pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6de92f70b8
openssl-1_1/openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch

1468 lines
46 KiB
Diff
Raw Normal View History

Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
From 19bd1fa1ef17ff0ac071402cb6b002f1c29e37b9 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Thu, 19 Sep 2019 15:31:27 +0200
Subject: [PATCH] s390x assembly pack: accelerate X25519, X448, Ed25519 and
Ed448
using PCC and KDSA instructions.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
---
CHANGES | 4 +
crypto/dh/dh_pmeth.c | 14 +-
crypto/dsa/dsa_pmeth.c | 7 +-
crypto/ec/build.info | 2 +-
crypto/ec/ec_curve.c | 12 +-
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
crypto/ec/ec_local.h | 2 +-
Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
crypto/ec/ec_pmeth.c | 7 +-
crypto/ec/ecx_meth.c | 672 +++++++++++++++++++++++++++++-
crypto/err/openssl.txt | 6 +
crypto/evp/pkey_kdf.c | 20 +-
crypto/evp/pkey_mac.c | 28 +-
crypto/evp/pmeth_lib.c | 65 +--
crypto/include/internal/evp_int.h | 37 +-
crypto/rsa/rsa_pmeth.c | 14 +-
crypto/s390x_arch.h | 11 +
crypto/s390xcap.c | 12 +-
crypto/s390xcpuid.pl | 56 +++
crypto/sm2/sm2_pmeth.c | 7 +-
doc/man3/OPENSSL_s390xcap.pod | 8 +
include/openssl/ecerr.h | 6 +
20 files changed, 914 insertions(+), 76 deletions(-)
Index: openssl-1.1.1d/crypto/dh/dh_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/dh/dh_pmeth.c
+++ openssl-1.1.1d/crypto/dh/dh_pmeth.c
@@ -478,7 +478,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
return 0;
}
-const EVP_PKEY_METHOD dh_pkey_meth = {
+static const EVP_PKEY_METHOD dh_pkey_meth = {
EVP_PKEY_DH,
EVP_PKEY_FLAG_FIPS,
pkey_dh_init,
@@ -512,7 +512,12 @@ const EVP_PKEY_METHOD dh_pkey_meth = {
pkey_dh_ctrl_str
};
-const EVP_PKEY_METHOD dhx_pkey_meth = {
+const EVP_PKEY_METHOD *dh_pkey_method(void)
+{
+ return &dh_pkey_meth;
+}
+
+static const EVP_PKEY_METHOD dhx_pkey_meth = {
EVP_PKEY_DHX,
EVP_PKEY_FLAG_FIPS,
pkey_dh_init,
@@ -545,3 +550,8 @@ const EVP_PKEY_METHOD dhx_pkey_meth = {
pkey_dh_ctrl,
pkey_dh_ctrl_str
};
+
+const EVP_PKEY_METHOD *dhx_pkey_method(void)
+{
+ return &dhx_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/dsa/dsa_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/dsa/dsa_pmeth.c
+++ openssl-1.1.1d/crypto/dsa/dsa_pmeth.c
@@ -243,7 +243,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
return DSA_generate_key(pkey->pkey.dsa);
}
-const EVP_PKEY_METHOD dsa_pkey_meth = {
+static const EVP_PKEY_METHOD dsa_pkey_meth = {
EVP_PKEY_DSA,
EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
pkey_dsa_init,
@@ -275,3 +275,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = {
pkey_dsa_ctrl,
pkey_dsa_ctrl_str
};
+
+const EVP_PKEY_METHOD *dsa_pkey_method(void)
+{
+ return &dsa_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/ec/ec_curve.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_curve.c
+++ openssl-1.1.1d/crypto/ec/ec_curve.c
@@ -2830,7 +2830,7 @@ static const ec_list_element curve_list[
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
-# if defined(S390X_NISTP_ASM)
+# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
@@ -2838,7 +2838,7 @@ static const ec_list_element curve_list[
"NIST/SECG curve over a 384 bit prime field"},
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
-# if defined(S390X_NISTP_ASM)
+# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp521_method,
@@ -2863,7 +2863,7 @@ static const ec_list_element curve_list[
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
-# elif defined(S390X_NISTP_ASM)
+# elif defined(S390X_EC_ASM)
EC_GFp_s390x_nistp256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
Index: openssl-1.1.1d/crypto/ec/ec_local.h
Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
===================================================================
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
--- openssl-1.1.1d.orig/crypto/ec/ec_local.h
+++ openssl-1.1.1d/crypto/ec/ec_local.h
Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
@@ -595,7 +595,7 @@ int ec_group_simple_order_bits(const EC_
*/
const EC_METHOD *EC_GFp_nistz256_method(void);
#endif
-#ifdef S390X_NISTP_ASM
+#ifdef S390X_EC_ASM
const EC_METHOD *EC_GFp_s390x_nistp256_method(void);
const EC_METHOD *EC_GFp_s390x_nistp384_method(void);
const EC_METHOD *EC_GFp_s390x_nistp521_method(void);
Index: openssl-1.1.1d/crypto/ec/ec_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_pmeth.c
+++ openssl-1.1.1d/crypto/ec/ec_pmeth.c
@@ -436,7 +436,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
return ret ? EC_KEY_generate_key(ec) : 0;
}
-const EVP_PKEY_METHOD ec_pkey_meth = {
+static const EVP_PKEY_METHOD ec_pkey_meth = {
EVP_PKEY_EC,
EVP_PKEY_FLAG_FIPS,
pkey_ec_init,
@@ -474,3 +474,8 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
pkey_ec_ctrl,
pkey_ec_ctrl_str
};
+
+const EVP_PKEY_METHOD *ec_pkey_method(void)
+{
+ return &ec_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecx_meth.c
+++ openssl-1.1.1d/crypto/ec/ecx_meth.c
@@ -715,7 +715,7 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *c
return -2;
}
-const EVP_PKEY_METHOD ecx25519_pkey_meth = {
+static const EVP_PKEY_METHOD ecx25519_pkey_meth = {
EVP_PKEY_X25519,
0, 0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -725,7 +725,7 @@ const EVP_PKEY_METHOD ecx25519_pkey_meth
0
};
-const EVP_PKEY_METHOD ecx448_pkey_meth = {
+static const EVP_PKEY_METHOD ecx448_pkey_meth = {
EVP_PKEY_X448,
0, 0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -818,7 +818,7 @@ static int pkey_ecd_ctrl(EVP_PKEY_CTX *c
return -2;
}
-const EVP_PKEY_METHOD ed25519_pkey_meth = {
+static const EVP_PKEY_METHOD ed25519_pkey_meth = {
EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -829,7 +829,7 @@ const EVP_PKEY_METHOD ed25519_pkey_meth
pkey_ecd_digestverify25519
};
-const EVP_PKEY_METHOD ed448_pkey_meth = {
+static const EVP_PKEY_METHOD ed448_pkey_meth = {
EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -839,3 +839,667 @@ const EVP_PKEY_METHOD ed448_pkey_meth =
pkey_ecd_digestsign448,
pkey_ecd_digestverify448
};
+
+#ifdef S390X_EC_ASM
+# include "s390x_arch.h"
+
+static void s390x_x25519_mod_p(unsigned char u[32])
+{
+ unsigned char u_red[32];
+ unsigned int c = 0;
+ int i;
+
+ memcpy(u_red, u, sizeof(u_red));
+
+ c += (unsigned int)u_red[31] + 19;
+ u_red[31] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 30; c > 0 && i >= 0; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ if (u_red[0] & 0x80) {
+ u_red[0] &= 0x7f;
+ memcpy(u, u_red, sizeof(u_red));
+ }
+}
+
+static void s390x_x448_mod_p(unsigned char u[56])
+{
+ unsigned char u_red[56];
+ unsigned int c = 0;
+ int i;
+
+ memcpy(u_red, u, sizeof(u_red));
+
+ c += (unsigned int)u_red[55] + 1;
+ u_red[55] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 54; i >= 28; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ c += (unsigned int)u_red[27] + 1;
+ u_red[27] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 26; c > 0 && i >= 0; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ if (u_red[0] & 0x80) {
+ u_red[0] &= 0x7f;
+ memcpy(u, u_red, sizeof(u_red));
+ }
+}
+
+static int s390x_x25519_mul(unsigned char u_dst[32],
+ const unsigned char u_src[32],
+ const unsigned char d_src[32])
+{
+ union {
+ struct {
+ unsigned char u_dst[32];
+ unsigned char u_src[32];
+ unsigned char d_src[32];
+ } x25519;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ s390x_flip_endian32(param.x25519.u_src, u_src);
+ param.x25519.u_src[0] &= 0x7f;
+ s390x_x25519_mod_p(param.x25519.u_src);
+
+ s390x_flip_endian32(param.x25519.d_src, d_src);
+ param.x25519.d_src[31] &= 248;
+ param.x25519.d_src[0] &= 127;
+ param.x25519.d_src[0] |= 64;
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, &param.x25519) ? 0 : 1;
+ if (rc == 1)
+ s390x_flip_endian32(u_dst, param.x25519.u_dst);
+
+ OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src));
+ return rc;
+}
+
+static int s390x_x448_mul(unsigned char u_dst[56],
+ const unsigned char u_src[56],
+ const unsigned char d_src[56])
+{
+ union {
+ struct {
+ unsigned char u_dst[64];
+ unsigned char u_src[64];
+ unsigned char d_src[64];
+ } x448;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ memcpy(param.x448.u_src, u_src, 56);
+ memcpy(param.x448.d_src, d_src, 56);
+
+ s390x_flip_endian64(param.x448.u_src, param.x448.u_src);
+ s390x_x448_mod_p(param.x448.u_src);
+
+ s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
+ param.x448.d_src[63] &= 252;
+ param.x448.d_src[8] |= 128;
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, &param.x448) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst);
+ memcpy(u_dst, param.x448.u_dst, 56);
+ }
+
+ OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src));
+ return rc;
+}
+
+static int s390x_ed25519_mul(unsigned char x_dst[32],
+ unsigned char y_dst[32],
+ const unsigned char x_src[32],
+ const unsigned char y_src[32],
+ const unsigned char d_src[32])
+{
+ union {
+ struct {
+ unsigned char x_dst[32];
+ unsigned char y_dst[32];
+ unsigned char x_src[32];
+ unsigned char y_src[32];
+ unsigned char d_src[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ s390x_flip_endian32(param.ed25519.x_src, x_src);
+ s390x_flip_endian32(param.ed25519.y_src, y_src);
+ s390x_flip_endian32(param.ed25519.d_src, d_src);
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, &param.ed25519) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian32(x_dst, param.ed25519.x_dst);
+ s390x_flip_endian32(y_dst, param.ed25519.y_dst);
+ }
+
+ OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src));
+ return rc;
+}
+
+static int s390x_ed448_mul(unsigned char x_dst[57],
+ unsigned char y_dst[57],
+ const unsigned char x_src[57],
+ const unsigned char y_src[57],
+ const unsigned char d_src[57])
+{
+ union {
+ struct {
+ unsigned char x_dst[64];
+ unsigned char y_dst[64];
+ unsigned char x_src[64];
+ unsigned char y_src[64];
+ unsigned char d_src[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ memcpy(param.ed448.x_src, x_src, 57);
+ memcpy(param.ed448.y_src, y_src, 57);
+ memcpy(param.ed448.d_src, d_src, 57);
+ s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src);
+ s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src);
+ s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src);
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, &param.ed448) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst);
+ s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst);
+ memcpy(x_dst, param.ed448.x_dst, 57);
+ memcpy(y_dst, param.ed448.y_dst, 57);
+ }
+
+ OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src));
+ return rc;
+}
+
+static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator[] = {
+ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(X25519_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, X25519_KEYLEN) <= 0)
+ goto err;
+
+ privkey[0] &= 248;
+ privkey[31] &= 127;
+ privkey[31] |= 64;
+
+ if (s390x_x25519_mul(pubkey, generator, privkey) != 1)
+ goto err;
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, X25519_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ return 0;
+}
+
+static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator[] = {
+ 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(X448_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, X448_KEYLEN) <= 0)
+ goto err;
+
+ privkey[0] &= 252;
+ privkey[55] |= 128;
+
+ if (s390x_x448_mul(pubkey, generator, privkey) != 1)
+ goto err;
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, X448_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ return 0;
+}
+
+static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator_x[] = {
+ 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95,
+ 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
+ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
+ };
+ static const unsigned char generator_y[] = {
+ 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ };
+ unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH];
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(ED25519_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0)
+ goto err;
+
+ SHA512(privkey, 32, buff);
+ buff[0] &= 248;
+ buff[31] &= 63;
+ buff[31] |= 64;
+
+ if (s390x_ed25519_mul(x_dst, pubkey,
+ generator_x, generator_y, buff) != 1)
+ goto err;
+
+ pubkey[31] |= ((x_dst[0] & 0x01) << 7);
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, ED25519_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ return 0;
+}
+
+static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator_x[] = {
+ 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b,
+ 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12,
+ 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47,
+ 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22,
+ 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00
+ };
+ static const unsigned char generator_y[] = {
+ 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e,
+ 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a,
+ 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c,
+ 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88,
+ 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00
+ };
+ unsigned char x_dst[57], buff[114];
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+ EVP_MD_CTX *hashctx = NULL;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(ED448_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, ED448_KEYLEN) <= 0)
+ goto err;
+
+ hashctx = EVP_MD_CTX_new();
+ if (hashctx == NULL)
+ goto err;
+ if (EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) != 1)
+ goto err;
+ if (EVP_DigestUpdate(hashctx, privkey, 57) != 1)
+ goto err;
+ if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1)
+ goto err;
+
+ buff[0] &= -4;
+ buff[55] |= 0x80;
+ buff[56] = 0;
+
+ if (s390x_ed448_mul(x_dst, pubkey,
+ generator_x, generator_y, buff) != 1)
+ goto err;
+
+ pubkey[56] |= ((x_dst[0] & 0x01) << 7);
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ EVP_MD_CTX_free(hashctx);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, ED448_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ EVP_MD_CTX_free(hashctx);
+ return 0;
+}
+
+static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ const unsigned char *privkey, *pubkey;
+
+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+ return 0;
+
+ if (key != NULL)
+ return s390x_x25519_mul(key, pubkey, privkey);
+
+ *keylen = X25519_KEYLEN;
+ return 1;
+}
+
+static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ const unsigned char *privkey, *pubkey;
+
+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+ return 0;
+
+ if (key != NULL)
+ return s390x_x448_mul(key, pubkey, privkey);
+
+ *keylen = X448_KEYLEN;
+ return 1;
+}
+
+static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[64];
+ unsigned char priv[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ int rc;
+
+ if (sig == NULL) {
+ *siglen = ED25519_SIGSIZE;
+ return 1;
+ }
+
+ if (*siglen < ED25519_SIGSIZE) {
+ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ memset(&param, 0, sizeof(param));
+ memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv));
+
+ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, &param.ed25519, tbs, tbslen);
+ OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv));
+ if (rc != 0)
+ return 0;
+
+ s390x_flip_endian32(sig, param.ed25519.sig);
+ s390x_flip_endian32(sig + 32, param.ed25519.sig + 32);
+
+ *siglen = ED25519_SIGSIZE;
+ return 1;
+}
+
+static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[128];
+ unsigned char priv[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ int rc;
+
+ if (sig == NULL) {
+ *siglen = ED448_SIGSIZE;
+ return 1;
+ }
+
+ if (*siglen < ED448_SIGSIZE) {
+ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ memset(&param, 0, sizeof(param));
+ memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57);
+
+ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, &param.ed448, tbs, tbslen);
+ OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv));
+ if (rc != 0)
+ return 0;
+
+ s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
+ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
+ memcpy(sig, param.ed448.sig, 57);
+ memcpy(sig + 57, param.ed448.sig + 64, 57);
+
+ *siglen = ED448_SIGSIZE;
+ return 1;
+}
+
+static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[64];
+ unsigned char pub[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+ if (siglen != ED25519_SIGSIZE)
+ return 0;
+
+ memset(&param, 0, sizeof(param));
+ s390x_flip_endian32(param.ed25519.sig, sig);
+ s390x_flip_endian32(param.ed25519.sig + 32, sig + 32);
+ s390x_flip_endian32(param.ed25519.pub, edkey->pubkey);
+
+ return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519,
+ &param.ed25519, tbs, tbslen) == 0 ? 1 : 0;
+}
+
+static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[128];
+ unsigned char pub[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+ if (siglen != ED448_SIGSIZE)
+ return 0;
+
+ memset(&param, 0, sizeof(param));
+ memcpy(param.ed448.sig, sig, 57);
+ s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
+ memcpy(param.ed448.sig + 64, sig + 57, 57);
+ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
+ memcpy(param.ed448.pub, edkey->pubkey, 57);
+ s390x_flip_endian64(param.ed448.pub, param.ed448.pub);
+
+ return s390x_kdsa(S390X_EDDSA_VERIFY_ED448,
+ &param.ed448, tbs, tbslen) == 0 ? 1 : 0;
+}
+
+static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = {
+ EVP_PKEY_X25519,
+ 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_keygen25519,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_derive25519,
+ pkey_ecx_ctrl,
+ 0
+};
+
+static const EVP_PKEY_METHOD ecx448_s390x_pkey_meth = {
+ EVP_PKEY_X448,
+ 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_keygen448,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_derive448,
+ pkey_ecx_ctrl,
+ 0
+};
+static const EVP_PKEY_METHOD ed25519_s390x_pkey_meth = {
+ EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+ 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecd_keygen25519,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ pkey_ecd_ctrl,
+ 0,
+ s390x_pkey_ecd_digestsign25519,
+ s390x_pkey_ecd_digestverify25519
+};
+
+static const EVP_PKEY_METHOD ed448_s390x_pkey_meth = {
+ EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+ 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecd_keygen448,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ pkey_ecd_ctrl,
+ 0,
+ s390x_pkey_ecd_digestsign448,
+ s390x_pkey_ecd_digestverify448
+};
+#endif
+
+const EVP_PKEY_METHOD *ecx25519_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519))
+ return &ecx25519_s390x_pkey_meth;
+#endif
+ return &ecx25519_pkey_meth;
+}
+
+const EVP_PKEY_METHOD *ecx448_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448))
+ return &ecx448_s390x_pkey_meth;
+#endif
+ return &ecx448_pkey_meth;
+}
+
+const EVP_PKEY_METHOD *ed25519_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
+ && OPENSSL_s390xcap_P.kdsa[0]
+ & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519))
+ return &ed25519_s390x_pkey_meth;
+#endif
+ return &ed25519_pkey_meth;
+}
+
+const EVP_PKEY_METHOD *ed448_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448)
+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448))
+ return &ed448_s390x_pkey_meth;
+#endif
+ return &ed448_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
+++ openssl-1.1.1d/crypto/err/openssl.txt
@@ -678,6 +678,12 @@ EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_
EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen
EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen
EC_F_PKEY_EC_SIGN:218:pkey_ec_sign
+EC_F_S390X_PKEY_ECD_DIGESTSIGN25519:303:s390x_pkey_ecd_digestsign25519
+EC_F_S390X_PKEY_ECD_DIGESTSIGN448:304:s390x_pkey_ecd_digestsign448
+EC_F_S390X_PKEY_ECD_KEYGEN25519:305:s390x_pkey_ecd_keygen25519
+EC_F_S390X_PKEY_ECD_KEYGEN448:306:s390x_pkey_ecd_keygen448
+EC_F_S390X_PKEY_ECX_KEYGEN25519:307:s390x_pkey_ecx_keygen25519
+EC_F_S390X_PKEY_ECX_KEYGEN448:308:s390x_pkey_ecx_keygen448
EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive
ENGINE_F_DIGEST_UPDATE:198:digest_update
ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl
Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/pkey_kdf.c
+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c
@@ -162,7 +162,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX
}
#ifndef OPENSSL_NO_SCRYPT
-const EVP_PKEY_METHOD scrypt_pkey_meth = {
+static const EVP_PKEY_METHOD scrypt_pkey_meth = {
EVP_PKEY_SCRYPT,
0,
pkey_kdf_init,
@@ -191,9 +191,14 @@ const EVP_PKEY_METHOD scrypt_pkey_meth =
pkey_kdf_ctrl,
pkey_kdf_ctrl_str
};
+
+const EVP_PKEY_METHOD *scrypt_pkey_method(void)
+{
+ return &scrypt_pkey_meth;
+}
#endif
-const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+static const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
EVP_PKEY_TLS1_PRF,
EVP_PKEY_FLAG_FIPS,
pkey_kdf_init,
@@ -223,7 +228,12 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth
pkey_kdf_ctrl_str
};
-const EVP_PKEY_METHOD hkdf_pkey_meth = {
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void)
+{
+ return &tls1_prf_pkey_meth;
+}
+
+static const EVP_PKEY_METHOD hkdf_pkey_meth = {
EVP_PKEY_HKDF,
EVP_PKEY_FLAG_FIPS,
pkey_kdf_init,
@@ -253,3 +263,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
pkey_kdf_ctrl_str
};
+const EVP_PKEY_METHOD *hkdf_pkey_method(void)
+{
+ return &hkdf_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/pmeth_lib.c
+++ openssl-1.1.1d/crypto/evp/pmeth_lib.c
@@ -17,60 +17,67 @@
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
#include "crypto/evp.h"
Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
#include "internal/numbers.h"
+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
/* This array needs to be in order of NIDs */
-static const EVP_PKEY_METHOD *standard_methods[] = {
+static pmeth_fn standard_methods[] = {
#ifndef OPENSSL_NO_RSA
- &rsa_pkey_meth,
+ rsa_pkey_method,
#endif
#ifndef OPENSSL_NO_DH
- &dh_pkey_meth,
+ dh_pkey_method,
#endif
#ifndef OPENSSL_NO_DSA
- &dsa_pkey_meth,
+ dsa_pkey_method,
#endif
#ifndef OPENSSL_NO_EC
- &ec_pkey_meth,
+ ec_pkey_method,
#endif
- &hmac_pkey_meth,
+ hmac_pkey_method,
#ifndef OPENSSL_NO_CMAC
- &cmac_pkey_meth,
+ cmac_pkey_method,
#endif
#ifndef OPENSSL_NO_RSA
- &rsa_pss_pkey_meth,
+ rsa_pss_pkey_method,
#endif
#ifndef OPENSSL_NO_DH
- &dhx_pkey_meth,
+ dhx_pkey_method,
#endif
#ifndef OPENSSL_NO_SCRYPT
- &scrypt_pkey_meth,
+ scrypt_pkey_method,
#endif
- &tls1_prf_pkey_meth,
+ tls1_prf_pkey_method,
#ifndef OPENSSL_NO_EC
- &ecx25519_pkey_meth,
- &ecx448_pkey_meth,
+ ecx25519_pkey_method,
+ ecx448_pkey_method,
#endif
- &hkdf_pkey_meth,
+ hkdf_pkey_method,
#ifndef OPENSSL_NO_POLY1305
- &poly1305_pkey_meth,
+ poly1305_pkey_method,
#endif
#ifndef OPENSSL_NO_SIPHASH
- &siphash_pkey_meth,
+ siphash_pkey_method,
#endif
#ifndef OPENSSL_NO_EC
- &ed25519_pkey_meth,
- &ed448_pkey_meth,
+ ed25519_pkey_method,
+ ed448_pkey_method,
#endif
#ifndef OPENSSL_NO_SM2
- &sm2_pkey_meth,
+ sm2_pkey_method,
#endif
};
-DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
- pmeth);
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
+
+static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b)
+{
+ return ((*a)->pkey_id - ((**b)())->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
const EVP_PKEY_METHOD *const *b)
@@ -78,13 +85,11 @@ static int pmeth_cmp(const EVP_PKEY_METH
return ((*a)->pkey_id - (*b)->pkey_id);
}
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
- pmeth);
-
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
{
+ pmeth_fn *ret;
EVP_PKEY_METHOD tmp;
- const EVP_PKEY_METHOD *t = &tmp, **ret;
+ const EVP_PKEY_METHOD *t = &tmp;
tmp.pkey_id = type;
if (app_pkey_methods) {
int idx;
@@ -92,12 +97,12 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_fin
if (idx >= 0)
return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
}
- ret = OBJ_bsearch_pmeth(&t, standard_methods,
- sizeof(standard_methods) /
- sizeof(EVP_PKEY_METHOD *));
+ ret = OBJ_bsearch_pmeth_func(&t, standard_methods,
+ sizeof(standard_methods) /
+ sizeof(pmeth_fn));
if (!ret || !*ret)
return NULL;
- return *ret;
+ return (**ret)();
}
static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
@@ -348,7 +353,7 @@ size_t EVP_PKEY_meth_get_count(void)
const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
{
if (idx < OSSL_NELEM(standard_methods))
- return standard_methods[idx];
+ return (standard_methods[idx])();
if (app_pkey_methods == NULL)
return NULL;
idx -= OSSL_NELEM(standard_methods);
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
Index: openssl-1.1.1d/include/crypto/evp.h
Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
===================================================================
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
--- openssl-1.1.1d.orig/include/crypto/evp.h
+++ openssl-1.1.1d/include/crypto/evp.h
Accepting request 768077 from home:pmonrealgonzalez:branches:security:tls - Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575] - Add patches: * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch OBS-URL: https://build.opensuse.org/request/show/768077 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=55
2020-01-28 17:00:58 +01:00
@@ -93,24 +93,24 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
-extern const EVP_PKEY_METHOD cmac_pkey_meth;
-extern const EVP_PKEY_METHOD dh_pkey_meth;
-extern const EVP_PKEY_METHOD dhx_pkey_meth;
-extern const EVP_PKEY_METHOD dsa_pkey_meth;
-extern const EVP_PKEY_METHOD ec_pkey_meth;
-extern const EVP_PKEY_METHOD sm2_pkey_meth;
-extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
-extern const EVP_PKEY_METHOD ecx448_pkey_meth;
-extern const EVP_PKEY_METHOD ed25519_pkey_meth;
-extern const EVP_PKEY_METHOD ed448_pkey_meth;
-extern const EVP_PKEY_METHOD hmac_pkey_meth;
-extern const EVP_PKEY_METHOD rsa_pkey_meth;
-extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
-extern const EVP_PKEY_METHOD scrypt_pkey_meth;
-extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
-extern const EVP_PKEY_METHOD hkdf_pkey_meth;
-extern const EVP_PKEY_METHOD poly1305_pkey_meth;
-extern const EVP_PKEY_METHOD siphash_pkey_meth;
+const EVP_PKEY_METHOD *cmac_pkey_method(void);
+const EVP_PKEY_METHOD *dh_pkey_method(void);
+const EVP_PKEY_METHOD *dhx_pkey_method(void);
+const EVP_PKEY_METHOD *dsa_pkey_method(void);
+const EVP_PKEY_METHOD *ec_pkey_method(void);
+const EVP_PKEY_METHOD *sm2_pkey_method(void);
+const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
+const EVP_PKEY_METHOD *ecx448_pkey_method(void);
+const EVP_PKEY_METHOD *ed25519_pkey_method(void);
+const EVP_PKEY_METHOD *ed448_pkey_method(void);
+const EVP_PKEY_METHOD *hmac_pkey_method(void);
+const EVP_PKEY_METHOD *rsa_pkey_method(void);
+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void);
+const EVP_PKEY_METHOD *scrypt_pkey_method(void);
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void);
+const EVP_PKEY_METHOD *hkdf_pkey_method(void);
+const EVP_PKEY_METHOD *poly1305_pkey_method(void);
+const EVP_PKEY_METHOD *siphash_pkey_method(void);
/* struct evp_kdf_impl_st is defined by the implementation */
typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
@@ -396,6 +396,7 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
#define X25519_KEYLEN 32
#define X448_KEYLEN 56
+#define ED25519_KEYLEN 32
#define ED448_KEYLEN 57
#define MAX_KEYLEN ED448_KEYLEN
Index: openssl-1.1.1d/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.1.1d/crypto/rsa/rsa_pmeth.c
@@ -754,7 +754,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
return ret;
}
-const EVP_PKEY_METHOD rsa_pkey_meth = {
+static const EVP_PKEY_METHOD rsa_pkey_meth = {
EVP_PKEY_RSA,
EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
pkey_rsa_init,
@@ -789,6 +789,11 @@ const EVP_PKEY_METHOD rsa_pkey_meth = {
pkey_rsa_ctrl_str
};
+const EVP_PKEY_METHOD *rsa_pkey_method(void)
+{
+ return &rsa_pkey_meth;
+}
+
/*
* Called for PSS sign or verify initialisation: checks PSS parameter
* sanity and sets any restrictions on key usage.
@@ -836,7 +841,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *c
return 1;
}
-const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+static const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
EVP_PKEY_RSA_PSS,
EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
pkey_rsa_init,
@@ -859,3 +864,8 @@ const EVP_PKEY_METHOD rsa_pss_pkey_meth
pkey_rsa_ctrl,
pkey_rsa_ctrl_str
};
+
+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void)
+{
+ return &rsa_pss_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
+++ openssl-1.1.1d/crypto/s390x_arch.h
@@ -30,6 +30,9 @@ int s390x_pcc(unsigned int fc, void *par
int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in,
size_t len);
+void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]);
+void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]);
+
/*
* The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
* the STFLE instruction followed by the 64-bit word pairs returned by
@@ -123,6 +126,10 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_SCALAR_MULTIPLY_P256 64
# define S390X_SCALAR_MULTIPLY_P384 65
# define S390X_SCALAR_MULTIPLY_P521 66
+# define S390X_SCALAR_MULTIPLY_ED25519 72
+# define S390X_SCALAR_MULTIPLY_ED448 73
+# define S390X_SCALAR_MULTIPLY_X25519 80
+# define S390X_SCALAR_MULTIPLY_X448 81
/* kdsa */
# define S390X_ECDSA_VERIFY_P256 1
@@ -131,6 +138,10 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_ECDSA_SIGN_P256 9
# define S390X_ECDSA_SIGN_P384 10
# define S390X_ECDSA_SIGN_P521 11
+# define S390X_EDDSA_VERIFY_ED25519 32
+# define S390X_EDDSA_VERIFY_ED448 36
+# define S390X_EDDSA_SIGN_ED25519 40
+# define S390X_EDDSA_SIGN_ED448 44
/* Register 0 Flags */
# define S390X_DECRYPT 0x80
Index: openssl-1.1.1d/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcap.c
+++ openssl-1.1.1d/crypto/s390xcap.c
@@ -615,14 +615,22 @@ static int parse_env(struct OPENSSL_s390
/*.pcc = */{S390X_CAPBIT(S390X_QUERY),
S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
| S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)},
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)},
/*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P521)
| S390X_CAPBIT(S390X_ECDSA_SIGN_P256)
| S390X_CAPBIT(S390X_ECDSA_SIGN_P384)
- | S390X_CAPBIT(S390X_ECDSA_SIGN_P521),
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521)
+ | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519)
+ | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448)
+ | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
+ | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448),
0ULL},
};
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
@@ -493,6 +493,62 @@ s390x_kdsa:
___
}
+################
+# void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32])
+{
+my ($dst,$src) = map("%r$_",(2..3));
+$code.=<<___;
+.globl s390x_flip_endian32
+.type s390x_flip_endian32,\@function
+.align 16
+s390x_flip_endian32:
+ lrvg %r0,0(%r0,$src)
+ lrvg %r1,8(%r0,$src)
+ lrvg %r4,16(%r0,$src)
+ lrvg %r5,24(%r0,$src)
+ stg %r0,24(%r0,$dst)
+ stg %r1,16(%r0,$dst)
+ stg %r4,8(%r0,$dst)
+ stg %r5,0(%r0,$dst)
+ br $ra
+.size s390x_flip_endian32,.-s390x_flip_endian32
+___
+}
+
+################
+# void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64])
+{
+my ($dst,$src) = map("%r$_",(2..3));
+$code.=<<___;
+.globl s390x_flip_endian64
+.type s390x_flip_endian64,\@function
+.align 16
+s390x_flip_endian64:
+ stmg %r6,%r9,6*$SIZE_T($sp)
+
+ lrvg %r0,0(%r0,$src)
+ lrvg %r1,8(%r0,$src)
+ lrvg %r4,16(%r0,$src)
+ lrvg %r5,24(%r0,$src)
+ lrvg %r6,32(%r0,$src)
+ lrvg %r7,40(%r0,$src)
+ lrvg %r8,48(%r0,$src)
+ lrvg %r9,56(%r0,$src)
+ stg %r0,56(%r0,$dst)
+ stg %r1,48(%r0,$dst)
+ stg %r4,40(%r0,$dst)
+ stg %r5,32(%r0,$dst)
+ stg %r6,24(%r0,$dst)
+ stg %r7,16(%r0,$dst)
+ stg %r8,8(%r0,$dst)
+ stg %r9,0(%r0,$dst)
+
+ lmg %r6,%r9,6*$SIZE_T($sp)
+ br $ra
+.size s390x_flip_endian64,.-s390x_flip_endian64
+___
+}
+
$code.=<<___;
.section .init
brasl $ra,OPENSSL_cpuid_setup
Index: openssl-1.1.1d/crypto/sm2/sm2_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/sm2/sm2_pmeth.c
+++ openssl-1.1.1d/crypto/sm2/sm2_pmeth.c
@@ -283,7 +283,7 @@ static int pkey_sm2_digest_custom(EVP_PK
return EVP_DigestUpdate(mctx, z, (size_t)mdlen);
}
-const EVP_PKEY_METHOD sm2_pkey_meth = {
+static const EVP_PKEY_METHOD sm2_pkey_meth = {
EVP_PKEY_SM2,
0,
pkey_sm2_init,
@@ -323,3 +323,8 @@ const EVP_PKEY_METHOD sm2_pkey_meth = {
pkey_sm2_digest_custom
};
+
+const EVP_PKEY_METHOD *sm2_pkey_method(void)
+{
+ return &sm2_pkey_meth;
+}
Index: openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
===================================================================
--- openssl-1.1.1d.orig/doc/man3/OPENSSL_s390xcap.pod
+++ openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
@@ -159,6 +159,10 @@ Disables the KM-XTS-AES and and the KIMD
# 64 1<<63 PCC-Scalar-Multiply-P256
# 65 1<<62 PCC-Scalar-Multiply-P384
# 66 1<<61 PCC-Scalar-Multiply-P521
+ # 72 1<<55 PCC-Scalar-Multiply-Ed25519
+ # 73 1<<54 PCC-Scalar-Multiply-Ed448
+ # 80 1<<47 PCC-Scalar-Multiply-X25519
+ # 81 1<<46 PCC-Scalar-Multiply-X448
kdsa :
# 1 1<<62 KDSA-ECDSA-Verify-P256
@@ -167,6 +171,10 @@ Disables the KM-XTS-AES and and the KIMD
# 9 1<<54 KDSA-ECDSA-Sign-P256
# 10 1<<53 KDSA-ECDSA-Sign-P384
# 11 1<<52 KDSA-ECDSA-Sign-P521
+ # 32 1<<31 KDSA-EdDSA-Verify-Ed25519
+ # 36 1<<27 KDSA-EdDSA-Verify-Ed448
+ # 40 1<<23 KDSA-EdDSA-Sign-Ed25519
+ # 44 1<<19 KDSA-EdDSA-Sign-Ed448
:
=head1 RETURN VALUES
Index: openssl-1.1.1d/include/openssl/ecerr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
+++ openssl-1.1.1d/include/openssl/ecerr.h
@@ -206,6 +206,12 @@ int ERR_load_EC_strings(void);
# define EC_F_PKEY_EC_KEYGEN 199
# define EC_F_PKEY_EC_PARAMGEN 219
# define EC_F_PKEY_EC_SIGN 218
+# define EC_F_S390X_PKEY_ECD_DIGESTSIGN25519 303
+# define EC_F_S390X_PKEY_ECD_DIGESTSIGN448 304
+# define EC_F_S390X_PKEY_ECD_KEYGEN25519 305
+# define EC_F_S390X_PKEY_ECD_KEYGEN448 306
+# define EC_F_S390X_PKEY_ECX_KEYGEN25519 307
+# define EC_F_S390X_PKEY_ECX_KEYGEN448 308
# define EC_F_VALIDATE_ECX_DERIVE 278
/*
Index: openssl-1.1.1d/Configure
===================================================================
--- openssl-1.1.1d.orig/Configure
+++ openssl-1.1.1d/Configure
@@ -1401,7 +1401,7 @@ unless ($disabled{asm}) {
push @{$config{lib_defines}}, "X25519_ASM";
}
if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) {
- push @{$config{lib_defines}}, "S390X_NISTP_ASM";
+ push @{$config{lib_defines}}, "S390X_EC_ASM";
}
if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
push @{$config{dso_defines}}, "PADLOCK_ASM";
Index: openssl-1.1.1d/crypto/cmac/cm_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/cmac/cm_pmeth.c
+++ openssl-1.1.1d/crypto/cmac/cm_pmeth.c
@@ -127,7 +127,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
return -2;
}
-const EVP_PKEY_METHOD cmac_pkey_meth = {
+static const EVP_PKEY_METHOD cmac_pkey_meth = {
EVP_PKEY_CMAC,
EVP_PKEY_FLAG_SIGCTX_CUSTOM | EVP_PKEY_FLAG_FIPS,
pkey_cmac_init,
@@ -159,3 +159,8 @@ const EVP_PKEY_METHOD cmac_pkey_meth = {
pkey_cmac_ctrl,
pkey_cmac_ctrl_str
};
+
+const EVP_PKEY_METHOD *cmac_pkey_method(void)
+{
+ return &cmac_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/hmac/hm_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/hmac/hm_pmeth.c
+++ openssl-1.1.1d/crypto/hmac/hm_pmeth.c
@@ -178,7 +178,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
return -2;
}
-const EVP_PKEY_METHOD hmac_pkey_meth = {
+static const EVP_PKEY_METHOD hmac_pkey_meth = {
EVP_PKEY_HMAC,
EVP_PKEY_FLAG_FIPS,
pkey_hmac_init,
@@ -210,3 +210,9 @@ const EVP_PKEY_METHOD hmac_pkey_meth = {
pkey_hmac_ctrl,
pkey_hmac_ctrl_str
};
+
+const EVP_PKEY_METHOD *hmac_pkey_method(void)
+{
+ return &hmac_pkey_meth;
+}
+
Index: openssl-1.1.1d/crypto/poly1305/poly1305_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/poly1305/poly1305_pmeth.c
+++ openssl-1.1.1d/crypto/poly1305/poly1305_pmeth.c
@@ -160,7 +160,7 @@ static int pkey_poly1305_ctrl_str(EVP_PK
return -2;
}
-const EVP_PKEY_METHOD poly1305_pkey_meth = {
+static const EVP_PKEY_METHOD poly1305_pkey_meth = {
EVP_PKEY_POLY1305,
EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
pkey_poly1305_init,
@@ -192,3 +192,8 @@ const EVP_PKEY_METHOD poly1305_pkey_meth
pkey_poly1305_ctrl,
pkey_poly1305_ctrl_str
};
+
+const EVP_PKEY_METHOD *poly1305_pkey_method(void)
+{
+ return &poly1305_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/siphash/siphash_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/siphash/siphash_pmeth.c
+++ openssl-1.1.1d/crypto/siphash/siphash_pmeth.c
@@ -171,7 +171,7 @@ static int pkey_siphash_ctrl_str(EVP_PKE
return -2;
}
-const EVP_PKEY_METHOD siphash_pkey_meth = {
+static const EVP_PKEY_METHOD siphash_pkey_meth = {
EVP_PKEY_SIPHASH,
EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
pkey_siphash_init,
@@ -203,3 +203,8 @@ const EVP_PKEY_METHOD siphash_pkey_meth
pkey_siphash_ctrl,
pkey_siphash_ctrl_str
};
+
+const EVP_PKEY_METHOD *siphash_pkey_method(void)
+{
+ return &siphash_pkey_meth;
+}
Reference in New Issue Copy Permalink