAP4(H[4]);
- BYTESWAP4(H[5]);
- BYTESWAP4(H[6]);
- BYTESWAP4(H[7]);
-#endif
- padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
- memcpy(digest, H, padLen);
- if (digestLen)
- *digestLen = padLen;
-}
-
-void SHA256_Clone(SHA256Context* dest, SHA256Context* src)
-{
- memcpy(dest, src, sizeof *dest);
-}
-
-/* Comment out unused code, mostly the SHA384 and SHA512 implementations. */
-#if 0
-SECStatus
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length)
-{
- SHA256Context ctx;
- unsigned int outLen;
-
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, src, src_length);
- SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
-
- return SECSuccess;
-}
-
-
-SECStatus
-SHA256_Hash(unsigned char *dest, const char *src)
-{
- return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
-}
-
-
-void SHA256_TraceState(SHA256Context *ctx) { }
-
-unsigned int
-SHA256_FlattenSize(SHA256Context *ctx)
-{
- return sizeof *ctx;
-}
-
-SECStatus
-SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
-{
- PORT_Memcpy(space, ctx, sizeof *ctx);
- return SECSuccess;
-}
-
-SHA256Context *
-SHA256_Resurrect(unsigned char *space, void *arg)
-{
- SHA256Context *ctx = SHA256_NewContext();
- if (ctx)
- PORT_Memcpy(ctx, space, sizeof *ctx);
- return ctx;
-}
-
-/* ======= SHA512 and SHA384 common constants and defines ================= */
-
-/* common #defines for SHA512 and SHA384 */
-#if defined(HAVE_LONG_LONG)
-#define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
-#define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
-
-#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
-#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
-#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7))
-#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6))
-
-#if PR_BYTES_PER_LONG == 8
-#define ULLC(hi,lo) 0x ## hi ## lo ## UL
-#elif defined(_MSC_VER)
-#define ULLC(hi,lo) 0x ## hi ## lo ## ui64
-#else
-#define ULLC(hi,lo) 0x ## hi ## lo ## ULL
-#endif
-
-#define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
-#define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
-#define SHA_HTONLL(x) (t1 = x, \
- t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \
- t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \
- (t1 >> 32) | (t1 << 32))
-#define BYTESWAP8(x) x = SHA_HTONLL(x)
-
-#else /* no long long */
-
-#if defined(IS_LITTLE_ENDIAN)
-#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
-#else
-#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
-#endif
-
-#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
- x.hi ^= x.lo ^= x.hi ^= x.lo, x)
-#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
- tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
-#endif
-
-/* SHA-384 and SHA-512 constants, K512. */
-static const PRUint64 K512[80] = {
-#if PR_BYTES_PER_LONG == 8
- 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,
- 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,
- 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,
- 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,
- 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,
- 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,
- 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,
- 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,
- 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,
- 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,
- 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,
- 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,
- 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,
- 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,
- 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,
- 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,
- 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,
- 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,
- 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,
- 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,
- 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,
- 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,
- 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,
- 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,
- 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,
- 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,
- 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,
- 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,
- 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,
- 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,
- 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,
- 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,
- 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,
- 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,
- 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,
- 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,
- 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,
- 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,
- 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,
- 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL
-#else
- ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),
- ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
- ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),
- ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
- ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),
- ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
- ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),
- ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
- ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),
- ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
- ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),
- ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
- ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),
- ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
- ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),
- ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
- ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),
- ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
- ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),
- ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
- ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),
- ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
- ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),
- ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
- ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),
- ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
- ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),
- ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
- ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),
- ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
- ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),
- ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
- ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),
- ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
- ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),
- ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
- ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),
- ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
- ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),
- ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
-#endif
-};
-
-struct SHA512ContextStr {
- union {
- PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
- PRUint32 l[160];
- PRUint8 b[640];
- } u;
- PRUint64 h[8]; /* 8 state variables */
- PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
-};
-
-/* =========== SHA512 implementation ===================================== */
-
-/* SHA-512 initial hash values */
-static const PRUint64 H512[8] = {
-#if PR_BYTES_PER_LONG == 8
- 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,
- 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,
- 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,
- 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL
-#else
- ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),
- ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),
- ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),
- ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
-#endif
-};
-
-
-SHA512Context *
-SHA512_NewContext(void)
-{
- SHA512Context *ctx = PORT_New(SHA512Context);
- return ctx;
-}
-
-void
-SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
-{
- if (freeit) {
- PORT_ZFree(ctx, sizeof *ctx);
- }
-}
-
-void
-SHA512_Begin(SHA512Context *ctx)
-{
- memset(ctx, 0, sizeof *ctx);
- memcpy(H, H512, sizeof H512);
-}
-
-#if defined(SHA512_TRACE)
-#if defined(HAVE_LONG_LONG)
-#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
- n, #e, d, #a, h);
-#else
-#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
- n, #e, d.hi, d.lo, #a, h.hi, h.lo);
-#endif
-#else
-#define DUMP(n,a,d,e,h)
-#endif
-
-#if defined(HAVE_LONG_LONG)
-
-#define ADDTO(x,y) y += x
-
-#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
- d += h; \
- h += S0(a) + Maj(a,b,c); \
- DUMP(n,a,d,e,h)
-
-#else /* use only 32-bit variables, and don't unroll loops */
-
-#undef NOUNROLL512
-#define NOUNROLL512 1
-
-#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
-
-#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
-#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
-#define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
-
-/* Capitol Sigma and lower case sigma functions */
-#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
-#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
-
-#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
-#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
-
-#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
-#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
-
-#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
-#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
-
-/* 32-bit versions of Ch and Maj */
-#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
-#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
-
-#define INITW(t) \
- do { \
- PRUint32 lo, tm; \
- PRUint32 cy = 0; \
- lo = s1lo(W[t-2]); \
- lo += (tm = W[t-7].lo); if (lo < tm) cy++; \
- lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
- lo += (tm = W[t-16].lo); if (lo < tm) cy++; \
- W[t].lo = lo; \
- W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
- } while (0)
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- { \
- PRUint32 lo, tm, cy; \
- lo = S1lo(e); \
- lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \
- lo += (tm = K512[n].lo); if (lo < tm) cy++; \
- lo += (tm = W[n].lo); if (lo < tm) cy++; \
- h.lo += lo; if (h.lo < lo) cy++; \
- h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
- d.lo += h.lo; \
- d.hi += h.hi + (d.lo < h.lo); \
- lo = S0lo(a); \
- lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \
- h.lo += lo; if (h.lo < lo) cy++; \
- h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
- DUMP(n,a,d,e,h) \
- }
-#endif
-
-static void
-SHA512_Compress(SHA512Context *ctx)
-{
-#if defined(IS_LITTLE_ENDIAN)
- {
-#if defined(HAVE_LONG_LONG)
- PRUint64 t1;
-#else
- PRUint32 t1;
-#endif
- BYTESWAP8(W[0]);
- BYTESWAP8(W[1]);
- BYTESWAP8(W[2]);
- BYTESWAP8(W[3]);
- BYTESWAP8(W[4]);
- BYTESWAP8(W[5]);
- BYTESWAP8(W[6]);
- BYTESWAP8(W[7]);
- BYTESWAP8(W[8]);
- BYTESWAP8(W[9]);
- BYTESWAP8(W[10]);
- BYTESWAP8(W[11]);
- BYTESWAP8(W[12]);
- BYTESWAP8(W[13]);
- BYTESWAP8(W[14]);
- BYTESWAP8(W[15]);
- }
-#endif
-
- {
- PRUint64 t1, t2;
-#ifdef NOUNROLL512
- {
- /* prepare the "message schedule" */
- int t;
- for (t = 16; t < 80; ++t) {
- INITW(t);
- }
- }
-#else
- INITW(16);
- INITW(17);
- INITW(18);
- INITW(19);
-
- INITW(20);
- INITW(21);
- INITW(22);
- INITW(23);
- INITW(24);
- INITW(25);
- INITW(26);
- INITW(27);
- INITW(28);
- INITW(29);
-
- INITW(30);
- INITW(31);
- INITW(32);
- INITW(33);
- INITW(34);
- INITW(35);
- INITW(36);
- INITW(37);
- INITW(38);
- INITW(39);
-
- INITW(40);
- INITW(41);
- INITW(42);
- INITW(43);
- INITW(44);
- INITW(45);
- INITW(46);
- INITW(47);
- INITW(48);
- INITW(49);
-
- INITW(50);
- INITW(51);
- INITW(52);
- INITW(53);
- INITW(54);
- INITW(55);
- INITW(56);
- INITW(57);
- INITW(58);
- INITW(59);
-
- INITW(60);
- INITW(61);
- INITW(62);
- INITW(63);
- INITW(64);
- INITW(65);
- INITW(66);
- INITW(67);
- INITW(68);
- INITW(69);
-
- INITW(70);
- INITW(71);
- INITW(72);
- INITW(73);
- INITW(74);
- INITW(75);
- INITW(76);
- INITW(77);
- INITW(78);
- INITW(79);
-#endif
- }
-#ifdef SHA512_TRACE
- {
- int i;
- for (i = 0; i < 80; ++i) {
-#ifdef HAVE_LONG_LONG
- printf("W[%2d] = %016lx\n", i, W[i]);
-#else
- printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
-#endif
- }
- }
-#endif
- {
- PRUint64 a, b, c, d, e, f, g, h;
-
- a = H[0];
- b = H[1];
- c = H[2];
- d = H[3];
- e = H[4];
- f = H[5];
- g = H[6];
- h = H[7];
-
-#ifdef NOUNROLL512
- {
- int t;
- for (t = 0; t < 80; t+= 8) {
- ROUND(t+0,a,b,c,d,e,f,g,h)
- ROUND(t+1,h,a,b,c,d,e,f,g)
- ROUND(t+2,g,h,a,b,c,d,e,f)
- ROUND(t+3,f,g,h,a,b,c,d,e)
- ROUND(t+4,e,f,g,h,a,b,c,d)
- ROUND(t+5,d,e,f,g,h,a,b,c)
- ROUND(t+6,c,d,e,f,g,h,a,b)
- ROUND(t+7,b,c,d,e,f,g,h,a)
- }
- }
-#else
- ROUND( 0,a,b,c,d,e,f,g,h)
- ROUND( 1,h,a,b,c,d,e,f,g)
- ROUND( 2,g,h,a,b,c,d,e,f)
- ROUND( 3,f,g,h,a,b,c,d,e)
- ROUND( 4,e,f,g,h,a,b,c,d)
- ROUND( 5,d,e,f,g,h,a,b,c)
- ROUND( 6,c,d,e,f,g,h,a,b)
- ROUND( 7,b,c,d,e,f,g,h,a)
-
- ROUND( 8,a,b,c,d,e,f,g,h)
- ROUND( 9,h,a,b,c,d,e,f,g)
- ROUND(10,g,h,a,b,c,d,e,f)
- ROUND(11,f,g,h,a,b,c,d,e)
- ROUND(12,e,f,g,h,a,b,c,d)
- ROUND(13,d,e,f,g,h,a,b,c)
- ROUND(14,c,d,e,f,g,h,a,b)
- ROUND(15,b,c,d,e,f,g,h,a)
-
- ROUND(16,a,b,c,d,e,f,g,h)
- ROUND(17,h,a,b,c,d,e,f,g)
- ROUND(18,g,h,a,b,c,d,e,f)
- ROUND(19,f,g,h,a,b,c,d,e)
- ROUND(20,e,f,g,h,a,b,c,d)
- ROUND(21,d,e,f,g,h,a,b,c)
- ROUND(22,c,d,e,f,g,h,a,b)
- ROUND(23,b,c,d,e,f,g,h,a)
-
- ROUND(24,a,b,c,d,e,f,g,h)
- ROUND(25,h,a,b,c,d,e,f,g)
- ROUND(26,g,h,a,b,c,d,e,f)
- ROUND(27,f,g,h,a,b,c,d,e)
- ROUND(28,e,f,g,h,a,b,c,d)
- ROUND(29,d,e,f,g,h,a,b,c)
- ROUND(30,c,d,e,f,g,h,a,b)
- ROUND(31,b,c,d,e,f,g,h,a)
-
- ROUND(32,a,b,c,d,e,f,g,h)
- ROUND(33,h,a,b,c,d,e,f,g)
- ROUND(34,g,h,a,b,c,d,e,f)
- ROUND(35,f,g,h,a,b,c,d,e)
- ROUND(36,e,f,g,h,a,b,c,d)
- ROUND(37,d,e,f,g,h,a,b,c)
- ROUND(38,c,d,e,f,g,h,a,b)
- ROUND(39,b,c,d,e,f,g,h,a)
-
- ROUND(40,a,b,c,d,e,f,g,h)
- ROUND(41,h,a,b,c,d,e,f,g)
- ROUND(42,g,h,a,b,c,d,e,f)
- ROUND(43,f,g,h,a,b,c,d,e)
- ROUND(44,e,f,g,h,a,b,c,d)
- ROUND(45,d,e,f,g,h,a,b,c)
- ROUND(46,c,d,e,f,g,h,a,b)
- ROUND(47,b,c,d,e,f,g,h,a)
-
- ROUND(48,a,b,c,d,e,f,g,h)
- ROUND(49,h,a,b,c,d,e,f,g)
- ROUND(50,g,h,a,b,c,d,e,f)
- ROUND(51,f,g,h,a,b,c,d,e)
- ROUND(52,e,f,g,h,a,b,c,d)
- ROUND(53,d,e,f,g,h,a,b,c)
- ROUND(54,c,d,e,f,g,h,a,b)
- ROUND(55,b,c,d,e,f,g,h,a)
-
- ROUND(56,a,b,c,d,e,f,g,h)
- ROUND(57,h,a,b,c,d,e,f,g)
- ROUND(58,g,h,a,b,c,d,e,f)
- ROUND(59,f,g,h,a,b,c,d,e)
- ROUND(60,e,f,g,h,a,b,c,d)
- ROUND(61,d,e,f,g,h,a,b,c)
- ROUND(62,c,d,e,f,g,h,a,b)
- ROUND(63,b,c,d,e,f,g,h,a)
-
- ROUND(64,a,b,c,d,e,f,g,h)
- ROUND(65,h,a,b,c,d,e,f,g)
- ROUND(66,g,h,a,b,c,d,e,f)
- ROUND(67,f,g,h,a,b,c,d,e)
- ROUND(68,e,f,g,h,a,b,c,d)
- ROUND(69,d,e,f,g,h,a,b,c)
- ROUND(70,c,d,e,f,g,h,a,b)
- ROUND(71,b,c,d,e,f,g,h,a)
-
- ROUND(72,a,b,c,d,e,f,g,h)
- ROUND(73,h,a,b,c,d,e,f,g)
- ROUND(74,g,h,a,b,c,d,e,f)
- ROUND(75,f,g,h,a,b,c,d,e)
- ROUND(76,e,f,g,h,a,b,c,d)
- ROUND(77,d,e,f,g,h,a,b,c)
- ROUND(78,c,d,e,f,g,h,a,b)
- ROUND(79,b,c,d,e,f,g,h,a)
-#endif
-
- ADDTO(a,H[0]);
- ADDTO(b,H[1]);
- ADDTO(c,H[2]);
- ADDTO(d,H[3]);
- ADDTO(e,H[4]);
- ADDTO(f,H[5]);
- ADDTO(g,H[6]);
- ADDTO(h,H[7]);
- }
-}
-
-void
-SHA512_Update(SHA512Context *ctx, const unsigned char *input,
- unsigned int inputLen)
-{
- unsigned int inBuf;
- if (!inputLen)
- return;
-
-#if defined(HAVE_LONG_LONG)
- inBuf = (unsigned int)ctx->sizeLo & 0x7f;
- /* Add inputLen into the count of bytes processed, before processing */
- ctx->sizeLo += inputLen;
-#else
- inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
- ctx->sizeLo.lo += inputLen;
- if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
-#endif
-
- /* if data already in buffer, attemp to fill rest of buffer */
- if (inBuf) {
- unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
- if (inputLen < todo)
- todo = inputLen;
- memcpy(B + inBuf, input, todo);
- input += todo;
- inputLen -= todo;
- if (inBuf + todo == SHA512_BLOCK_LENGTH)
- SHA512_Compress(ctx);
- }
-
- /* if enough data to fill one or more whole buffers, process them. */
- while (inputLen >= SHA512_BLOCK_LENGTH) {
- memcpy(B, input, SHA512_BLOCK_LENGTH);
- input += SHA512_BLOCK_LENGTH;
- inputLen -= SHA512_BLOCK_LENGTH;
- SHA512_Compress(ctx);
- }
- /* if data left over, fill it into buffer */
- if (inputLen)
- memcpy(B, input, inputLen);
-}
-
-void
-SHA512_End(SHA512Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
-#if defined(HAVE_LONG_LONG)
- unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
- unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
- PRUint64 lo, t1;
- lo = (ctx->sizeLo << 3);
-#else
- unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
- unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
- PRUint64 lo = ctx->sizeLo;
- PRUint32 t1;
- lo.lo <<= 3;
-#endif
-
- SHA512_Update(ctx, pad, padLen);
-
-#if defined(HAVE_LONG_LONG)
- W[14] = 0;
-#else
- W[14].lo = 0;
- W[14].hi = 0;
-#endif
-
- W[15] = lo;
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP8(W[15]);
-#endif
- SHA512_Compress(ctx);
-
- /* now output the answer */
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP8(H[0]);
- BYTESWAP8(H[1]);
- BYTESWAP8(H[2]);
- BYTESWAP8(H[3]);
- BYTESWAP8(H[4]);
- BYTESWAP8(H[5]);
- BYTESWAP8(H[6]);
- BYTESWAP8(H[7]);
-#endif
- padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
- memcpy(digest, H, padLen);
- if (digestLen)
- *digestLen = padLen;
-}
-
-SECStatus
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length)
-{
- SHA512Context ctx;
- unsigned int outLen;
-
- SHA512_Begin(&ctx);
- SHA512_Update(&ctx, src, src_length);
- SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
-
- return SECSuccess;
-}
-
-
-SECStatus
-SHA512_Hash(unsigned char *dest, const char *src)
-{
- return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
-}
-
-
-void SHA512_TraceState(SHA512Context *ctx) { }
-
-unsigned int
-SHA512_FlattenSize(SHA512Context *ctx)
-{
- return sizeof *ctx;
-}
-
-SECStatus
-SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
-{
- PORT_Memcpy(space, ctx, sizeof *ctx);
- return SECSuccess;
-}
-
-SHA512Context *
-SHA512_Resurrect(unsigned char *space, void *arg)
-{
- SHA512Context *ctx = SHA512_NewContext();
- if (ctx)
- PORT_Memcpy(ctx, space, sizeof *ctx);
- return ctx;
-}
-
-void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
-{
- memcpy(dest, src, sizeof *dest);
-}
-
-/* ======================================================================= */
-/* SHA384 uses a SHA512Context as the real context.
-** The only differences between SHA384 an SHA512 are:
-** a) the intialization values for the context, and
-** b) the number of bytes of data produced as output.
-*/
-
-/* SHA-384 initial hash values */
-static const PRUint64 H384[8] = {
-#if PR_BYTES_PER_LONG == 8
- 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,
- 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,
- 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,
- 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL
-#else
- ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),
- ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),
- ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),
- ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
-#endif
-};
-
-SHA384Context *
-SHA384_NewContext(void)
-{
- return SHA512_NewContext();
-}
-
-void
-SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
-{
- SHA512_DestroyContext(ctx, freeit);
-}
-
-void
-SHA384_Begin(SHA384Context *ctx)
-{
- memset(ctx, 0, sizeof *ctx);
- memcpy(H, H384, sizeof H384);
-}
-
-void
-SHA384_Update(SHA384Context *ctx, const unsigned char *input,
- unsigned int inputLen)
-{
- SHA512_Update(ctx, input, inputLen);
-}
-
-void
-SHA384_End(SHA384Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
-#define SHA_MIN(a,b) (a < b ? a : b)
- unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
- SHA512_End(ctx, digest, digestLen, maxLen);
-}
-
-SECStatus
-SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length)
-{
- SHA512Context ctx;
- unsigned int outLen;
-
- SHA384_Begin(&ctx);
- SHA512_Update(&ctx, src, src_length);
- SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
-
- return SECSuccess;
-}
-
-SECStatus
-SHA384_Hash(unsigned char *dest, const char *src)
-{
- return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
-}
-
-void SHA384_TraceState(SHA384Context *ctx) { }
-
-unsigned int
-SHA384_FlattenSize(SHA384Context *ctx)
-{
- return sizeof(SHA384Context);
-}
-
-SECStatus
-SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
-{
- return SHA512_Flatten(ctx, space);
-}
-
-SHA384Context *
-SHA384_Resurrect(unsigned char *space, void *arg)
-{
- return SHA512_Resurrect(space, arg);
-}
-
-void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
-{
- memcpy(dest, src, sizeof *dest);
-}
-#endif /* Comment out unused code. */
-
-/* ======================================================================= */
-#ifdef SELFTEST
-#include <stdio.h>
-
-static const char abc[] = { "abc" };
-static const char abcdbc[] = {
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-};
-static const char abcdef[] = {
- "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
-};
-
-void
-dumpHash32(const unsigned char *buf, unsigned int bufLen)
-{
- unsigned int i;
- for (i = 0; i < bufLen; i += 4) {
- printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
- }
- printf("\n");
-}
-
-void test256(void)
-{
- unsigned char outBuf[SHA256_LENGTH];
-
- printf("SHA256, input = %s\n", abc);
- SHA256_Hash(outBuf, abc);
- dumpHash32(outBuf, sizeof outBuf);
-
- printf("SHA256, input = %s\n", abcdbc);
- SHA256_Hash(outBuf, abcdbc);
- dumpHash32(outBuf, sizeof outBuf);
-}
-
-void
-dumpHash64(const unsigned char *buf, unsigned int bufLen)
-{
- unsigned int i;
- for (i = 0; i < bufLen; i += 8) {
- if (i % 32 == 0)
- printf("\n");
- printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
- buf[i ], buf[i+1], buf[i+2], buf[i+3],
- buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
- }
- printf("\n");
-}
-
-void test512(void)
-{
- unsigned char outBuf[SHA512_LENGTH];
-
- printf("SHA512, input = %s\n", abc);
- SHA512_Hash(outBuf, abc);
- dumpHash64(outBuf, sizeof outBuf);
-
- printf("SHA512, input = %s\n", abcdef);
- SHA512_Hash(outBuf, abcdef);
- dumpHash64(outBuf, sizeof outBuf);
-}
-
-void time512(void)
-{
- unsigned char outBuf[SHA512_LENGTH];
-
- SHA512_Hash(outBuf, abc);
- SHA512_Hash(outBuf, abcdef);
-}
-
-void test384(void)
-{
- unsigned char outBuf[SHA384_LENGTH];
-
- printf("SHA384, input = %s\n", abc);
- SHA384_Hash(outBuf, abc);
- dumpHash64(outBuf, sizeof outBuf);
-
- printf("SHA384, input = %s\n", abcdef);
- SHA384_Hash(outBuf, abcdef);
- dumpHash64(outBuf, sizeof outBuf);
-}
-
-int main (int argc, char *argv[], char *envp[])
-{
- int i = 1;
- if (argc > 1) {
- i = atoi(argv[1]);
- }
- if (i < 2) {
- test256();
- test512();
- test384();
- } else {
- while (i-- > 0) {
- time512();
- }
- printf("done\n");
- }
- return 0;
-}
-
-#endif
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc
index 134c085..04c34c5 100644
--- a/net/cert/x509_util_nss.cc
+++ b/net/cert/x509_util_nss.cc
@@ -25,7 +25,6 @@
#include "crypto/nss_util_internal.h"
#include "crypto/rsa_private_key.h"
#include "crypto/scoped_nss_types.h"
-#include "crypto/third_party/nss/chromium-nss.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"
#include "net/cert/x509_util_nss.h"
diff --git a/third_party/boringssl/boringssl.gyp b/third_party/boringssl/boringssl.gyp
index f1a9384d..311fee4 100644
--- a/third_party/boringssl/boringssl.gyp
+++ b/third_party/boringssl/boringssl.gyp
@@ -8,6 +8,49 @@
],
'targets': [
{
+ 'target_name': 'boringssl_nacl_win64',
+ 'type': '<(component)',
+ 'sources': [
+ '<@(boringssl_crypto_sources)',
+ ],
+ 'defines': [
+ 'BORINGSSL_IMPLEMENTATION',
+ 'BORINGSSL_NO_STATIC_INITIALIZER',
+ 'OPENSSL_NO_ASM',
+ 'OPENSSL_SMALL',
+ ],
+ 'configurations': {
+ 'Common_Base': {
+ 'msvs_target_platform': 'x64',
+ },
+ },
+ # TODO(davidben): Fix size_t truncations in BoringSSL.
+ # https://crbug.com/429039
+ 'msvs_disabled_warnings': [ 4267, ],
+ 'conditions': [
+ ['component == "shared_library"', {
+ 'defines': [
+ 'BORINGSSL_SHARED_LIBRARY',
+ ],
+ }],
+ ],
+ 'include_dirs': [
+ 'src/include',
+ ],
+ 'direct_dependent_settings': {
+ 'include_dirs': [
+ 'src/include',
+ ],
+ 'conditions': [
+ ['component == "shared_library"', {
+ 'defines': [
+ 'BORINGSSL_SHARED_LIBRARY',
+ ],
+ }],
+ ],
+ },
+ },
+ {
'target_name': 'boringssl',
'type': '<(component)',
'sources': [