openssl-1_1/openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch

1468 lines
46 KiB
Diff
Raw Normal View History

From 19bd1fa1ef17ff0ac071402cb6b002f1c29e37b9 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Thu, 19 Sep 2019 15:31:27 +0200
Subject: [PATCH] s390x assembly pack: accelerate X25519, X448, Ed25519 and
Ed448
using PCC and KDSA instructions.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
---
CHANGES | 4 +
crypto/dh/dh_pmeth.c | 14 +-
crypto/dsa/dsa_pmeth.c | 7 +-
crypto/ec/build.info | 2 +-
crypto/ec/ec_curve.c | 12 +-
crypto/ec/ec_lcl.h | 2 +-
crypto/ec/ec_pmeth.c | 7 +-
crypto/ec/ecx_meth.c | 672 +++++++++++++++++++++++++++++-
crypto/err/openssl.txt | 6 +
crypto/evp/pkey_kdf.c | 20 +-
crypto/evp/pkey_mac.c | 28 +-
crypto/evp/pmeth_lib.c | 65 +--
crypto/include/internal/evp_int.h | 37 +-
crypto/rsa/rsa_pmeth.c | 14 +-
crypto/s390x_arch.h | 11 +
crypto/s390xcap.c | 12 +-
crypto/s390xcpuid.pl | 56 +++
crypto/sm2/sm2_pmeth.c | 7 +-
doc/man3/OPENSSL_s390xcap.pod | 8 +
include/openssl/ecerr.h | 6 +
20 files changed, 914 insertions(+), 76 deletions(-)
Index: openssl-1.1.1d/crypto/dh/dh_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/dh/dh_pmeth.c
+++ openssl-1.1.1d/crypto/dh/dh_pmeth.c
@@ -478,7 +478,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
return 0;
}
-const EVP_PKEY_METHOD dh_pkey_meth = {
+static const EVP_PKEY_METHOD dh_pkey_meth = {
EVP_PKEY_DH,
EVP_PKEY_FLAG_FIPS,
pkey_dh_init,
@@ -512,7 +512,12 @@ const EVP_PKEY_METHOD dh_pkey_meth = {
pkey_dh_ctrl_str
};
-const EVP_PKEY_METHOD dhx_pkey_meth = {
+const EVP_PKEY_METHOD *dh_pkey_method(void)
+{
+ return &dh_pkey_meth;
+}
+
+static const EVP_PKEY_METHOD dhx_pkey_meth = {
EVP_PKEY_DHX,
EVP_PKEY_FLAG_FIPS,
pkey_dh_init,
@@ -545,3 +550,8 @@ const EVP_PKEY_METHOD dhx_pkey_meth = {
pkey_dh_ctrl,
pkey_dh_ctrl_str
};
+
+const EVP_PKEY_METHOD *dhx_pkey_method(void)
+{
+ return &dhx_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/dsa/dsa_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/dsa/dsa_pmeth.c
+++ openssl-1.1.1d/crypto/dsa/dsa_pmeth.c
@@ -243,7 +243,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
return DSA_generate_key(pkey->pkey.dsa);
}
-const EVP_PKEY_METHOD dsa_pkey_meth = {
+static const EVP_PKEY_METHOD dsa_pkey_meth = {
EVP_PKEY_DSA,
EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
pkey_dsa_init,
@@ -275,3 +275,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = {
pkey_dsa_ctrl,
pkey_dsa_ctrl_str
};
+
+const EVP_PKEY_METHOD *dsa_pkey_method(void)
+{
+ return &dsa_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/ec/ec_curve.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_curve.c
+++ openssl-1.1.1d/crypto/ec/ec_curve.c
@@ -2830,7 +2830,7 @@ static const ec_list_element curve_list[
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
-# if defined(S390X_NISTP_ASM)
+# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
@@ -2838,7 +2838,7 @@ static const ec_list_element curve_list[
"NIST/SECG curve over a 384 bit prime field"},
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
-# if defined(S390X_NISTP_ASM)
+# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp521_method,
@@ -2863,7 +2863,7 @@ static const ec_list_element curve_list[
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
-# elif defined(S390X_NISTP_ASM)
+# elif defined(S390X_EC_ASM)
EC_GFp_s390x_nistp256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
@@ -595,7 +595,7 @@ int ec_group_simple_order_bits(const EC_
*/
const EC_METHOD *EC_GFp_nistz256_method(void);
#endif
-#ifdef S390X_NISTP_ASM
+#ifdef S390X_EC_ASM
const EC_METHOD *EC_GFp_s390x_nistp256_method(void);
const EC_METHOD *EC_GFp_s390x_nistp384_method(void);
const EC_METHOD *EC_GFp_s390x_nistp521_method(void);
Index: openssl-1.1.1d/crypto/ec/ec_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_pmeth.c
+++ openssl-1.1.1d/crypto/ec/ec_pmeth.c
@@ -436,7 +436,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
return ret ? EC_KEY_generate_key(ec) : 0;
}
-const EVP_PKEY_METHOD ec_pkey_meth = {
+static const EVP_PKEY_METHOD ec_pkey_meth = {
EVP_PKEY_EC,
EVP_PKEY_FLAG_FIPS,
pkey_ec_init,
@@ -474,3 +474,8 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
pkey_ec_ctrl,
pkey_ec_ctrl_str
};
+
+const EVP_PKEY_METHOD *ec_pkey_method(void)
+{
+ return &ec_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecx_meth.c
+++ openssl-1.1.1d/crypto/ec/ecx_meth.c
@@ -715,7 +715,7 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *c
return -2;
}
-const EVP_PKEY_METHOD ecx25519_pkey_meth = {
+static const EVP_PKEY_METHOD ecx25519_pkey_meth = {
EVP_PKEY_X25519,
0, 0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -725,7 +725,7 @@ const EVP_PKEY_METHOD ecx25519_pkey_meth
0
};
-const EVP_PKEY_METHOD ecx448_pkey_meth = {
+static const EVP_PKEY_METHOD ecx448_pkey_meth = {
EVP_PKEY_X448,
0, 0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -818,7 +818,7 @@ static int pkey_ecd_ctrl(EVP_PKEY_CTX *c
return -2;
}
-const EVP_PKEY_METHOD ed25519_pkey_meth = {
+static const EVP_PKEY_METHOD ed25519_pkey_meth = {
EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -829,7 +829,7 @@ const EVP_PKEY_METHOD ed25519_pkey_meth
pkey_ecd_digestverify25519
};
-const EVP_PKEY_METHOD ed448_pkey_meth = {
+static const EVP_PKEY_METHOD ed448_pkey_meth = {
EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
0, 0, 0, 0, 0, 0,
pkey_ecx_keygen,
@@ -839,3 +839,667 @@ const EVP_PKEY_METHOD ed448_pkey_meth =
pkey_ecd_digestsign448,
pkey_ecd_digestverify448
};
+
+#ifdef S390X_EC_ASM
+# include "s390x_arch.h"
+
+static void s390x_x25519_mod_p(unsigned char u[32])
+{
+ unsigned char u_red[32];
+ unsigned int c = 0;
+ int i;
+
+ memcpy(u_red, u, sizeof(u_red));
+
+ c += (unsigned int)u_red[31] + 19;
+ u_red[31] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 30; c > 0 && i >= 0; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ if (u_red[0] & 0x80) {
+ u_red[0] &= 0x7f;
+ memcpy(u, u_red, sizeof(u_red));
+ }
+}
+
+static void s390x_x448_mod_p(unsigned char u[56])
+{
+ unsigned char u_red[56];
+ unsigned int c = 0;
+ int i;
+
+ memcpy(u_red, u, sizeof(u_red));
+
+ c += (unsigned int)u_red[55] + 1;
+ u_red[55] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 54; i >= 28; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ c += (unsigned int)u_red[27] + 1;
+ u_red[27] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 26; c > 0 && i >= 0; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ if (u_red[0] & 0x80) {
+ u_red[0] &= 0x7f;
+ memcpy(u, u_red, sizeof(u_red));
+ }
+}
+
+static int s390x_x25519_mul(unsigned char u_dst[32],
+ const unsigned char u_src[32],
+ const unsigned char d_src[32])
+{
+ union {
+ struct {
+ unsigned char u_dst[32];
+ unsigned char u_src[32];
+ unsigned char d_src[32];
+ } x25519;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ s390x_flip_endian32(param.x25519.u_src, u_src);
+ param.x25519.u_src[0] &= 0x7f;
+ s390x_x25519_mod_p(param.x25519.u_src);
+
+ s390x_flip_endian32(param.x25519.d_src, d_src);
+ param.x25519.d_src[31] &= 248;
+ param.x25519.d_src[0] &= 127;
+ param.x25519.d_src[0] |= 64;
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, &param.x25519) ? 0 : 1;
+ if (rc == 1)
+ s390x_flip_endian32(u_dst, param.x25519.u_dst);
+
+ OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src));
+ return rc;
+}
+
+static int s390x_x448_mul(unsigned char u_dst[56],
+ const unsigned char u_src[56],
+ const unsigned char d_src[56])
+{
+ union {
+ struct {
+ unsigned char u_dst[64];
+ unsigned char u_src[64];
+ unsigned char d_src[64];
+ } x448;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ memcpy(param.x448.u_src, u_src, 56);
+ memcpy(param.x448.d_src, d_src, 56);
+
+ s390x_flip_endian64(param.x448.u_src, param.x448.u_src);
+ s390x_x448_mod_p(param.x448.u_src);
+
+ s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
+ param.x448.d_src[63] &= 252;
+ param.x448.d_src[8] |= 128;
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, &param.x448) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst);
+ memcpy(u_dst, param.x448.u_dst, 56);
+ }
+
+ OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src));
+ return rc;
+}
+
+static int s390x_ed25519_mul(unsigned char x_dst[32],
+ unsigned char y_dst[32],
+ const unsigned char x_src[32],
+ const unsigned char y_src[32],
+ const unsigned char d_src[32])
+{
+ union {
+ struct {
+ unsigned char x_dst[32];
+ unsigned char y_dst[32];
+ unsigned char x_src[32];
+ unsigned char y_src[32];
+ unsigned char d_src[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ s390x_flip_endian32(param.ed25519.x_src, x_src);
+ s390x_flip_endian32(param.ed25519.y_src, y_src);
+ s390x_flip_endian32(param.ed25519.d_src, d_src);
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, &param.ed25519) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian32(x_dst, param.ed25519.x_dst);
+ s390x_flip_endian32(y_dst, param.ed25519.y_dst);
+ }
+
+ OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src));
+ return rc;
+}
+
+static int s390x_ed448_mul(unsigned char x_dst[57],
+ unsigned char y_dst[57],
+ const unsigned char x_src[57],
+ const unsigned char y_src[57],
+ const unsigned char d_src[57])
+{
+ union {
+ struct {
+ unsigned char x_dst[64];
+ unsigned char y_dst[64];
+ unsigned char x_src[64];
+ unsigned char y_src[64];
+ unsigned char d_src[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(&param, 0, sizeof(param));
+
+ memcpy(param.ed448.x_src, x_src, 57);
+ memcpy(param.ed448.y_src, y_src, 57);
+ memcpy(param.ed448.d_src, d_src, 57);
+ s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src);
+ s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src);
+ s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src);
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, &param.ed448) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst);
+ s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst);
+ memcpy(x_dst, param.ed448.x_dst, 57);
+ memcpy(y_dst, param.ed448.y_dst, 57);
+ }
+
+ OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src));
+ return rc;
+}
+
+static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator[] = {
+ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(X25519_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, X25519_KEYLEN) <= 0)
+ goto err;
+
+ privkey[0] &= 248;
+ privkey[31] &= 127;
+ privkey[31] |= 64;
+
+ if (s390x_x25519_mul(pubkey, generator, privkey) != 1)
+ goto err;
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, X25519_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ return 0;
+}
+
+static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator[] = {
+ 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(X448_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECX_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, X448_KEYLEN) <= 0)
+ goto err;
+
+ privkey[0] &= 252;
+ privkey[55] |= 128;
+
+ if (s390x_x448_mul(pubkey, generator, privkey) != 1)
+ goto err;
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, X448_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ return 0;
+}
+
+static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator_x[] = {
+ 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95,
+ 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
+ 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
+ };
+ static const unsigned char generator_y[] = {
+ 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+ };
+ unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH];
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(ED25519_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN25519, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0)
+ goto err;
+
+ SHA512(privkey, 32, buff);
+ buff[0] &= 248;
+ buff[31] &= 63;
+ buff[31] |= 64;
+
+ if (s390x_ed25519_mul(x_dst, pubkey,
+ generator_x, generator_y, buff) != 1)
+ goto err;
+
+ pubkey[31] |= ((x_dst[0] & 0x01) << 7);
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, ED25519_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ return 0;
+}
+
+static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+ static const unsigned char generator_x[] = {
+ 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b,
+ 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12,
+ 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47,
+ 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22,
+ 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00
+ };
+ static const unsigned char generator_y[] = {
+ 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e,
+ 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a,
+ 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c,
+ 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88,
+ 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00
+ };
+ unsigned char x_dst[57], buff[114];
+ ECX_KEY *key;
+ unsigned char *privkey = NULL, *pubkey;
+ EVP_MD_CTX *hashctx = NULL;
+
+ key = OPENSSL_zalloc(sizeof(*key));
+ if (key == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pubkey = key->pubkey;
+
+ privkey = key->privkey = OPENSSL_secure_malloc(ED448_KEYLEN);
+ if (privkey == NULL) {
+ ECerr(EC_F_S390X_PKEY_ECD_KEYGEN448, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (RAND_priv_bytes(privkey, ED448_KEYLEN) <= 0)
+ goto err;
+
+ hashctx = EVP_MD_CTX_new();
+ if (hashctx == NULL)
+ goto err;
+ if (EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) != 1)
+ goto err;
+ if (EVP_DigestUpdate(hashctx, privkey, 57) != 1)
+ goto err;
+ if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1)
+ goto err;
+
+ buff[0] &= -4;
+ buff[55] |= 0x80;
+ buff[56] = 0;
+
+ if (s390x_ed448_mul(x_dst, pubkey,
+ generator_x, generator_y, buff) != 1)
+ goto err;
+
+ pubkey[56] |= ((x_dst[0] & 0x01) << 7);
+
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key);
+ EVP_MD_CTX_free(hashctx);
+ return 1;
+ err:
+ OPENSSL_secure_clear_free(privkey, ED448_KEYLEN);
+ key->privkey = NULL;
+ OPENSSL_free(key);
+ EVP_MD_CTX_free(hashctx);
+ return 0;
+}
+
+static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ const unsigned char *privkey, *pubkey;
+
+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+ return 0;
+
+ if (key != NULL)
+ return s390x_x25519_mul(key, pubkey, privkey);
+
+ *keylen = X25519_KEYLEN;
+ return 1;
+}
+
+static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ const unsigned char *privkey, *pubkey;
+
+ if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey))
+ return 0;
+
+ if (key != NULL)
+ return s390x_x448_mul(key, pubkey, privkey);
+
+ *keylen = X448_KEYLEN;
+ return 1;
+}
+
+static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[64];
+ unsigned char priv[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ int rc;
+
+ if (sig == NULL) {
+ *siglen = ED25519_SIGSIZE;
+ return 1;
+ }
+
+ if (*siglen < ED25519_SIGSIZE) {
+ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ memset(&param, 0, sizeof(param));
+ memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv));
+
+ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, &param.ed25519, tbs, tbslen);
+ OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv));
+ if (rc != 0)
+ return 0;
+
+ s390x_flip_endian32(sig, param.ed25519.sig);
+ s390x_flip_endian32(sig + 32, param.ed25519.sig + 32);
+
+ *siglen = ED25519_SIGSIZE;
+ return 1;
+}
+
+static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[128];
+ unsigned char priv[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+ int rc;
+
+ if (sig == NULL) {
+ *siglen = ED448_SIGSIZE;
+ return 1;
+ }
+
+ if (*siglen < ED448_SIGSIZE) {
+ ECerr(EC_F_S390X_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ memset(&param, 0, sizeof(param));
+ memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57);
+
+ rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, &param.ed448, tbs, tbslen);
+ OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv));
+ if (rc != 0)
+ return 0;
+
+ s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
+ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
+ memcpy(sig, param.ed448.sig, 57);
+ memcpy(sig + 57, param.ed448.sig + 64, 57);
+
+ *siglen = ED448_SIGSIZE;
+ return 1;
+}
+
+static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[64];
+ unsigned char pub[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+ if (siglen != ED25519_SIGSIZE)
+ return 0;
+
+ memset(&param, 0, sizeof(param));
+ s390x_flip_endian32(param.ed25519.sig, sig);
+ s390x_flip_endian32(param.ed25519.sig + 32, sig + 32);
+ s390x_flip_endian32(param.ed25519.pub, edkey->pubkey);
+
+ return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519,
+ &param.ed25519, tbs, tbslen) == 0 ? 1 : 0;
+}
+
+static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen)
+{
+ union {
+ struct {
+ unsigned char sig[128];
+ unsigned char pub[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+ if (siglen != ED448_SIGSIZE)
+ return 0;
+
+ memset(&param, 0, sizeof(param));
+ memcpy(param.ed448.sig, sig, 57);
+ s390x_flip_endian64(param.ed448.sig, param.ed448.sig);
+ memcpy(param.ed448.sig + 64, sig + 57, 57);
+ s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64);
+ memcpy(param.ed448.pub, edkey->pubkey, 57);
+ s390x_flip_endian64(param.ed448.pub, param.ed448.pub);
+
+ return s390x_kdsa(S390X_EDDSA_VERIFY_ED448,
+ &param.ed448, tbs, tbslen) == 0 ? 1 : 0;
+}
+
+static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = {
+ EVP_PKEY_X25519,
+ 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_keygen25519,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_derive25519,
+ pkey_ecx_ctrl,
+ 0
+};
+
+static const EVP_PKEY_METHOD ecx448_s390x_pkey_meth = {
+ EVP_PKEY_X448,
+ 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_keygen448,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecx_derive448,
+ pkey_ecx_ctrl,
+ 0
+};
+static const EVP_PKEY_METHOD ed25519_s390x_pkey_meth = {
+ EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+ 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecd_keygen25519,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ pkey_ecd_ctrl,
+ 0,
+ s390x_pkey_ecd_digestsign25519,
+ s390x_pkey_ecd_digestverify25519
+};
+
+static const EVP_PKEY_METHOD ed448_s390x_pkey_meth = {
+ EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+ 0, 0, 0, 0, 0, 0,
+ s390x_pkey_ecd_keygen448,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ pkey_ecd_ctrl,
+ 0,
+ s390x_pkey_ecd_digestsign448,
+ s390x_pkey_ecd_digestverify448
+};
+#endif
+
+const EVP_PKEY_METHOD *ecx25519_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519))
+ return &ecx25519_s390x_pkey_meth;
+#endif
+ return &ecx25519_pkey_meth;
+}
+
+const EVP_PKEY_METHOD *ecx448_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448))
+ return &ecx448_s390x_pkey_meth;
+#endif
+ return &ecx448_pkey_meth;
+}
+
+const EVP_PKEY_METHOD *ed25519_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
+ && OPENSSL_s390xcap_P.kdsa[0]
+ & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519))
+ return &ed25519_s390x_pkey_meth;
+#endif
+ return &ed25519_pkey_meth;
+}
+
+const EVP_PKEY_METHOD *ed448_pkey_method(void)
+{
+#ifdef S390X_EC_ASM
+ if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448)
+ && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448))
+ return &ed448_s390x_pkey_meth;
+#endif
+ return &ed448_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
+++ openssl-1.1.1d/crypto/err/openssl.txt
@@ -678,6 +678,12 @@ EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_
EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen
EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen
EC_F_PKEY_EC_SIGN:218:pkey_ec_sign
+EC_F_S390X_PKEY_ECD_DIGESTSIGN25519:303:s390x_pkey_ecd_digestsign25519
+EC_F_S390X_PKEY_ECD_DIGESTSIGN448:304:s390x_pkey_ecd_digestsign448
+EC_F_S390X_PKEY_ECD_KEYGEN25519:305:s390x_pkey_ecd_keygen25519
+EC_F_S390X_PKEY_ECD_KEYGEN448:306:s390x_pkey_ecd_keygen448
+EC_F_S390X_PKEY_ECX_KEYGEN25519:307:s390x_pkey_ecx_keygen25519
+EC_F_S390X_PKEY_ECX_KEYGEN448:308:s390x_pkey_ecx_keygen448
EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive
ENGINE_F_DIGEST_UPDATE:198:digest_update
ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl
Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/pkey_kdf.c
+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c
@@ -162,7 +162,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX
}
#ifndef OPENSSL_NO_SCRYPT
-const EVP_PKEY_METHOD scrypt_pkey_meth = {
+static const EVP_PKEY_METHOD scrypt_pkey_meth = {
EVP_PKEY_SCRYPT,
0,
pkey_kdf_init,
@@ -191,9 +191,14 @@ const EVP_PKEY_METHOD scrypt_pkey_meth =
pkey_kdf_ctrl,
pkey_kdf_ctrl_str
};
+
+const EVP_PKEY_METHOD *scrypt_pkey_method(void)
+{
+ return &scrypt_pkey_meth;
+}
#endif
-const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+static const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
EVP_PKEY_TLS1_PRF,
EVP_PKEY_FLAG_FIPS,
pkey_kdf_init,
@@ -223,7 +228,12 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth
pkey_kdf_ctrl_str
};
-const EVP_PKEY_METHOD hkdf_pkey_meth = {
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void)
+{
+ return &tls1_prf_pkey_meth;
+}
+
+static const EVP_PKEY_METHOD hkdf_pkey_meth = {
EVP_PKEY_HKDF,
EVP_PKEY_FLAG_FIPS,
pkey_kdf_init,
@@ -253,3 +263,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
pkey_kdf_ctrl_str
};
+const EVP_PKEY_METHOD *hkdf_pkey_method(void)
+{
+ return &hkdf_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/pmeth_lib.c
+++ openssl-1.1.1d/crypto/evp/pmeth_lib.c
@@ -17,60 +17,67 @@
#include "internal/evp_int.h"
#include "internal/numbers.h"
+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
/* This array needs to be in order of NIDs */
-static const EVP_PKEY_METHOD *standard_methods[] = {
+static pmeth_fn standard_methods[] = {
#ifndef OPENSSL_NO_RSA
- &rsa_pkey_meth,
+ rsa_pkey_method,
#endif
#ifndef OPENSSL_NO_DH
- &dh_pkey_meth,
+ dh_pkey_method,
#endif
#ifndef OPENSSL_NO_DSA
- &dsa_pkey_meth,
+ dsa_pkey_method,
#endif
#ifndef OPENSSL_NO_EC
- &ec_pkey_meth,
+ ec_pkey_method,
#endif
- &hmac_pkey_meth,
+ hmac_pkey_method,
#ifndef OPENSSL_NO_CMAC
- &cmac_pkey_meth,
+ cmac_pkey_method,
#endif
#ifndef OPENSSL_NO_RSA
- &rsa_pss_pkey_meth,
+ rsa_pss_pkey_method,
#endif
#ifndef OPENSSL_NO_DH
- &dhx_pkey_meth,
+ dhx_pkey_method,
#endif
#ifndef OPENSSL_NO_SCRYPT
- &scrypt_pkey_meth,
+ scrypt_pkey_method,
#endif
- &tls1_prf_pkey_meth,
+ tls1_prf_pkey_method,
#ifndef OPENSSL_NO_EC
- &ecx25519_pkey_meth,
- &ecx448_pkey_meth,
+ ecx25519_pkey_method,
+ ecx448_pkey_method,
#endif
- &hkdf_pkey_meth,
+ hkdf_pkey_method,
#ifndef OPENSSL_NO_POLY1305
- &poly1305_pkey_meth,
+ poly1305_pkey_method,
#endif
#ifndef OPENSSL_NO_SIPHASH
- &siphash_pkey_meth,
+ siphash_pkey_method,
#endif
#ifndef OPENSSL_NO_EC
- &ed25519_pkey_meth,
- &ed448_pkey_meth,
+ ed25519_pkey_method,
+ ed448_pkey_method,
#endif
#ifndef OPENSSL_NO_SM2
- &sm2_pkey_meth,
+ sm2_pkey_method,
#endif
};
-DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
- pmeth);
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
+
+static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b)
+{
+ return ((*a)->pkey_id - ((**b)())->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
const EVP_PKEY_METHOD *const *b)
@@ -78,13 +85,11 @@ static int pmeth_cmp(const EVP_PKEY_METH
return ((*a)->pkey_id - (*b)->pkey_id);
}
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
- pmeth);
-
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
{
+ pmeth_fn *ret;
EVP_PKEY_METHOD tmp;
- const EVP_PKEY_METHOD *t = &tmp, **ret;
+ const EVP_PKEY_METHOD *t = &tmp;
tmp.pkey_id = type;
if (app_pkey_methods) {
int idx;
@@ -92,12 +97,12 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_fin
if (idx >= 0)
return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
}
- ret = OBJ_bsearch_pmeth(&t, standard_methods,
- sizeof(standard_methods) /
- sizeof(EVP_PKEY_METHOD *));
+ ret = OBJ_bsearch_pmeth_func(&t, standard_methods,
+ sizeof(standard_methods) /
+ sizeof(pmeth_fn));
if (!ret || !*ret)
return NULL;
- return *ret;
+ return (**ret)();
}
static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
@@ -348,7 +353,7 @@ size_t EVP_PKEY_meth_get_count(void)
const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
{
if (idx < OSSL_NELEM(standard_methods))
- return standard_methods[idx];
+ return (standard_methods[idx])();
if (app_pkey_methods == NULL)
return NULL;
idx -= OSSL_NELEM(standard_methods);
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h
@@ -93,24 +93,24 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
-extern const EVP_PKEY_METHOD cmac_pkey_meth;
-extern const EVP_PKEY_METHOD dh_pkey_meth;
-extern const EVP_PKEY_METHOD dhx_pkey_meth;
-extern const EVP_PKEY_METHOD dsa_pkey_meth;
-extern const EVP_PKEY_METHOD ec_pkey_meth;
-extern const EVP_PKEY_METHOD sm2_pkey_meth;
-extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
-extern const EVP_PKEY_METHOD ecx448_pkey_meth;
-extern const EVP_PKEY_METHOD ed25519_pkey_meth;
-extern const EVP_PKEY_METHOD ed448_pkey_meth;
-extern const EVP_PKEY_METHOD hmac_pkey_meth;
-extern const EVP_PKEY_METHOD rsa_pkey_meth;
-extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
-extern const EVP_PKEY_METHOD scrypt_pkey_meth;
-extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
-extern const EVP_PKEY_METHOD hkdf_pkey_meth;
-extern const EVP_PKEY_METHOD poly1305_pkey_meth;
-extern const EVP_PKEY_METHOD siphash_pkey_meth;
+const EVP_PKEY_METHOD *cmac_pkey_method(void);
+const EVP_PKEY_METHOD *dh_pkey_method(void);
+const EVP_PKEY_METHOD *dhx_pkey_method(void);
+const EVP_PKEY_METHOD *dsa_pkey_method(void);
+const EVP_PKEY_METHOD *ec_pkey_method(void);
+const EVP_PKEY_METHOD *sm2_pkey_method(void);
+const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
+const EVP_PKEY_METHOD *ecx448_pkey_method(void);
+const EVP_PKEY_METHOD *ed25519_pkey_method(void);
+const EVP_PKEY_METHOD *ed448_pkey_method(void);
+const EVP_PKEY_METHOD *hmac_pkey_method(void);
+const EVP_PKEY_METHOD *rsa_pkey_method(void);
+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void);
+const EVP_PKEY_METHOD *scrypt_pkey_method(void);
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void);
+const EVP_PKEY_METHOD *hkdf_pkey_method(void);
+const EVP_PKEY_METHOD *poly1305_pkey_method(void);
+const EVP_PKEY_METHOD *siphash_pkey_method(void);
/* struct evp_kdf_impl_st is defined by the implementation */
typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
@@ -396,6 +396,7 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
#define X25519_KEYLEN 32
#define X448_KEYLEN 56
+#define ED25519_KEYLEN 32
#define ED448_KEYLEN 57
#define MAX_KEYLEN ED448_KEYLEN
Index: openssl-1.1.1d/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.1.1d/crypto/rsa/rsa_pmeth.c
@@ -754,7 +754,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
return ret;
}
-const EVP_PKEY_METHOD rsa_pkey_meth = {
+static const EVP_PKEY_METHOD rsa_pkey_meth = {
EVP_PKEY_RSA,
EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
pkey_rsa_init,
@@ -789,6 +789,11 @@ const EVP_PKEY_METHOD rsa_pkey_meth = {
pkey_rsa_ctrl_str
};
+const EVP_PKEY_METHOD *rsa_pkey_method(void)
+{
+ return &rsa_pkey_meth;
+}
+
/*
* Called for PSS sign or verify initialisation: checks PSS parameter
* sanity and sets any restrictions on key usage.
@@ -836,7 +841,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *c
return 1;
}
-const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+static const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
EVP_PKEY_RSA_PSS,
EVP_PKEY_FLAG_AUTOARGLEN | EVP_PKEY_FLAG_FIPS,
pkey_rsa_init,
@@ -859,3 +864,8 @@ const EVP_PKEY_METHOD rsa_pss_pkey_meth
pkey_rsa_ctrl,
pkey_rsa_ctrl_str
};
+
+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void)
+{
+ return &rsa_pss_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
+++ openssl-1.1.1d/crypto/s390x_arch.h
@@ -30,6 +30,9 @@ int s390x_pcc(unsigned int fc, void *par
int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in,
size_t len);
+void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]);
+void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]);
+
/*
* The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
* the STFLE instruction followed by the 64-bit word pairs returned by
@@ -123,6 +126,10 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_SCALAR_MULTIPLY_P256 64
# define S390X_SCALAR_MULTIPLY_P384 65
# define S390X_SCALAR_MULTIPLY_P521 66
+# define S390X_SCALAR_MULTIPLY_ED25519 72
+# define S390X_SCALAR_MULTIPLY_ED448 73
+# define S390X_SCALAR_MULTIPLY_X25519 80
+# define S390X_SCALAR_MULTIPLY_X448 81
/* kdsa */
# define S390X_ECDSA_VERIFY_P256 1
@@ -131,6 +138,10 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_ECDSA_SIGN_P256 9
# define S390X_ECDSA_SIGN_P384 10
# define S390X_ECDSA_SIGN_P521 11
+# define S390X_EDDSA_VERIFY_ED25519 32
+# define S390X_EDDSA_VERIFY_ED448 36
+# define S390X_EDDSA_SIGN_ED25519 40
+# define S390X_EDDSA_SIGN_ED448 44
/* Register 0 Flags */
# define S390X_DECRYPT 0x80
Index: openssl-1.1.1d/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcap.c
+++ openssl-1.1.1d/crypto/s390xcap.c
@@ -615,14 +615,22 @@ static int parse_env(struct OPENSSL_s390
/*.pcc = */{S390X_CAPBIT(S390X_QUERY),
S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
| S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)},
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)},
/*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P521)
| S390X_CAPBIT(S390X_ECDSA_SIGN_P256)
| S390X_CAPBIT(S390X_ECDSA_SIGN_P384)
- | S390X_CAPBIT(S390X_ECDSA_SIGN_P521),
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521)
+ | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519)
+ | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448)
+ | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
+ | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448),
0ULL},
};
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
@@ -493,6 +493,62 @@ s390x_kdsa:
___
}
+################
+# void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32])
+{
+my ($dst,$src) = map("%r$_",(2..3));
+$code.=<<___;
+.globl s390x_flip_endian32
+.type s390x_flip_endian32,\@function
+.align 16
+s390x_flip_endian32:
+ lrvg %r0,0(%r0,$src)
+ lrvg %r1,8(%r0,$src)
+ lrvg %r4,16(%r0,$src)
+ lrvg %r5,24(%r0,$src)
+ stg %r0,24(%r0,$dst)
+ stg %r1,16(%r0,$dst)
+ stg %r4,8(%r0,$dst)
+ stg %r5,0(%r0,$dst)
+ br $ra
+.size s390x_flip_endian32,.-s390x_flip_endian32
+___
+}
+
+################
+# void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64])
+{
+my ($dst,$src) = map("%r$_",(2..3));
+$code.=<<___;
+.globl s390x_flip_endian64
+.type s390x_flip_endian64,\@function
+.align 16
+s390x_flip_endian64:
+ stmg %r6,%r9,6*$SIZE_T($sp)
+
+ lrvg %r0,0(%r0,$src)
+ lrvg %r1,8(%r0,$src)
+ lrvg %r4,16(%r0,$src)
+ lrvg %r5,24(%r0,$src)
+ lrvg %r6,32(%r0,$src)
+ lrvg %r7,40(%r0,$src)
+ lrvg %r8,48(%r0,$src)
+ lrvg %r9,56(%r0,$src)
+ stg %r0,56(%r0,$dst)
+ stg %r1,48(%r0,$dst)
+ stg %r4,40(%r0,$dst)
+ stg %r5,32(%r0,$dst)
+ stg %r6,24(%r0,$dst)
+ stg %r7,16(%r0,$dst)
+ stg %r8,8(%r0,$dst)
+ stg %r9,0(%r0,$dst)
+
+ lmg %r6,%r9,6*$SIZE_T($sp)
+ br $ra
+.size s390x_flip_endian64,.-s390x_flip_endian64
+___
+}
+
$code.=<<___;
.section .init
brasl $ra,OPENSSL_cpuid_setup
Index: openssl-1.1.1d/crypto/sm2/sm2_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/sm2/sm2_pmeth.c
+++ openssl-1.1.1d/crypto/sm2/sm2_pmeth.c
@@ -283,7 +283,7 @@ static int pkey_sm2_digest_custom(EVP_PK
return EVP_DigestUpdate(mctx, z, (size_t)mdlen);
}
-const EVP_PKEY_METHOD sm2_pkey_meth = {
+static const EVP_PKEY_METHOD sm2_pkey_meth = {
EVP_PKEY_SM2,
0,
pkey_sm2_init,
@@ -323,3 +323,8 @@ const EVP_PKEY_METHOD sm2_pkey_meth = {
pkey_sm2_digest_custom
};
+
+const EVP_PKEY_METHOD *sm2_pkey_method(void)
+{
+ return &sm2_pkey_meth;
+}
Index: openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
===================================================================
--- openssl-1.1.1d.orig/doc/man3/OPENSSL_s390xcap.pod
+++ openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
@@ -159,6 +159,10 @@ Disables the KM-XTS-AES and and the KIMD
# 64 1<<63 PCC-Scalar-Multiply-P256
# 65 1<<62 PCC-Scalar-Multiply-P384
# 66 1<<61 PCC-Scalar-Multiply-P521
+ # 72 1<<55 PCC-Scalar-Multiply-Ed25519
+ # 73 1<<54 PCC-Scalar-Multiply-Ed448
+ # 80 1<<47 PCC-Scalar-Multiply-X25519
+ # 81 1<<46 PCC-Scalar-Multiply-X448
kdsa :
# 1 1<<62 KDSA-ECDSA-Verify-P256
@@ -167,6 +171,10 @@ Disables the KM-XTS-AES and and the KIMD
# 9 1<<54 KDSA-ECDSA-Sign-P256
# 10 1<<53 KDSA-ECDSA-Sign-P384
# 11 1<<52 KDSA-ECDSA-Sign-P521
+ # 32 1<<31 KDSA-EdDSA-Verify-Ed25519
+ # 36 1<<27 KDSA-EdDSA-Verify-Ed448
+ # 40 1<<23 KDSA-EdDSA-Sign-Ed25519
+ # 44 1<<19 KDSA-EdDSA-Sign-Ed448
:
=head1 RETURN VALUES
Index: openssl-1.1.1d/include/openssl/ecerr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
+++ openssl-1.1.1d/include/openssl/ecerr.h
@@ -206,6 +206,12 @@ int ERR_load_EC_strings(void);
# define EC_F_PKEY_EC_KEYGEN 199
# define EC_F_PKEY_EC_PARAMGEN 219
# define EC_F_PKEY_EC_SIGN 218
+# define EC_F_S390X_PKEY_ECD_DIGESTSIGN25519 303
+# define EC_F_S390X_PKEY_ECD_DIGESTSIGN448 304
+# define EC_F_S390X_PKEY_ECD_KEYGEN25519 305
+# define EC_F_S390X_PKEY_ECD_KEYGEN448 306
+# define EC_F_S390X_PKEY_ECX_KEYGEN25519 307
+# define EC_F_S390X_PKEY_ECX_KEYGEN448 308
# define EC_F_VALIDATE_ECX_DERIVE 278
/*
Index: openssl-1.1.1d/Configure
===================================================================
--- openssl-1.1.1d.orig/Configure
+++ openssl-1.1.1d/Configure
@@ -1401,7 +1401,7 @@ unless ($disabled{asm}) {
push @{$config{lib_defines}}, "X25519_ASM";
}
if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) {
- push @{$config{lib_defines}}, "S390X_NISTP_ASM";
+ push @{$config{lib_defines}}, "S390X_EC_ASM";
}
if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
push @{$config{dso_defines}}, "PADLOCK_ASM";
Index: openssl-1.1.1d/crypto/cmac/cm_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/cmac/cm_pmeth.c
+++ openssl-1.1.1d/crypto/cmac/cm_pmeth.c
@@ -127,7 +127,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
return -2;
}
-const EVP_PKEY_METHOD cmac_pkey_meth = {
+static const EVP_PKEY_METHOD cmac_pkey_meth = {
EVP_PKEY_CMAC,
EVP_PKEY_FLAG_SIGCTX_CUSTOM | EVP_PKEY_FLAG_FIPS,
pkey_cmac_init,
@@ -159,3 +159,8 @@ const EVP_PKEY_METHOD cmac_pkey_meth = {
pkey_cmac_ctrl,
pkey_cmac_ctrl_str
};
+
+const EVP_PKEY_METHOD *cmac_pkey_method(void)
+{
+ return &cmac_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/hmac/hm_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/hmac/hm_pmeth.c
+++ openssl-1.1.1d/crypto/hmac/hm_pmeth.c
@@ -178,7 +178,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
return -2;
}
-const EVP_PKEY_METHOD hmac_pkey_meth = {
+static const EVP_PKEY_METHOD hmac_pkey_meth = {
EVP_PKEY_HMAC,
EVP_PKEY_FLAG_FIPS,
pkey_hmac_init,
@@ -210,3 +210,9 @@ const EVP_PKEY_METHOD hmac_pkey_meth = {
pkey_hmac_ctrl,
pkey_hmac_ctrl_str
};
+
+const EVP_PKEY_METHOD *hmac_pkey_method(void)
+{
+ return &hmac_pkey_meth;
+}
+
Index: openssl-1.1.1d/crypto/poly1305/poly1305_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/poly1305/poly1305_pmeth.c
+++ openssl-1.1.1d/crypto/poly1305/poly1305_pmeth.c
@@ -160,7 +160,7 @@ static int pkey_poly1305_ctrl_str(EVP_PK
return -2;
}
-const EVP_PKEY_METHOD poly1305_pkey_meth = {
+static const EVP_PKEY_METHOD poly1305_pkey_meth = {
EVP_PKEY_POLY1305,
EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
pkey_poly1305_init,
@@ -192,3 +192,8 @@ const EVP_PKEY_METHOD poly1305_pkey_meth
pkey_poly1305_ctrl,
pkey_poly1305_ctrl_str
};
+
+const EVP_PKEY_METHOD *poly1305_pkey_method(void)
+{
+ return &poly1305_pkey_meth;
+}
Index: openssl-1.1.1d/crypto/siphash/siphash_pmeth.c
===================================================================
--- openssl-1.1.1d.orig/crypto/siphash/siphash_pmeth.c
+++ openssl-1.1.1d/crypto/siphash/siphash_pmeth.c
@@ -171,7 +171,7 @@ static int pkey_siphash_ctrl_str(EVP_PKE
return -2;
}
-const EVP_PKEY_METHOD siphash_pkey_meth = {
+static const EVP_PKEY_METHOD siphash_pkey_meth = {
EVP_PKEY_SIPHASH,
EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
pkey_siphash_init,
@@ -203,3 +203,8 @@ const EVP_PKEY_METHOD siphash_pkey_meth
pkey_siphash_ctrl,
pkey_siphash_ctrl_str
};
+
+const EVP_PKEY_METHOD *siphash_pkey_method(void)
+{
+ return &siphash_pkey_meth;
+}