- Add support for userspace livepatching on ppc64le (jsc#PED-10952).
- Use gcc-13 for ppc64le. OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=168
This commit is contained in:
commit
eca9d414ca
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
3089
0001-s390x-assembly-pack-perlasm-support.patch
Normal file
3089
0001-s390x-assembly-pack-perlasm-support.patch
Normal file
File diff suppressed because it is too large
Load Diff
867
0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
Normal file
867
0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
Normal file
@ -0,0 +1,867 @@
|
||||
From f760137b2144740916afd9ff381451fa16c710de Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Sat, 4 Aug 2018 00:10:06 +0200
|
||||
Subject: [PATCH] crypto/chacha/asm/chacha-s390x.pl: add vx code path.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/6919)
|
||||
---
|
||||
crypto/chacha/asm/chacha-s390x.pl | 816 ++++++++++++++++++++----------
|
||||
crypto/chacha/build.info | 1 +
|
||||
2 files changed, 558 insertions(+), 259 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 11:43:25.650616856 +0100
|
||||
+++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 11:43:40.614692484 +0100
|
||||
@@ -20,41 +20,46 @@
|
||||
#
|
||||
# 3 times faster than compiler-generated code.
|
||||
|
||||
-$flavour = shift;
|
||||
+#
|
||||
+# August 2018
|
||||
+#
|
||||
+# Add vx code path.
|
||||
+#
|
||||
+# Copyright IBM Corp. 2018
|
||||
+# Author: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
+
|
||||
+use strict;
|
||||
+use FindBin qw($Bin);
|
||||
+use lib "$Bin/../..";
|
||||
+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE);
|
||||
+
|
||||
+my $flavour = shift;
|
||||
|
||||
+my ($z,$SIZE_T);
|
||||
if ($flavour =~ /3[12]/) {
|
||||
+ $z=0; # S/390 ABI
|
||||
$SIZE_T=4;
|
||||
- $g="";
|
||||
} else {
|
||||
+ $z=1; # zSeries ABI
|
||||
$SIZE_T=8;
|
||||
- $g="g";
|
||||
}
|
||||
|
||||
+my $output;
|
||||
while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
|
||||
-open STDOUT,">$output";
|
||||
-
|
||||
-sub AUTOLOAD() # thunk [simplified] x86-style perlasm
|
||||
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
|
||||
- $code .= "\t$opcode\t".join(',',@_)."\n";
|
||||
-}
|
||||
|
||||
my $sp="%r15";
|
||||
-
|
||||
my $stdframe=16*$SIZE_T+4*8;
|
||||
-my $frame=$stdframe+4*20;
|
||||
-
|
||||
-my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
|
||||
|
||||
my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
|
||||
my @t=map("%r$_",(8,9));
|
||||
+my @v=map("%v$_",(16..31));
|
||||
|
||||
sub ROUND {
|
||||
my ($a0,$b0,$c0,$d0)=@_;
|
||||
my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
|
||||
my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
|
||||
my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
|
||||
-my ($xc,$xc_)=map("\"$_\"",@t);
|
||||
-my @x=map("\"$_\"",@x);
|
||||
+my ($xc,$xc_)=map("$_",@t);
|
||||
|
||||
# Consider order in which variables are addressed by their
|
||||
# index:
|
||||
@@ -78,249 +83,542 @@ my @x=map("\"$_\"",@x);
|
||||
# 'c' stores and loads in the middle, but none in the beginning
|
||||
# or end.
|
||||
|
||||
- (
|
||||
- "&alr (@x[$a0],@x[$b0])", # Q1
|
||||
- "&alr (@x[$a1],@x[$b1])", # Q2
|
||||
- "&xr (@x[$d0],@x[$a0])",
|
||||
- "&xr (@x[$d1],@x[$a1])",
|
||||
- "&rll (@x[$d0],@x[$d0],16)",
|
||||
- "&rll (@x[$d1],@x[$d1],16)",
|
||||
-
|
||||
- "&alr ($xc,@x[$d0])",
|
||||
- "&alr ($xc_,@x[$d1])",
|
||||
- "&xr (@x[$b0],$xc)",
|
||||
- "&xr (@x[$b1],$xc_)",
|
||||
- "&rll (@x[$b0],@x[$b0],12)",
|
||||
- "&rll (@x[$b1],@x[$b1],12)",
|
||||
-
|
||||
- "&alr (@x[$a0],@x[$b0])",
|
||||
- "&alr (@x[$a1],@x[$b1])",
|
||||
- "&xr (@x[$d0],@x[$a0])",
|
||||
- "&xr (@x[$d1],@x[$a1])",
|
||||
- "&rll (@x[$d0],@x[$d0],8)",
|
||||
- "&rll (@x[$d1],@x[$d1],8)",
|
||||
-
|
||||
- "&alr ($xc,@x[$d0])",
|
||||
- "&alr ($xc_,@x[$d1])",
|
||||
- "&xr (@x[$b0],$xc)",
|
||||
- "&xr (@x[$b1],$xc_)",
|
||||
- "&rll (@x[$b0],@x[$b0],7)",
|
||||
- "&rll (@x[$b1],@x[$b1],7)",
|
||||
-
|
||||
- "&stm ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's
|
||||
- "&lm ($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
|
||||
-
|
||||
- "&alr (@x[$a2],@x[$b2])", # Q3
|
||||
- "&alr (@x[$a3],@x[$b3])", # Q4
|
||||
- "&xr (@x[$d2],@x[$a2])",
|
||||
- "&xr (@x[$d3],@x[$a3])",
|
||||
- "&rll (@x[$d2],@x[$d2],16)",
|
||||
- "&rll (@x[$d3],@x[$d3],16)",
|
||||
-
|
||||
- "&alr ($xc,@x[$d2])",
|
||||
- "&alr ($xc_,@x[$d3])",
|
||||
- "&xr (@x[$b2],$xc)",
|
||||
- "&xr (@x[$b3],$xc_)",
|
||||
- "&rll (@x[$b2],@x[$b2],12)",
|
||||
- "&rll (@x[$b3],@x[$b3],12)",
|
||||
-
|
||||
- "&alr (@x[$a2],@x[$b2])",
|
||||
- "&alr (@x[$a3],@x[$b3])",
|
||||
- "&xr (@x[$d2],@x[$a2])",
|
||||
- "&xr (@x[$d3],@x[$a3])",
|
||||
- "&rll (@x[$d2],@x[$d2],8)",
|
||||
- "&rll (@x[$d3],@x[$d3],8)",
|
||||
-
|
||||
- "&alr ($xc,@x[$d2])",
|
||||
- "&alr ($xc_,@x[$d3])",
|
||||
- "&xr (@x[$b2],$xc)",
|
||||
- "&xr (@x[$b3],$xc_)",
|
||||
- "&rll (@x[$b2],@x[$b2],7)",
|
||||
- "&rll (@x[$b3],@x[$b3],7)"
|
||||
- );
|
||||
-}
|
||||
-
|
||||
-$code.=<<___;
|
||||
-.text
|
||||
-
|
||||
-.globl ChaCha20_ctr32
|
||||
-.type ChaCha20_ctr32,\@function
|
||||
-.align 32
|
||||
-ChaCha20_ctr32:
|
||||
- lt${g}r $len,$len # $len==0?
|
||||
- bzr %r14
|
||||
- a${g}hi $len,-64
|
||||
- l${g}hi %r1,-$frame
|
||||
- stm${g} %r6,%r15,`6*$SIZE_T`($sp)
|
||||
- sl${g}r $out,$inp # difference
|
||||
- la $len,0($inp,$len) # end of input minus 64
|
||||
- larl %r7,.Lsigma
|
||||
- lgr %r0,$sp
|
||||
- la $sp,0(%r1,$sp)
|
||||
- st${g} %r0,0($sp)
|
||||
-
|
||||
- lmg %r8,%r11,0($key) # load key
|
||||
- lmg %r12,%r13,0($counter) # load counter
|
||||
- lmg %r6,%r7,0(%r7) # load sigma constant
|
||||
-
|
||||
- la %r14,0($inp)
|
||||
- st${g} $out,$frame+3*$SIZE_T($sp)
|
||||
- st${g} $len,$frame+4*$SIZE_T($sp)
|
||||
- stmg %r6,%r13,$stdframe($sp) # copy key schedule to stack
|
||||
- srlg @x[12],%r12,32 # 32-bit counter value
|
||||
- j .Loop_outer
|
||||
-
|
||||
-.align 16
|
||||
-.Loop_outer:
|
||||
- lm @x[0],@x[7],$stdframe+4*0($sp) # load x[0]-x[7]
|
||||
- lm @t[0],@t[1],$stdframe+4*10($sp) # load x[10]-x[11]
|
||||
- lm @x[13],@x[15],$stdframe+4*13($sp) # load x[13]-x[15]
|
||||
- stm @t[0],@t[1],$stdframe+4*8+4*10($sp) # offload x[10]-x[11]
|
||||
- lm @t[0],@t[1],$stdframe+4*8($sp) # load x[8]-x[9]
|
||||
- st @x[12],$stdframe+4*12($sp) # save counter
|
||||
- st${g} %r14,$frame+2*$SIZE_T($sp) # save input pointer
|
||||
- lhi %r14,10
|
||||
- j .Loop
|
||||
-
|
||||
-.align 4
|
||||
-.Loop:
|
||||
-___
|
||||
- foreach (&ROUND(0, 4, 8,12)) { eval; }
|
||||
- foreach (&ROUND(0, 5,10,15)) { eval; }
|
||||
-$code.=<<___;
|
||||
- brct %r14,.Loop
|
||||
-
|
||||
- l${g} %r14,$frame+2*$SIZE_T($sp) # pull input pointer
|
||||
- stm @t[0],@t[1],$stdframe+4*8+4*8($sp) # offload x[8]-x[9]
|
||||
- lm${g} @t[0],@t[1],$frame+3*$SIZE_T($sp)
|
||||
-
|
||||
- al @x[0],$stdframe+4*0($sp) # accumulate key schedule
|
||||
- al @x[1],$stdframe+4*1($sp)
|
||||
- al @x[2],$stdframe+4*2($sp)
|
||||
- al @x[3],$stdframe+4*3($sp)
|
||||
- al @x[4],$stdframe+4*4($sp)
|
||||
- al @x[5],$stdframe+4*5($sp)
|
||||
- al @x[6],$stdframe+4*6($sp)
|
||||
- al @x[7],$stdframe+4*7($sp)
|
||||
- lrvr @x[0],@x[0]
|
||||
- lrvr @x[1],@x[1]
|
||||
- lrvr @x[2],@x[2]
|
||||
- lrvr @x[3],@x[3]
|
||||
- lrvr @x[4],@x[4]
|
||||
- lrvr @x[5],@x[5]
|
||||
- lrvr @x[6],@x[6]
|
||||
- lrvr @x[7],@x[7]
|
||||
- al @x[12],$stdframe+4*12($sp)
|
||||
- al @x[13],$stdframe+4*13($sp)
|
||||
- al @x[14],$stdframe+4*14($sp)
|
||||
- al @x[15],$stdframe+4*15($sp)
|
||||
- lrvr @x[12],@x[12]
|
||||
- lrvr @x[13],@x[13]
|
||||
- lrvr @x[14],@x[14]
|
||||
- lrvr @x[15],@x[15]
|
||||
-
|
||||
- la @t[0],0(@t[0],%r14) # reconstruct output pointer
|
||||
- cl${g}r %r14,@t[1]
|
||||
- jh .Ltail
|
||||
-
|
||||
- x @x[0],4*0(%r14) # xor with input
|
||||
- x @x[1],4*1(%r14)
|
||||
- st @x[0],4*0(@t[0]) # store output
|
||||
- x @x[2],4*2(%r14)
|
||||
- st @x[1],4*1(@t[0])
|
||||
- x @x[3],4*3(%r14)
|
||||
- st @x[2],4*2(@t[0])
|
||||
- x @x[4],4*4(%r14)
|
||||
- st @x[3],4*3(@t[0])
|
||||
- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) # load x[8]-x[11]
|
||||
- x @x[5],4*5(%r14)
|
||||
- st @x[4],4*4(@t[0])
|
||||
- x @x[6],4*6(%r14)
|
||||
- al @x[0],$stdframe+4*8($sp)
|
||||
- st @x[5],4*5(@t[0])
|
||||
- x @x[7],4*7(%r14)
|
||||
- al @x[1],$stdframe+4*9($sp)
|
||||
- st @x[6],4*6(@t[0])
|
||||
- x @x[12],4*12(%r14)
|
||||
- al @x[2],$stdframe+4*10($sp)
|
||||
- st @x[7],4*7(@t[0])
|
||||
- x @x[13],4*13(%r14)
|
||||
- al @x[3],$stdframe+4*11($sp)
|
||||
- st @x[12],4*12(@t[0])
|
||||
- x @x[14],4*14(%r14)
|
||||
- st @x[13],4*13(@t[0])
|
||||
- x @x[15],4*15(%r14)
|
||||
- st @x[14],4*14(@t[0])
|
||||
- lrvr @x[0],@x[0]
|
||||
- st @x[15],4*15(@t[0])
|
||||
- lrvr @x[1],@x[1]
|
||||
- lrvr @x[2],@x[2]
|
||||
- lrvr @x[3],@x[3]
|
||||
- lhi @x[12],1
|
||||
- x @x[0],4*8(%r14)
|
||||
- al @x[12],$stdframe+4*12($sp) # increment counter
|
||||
- x @x[1],4*9(%r14)
|
||||
- st @x[0],4*8(@t[0])
|
||||
- x @x[2],4*10(%r14)
|
||||
- st @x[1],4*9(@t[0])
|
||||
- x @x[3],4*11(%r14)
|
||||
- st @x[2],4*10(@t[0])
|
||||
- st @x[3],4*11(@t[0])
|
||||
-
|
||||
- cl${g}r %r14,@t[1] # done yet?
|
||||
- la %r14,64(%r14)
|
||||
- jl .Loop_outer
|
||||
-
|
||||
-.Ldone:
|
||||
- xgr %r0,%r0
|
||||
- xgr %r1,%r1
|
||||
- xgr %r2,%r2
|
||||
- xgr %r3,%r3
|
||||
- stmg %r0,%r3,$stdframe+4*4($sp) # wipe key copy
|
||||
- stmg %r0,%r3,$stdframe+4*12($sp)
|
||||
-
|
||||
- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
|
||||
- br %r14
|
||||
-
|
||||
-.align 16
|
||||
-.Ltail:
|
||||
- la @t[1],64($t[1])
|
||||
- stm @x[0],@x[7],$stdframe+4*0($sp)
|
||||
- sl${g}r @t[1],%r14
|
||||
- lm @x[0],@x[3],$stdframe+4*8+4*8($sp)
|
||||
- l${g}hi @x[6],0
|
||||
- stm @x[12],@x[15],$stdframe+4*12($sp)
|
||||
- al @x[0],$stdframe+4*8($sp)
|
||||
- al @x[1],$stdframe+4*9($sp)
|
||||
- al @x[2],$stdframe+4*10($sp)
|
||||
- al @x[3],$stdframe+4*11($sp)
|
||||
- lrvr @x[0],@x[0]
|
||||
- lrvr @x[1],@x[1]
|
||||
- lrvr @x[2],@x[2]
|
||||
- lrvr @x[3],@x[3]
|
||||
- stm @x[0],@x[3],$stdframe+4*8($sp)
|
||||
-
|
||||
-.Loop_tail:
|
||||
- llgc @x[4],0(@x[6],%r14)
|
||||
- llgc @x[5],$stdframe(@x[6],$sp)
|
||||
- xr @x[5],@x[4]
|
||||
- stc @x[5],0(@x[6],@t[0])
|
||||
- la @x[6],1(@x[6])
|
||||
- brct @t[1],.Loop_tail
|
||||
-
|
||||
- j .Ldone
|
||||
-.size ChaCha20_ctr32,.-ChaCha20_ctr32
|
||||
-
|
||||
-.align 32
|
||||
-.Lsigma:
|
||||
-.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 # endian-neutral
|
||||
-.asciz "ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
|
||||
-.align 4
|
||||
-___
|
||||
+ alr (@x[$a0],@x[$b0]); # Q1
|
||||
+ alr (@x[$a1],@x[$b1]); # Q2
|
||||
+ xr (@x[$d0],@x[$a0]);
|
||||
+ xr (@x[$d1],@x[$a1]);
|
||||
+ rll (@x[$d0],@x[$d0],16);
|
||||
+ rll (@x[$d1],@x[$d1],16);
|
||||
+
|
||||
+ alr ($xc,@x[$d0]);
|
||||
+ alr ($xc_,@x[$d1]);
|
||||
+ xr (@x[$b0],$xc);
|
||||
+ xr (@x[$b1],$xc_);
|
||||
+ rll (@x[$b0],@x[$b0],12);
|
||||
+ rll (@x[$b1],@x[$b1],12);
|
||||
+
|
||||
+ alr (@x[$a0],@x[$b0]);
|
||||
+ alr (@x[$a1],@x[$b1]);
|
||||
+ xr (@x[$d0],@x[$a0]);
|
||||
+ xr (@x[$d1],@x[$a1]);
|
||||
+ rll (@x[$d0],@x[$d0],8);
|
||||
+ rll (@x[$d1],@x[$d1],8);
|
||||
+
|
||||
+ alr ($xc,@x[$d0]);
|
||||
+ alr ($xc_,@x[$d1]);
|
||||
+ xr (@x[$b0],$xc);
|
||||
+ xr (@x[$b1],$xc_);
|
||||
+ rll (@x[$b0],@x[$b0],7);
|
||||
+ rll (@x[$b1],@x[$b1],7);
|
||||
+
|
||||
+ stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's
|
||||
+ lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)");
|
||||
+
|
||||
+ alr (@x[$a2],@x[$b2]); # Q3
|
||||
+ alr (@x[$a3],@x[$b3]); # Q4
|
||||
+ xr (@x[$d2],@x[$a2]);
|
||||
+ xr (@x[$d3],@x[$a3]);
|
||||
+ rll (@x[$d2],@x[$d2],16);
|
||||
+ rll (@x[$d3],@x[$d3],16);
|
||||
+
|
||||
+ alr ($xc,@x[$d2]);
|
||||
+ alr ($xc_,@x[$d3]);
|
||||
+ xr (@x[$b2],$xc);
|
||||
+ xr (@x[$b3],$xc_);
|
||||
+ rll (@x[$b2],@x[$b2],12);
|
||||
+ rll (@x[$b3],@x[$b3],12);
|
||||
+
|
||||
+ alr (@x[$a2],@x[$b2]);
|
||||
+ alr (@x[$a3],@x[$b3]);
|
||||
+ xr (@x[$d2],@x[$a2]);
|
||||
+ xr (@x[$d3],@x[$a3]);
|
||||
+ rll (@x[$d2],@x[$d2],8);
|
||||
+ rll (@x[$d3],@x[$d3],8);
|
||||
+
|
||||
+ alr ($xc,@x[$d2]);
|
||||
+ alr ($xc_,@x[$d3]);
|
||||
+ xr (@x[$b2],$xc);
|
||||
+ xr (@x[$b3],$xc_);
|
||||
+ rll (@x[$b2],@x[$b2],7);
|
||||
+ rll (@x[$b3],@x[$b3],7);
|
||||
+}
|
||||
+
|
||||
+sub VX_ROUND {
|
||||
+my ($a0,$b0,$c0,$d0)=@_;
|
||||
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
|
||||
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
|
||||
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
|
||||
+
|
||||
+ vaf (@v[$a0],@v[$a0],@v[$b0]);
|
||||
+ vaf (@v[$a1],@v[$a1],@v[$b1]);
|
||||
+ vaf (@v[$a2],@v[$a2],@v[$b2]);
|
||||
+ vaf (@v[$a3],@v[$a3],@v[$b3]);
|
||||
+ vx (@v[$d0],@v[$d0],@v[$a0]);
|
||||
+ vx (@v[$d1],@v[$d1],@v[$a1]);
|
||||
+ vx (@v[$d2],@v[$d2],@v[$a2]);
|
||||
+ vx (@v[$d3],@v[$d3],@v[$a3]);
|
||||
+ verllf (@v[$d0],@v[$d0],16);
|
||||
+ verllf (@v[$d1],@v[$d1],16);
|
||||
+ verllf (@v[$d2],@v[$d2],16);
|
||||
+ verllf (@v[$d3],@v[$d3],16);
|
||||
+
|
||||
+ vaf (@v[$c0],@v[$c0],@v[$d0]);
|
||||
+ vaf (@v[$c1],@v[$c1],@v[$d1]);
|
||||
+ vaf (@v[$c2],@v[$c2],@v[$d2]);
|
||||
+ vaf (@v[$c3],@v[$c3],@v[$d3]);
|
||||
+ vx (@v[$b0],@v[$b0],@v[$c0]);
|
||||
+ vx (@v[$b1],@v[$b1],@v[$c1]);
|
||||
+ vx (@v[$b2],@v[$b2],@v[$c2]);
|
||||
+ vx (@v[$b3],@v[$b3],@v[$c3]);
|
||||
+ verllf (@v[$b0],@v[$b0],12);
|
||||
+ verllf (@v[$b1],@v[$b1],12);
|
||||
+ verllf (@v[$b2],@v[$b2],12);
|
||||
+ verllf (@v[$b3],@v[$b3],12);
|
||||
+
|
||||
+ vaf (@v[$a0],@v[$a0],@v[$b0]);
|
||||
+ vaf (@v[$a1],@v[$a1],@v[$b1]);
|
||||
+ vaf (@v[$a2],@v[$a2],@v[$b2]);
|
||||
+ vaf (@v[$a3],@v[$a3],@v[$b3]);
|
||||
+ vx (@v[$d0],@v[$d0],@v[$a0]);
|
||||
+ vx (@v[$d1],@v[$d1],@v[$a1]);
|
||||
+ vx (@v[$d2],@v[$d2],@v[$a2]);
|
||||
+ vx (@v[$d3],@v[$d3],@v[$a3]);
|
||||
+ verllf (@v[$d0],@v[$d0],8);
|
||||
+ verllf (@v[$d1],@v[$d1],8);
|
||||
+ verllf (@v[$d2],@v[$d2],8);
|
||||
+ verllf (@v[$d3],@v[$d3],8);
|
||||
+
|
||||
+ vaf (@v[$c0],@v[$c0],@v[$d0]);
|
||||
+ vaf (@v[$c1],@v[$c1],@v[$d1]);
|
||||
+ vaf (@v[$c2],@v[$c2],@v[$d2]);
|
||||
+ vaf (@v[$c3],@v[$c3],@v[$d3]);
|
||||
+ vx (@v[$b0],@v[$b0],@v[$c0]);
|
||||
+ vx (@v[$b1],@v[$b1],@v[$c1]);
|
||||
+ vx (@v[$b2],@v[$b2],@v[$c2]);
|
||||
+ vx (@v[$b3],@v[$b3],@v[$c3]);
|
||||
+ verllf (@v[$b0],@v[$b0],7);
|
||||
+ verllf (@v[$b1],@v[$b1],7);
|
||||
+ verllf (@v[$b2],@v[$b2],7);
|
||||
+ verllf (@v[$b3],@v[$b3],7);
|
||||
+}
|
||||
+
|
||||
+PERLASM_BEGIN($output);
|
||||
|
||||
-foreach (split("\n",$code)) {
|
||||
- s/\`([^\`]*)\`/eval $1/ge;
|
||||
+INCLUDE ("s390x_arch.h");
|
||||
+TEXT ();
|
||||
|
||||
- print $_,"\n";
|
||||
+################
|
||||
+# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len,
|
||||
+# const unsigned int key[8], const unsigned int counter[4])
|
||||
+{
|
||||
+my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
|
||||
+
|
||||
+# VX CODE PATH
|
||||
+{
|
||||
+my $off=$z*8*16+8; # offset(initial state)
|
||||
+my $frame=$stdframe+4*16+$off;
|
||||
+
|
||||
+GLOBL ("ChaCha20_ctr32");
|
||||
+TYPE ("ChaCha20_ctr32","\@function");
|
||||
+ALIGN (32);
|
||||
+LABEL ("ChaCha20_ctr32");
|
||||
+ larl ("%r1","OPENSSL_s390xcap_P");
|
||||
+
|
||||
+ lghi ("%r0",64);
|
||||
+&{$z? \&cgr:\&cr} ($len,"%r0");
|
||||
+ jle ("_s390x_chacha_novx");
|
||||
+
|
||||
+ lg ("%r0","S390X_STFLE+16(%r1)");
|
||||
+ tmhh ("%r0",0x4000); # check for vector facility
|
||||
+ jz ("_s390x_chacha_novx");
|
||||
+
|
||||
+if (!$z) {
|
||||
+ llgfr ($len,$len);
|
||||
+ std ("%f4","16*$SIZE_T+2*8($sp)");
|
||||
+ std ("%f6","16*$SIZE_T+3*8($sp)");
|
||||
+}
|
||||
+&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)");
|
||||
+
|
||||
+ lghi ("%r1",-$frame);
|
||||
+ lgr ("%r0",$sp);
|
||||
+ la ($sp,"0(%r1,$sp)"); # allocate stack frame
|
||||
+
|
||||
+ larl ("%r7",".Lsigma");
|
||||
+&{$z? \&stg:\&st} ("%r0","0($sp)"); # backchain
|
||||
+
|
||||
+ vstm ("%v8","%v15","8($sp)") if ($z);
|
||||
+
|
||||
+ vlm ("%v1","%v2","0($key)"); # load key
|
||||
+ vl ("%v0","0(%r7)"); # load sigma constant
|
||||
+ vl ("%v3","0($counter)"); # load iv (counter||nonce)
|
||||
+ l ("%r0","0($counter)"); # load counter
|
||||
+ vstm ("%v0","%v3","$off($sp)"); # copy initial state to stack
|
||||
+
|
||||
+ srlg ("%r1",$len,8);
|
||||
+ ltgr ("%r1","%r1");
|
||||
+ jz (".Lvx_4x_done");
|
||||
+
|
||||
+ALIGN (16); # process 4 64-byte blocks
|
||||
+LABEL (".Lvx_4x");
|
||||
+ vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial
|
||||
+ # state
|
||||
+ vl ("%v31","16(%r7)");
|
||||
+ vaf ("%v12","%v12","%v31"); # increment counter
|
||||
+
|
||||
+ vlr (@v[$_],"%v$_") for (0..15); # copy initial state
|
||||
+
|
||||
+ lhi ("%r6",10);
|
||||
+ j (".Loop_vx_4x");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Loop_vx_4x");
|
||||
+ VX_ROUND( 0, 4, 8,12); # column round
|
||||
+ VX_ROUND( 0, 5,10,15); # diagonal round
|
||||
+ brct ("%r6",".Loop_vx_4x");
|
||||
+
|
||||
+ vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial
|
||||
+ # state (mod 32)
|
||||
+ vlm ("%v6","%v7","32(%r7)"); # load vperm operands
|
||||
+
|
||||
+for (0..3) { # blocks 1,2
|
||||
+ vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
|
||||
+ vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]);
|
||||
+ vperm ("%v".($_+ 8),"%v0","%v1","%v6");
|
||||
+ vperm ("%v".($_+12),"%v0","%v1","%v7");
|
||||
+}
|
||||
+ vlm ("%v0","%v7","0($inp)"); # load in
|
||||
+ vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks
|
||||
+ vstm ("%v0","%v7","0($out)"); # store out
|
||||
+
|
||||
+ vlm ("%v6","%v7","32(%r7)"); # restore vperm operands
|
||||
+
|
||||
+for (0..3) { # blocks 2,3
|
||||
+ vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
|
||||
+ vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]);
|
||||
+ vperm ("%v".($_+ 8),"%v0","%v1","%v6");
|
||||
+ vperm ("%v".($_+12),"%v0","%v1","%v7");
|
||||
+}
|
||||
+ vlm ("%v0","%v7","128($inp)"); # load in
|
||||
+ vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks
|
||||
+ vstm ("%v0","%v7","128($out)"); # store out
|
||||
+
|
||||
+ ahi ("%r0",4);
|
||||
+ st ("%r0","48+$off($sp)"); # update initial state
|
||||
+
|
||||
+ la ($inp,"256($inp)");
|
||||
+ la ($out,"256($out)");
|
||||
+ brctg ("%r1",".Lvx_4x");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Lvx_4x_done");
|
||||
+ lghi ("%r1",0xff);
|
||||
+ ngr ($len,"%r1");
|
||||
+ jnz (".Lvx_rem");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Lvx_done");
|
||||
+ vzero ("%v$_") for (16..31); # wipe ks and key copy
|
||||
+ vstm ("%v16","%v17","16+$off($sp)");
|
||||
+ vlm ("%v8","%v15","8($sp)") if ($z);
|
||||
+
|
||||
+ la ($sp,"$frame($sp)");
|
||||
+&{$z? \&lmg:\&lm} ("%r6","%r7","6*$SIZE_T($sp)");
|
||||
+
|
||||
+if (!$z) {
|
||||
+ ld ("%f4","16*$SIZE_T+2*8($sp)");
|
||||
+ ld ("%f6","16*$SIZE_T+3*8($sp)");
|
||||
+ vzero ("%v$_") for (8..15);
|
||||
+}
|
||||
+ br ("%r14");
|
||||
+ALIGN (16);
|
||||
+LABEL (".Lvx_rem");
|
||||
+ lhi ("%r0",64);
|
||||
+
|
||||
+ sr ($len,"%r0");
|
||||
+ brc (2,".Lvx_rem_g64"); # cc==2?
|
||||
+
|
||||
+ lghi ("%r1",-$stdframe);
|
||||
+
|
||||
+ la ($counter,"48+$off($sp)"); # load updated iv
|
||||
+ ar ($len,"%r0"); # restore len
|
||||
+
|
||||
+ lgr ("%r7",$counter);
|
||||
+&{$z? \&stg:\&st} ("%r14","14*$SIZE_T+$frame($sp)");
|
||||
+ la ($sp,"0(%r1,$sp)");
|
||||
+
|
||||
+ bras ("%r14","_s390x_chacha_novx");
|
||||
+
|
||||
+ la ($sp,"$stdframe($sp)");
|
||||
+&{$z? \&lg:\&l} ("%r14","14*$SIZE_T+$frame($sp)");
|
||||
+ lgr ($counter,"%r7");
|
||||
+ j (".Lvx_done");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Lvx_rem_g64");
|
||||
+ vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial
|
||||
+ # state
|
||||
+ vl ("%v31","16(%r7)");
|
||||
+ vaf ("%v12","%v12","%v31"); # increment counter
|
||||
+
|
||||
+ vlr (@v[$_],"%v$_") for (0..15); # state = initial state
|
||||
+
|
||||
+ lhi ("%r6",10);
|
||||
+ j (".Loop_vx_rem");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Loop_vx_rem");
|
||||
+ VX_ROUND( 0, 4, 8,12); # column round
|
||||
+ VX_ROUND( 0, 5,10,15); # diagonal round
|
||||
+ brct ("%r6",".Loop_vx_rem");
|
||||
+
|
||||
+ vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial
|
||||
+ # state (mod 32)
|
||||
+ vlm ("%v6","%v7","32(%r7)"); # load vperm operands
|
||||
+
|
||||
+for (0..3) { # blocks 1,2
|
||||
+ vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
|
||||
+ vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]);
|
||||
+ vperm ("%v".($_+8),"%v0","%v1","%v6");
|
||||
+ vperm ("%v".($_+12),"%v0","%v1","%v7");
|
||||
+}
|
||||
+ vlm ("%v0","%v3","0($inp)"); # load in
|
||||
+ vx ("%v$_","%v$_","%v".($_+8)) for (0..3); # out = in ^ ks
|
||||
+ vstm ("%v0","%v3","0($out)"); # store out
|
||||
+
|
||||
+ la ($inp,"64($inp)");
|
||||
+ la ($out,"64($out)");
|
||||
+
|
||||
+ sr ($len,"%r0");
|
||||
+ brc (4,".Lvx_tail"); # cc==4?
|
||||
+
|
||||
+ vlm ("%v0","%v3","0($inp)"); # load in
|
||||
+ vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks
|
||||
+ vstm ("%v0","%v3","0($out)"); # store out
|
||||
+ jz (".Lvx_done");
|
||||
+
|
||||
+for (0..3) { # blocks 3,4
|
||||
+ vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
|
||||
+ vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]);
|
||||
+ vperm ("%v".($_+12),"%v0","%v1","%v6");
|
||||
+ vperm ("%v".($_+8),"%v0","%v1","%v7");
|
||||
+}
|
||||
+ la ($inp,"64($inp)");
|
||||
+ la ($out,"64($out)");
|
||||
+
|
||||
+ sr ($len,"%r0");
|
||||
+ brc (4,".Lvx_tail"); # cc==4?
|
||||
+
|
||||
+ vlm ("%v0","%v3","0($inp)"); # load in
|
||||
+ vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks
|
||||
+ vstm ("%v0","%v3","0($out)"); # store out
|
||||
+ jz (".Lvx_done");
|
||||
+
|
||||
+ la ($inp,"64($inp)");
|
||||
+ la ($out,"64($out)");
|
||||
+
|
||||
+ sr ($len,"%r0");
|
||||
+ vlr ("%v".($_+4),"%v$_") for (8..11);
|
||||
+ j (".Lvx_tail");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Lvx_tail");
|
||||
+ ar ($len,"%r0"); # restore $len
|
||||
+ ahi ($len,-1);
|
||||
+
|
||||
+ lhi ("%r0",16);
|
||||
+for (0..2) {
|
||||
+ vll ("%v0",$len,($_*16)."($inp)");
|
||||
+ vx ("%v0","%v0","%v".($_+12));
|
||||
+ vstl ("%v0",$len,($_*16)."($out)");
|
||||
+ sr ($len,"%r0");
|
||||
+ brc (4,".Lvx_done"); # cc==4?
|
||||
+}
|
||||
+ vll ("%v0",$len,"3*16($inp)");
|
||||
+ vx ("%v0","%v0","%v15");
|
||||
+ vstl ("%v0",$len,"3*16($out)");
|
||||
+ j (".Lvx_done");
|
||||
+SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32");
|
||||
+}
|
||||
+
|
||||
+# NOVX CODE PATH
|
||||
+{
|
||||
+my $frame=$stdframe+4*20;
|
||||
+
|
||||
+TYPE ("_s390x_chacha_novx","\@function");
|
||||
+ALIGN (32);
|
||||
+LABEL ("_s390x_chacha_novx");
|
||||
+&{$z? \<gr:\<r} ($len,$len); # $len==0?
|
||||
+ bzr ("%r14");
|
||||
+&{$z? \&aghi:\&ahi} ($len,-64);
|
||||
+&{$z? \&lghi:\&lhi} ("%r1",-$frame);
|
||||
+&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)");
|
||||
+&{$z? \&slgr:\&slr} ($out,$inp); # difference
|
||||
+ la ($len,"0($inp,$len)"); # end of input minus 64
|
||||
+ larl ("%r7",".Lsigma");
|
||||
+ lgr ("%r0",$sp);
|
||||
+ la ($sp,"0(%r1,$sp)");
|
||||
+&{$z? \&stg:\&st} ("%r0","0($sp)");
|
||||
+
|
||||
+ lmg ("%r8","%r11","0($key)"); # load key
|
||||
+ lmg ("%r12","%r13","0($counter)"); # load counter
|
||||
+ lmg ("%r6","%r7","0(%r7)"); # load sigma constant
|
||||
+
|
||||
+ la ("%r14","0($inp)");
|
||||
+&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)");
|
||||
+&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)");
|
||||
+ stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack
|
||||
+ srlg (@x[12],"%r12",32); # 32-bit counter value
|
||||
+ j (".Loop_outer");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Loop_outer");
|
||||
+ lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7]
|
||||
+ lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11]
|
||||
+ lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15]
|
||||
+ stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11]
|
||||
+ lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9]
|
||||
+ st (@x[12],"$stdframe+4*12($sp)"); # save counter
|
||||
+&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer
|
||||
+ lhi ("%r14",10);
|
||||
+ j (".Loop");
|
||||
+
|
||||
+ALIGN (4);
|
||||
+LABEL (".Loop");
|
||||
+ ROUND (0, 4, 8,12);
|
||||
+ ROUND (0, 5,10,15);
|
||||
+ brct ("%r14",".Loop");
|
||||
+
|
||||
+&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer
|
||||
+ stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9]
|
||||
+&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)");
|
||||
+
|
||||
+ al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule
|
||||
+ al (@x[1],"$stdframe+4*1($sp)");
|
||||
+ al (@x[2],"$stdframe+4*2($sp)");
|
||||
+ al (@x[3],"$stdframe+4*3($sp)");
|
||||
+ al (@x[4],"$stdframe+4*4($sp)");
|
||||
+ al (@x[5],"$stdframe+4*5($sp)");
|
||||
+ al (@x[6],"$stdframe+4*6($sp)");
|
||||
+ al (@x[7],"$stdframe+4*7($sp)");
|
||||
+ lrvr (@x[0],@x[0]);
|
||||
+ lrvr (@x[1],@x[1]);
|
||||
+ lrvr (@x[2],@x[2]);
|
||||
+ lrvr (@x[3],@x[3]);
|
||||
+ lrvr (@x[4],@x[4]);
|
||||
+ lrvr (@x[5],@x[5]);
|
||||
+ lrvr (@x[6],@x[6]);
|
||||
+ lrvr (@x[7],@x[7]);
|
||||
+ al (@x[12],"$stdframe+4*12($sp)");
|
||||
+ al (@x[13],"$stdframe+4*13($sp)");
|
||||
+ al (@x[14],"$stdframe+4*14($sp)");
|
||||
+ al (@x[15],"$stdframe+4*15($sp)");
|
||||
+ lrvr (@x[12],@x[12]);
|
||||
+ lrvr (@x[13],@x[13]);
|
||||
+ lrvr (@x[14],@x[14]);
|
||||
+ lrvr (@x[15],@x[15]);
|
||||
+
|
||||
+ la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer
|
||||
+&{$z? \&clgr:\&clr} ("%r14",@t[1]);
|
||||
+ jh (".Ltail");
|
||||
+
|
||||
+ x (@x[0],"4*0(%r14)"); # xor with input
|
||||
+ x (@x[1],"4*1(%r14)");
|
||||
+ st (@x[0],"4*0(@t[0])"); # store output
|
||||
+ x (@x[2],"4*2(%r14)");
|
||||
+ st (@x[1],"4*1(@t[0])");
|
||||
+ x (@x[3],"4*3(%r14)");
|
||||
+ st (@x[2],"4*2(@t[0])");
|
||||
+ x (@x[4],"4*4(%r14)");
|
||||
+ st (@x[3],"4*3(@t[0])");
|
||||
+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11]
|
||||
+ x (@x[5],"4*5(%r14)");
|
||||
+ st (@x[4],"4*4(@t[0])");
|
||||
+ x (@x[6],"4*6(%r14)");
|
||||
+ al (@x[0],"$stdframe+4*8($sp)");
|
||||
+ st (@x[5],"4*5(@t[0])");
|
||||
+ x (@x[7],"4*7(%r14)");
|
||||
+ al (@x[1],"$stdframe+4*9($sp)");
|
||||
+ st (@x[6],"4*6(@t[0])");
|
||||
+ x (@x[12],"4*12(%r14)");
|
||||
+ al (@x[2],"$stdframe+4*10($sp)");
|
||||
+ st (@x[7],"4*7(@t[0])");
|
||||
+ x (@x[13],"4*13(%r14)");
|
||||
+ al (@x[3],"$stdframe+4*11($sp)");
|
||||
+ st (@x[12],"4*12(@t[0])");
|
||||
+ x (@x[14],"4*14(%r14)");
|
||||
+ st (@x[13],"4*13(@t[0])");
|
||||
+ x (@x[15],"4*15(%r14)");
|
||||
+ st (@x[14],"4*14(@t[0])");
|
||||
+ lrvr (@x[0],@x[0]);
|
||||
+ st (@x[15],"4*15(@t[0])");
|
||||
+ lrvr (@x[1],@x[1]);
|
||||
+ lrvr (@x[2],@x[2]);
|
||||
+ lrvr (@x[3],@x[3]);
|
||||
+ lhi (@x[12],1);
|
||||
+ x (@x[0],"4*8(%r14)");
|
||||
+ al (@x[12],"$stdframe+4*12($sp)"); # increment counter
|
||||
+ x (@x[1],"4*9(%r14)");
|
||||
+ st (@x[0],"4*8(@t[0])");
|
||||
+ x (@x[2],"4*10(%r14)");
|
||||
+ st (@x[1],"4*9(@t[0])");
|
||||
+ x (@x[3],"4*11(%r14)");
|
||||
+ st (@x[2],"4*10(@t[0])");
|
||||
+ st (@x[3],"4*11(@t[0])");
|
||||
+
|
||||
+&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet?
|
||||
+ la ("%r14","64(%r14)");
|
||||
+ jl (".Loop_outer");
|
||||
+
|
||||
+LABEL (".Ldone");
|
||||
+ xgr ("%r0","%r0");
|
||||
+ xgr ("%r1","%r1");
|
||||
+ xgr ("%r2","%r2");
|
||||
+ xgr ("%r3","%r3");
|
||||
+ stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy
|
||||
+ stmg ("%r0","%r3","$stdframe+4*12($sp)");
|
||||
+
|
||||
+&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)");
|
||||
+ br ("%r14");
|
||||
+
|
||||
+ALIGN (16);
|
||||
+LABEL (".Ltail");
|
||||
+ la (@t[1],"64($t[1])");
|
||||
+ stm (@x[0],@x[7],"$stdframe+4*0($sp)");
|
||||
+&{$z? \&slgr:\&slr} (@t[1],"%r14");
|
||||
+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)");
|
||||
+&{$z? \&lghi:\&lhi} (@x[6],0);
|
||||
+ stm (@x[12],@x[15],"$stdframe+4*12($sp)");
|
||||
+ al (@x[0],"$stdframe+4*8($sp)");
|
||||
+ al (@x[1],"$stdframe+4*9($sp)");
|
||||
+ al (@x[2],"$stdframe+4*10($sp)");
|
||||
+ al (@x[3],"$stdframe+4*11($sp)");
|
||||
+ lrvr (@x[0],@x[0]);
|
||||
+ lrvr (@x[1],@x[1]);
|
||||
+ lrvr (@x[2],@x[2]);
|
||||
+ lrvr (@x[3],@x[3]);
|
||||
+ stm (@x[0],@x[3],"$stdframe+4*8($sp)");
|
||||
+
|
||||
+LABEL (".Loop_tail");
|
||||
+ llgc (@x[4],"0(@x[6],%r14)");
|
||||
+ llgc (@x[5],"$stdframe(@x[6],$sp)");
|
||||
+ xr (@x[5],@x[4]);
|
||||
+ stc (@x[5],"0(@x[6],@t[0])");
|
||||
+ la (@x[6],"1(@x[6])");
|
||||
+ brct (@t[1],".Loop_tail");
|
||||
+
|
||||
+ j (".Ldone");
|
||||
+SIZE ("_s390x_chacha_novx",".-_s390x_chacha_novx");
|
||||
+}
|
||||
}
|
||||
-close STDOUT or die "error closing STDOUT: $!";
|
||||
+################
|
||||
+
|
||||
+ALIGN (64);
|
||||
+LABEL (".Lsigma");
|
||||
+LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma
|
||||
+LONG (0x00000000,0x00000001,0x00000002,0x00000003); # vaf counter increment
|
||||
+LONG (0x03020100,0x07060504,0x13121110,0x17161514); # vperm serialization
|
||||
+LONG (0x0b0a0908,0x0f0e0d0c,0x1b1a1918,0x1f1e1d1c); # vperm serialization
|
||||
+ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
|
||||
+ALIGN (4);
|
||||
+
|
||||
+PERLASM_END();
|
1006
0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
Normal file
1006
0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,31 @@
|
||||
From b2b580fe445e064da50c13d3e00f71022da16ece Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Fri, 15 Feb 2019 22:59:09 +0100
|
||||
Subject: [PATCH] s390x assembly pack: fix formal interface bug in chacha
|
||||
module
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/8257)
|
||||
---
|
||||
crypto/chacha/asm/chacha-s390x.pl | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl
|
||||
index 005c810e20..abf7283dd8 100755
|
||||
--- a/crypto/chacha/asm/chacha-s390x.pl
|
||||
+++ b/crypto/chacha/asm/chacha-s390x.pl
|
||||
@@ -225,7 +225,7 @@ LABEL ("ChaCha20_ctr32");
|
||||
larl ("%r1","OPENSSL_s390xcap_P");
|
||||
|
||||
lghi ("%r0",64);
|
||||
-&{$z? \&cgr:\&cr} ($len,"%r0");
|
||||
+&{$z? \&clgr:\&clr} ($len,"%r0");
|
||||
jle ("_s390x_chacha_novx");
|
||||
|
||||
lg ("%r0","S390X_STFLE+16(%r1)");
|
||||
--
|
||||
2.21.0
|
||||
|
1094
0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
Normal file
1094
0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
Normal file
File diff suppressed because it is too large
Load Diff
1631
0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
Normal file
1631
0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
Normal file
File diff suppressed because it is too large
Load Diff
10
baselibs.conf
Normal file
10
baselibs.conf
Normal file
@ -0,0 +1,10 @@
|
||||
libopenssl1_1
|
||||
obsoletes "libopenssl1_1_0-<targettype>"
|
||||
provides "libopenssl1_1-hmac-<targettype> = <version>-%release"
|
||||
obsoletes "libopenssl1_1-hmac-<targettype> < <version>-%release"
|
||||
libopenssl-1_1-devel
|
||||
provides "libopenssl-devel-<targettype> = <version>"
|
||||
conflicts "otherproviders(libopenssl-devel-<targettype>)"
|
||||
conflicts "libopenssl-3-devel-<targettype>"
|
||||
requires -"openssl-1_1-<targettype>"
|
||||
requires "libopenssl1_1-<targettype> = <version>"
|
399
bsc1185319-FIPS-KAT-for-ECDSA.patch
Normal file
399
bsc1185319-FIPS-KAT-for-ECDSA.patch
Normal file
@ -0,0 +1,399 @@
|
||||
diff --git a/crypto/fips/fips_ecdsa_selftest.c b/crypto/fips/fips_ecdsa_selftest.c
|
||||
index 9895aa8..77a1c77 100644
|
||||
--- a/crypto/fips/fips_ecdsa_selftest.c
|
||||
+++ b/crypto/fips/fips_ecdsa_selftest.c
|
||||
@@ -65,102 +65,319 @@
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
+#include <openssl/rand.h>
|
||||
+#include "internal/nelem.h"
|
||||
+#include "fips_locl.h"
|
||||
|
||||
-static const char P_256_name[] = "ECDSA P-256";
|
||||
+/* functions to change the RAND_METHOD */
|
||||
+static int fbytes(unsigned char *buf, int num);
|
||||
|
||||
-static const unsigned char P_256_d[] = {
|
||||
- 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f,
|
||||
- 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87,
|
||||
- 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64
|
||||
-};
|
||||
+static RAND_METHOD fake_rand;
|
||||
+static const RAND_METHOD *old_rand;
|
||||
+static int use_fake = 0;
|
||||
+static const unsigned char *numbers[2];
|
||||
+static int numbers_len[2];
|
||||
|
||||
-static const unsigned char P_256_qx[] = {
|
||||
- 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e,
|
||||
- 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31,
|
||||
- 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07
|
||||
-};
|
||||
+static int change_rand(void)
|
||||
+{
|
||||
+ /* save old rand method */
|
||||
+ old_rand = RAND_get_rand_method();
|
||||
+ if (!old_rand)
|
||||
+ return 0;
|
||||
+
|
||||
+ fake_rand = *old_rand;
|
||||
+ /* use own random function */
|
||||
+ fake_rand.bytes = fbytes;
|
||||
+ /* set new RAND_METHOD */
|
||||
+ if (!RAND_set_rand_method(&fake_rand))
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
|
||||
-static const unsigned char P_256_qy[] = {
|
||||
- 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b,
|
||||
- 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e,
|
||||
- 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb
|
||||
-};
|
||||
+static int restore_rand(void)
|
||||
+{
|
||||
+ if (!RAND_set_rand_method(old_rand))
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int fbytes(unsigned char *buf, int num)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ static int fbytes_counter = 0;
|
||||
+
|
||||
+ if (use_fake == 0)
|
||||
+ return old_rand->bytes(buf, num);
|
||||
+
|
||||
+ use_fake = 0;
|
||||
+
|
||||
+ if (fbytes_counter >= OSSL_NELEM(numbers))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (numbers_len[fbytes_counter] > num)
|
||||
+ goto err;
|
||||
+
|
||||
+ /* first zero out the buffer */
|
||||
+ memset(buf, 0, num);
|
||||
+
|
||||
+ /* Now set the "random" values */
|
||||
+ memcpy(buf + (num - numbers_len[fbytes_counter]), numbers[fbytes_counter], numbers_len[fbytes_counter]);
|
||||
+
|
||||
+ fbytes_counter = (fbytes_counter + 1) % OSSL_NELEM(numbers);
|
||||
+ ret = 1;
|
||||
+err:
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+
|
||||
+/*-
|
||||
+ * NIST CAVP ECDSA KATs
|
||||
+ * 2 X9.62 KATs; one for prime fields and one for binary fields.
|
||||
+ *
|
||||
+ * Taken from:
|
||||
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/dss/186-3ecdsatestvectors.zip
|
||||
+ */
|
||||
|
||||
typedef struct {
|
||||
- int curve;
|
||||
- const char *name;
|
||||
- const unsigned char *x;
|
||||
- size_t xlen;
|
||||
- const unsigned char *y;
|
||||
- size_t ylen;
|
||||
- const unsigned char *d;
|
||||
- size_t dlen;
|
||||
-} EC_SELFTEST_DATA;
|
||||
-
|
||||
-# define make_ecdsa_test(nid, pr) { nid, pr##_name, \
|
||||
- pr##_qx, sizeof(pr##_qx), \
|
||||
- pr##_qy, sizeof(pr##_qy), \
|
||||
- pr##_d, sizeof(pr##_d)}
|
||||
-
|
||||
-static EC_SELFTEST_DATA test_ec_data[] = {
|
||||
- make_ecdsa_test(NID_X9_62_prime256v1, P_256),
|
||||
-};
|
||||
+ const int nid; /* curve NID */
|
||||
+ const int md_nid; /* hash function NID */
|
||||
+ const unsigned char *msg; /* message to sign */
|
||||
+ size_t msglen;
|
||||
+ const unsigned char *d; /* ECDSA private key */
|
||||
+ size_t dlen;
|
||||
+ const unsigned char *Q; /* ECDSA public key: (Qx,Qy) */
|
||||
+ size_t Qlen;
|
||||
+ const unsigned char *k; /* ECDSA nonce */
|
||||
+ size_t klen;
|
||||
+ const unsigned char *r; /* ECDSA signature (r,s) */
|
||||
+ size_t rlen;
|
||||
+ const unsigned char *s;
|
||||
+ size_t slen;
|
||||
+} ECDSA_KAT_SELFTEST_DATA;
|
||||
|
||||
-int FIPS_selftest_ecdsa()
|
||||
-{
|
||||
- EC_KEY *ec = NULL;
|
||||
- BIGNUM *x = NULL, *y = NULL, *d = NULL;
|
||||
- EVP_PKEY *pk = NULL;
|
||||
- int rv = 0;
|
||||
- size_t i;
|
||||
|
||||
- for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) {
|
||||
- EC_SELFTEST_DATA *ecd = test_ec_data + i;
|
||||
+static const unsigned char data1_msg[] = {
|
||||
+ 0x59, 0x05, 0x23, 0x88, 0x77, 0xc7, 0x74, 0x21,
|
||||
+ 0xf7, 0x3e, 0x43, 0xee, 0x3d, 0xa6, 0xf2, 0xd9,
|
||||
+ 0xe2, 0xcc, 0xad, 0x5f, 0xc9, 0x42, 0xdc, 0xec,
|
||||
+ 0x0c, 0xbd, 0x25, 0x48, 0x29, 0x35, 0xfa, 0xaf,
|
||||
+ 0x41, 0x69, 0x83, 0xfe, 0x16, 0x5b, 0x1a, 0x04,
|
||||
+ 0x5e, 0xe2, 0xbc, 0xd2, 0xe6, 0xdc, 0xa3, 0xbd,
|
||||
+ 0xf4, 0x6c, 0x43, 0x10, 0xa7, 0x46, 0x1f, 0x9a,
|
||||
+ 0x37, 0x96, 0x0c, 0xa6, 0x72, 0xd3, 0xfe, 0xb5,
|
||||
+ 0x47, 0x3e, 0x25, 0x36, 0x05, 0xfb, 0x1d, 0xdf,
|
||||
+ 0xd2, 0x80, 0x65, 0xb5, 0x3c, 0xb5, 0x85, 0x8a,
|
||||
+ 0x8a, 0xd2, 0x81, 0x75, 0xbf, 0x9b, 0xd3, 0x86,
|
||||
+ 0xa5, 0xe4, 0x71, 0xea, 0x7a, 0x65, 0xc1, 0x7c,
|
||||
+ 0xc9, 0x34, 0xa9, 0xd7, 0x91, 0xe9, 0x14, 0x91,
|
||||
+ 0xeb, 0x37, 0x54, 0xd0, 0x37, 0x99, 0x79, 0x0f,
|
||||
+ 0xe2, 0xd3, 0x08, 0xd1, 0x61, 0x46, 0xd5, 0xc9,
|
||||
+ 0xb0, 0xd0, 0xde, 0xbd, 0x97, 0xd7, 0x9c, 0xe8
|
||||
+};
|
||||
|
||||
- x = BN_bin2bn(ecd->x, ecd->xlen, x);
|
||||
- y = BN_bin2bn(ecd->y, ecd->ylen, y);
|
||||
- d = BN_bin2bn(ecd->d, ecd->dlen, d);
|
||||
+static const unsigned char data1_d[] = {
|
||||
+ 0x51, 0x9b, 0x42, 0x3d, 0x71, 0x5f, 0x8b, 0x58,
|
||||
+ 0x1f, 0x4f, 0xa8, 0xee, 0x59, 0xf4, 0x77, 0x1a,
|
||||
+ 0x5b, 0x44, 0xc8, 0x13, 0x0b, 0x4e, 0x3e, 0xac,
|
||||
+ 0xca, 0x54, 0xa5, 0x6d, 0xda, 0x72, 0xb4, 0x64
|
||||
+};
|
||||
|
||||
- if (!x || !y || !d)
|
||||
- goto err;
|
||||
+static const unsigned char data1_Q[] = {
|
||||
+ 0x04, 0x0c, 0xec, 0x02, 0x8e, 0xe0, 0x8d, 0x09,
|
||||
+ 0xe0, 0x26, 0x72, 0xa6, 0x83, 0x10, 0x81, 0x43,
|
||||
+ 0x54, 0xf9, 0xea, 0xbf, 0xff, 0x0d, 0xe6, 0xda,
|
||||
+ 0xcc, 0x1c, 0xd3, 0xa7, 0x74, 0x49, 0x60, 0x76,
|
||||
+ 0xae, 0xef, 0xf4, 0x71, 0xfb, 0xa0, 0x40, 0x98,
|
||||
+ 0x97, 0xb6, 0xa4, 0x8e, 0x88, 0x01, 0xad, 0x12,
|
||||
+ 0xf9, 0x5d, 0x00, 0x09, 0xb7, 0x53, 0xcf, 0x8f,
|
||||
+ 0x51, 0xc1, 0x28, 0xbf, 0x6b, 0x0b, 0xd2, 0x7f,
|
||||
+ 0xbd
|
||||
+};
|
||||
|
||||
- ec = EC_KEY_new_by_curve_name(ecd->curve);
|
||||
- if (!ec)
|
||||
- goto err;
|
||||
+static const unsigned char data1_k[] = {
|
||||
+ 0x94, 0xa1, 0xbb, 0xb1, 0x4b, 0x90, 0x6a, 0x61,
|
||||
+ 0xa2, 0x80, 0xf2, 0x45, 0xf9, 0xe9, 0x3c, 0x7f,
|
||||
+ 0x3b, 0x4a, 0x62, 0x47, 0x82, 0x4f, 0x5d, 0x33,
|
||||
+ 0xb9, 0x67, 0x07, 0x87, 0x64, 0x2a, 0x68, 0xde
|
||||
+};
|
||||
|
||||
- if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
|
||||
- goto err;
|
||||
+static const unsigned char data1_r[] = {
|
||||
+ 0xe3, 0x95, 0xf6, 0xdb, 0x12, 0x71, 0x90, 0xfa,
|
||||
+ 0x70, 0xa6, 0x80, 0xeb, 0xf6, 0x8a, 0x18, 0x35,
|
||||
+ 0x6f, 0xef, 0xf2, 0x36, 0x65, 0xb9, 0x31, 0xc3,
|
||||
+ 0xa2, 0x14, 0x80, 0xdf, 0x86, 0xc4, 0xec, 0xbc
|
||||
+};
|
||||
|
||||
- if (!EC_KEY_set_private_key(ec, d))
|
||||
- goto err;
|
||||
+static const unsigned char data1_s[] = {
|
||||
+ 0xa5, 0x01, 0x04, 0x78, 0x93, 0xd9, 0x60, 0xcc,
|
||||
+ 0x20, 0xce, 0xbd, 0xbb, 0x6f, 0x79, 0xb9, 0x7e,
|
||||
+ 0x45, 0x23, 0x80, 0x73, 0x87, 0x83, 0x53, 0x63,
|
||||
+ 0xe3, 0x80, 0x2b, 0x68, 0xcf, 0x32, 0xa1, 0xa2
|
||||
+};
|
||||
|
||||
- if ((pk = EVP_PKEY_new()) == NULL)
|
||||
- goto err;
|
||||
|
||||
- EVP_PKEY_assign_EC_KEY(pk, ec);
|
||||
+# define make_ecdsa_kat_test(nid, md_nid, pr) { \
|
||||
+nid, md_nid, \
|
||||
+pr##_msg, sizeof(pr##_msg), \
|
||||
+pr##_d, sizeof(pr##_d), \
|
||||
+pr##_Q, sizeof(pr##_Q), \
|
||||
+pr##_k, sizeof(pr##_k), \
|
||||
+pr##_r, sizeof(pr##_r), \
|
||||
+pr##_s, sizeof(pr##_s) \
|
||||
+}
|
||||
|
||||
- if (!fips_pkey_signature_test(pk, NULL, 0,
|
||||
- NULL, 0, EVP_sha256(), 0, ecd->name))
|
||||
- goto err;
|
||||
- }
|
||||
+static ECDSA_KAT_SELFTEST_DATA test_ecdsa_data[] = {
|
||||
+ make_ecdsa_kat_test(NID_secp256k1, NID_sha256, data1)
|
||||
+};
|
||||
|
||||
- rv = 1;
|
||||
+int FIPS_selftest_ecdsa()
|
||||
+{
|
||||
+ int rv;
|
||||
+ size_t i, siglen, p_len;
|
||||
+
|
||||
+ for (i = 0; i < sizeof(test_ecdsa_data) / sizeof(ECDSA_KAT_SELFTEST_DATA); i++) {
|
||||
+ EC_KEY *ec = NULL;
|
||||
+ BIGNUM *r = NULL, *s = NULL;
|
||||
+ BIGNUM *sig_r = NULL, *sig_s = NULL;
|
||||
+ EVP_PKEY *pk = NULL;
|
||||
+ unsigned char *sig = NULL;
|
||||
+ unsigned char *tsig = NULL;
|
||||
+ unsigned char *p_buf = NULL;
|
||||
+ ECDSA_SIG *dsa_sig = NULL;
|
||||
+ rv = 0;
|
||||
+
|
||||
+ ECDSA_KAT_SELFTEST_DATA *ecd = test_ecdsa_data + i;
|
||||
+
|
||||
+ /* Create the Message Digest Context */
|
||||
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
|
||||
+ if (!mdctx) goto err;
|
||||
+
|
||||
+ r = BN_bin2bn(ecd->r, ecd->rlen, r);
|
||||
+ s = BN_bin2bn(ecd->s, ecd->slen, s);
|
||||
+
|
||||
+ if (!r || !s)
|
||||
+ goto err;
|
||||
+
|
||||
+ /* d[] will be used to generate a key. */
|
||||
+ /* k[] will be used for signature generation. */
|
||||
+ numbers[0] = ecd->d;
|
||||
+ numbers_len[0] = ecd->dlen;
|
||||
+ numbers[1] = ecd->k;
|
||||
+ numbers_len[1] = ecd->klen;
|
||||
+ /* swap the RNG source */
|
||||
+ if (!change_rand())
|
||||
+ goto err;
|
||||
+
|
||||
+ ec = EC_KEY_new_by_curve_name(ecd->nid);
|
||||
+ if (!ec)
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Use d[] to generate key. */
|
||||
+ use_fake = 1;
|
||||
+ if (EC_KEY_generate_key(ec) != 1)
|
||||
+ goto err;
|
||||
+
|
||||
+ if ((pk = EVP_PKEY_new()) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ EVP_PKEY_assign_EC_KEY(pk, ec);
|
||||
+
|
||||
+ p_len = EC_KEY_key2buf(ec, POINT_CONVERSION_UNCOMPRESSED, &p_buf, NULL);
|
||||
+ if (!p_len)
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Make sure generated public key matches */
|
||||
+ if (p_len != ecd->Qlen)
|
||||
+ goto err;
|
||||
+ if (memcmp(p_buf, ecd->Q, p_len))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Initialise the DigestSign operation */
|
||||
+ if(1 != EVP_DigestSignInit(mdctx, NULL, EVP_get_digestbynid(ecd->md_nid), NULL, pk))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Call update with the message */
|
||||
+ if(1 != EVP_DigestSignUpdate(mdctx, ecd->msg, ecd->msglen))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Finalise the DigestSign operation */
|
||||
+ /* First call EVP_DigestSignFinal with a NULL sig parameter to */
|
||||
+ /* obtain the length of the signature. Length is returned in slen */
|
||||
+ if(1 != EVP_DigestSignFinal(mdctx, NULL, &siglen))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Allocate memory for the signature based on size in slen */
|
||||
+ if(!(sig = OPENSSL_malloc(siglen)))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Use k[] for signature. */
|
||||
+ use_fake = 1;
|
||||
+
|
||||
+ /* Obtain the signature */
|
||||
+ if(1 != EVP_DigestSignFinal(mdctx, sig, &siglen))
|
||||
+ goto err;
|
||||
|
||||
- err:
|
||||
+ /* extract r and s */
|
||||
+ tsig = sig;
|
||||
+ dsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **) &tsig, siglen);
|
||||
+ if (dsa_sig == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ sig_r = ECDSA_SIG_get0_r(dsa_sig);
|
||||
+ sig_s = ECDSA_SIG_get0_s(dsa_sig);
|
||||
+ if ((sig_r == NULL) || (sig_s == NULL))
|
||||
+ goto err;
|
||||
|
||||
- if (x)
|
||||
- BN_clear_free(x);
|
||||
- if (y)
|
||||
- BN_clear_free(y);
|
||||
- if (d)
|
||||
- BN_clear_free(d);
|
||||
+ /* Compare r and s against known. */
|
||||
+ if ((BN_cmp(sig_r, r) != 0) || (BN_cmp(sig_s, s) != 0))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Verify signature */
|
||||
+ if(1 != EVP_DigestVerifyInit(mdctx, NULL, EVP_get_digestbynid(ecd->md_nid), NULL, pk))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_DigestVerify(mdctx, sig, siglen, ecd->msg, ecd->msglen) != 1)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (1 != restore_rand())
|
||||
+ goto err;
|
||||
+
|
||||
+ /* Success */
|
||||
+ rv = 1;
|
||||
+
|
||||
+
|
||||
+ err:
|
||||
+
|
||||
+ if (mdctx)
|
||||
+ EVP_MD_CTX_free(mdctx);
|
||||
+ if (r)
|
||||
+ BN_clear_free(r);
|
||||
+ if (s)
|
||||
+ BN_clear_free(s);
|
||||
+ if (sig)
|
||||
+ OPENSSL_free(sig);
|
||||
+ if (dsa_sig)
|
||||
+ ECDSA_SIG_free(dsa_sig);
|
||||
+ if (p_buf)
|
||||
+ OPENSSL_free(p_buf);
|
||||
if (pk)
|
||||
- EVP_PKEY_free(pk);
|
||||
+ EVP_PKEY_free(pk);
|
||||
else if (ec)
|
||||
- EC_KEY_free(ec);
|
||||
-
|
||||
- return rv;
|
||||
+ EC_KEY_free(ec);
|
||||
+
|
||||
+ if (rv != 1) {
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA, FIPS_R_SELFTEST_FAILED);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ }
|
||||
|
||||
+ return rv;
|
||||
+
|
||||
}
|
||||
|
||||
+
|
||||
#endif
|
||||
|
13
bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
Normal file
13
bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff --git a/crypto/fips/fips_post.c b/crypto/fips/fips_post.c
|
||||
index 80de6f6..46003d1 100644
|
||||
--- a/crypto/fips/fips_post.c
|
||||
+++ b/crypto/fips/fips_post.c
|
||||
@@ -72,7 +72,7 @@
|
||||
int FIPS_selftest(void)
|
||||
{
|
||||
int rv = 1;
|
||||
- if (!FIPS_selftest_drbg())
|
||||
+ if (!FIPS_selftest_drbg_all())
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_sha1())
|
||||
rv = 0;
|
12
openssl-1.1.0-issuer-hash.patch
Normal file
12
openssl-1.1.0-issuer-hash.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.1.1j/crypto/x509/x509_cmp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1j.orig/crypto/x509/x509_cmp.c
|
||||
+++ openssl-1.1.1j/crypto/x509/x509_cmp.c
|
||||
@@ -38,6 +38,7 @@ unsigned long X509_issuer_and_serial_has
|
||||
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
|
||||
if (f == NULL)
|
||||
goto err;
|
13
openssl-1.1.0-no-html.patch
Normal file
13
openssl-1.1.0-no-html.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: openssl-1.1.1f/Configurations/unix-Makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.1f.orig/Configurations/unix-Makefile.tmpl 2020-03-31 16:07:11.764502217 +0200
|
||||
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-03-31 16:07:45.036664229 +0200
|
||||
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
|
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
||||
|
||||
-install_docs: install_man_docs install_html_docs
|
||||
+install_docs: install_man_docs
|
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
||||
$(RM) -r "$(DESTDIR)$(DOCDIR)"
|
5278
openssl-1.1.1-evp-kdf.patch
Normal file
5278
openssl-1.1.1-evp-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
414
openssl-1.1.1-fips-crng-test.patch
Normal file
414
openssl-1.1.1-fips-crng-test.patch
Normal file
@ -0,0 +1,414 @@
|
||||
Index: openssl-1.1.1g/include/crypto/rand.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1g.orig/include/crypto/rand.h 2020-04-21 15:59:25.552654754 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-21 15:59:27.208663772 +0200
|
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||
|
||||
+/* CRNG test entropy filter callbacks. */
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance);
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen);
|
||||
+
|
||||
/*
|
||||
* RAND_POOL functions
|
||||
*/
|
||||
Index: openssl-1.1.1g/crypto/rand/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1g.orig/crypto/rand/build.info 2020-04-21 15:59:27.208663772 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-21 16:00:32.869021309 +0200
|
||||
@@ -1,6 +1,6 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes
|
||||
Index: openssl-1.1.1g/crypto/rand/drbg_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1g.orig/crypto/rand/drbg_lib.c 2020-04-21 15:59:25.552654754 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-21 15:59:27.208663772 +0200
|
||||
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
|
||||
|
||||
|
||||
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
|
||||
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
|
||||
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
|
||||
|
||||
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
|
||||
|
||||
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
|
||||
drbg->parent = parent;
|
||||
|
||||
if (parent == NULL) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ drbg->get_entropy = rand_crngt_get_entropy;
|
||||
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
|
||||
+#else
|
||||
drbg->get_entropy = rand_drbg_get_entropy;
|
||||
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
|
||||
+#endif
|
||||
#ifndef RAND_DRBG_GET_RANDOM_NONCE
|
||||
drbg->get_nonce = rand_drbg_get_nonce;
|
||||
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
|
||||
Index: openssl-1.1.1g/crypto/rand/rand_crng_test.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-21 15:59:27.208663772 +0200
|
||||
@@ -0,0 +1,118 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "crypto/rand.h"
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "rand_local.h"
|
||||
+
|
||||
+static RAND_POOL *crngt_pool;
|
||||
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
|
||||
+
|
||||
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
|
||||
+ = &rand_crngt_get_entropy_cb;
|
||||
+
|
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size)
|
||||
+{
|
||||
+ int r;
|
||||
+ size_t n;
|
||||
+ unsigned char *p;
|
||||
+
|
||||
+ n = rand_pool_acquire_entropy(crngt_pool);
|
||||
+ if (n >= CRNGT_BUFSIZ) {
|
||||
+ p = rand_pool_detach(crngt_pool);
|
||||
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||
+ if (r != 0)
|
||||
+ memcpy(buf, p, CRNGT_BUFSIZ);
|
||||
+ rand_pool_reattach(crngt_pool, p);
|
||||
+ return r;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void rand_crngt_cleanup(void)
|
||||
+{
|
||||
+ rand_pool_free(crngt_pool);
|
||||
+ crngt_pool = NULL;
|
||||
+}
|
||||
+
|
||||
+int rand_crngt_init(void)
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ];
|
||||
+
|
||||
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
|
||||
+ return 0;
|
||||
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
+ return 1;
|
||||
+ }
|
||||
+ rand_crngt_cleanup();
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
|
||||
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
|
||||
+{
|
||||
+ return OPENSSL_init_crypto(0, NULL)
|
||||
+ && rand_crngt_init()
|
||||
+ && OPENSSL_atexit(&rand_crngt_cleanup);
|
||||
+}
|
||||
+
|
||||
+int rand_crngt_single_init(void)
|
||||
+{
|
||||
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
|
||||
+}
|
||||
+
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance)
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
|
||||
+ unsigned int sz;
|
||||
+ RAND_POOL *pool;
|
||||
+ size_t q, r = 0, s, t = 0;
|
||||
+ int attempts = 3;
|
||||
+
|
||||
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
|
||||
+ s = q > sizeof(buf) ? sizeof(buf) : q;
|
||||
+ if (!crngt_get_entropy(buf, md, &sz)
|
||||
+ || memcmp(crngt_prev, md, sz) == 0
|
||||
+ || !rand_pool_add(pool, buf, s, s * 8))
|
||||
+ goto err;
|
||||
+ memcpy(crngt_prev, md, sz);
|
||||
+ t += s;
|
||||
+ attempts++;
|
||||
+ }
|
||||
+ r = t;
|
||||
+ *pout = rand_pool_detach(pool);
|
||||
+err:
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
+ rand_pool_free(pool);
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen)
|
||||
+{
|
||||
+ OPENSSL_secure_clear_free(out, outlen);
|
||||
+}
|
||||
Index: openssl-1.1.1g/crypto/rand/rand_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1g.orig/crypto/rand/rand_local.h 2020-04-21 15:59:25.552654754 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-21 15:59:27.208663772 +0200
|
||||
@@ -33,7 +33,15 @@
|
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||
|
||||
-
|
||||
+/*
|
||||
+ * The number of bytes that constitutes an atomic lump of entropy with respect
|
||||
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
|
||||
+ * arbitrary, the smaller the value, the less entropy is consumed on first
|
||||
+ * read but the higher the probability of the test failing by accident.
|
||||
+ *
|
||||
+ * The value is in bytes.
|
||||
+ */
|
||||
+#define CRNGT_BUFSIZ 16
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
@@ -44,6 +52,8 @@
|
||||
*/
|
||||
# define DRBG_MAX_LENGTH INT32_MAX
|
||||
|
||||
+/* The default nonce */
|
||||
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
|
||||
|
||||
/*
|
||||
* Maximum allocation size for RANDOM_POOL buffers
|
||||
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
|
||||
/* initializes the AES-CTR DRBG implementation */
|
||||
int drbg_ctr_init(RAND_DRBG *drbg);
|
||||
|
||||
+/*
|
||||
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||
+ * These need to be exposed for the unit tests.
|
||||
+ */
|
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size);
|
||||
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size);
|
||||
+int rand_crngt_init(void);
|
||||
+void rand_crngt_cleanup(void);
|
||||
+
|
||||
+/*
|
||||
+ * Expose the run once initialisation function for the unit tests because.
|
||||
+ * they need to restart from scratch to validate the first block is skipped
|
||||
+ * properly.
|
||||
+ */
|
||||
+int rand_crngt_single_init(void);
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.1g/test/drbgtest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1g.orig/test/drbgtest.c 2020-04-21 15:59:25.552654754 +0200
|
||||
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-21 15:59:27.208663772 +0200
|
||||
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
|
||||
return t->noncelen;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Disable CRNG testing if it is enabled.
|
||||
+ * If the DRBG is ready or in an error state, this means an instantiate cycle
|
||||
+ * for which the default personalisation string is used.
|
||||
+ */
|
||||
+static int disable_crngt(RAND_DRBG *drbg)
|
||||
+{
|
||||
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
|
||||
+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
|
||||
+
|
||||
+ if (drbg->get_entropy != rand_crngt_get_entropy)
|
||||
+ return 1;
|
||||
+
|
||||
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
|
||||
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
|
||||
+ &rand_drbg_cleanup_entropy,
|
||||
+ &rand_drbg_get_nonce,
|
||||
+ &rand_drbg_cleanup_nonce))
|
||||
+ || (instantiate
|
||||
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
|
||||
+ sizeof(pers) - 1)))
|
||||
+ return 0;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static int uninstantiate(RAND_DRBG *drbg)
|
||||
{
|
||||
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
|
||||
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
|
||||
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
|
||||
return 0;
|
||||
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
- kat_nonce, NULL))) {
|
||||
+ kat_nonce, NULL))
|
||||
+ || !TEST_true(disable_crngt(drbg))) {
|
||||
failures++;
|
||||
goto err;
|
||||
}
|
||||
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
|
||||
unsigned int reseed_counter_tmp;
|
||||
int ret = 0;
|
||||
|
||||
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
|
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
|
||||
+ || !TEST_true(disable_crngt(drbg)))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
|
||||
|| !TEST_ptr_eq(private->parent, master))
|
||||
return 0;
|
||||
|
||||
+ /* Disable CRNG testing for the master DRBG */
|
||||
+ if (!TEST_true(disable_crngt(master)))
|
||||
+ return 0;
|
||||
+
|
||||
/* uninstantiate the three global DRBGs */
|
||||
RAND_DRBG_uninstantiate(private);
|
||||
RAND_DRBG_uninstantiate(public);
|
||||
@@ -964,7 +995,8 @@ static int test_rand_seed(void)
|
||||
size_t rand_buflen;
|
||||
size_t required_seed_buflen = 0;
|
||||
|
||||
- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
|
||||
+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
|
||||
+ || !TEST_true(disable_crngt(master)))
|
||||
return 0;
|
||||
|
||||
#ifdef OPENSSL_RAND_SEED_NONE
|
||||
@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * A list of the FIPS DRGB types.
|
||||
+ */
|
||||
+static const struct s_drgb_types {
|
||||
+ int nid;
|
||||
+ int flags;
|
||||
+} drgb_types[] = {
|
||||
+ { NID_aes_128_ctr, 0 },
|
||||
+ { NID_aes_192_ctr, 0 },
|
||||
+ { NID_aes_256_ctr, 0 },
|
||||
+};
|
||||
+
|
||||
+/* Six cases for each covers seed sizes up to 32 bytes */
|
||||
+static const size_t crngt_num_cases = 6;
|
||||
+
|
||||
+static size_t crngt_case, crngt_idx;
|
||||
+
|
||||
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size)
|
||||
+{
|
||||
+ size_t i, z;
|
||||
+
|
||||
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
|
||||
+ return 0;
|
||||
+ /* Generate a block of unique data unless this is the duplication point */
|
||||
+ z = crngt_idx++;
|
||||
+ if (z > 0 && crngt_case == z)
|
||||
+ z--;
|
||||
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
|
||||
+ buf[i] = (unsigned char)(i + 'A' + z);
|
||||
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||
+}
|
||||
+
|
||||
+static int test_crngt(int n)
|
||||
+{
|
||||
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char buff[100];
|
||||
+ size_t ent;
|
||||
+ int res = 0;
|
||||
+ int expect;
|
||||
+
|
||||
+ if (!TEST_true(rand_crngt_single_init()))
|
||||
+ return 0;
|
||||
+ rand_crngt_cleanup();
|
||||
+
|
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
|
||||
+ return 0;
|
||||
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
|
||||
+ crngt_case = n % crngt_num_cases;
|
||||
+ crngt_idx = 0;
|
||||
+ crngt_get_entropy = &crngt_entropy_cb;
|
||||
+ if (!TEST_true(rand_crngt_init()))
|
||||
+ goto err;
|
||||
+#ifndef OPENSSL_FIPS
|
||||
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
|
||||
+ &rand_crngt_cleanup_entropy,
|
||||
+ &rand_drbg_get_nonce,
|
||||
+ &rand_drbg_cleanup_nonce)))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+ expect = crngt_case == 0 || crngt_case > ent;
|
||||
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
|
||||
+ goto err;
|
||||
+ if (!expect)
|
||||
+ goto fin;
|
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||
+ goto err;
|
||||
+
|
||||
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
|
||||
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
|
||||
+ goto err;
|
||||
+ if (!expect)
|
||||
+ goto fin;
|
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||
+ goto err;
|
||||
+
|
||||
+fin:
|
||||
+ res = 1;
|
||||
+err:
|
||||
+ if (!res)
|
||||
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
|
||||
+ crngt_case, crngt_idx);
|
||||
+ uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
|
||||
+ return res;
|
||||
+}
|
||||
+
|
||||
int setup_tests(void)
|
||||
{
|
||||
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
@@ -1025,5 +1146,6 @@ int setup_tests(void)
|
||||
#if defined(OPENSSL_THREADS)
|
||||
ADD_TEST(test_multi_thread);
|
||||
#endif
|
||||
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
|
||||
return 1;
|
||||
}
|
80
openssl-1.1.1-fips-fix-memory-leaks.patch
Normal file
80
openssl-1.1.1-fips-fix-memory-leaks.patch
Normal file
@ -0,0 +1,80 @@
|
||||
---
|
||||
crypto/fips/fips.c | 8 ++++++++
|
||||
crypto/fips/fips_drbg_rand.c | 6 ++++++
|
||||
crypto/init.c | 4 ++++
|
||||
include/crypto/fips_int.h | 1 +
|
||||
include/openssl/fips_rand.h | 1 +
|
||||
5 files changed, 20 insertions(+)
|
||||
|
||||
--- a/crypto/fips/fips.c
|
||||
+++ b/crypto/fips/fips.c
|
||||
@@ -93,6 +93,14 @@ DEFINE_RUN_ONCE_STATIC(do_fips_lock_init
|
||||
return fips_lock != NULL && fips_owning_lock != NULL;
|
||||
}
|
||||
|
||||
+void FIPS_owning_thread_lock_cleanup(void)
|
||||
+{
|
||||
+ CRYPTO_THREAD_lock_free(fips_lock);
|
||||
+ fips_lock = NULL;
|
||||
+ CRYPTO_THREAD_lock_free(fips_owning_lock);
|
||||
+ fips_owning_lock = NULL;
|
||||
+}
|
||||
+
|
||||
# define fips_w_lock() CRYPTO_THREAD_write_lock(fips_lock)
|
||||
# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock)
|
||||
# define fips_r_lock() CRYPTO_THREAD_read_lock(fips_lock)
|
||||
--- a/crypto/fips/fips_drbg_rand.c
|
||||
+++ b/crypto/fips/fips_drbg_rand.c
|
||||
@@ -84,6 +84,12 @@ DRBG_CTX *FIPS_get_default_drbg(void)
|
||||
return &ossl_dctx;
|
||||
}
|
||||
|
||||
+void FIPS_drbg_lock_cleanup(void)
|
||||
+{
|
||||
+ CRYPTO_THREAD_lock_free(fips_rand_lock);
|
||||
+ fips_rand_lock = NULL;
|
||||
+}
|
||||
+
|
||||
static int fips_drbg_bytes(unsigned char *out, int count)
|
||||
{
|
||||
DRBG_CTX *dctx = &ossl_dctx;
|
||||
--- a/crypto/init.c
|
||||
+++ b/crypto/init.c
|
||||
@@ -28,6 +28,8 @@
|
||||
#include "internal/dso.h"
|
||||
#include "crypto/store.h"
|
||||
#include "openssl/fips.h"
|
||||
+#include "openssl/fips_rand.h"
|
||||
+#include "crypto/fips_int.h"
|
||||
|
||||
static int stopped = 0;
|
||||
|
||||
@@ -591,6 +593,8 @@ void OPENSSL_cleanup(void)
|
||||
conf_modules_free_int();
|
||||
#ifdef OPENSSL_FIPS
|
||||
FIPS_entropy_cleanup();
|
||||
+ FIPS_drbg_lock_cleanup();
|
||||
+ FIPS_owning_thread_lock_cleanup();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
engine_cleanup_int();
|
||||
--- a/include/crypto/fips_int.h
|
||||
+++ b/include/crypto/fips_int.h
|
||||
@@ -56,6 +56,7 @@
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
|
||||
+void FIPS_owning_thread_lock_cleanup(void);
|
||||
int FIPS_module_mode_set(int onoff);
|
||||
int FIPS_module_mode(void);
|
||||
int FIPS_module_installed(void);
|
||||
--- a/include/openssl/fips_rand.h
|
||||
+++ b/include/openssl/fips_rand.h
|
||||
@@ -125,6 +125,7 @@ extern "C" {
|
||||
|
||||
DRBG_CTX *FIPS_get_default_drbg(void);
|
||||
const RAND_METHOD *FIPS_drbg_method(void);
|
||||
+ void FIPS_drbg_lock_cleanup(void);
|
||||
|
||||
int FIPS_rand_set_method(const RAND_METHOD *meth);
|
||||
const RAND_METHOD *FIPS_rand_get_method(void);
|
194
openssl-1.1.1-fips-post-rand.patch
Normal file
194
openssl-1.1.1-fips-post-rand.patch
Normal file
@ -0,0 +1,194 @@
|
||||
Index: openssl-1.1.1i/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/crypto/fips/fips.c 2020-12-08 16:46:23.666760618 +0100
|
||||
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-08 16:46:25.626772700 +0100
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "internal/thread_once.h"
|
||||
+# include "crypto/rand.h"
|
||||
|
||||
# ifndef PATH_MAX
|
||||
# define PATH_MAX 1024
|
||||
@@ -76,6 +77,7 @@
|
||||
static int fips_selftest_fail = 0;
|
||||
static int fips_mode = 0;
|
||||
static int fips_started = 0;
|
||||
+static int fips_post = 0;
|
||||
|
||||
static int fips_is_owning_thread(void);
|
||||
static int fips_set_owning_thread(void);
|
||||
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
|
||||
fips_selftest_fail = 1;
|
||||
}
|
||||
|
||||
+int fips_in_post(void)
|
||||
+{
|
||||
+ return fips_post;
|
||||
+}
|
||||
+
|
||||
/* we implement what libfipscheck does ourselves */
|
||||
|
||||
static int
|
||||
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
|
||||
}
|
||||
# endif
|
||||
|
||||
+ fips_post = 1;
|
||||
+
|
||||
if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
|
||||
goto end;
|
||||
}
|
||||
|
||||
+ fips_post = 0;
|
||||
+
|
||||
fips_set_mode(onoff);
|
||||
+ /* force RNG reseed with entropy from getrandom() on next call */
|
||||
+ rand_force_reseed();
|
||||
+
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
Index: openssl-1.1.1i/include/crypto/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/include/crypto/fips_int.h 2020-12-08 16:46:23.666760618 +0100
|
||||
+++ openssl-1.1.1i/include/crypto/fips_int.h 2020-12-08 16:46:25.626772700 +0100
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
|
||||
+int fips_in_post(void);
|
||||
+
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
Index: openssl-1.1.1i/include/crypto/rand.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/include/crypto/rand.h 2020-12-08 16:46:23.670760642 +0100
|
||||
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-08 16:46:25.626772700 +0100
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
void rand_cleanup_int(void);
|
||||
+void rand_force_reseed(void);
|
||||
void rand_drbg_cleanup_int(void);
|
||||
void drbg_delete_thread_state(void);
|
||||
|
||||
Index: openssl-1.1.1i/crypto/rand/drbg_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/crypto/rand/drbg_lib.c 2020-12-08 16:46:23.670760642 +0100
|
||||
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-08 16:46:25.626772700 +0100
|
||||
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
|
||||
+void rand_force_reseed(void)
|
||||
+{
|
||||
+ RAND_DRBG *drbg;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_master();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_private();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_public();
|
||||
+ drbg->fork_id = 0;
|
||||
+}
|
||||
+
|
||||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
Index: openssl-1.1.1i/crypto/rand/rand_unix.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/crypto/rand/rand_unix.c 2020-12-08 16:46:23.670760642 +0100
|
||||
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-08 16:47:33.695192297 +0100
|
||||
@@ -17,10 +17,12 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include "rand_local.h"
|
||||
#include "crypto/rand.h"
|
||||
+#include "crypto/fips_int.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#ifdef __linux
|
||||
# include <sys/syscall.h>
|
||||
+# include <sys/random.h>
|
||||
# ifdef DEVRANDOM_WAIT
|
||||
# include <sys/shm.h>
|
||||
# include <sys/utsname.h>
|
||||
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
-static ssize_t syscall_random(void *buf, size_t buflen)
|
||||
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* Note: Sometimes getentropy() can be provided but not implemented
|
||||
* internally. So we need to check errno for ENOSYS
|
||||
*/
|
||||
+# if 0
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
-
|
||||
+# endif
|
||||
/* Linux supports this since version 3.17 */
|
||||
-# if defined(__linux) && defined(__NR_getrandom)
|
||||
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||
+# if defined(__linux) && defined(SYS_getrandom)
|
||||
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t entropy_available;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
+ int in_post;
|
||||
+
|
||||
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||
{
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
- bytes = syscall_random(buffer, bytes_needed);
|
||||
+ bytes = syscall_random(buffer, bytes_needed, in_post);
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
- if (fd == -1)
|
||||
+ if (fd == -1) {
|
||||
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
|
||||
continue;
|
||||
+ }
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
-
|
||||
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
|
||||
+ }
|
||||
+# endif
|
||||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
11992
openssl-1.1.1-fips.patch
Normal file
11992
openssl-1.1.1-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
5583
openssl-1.1.1-ssh-kdf.patch
Normal file
5583
openssl-1.1.1-ssh-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
312
openssl-1.1.1-system-cipherlist.patch
Normal file
312
openssl-1.1.1-system-cipherlist.patch
Normal file
@ -0,0 +1,312 @@
|
||||
Index: openssl-1.1.1m/Configurations/unix-Makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/Configurations/unix-Makefile.tmpl
|
||||
+++ openssl-1.1.1m/Configurations/unix-Makefile.tmpl
|
||||
@@ -278,6 +278,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
||||
HTMLDIR=$(DOCDIR)/html
|
||||
|
||||
+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
|
||||
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
|
||||
+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
|
||||
+
|
||||
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
|
||||
# appended after the manpage file section number. "ssl" is popular,
|
||||
# resulting in files such as config.5ssl rather than config.5.
|
||||
@@ -301,6 +305,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
|
||||
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
|
||||
CPPFLAGS={- our $cppflags1 = join(" ",
|
||||
(map { "-D".$_} @{$config{CPPDEFINES}}),
|
||||
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
|
||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||
@{$config{CPPFLAGS}}) -}
|
||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||
Index: openssl-1.1.1m/Configure
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/Configure
|
||||
+++ openssl-1.1.1m/Configure
|
||||
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
|
||||
my $orig_death_handler = $SIG{__DIE__};
|
||||
$SIG{__DIE__} = \&death_handler;
|
||||
|
||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
|
||||
# Options:
|
||||
#
|
||||
@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
|
||||
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
||||
# (Default: PREFIX/ssl)
|
||||
#
|
||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
||||
+# cipher is specified (default).
|
||||
+#
|
||||
# --cross-compile-prefix Add specified prefix to binutils components.
|
||||
#
|
||||
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
|
||||
@@ -314,6 +317,7 @@ $config{prefix}="";
|
||||
$config{openssldir}="";
|
||||
$config{processor}="";
|
||||
$config{libdir}="";
|
||||
+$config{system_ciphers_file}="";
|
||||
my $auto_threads=1; # enable threads automatically? true by default
|
||||
my $default_ranlib;
|
||||
|
||||
@@ -844,6 +848,10 @@ while (@argvcopy)
|
||||
push @seed_sources, $x;
|
||||
}
|
||||
}
|
||||
+ elsif (/^--system-ciphers-file=(.*)$/)
|
||||
+ {
|
||||
+ $config{system_ciphers_file}=$1;
|
||||
+ }
|
||||
elsif (/^--cross-compile-prefix=(.*)$/)
|
||||
{
|
||||
$user{CROSS_COMPILE}=$1;
|
||||
@@ -1052,6 +1060,8 @@ if ($target eq "HASH") {
|
||||
exit 0;
|
||||
}
|
||||
|
||||
+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
|
||||
+
|
||||
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
|
||||
print "for $target\n";
|
||||
|
||||
Index: openssl-1.1.1m/doc/man1/ciphers.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/doc/man1/ciphers.pod
|
||||
+++ openssl-1.1.1m/doc/man1/ciphers.pod
|
||||
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
||||
|
||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
||||
|
||||
+=item B<PROFILE=SYSTEM>
|
||||
+
|
||||
+The list of enabled cipher suites will be loaded from the system crypto policy
|
||||
+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
|
||||
+See also L<update-crypto-policies(8)>.
|
||||
+This is the default behavior unless an application explicitly sets a cipher
|
||||
+list. If used in a cipher list configuration value this string must be at the
|
||||
+beginning of the cipher list, otherwise it will not be recognized.
|
||||
+
|
||||
=item B<HIGH>
|
||||
|
||||
"High" encryption cipher suites. This currently means those with key lengths
|
||||
Index: openssl-1.1.1m/include/openssl/ssl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/openssl/ssl.h
|
||||
+++ openssl-1.1.1m/include/openssl/ssl.h
|
||||
@@ -191,6 +191,11 @@ extern "C" {
|
||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
||||
*/
|
||||
+# ifdef SYSTEM_CIPHERS_FILE
|
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
|
||||
+# else
|
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
|
||||
+# endif
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
# define SSL_SENT_SHUTDOWN 1
|
||||
Index: openssl-1.1.1m/ssl/ssl_ciph.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/ssl/ssl_ciph.c
|
||||
+++ openssl-1.1.1m/ssl/ssl_ciph.c
|
||||
@@ -9,6 +9,8 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
+/* for secure_getenv */
|
||||
+#define _GNU_SOURCE
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <openssl/objects.h>
|
||||
@@ -1405,6 +1407,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||
return ret;
|
||||
}
|
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+static char *load_system_str(const char *suffix)
|
||||
+{
|
||||
+ FILE *fp;
|
||||
+ char buf[1024];
|
||||
+ char *new_rules;
|
||||
+ const char *ciphers_path;
|
||||
+ unsigned len, slen;
|
||||
+
|
||||
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
|
||||
+ ciphers_path = SYSTEM_CIPHERS_FILE;
|
||||
+ fp = fopen(ciphers_path, "r");
|
||||
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
|
||||
+ /* cannot open or file is empty */
|
||||
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
|
||||
+ }
|
||||
+
|
||||
+ if (fp)
|
||||
+ fclose(fp);
|
||||
+
|
||||
+ slen = strlen(suffix);
|
||||
+ len = strlen(buf);
|
||||
+
|
||||
+ if (buf[len - 1] == '\n') {
|
||||
+ len--;
|
||||
+ buf[len] = 0;
|
||||
+ }
|
||||
+ if (buf[len - 1] == '\r') {
|
||||
+ len--;
|
||||
+ buf[len] = 0;
|
||||
+ }
|
||||
+
|
||||
+ new_rules = OPENSSL_malloc(len + slen + 1);
|
||||
+ if (new_rules == 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ memcpy(new_rules, buf, len);
|
||||
+ if (slen > 0) {
|
||||
+ memcpy(&new_rules[len], suffix, slen);
|
||||
+ len += slen;
|
||||
+ }
|
||||
+ new_rules[len] = 0;
|
||||
+
|
||||
+ return new_rules;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||
STACK_OF(SSL_CIPHER) **cipher_list,
|
||||
@@ -1418,15 +1467,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
const char *rule_p;
|
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
const SSL_CIPHER **ca_list = NULL;
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+ char *new_rules = NULL;
|
||||
+
|
||||
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
|
||||
+ char *p = rule_str + 14;
|
||||
+
|
||||
+ new_rules = load_system_str(p);
|
||||
+ rule_str = new_rules;
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Return with error if nothing to do.
|
||||
*/
|
||||
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -1449,7 +1508,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
||||
if (co_list == NULL) {
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||
- return NULL; /* Failure */
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
||||
@@ -1515,8 +1574,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* in force within each class
|
||||
*/
|
||||
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
||||
- OPENSSL_free(co_list);
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1561,9 +1619,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
||||
if (ca_list == NULL) {
|
||||
- OPENSSL_free(co_list);
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||
- return NULL; /* Failure */
|
||||
+ goto err;
|
||||
}
|
||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
||||
disabled_mkey, disabled_auth, disabled_enc,
|
||||
@@ -1596,8 +1653,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||
|
||||
if (!ok) { /* Rule processing failure */
|
||||
- OPENSSL_free(co_list);
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1605,10 +1661,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* if we cannot get one.
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||
- OPENSSL_free(co_list);
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+ OPENSSL_free(new_rules); /* Not needed anymore */
|
||||
+#endif
|
||||
+
|
||||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||
@@ -1646,6 +1705,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*cipher_list = cipherstack;
|
||||
|
||||
return cipherstack;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(co_list);
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+ OPENSSL_free(new_rules);
|
||||
+#endif
|
||||
+ return NULL;
|
||||
+
|
||||
}
|
||||
|
||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
Index: openssl-1.1.1m/ssl/ssl_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/ssl/ssl_lib.c
|
||||
+++ openssl-1.1.1m/ssl/ssl_lib.c
|
||||
@@ -667,7 +667,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||
ctx->tls13_ciphersuites,
|
||||
&(ctx->cipher_list),
|
||||
&(ctx->cipher_list_by_id),
|
||||
- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
|
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
|
||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
||||
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
||||
return 0;
|
||||
@@ -3076,7 +3076,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
if (!ssl_create_cipher_list(ret->method,
|
||||
ret->tls13_ciphersuites,
|
||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||
- SSL_DEFAULT_CIPHER_LIST, ret->cert)
|
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|
||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||
goto err2;
|
||||
Index: openssl-1.1.1m/test/cipherlist_test.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/test/cipherlist_test.c
|
||||
+++ openssl-1.1.1m/test/cipherlist_test.c
|
||||
@@ -251,7 +251,9 @@ end:
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
+#ifndef SYSTEM_CIPHERS_FILE
|
||||
ADD_TEST(test_default_cipherlist_implicit);
|
||||
+#endif
|
||||
ADD_TEST(test_default_cipherlist_explicit);
|
||||
ADD_TEST(test_default_cipherlist_clear);
|
||||
return 1;
|
BIN
openssl-1.1.1w.tar.gz
(Stored with Git LFS)
Normal file
BIN
openssl-1.1.1w.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
openssl-1.1.1w.tar.gz.asc
Normal file
16
openssl-1.1.1w.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmT/H2QACgkQ2JTizos9
|
||||
efVL8A//XiYVgTnhAtnBs8W5+8fTJ2WUh+lcG7I+GF1wi1PRMaA9YddmXu70b9VF
|
||||
x5EOcAVo7RsjlQ/VeWUtVuyTjd6eXCzoKRlbAwo9YovEsWcIo5sb6lSzuN17bIJi
|
||||
NOrALx3+TF7SZfuOdd/czohfJfFUX/5mfEmcrkwY67UvIDFgO6E04+S2eFnU9HdC
|
||||
KEF4kK10IObHRfvnAj+nSfUrnq5xtAAIpj2PBg9GFIEIxKBU72vvJYGdJ0HKFN8/
|
||||
352rNVIxGMXlwsAtWY2L09S0kt4iFST4fANM4CkxTnvloimmCtcWJvcst6tTgCMD
|
||||
PKqXJ4hJpElzCVJJJBNQxz+T2dxc97Upvense/lkB6h8bwQgYaZNgk6B8UsSZyE8
|
||||
5v1p1HcOCJBNKc8zW86a3RvGCfxOfjrFz2CC7QPdT84Rv4S/xeCeUqM5b63Ws7pZ
|
||||
3kA5jHUkP0yXsVOjxdMdqlJxqQ1wE2Q459fklLnsoHERrEQtsoaEW0DG6Kgima58
|
||||
YGwY8GxQ/QFLPxYRMjsfaLO54pdSlXa2EZ3nmL6WTY1ScdzN8K+huXz8Ok2lbi7O
|
||||
oPZCVaDl8cpO9Kh8y5Hc8KAqCU72eTgx4kDGmEou9z//bl33fq0s5+PAjaz0XDvZ
|
||||
gdOlsOngaAlvcVF50ZkVERBvfVb41O0uWD8MSk+vvBKQvuecrQ0=
|
||||
=ZcG7
|
||||
-----END PGP SIGNATURE-----
|
File diff suppressed because it is too large
Load Diff
45
openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
Normal file
45
openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
Normal file
@ -0,0 +1,45 @@
|
||||
Index: openssl-1.1.1l/crypto/fips/fips_kdf_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips_kdf_selftest.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips_kdf_selftest.c
|
||||
@@ -63,18 +63,20 @@ int FIPS_selftest_pbkdf2(void)
|
||||
{
|
||||
int ret = 0;
|
||||
EVP_KDF_CTX *kctx;
|
||||
- unsigned char out[32];
|
||||
+ unsigned char out[40];
|
||||
|
||||
if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
|
||||
goto err;
|
||||
}
|
||||
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS,
|
||||
+ "passwordPASSWORDpassword", (size_t)24) <= 0) {
|
||||
goto err;
|
||||
}
|
||||
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
|
||||
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", (size_t)36) <= 0) {
|
||||
goto err;
|
||||
}
|
||||
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096) <= 0) {
|
||||
goto err;
|
||||
}
|
||||
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||
@@ -86,10 +88,11 @@ int FIPS_selftest_pbkdf2(void)
|
||||
|
||||
{
|
||||
const unsigned char expected[sizeof(out)] = {
|
||||
- 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
|
||||
- 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
|
||||
- 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
|
||||
- 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
|
||||
+ 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
|
||||
+ 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
|
||||
+ 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
|
||||
+ 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1,
|
||||
+ 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9
|
||||
};
|
||||
if (memcmp(out, expected, sizeof(expected))) {
|
||||
goto err;
|
38
openssl-1_1-FIPS-fix-error-reason-codes.patch
Normal file
38
openssl-1_1-FIPS-fix-error-reason-codes.patch
Normal file
@ -0,0 +1,38 @@
|
||||
Index: openssl-1.1.1l/crypto/err/err_all.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/err/err_all.c
|
||||
+++ openssl-1.1.1l/crypto/err/err_all.c
|
||||
@@ -38,6 +38,7 @@
|
||||
#include <openssl/asyncerr.h>
|
||||
#include <openssl/kdferr.h>
|
||||
#include <openssl/storeerr.h>
|
||||
+#include <openssl/fips.h>
|
||||
|
||||
int err_load_crypto_strings_int(void)
|
||||
{
|
||||
@@ -92,10 +93,11 @@ int err_load_crypto_strings_int(void)
|
||||
ERR_load_CT_strings() == 0 ||
|
||||
# endif
|
||||
ERR_load_ASYNC_strings() == 0 ||
|
||||
-#endif
|
||||
ERR_load_KDF_strings() == 0 ||
|
||||
- ERR_load_OSSL_STORE_strings() == 0)
|
||||
+ ERR_load_OSSL_STORE_strings() == 0 ||
|
||||
+ ERR_load_FIPS_strings() == 0)
|
||||
return 0;
|
||||
+#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
Index: openssl-1.1.1l/crypto/err/openssl.ec
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/err/openssl.ec
|
||||
+++ openssl-1.1.1l/crypto/err/openssl.ec
|
||||
@@ -34,6 +34,7 @@ L ASYNC include/openssl/async.h
|
||||
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
|
||||
L SM2 include/crypto/sm2.h crypto/sm2/sm2_err.c
|
||||
L OSSL_STORE include/openssl/store.h crypto/store/store_err.c
|
||||
+L FIPS include/crypto/fips_int.h crypto/fips/fips_ers.c
|
||||
|
||||
# additional header files to be scanned for function names
|
||||
L NONE include/openssl/x509_vfy.h NONE
|
182
openssl-1_1-FIPS_drbg-rewire.patch
Normal file
182
openssl-1_1-FIPS_drbg-rewire.patch
Normal file
@ -0,0 +1,182 @@
|
||||
Index: openssl-1.1.1l/crypto/fips/fips_drbg_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips_drbg_lib.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips_drbg_lib.c
|
||||
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
|
||||
int FIPS_drbg_reseed(DRBG_CTX *dctx,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
+ int len = (int)adinlen;
|
||||
+
|
||||
+ if (len < 0 || (size_t)len != adinlen) {
|
||||
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ RAND_seed(adin, len);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
|
||||
+ const unsigned char *adin, size_t adinlen)
|
||||
+{
|
||||
return drbg_reseed(dctx, adin, adinlen, 1);
|
||||
}
|
||||
|
||||
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
|
||||
int prediction_resistance,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
+ int len = (int)outlen;
|
||||
+
|
||||
+ if (len < 0 || (size_t)len != outlen) {
|
||||
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return RAND_bytes(out, len);
|
||||
+}
|
||||
+
|
||||
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
|
||||
+ int prediction_resistance,
|
||||
+ const unsigned char *adin, size_t adinlen)
|
||||
+{
|
||||
int r = 0;
|
||||
|
||||
if (FIPS_selftest_failed()) {
|
||||
Index: openssl-1.1.1l/crypto/fips/fips_drbg_rand.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips_drbg_rand.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips_drbg_rand.c
|
||||
@@ -57,6 +57,8 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/fips.h>
|
||||
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
|
||||
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
|
||||
#include <openssl/fips_rand.h>
|
||||
#include "fips_rand_lcl.h"
|
||||
|
||||
Index: openssl-1.1.1l/crypto/fips/fips_drbg_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips_drbg_selftest.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips_drbg_selftest.c
|
||||
@@ -55,6 +55,8 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/fips.h>
|
||||
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
|
||||
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
|
||||
#include <openssl/fips_rand.h>
|
||||
#include "fips_rand_lcl.h"
|
||||
#include "fips_locl.h"
|
||||
Index: openssl-1.1.1l/crypto/fips/fips_rand_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips_rand_lib.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips_rand_lib.c
|
||||
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
|
||||
|
||||
int FIPS_rand_seed(const void *buf, int num)
|
||||
{
|
||||
+#if 0
|
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
|
||||
return 0;
|
||||
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
|
||||
if (fips_rand_meth && fips_rand_meth->seed)
|
||||
fips_rand_meth->seed(buf, num);
|
||||
return 1;
|
||||
+#else
|
||||
+ RAND_seed(buf, num);
|
||||
+ return 1;
|
||||
+#endif
|
||||
}
|
||||
|
||||
int FIPS_rand_bytes(unsigned char *buf, int num)
|
||||
{
|
||||
+#if 0
|
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
|
||||
return 0;
|
||||
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
|
||||
if (fips_rand_meth && fips_rand_meth->bytes)
|
||||
return fips_rand_meth->bytes(buf, num);
|
||||
return 0;
|
||||
+#else
|
||||
+ return RAND_bytes(buf, num);
|
||||
+#endif
|
||||
}
|
||||
|
||||
int FIPS_rand_status(void)
|
||||
{
|
||||
+#if 0
|
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
|
||||
return 0;
|
||||
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
|
||||
if (fips_rand_meth && fips_rand_meth->status)
|
||||
return fips_rand_meth->status();
|
||||
return 0;
|
||||
+#else
|
||||
+ return RAND_status();
|
||||
+#endif
|
||||
}
|
||||
|
||||
/* Return instantiated strength of PRNG. For DRBG this is an internal
|
||||
Index: openssl-1.1.1l/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/include/openssl/fips.h
|
||||
+++ openssl-1.1.1l/include/openssl/fips.h
|
||||
@@ -64,6 +64,11 @@ extern "C" {
|
||||
|
||||
int FIPS_selftest(void);
|
||||
int FIPS_selftest_failed(void);
|
||||
+
|
||||
+ /*
|
||||
+ * This function is deprecated as it performs selftest of the old FIPS drbg
|
||||
+ * implementation that is not validated.
|
||||
+ */
|
||||
int FIPS_selftest_drbg_all(void);
|
||||
void NONFIPS_selftest_check(void);
|
||||
|
||||
Index: openssl-1.1.1l/include/openssl/fips_rand.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/include/openssl/fips_rand.h
|
||||
+++ openssl-1.1.1l/include/openssl/fips_rand.h
|
||||
@@ -60,6 +60,20 @@
|
||||
# ifdef __cplusplus
|
||||
extern "C" {
|
||||
# endif
|
||||
+
|
||||
+/*
|
||||
+ * IMPORTANT NOTE:
|
||||
+ * All functions in this header file are deprecated and should not be used
|
||||
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
|
||||
+ * anymore.
|
||||
+ * To provide backwards compatibility for applications that need FIPS compliant
|
||||
+ * RNG number generation and use FIPS_drbg_generate, this function was
|
||||
+ * re-wired to call the FIPS validated DRBG instance instead through
|
||||
+ * the RAND_bytes() call.
|
||||
+ *
|
||||
+ * All these functions will be removed in future.
|
||||
+ */
|
||||
+
|
||||
typedef struct drbg_ctx_st DRBG_CTX;
|
||||
/* DRBG external flags */
|
||||
/* Flag for CTR mode only: use derivation function ctr_df */
|
||||
Index: openssl-1.1.1l/crypto/fips/fips_post.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips_post.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips_post.c
|
||||
@@ -72,8 +72,13 @@
|
||||
int FIPS_selftest(void)
|
||||
{
|
||||
int rv = 1;
|
||||
+#if 0
|
||||
+ /* This selftest is deprecated as it uses the old FIPS_drbg
|
||||
+ * implementation that is not FIPS validated.
|
||||
+ */
|
||||
if (!FIPS_selftest_drbg_all())
|
||||
rv = 0;
|
||||
+#endif
|
||||
if (!FIPS_selftest_sha1())
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_sha2())
|
208
openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
Normal file
208
openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
Normal file
@ -0,0 +1,208 @@
|
||||
From 9ab6b64ac856157a31a54c0d12207c2338bfa8e2 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Fri, 9 Sep 2022 14:46:24 +0200
|
||||
Subject: [PATCH] Fix AES-GCM on Power 8 CPUs
|
||||
|
||||
Properly fallback to the default implementation on CPUs
|
||||
missing necessary instructions.
|
||||
|
||||
Fixes #19163
|
||||
|
||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/19182)
|
||||
---
|
||||
crypto/evp/e_aes.c | 146 ++++++++++++++++++++++++++---------------------------
|
||||
1 file changed, 74 insertions(+), 72 deletions(-)
|
||||
|
||||
--- a/crypto/evp/e_aes.c
|
||||
+++ b/crypto/evp/e_aes.c
|
||||
@@ -181,30 +181,16 @@ static void ctr64_inc(unsigned char *cou
|
||||
# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
|
||||
# define AES_GCM_ENC_BYTES 128
|
||||
# define AES_GCM_DEC_BYTES 128
|
||||
-# if PPC_AES_GCM_CAPABLE
|
||||
size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t len, const void *key, unsigned char ivec[16],
|
||||
u64 *Xi);
|
||||
size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t len, const void *key, unsigned char ivec[16],
|
||||
u64 *Xi);
|
||||
-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
|
||||
- size_t len, const void *key,
|
||||
- unsigned char ivec[16], u64 *Xi);
|
||||
-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
|
||||
- size_t len, const void *key,
|
||||
- unsigned char ivec[16], u64 *Xi);
|
||||
-# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
|
||||
-# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
|
||||
-# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
||||
- (gctx)->gcm.ghash==gcm_ghash_p8)
|
||||
+# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
||||
+ (gctx)->gcm.ghash==gcm_ghash_p8)
|
||||
void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
|
||||
|
||||
-extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
||||
-extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
||||
-
|
||||
static inline u32 UTO32(unsigned char *buf)
|
||||
{
|
||||
return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
|
||||
@@ -223,62 +209,6 @@ static inline u32 add32TOU(unsigned char
|
||||
return r;
|
||||
}
|
||||
|
||||
-static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
|
||||
-{
|
||||
- int s = 0;
|
||||
- int ndone = 0;
|
||||
- int ctr_reset = 0;
|
||||
- u64 blocks_unused;
|
||||
- u64 nb = len / 16;
|
||||
- u64 next_ctr = 0;
|
||||
- unsigned char ctr_saved[12];
|
||||
-
|
||||
- memcpy(ctr_saved, ivec, 12);
|
||||
-
|
||||
- while (nb) {
|
||||
- blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12);
|
||||
- if (nb > blocks_unused) {
|
||||
- len = blocks_unused * 16;
|
||||
- nb -= blocks_unused;
|
||||
- next_ctr = blocks_unused;
|
||||
- ctr_reset = 1;
|
||||
- } else {
|
||||
- len = nb * 16;
|
||||
- next_ctr = nb;
|
||||
- nb = 0;
|
||||
- }
|
||||
-
|
||||
- s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi)
|
||||
- : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi);
|
||||
-
|
||||
- /* add counter to ivec */
|
||||
- add32TOU(ivec + 12, (u32) next_ctr);
|
||||
- if (ctr_reset) {
|
||||
- ctr_reset = 0;
|
||||
- in += len;
|
||||
- out += len;
|
||||
- }
|
||||
- memcpy(ivec, ctr_saved, 12);
|
||||
- ndone += s;
|
||||
- }
|
||||
-
|
||||
- return ndone;
|
||||
-}
|
||||
-
|
||||
-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi)
|
||||
-{
|
||||
- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
|
||||
-}
|
||||
-
|
||||
-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi)
|
||||
-{
|
||||
- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
|
||||
-}
|
||||
-
|
||||
-# endif
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_CPUID_OBJ) && ( \
|
||||
@@ -3294,6 +3224,51 @@ static int aes_gcm_tls_cipher(EVP_CIPHER
|
||||
return rv;
|
||||
}
|
||||
|
||||
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
|
||||
+static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
+ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
|
||||
+{
|
||||
+ int s = 0;
|
||||
+ int ndone = 0;
|
||||
+ int ctr_reset = 0;
|
||||
+ u64 blocks_unused;
|
||||
+ u64 nb = len / 16;
|
||||
+ u64 next_ctr = 0;
|
||||
+ unsigned char ctr_saved[12];
|
||||
+
|
||||
+ memcpy(ctr_saved, ivec, 12);
|
||||
+
|
||||
+ while (nb) {
|
||||
+ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12);
|
||||
+ if (nb > blocks_unused) {
|
||||
+ len = blocks_unused * 16;
|
||||
+ nb -= blocks_unused;
|
||||
+ next_ctr = blocks_unused;
|
||||
+ ctr_reset = 1;
|
||||
+ } else {
|
||||
+ len = nb * 16;
|
||||
+ next_ctr = nb;
|
||||
+ nb = 0;
|
||||
+ }
|
||||
+
|
||||
+ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi)
|
||||
+ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi);
|
||||
+
|
||||
+ /* add counter to ivec */
|
||||
+ add32TOU(ivec + 12, (u32) next_ctr);
|
||||
+ if (ctr_reset) {
|
||||
+ ctr_reset = 0;
|
||||
+ in += len;
|
||||
+ out += len;
|
||||
+ }
|
||||
+ memcpy(ivec, ctr_saved, 12);
|
||||
+ ndone += s;
|
||||
+ }
|
||||
+
|
||||
+ return ndone;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
const unsigned char *in, size_t len)
|
||||
{
|
||||
@@ -3325,6 +3300,20 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
|
||||
out + res, len - res,
|
||||
gctx->gcm.key, gctx->gcm.Yi.c,
|
||||
gctx->gcm.Xi.u);
|
||||
+
|
||||
+ gctx->gcm.len.u[1] += bulk;
|
||||
+ bulk += res;
|
||||
+ }
|
||||
+#elif defined(AES_GCM_ASM_PPC) && defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
|
||||
+ if (PPC_AES_GCM_CAPABLE && len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(gctx)) {
|
||||
+ size_t res = (16 - gctx->gcm.mres) % 16;
|
||||
+
|
||||
+ if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
|
||||
+ return -1;
|
||||
+
|
||||
+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
|
||||
+ gctx->gcm.key,
|
||||
+ gctx->gcm.Yi.c, gctx->gcm.Xi.u, 1);
|
||||
gctx->gcm.len.u[1] += bulk;
|
||||
bulk += res;
|
||||
}
|
||||
@@ -3372,6 +3361,19 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
|
||||
gctx->gcm.len.u[1] += bulk;
|
||||
bulk += res;
|
||||
}
|
||||
+#elif defined(AES_GCM_ASM_PPC) && defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
|
||||
+ if (PPC_AES_GCM_CAPABLE && len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(gctx)) {
|
||||
+ size_t res = (16 - gctx->gcm.mres) % 16;
|
||||
+
|
||||
+ if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
|
||||
+ return -1;
|
||||
+
|
||||
+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
|
||||
+ gctx->gcm.key,
|
||||
+ gctx->gcm.Yi.c, gctx->gcm.Xi.u, 0);
|
||||
+ gctx->gcm.len.u[1] += bulk;
|
||||
+ bulk += res;
|
||||
+ }
|
||||
#endif
|
||||
if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
|
||||
in + bulk,
|
@ -0,0 +1,103 @@
|
||||
From 7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa Mon Sep 17 00:00:00 2001
|
||||
From: Danny Tsen <dtsen@us.ibm.com>
|
||||
Date: Wed, 23 Feb 2022 13:18:35 -0600
|
||||
Subject: [PATCH] Fixed conditional statement testing 64 and 256 bytes
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/17760)
|
||||
---
|
||||
crypto/chacha/asm/chachap10-ppc.pl | 68 -------------------------------------
|
||||
1 file changed, 1 insertion(+), 67 deletions(-)
|
||||
|
||||
--- a/crypto/chacha/asm/chachap10-ppc.pl
|
||||
+++ b/crypto/chacha/asm/chachap10-ppc.pl
|
||||
@@ -101,29 +101,6 @@ my ($x00,$x10,$x20,$x30) = (0, map("r$_"
|
||||
|
||||
my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload
|
||||
|
||||
-sub VSX_lane_ROUND_1x {
|
||||
-my $a=@_[0];
|
||||
-my $b=@_[1];
|
||||
-my $c=@_[2];
|
||||
-my $d=@_[3];
|
||||
-my $odd=@_[4];
|
||||
- vadduwm ($a,$a,$b);
|
||||
- vxor ($d,$d,$a);
|
||||
- vrlw ($d,$d,$sixteen);
|
||||
- vadduwm ($c,$c,$d);
|
||||
- vxor ($b,$b,$c);
|
||||
- vrlw ($b,$b,$twelve);
|
||||
- vadduwm ($a,$a,$b);
|
||||
- vxor ($d,$d,$a);
|
||||
- vrlw ($d,$d,$eight);
|
||||
- vadduwm ($c,$c,$d);
|
||||
- vxor ($b,$b,$c);
|
||||
- vrlw ($b,$b,$seven);
|
||||
- xxsldwi ($c,$c,$c,2);
|
||||
- xxsldwi ($b,$b,$b,$odd?3:1);
|
||||
- xxsldwi ($d,$d,$d,$odd?1:3);
|
||||
-}
|
||||
-
|
||||
|
||||
sub VSX_lane_ROUND_4x {
|
||||
my ($a0,$b0,$c0,$d0)=@_;
|
||||
@@ -192,7 +169,7 @@ $code.=<<___;
|
||||
.globl .ChaCha20_ctr32_vsx_p10
|
||||
.align 5
|
||||
.ChaCha20_ctr32_vsx_p10:
|
||||
- ${UCMP}i $len,256
|
||||
+ ${UCMP}i $len,255
|
||||
bgt ChaCha20_ctr32_vsx_8x
|
||||
$STU $sp,-$FRAME($sp)
|
||||
mflr r0
|
||||
@@ -268,49 +245,6 @@ Loop_outer_vsx:
|
||||
vspltisw $eight,8
|
||||
vspltisw $seven,7
|
||||
|
||||
- ${UCMP}i $len,64
|
||||
- bgt Loop_vsx_4x
|
||||
-
|
||||
- vmr $xa0,@K[0]
|
||||
- vmr $xb0,@K[1]
|
||||
- vmr $xc0,@K[2]
|
||||
- vmr $xd0,@K[3]
|
||||
-
|
||||
-Loop_vsx_1x:
|
||||
-___
|
||||
- VSX_lane_ROUND_1x($xa0, $xb0, $xc0,$xd0,0);
|
||||
- VSX_lane_ROUND_1x($xa0, $xb0, $xc0,$xd0,1);
|
||||
-
|
||||
-$code.=<<___;
|
||||
-
|
||||
- bdnz Loop_vsx_1x
|
||||
-
|
||||
- vadduwm $xa0, $xa0, @K[0]
|
||||
- vadduwm $xb0, $xb0, @K[1]
|
||||
- vadduwm $xc0, $xc0, @K[2]
|
||||
- vadduwm $xd0, $xd0, @K[3]
|
||||
- ${UCMP}i $len,0x40
|
||||
- blt Ltail_vsx
|
||||
-
|
||||
- lvx_4w $xt0,$x00, $inp
|
||||
- lvx_4w $xt1,$x10, $inp
|
||||
- lvx_4w $xt2,$x20, $inp
|
||||
- lvx_4w $xt3,$x30, $inp
|
||||
-
|
||||
- vxor $xa0,$xa0,$xt0
|
||||
- vxor $xb0,$xb0,$xt1
|
||||
- vxor $xc0,$xc0,$xt2
|
||||
- vxor $xd0,$xd0,$xt3
|
||||
-
|
||||
- stvx_4w $xa0,$x00,$out
|
||||
- stvx_4w $xb0,$x10,$out
|
||||
- addi $inp,$inp,0x40
|
||||
- stvx_4w $xc0,$x20,$out
|
||||
- subi $len,$len,0x40
|
||||
- stvx_4w $xd0,$x30,$out
|
||||
- addi $out,$out,0x40
|
||||
- beq Ldone_vsx
|
||||
-
|
||||
Loop_vsx_4x:
|
||||
___
|
||||
foreach (&VSX_lane_ROUND_4x(0, 4, 8,12)) { eval; }
|
136
openssl-1_1-Fixed-counter-overflow.patch
Normal file
136
openssl-1_1-Fixed-counter-overflow.patch
Normal file
@ -0,0 +1,136 @@
|
||||
From 345c99b6654b8313c792d54f829943068911ddbd Mon Sep 17 00:00:00 2001
|
||||
From: Danny Tsen <dtsen@us.ibm.com>
|
||||
Date: Thu, 27 Jan 2022 18:49:59 -0600
|
||||
Subject: [PATCH] Fixed counter overflow
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/17607)
|
||||
---
|
||||
crypto/evp/e_aes.c | 101 +++++++++++++++++++++++++++++++++++++---
|
||||
crypto/modes/asm/aes-gcm-ppc.pl | 1
|
||||
2 files changed, 94 insertions(+), 8 deletions(-)
|
||||
|
||||
--- a/crypto/evp/e_aes.c
|
||||
+++ b/crypto/evp/e_aes.c
|
||||
@@ -181,16 +181,103 @@ static void ctr64_inc(unsigned char *cou
|
||||
# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
|
||||
# define AES_GCM_ENC_BYTES 128
|
||||
# define AES_GCM_DEC_BYTES 128
|
||||
-size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
||||
-size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
||||
-void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
|
||||
# if PPC_AES_GCM_CAPABLE
|
||||
-# define AES_gcm_encrypt ppc_aes_gcm_encrypt
|
||||
-# define AES_gcm_decrypt ppc_aes_gcm_decrypt
|
||||
+size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
|
||||
+ size_t len, const void *key, unsigned char ivec[16],
|
||||
+ u64 *Xi);
|
||||
+size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
|
||||
+ size_t len, const void *key, unsigned char ivec[16],
|
||||
+ u64 *Xi);
|
||||
+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
|
||||
+ size_t len, const void *key,
|
||||
+ unsigned char ivec[16], u64 *Xi);
|
||||
+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
|
||||
+ size_t len, const void *key,
|
||||
+ unsigned char ivec[16], u64 *Xi);
|
||||
+# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
|
||||
+# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
|
||||
# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
||||
(gctx)->gcm.ghash==gcm_ghash_p8)
|
||||
+void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
|
||||
+
|
||||
+extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
+ const void *key, unsigned char ivec[16], u64 *Xi);
|
||||
+extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
+ const void *key, unsigned char ivec[16], u64 *Xi);
|
||||
+
|
||||
+static inline u32 UTO32(unsigned char *buf)
|
||||
+{
|
||||
+ return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
|
||||
+}
|
||||
+
|
||||
+static inline u32 add32TOU(unsigned char buf[4], u32 n)
|
||||
+{
|
||||
+ u32 r;
|
||||
+
|
||||
+ r = UTO32(buf);
|
||||
+ r += n;
|
||||
+ buf[0] = (unsigned char) (r >> 24) & 0xFF;
|
||||
+ buf[1] = (unsigned char) (r >> 16) & 0xFF;
|
||||
+ buf[2] = (unsigned char) (r >> 8) & 0xFF;
|
||||
+ buf[3] = (unsigned char) r & 0xFF;
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
||||
+ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
|
||||
+{
|
||||
+ int s = 0;
|
||||
+ int ndone = 0;
|
||||
+ int ctr_reset = 0;
|
||||
+ u64 blocks_unused;
|
||||
+ u64 nb = len / 16;
|
||||
+ u64 next_ctr = 0;
|
||||
+ unsigned char ctr_saved[12];
|
||||
+
|
||||
+ memcpy(ctr_saved, ivec, 12);
|
||||
+
|
||||
+ while (nb) {
|
||||
+ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12);
|
||||
+ if (nb > blocks_unused) {
|
||||
+ len = blocks_unused * 16;
|
||||
+ nb -= blocks_unused;
|
||||
+ next_ctr = blocks_unused;
|
||||
+ ctr_reset = 1;
|
||||
+ } else {
|
||||
+ len = nb * 16;
|
||||
+ next_ctr = nb;
|
||||
+ nb = 0;
|
||||
+ }
|
||||
+
|
||||
+ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi)
|
||||
+ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi);
|
||||
+
|
||||
+ /* add counter to ivec */
|
||||
+ add32TOU(ivec + 12, (u32) next_ctr);
|
||||
+ if (ctr_reset) {
|
||||
+ ctr_reset = 0;
|
||||
+ in += len;
|
||||
+ out += len;
|
||||
+ }
|
||||
+ memcpy(ivec, ctr_saved, 12);
|
||||
+ ndone += s;
|
||||
+ }
|
||||
+
|
||||
+ return ndone;
|
||||
+}
|
||||
+
|
||||
+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
||||
+ const void *key, unsigned char ivec[16], u64 *Xi)
|
||||
+{
|
||||
+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
|
||||
+}
|
||||
+
|
||||
+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
||||
+ const void *key, unsigned char ivec[16], u64 *Xi)
|
||||
+{
|
||||
+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
|
||||
+}
|
||||
+
|
||||
# endif
|
||||
#endif
|
||||
|
||||
--- a/crypto/modes/asm/aes-gcm-ppc.pl
|
||||
+++ b/crypto/modes/asm/aes-gcm-ppc.pl
|
||||
@@ -81,7 +81,6 @@ open STDOUT,"| $^X $xlate $flavour \"$ou
|
||||
|
||||
$code=<<___;
|
||||
.machine "any"
|
||||
-.abiversion 2
|
||||
.text
|
||||
|
||||
# 4x loops
|
7709
openssl-1_1-Optimize-AES-GCM-uarchs.patch
Normal file
7709
openssl-1_1-Optimize-AES-GCM-uarchs.patch
Normal file
File diff suppressed because it is too large
Load Diff
1616
openssl-1_1-Optimize-AES-XTS-aarch64.patch
Normal file
1616
openssl-1_1-Optimize-AES-XTS-aarch64.patch
Normal file
File diff suppressed because it is too large
Load Diff
575
openssl-1_1-Optimize-RSA-armv8.patch
Normal file
575
openssl-1_1-Optimize-RSA-armv8.patch
Normal file
@ -0,0 +1,575 @@
|
||||
From 5ea64b456b1a27ae046f23d632a968a7583bb9eb Mon Sep 17 00:00:00 2001
|
||||
From: "Fangming.Fang" <fangming.fang@arm.com>
|
||||
Date: Tue, 28 Apr 2020 02:33:50 +0000
|
||||
Subject: [PATCH] Read MIDR_EL1 system register on aarch64
|
||||
|
||||
MIDR_EL1 system register exposes microarchitecture information so that
|
||||
people can make micro-arch related optimization such as exposing as
|
||||
much instruction level parallelism as possible.
|
||||
|
||||
MIDR_EL1 register can be read only if HWCAP_CPUID feature is supported.
|
||||
|
||||
Change-Id: Iabb8a36c5d31b184dba6399f378598058d394d4e
|
||||
|
||||
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
||||
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/11744)
|
||||
---
|
||||
crypto/arm64cpuid.pl | 7 +++++++
|
||||
crypto/arm_arch.h | 44 ++++++++++++++++++++++++++++++++++++++++++++
|
||||
crypto/armcap.c | 11 +++++++++++
|
||||
3 files changed, 62 insertions(+)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/arm64cpuid.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/arm64cpuid.pl
|
||||
+++ openssl-1.1.1d/crypto/arm64cpuid.pl
|
||||
@@ -78,6 +78,13 @@ _armv8_sha512_probe:
|
||||
ret
|
||||
.size _armv8_sha512_probe,.-_armv8_sha512_probe
|
||||
|
||||
+.globl _armv8_cpuid_probe
|
||||
+.type _armv8_cpuid_probe,%function
|
||||
+_armv8_cpuid_probe:
|
||||
+ mrs x0, midr_el1
|
||||
+ ret
|
||||
+.size _armv8_cpuid_probe,.-_armv8_cpuid_probe
|
||||
+
|
||||
.globl OPENSSL_cleanse
|
||||
.type OPENSSL_cleanse,%function
|
||||
.align 5
|
||||
Index: openssl-1.1.1d/crypto/arm_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/arm_arch.h
|
||||
+++ openssl-1.1.1d/crypto/arm_arch.h
|
||||
@@ -71,6 +71,7 @@
|
||||
|
||||
# ifndef __ASSEMBLER__
|
||||
extern unsigned int OPENSSL_armcap_P;
|
||||
+extern unsigned int OPENSSL_arm_midr;
|
||||
# endif
|
||||
|
||||
# define ARMV7_NEON (1<<0)
|
||||
@@ -80,5 +81,48 @@ extern unsigned int OPENSSL_armcap_P;
|
||||
# define ARMV8_SHA256 (1<<4)
|
||||
# define ARMV8_PMULL (1<<5)
|
||||
# define ARMV8_SHA512 (1<<6)
|
||||
+# define ARMV8_CPUID (1<<7)
|
||||
|
||||
+/*
|
||||
+ * MIDR_EL1 system register
|
||||
+ *
|
||||
+ * 63___ _ ___32_31___ _ ___24_23_____20_19_____16_15__ _ __4_3_______0
|
||||
+ * | | | | | | |
|
||||
+ * |RES0 | Implementer | Variant | Arch | PartNum |Revision|
|
||||
+ * |____ _ _____|_____ _ _____|_________|_______ _|____ _ ___|________|
|
||||
+ *
|
||||
+ */
|
||||
+
|
||||
+# define ARM_CPU_IMP_ARM 0x41
|
||||
+
|
||||
+# define ARM_CPU_PART_CORTEX_A72 0xD08
|
||||
+# define ARM_CPU_PART_N1 0xD0C
|
||||
+
|
||||
+# define MIDR_PARTNUM_SHIFT 4
|
||||
+# define MIDR_PARTNUM_MASK (0xfff << MIDR_PARTNUM_SHIFT)
|
||||
+# define MIDR_PARTNUM(midr) \
|
||||
+ (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT)
|
||||
+
|
||||
+# define MIDR_IMPLEMENTER_SHIFT 24
|
||||
+# define MIDR_IMPLEMENTER_MASK (0xff << MIDR_IMPLEMENTER_SHIFT)
|
||||
+# define MIDR_IMPLEMENTER(midr) \
|
||||
+ (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT)
|
||||
+
|
||||
+# define MIDR_ARCHITECTURE_SHIFT 16
|
||||
+# define MIDR_ARCHITECTURE_MASK (0xf << MIDR_ARCHITECTURE_SHIFT)
|
||||
+# define MIDR_ARCHITECTURE(midr) \
|
||||
+ (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT)
|
||||
+
|
||||
+# define MIDR_CPU_MODEL_MASK \
|
||||
+ (MIDR_IMPLEMENTER_MASK | \
|
||||
+ MIDR_PARTNUM_MASK | \
|
||||
+ MIDR_ARCHITECTURE_MASK)
|
||||
+
|
||||
+# define MIDR_CPU_MODEL(imp, partnum) \
|
||||
+ (((imp) << MIDR_IMPLEMENTER_SHIFT) | \
|
||||
+ (0xf << MIDR_ARCHITECTURE_SHIFT) | \
|
||||
+ ((partnum) << MIDR_PARTNUM_SHIFT))
|
||||
+
|
||||
+# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \
|
||||
+ (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum))
|
||||
#endif
|
||||
Index: openssl-1.1.1d/crypto/armcap.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/armcap.c
|
||||
+++ openssl-1.1.1d/crypto/armcap.c
|
||||
@@ -18,6 +18,8 @@
|
||||
#include "arm_arch.h"
|
||||
|
||||
unsigned int OPENSSL_armcap_P = 0;
|
||||
+unsigned int OPENSSL_arm_midr = 0;
|
||||
+unsigned int OPENSSL_armv8_rsa_neonized = 0;
|
||||
|
||||
#if __ARM_MAX_ARCH__<7
|
||||
void OPENSSL_cpuid_setup(void)
|
||||
@@ -48,6 +50,7 @@ void _armv8_sha256_probe(void);
|
||||
void _armv8_pmull_probe(void);
|
||||
# ifdef __aarch64__
|
||||
void _armv8_sha512_probe(void);
|
||||
+unsigned int _armv8_cpuid_probe(void);
|
||||
# endif
|
||||
uint32_t _armv7_tick(void);
|
||||
|
||||
@@ -95,6 +98,7 @@ void OPENSSL_cpuid_setup(void) __attribu
|
||||
# define HWCAP_CE_PMULL (1 << 4)
|
||||
# define HWCAP_CE_SHA1 (1 << 5)
|
||||
# define HWCAP_CE_SHA256 (1 << 6)
|
||||
+# define HWCAP_CPUID (1 << 11)
|
||||
# define HWCAP_CE_SHA512 (1 << 21)
|
||||
# endif
|
||||
|
||||
@@ -155,6 +159,9 @@ void OPENSSL_cpuid_setup(void)
|
||||
# ifdef __aarch64__
|
||||
if (hwcap & HWCAP_CE_SHA512)
|
||||
OPENSSL_armcap_P |= ARMV8_SHA512;
|
||||
+
|
||||
+ if (hwcap & HWCAP_CPUID)
|
||||
+ OPENSSL_armcap_P |= ARMV8_CPUID;
|
||||
# endif
|
||||
}
|
||||
# endif
|
||||
@@ -210,5 +217,16 @@ void OPENSSL_cpuid_setup(void)
|
||||
|
||||
sigaction(SIGILL, &ill_oact, NULL);
|
||||
sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
+
|
||||
+# ifdef __aarch64__
|
||||
+ if (OPENSSL_armcap_P & ARMV8_CPUID)
|
||||
+ OPENSSL_arm_midr = _armv8_cpuid_probe();
|
||||
+
|
||||
+ if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) ||
|
||||
+ MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)) &&
|
||||
+ (OPENSSL_armcap_P & ARMV7_NEON)) {
|
||||
+ OPENSSL_armv8_rsa_neonized = 1;
|
||||
+ }
|
||||
+# endif
|
||||
}
|
||||
#endif
|
||||
Index: openssl-1.1.1d/crypto/bn/asm/armv8-mont.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/bn/asm/armv8-mont.pl
|
||||
+++ openssl-1.1.1d/crypto/bn/asm/armv8-mont.pl
|
||||
@@ -64,16 +64,34 @@ $n0="x4"; # const BN_ULONG *n0,
|
||||
$num="x5"; # int num);
|
||||
|
||||
$code.=<<___;
|
||||
+#ifndef __KERNEL__
|
||||
+# include "arm_arch.h"
|
||||
+.extern OPENSSL_armv8_rsa_neonized
|
||||
+.hidden OPENSSL_armv8_rsa_neonized
|
||||
+#endif
|
||||
.text
|
||||
|
||||
.globl bn_mul_mont
|
||||
.type bn_mul_mont,%function
|
||||
.align 5
|
||||
bn_mul_mont:
|
||||
+.Lbn_mul_mont:
|
||||
+ tst $num,#3
|
||||
+ b.ne .Lmul_mont
|
||||
+ cmp $num,#32
|
||||
+ b.le .Lscalar_impl
|
||||
+#ifndef __KERNEL__
|
||||
+ adrp x17,OPENSSL_armv8_rsa_neonized
|
||||
+ ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
|
||||
+ cbnz w17, bn_mul8x_mont_neon
|
||||
+#endif
|
||||
+
|
||||
+.Lscalar_impl:
|
||||
tst $num,#7
|
||||
b.eq __bn_sqr8x_mont
|
||||
tst $num,#3
|
||||
b.eq __bn_mul4x_mont
|
||||
+
|
||||
.Lmul_mont:
|
||||
stp x29,x30,[sp,#-64]!
|
||||
add x29,sp,#0
|
||||
@@ -271,6 +289,369 @@ bn_mul_mont:
|
||||
.size bn_mul_mont,.-bn_mul_mont
|
||||
___
|
||||
{
|
||||
+my ($A0,$A1,$N0,$N1)=map("v$_",(0..3));
|
||||
+my ($Z,$Temp)=("v4.16b","v5");
|
||||
+my @ACC=map("v$_",(6..13));
|
||||
+my ($Bi,$Ni,$M0)=map("v$_",(28..30));
|
||||
+my $sBi="s28";
|
||||
+my $sM0="s30";
|
||||
+my $zero="v14";
|
||||
+my $temp="v15";
|
||||
+my $ACCTemp="v16";
|
||||
+
|
||||
+my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("x$_",(0..5));
|
||||
+my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("x$_",(6..11));
|
||||
+
|
||||
+$code.=<<___;
|
||||
+.type bn_mul8x_mont_neon,%function
|
||||
+.align 5
|
||||
+bn_mul8x_mont_neon:
|
||||
+ stp x29,x30,[sp,#-80]!
|
||||
+ mov x16,sp
|
||||
+ stp d8,d9,[sp,#16]
|
||||
+ stp d10,d11,[sp,#32]
|
||||
+ stp d12,d13,[sp,#48]
|
||||
+ stp d14,d15,[sp,#64]
|
||||
+ lsl $num,$num,#1
|
||||
+ eor $zero.16b,$zero.16b,$zero.16b
|
||||
+
|
||||
+.align 4
|
||||
+.LNEON_8n:
|
||||
+ eor @ACC[0].16b,@ACC[0].16b,@ACC[0].16b
|
||||
+ sub $toutptr,sp,#128
|
||||
+ eor @ACC[1].16b,@ACC[1].16b,@ACC[1].16b
|
||||
+ sub $toutptr,$toutptr,$num,lsl#4
|
||||
+ eor @ACC[2].16b,@ACC[2].16b,@ACC[2].16b
|
||||
+ and $toutptr,$toutptr,#-64
|
||||
+ eor @ACC[3].16b,@ACC[3].16b,@ACC[3].16b
|
||||
+ mov sp,$toutptr // alloca
|
||||
+ eor @ACC[4].16b,@ACC[4].16b,@ACC[4].16b
|
||||
+ add $toutptr,$toutptr,#256
|
||||
+ eor @ACC[5].16b,@ACC[5].16b,@ACC[5].16b
|
||||
+ sub $inner,$num,#8
|
||||
+ eor @ACC[6].16b,@ACC[6].16b,@ACC[6].16b
|
||||
+ eor @ACC[7].16b,@ACC[7].16b,@ACC[7].16b
|
||||
+
|
||||
+.LNEON_8n_init:
|
||||
+ st1 {@ACC[0].2d,@ACC[1].2d},[$toutptr],#32
|
||||
+ subs $inner,$inner,#8
|
||||
+ st1 {@ACC[2].2d,@ACC[3].2d},[$toutptr],#32
|
||||
+ st1 {@ACC[4].2d,@ACC[5].2d},[$toutptr],#32
|
||||
+ st1 {@ACC[6].2d,@ACC[7].2d},[$toutptr],#32
|
||||
+ bne .LNEON_8n_init
|
||||
+
|
||||
+ add $tinptr,sp,#256
|
||||
+ ld1 {$A0.4s,$A1.4s},[$aptr],#32
|
||||
+ add $bnptr,sp,#8
|
||||
+ ldr $sM0,[$n0],#4
|
||||
+ mov $outer,$num
|
||||
+ b .LNEON_8n_outer
|
||||
+
|
||||
+.align 4
|
||||
+.LNEON_8n_outer:
|
||||
+ ldr $sBi,[$bptr],#4 // *b++
|
||||
+ uxtl $Bi.4s,$Bi.4h
|
||||
+ add $toutptr,sp,#128
|
||||
+ ld1 {$N0.4s,$N1.4s},[$nptr],#32
|
||||
+
|
||||
+ umlal @ACC[0].2d,$Bi.2s,$A0.s[0]
|
||||
+ umlal @ACC[1].2d,$Bi.2s,$A0.s[1]
|
||||
+ umlal @ACC[2].2d,$Bi.2s,$A0.s[2]
|
||||
+ shl $Ni.2d,@ACC[0].2d,#16
|
||||
+ ext $Ni.16b,$Ni.16b,$Ni.16b,#8
|
||||
+ umlal @ACC[3].2d,$Bi.2s,$A0.s[3]
|
||||
+ add $Ni.2d,$Ni.2d,@ACC[0].2d
|
||||
+ umlal @ACC[4].2d,$Bi.2s,$A1.s[0]
|
||||
+ mul $Ni.2s,$Ni.2s,$M0.2s
|
||||
+ umlal @ACC[5].2d,$Bi.2s,$A1.s[1]
|
||||
+ st1 {$Bi.2s},[sp] // put aside smashed b[8*i+0]
|
||||
+ umlal @ACC[6].2d,$Bi.2s,$A1.s[2]
|
||||
+ uxtl $Ni.4s,$Ni.4h
|
||||
+ umlal @ACC[7].2d,$Bi.2s,$A1.s[3]
|
||||
+___
|
||||
+for ($i=0; $i<7;) {
|
||||
+$code.=<<___;
|
||||
+ ldr $sBi,[$bptr],#4 // *b++
|
||||
+ umlal @ACC[0].2d,$Ni.2s,$N0.s[0]
|
||||
+ umlal @ACC[1].2d,$Ni.2s,$N0.s[1]
|
||||
+ uxtl $Bi.4s,$Bi.4h
|
||||
+ umlal @ACC[2].2d,$Ni.2s,$N0.s[2]
|
||||
+ ushr $temp.2d,@ACC[0].2d,#16
|
||||
+ umlal @ACC[3].2d,$Ni.2s,$N0.s[3]
|
||||
+ umlal @ACC[4].2d,$Ni.2s,$N1.s[0]
|
||||
+ ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8
|
||||
+ add @ACC[0].2d,@ACC[0].2d,$temp.2d
|
||||
+ umlal @ACC[5].2d,$Ni.2s,$N1.s[1]
|
||||
+ ushr @ACC[0].2d,@ACC[0].2d,#16
|
||||
+ umlal @ACC[6].2d,$Ni.2s,$N1.s[2]
|
||||
+ umlal @ACC[7].2d,$Ni.2s,$N1.s[3]
|
||||
+ add $ACCTemp.2d,@ACC[1].2d,@ACC[0].2d
|
||||
+ ins @ACC[1].d[0],$ACCTemp.d[0]
|
||||
+ st1 {$Ni.2s},[$bnptr],#8 // put aside smashed m[8*i+$i]
|
||||
+___
|
||||
+ push(@ACC,shift(@ACC)); $i++;
|
||||
+$code.=<<___;
|
||||
+ umlal @ACC[0].2d,$Bi.2s,$A0.s[0]
|
||||
+ ld1 {@ACC[7].2d},[$tinptr],#16
|
||||
+ umlal @ACC[1].2d,$Bi.2s,$A0.s[1]
|
||||
+ umlal @ACC[2].2d,$Bi.2s,$A0.s[2]
|
||||
+ shl $Ni.2d,@ACC[0].2d,#16
|
||||
+ ext $Ni.16b,$Ni.16b,$Ni.16b,#8
|
||||
+ umlal @ACC[3].2d,$Bi.2s,$A0.s[3]
|
||||
+ add $Ni.2d,$Ni.2d,@ACC[0].2d
|
||||
+ umlal @ACC[4].2d,$Bi.2s,$A1.s[0]
|
||||
+ mul $Ni.2s,$Ni.2s,$M0.2s
|
||||
+ umlal @ACC[5].2d,$Bi.2s,$A1.s[1]
|
||||
+ st1 {$Bi.2s},[$bnptr],#8 // put aside smashed b[8*i+$i]
|
||||
+ umlal @ACC[6].2d,$Bi.2s,$A1.s[2]
|
||||
+ uxtl $Ni.4s,$Ni.4h
|
||||
+ umlal @ACC[7].2d,$Bi.2s,$A1.s[3]
|
||||
+___
|
||||
+}
|
||||
+$code.=<<___;
|
||||
+ ld1 {$Bi.2s},[sp] // pull smashed b[8*i+0]
|
||||
+ umlal @ACC[0].2d,$Ni.2s,$N0.s[0]
|
||||
+ ld1 {$A0.4s,$A1.4s},[$aptr],#32
|
||||
+ umlal @ACC[1].2d,$Ni.2s,$N0.s[1]
|
||||
+ umlal @ACC[2].2d,$Ni.2s,$N0.s[2]
|
||||
+ mov $Temp.16b,@ACC[0].16b
|
||||
+ ushr $Temp.2d,$Temp.2d,#16
|
||||
+ ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8
|
||||
+ umlal @ACC[3].2d,$Ni.2s,$N0.s[3]
|
||||
+ umlal @ACC[4].2d,$Ni.2s,$N1.s[0]
|
||||
+ add @ACC[0].2d,@ACC[0].2d,$Temp.2d
|
||||
+ umlal @ACC[5].2d,$Ni.2s,$N1.s[1]
|
||||
+ ushr @ACC[0].2d,@ACC[0].2d,#16
|
||||
+ eor $temp.16b,$temp.16b,$temp.16b
|
||||
+ ins @ACC[0].d[1],$temp.d[0]
|
||||
+ umlal @ACC[6].2d,$Ni.2s,$N1.s[2]
|
||||
+ umlal @ACC[7].2d,$Ni.2s,$N1.s[3]
|
||||
+ add @ACC[1].2d,@ACC[1].2d,@ACC[0].2d
|
||||
+ st1 {$Ni.2s},[$bnptr],#8 // put aside smashed m[8*i+$i]
|
||||
+ add $bnptr,sp,#8 // rewind
|
||||
+___
|
||||
+ push(@ACC,shift(@ACC));
|
||||
+$code.=<<___;
|
||||
+ sub $inner,$num,#8
|
||||
+ b .LNEON_8n_inner
|
||||
+
|
||||
+.align 4
|
||||
+.LNEON_8n_inner:
|
||||
+ subs $inner,$inner,#8
|
||||
+ umlal @ACC[0].2d,$Bi.2s,$A0.s[0]
|
||||
+ ld1 {@ACC[7].2d},[$tinptr]
|
||||
+ umlal @ACC[1].2d,$Bi.2s,$A0.s[1]
|
||||
+ ld1 {$Ni.2s},[$bnptr],#8 // pull smashed m[8*i+0]
|
||||
+ umlal @ACC[2].2d,$Bi.2s,$A0.s[2]
|
||||
+ ld1 {$N0.4s,$N1.4s},[$nptr],#32
|
||||
+ umlal @ACC[3].2d,$Bi.2s,$A0.s[3]
|
||||
+ b.eq .LInner_jump
|
||||
+ add $tinptr,$tinptr,#16 // don't advance in last iteration
|
||||
+.LInner_jump:
|
||||
+ umlal @ACC[4].2d,$Bi.2s,$A1.s[0]
|
||||
+ umlal @ACC[5].2d,$Bi.2s,$A1.s[1]
|
||||
+ umlal @ACC[6].2d,$Bi.2s,$A1.s[2]
|
||||
+ umlal @ACC[7].2d,$Bi.2s,$A1.s[3]
|
||||
+___
|
||||
+for ($i=1; $i<8; $i++) {
|
||||
+$code.=<<___;
|
||||
+ ld1 {$Bi.2s},[$bnptr],#8 // pull smashed b[8*i+$i]
|
||||
+ umlal @ACC[0].2d,$Ni.2s,$N0.s[0]
|
||||
+ umlal @ACC[1].2d,$Ni.2s,$N0.s[1]
|
||||
+ umlal @ACC[2].2d,$Ni.2s,$N0.s[2]
|
||||
+ umlal @ACC[3].2d,$Ni.2s,$N0.s[3]
|
||||
+ umlal @ACC[4].2d,$Ni.2s,$N1.s[0]
|
||||
+ umlal @ACC[5].2d,$Ni.2s,$N1.s[1]
|
||||
+ umlal @ACC[6].2d,$Ni.2s,$N1.s[2]
|
||||
+ umlal @ACC[7].2d,$Ni.2s,$N1.s[3]
|
||||
+ st1 {@ACC[0].2d},[$toutptr],#16
|
||||
+___
|
||||
+ push(@ACC,shift(@ACC));
|
||||
+$code.=<<___;
|
||||
+ umlal @ACC[0].2d,$Bi.2s,$A0.s[0]
|
||||
+ ld1 {@ACC[7].2d},[$tinptr]
|
||||
+ umlal @ACC[1].2d,$Bi.2s,$A0.s[1]
|
||||
+ ld1 {$Ni.2s},[$bnptr],#8 // pull smashed m[8*i+$i]
|
||||
+ umlal @ACC[2].2d,$Bi.2s,$A0.s[2]
|
||||
+ b.eq .LInner_jump$i
|
||||
+ add $tinptr,$tinptr,#16 // don't advance in last iteration
|
||||
+.LInner_jump$i:
|
||||
+ umlal @ACC[3].2d,$Bi.2s,$A0.s[3]
|
||||
+ umlal @ACC[4].2d,$Bi.2s,$A1.s[0]
|
||||
+ umlal @ACC[5].2d,$Bi.2s,$A1.s[1]
|
||||
+ umlal @ACC[6].2d,$Bi.2s,$A1.s[2]
|
||||
+ umlal @ACC[7].2d,$Bi.2s,$A1.s[3]
|
||||
+___
|
||||
+}
|
||||
+$code.=<<___;
|
||||
+ b.ne .LInner_after_rewind$i
|
||||
+ sub $aptr,$aptr,$num,lsl#2 // rewind
|
||||
+.LInner_after_rewind$i:
|
||||
+ umlal @ACC[0].2d,$Ni.2s,$N0.s[0]
|
||||
+ ld1 {$Bi.2s},[sp] // pull smashed b[8*i+0]
|
||||
+ umlal @ACC[1].2d,$Ni.2s,$N0.s[1]
|
||||
+ ld1 {$A0.4s,$A1.4s},[$aptr],#32
|
||||
+ umlal @ACC[2].2d,$Ni.2s,$N0.s[2]
|
||||
+ add $bnptr,sp,#8 // rewind
|
||||
+ umlal @ACC[3].2d,$Ni.2s,$N0.s[3]
|
||||
+ umlal @ACC[4].2d,$Ni.2s,$N1.s[0]
|
||||
+ umlal @ACC[5].2d,$Ni.2s,$N1.s[1]
|
||||
+ umlal @ACC[6].2d,$Ni.2s,$N1.s[2]
|
||||
+ st1 {@ACC[0].2d},[$toutptr],#16
|
||||
+ umlal @ACC[7].2d,$Ni.2s,$N1.s[3]
|
||||
+
|
||||
+ bne .LNEON_8n_inner
|
||||
+___
|
||||
+ push(@ACC,shift(@ACC));
|
||||
+$code.=<<___;
|
||||
+ add $tinptr,sp,#128
|
||||
+ st1 {@ACC[0].2d,@ACC[1].2d},[$toutptr],#32
|
||||
+ eor $N0.16b,$N0.16b,$N0.16b // $N0
|
||||
+ st1 {@ACC[2].2d,@ACC[3].2d},[$toutptr],#32
|
||||
+ eor $N1.16b,$N1.16b,$N1.16b // $N1
|
||||
+ st1 {@ACC[4].2d,@ACC[5].2d},[$toutptr],#32
|
||||
+ st1 {@ACC[6].2d},[$toutptr]
|
||||
+
|
||||
+ subs $outer,$outer,#8
|
||||
+ ld1 {@ACC[0].2d,@ACC[1].2d},[$tinptr],#32
|
||||
+ ld1 {@ACC[2].2d,@ACC[3].2d},[$tinptr],#32
|
||||
+ ld1 {@ACC[4].2d,@ACC[5].2d},[$tinptr],#32
|
||||
+ ld1 {@ACC[6].2d,@ACC[7].2d},[$tinptr],#32
|
||||
+
|
||||
+ b.eq .LInner_8n_jump_2steps
|
||||
+ sub $nptr,$nptr,$num,lsl#2 // rewind
|
||||
+ b .LNEON_8n_outer
|
||||
+
|
||||
+.LInner_8n_jump_2steps:
|
||||
+ add $toutptr,sp,#128
|
||||
+ st1 {$N0.2d,$N1.2d}, [sp],#32 // start wiping stack frame
|
||||
+ mov $Temp.16b,@ACC[0].16b
|
||||
+ ushr $temp.2d,@ACC[0].2d,#16
|
||||
+ ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8
|
||||
+ st1 {$N0.2d,$N1.2d}, [sp],#32
|
||||
+ add @ACC[0].2d,@ACC[0].2d,$temp.2d
|
||||
+ st1 {$N0.2d,$N1.2d}, [sp],#32
|
||||
+ ushr $temp.2d,@ACC[0].2d,#16
|
||||
+ st1 {$N0.2d,$N1.2d}, [sp],#32
|
||||
+ zip1 @ACC[0].4h,$Temp.4h,@ACC[0].4h
|
||||
+ ins $temp.d[1],$zero.d[0]
|
||||
+
|
||||
+ mov $inner,$num
|
||||
+ b .LNEON_tail_entry
|
||||
+
|
||||
+.align 4
|
||||
+.LNEON_tail:
|
||||
+ add @ACC[0].2d,@ACC[0].2d,$temp.2d
|
||||
+ mov $Temp.16b,@ACC[0].16b
|
||||
+ ushr $temp.2d,@ACC[0].2d,#16
|
||||
+ ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8
|
||||
+ ld1 {@ACC[2].2d,@ACC[3].2d}, [$tinptr],#32
|
||||
+ add @ACC[0].2d,@ACC[0].2d,$temp.2d
|
||||
+ ld1 {@ACC[4].2d,@ACC[5].2d}, [$tinptr],#32
|
||||
+ ushr $temp.2d,@ACC[0].2d,#16
|
||||
+ ld1 {@ACC[6].2d,@ACC[7].2d}, [$tinptr],#32
|
||||
+ zip1 @ACC[0].4h,$Temp.4h,@ACC[0].4h
|
||||
+ ins $temp.d[1],$zero.d[0]
|
||||
+
|
||||
+.LNEON_tail_entry:
|
||||
+___
|
||||
+for ($i=1; $i<8; $i++) {
|
||||
+$code.=<<___;
|
||||
+ add @ACC[1].2d,@ACC[1].2d,$temp.2d
|
||||
+ st1 {@ACC[0].s}[0], [$toutptr],#4
|
||||
+ ushr $temp.2d,@ACC[1].2d,#16
|
||||
+ mov $Temp.16b,@ACC[1].16b
|
||||
+ ext @ACC[1].16b,@ACC[1].16b,@ACC[1].16b,#8
|
||||
+ add @ACC[1].2d,@ACC[1].2d,$temp.2d
|
||||
+ ushr $temp.2d,@ACC[1].2d,#16
|
||||
+ zip1 @ACC[1].4h,$Temp.4h,@ACC[1].4h
|
||||
+ ins $temp.d[1],$zero.d[0]
|
||||
+___
|
||||
+ push(@ACC,shift(@ACC));
|
||||
+}
|
||||
+ push(@ACC,shift(@ACC));
|
||||
+$code.=<<___;
|
||||
+ ld1 {@ACC[0].2d,@ACC[1].2d}, [$tinptr],#32
|
||||
+ subs $inner,$inner,#8
|
||||
+ st1 {@ACC[7].s}[0], [$toutptr],#4
|
||||
+ bne .LNEON_tail
|
||||
+
|
||||
+ st1 {$temp.s}[0], [$toutptr],#4 // top-most bit
|
||||
+ sub $nptr,$nptr,$num,lsl#2 // rewind $nptr
|
||||
+ subs $aptr,sp,#0 // clear carry flag
|
||||
+ add $bptr,sp,$num,lsl#2
|
||||
+
|
||||
+.LNEON_sub:
|
||||
+ ldp w4,w5,[$aptr],#8
|
||||
+ ldp w6,w7,[$aptr],#8
|
||||
+ ldp w8,w9,[$nptr],#8
|
||||
+ ldp w10,w11,[$nptr],#8
|
||||
+ sbcs w8,w4,w8
|
||||
+ sbcs w9,w5,w9
|
||||
+ sbcs w10,w6,w10
|
||||
+ sbcs w11,w7,w11
|
||||
+ sub x17,$bptr,$aptr
|
||||
+ stp w8,w9,[$rptr],#8
|
||||
+ stp w10,w11,[$rptr],#8
|
||||
+ cbnz x17,.LNEON_sub
|
||||
+
|
||||
+ ldr w10, [$aptr] // load top-most bit
|
||||
+ mov x11,sp
|
||||
+ eor v0.16b,v0.16b,v0.16b
|
||||
+ sub x11,$bptr,x11 // this is num*4
|
||||
+ eor v1.16b,v1.16b,v1.16b
|
||||
+ mov $aptr,sp
|
||||
+ sub $rptr,$rptr,x11 // rewind $rptr
|
||||
+ mov $nptr,$bptr // second 3/4th of frame
|
||||
+ sbcs w10,w10,wzr // result is carry flag
|
||||
+
|
||||
+.LNEON_copy_n_zap:
|
||||
+ ldp w4,w5,[$aptr],#8
|
||||
+ ldp w6,w7,[$aptr],#8
|
||||
+ ldp w8,w9,[$rptr],#8
|
||||
+ ldp w10,w11,[$rptr]
|
||||
+ sub $rptr,$rptr,#8
|
||||
+ b.cs .LCopy_1
|
||||
+ mov w8,w4
|
||||
+ mov w9,w5
|
||||
+ mov w10,w6
|
||||
+ mov w11,w7
|
||||
+.LCopy_1:
|
||||
+ st1 {v0.2d,v1.2d}, [$nptr],#32 // wipe
|
||||
+ st1 {v0.2d,v1.2d}, [$nptr],#32 // wipe
|
||||
+ ldp w4,w5,[$aptr],#8
|
||||
+ ldp w6,w7,[$aptr],#8
|
||||
+ stp w8,w9,[$rptr],#8
|
||||
+ stp w10,w11,[$rptr],#8
|
||||
+ sub $aptr,$aptr,#32
|
||||
+ ldp w8,w9,[$rptr],#8
|
||||
+ ldp w10,w11,[$rptr]
|
||||
+ sub $rptr,$rptr,#8
|
||||
+ b.cs .LCopy_2
|
||||
+ mov w8, w4
|
||||
+ mov w9, w5
|
||||
+ mov w10, w6
|
||||
+ mov w11, w7
|
||||
+.LCopy_2:
|
||||
+ st1 {v0.2d,v1.2d}, [$aptr],#32 // wipe
|
||||
+ st1 {v0.2d,v1.2d}, [$nptr],#32 // wipe
|
||||
+ sub x17,$bptr,$aptr // preserves carry
|
||||
+ stp w8,w9,[$rptr],#8
|
||||
+ stp w10,w11,[$rptr],#8
|
||||
+ cbnz x17,.LNEON_copy_n_zap
|
||||
+
|
||||
+ mov sp,x16
|
||||
+ ldp d14,d15,[sp,#64]
|
||||
+ ldp d12,d13,[sp,#48]
|
||||
+ ldp d10,d11,[sp,#32]
|
||||
+ ldp d8,d9,[sp,#16]
|
||||
+ ldr x29,[sp],#80
|
||||
+ ret // bx lr
|
||||
+
|
||||
+.size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
|
||||
+___
|
||||
+}
|
||||
+{
|
||||
########################################################################
|
||||
# Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module.
|
||||
|
||||
Index: openssl-1.1.1d/crypto/bn/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/bn/build.info
|
||||
+++ openssl-1.1.1d/crypto/bn/build.info
|
||||
@@ -65,3 +65,4 @@ INCLUDE[armv4-mont.o]=..
|
||||
GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[armv4-gf2m.o]=..
|
||||
GENERATE[armv8-mont.S]=asm/armv8-mont.pl $(PERLASM_SCHEME)
|
||||
+INCLUDE[armv8-mont.o]=..
|
2308
openssl-1_1-Optimize-ppc64.patch
Normal file
2308
openssl-1_1-Optimize-ppc64.patch
Normal file
File diff suppressed because it is too large
Load Diff
25
openssl-1_1-Zeroization.patch
Normal file
25
openssl-1_1-Zeroization.patch
Normal file
@ -0,0 +1,25 @@
|
||||
--- openssl-1.1.1l/crypto/fips/fips.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips.c
|
||||
@@ -350,6 +350,10 @@ static int FIPSCHECK_verify(const char *
|
||||
if (strcmp(hex, hmac) != 0) {
|
||||
rv = -1;
|
||||
}
|
||||
+ if (hmaclen != 0) {
|
||||
+ OPENSSL_cleanse(buf, hmaclen);
|
||||
+ OPENSSL_cleanse(hex, hmaclen * 2 + 1);
|
||||
+ }
|
||||
free(buf);
|
||||
free(hex);
|
||||
} else {
|
||||
@@ -357,7 +360,11 @@ static int FIPSCHECK_verify(const char *
|
||||
}
|
||||
|
||||
end:
|
||||
+ if (n != 0)
|
||||
+ OPENSSL_cleanse(hmac, n);
|
||||
free(hmac);
|
||||
+ if (strlen(hmacpath) != 0)
|
||||
+ OPENSSL_cleanse(hmacpath, strlen(hmacpath));
|
||||
free(hmacpath);
|
||||
fclose(hf);
|
||||
|
File diff suppressed because it is too large
Load Diff
13
openssl-1_1-disable-test_srp-sslapi.patch
Normal file
13
openssl-1_1-disable-test_srp-sslapi.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: openssl-1.1.1i/test/sslapitest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/test/sslapitest.c
|
||||
+++ openssl-1.1.1i/test/sslapitest.c
|
||||
@@ -6766,7 +6766,7 @@ int setup_tests(void)
|
||||
#endif
|
||||
ADD_ALL_TESTS(test_ssl_clear, 2);
|
||||
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
|
||||
-#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
|
||||
+#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) && 0
|
||||
ADD_ALL_TESTS(test_srp, 6);
|
||||
#endif
|
||||
ADD_ALL_TESTS(test_info_callback, 6);
|
@ -0,0 +1,23 @@
|
||||
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
|
||||
index cbbfab1..7576de8 100644
|
||||
--- a/include/openssl/opensslv.h
|
||||
+++ b/include/openssl/opensslv.h
|
||||
@@ -14,6 +14,9 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
+#define SUSE_OPENSSL_STRING_PARAM_FUNCA(x) #x
|
||||
+#define SUSE_OPENSSL_STRING_PARAM_FUNCB(x) SUSE_OPENSSL_STRING_PARAM_FUNCA(x)
|
||||
+
|
||||
/*-
|
||||
* Numeric release version identifier:
|
||||
* MNNFFPPS: major minor fix patch status
|
||||
@@ -40,7 +43,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010117fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023 SUSE release " SUSE_OPENSSL_STRING_PARAM_FUNCB(SUSE_OPENSSL_RELEASE)
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
46
openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
Normal file
46
openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
include/openssl/opensslconf.h.in | 10 +++++-----
|
||||
include/openssl/opensslv.h | 6 +++++-
|
||||
2 files changed, 10 insertions(+), 6 deletions(-)
|
||||
|
||||
--- a/include/openssl/opensslconf.h.in
|
||||
+++ b/include/openssl/opensslconf.h.in
|
||||
@@ -9,6 +9,11 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
+/* Always build FIPS module */
|
||||
+#ifndef OPENSSL_FIPS
|
||||
+# define OPENSSL_FIPS
|
||||
+#endif
|
||||
+
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -155,11 +160,6 @@ extern "C" {
|
||||
|
||||
#define RC4_INT {- $config{rc4_int} -}
|
||||
|
||||
-/* Always build FIPS module */
|
||||
-#ifndef OPENSSL_FIPS
|
||||
-# define OPENSSL_FIPS
|
||||
-#endif
|
||||
-
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
--- a/include/openssl/opensslv.h
|
||||
+++ b/include/openssl/opensslv.h
|
||||
@@ -40,7 +40,11 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010117fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023 SUSE release " SUSE_OPENSSL_STRING_PARAM_FUNCB(SUSE_OPENSSL_RELEASE)
|
||||
+# ifdef OPENSSL_FIPS
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w-fips 11 Sep 2023 SUSE release " SUSE_OPENSSL_STRING_PARAM_FUNCB(SUSE_OPENSSL_RELEASE)
|
||||
+# else
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023 SUSE release " SUSE_OPENSSL_STRING_PARAM_FUNCB(SUSE_OPENSSL_RELEASE)
|
||||
+# endif
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
588
openssl-1_1-fips-drbg-selftest.patch
Normal file
588
openssl-1_1-fips-drbg-selftest.patch
Normal file
@ -0,0 +1,588 @@
|
||||
---
|
||||
crypto/fips/fips_post.c | 3
|
||||
crypto/rand/build.info | 2
|
||||
crypto/rand/drbg_selftest.c | 537 ++++++++++++++++++++++++++++++++++++++++++++
|
||||
include/crypto/rand.h | 5
|
||||
4 files changed, 546 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/crypto/fips/fips_post.c
|
||||
+++ b/crypto/fips/fips_post.c
|
||||
@@ -66,6 +66,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "crypto/fips_int.h"
|
||||
+# include "crypto/rand.h"
|
||||
# include "fips_locl.h"
|
||||
|
||||
/* Run all selftests */
|
||||
@@ -79,6 +80,8 @@ int FIPS_selftest(void)
|
||||
if (!FIPS_selftest_drbg_all())
|
||||
rv = 0;
|
||||
#endif
|
||||
+ if (!FIPS_selftest_drbg_new())
|
||||
+ rv = 0;
|
||||
if (!FIPS_selftest_sha1())
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_sha2())
|
||||
--- a/crypto/rand/build.info
|
||||
+++ b/crypto/rand/build.info
|
||||
@@ -1,6 +1,6 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
|
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes
|
||||
--- /dev/null
|
||||
+++ b/crypto/rand/drbg_selftest.c
|
||||
@@ -0,0 +1,537 @@
|
||||
+/*
|
||||
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <stddef.h>
|
||||
+#include "internal/nelem.h"
|
||||
+#include <openssl/crypto.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/rand_drbg.h>
|
||||
+#include <openssl/obj_mac.h>
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "crypto/rand.h"
|
||||
+
|
||||
+typedef struct test_ctx_st {
|
||||
+ const unsigned char *entropy;
|
||||
+ size_t entropylen;
|
||||
+ int entropycnt;
|
||||
+ const unsigned char *nonce;
|
||||
+ size_t noncelen;
|
||||
+ int noncecnt;
|
||||
+} TEST_CTX;
|
||||
+
|
||||
+static int app_data_index = -1;
|
||||
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
|
||||
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
|
||||
+{
|
||||
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+enum drbg_kat_type {
|
||||
+ NO_RESEED,
|
||||
+ PR_FALSE,
|
||||
+ PR_TRUE
|
||||
+};
|
||||
+
|
||||
+enum drbg_df {
|
||||
+ USE_DF,
|
||||
+ NO_DF,
|
||||
+ NA
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_no_reseed {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_pr_false {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *entropyinreseed;
|
||||
+ const unsigned char *addinreseed;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_pr_true {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *entropyinpr1;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *entropyinpr2;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat {
|
||||
+ enum drbg_kat_type type;
|
||||
+ enum drbg_df df;
|
||||
+ int nid;
|
||||
+
|
||||
+ size_t entropyinlen;
|
||||
+ size_t noncelen;
|
||||
+ size_t persstrlen;
|
||||
+ size_t addinlen;
|
||||
+ size_t retbyteslen;
|
||||
+
|
||||
+ const void *t;
|
||||
+};
|
||||
+
|
||||
+/*
|
||||
+ * Excerpt from test/drbg_cavs_data.c
|
||||
+ * DRBG test vectors from:
|
||||
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
|
||||
+ */
|
||||
+
|
||||
+static const unsigned char kat1308_entropyin[] = {
|
||||
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
|
||||
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
|
||||
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
|
||||
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
|
||||
+};
|
||||
+static const unsigned char kat1308_nonce[] = {0};
|
||||
+static const unsigned char kat1308_persstr[] = {
|
||||
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
|
||||
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
|
||||
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
|
||||
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
|
||||
+};
|
||||
+static const unsigned char kat1308_addin0[] = {
|
||||
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
|
||||
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
|
||||
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
|
||||
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
|
||||
+};
|
||||
+static const unsigned char kat1308_addin1[] = {
|
||||
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
|
||||
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
|
||||
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
|
||||
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
|
||||
+};
|
||||
+static const unsigned char kat1308_retbits[] = {
|
||||
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
|
||||
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
|
||||
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
|
||||
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
|
||||
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
|
||||
+ 0x26, 0x32, 0xd0, 0xb8,
|
||||
+};
|
||||
+static const struct drbg_kat_no_reseed kat1308_t = {
|
||||
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
|
||||
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat1308 = {
|
||||
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
|
||||
+};
|
||||
+
|
||||
+static const unsigned char kat1465_entropyin[] = {
|
||||
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
|
||||
+ 0x87, 0xbe, 0xaa, 0xc0,
|
||||
+};
|
||||
+static const unsigned char kat1465_nonce[] = {
|
||||
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
|
||||
+};
|
||||
+static const unsigned char kat1465_persstr[] = {0};
|
||||
+static const unsigned char kat1465_entropyinreseed[] = {
|
||||
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
|
||||
+ 0x1f, 0x4b, 0x7b, 0x51,
|
||||
+};
|
||||
+static const unsigned char kat1465_addinreseed[] = {
|
||||
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
|
||||
+ 0x61, 0x9f, 0x26, 0x5f,
|
||||
+};
|
||||
+static const unsigned char kat1465_addin0[] = {
|
||||
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
|
||||
+ 0x10, 0x5a, 0x73, 0x9c,
|
||||
+};
|
||||
+static const unsigned char kat1465_addin1[] = {
|
||||
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
|
||||
+ 0x47, 0x99, 0x1f, 0xeb,
|
||||
+};
|
||||
+static const unsigned char kat1465_retbits[] = {
|
||||
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
|
||||
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
|
||||
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
|
||||
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
|
||||
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
|
||||
+ 0x58, 0xdb, 0x27, 0xba,
|
||||
+};
|
||||
+static const struct drbg_kat_pr_false kat1465_t = {
|
||||
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
|
||||
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
|
||||
+ kat1465_addin1, kat1465_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat1465 = {
|
||||
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
|
||||
+};
|
||||
+
|
||||
+static const unsigned char kat3146_entropyin[] = {
|
||||
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
|
||||
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
|
||||
+};
|
||||
+static const unsigned char kat3146_nonce[] = {
|
||||
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
|
||||
+ 0x50, 0x86, 0xca, 0xca,
|
||||
+};
|
||||
+static const unsigned char kat3146_persstr[] = {0};
|
||||
+static const unsigned char kat3146_entropyinpr1[] = {
|
||||
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
|
||||
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
|
||||
+};
|
||||
+static const unsigned char kat3146_addinpr1[] = {
|
||||
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
|
||||
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
|
||||
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
|
||||
+};
|
||||
+static const unsigned char kat3146_entropyinpr2[] = {
|
||||
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
|
||||
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
|
||||
+};
|
||||
+static const unsigned char kat3146_addinpr2[] = {
|
||||
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
|
||||
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
|
||||
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
|
||||
+};
|
||||
+static const unsigned char kat3146_retbits[] = {
|
||||
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
|
||||
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
|
||||
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
|
||||
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
|
||||
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
|
||||
+ 0xd4, 0x30, 0x73, 0xbb,
|
||||
+};
|
||||
+static const struct drbg_kat_pr_true kat3146_t = {
|
||||
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
|
||||
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
|
||||
+ kat3146_addinpr2, kat3146_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat3146 = {
|
||||
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
|
||||
+};
|
||||
+
|
||||
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
|
||||
+
|
||||
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
|
||||
+
|
||||
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance)
|
||||
+{
|
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||
+
|
||||
+ t->entropycnt++;
|
||||
+ *pout = (unsigned char *)t->entropy;
|
||||
+ return t->entropylen;
|
||||
+}
|
||||
+
|
||||
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len)
|
||||
+{
|
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||
+
|
||||
+ t->noncecnt++;
|
||||
+ *pout = (unsigned char *)t->nonce;
|
||||
+ return t->noncelen;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Do a single NO_RESEED KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_no_reseed(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin1, td->addinlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do a single PR_FALSE KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Reseed
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_pr_false(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinreseed;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin1, td->addinlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do a single PR_TRUE KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Generate Random Bits (pr=true)
|
||||
+ * Generate Random Bits (pr=true)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_pr_true(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinpr1;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||
+ data->addin1, td->addinlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinpr2;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+static int test_kats(int i)
|
||||
+{
|
||||
+ const struct drbg_kat *td = drbg_test[i];
|
||||
+ int rv = 0;
|
||||
+
|
||||
+ switch (td->type) {
|
||||
+ case NO_RESEED:
|
||||
+ if (!single_kat_no_reseed(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ case PR_FALSE:
|
||||
+ if (!single_kat_pr_false(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ case PR_TRUE:
|
||||
+ if (!single_kat_pr_true(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ default: /* cant happen */
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rv = 1;
|
||||
+err:
|
||||
+ return rv;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do one expected-error test:
|
||||
+ *
|
||||
+ * Instantiate with no entropy supplied
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int test_drbg_sanity(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = 0; /* No entropy */
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ ERR_set_mark();
|
||||
+ /* This must fail. */
|
||||
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ ERR_pop_to_mark();
|
||||
+
|
||||
+err:
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int FIPS_selftest_drbg_new(void)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ for (i = 0; i < drbg_test_nelem; i++) {
|
||||
+ if (test_kats(i) <= 0)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (test_drbg_sanity(&kat1465) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
--- a/include/crypto/rand.h
|
||||
+++ b/include/crypto/rand.h
|
||||
@@ -150,4 +150,9 @@ void rand_pool_cleanup(void);
|
||||
*/
|
||||
void rand_pool_keep_random_devices_open(int keep);
|
||||
|
||||
+/*
|
||||
+ * Perform the DRBG KAT selftests
|
||||
+ */
|
||||
+int FIPS_selftest_drbg_new(void);
|
||||
+
|
||||
#endif
|
@ -0,0 +1,117 @@
|
||||
---
|
||||
crypto/asn1/ameth_lib.c | 18 ++++++++++++++++++
|
||||
crypto/asn1/standard_methods.h | 29 +++++++++++++++++++++++++++++
|
||||
crypto/evp/c_alld.c | 6 +++++-
|
||||
3 files changed, 52 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: openssl-1.1.1w/crypto/asn1/ameth_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/asn1/ameth_lib.c
|
||||
+++ openssl-1.1.1w/crypto/asn1/ameth_lib.c
|
||||
@@ -35,7 +35,11 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_P
|
||||
|
||||
int EVP_PKEY_asn1_get_count(void)
|
||||
{
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ int num = FIPS_mode() ? OSSL_NELEM(standard_fips_methods) : OSSL_NELEM(standard_methods);
|
||||
+#else
|
||||
int num = OSSL_NELEM(standard_methods);
|
||||
+#endif
|
||||
if (app_methods)
|
||||
num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
|
||||
return num;
|
||||
@@ -43,11 +47,19 @@ int EVP_PKEY_asn1_get_count(void)
|
||||
|
||||
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
|
||||
{
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ int num = FIPS_mode() ? OSSL_NELEM(standard_fips_methods) : OSSL_NELEM(standard_methods);
|
||||
+#else
|
||||
int num = OSSL_NELEM(standard_methods);
|
||||
+#endif
|
||||
if (idx < 0)
|
||||
return NULL;
|
||||
if (idx < num)
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ return FIPS_mode() ? standard_fips_methods[idx] : standard_methods[idx];
|
||||
+#else
|
||||
return standard_methods[idx];
|
||||
+#endif
|
||||
idx -= num;
|
||||
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
|
||||
}
|
||||
@@ -63,7 +75,13 @@ static const EVP_PKEY_ASN1_METHOD *pkey_
|
||||
if (idx >= 0)
|
||||
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
|
||||
}
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ ret = FIPS_mode() ? \
|
||||
+ OBJ_bsearch_ameth(&t, standard_fips_methods, OSSL_NELEM(standard_fips_methods)) : \
|
||||
+ OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
|
||||
+#else
|
||||
ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
|
||||
+#endif
|
||||
if (!ret || !*ret)
|
||||
return NULL;
|
||||
return *ret;
|
||||
Index: openssl-1.1.1w/crypto/asn1/standard_methods.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/asn1/standard_methods.h
|
||||
+++ openssl-1.1.1w/crypto/asn1/standard_methods.h
|
||||
@@ -59,3 +59,32 @@ static const EVP_PKEY_ASN1_METHOD *stand
|
||||
#endif
|
||||
};
|
||||
|
||||
+static const EVP_PKEY_ASN1_METHOD *standard_fips_methods[] = {
|
||||
+#ifndef OPENSSL_NO_RSA
|
||||
+ &rsa_asn1_meths[0],
|
||||
+ &rsa_asn1_meths[1],
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_DH
|
||||
+ &dh_asn1_meth,
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_DSA
|
||||
+ &dsa_asn1_meths[0],
|
||||
+ &dsa_asn1_meths[1],
|
||||
+ &dsa_asn1_meths[2],
|
||||
+ &dsa_asn1_meths[3],
|
||||
+ &dsa_asn1_meths[4],
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_EC
|
||||
+ &eckey_asn1_meth,
|
||||
+#endif
|
||||
+ &hmac_asn1_meth,
|
||||
+#ifndef OPENSSL_NO_CMAC
|
||||
+ &cmac_asn1_meth,
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_RSA
|
||||
+ &rsa_pss_asn1_meth,
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_DH
|
||||
+ &dhx_asn1_meth,
|
||||
+#endif
|
||||
+};
|
||||
Index: openssl-1.1.1w/crypto/evp/c_alld.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/evp/c_alld.c
|
||||
+++ openssl-1.1.1w/crypto/evp/c_alld.c
|
||||
@@ -11,13 +11,18 @@
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
#include "crypto/evp.h"
|
||||
+#include "crypto/fips_int.h"
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/objects.h>
|
||||
|
||||
void openssl_add_all_digests_int(void)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
- if (!FIPS_mode()) {
|
||||
+ /*
|
||||
+ * This function is called from FIPS_selftest_ecdsa() before FIPS mode is
|
||||
+ * turned on. That is the reason why we need to also check fips_in_post().
|
||||
+ */
|
||||
+ if (!FIPS_mode() && !fips_in_post()) {
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_MD4
|
||||
EVP_add_digest(EVP_md4());
|
203
openssl-1_1-jitterentropy-3.4.0.patch
Normal file
203
openssl-1_1-jitterentropy-3.4.0.patch
Normal file
@ -0,0 +1,203 @@
|
||||
---
|
||||
Configurations/00-base-templates.conf | 2 -
|
||||
crypto/fips/build.info | 3 +-
|
||||
crypto/fips/fips.c | 8 +++++++
|
||||
crypto/fips/fips_entropy.c | 38 ++++++++++++++++++++++++++++++++++
|
||||
crypto/fips/fips_err.h | 1
|
||||
crypto/init.c | 4 +++
|
||||
crypto/rand/rand_unix.c | 30 +++++++++++++++++++++++++-
|
||||
include/crypto/fips_int.h | 2 +
|
||||
include/openssl/fips.h | 4 +++
|
||||
util/libcrypto.num | 2 +
|
||||
10 files changed, 91 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/Configurations/00-base-templates.conf
|
||||
+++ b/Configurations/00-base-templates.conf
|
||||
@@ -96,7 +96,7 @@ my %targets=(
|
||||
ex_libs =>
|
||||
sub { !defined($disabled{zlib})
|
||||
&& defined($disabled{"zlib-dynamic"})
|
||||
- ? "-lz" : () },
|
||||
+ ? "-lz -ljitterentropy" : "-ljitterentropy" },
|
||||
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
|
||||
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
|
||||
? "ranlib" : "" },
|
||||
--- a/crypto/fips/build.info
|
||||
+++ b/crypto/fips/build.info
|
||||
@@ -5,7 +5,8 @@ SOURCE[../../libcrypto]=\
|
||||
fips_post.c drbgtest.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
||||
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
||||
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
||||
- fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c fips_sli.c
|
||||
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c fips_sli.c \
|
||||
+ fips_entropy.c
|
||||
|
||||
PROGRAMS=\
|
||||
fips_standalone_hmac
|
||||
--- a/crypto/fips/fips.c
|
||||
+++ b/crypto/fips/fips.c
|
||||
@@ -461,6 +461,14 @@ int FIPS_module_mode_set(int onoff)
|
||||
|
||||
fips_post = 1;
|
||||
|
||||
+ if (!FIPS_entropy_init()) {
|
||||
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
+ FIPS_R_ENTROPY_INIT_FAILED);
|
||||
+ fips_selftest_fail = 1;
|
||||
+ ret = 0;
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
/* Run the KATs before the HMAC verification for FIPS 140-3 compliance */
|
||||
if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
--- /dev/null
|
||||
+++ b/crypto/fips/fips_entropy.c
|
||||
@@ -0,0 +1,38 @@
|
||||
+#include <openssl/fips.h>
|
||||
+
|
||||
+#include "crypto/fips_int.h"
|
||||
+#include "jitterentropy.h"
|
||||
+
|
||||
+static struct rand_data* ec = NULL;
|
||||
+
|
||||
+struct rand_data* FIPS_entropy_init(void)
|
||||
+{
|
||||
+ if (ec != NULL)
|
||||
+ /* Entropy source has been initiated and collector allocated */
|
||||
+ return ec;
|
||||
+ /* If the initialization is successful, the call returns with 0 */
|
||||
+ if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0)
|
||||
+ /* Allocate entropy collector */
|
||||
+ ec = jent_entropy_collector_alloc(1, JENT_FORCE_FIPS);
|
||||
+ return ec;
|
||||
+}
|
||||
+
|
||||
+void FIPS_entropy_cleanup(void)
|
||||
+{
|
||||
+ /* Free entropy collector */
|
||||
+ if (ec != NULL) {
|
||||
+ jent_entropy_collector_free(ec);
|
||||
+ ec = NULL;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen)
|
||||
+{
|
||||
+ ssize_t ent_bytes = -1;
|
||||
+
|
||||
+ if (buf != NULL && buflen != 0 && FIPS_entropy_init()) {
|
||||
+ /* Get entropy */
|
||||
+ ent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen);
|
||||
+ }
|
||||
+ return ent_bytes;
|
||||
+}
|
||||
--- a/crypto/fips/fips_err.h
|
||||
+++ b/crypto/fips/fips_err.h
|
||||
@@ -135,6 +135,7 @@ static ERR_STRING_DATA FIPS_str_reasons[
|
||||
{ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"},
|
||||
{ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"},
|
||||
{ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"},
|
||||
+ {ERR_REASON(FIPS_R_ENTROPY_INIT_FAILED), "entropy init failed"},
|
||||
{ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
|
||||
"entropy not requested for reseed"},
|
||||
{ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"},
|
||||
--- a/crypto/init.c
|
||||
+++ b/crypto/init.c
|
||||
@@ -27,6 +27,7 @@
|
||||
#include "crypto/dso_conf.h"
|
||||
#include "internal/dso.h"
|
||||
#include "crypto/store.h"
|
||||
+#include "openssl/fips.h"
|
||||
|
||||
static int stopped = 0;
|
||||
|
||||
@@ -597,6 +598,9 @@ void OPENSSL_cleanup(void)
|
||||
rand_cleanup_int();
|
||||
rand_drbg_cleanup_int();
|
||||
conf_modules_free_int();
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ FIPS_entropy_cleanup();
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
engine_cleanup_int();
|
||||
#endif
|
||||
--- a/crypto/rand/rand_unix.c
|
||||
+++ b/crypto/rand/rand_unix.c
|
||||
@@ -642,9 +642,37 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return rand_pool_entropy_available(pool);
|
||||
# else
|
||||
size_t entropy_available;
|
||||
+ int in_post;
|
||||
+
|
||||
+# ifdef OPENSSL_FIPS
|
||||
+ if (FIPS_mode()) {
|
||||
+ /* Use jitter entropy in FIPS mode */
|
||||
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||
+ size_t bytes_needed;
|
||||
+ unsigned char *buffer;
|
||||
+ ssize_t bytes;
|
||||
+ /* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
+ int attempts = 3;
|
||||
+
|
||||
+ bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
+ while (bytes_needed != 0 && attempts-- > 0) {
|
||||
+ buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
+ bytes = FIPS_jitter_entropy(buffer, bytes_needed);
|
||||
+ if (bytes > 0) {
|
||||
+ rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
+ bytes_needed -= bytes;
|
||||
+ attempts = 3; /* reset counter after successful attempt */
|
||||
+ } else if (bytes < 0) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ entropy_available = rand_pool_entropy_available(pool);
|
||||
+ return entropy_available;
|
||||
+ }
|
||||
+# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
- int in_post;
|
||||
|
||||
for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||
{
|
||||
--- a/include/crypto/fips_int.h
|
||||
+++ b/include/crypto/fips_int.h
|
||||
@@ -101,4 +101,6 @@ void fips_set_selftest_fail(void);
|
||||
|
||||
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
|
||||
|
||||
+ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen);
|
||||
+
|
||||
#endif
|
||||
--- a/include/openssl/fips.h
|
||||
+++ b/include/openssl/fips.h
|
||||
@@ -74,6 +74,9 @@ extern "C" {
|
||||
BN_GENCB *cb);
|
||||
int FIPS_dsa_paramgen_check_g(DSA *dsa);
|
||||
|
||||
+ struct rand_data* FIPS_entropy_init(void);
|
||||
+ void FIPS_entropy_cleanup(void);
|
||||
+
|
||||
/* BEGIN ERROR CODES */
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
@@ -151,6 +154,7 @@ extern "C" {
|
||||
# define FIPS_R_DRBG_NOT_INITIALISED 152
|
||||
# define FIPS_R_DRBG_STUCK 103
|
||||
# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
|
||||
+# define FIPS_R_ENTROPY_INIT_FAILED 161
|
||||
# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
|
||||
# define FIPS_R_ENTROPY_SOURCE_STUCK 142
|
||||
# define FIPS_R_ERROR_INITIALISING_DRBG 115
|
||||
--- a/util/libcrypto.num
|
||||
+++ b/util/libcrypto.num
|
||||
@@ -4647,3 +4647,5 @@ fips_sli_PKCS5_PBKDF2_HMAC_is_approved
|
||||
fips_sli_HMAC_is_approved 6608 1_1_1l EXIST::FUNCTION:
|
||||
fips_sli_RAND_bytes_is_approved 6609 1_1_1l EXIST::FUNCTION:
|
||||
fips_sli_RAND_priv_bytes_is_approved 6610 1_1_1l EXIST::FUNCTION:
|
||||
+FIPS_entropy_init 6611 1_1_1l EXIST::FUNCTION:
|
||||
+FIPS_entropy_cleanup 6612 1_1_1l EXIST::FUNCTION:
|
||||
|
556
openssl-1_1-openssl-config.patch
Normal file
556
openssl-1_1-openssl-config.patch
Normal file
@ -0,0 +1,556 @@
|
||||
---
|
||||
Configurations/descrip.mms.tmpl | 4 +--
|
||||
Configurations/unix-Makefile.tmpl | 22 ++++++++---------
|
||||
Configure | 2 -
|
||||
INSTALL | 2 -
|
||||
NEWS | 3 ++
|
||||
VMS/openssl_utils.com.in | 2 -
|
||||
apps/CA.pl.in | 8 +++---
|
||||
apps/build.info | 6 ++--
|
||||
apps/tsget.in | 2 -
|
||||
doc/HOWTO/certificates.txt | 2 -
|
||||
doc/man1/CA.pl.pod | 36 ++++++++++++++---------------
|
||||
doc/man1/ca.pod | 4 +--
|
||||
doc/man1/rehash.pod | 10 ++++----
|
||||
doc/man1/tsget.pod | 4 +--
|
||||
doc/man1/verify.pod | 2 -
|
||||
doc/man1/x509.pod | 2 -
|
||||
doc/man3/OPENSSL_config.pod | 2 -
|
||||
doc/man3/SSL_CTX_load_verify_locations.pod | 4 +--
|
||||
doc/man5/config.pod | 2 -
|
||||
include/internal/cryptlib.h | 2 -
|
||||
test/recipes/80-test_ca.t | 10 ++++----
|
||||
tools/build.info | 2 -
|
||||
tools/c_rehash.in | 6 ++--
|
||||
23 files changed, 71 insertions(+), 68 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1v/Configurations/descrip.mms.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/Configurations/descrip.mms.tmpl
|
||||
+++ openssl-1.1.1v/Configurations/descrip.mms.tmpl
|
||||
@@ -142,8 +142,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\
|
||||
INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
|
||||
INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
|
||||
{- output_off() if $disabled{apps}; "" -}
|
||||
-BIN_SCRIPTS=[.tools]c_rehash.pl
|
||||
-MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
|
||||
+BIN_SCRIPTS=[.tools]c_rehash-1_1.pl
|
||||
+MISC_SCRIPTS=[.apps]CA-1_1.pl, [.apps]tsget-1_1.pl
|
||||
{- output_on() if $disabled{apps}; "" -}
|
||||
|
||||
APPS_OPENSSL={- use File::Spec::Functions;
|
||||
Index: openssl-1.1.1v/Configurations/unix-Makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/Configurations/unix-Makefile.tmpl
|
||||
+++ openssl-1.1.1v/Configurations/unix-Makefile.tmpl
|
||||
@@ -140,8 +140,8 @@ INSTALL_SHLIB_INFO={- join(" ", map { "\
|
||||
INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
|
||||
INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
|
||||
{- output_off() if $disabled{apps}; "" -}
|
||||
-BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
|
||||
-MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget.pl:tsget
|
||||
+BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash-1_1
|
||||
+MISC_SCRIPTS=$(BLDDIR)/apps/CA-1_1.pl $(BLDDIR)/apps/tsget-1_1.pl:tsget-1_1
|
||||
{- output_on() if $disabled{apps}; "" -}
|
||||
|
||||
APPS_OPENSSL={- use File::Spec::Functions;
|
||||
@@ -579,14 +579,14 @@ install_ssldirs:
|
||||
: {- output_on() if windowsdll(); "" -}; \
|
||||
fi; \
|
||||
done
|
||||
- @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
|
||||
- @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
|
||||
- @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
|
||||
- @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
|
||||
- @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
|
||||
- $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
|
||||
- cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
|
||||
- chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
|
||||
+ @$(ECHO) "install $(SRCDIR)/apps/openssl-1_1.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.dist"
|
||||
+ @cp $(SRCDIR)/apps/openssl-1_1.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new"
|
||||
+ @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new"
|
||||
+ @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.dist"
|
||||
+ @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf" ]; then \
|
||||
+ $(ECHO) "install $(SRCDIR)/apps/openssl-1_1.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \
|
||||
+ cp $(SRCDIR)/apps/openssl-1_1.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \
|
||||
+ chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \
|
||||
fi
|
||||
@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
|
||||
@cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new"
|
||||
@@ -870,7 +870,7 @@ lint:
|
||||
|
||||
generate_apps:
|
||||
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \
|
||||
- < apps/openssl.cnf > apps/openssl-vms.cnf )
|
||||
+ < apps/openssl-1_1.cnf > apps/openssl-vms.cnf )
|
||||
|
||||
generate_crypto_bn:
|
||||
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
|
||||
Index: openssl-1.1.1v/Configure
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/Configure
|
||||
+++ openssl-1.1.1v/Configure
|
||||
@@ -35,7 +35,7 @@ my $usage="Usage: Configure [no-<cipher>
|
||||
# directories bin, lib, include, share/man, share/doc/openssl
|
||||
# This becomes the value of INSTALLTOP in Makefile
|
||||
# (Default: /usr/local)
|
||||
-# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys.
|
||||
+# --openssldir OpenSSL data area, such as openssl-1_1.cnf, certificates and keys.
|
||||
# If it's a relative directory, it will be added on the directory
|
||||
# given with --prefix.
|
||||
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
||||
Index: openssl-1.1.1v/INSTALL
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/INSTALL
|
||||
+++ openssl-1.1.1v/INSTALL
|
||||
@@ -296,7 +296,7 @@
|
||||
be undesirable if small executable size is an objective.
|
||||
|
||||
no-autoload-config
|
||||
- Don't automatically load the default openssl.cnf file.
|
||||
+ Don't automatically load the default openssl-1_1.cnf file.
|
||||
Typically OpenSSL will automatically load a system config
|
||||
file which configures default ssl options.
|
||||
|
||||
Index: openssl-1.1.1v/NEWS
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/NEWS
|
||||
+++ openssl-1.1.1v/NEWS
|
||||
@@ -10,6 +10,9 @@
|
||||
o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
|
||||
o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
|
||||
|
||||
+ IMPORTANT: For compatibility with OpenSSL 3.0, the OpenSSL master
|
||||
+ configuration file openssl.cnf has been renamed to openssl-1_1.cnf.
|
||||
+
|
||||
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
|
||||
|
||||
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
|
||||
Index: openssl-1.1.1v/VMS/openssl_utils.com.in
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/VMS/openssl_utils.com.in
|
||||
+++ openssl-1.1.1v/VMS/openssl_utils.com.in
|
||||
@@ -8,7 +8,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL'v'
|
||||
$
|
||||
$ IF F$TYPE(PERL) .EQS. "STRING"
|
||||
$ THEN
|
||||
-$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
|
||||
+$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash-1_1.pl
|
||||
$ ELSE
|
||||
$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
|
||||
$ ENDIF
|
||||
Index: openssl-1.1.1v/apps/CA.pl.in
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/apps/CA.pl.in
|
||||
+++ openssl-1.1.1v/apps/CA.pl.in
|
||||
@@ -113,10 +113,10 @@ sub run
|
||||
|
||||
|
||||
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
|
||||
- print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
|
||||
- print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
|
||||
- print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
|
||||
- print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
|
||||
+ print STDERR "usage: CA-1_1.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
|
||||
+ print STDERR " CA-1_1.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
|
||||
+ print STDERR " CA-1_1.pl -verify [-extra-verify extra-params] certfile ...\n";
|
||||
+ print STDERR " CA-1_1.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
|
||||
exit 0;
|
||||
}
|
||||
if ($WHAT eq '-newcert' ) {
|
||||
Index: openssl-1.1.1v/apps/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/apps/build.info
|
||||
+++ openssl-1.1.1v/apps/build.info
|
||||
@@ -73,7 +73,7 @@ IF[{- !$disabled{apps} -}]
|
||||
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
|
||||
DEPEND[progs.h]=../configdata.pm
|
||||
|
||||
- SCRIPTS=CA.pl tsget.pl
|
||||
- SOURCE[CA.pl]=CA.pl.in
|
||||
- SOURCE[tsget.pl]=tsget.in
|
||||
+ SCRIPTS=CA-1_1.pl tsget-1_1.pl
|
||||
+ SOURCE[CA-1_1.pl]=CA.pl.in
|
||||
+ SOURCE[tsget-1_1.pl]=tsget.in
|
||||
ENDIF
|
||||
Index: openssl-1.1.1v/apps/tsget.in
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/apps/tsget.in
|
||||
+++ openssl-1.1.1v/apps/tsget.in
|
||||
@@ -47,7 +47,7 @@ sub create_curl {
|
||||
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
|
||||
$curl->setopt(CURLOPT_FAILONERROR, 1);
|
||||
$curl->setopt(CURLOPT_USERAGENT,
|
||||
- "OpenTSA tsget.pl/openssl-{- $config{version} -}");
|
||||
+ "OpenTSA tsget-1_1.pl/openssl-{- $config{version} -}");
|
||||
|
||||
# Options for POST method.
|
||||
$curl->setopt(CURLOPT_UPLOAD, 1);
|
||||
Index: openssl-1.1.1v/doc/HOWTO/certificates.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/HOWTO/certificates.txt
|
||||
+++ openssl-1.1.1v/doc/HOWTO/certificates.txt
|
||||
@@ -16,7 +16,7 @@ Certificate authorities should read http
|
||||
In all the cases shown below, the standard configuration file, as
|
||||
compiled into openssl, will be used. You may find it in /etc/,
|
||||
/usr/local/ssl/ or somewhere else. By default the file is named
|
||||
-openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html.
|
||||
+openssl-1_1.cnf and is described at https://www.openssl.org/docs/apps/config.html.
|
||||
You can specify a different configuration file using the
|
||||
'-config {file}' argument with the commands shown below.
|
||||
|
||||
Index: openssl-1.1.1v/doc/man1/CA.pl.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man1/CA.pl.pod
|
||||
+++ openssl-1.1.1v/doc/man1/CA.pl.pod
|
||||
@@ -2,16 +2,16 @@
|
||||
|
||||
=head1 NAME
|
||||
|
||||
-CA.pl - friendlier interface for OpenSSL certificate programs
|
||||
+CA-1_1.pl - friendlier interface for OpenSSL certificate programs
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
-B<CA.pl>
|
||||
+B<CA-1_1.pl>
|
||||
B<-?> |
|
||||
B<-h> |
|
||||
B<-help>
|
||||
|
||||
-B<CA.pl>
|
||||
+B<CA-1_1.pl>
|
||||
B<-newcert> |
|
||||
B<-newreq> |
|
||||
B<-newreq-nodes> |
|
||||
@@ -23,15 +23,15 @@ B<-crl> |
|
||||
B<-newca>
|
||||
[B<-extra-cmd> extra-params]
|
||||
|
||||
-B<CA.pl> B<-pkcs12> [B<-extra-pkcs12> extra-params] [B<certname>]
|
||||
+B<CA-1_1.pl> B<-pkcs12> [B<-extra-pkcs12> extra-params] [B<certname>]
|
||||
|
||||
-B<CA.pl> B<-verify> [B<-extra-verify> extra-params] B<certfile>...
|
||||
+B<CA-1_1.pl> B<-verify> [B<-extra-verify> extra-params] B<certfile>...
|
||||
|
||||
-B<CA.pl> B<-revoke> [B<-extra-ca> extra-params] B<certfile> [B<reason>]
|
||||
+B<CA-1_1.pl> B<-revoke> [B<-extra-ca> extra-params] B<certfile> [B<reason>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
-The B<CA.pl> script is a perl script that supplies the relevant command line
|
||||
+The B<CA-1_1.pl> script is a perl script that supplies the relevant command line
|
||||
arguments to the B<openssl> command for some common certificate operations.
|
||||
It is intended to simplify the process of certificate creation and management
|
||||
by the use of some simple options.
|
||||
@@ -136,19 +136,19 @@ Users should consult B<openssl> command
|
||||
|
||||
Create a CA hierarchy:
|
||||
|
||||
- CA.pl -newca
|
||||
+ CA-1_1.pl -newca
|
||||
|
||||
Complete certificate creation example: create a CA, create a request, sign
|
||||
the request and finally create a PKCS#12 file containing it.
|
||||
|
||||
- CA.pl -newca
|
||||
- CA.pl -newreq
|
||||
- CA.pl -sign
|
||||
- CA.pl -pkcs12 "My Test Certificate"
|
||||
+ CA-1_1.pl -newca
|
||||
+ CA-1_1.pl -newreq
|
||||
+ CA-1_1.pl -sign
|
||||
+ CA-1_1.pl -pkcs12 "My Test Certificate"
|
||||
|
||||
=head1 DSA CERTIFICATES
|
||||
|
||||
-Although the B<CA.pl> creates RSA CAs and requests it is still possible to
|
||||
+Although the B<CA-1_1.pl> creates RSA CAs and requests it is still possible to
|
||||
use it with DSA certificates and requests using the L<req(1)> command
|
||||
directly. The following example shows the steps that would typically be taken.
|
||||
|
||||
@@ -162,7 +162,7 @@ Create a DSA CA certificate and private
|
||||
|
||||
Create the CA directories and files:
|
||||
|
||||
- CA.pl -newca
|
||||
+ CA-1_1.pl -newca
|
||||
|
||||
enter cacert.pem when prompted for the CA filename.
|
||||
|
||||
@@ -173,22 +173,22 @@ can optionally be created first):
|
||||
|
||||
Sign the request:
|
||||
|
||||
- CA.pl -sign
|
||||
+ CA-1_1.pl -sign
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
-Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
|
||||
+Most of the filenames mentioned can be modified by editing the B<CA-1_1.pl> script.
|
||||
|
||||
If the demoCA directory already exists then the B<-newca> command will not
|
||||
overwrite it and will do nothing. This can happen if a previous call using
|
||||
the B<-newca> option terminated abnormally. To get the correct behaviour
|
||||
delete the demoCA directory if it already exists.
|
||||
|
||||
-Under some environments it may not be possible to run the B<CA.pl> script
|
||||
+Under some environments it may not be possible to run the B<CA-1_1.pl> script
|
||||
directly (for example Win32) and the default configuration file location may
|
||||
be wrong. In this case the command:
|
||||
|
||||
- perl -S CA.pl
|
||||
+ perl -S CA-1_1.pl
|
||||
|
||||
can be used and the B<OPENSSL_CONF> environment variable changed to point to
|
||||
the correct path of the configuration file.
|
||||
Index: openssl-1.1.1v/doc/man1/ca.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man1/ca.pod
|
||||
+++ openssl-1.1.1v/doc/man1/ca.pod
|
||||
@@ -698,7 +698,7 @@ the database has to be kept in memory.
|
||||
The B<ca> command really needs rewriting or the required functionality
|
||||
exposed at either a command or interface level so a more friendly utility
|
||||
(perl script or GUI) can handle things properly. The script
|
||||
-B<CA.pl> helps a little but not very much.
|
||||
+B<CA-1_1.pl> helps a little but not very much.
|
||||
|
||||
Any fields in a request that are not present in a policy are silently
|
||||
deleted. This does not happen if the B<-preserveDN> option is used. To
|
||||
@@ -754,7 +754,7 @@ are in year 2050 or later.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
-L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
|
||||
+L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA-1_1.pl(1)>,
|
||||
L<config(5)>, L<x509v3_config(5)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
Index: openssl-1.1.1v/doc/man1/rehash.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man1/rehash.pod
|
||||
+++ openssl-1.1.1v/doc/man1/rehash.pod
|
||||
@@ -6,7 +6,7 @@ Original text by James Westby, contribut
|
||||
=head1 NAME
|
||||
|
||||
openssl-c_rehash, openssl-rehash,
|
||||
-c_rehash, rehash - Create symbolic links to files named by the hash values
|
||||
+c_rehash-1_1, rehash - Create symbolic links to files named by the hash values
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
@@ -19,13 +19,13 @@ B<[-n]>
|
||||
B<[-v]>
|
||||
[ I<directory>...]
|
||||
|
||||
-B<c_rehash>
|
||||
+B<c_rehash-1_1>
|
||||
I<flags...>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
-On some platforms, the OpenSSL B<rehash> command is available as
|
||||
-an external script called B<c_rehash>. They are functionally equivalent,
|
||||
+On some platforms, the OpenSSL B<rehash-1_1> command is available as
|
||||
+an external script called B<c_rehash-1_1>. They are functionally equivalent,
|
||||
except for minor differences noted below.
|
||||
|
||||
B<rehash> scans directories and calculates a hash value of each
|
||||
@@ -66,7 +66,7 @@ more than one such object appears in the
|
||||
|
||||
=head2 Script Configuration
|
||||
|
||||
-The B<c_rehash> script
|
||||
+The B<c_rehash-1_1> script
|
||||
uses the B<openssl> program to compute the hashes and
|
||||
fingerprints. If not found in the user's B<PATH>, then set the
|
||||
B<OPENSSL> environment variable to the full pathname.
|
||||
Index: openssl-1.1.1v/doc/man1/tsget.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man1/tsget.pod
|
||||
+++ openssl-1.1.1v/doc/man1/tsget.pod
|
||||
@@ -35,7 +35,7 @@ line.
|
||||
The tool sends the following HTTP request for each timestamp request:
|
||||
|
||||
POST url HTTP/1.1
|
||||
- User-Agent: OpenTSA tsget.pl/<version>
|
||||
+ User-Agent: OpenTSA tsget-1_1.pl/<version>
|
||||
Host: <host>:<port>
|
||||
Pragma: no-cache
|
||||
Content-Type: application/timestamp-query
|
||||
@@ -108,7 +108,7 @@ Either option B<-C> or option B<-P> must
|
||||
=item B<-P> CA_path
|
||||
|
||||
(HTTPS) The path containing the trusted CA certificates to verify the peer's
|
||||
-certificate. The directory must be prepared with the B<c_rehash>
|
||||
+certificate. The directory must be prepared with the B<c_rehash-1_1>
|
||||
OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of
|
||||
HTTPS. (Optional)
|
||||
|
||||
Index: openssl-1.1.1v/doc/man1/verify.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man1/verify.pod
|
||||
+++ openssl-1.1.1v/doc/man1/verify.pod
|
||||
@@ -75,7 +75,7 @@ The file should contain one or more cert
|
||||
A directory of trusted certificates. The certificates should have names
|
||||
of the form: hash.0 or have symbolic links to them of this
|
||||
form ("hash" is the hashed certificate subject name: see the B<-hash> option
|
||||
-of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
|
||||
+of the B<x509> utility). Under Unix the B<c_rehash-1_1> script will automatically
|
||||
create symbolic links to a directory of certificates.
|
||||
|
||||
=item B<-no-CAfile>
|
||||
Index: openssl-1.1.1v/doc/man1/x509.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man1/x509.pod
|
||||
+++ openssl-1.1.1v/doc/man1/x509.pod
|
||||
@@ -932,7 +932,7 @@ The hash algorithm used in the B<-subjec
|
||||
before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
|
||||
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
|
||||
canonical version of the DN using SHA1. This means that any directories using
|
||||
-the old form must have their links rebuilt using B<c_rehash> or similar.
|
||||
+the old form must have their links rebuilt using B<c_rehash-1_1> or similar.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Index: openssl-1.1.1v/doc/man3/OPENSSL_config.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man3/OPENSSL_config.pod
|
||||
+++ openssl-1.1.1v/doc/man3/OPENSSL_config.pod
|
||||
@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
|
||||
+OPENSSL_config() configures OpenSSL using the standard B<openssl-1_1.cnf> and
|
||||
reads from the application section B<appname>. If B<appname> is NULL then
|
||||
the default section, B<openssl_conf>, will be used.
|
||||
Errors are silently ignored.
|
||||
Index: openssl-1.1.1v/doc/man3/SSL_CTX_load_verify_locations.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man3/SSL_CTX_load_verify_locations.pod
|
||||
+++ openssl-1.1.1v/doc/man3/SSL_CTX_load_verify_locations.pod
|
||||
@@ -63,7 +63,7 @@ If more than one CA certificate with the
|
||||
extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
|
||||
is performed in the ordering of the extension number, regardless of other
|
||||
properties of the certificates.
|
||||
-Use the B<c_rehash> utility to create the necessary links.
|
||||
+Use the B<c_rehash-1_1> utility to create the necessary links.
|
||||
|
||||
The certificates in B<CApath> are only looked up when required, e.g. when
|
||||
building the certificate chain or when actually performing the verification
|
||||
@@ -137,7 +137,7 @@ Prepare the directory /some/where/certs
|
||||
for use as B<CApath>:
|
||||
|
||||
cd /some/where/certs
|
||||
- c_rehash .
|
||||
+ c_rehash-1_1 .
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
Index: openssl-1.1.1v/doc/man5/config.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/doc/man5/config.pod
|
||||
+++ openssl-1.1.1v/doc/man5/config.pod
|
||||
@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The OpenSSL CONF library can be used to read configuration files.
|
||||
-It is used for the OpenSSL master configuration file B<openssl.cnf>
|
||||
+It is used for the OpenSSL master configuration file B<openssl-1_1.cnf>
|
||||
and in a few other places like B<SPKAC> files and certificate extension
|
||||
files for the B<x509> utility. OpenSSL applications can also use the
|
||||
CONF library for their own purposes.
|
||||
Index: openssl-1.1.1v/include/internal/cryptlib.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/include/internal/cryptlib.h
|
||||
+++ openssl-1.1.1v/include/internal/cryptlib.h
|
||||
@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO;
|
||||
typedef struct mem_st MEM;
|
||||
DEFINE_LHASH_OF(MEM);
|
||||
|
||||
-# define OPENSSL_CONF "openssl.cnf"
|
||||
+# define OPENSSL_CONF "openssl-1_1.cnf"
|
||||
|
||||
# ifndef OPENSSL_SYS_VMS
|
||||
# define X509_CERT_AREA OPENSSLDIR
|
||||
Index: openssl-1.1.1v/test/recipes/80-test_ca.t
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/test/recipes/80-test_ca.t
|
||||
+++ openssl-1.1.1v/test/recipes/80-test_ca.t
|
||||
@@ -27,27 +27,27 @@ plan tests => 5;
|
||||
SKIP: {
|
||||
$ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
|
||||
skip "failed creating CA structure", 4
|
||||
- if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
|
||||
+ if !ok(run(perlapp(["CA-1_1.pl","-newca"], stdin => undef)),
|
||||
'creating CA structure');
|
||||
|
||||
$ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
|
||||
skip "failed creating new certificate request", 3
|
||||
- if !ok(run(perlapp(["CA.pl","-newreq"])),
|
||||
+ if !ok(run(perlapp(["CA-1_1.pl","-newreq"])),
|
||||
'creating certificate request');
|
||||
|
||||
$ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"';
|
||||
skip "failed to sign certificate request", 2
|
||||
- if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
|
||||
+ if !is(yes(cmdstr(perlapp(["CA-1_1.pl", "-sign"]))), 0,
|
||||
'signing certificate request');
|
||||
|
||||
- ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
|
||||
+ ok(run(perlapp(["CA-1_1.pl", "-verify", "newcert.pem"])),
|
||||
'verifying new certificate');
|
||||
|
||||
skip "CT not configured, can't use -precert", 1
|
||||
if disabled("ct");
|
||||
|
||||
$ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
|
||||
- ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)),
|
||||
+ ok(run(perlapp(["CA-1_1.pl", "-precert"], stderr => undef)),
|
||||
'creating new pre-certificate');
|
||||
}
|
||||
|
||||
Index: openssl-1.1.1v/tools/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/tools/build.info
|
||||
+++ openssl-1.1.1v/tools/build.info
|
||||
@@ -1,5 +1,5 @@
|
||||
{- our $c_rehash_name =
|
||||
- $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
|
||||
+ $config{target} =~ /^(VC|vms)-/ ? "c_rehash-1_1.pl" : "c_rehash-1_1";
|
||||
"" -}
|
||||
IF[{- !$disabled{apps} -}]
|
||||
SCRIPTS={- $c_rehash_name -}
|
||||
Index: openssl-1.1.1v/tools/c_rehash.in
|
||||
===================================================================
|
||||
--- openssl-1.1.1v.orig/tools/c_rehash.in
|
||||
+++ openssl-1.1.1v/tools/c_rehash.in
|
||||
@@ -8,7 +8,7 @@
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
-# Perl c_rehash script, scan all files in a directory
|
||||
+# Perl c_rehash-1_1 script, scan all files in a directory
|
||||
# and add symbolic links to their hash values.
|
||||
|
||||
my $dir = {- quotify1($config{openssldir}) -};
|
||||
@@ -44,7 +44,7 @@ while ( $ARGV[0] =~ /^-/ ) {
|
||||
}
|
||||
|
||||
sub help {
|
||||
- print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
|
||||
+ print "Usage: c_rehash-1_1 [-old] [-h] [-help] [-v] [dirs...]\n";
|
||||
print " -old use old-style digest\n";
|
||||
print " -h or -help print this help text\n";
|
||||
print " -v print files removed and linked\n";
|
||||
@@ -73,7 +73,7 @@ if (! -x $openssl) {
|
||||
}
|
||||
}
|
||||
if ($found == 0) {
|
||||
- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
|
||||
+ print STDERR "c_rehash-1_1: rehashing skipped ('openssl-1_1' program not available)\n";
|
||||
exit 0;
|
||||
}
|
||||
}
|
10
openssl-1_1-ossl-sli-000-fix-build-error.patch
Normal file
10
openssl-1_1-ossl-sli-000-fix-build-error.patch
Normal file
@ -0,0 +1,10 @@
|
||||
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
||||
index e4a490a82..2a778ce92 100644
|
||||
--- a/util/libcrypto.num
|
||||
+++ b/util/libcrypto.num
|
||||
@@ -4634,3 +4634,5 @@ EVP_KDF_vctrl 6594 1_1_1d EXIST::FUNCTION:
|
||||
EVP_KDF_ctrl_str 6595 1_1_1d EXIST::FUNCTION:
|
||||
EVP_KDF_size 6596 1_1_1d EXIST::FUNCTION:
|
||||
EVP_KDF_derive 6597 1_1_1d EXIST::FUNCTION:
|
||||
+EC_GROUP_get0_field 6598 1_1_1l EXIST::FUNCTION:EC
|
||||
+NONFIPS_selftest_check 6599 1_1_1l EXIST::FUNCTION:
|
111
openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
Normal file
111
openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
Normal file
@ -0,0 +1,111 @@
|
||||
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
|
||||
index 43c916fc1..fab410b9e 100644
|
||||
--- a/crypto/ec/ec_key.c
|
||||
+++ b/crypto/ec/ec_key.c
|
||||
@@ -472,16 +472,16 @@ int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx)
|
||||
*/
|
||||
if (eckey->priv_key != NULL) {
|
||||
if (BN_cmp(eckey->priv_key, order) >= 0) {
|
||||
- ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
|
||||
+ ECerr(EC_F_EC_KEY_PUBLIC_CHECK, EC_R_WRONG_ORDER);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
|
||||
NULL, NULL, ctx)) {
|
||||
- ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_EC_KEY_PUBLIC_CHECK, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
|
||||
- ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
|
||||
+ ECerr(EC_F_EC_KEY_PUBLIC_CHECK, EC_R_INVALID_PRIVATE_KEY);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
|
||||
index 8794a6781..f38137388 100644
|
||||
--- a/crypto/ec/ecdh_ossl.c
|
||||
+++ b/crypto/ec/ecdh_ossl.c
|
||||
@@ -28,7 +28,7 @@ int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (FIPS_selftest_failed()) {
|
||||
- FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_OSSL_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
|
||||
index 3445abd02..9e9526241 100644
|
||||
--- a/crypto/ec/ecdsa_ossl.c
|
||||
+++ b/crypto/ec/ecdsa_ossl.c
|
||||
@@ -204,7 +204,7 @@ ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (FIPS_selftest_failed()) {
|
||||
- FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_ECDSA_SIMPLE_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -373,7 +373,7 @@ int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (FIPS_selftest_failed()) {
|
||||
- FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_ECDSA_SIMPLE_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
diff --git a/crypto/fips/fips_sha_selftest.c b/crypto/fips/fips_sha_selftest.c
|
||||
index 035c2c092..4a6336248 100644
|
||||
--- a/crypto/fips/fips_sha_selftest.c
|
||||
+++ b/crypto/fips/fips_sha_selftest.c
|
||||
@@ -195,25 +195,25 @@ int FIPS_selftest_sha3(void)
|
||||
|
||||
EVP_Digest(msg_sha3_256, sizeof(msg_sha3_256), md, NULL, EVP_sha3_256(), NULL);
|
||||
if (memcmp(dig_sha3_256, md, sizeof(dig_sha3_256))) {
|
||||
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_Digest(msg_sha3_512, sizeof(msg_sha3_512), md, NULL, EVP_sha3_512(), NULL);
|
||||
if (memcmp(dig_sha3_512, md, sizeof(dig_sha3_512))) {
|
||||
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_Digest(msg_shake_128, sizeof(msg_shake_128), md, NULL, EVP_shake128(), NULL);
|
||||
if (memcmp(dig_shake_128, md, sizeof(dig_shake_128))) {
|
||||
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_Digest(msg_shake_256, sizeof(msg_shake_256), md, NULL, EVP_shake256(), NULL);
|
||||
if (memcmp(dig_shake_256, md, sizeof(dig_shake_256))) {
|
||||
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
|
||||
index e4208cbfa..7af006e7b 100644
|
||||
--- a/include/openssl/fips.h
|
||||
+++ b/include/openssl/fips.h
|
||||
@@ -130,8 +130,13 @@ extern "C" {
|
||||
# define FIPS_F_FIPS_SELFTEST_HKDF 155
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||
+# define FIPS_F_FIPS_SELFTEST_SHA3 156
|
||||
+# define FIPS_F_ECDSA_SIMPLE_VERIFY_SIG 157
|
||||
+# define FIPS_F_ECDSA_SIMPLE_SIGN_SIG 158
|
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
||||
# define FIPS_F_OSSL_ECDSA_VERIFY_SIG 148
|
||||
+# define FIPS_F_OSSL_ECDSA_SIMPLE_VERIFY_SIG 159
|
||||
+# define FIPS_F_OSSL_ECDH_COMPUTE_KEY 160
|
||||
# define FIPS_F_RSA_BUILTIN_KEYGEN 116
|
||||
# define FIPS_F_RSA_OSSL_INIT 149
|
||||
# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT 117
|
946
openssl-1_1-ossl-sli-002-ran-make-update.patch
Normal file
946
openssl-1_1-ossl-sli-002-ran-make-update.patch
Normal file
@ -0,0 +1,946 @@
|
||||
---
|
||||
apps/openssl-vms.cnf | 18 ++++
|
||||
crypto/dh/dh_err.c | 8 -
|
||||
crypto/dsa/dsa_err.c | 8 +
|
||||
crypto/ec/ec_err.c | 29 ++++++-
|
||||
crypto/err/openssl.txt | 40 +++++++++
|
||||
crypto/evp/evp_err.c | 6 -
|
||||
crypto/fips/fips_ers.c | 189 +++++++++++++++++++++++++++++++++++++++++++++--
|
||||
crypto/rsa/rsa_err.c | 23 +++--
|
||||
include/openssl/dherr.h | 15 +--
|
||||
include/openssl/dsaerr.h | 18 +---
|
||||
include/openssl/ecerr.h | 7 -
|
||||
include/openssl/evperr.h | 19 ++--
|
||||
include/openssl/rsaerr.h | 32 +++----
|
||||
13 files changed, 333 insertions(+), 79 deletions(-)
|
||||
|
||||
--- a/apps/openssl-vms.cnf
|
||||
+++ b/apps/openssl-vms.cnf
|
||||
@@ -11,6 +11,24 @@
|
||||
# defined.
|
||||
HOME = .
|
||||
|
||||
+openssl_conf = openssl_init
|
||||
+
|
||||
+[ openssl_init ]
|
||||
+
|
||||
+engines = engine_section
|
||||
+
|
||||
+[ engine_section ]
|
||||
+
|
||||
+# This include will look through the directory that will contain the
|
||||
+# engine declarations for any engines provided by other packages.
|
||||
+.include /etc/ssl/engines1.1.d
|
||||
+
|
||||
+# This include will look through the directory that will contain the
|
||||
+# definitions of the engines declared in the engine section.
|
||||
+.include /etc/ssl/engdef1.1.d
|
||||
+
|
||||
+[ oid_section ]
|
||||
+
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
--- a/crypto/dh/dh_err.c
|
||||
+++ b/crypto/dh/dh_err.c
|
||||
@@ -26,8 +26,8 @@ static const ERR_STRING_DATA DH_str_func
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
|
||||
"dh_cms_set_shared_info"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"},
|
||||
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"},
|
||||
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0),
|
||||
+ "DH_generate_parameters_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
|
||||
@@ -78,11 +78,11 @@ static const ERR_STRING_DATA DH_str_reas
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non fips method"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
|
||||
"not suitable generator"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
|
||||
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
||||
"parameter encoding error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
||||
--- a/crypto/dsa/dsa_err.c
|
||||
+++ b/crypto/dsa/dsa_err.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -24,7 +24,8 @@ static const ERR_STRING_DATA DSA_str_fun
|
||||
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
|
||||
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
|
||||
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"},
|
||||
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"},
|
||||
+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0),
|
||||
+ "DSA_generate_parameters_ex"},
|
||||
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
|
||||
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
|
||||
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
|
||||
@@ -60,8 +61,9 @@ static const ERR_STRING_DATA DSA_str_rea
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
|
||||
"missing private key"},
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
|
||||
+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD),
|
||||
+ "non fips dsa method"},
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
|
||||
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
|
||||
"parameter encoding error"},
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
|
||||
--- a/crypto/ec/ec_err.c
|
||||
+++ b/crypto/ec/ec_err.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -27,9 +27,19 @@ static const ERR_STRING_DATA EC_str_func
|
||||
"ecdh_simple_compute_key"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_SIGN_SIG, 0),
|
||||
+ "ecdsa_s390x_nistp_sign_sig"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, 0),
|
||||
+ "ecdsa_s390x_nistp_verify_sig"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SETUP, 0),
|
||||
+ "ecdsa_simple_sign_setup"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SIG, 0),
|
||||
+ "ecdsa_simple_sign_sig"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
|
||||
+ "ecdsa_simple_verify_sig"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
|
||||
@@ -193,6 +203,7 @@ static const ERR_STRING_DATA EC_str_func
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PUBLIC_CHECK, 0), "ec_key_public_check"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
|
||||
"EC_KEY_set_public_key_affine_coordinates"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
|
||||
@@ -266,6 +277,8 @@ static const ERR_STRING_DATA EC_str_func
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
|
||||
"ossl_ecdh_compute_key"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SETUP, 0),
|
||||
+ "ossl_ecdsa_sign_setup"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
|
||||
"ossl_ecdsa_verify_sig"},
|
||||
@@ -284,6 +297,18 @@ static const ERR_STRING_DATA EC_str_func
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, 0),
|
||||
+ "s390x_pkey_ecd_digestsign25519"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN448, 0),
|
||||
+ "s390x_pkey_ecd_digestsign448"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN25519, 0),
|
||||
+ "s390x_pkey_ecd_keygen25519"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN448, 0),
|
||||
+ "s390x_pkey_ecd_keygen448"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN25519, 0),
|
||||
+ "s390x_pkey_ecx_keygen25519"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN448, 0),
|
||||
+ "s390x_pkey_ecx_keygen448"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -298,6 +323,8 @@ static const ERR_STRING_DATA EC_str_reas
|
||||
"coordinates out of range"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
|
||||
"curve does not support ecdh"},
|
||||
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA),
|
||||
+ "curve does not support ecdsa"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
|
||||
"curve does not support signing"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
|
||||
--- a/crypto/err/openssl.txt
|
||||
+++ b/crypto/err/openssl.txt
|
||||
@@ -408,6 +408,8 @@ DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pu
|
||||
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
|
||||
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
|
||||
DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
|
||||
+DH_F_DH_COMPUTE_KEY:126:DH_compute_key
|
||||
+DH_F_DH_GENERATE_PARAMETERS_EX:127:DH_generate_parameters_ex
|
||||
DH_F_DH_METH_DUP:117:DH_meth_dup
|
||||
DH_F_DH_METH_NEW:118:DH_meth_new
|
||||
DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
|
||||
@@ -427,10 +429,13 @@ DH_F_PKEY_DH_INIT:125:pkey_dh_init
|
||||
DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
|
||||
DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
|
||||
DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
|
||||
+DSA_F_DSA_BUILTIN_KEYGEN:108:dsa_builtin_keygen
|
||||
DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
|
||||
DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
|
||||
DSA_F_DSA_DO_SIGN:112:DSA_do_sign
|
||||
DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
|
||||
+DSA_F_DSA_GENERATE_KEY:109:DSA_generate_key
|
||||
+DSA_F_DSA_GENERATE_PARAMETERS_EX:110:DSA_generate_parameters_ex
|
||||
DSA_F_DSA_METH_DUP:127:DSA_meth_dup
|
||||
DSA_F_DSA_METH_NEW:128:DSA_meth_new
|
||||
DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
|
||||
@@ -494,15 +499,15 @@ EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_k
|
||||
EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
|
||||
EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
|
||||
EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
|
||||
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
|
||||
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
|
||||
EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
||||
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
||||
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
||||
-EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
||||
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
||||
-EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
|
||||
-EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
|
||||
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
||||
@@ -610,6 +615,7 @@ EC_F_EC_KEY_PRINT:180:EC_KEY_print
|
||||
EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
|
||||
EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
|
||||
EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
|
||||
+EC_F_EC_KEY_PUBLIC_CHECK:299:ec_key_public_check
|
||||
EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
|
||||
EC_KEY_set_public_key_affine_coordinates
|
||||
EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
|
||||
@@ -735,6 +741,7 @@ EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
|
||||
EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
|
||||
EVP_F_AES_T4_XTS_INIT_KEY:208:aes_t4_xts_init_key
|
||||
EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
|
||||
+EVP_F_AES_XTS_CIPHER:210:aes_xts_cipher
|
||||
EVP_F_AES_XTS_INIT_KEY:209:aes_xts_init_key
|
||||
EVP_F_ALG_MODULE_INIT:177:alg_module_init
|
||||
EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
|
||||
@@ -844,6 +851,8 @@ FIPS_F_EVP_CIPHER_CTX_NEW:137:EVP_CIPHER
|
||||
FIPS_F_EVP_CIPHER_CTX_RESET:122:EVP_CIPHER_CTX_reset
|
||||
FIPS_F_EVP_CIPHERINIT_EX:124:EVP_CipherInit_ex
|
||||
FIPS_F_EVP_DIGESTINIT_EX:125:EVP_DigestInit_ex
|
||||
+FIPS_F_ECDSA_SIMPLE_SIGN_SIG:104:ecdsa_simple_sign_sig
|
||||
+FIPS_F_ECDSA_SIMPLE_VERIFY_SIG:105:ecdsa_simple_verify_sig
|
||||
FIPS_F_FIPS_CHECK_DSA:104:fips_check_dsa
|
||||
FIPS_F_FIPS_CHECK_EC:142:fips_check_ec
|
||||
FIPS_F_FIPS_CHECK_RSA:106:fips_check_rsa
|
||||
@@ -874,9 +883,15 @@ FIPS_F_FIPS_SELFTEST_CMAC:130:FIPS_selft
|
||||
FIPS_F_FIPS_SELFTEST_DES:111:FIPS_selftest_des
|
||||
FIPS_F_FIPS_SELFTEST_DSA:112:FIPS_selftest_dsa
|
||||
FIPS_F_FIPS_SELFTEST_ECDSA:133:FIPS_selftest_ecdsa
|
||||
+FIPS_F_FIPS_SELFTEST_HKDF:136:FIPS_selftest_hkdf
|
||||
FIPS_F_FIPS_SELFTEST_HMAC:113:FIPS_selftest_hmac
|
||||
+FIPS_F_FIPS_SELFTEST_PBKDF2:138:FIPS_selftest_pbkdf2
|
||||
FIPS_F_FIPS_SELFTEST_SHA1:115:FIPS_selftest_sha1
|
||||
FIPS_F_FIPS_SELFTEST_SHA2:105:FIPS_selftest_sha2
|
||||
+FIPS_F_FIPS_SELFTEST_SHA3:141:FIPS_selftest_sha3
|
||||
+FIPS_F_FIPS_SELFTEST_SSH:142:FIPS_selftest_ssh
|
||||
+FIPS_F_FIPS_SELFTEST_TLS:143:FIPS_selftest_tls
|
||||
+FIPS_F_OSSL_ECDH_COMPUTE_KEY:144:ossl_ecdh_compute_key
|
||||
FIPS_F_OSSL_ECDSA_SIGN_SIG:143:ossl_ecdsa_sign_sig
|
||||
FIPS_F_OSSL_ECDSA_VERIFY_SIG:148:ossl_ecdsa_verify_sig
|
||||
FIPS_F_RSA_BUILTIN_KEYGEN:116:rsa_builtin_keygen
|
||||
@@ -1126,6 +1141,7 @@ RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo
|
||||
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
|
||||
RSA_F_CHECK_PADDING_MD:140:check_padding_md
|
||||
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
|
||||
+RSA_F_FIPS_RSA_BUILTIN_KEYGEN:168:fips_rsa_builtin_keygen
|
||||
RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
|
||||
RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
|
||||
RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
|
||||
@@ -1140,6 +1156,8 @@ RSA_F_RSA_CHECK_KEY:123:RSA_check_key
|
||||
RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
|
||||
RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
|
||||
RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
|
||||
+RSA_F_RSA_GENERATE_KEY_EX:169:RSA_generate_key_ex
|
||||
+RSA_F_RSA_GENERATE_MULTI_PRIME_KEY:170:RSA_generate_multi_prime_key
|
||||
RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
|
||||
RSA_F_RSA_METH_DUP:161:RSA_meth_dup
|
||||
RSA_F_RSA_METH_NEW:162:RSA_meth_new
|
||||
@@ -1175,12 +1193,18 @@ RSA_F_RSA_PADDING_CHECK_X931:128:RSA_pad
|
||||
RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
|
||||
RSA_F_RSA_PRINT:115:RSA_print
|
||||
RSA_F_RSA_PRINT_FP:116:RSA_print_fp
|
||||
+RSA_F_RSA_PRIVATE_DECRYPT:171:RSA_private_decrypt
|
||||
+RSA_F_RSA_PRIVATE_ENCRYPT:172:RSA_private_encrypt
|
||||
RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
|
||||
RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
|
||||
RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
|
||||
RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
|
||||
+RSA_F_RSA_PUBLIC_DECRYPT:173:RSA_public_decrypt
|
||||
+RSA_F_RSA_PUBLIC_ENCRYPT:174:RSA_public_encrypt
|
||||
RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
|
||||
RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
|
||||
+RSA_F_RSA_SET_DEFAULT_METHOD:175:RSA_set_default_method
|
||||
+RSA_F_RSA_SET_METHOD:176:RSA_set_method
|
||||
RSA_F_RSA_SIGN:117:RSA_sign
|
||||
RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
|
||||
RSA_F_RSA_VERIFY:119:RSA_verify
|
||||
@@ -2189,8 +2213,10 @@ DH_R_INVALID_PARAMETER_NID:114:invalid p
|
||||
DH_R_INVALID_PUBKEY:102:invalid public key
|
||||
DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
|
||||
DH_R_KEYS_NOT_SET:108:keys not set
|
||||
+DH_R_KEY_SIZE_TOO_SMALL:126:key size too small
|
||||
DH_R_MISSING_PUBKEY:125:missing pubkey
|
||||
DH_R_MODULUS_TOO_LARGE:103:modulus too large
|
||||
+DH_R_NON_FIPS_METHOD:127:non fips method
|
||||
DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
|
||||
DH_R_NO_PARAMETERS_SET:107:no parameters set
|
||||
DH_R_NO_PRIVATE_VALUE:100:no private value
|
||||
@@ -2204,9 +2230,12 @@ DSA_R_BN_ERROR:109:bn error
|
||||
DSA_R_DECODE_ERROR:104:decode error
|
||||
DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
|
||||
DSA_R_INVALID_PARAMETERS:112:invalid parameters
|
||||
+DSA_R_KEY_SIZE_INVALID:114:key size invalid
|
||||
+DSA_R_KEY_SIZE_TOO_SMALL:115:key size too small
|
||||
DSA_R_MISSING_PARAMETERS:101:missing parameters
|
||||
DSA_R_MISSING_PRIVATE_KEY:111:missing private key
|
||||
DSA_R_MODULUS_TOO_LARGE:103:modulus too large
|
||||
+DSA_R_NON_FIPS_DSA_METHOD:116:non fips dsa method
|
||||
DSA_R_NO_PARAMETERS_SET:107:no parameters set
|
||||
DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
||||
DSA_R_Q_NOT_PRIME:113:q not prime
|
||||
@@ -2344,6 +2373,7 @@ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
|
||||
EVP_R_DECODE_ERROR:114:decode error
|
||||
EVP_R_DIFFERENT_KEY_TYPES:101:different key types
|
||||
EVP_R_DIFFERENT_PARAMETERS:153:different parameters
|
||||
+EVP_R_DISABLED_FOR_FIPS:185:disabled for fips
|
||||
EVP_R_ERROR_LOADING_SECTION:165:error loading section
|
||||
EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
|
||||
EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
|
||||
@@ -2389,6 +2419,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREA
|
||||
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
|
||||
EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
|
||||
EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
|
||||
+EVP_R_TOO_LARGE:186:too large
|
||||
EVP_R_UNKNOWN_CIPHER:160:unknown cipher
|
||||
EVP_R_UNKNOWN_DIGEST:161:unknown digest
|
||||
EVP_R_UNKNOWN_OPTION:169:unknown option
|
||||
@@ -2711,11 +2742,13 @@ RSA_R_MODULUS_TOO_LARGE:105:modulus too
|
||||
RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
|
||||
RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
|
||||
RSA_R_MP_R_NOT_PRIME:170:mp r not prime
|
||||
+RSA_R_NON_FIPS_RSA_METHOD:171:non fips rsa method
|
||||
RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
|
||||
RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
|
||||
RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
|
||||
RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
|
||||
RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
|
||||
+RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE:173:operation not allowed in fips mode
|
||||
RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
|
||||
operation not supported for this keytype
|
||||
RSA_R_PADDING_CHECK_FAILED:114:padding check failed
|
||||
@@ -2737,6 +2770,7 @@ RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:un
|
||||
RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
|
||||
RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
|
||||
RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
|
||||
+RSA_R_UNSUPPORTED_PARAMETERS:174:unsupported parameters
|
||||
RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
|
||||
RSA_R_VALUE_MISSING:147:value missing
|
||||
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
|
||||
--- a/crypto/evp/evp_err.c
|
||||
+++ b/crypto/evp/evp_err.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -192,7 +192,7 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
"different key types"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
|
||||
"different parameters"},
|
||||
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"},
|
||||
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
|
||||
"error loading section"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
|
||||
@@ -286,8 +286,6 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
"wrap mode not allowed"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
|
||||
"wrong final block length"},
|
||||
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE),
|
||||
- "xts data unit is too large"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
|
||||
"xts duplicated keys"},
|
||||
{0, NULL}
|
||||
--- a/crypto/fips/fips_ers.c
|
||||
+++ b/crypto/fips/fips_ers.c
|
||||
@@ -1,7 +1,186 @@
|
||||
-#include <openssl/opensslconf.h>
|
||||
+/*
|
||||
+ * Generated by util/mkerr.pl DO NOT EDIT
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
|
||||
-#ifdef OPENSSL_FIPS
|
||||
-# include "fips_err.h"
|
||||
-#else
|
||||
-static void *dummy = &dummy;
|
||||
+#include <openssl/err.h>
|
||||
+#include "crypto/fipserr.h"
|
||||
+
|
||||
+#ifndef OPENSSL_NO_ERR
|
||||
+
|
||||
+static const ERR_STRING_DATA FIPS_str_functs[] = {
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DRBG_RESEED, 0), "drbg_reseed"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_BUILTIN_PARAMGEN2, 0),
|
||||
+ "dsa_builtin_paramgen2"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_SIGN_SIG, 0),
|
||||
+ "ecdsa_simple_sign_sig"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
|
||||
+ "ecdsa_simple_verify_sig"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_NEW, 0),
|
||||
+ "EVP_CIPHER_CTX_new"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_RESET, 0),
|
||||
+ "EVP_CIPHER_CTX_reset"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_DSA, 0), "fips_check_dsa"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_EC, 0), "fips_check_ec"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_RSA, 0), "fips_check_rsa"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_BYTES, 0), "fips_drbg_bytes"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_CHECK, 0), "fips_drbg_check"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_ERROR_CHECK, 0),
|
||||
+ "fips_drbg_error_check"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_GENERATE, 0),
|
||||
+ "FIPS_drbg_generate"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INIT, 0), "FIPS_drbg_init"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INSTANTIATE, 0),
|
||||
+ "FIPS_drbg_instantiate"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_NEW, 0), "FIPS_drbg_new"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_SINGLE_KAT, 0),
|
||||
+ "fips_drbg_single_kat"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_GET_ENTROPY, 0), "fips_get_entropy"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_MODULE_MODE_SET, 0),
|
||||
+ "FIPS_module_mode_set"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_PKEY_SIGNATURE_TEST, 0),
|
||||
+ "fips_pkey_signature_test"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_BYTES, 0), "FIPS_rand_bytes"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SEED, 0), "FIPS_rand_seed"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SET_METHOD, 0),
|
||||
+ "FIPS_rand_set_method"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_STATUS, 0), "FIPS_rand_status"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, 0),
|
||||
+ "fips_rsa_builtin_keygen"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES, 0), "FIPS_selftest_aes"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_CCM, 0),
|
||||
+ "FIPS_selftest_aes_ccm"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_GCM, 0),
|
||||
+ "FIPS_selftest_aes_gcm"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_XTS, 0),
|
||||
+ "FIPS_selftest_aes_xts"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_CMAC, 0),
|
||||
+ "FIPS_selftest_cmac"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_DES, 0), "FIPS_selftest_des"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_ECDSA, 0),
|
||||
+ "FIPS_selftest_ecdsa"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HKDF, 0),
|
||||
+ "FIPS_selftest_hkdf"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HMAC, 0),
|
||||
+ "FIPS_selftest_hmac"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_PBKDF2, 0),
|
||||
+ "FIPS_selftest_pbkdf2"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA1, 0),
|
||||
+ "FIPS_selftest_sha1"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA2, 0),
|
||||
+ "FIPS_selftest_sha2"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA3, 0),
|
||||
+ "FIPS_selftest_sha3"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SSH, 0), "FIPS_selftest_ssh"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_TLS, 0), "FIPS_selftest_tls"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_OSSL_ECDH_COMPUTE_KEY, 0),
|
||||
+ "ossl_ecdh_compute_key"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
|
||||
+ "rsa_ossl_private_decrypt"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
|
||||
+ "rsa_ossl_private_encrypt"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
|
||||
+ "rsa_ossl_public_decrypt"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
|
||||
+ "rsa_ossl_public_encrypt"},
|
||||
+ {0, NULL}
|
||||
+};
|
||||
+
|
||||
+static const ERR_STRING_DATA FIPS_str_reasons[] = {
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
|
||||
+ "additional input error undetected"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
|
||||
+ "additional input too long"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ALREADY_INSTANTIATED),
|
||||
+ "already instantiated"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_DRBG_NOT_INITIALISED),
|
||||
+ "drbg not initialised"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_ERROR_UNDETECTED),
|
||||
+ "entropy error undetected"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
|
||||
+ "entropy not requested for reseed"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_SOURCE_STUCK),
|
||||
+ "entropy source stuck"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INITIALISING_DRBG),
|
||||
+ "error initialising drbg"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INSTANTIATING_DRBG),
|
||||
+ "error instantiating drbg"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
|
||||
+ "error retrieving additional input"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ENTROPY),
|
||||
+ "error retrieving entropy"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_NONCE),
|
||||
+ "error retrieving nonce"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
|
||||
+ "fingerprint does not match"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_MODE_ALREADY_SET),
|
||||
+ "fips mode already set"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_SELFTEST_FAILED),
|
||||
+ "fips selftest failed"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FUNCTION_ERROR), "function error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR), "generate error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR_UNDETECTED),
|
||||
+ "generate error undetected"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INVALID_KEY_LENGTH),
|
||||
+ "invalid key length"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_IN_ERROR_STATE), "in error state"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_KEY_TOO_SHORT), "key too short"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NONCE_ERROR_UNDETECTED),
|
||||
+ "nonce error undetected"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NON_FIPS_METHOD), "non fips method"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST1_FAILURE),
|
||||
+ "nopr test1 failure"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST2_FAILURE),
|
||||
+ "nopr test2 failure"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOT_INSTANTIATED), "not instantiated"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PAIRWISE_TEST_FAILED),
|
||||
+ "pairwise test failed"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
|
||||
+ "personalisation error undetected"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_STRING_TOO_LONG),
|
||||
+ "personalisation string too long"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
|
||||
+ "request length error undetected"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
|
||||
+ "request too large for drbg"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_COUNTER_ERROR),
|
||||
+ "reseed counter error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_ERROR), "reseed error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILED), "selftest failed"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILURE), "selftest failure"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_TEST_FAILURE), "test failure"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ERROR),
|
||||
+ "uninstantiate error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
|
||||
+ "uninstantiate zeroise error"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_DRBG_TYPE),
|
||||
+ "unsupported drbg type"},
|
||||
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_PLATFORM),
|
||||
+ "unsupported platform"},
|
||||
+ {0, NULL}
|
||||
+};
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
+int ERR_load_FIPS_strings(void)
|
||||
+{
|
||||
+#ifndef OPENSSL_NO_ERR
|
||||
+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
|
||||
+ ERR_load_strings_const(FIPS_str_functs);
|
||||
+ ERR_load_strings_const(FIPS_str_reasons);
|
||||
+ }
|
||||
#endif
|
||||
+ return 1;
|
||||
+}
|
||||
--- a/crypto/rsa/rsa_err.c
|
||||
+++ b/crypto/rsa/rsa_err.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -34,7 +34,8 @@ static const ERR_STRING_DATA RSA_str_fun
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0),
|
||||
+ "RSA_generate_key_ex"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0),
|
||||
"RSA_generate_multi_prime_key"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
|
||||
@@ -93,16 +94,21 @@ static const ERR_STRING_DATA RSA_str_fun
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0),
|
||||
+ "RSA_private_decrypt"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0),
|
||||
+ "RSA_private_encrypt"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0),
|
||||
+ "RSA_set_default_method"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
|
||||
"RSA_sign_ASN1_OCTET_STRING"},
|
||||
@@ -111,8 +117,6 @@ static const ERR_STRING_DATA RSA_str_fun
|
||||
"RSA_verify_ASN1_OCTET_STRING"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
|
||||
"RSA_verify_PKCS1_PSS_mgf1"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
|
||||
{ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -193,8 +197,9 @@ static const ERR_STRING_DATA RSA_str_rea
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
|
||||
"mp exponent not congruent to d"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
|
||||
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD),
|
||||
+ "non fips rsa method"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
|
||||
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
|
||||
"null before block missing"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
|
||||
@@ -204,7 +209,7 @@ static const ERR_STRING_DATA RSA_str_rea
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
|
||||
"oaep decoding error"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
|
||||
- "operation not allowed in FIPS mode"},
|
||||
+ "operation not allowed in fips mode"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
|
||||
"operation not supported for this keytype"},
|
||||
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
|
||||
--- a/include/openssl/dherr.h
|
||||
+++ b/include/openssl/dherr.h
|
||||
@@ -11,9 +11,7 @@
|
||||
#ifndef HEADER_DHERR_H
|
||||
# define HEADER_DHERR_H
|
||||
|
||||
-# ifndef HEADER_SYMHACKS_H
|
||||
-# include <openssl/symhacks.h>
|
||||
-# endif
|
||||
+# include <openssl/symhacks.h>
|
||||
|
||||
# include <openssl/opensslconf.h>
|
||||
|
||||
@@ -36,9 +34,8 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_F_DH_CMS_DECRYPT 114
|
||||
# define DH_F_DH_CMS_SET_PEERKEY 115
|
||||
# define DH_F_DH_CMS_SET_SHARED_INFO 116
|
||||
-# define DH_F_DH_COMPUTE_KEY 203
|
||||
-# define DH_F_DH_GENERATE_KEY 202
|
||||
-# define DH_F_DH_GENERATE_PARAMETERS_EX 201
|
||||
+# define DH_F_DH_COMPUTE_KEY 126
|
||||
+# define DH_F_DH_GENERATE_PARAMETERS_EX 127
|
||||
# define DH_F_DH_METH_DUP 117
|
||||
# define DH_F_DH_METH_NEW 118
|
||||
# define DH_F_DH_METH_SET1_NAME 119
|
||||
@@ -76,14 +73,14 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_R_INVALID_PARAMETER_NID 114
|
||||
# define DH_R_INVALID_PUBKEY 102
|
||||
# define DH_R_KDF_PARAMETER_ERROR 112
|
||||
-# define DH_R_KEY_SIZE_TOO_SMALL 201
|
||||
# define DH_R_KEYS_NOT_SET 108
|
||||
+# define DH_R_KEY_SIZE_TOO_SMALL 126
|
||||
# define DH_R_MISSING_PUBKEY 125
|
||||
# define DH_R_MODULUS_TOO_LARGE 103
|
||||
+# define DH_R_NON_FIPS_METHOD 127
|
||||
# define DH_R_NOT_SUITABLE_GENERATOR 120
|
||||
# define DH_R_NO_PARAMETERS_SET 107
|
||||
# define DH_R_NO_PRIVATE_VALUE 100
|
||||
-# define DH_R_NON_FIPS_METHOD 202
|
||||
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
||||
# define DH_R_PEER_KEY_ERROR 111
|
||||
# define DH_R_SHARED_INFO_ERROR 113
|
||||
--- a/include/openssl/dsaerr.h
|
||||
+++ b/include/openssl/dsaerr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -11,9 +11,7 @@
|
||||
#ifndef HEADER_DSAERR_H
|
||||
# define HEADER_DSAERR_H
|
||||
|
||||
-# ifndef HEADER_SYMHACKS_H
|
||||
-# include <openssl/symhacks.h>
|
||||
-# endif
|
||||
+# include <openssl/symhacks.h>
|
||||
|
||||
# include <openssl/opensslconf.h>
|
||||
|
||||
@@ -29,13 +27,13 @@ int ERR_load_DSA_strings(void);
|
||||
*/
|
||||
# define DSA_F_DSAPARAMS_PRINT 100
|
||||
# define DSA_F_DSAPARAMS_PRINT_FP 101
|
||||
-# define DSA_F_DSA_BUILTIN_KEYGEN 202
|
||||
+# define DSA_F_DSA_BUILTIN_KEYGEN 108
|
||||
# define DSA_F_DSA_BUILTIN_PARAMGEN 125
|
||||
# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
|
||||
-# define DSA_F_DSA_GENERATE_KEY 201
|
||||
-# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200
|
||||
# define DSA_F_DSA_DO_SIGN 112
|
||||
# define DSA_F_DSA_DO_VERIFY 113
|
||||
+# define DSA_F_DSA_GENERATE_KEY 109
|
||||
+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 110
|
||||
# define DSA_F_DSA_METH_DUP 127
|
||||
# define DSA_F_DSA_METH_NEW 128
|
||||
# define DSA_F_DSA_METH_SET1_NAME 129
|
||||
@@ -63,13 +61,13 @@ int ERR_load_DSA_strings(void);
|
||||
# define DSA_R_DECODE_ERROR 104
|
||||
# define DSA_R_INVALID_DIGEST_TYPE 106
|
||||
# define DSA_R_INVALID_PARAMETERS 112
|
||||
-# define DSA_R_KEY_SIZE_INVALID 201
|
||||
-# define DSA_R_KEY_SIZE_TOO_SMALL 202
|
||||
+# define DSA_R_KEY_SIZE_INVALID 114
|
||||
+# define DSA_R_KEY_SIZE_TOO_SMALL 115
|
||||
# define DSA_R_MISSING_PARAMETERS 101
|
||||
# define DSA_R_MISSING_PRIVATE_KEY 111
|
||||
# define DSA_R_MODULUS_TOO_LARGE 103
|
||||
+# define DSA_R_NON_FIPS_DSA_METHOD 116
|
||||
# define DSA_R_NO_PARAMETERS_SET 107
|
||||
-# define DSA_R_NON_FIPS_DSA_METHOD 200
|
||||
# define DSA_R_PARAMETER_ENCODING_ERROR 105
|
||||
# define DSA_R_Q_NOT_PRIME 113
|
||||
# define DSA_R_SEED_LEN_SMALL 110
|
||||
--- a/include/openssl/ecerr.h
|
||||
+++ b/include/openssl/ecerr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -11,9 +11,7 @@
|
||||
#ifndef HEADER_ECERR_H
|
||||
# define HEADER_ECERR_H
|
||||
|
||||
-# ifndef HEADER_SYMHACKS_H
|
||||
-# include <openssl/symhacks.h>
|
||||
-# endif
|
||||
+# include <openssl/symhacks.h>
|
||||
|
||||
# include <openssl/opensslconf.h>
|
||||
|
||||
@@ -143,6 +141,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_EC_KEY_PRINT_FP 181
|
||||
# define EC_F_EC_KEY_PRIV2BUF 279
|
||||
# define EC_F_EC_KEY_PRIV2OCT 256
|
||||
+# define EC_F_EC_KEY_PUBLIC_CHECK 299
|
||||
# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229
|
||||
# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258
|
||||
# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259
|
||||
--- a/include/openssl/evperr.h
|
||||
+++ b/include/openssl/evperr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -22,15 +22,15 @@ int ERR_load_EVP_strings(void);
|
||||
* EVP function codes.
|
||||
*/
|
||||
# define EVP_F_AESNI_INIT_KEY 165
|
||||
-# define EVP_F_AESNI_XTS_INIT_KEY 233
|
||||
+# define EVP_F_AESNI_XTS_INIT_KEY 207
|
||||
# define EVP_F_AES_GCM_CTRL 196
|
||||
# define EVP_F_AES_INIT_KEY 133
|
||||
# define EVP_F_AES_OCB_CIPHER 169
|
||||
# define EVP_F_AES_T4_INIT_KEY 178
|
||||
-# define EVP_F_AES_T4_XTS_INIT_KEY 234
|
||||
+# define EVP_F_AES_T4_XTS_INIT_KEY 208
|
||||
# define EVP_F_AES_WRAP_CIPHER 170
|
||||
-# define EVP_F_AES_XTS_CIPHER 229
|
||||
-# define EVP_F_AES_XTS_INIT_KEY 235
|
||||
+# define EVP_F_AES_XTS_CIPHER 210
|
||||
+# define EVP_F_AES_XTS_INIT_KEY 209
|
||||
# define EVP_F_ALG_MODULE_INIT 177
|
||||
# define EVP_F_ARIA_CCM_INIT_KEY 175
|
||||
# define EVP_F_ARIA_GCM_CTRL 197
|
||||
@@ -146,9 +146,9 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
|
||||
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
|
||||
# define EVP_R_DECODE_ERROR 114
|
||||
-# define EVP_R_DISABLED_FOR_FIPS 200
|
||||
# define EVP_R_DIFFERENT_KEY_TYPES 101
|
||||
# define EVP_R_DIFFERENT_PARAMETERS 153
|
||||
+# define EVP_R_DISABLED_FOR_FIPS 185
|
||||
# define EVP_R_ERROR_LOADING_SECTION 165
|
||||
# define EVP_R_ERROR_SETTING_FIPS_MODE 166
|
||||
# define EVP_R_EXPECTING_AN_HMAC_KEY 174
|
||||
@@ -184,15 +184,15 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
|
||||
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
||||
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
||||
-# define EVP_R_PARAMETER_TOO_LARGE 187
|
||||
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
|
||||
+# define EVP_R_PARAMETER_TOO_LARGE 187
|
||||
# define EVP_R_PARTIALLY_OVERLAPPING 162
|
||||
# define EVP_R_PBKDF2_ERROR 181
|
||||
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
|
||||
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
|
||||
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
|
||||
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
|
||||
-# define EVP_R_TOO_LARGE 201
|
||||
+# define EVP_R_TOO_LARGE 186
|
||||
# define EVP_R_UNKNOWN_CIPHER 160
|
||||
# define EVP_R_UNKNOWN_DIGEST 161
|
||||
# define EVP_R_UNKNOWN_OPTION 169
|
||||
@@ -208,7 +208,6 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
|
||||
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
|
||||
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
|
||||
-# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191
|
||||
-# define EVP_R_XTS_DUPLICATED_KEYS 192
|
||||
+# define EVP_R_XTS_DUPLICATED_KEYS 183
|
||||
|
||||
#endif
|
||||
--- a/include/openssl/rsaerr.h
|
||||
+++ b/include/openssl/rsaerr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -11,9 +11,7 @@
|
||||
#ifndef HEADER_RSAERR_H
|
||||
# define HEADER_RSAERR_H
|
||||
|
||||
-# ifndef HEADER_SYMHACKS_H
|
||||
-# include <openssl/symhacks.h>
|
||||
-# endif
|
||||
+# include <openssl/symhacks.h>
|
||||
|
||||
# ifdef __cplusplus
|
||||
extern "C"
|
||||
@@ -25,7 +23,7 @@ int ERR_load_RSA_strings(void);
|
||||
*/
|
||||
# define RSA_F_CHECK_PADDING_MD 140
|
||||
# define RSA_F_ENCODE_PKCS1 146
|
||||
-# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206
|
||||
+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 168
|
||||
# define RSA_F_INT_RSA_VERIFY 145
|
||||
# define RSA_F_OLD_RSA_PRIV_DECODE 147
|
||||
# define RSA_F_PKEY_PSS_INIT 165
|
||||
@@ -40,8 +38,8 @@ int ERR_load_RSA_strings(void);
|
||||
# define RSA_F_RSA_CHECK_KEY_EX 160
|
||||
# define RSA_F_RSA_CMS_DECRYPT 159
|
||||
# define RSA_F_RSA_CMS_VERIFY 158
|
||||
-# define RSA_F_RSA_GENERATE_KEY_EX 204
|
||||
-# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207
|
||||
+# define RSA_F_RSA_GENERATE_KEY_EX 169
|
||||
+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 170
|
||||
# define RSA_F_RSA_ITEM_VERIFY 148
|
||||
# define RSA_F_RSA_METH_DUP 161
|
||||
# define RSA_F_RSA_METH_NEW 162
|
||||
@@ -77,18 +75,18 @@ int ERR_load_RSA_strings(void);
|
||||
# define RSA_F_RSA_PARAM_DECODE 164
|
||||
# define RSA_F_RSA_PRINT 115
|
||||
# define RSA_F_RSA_PRINT_FP 116
|
||||
+# define RSA_F_RSA_PRIVATE_DECRYPT 171
|
||||
+# define RSA_F_RSA_PRIVATE_ENCRYPT 172
|
||||
# define RSA_F_RSA_PRIV_DECODE 150
|
||||
# define RSA_F_RSA_PRIV_ENCODE 138
|
||||
-# define RSA_F_RSA_PRIVATE_DECRYPT 200
|
||||
-# define RSA_F_RSA_PRIVATE_ENCRYPT 201
|
||||
# define RSA_F_RSA_PSS_GET_PARAM 151
|
||||
# define RSA_F_RSA_PSS_TO_CTX 155
|
||||
+# define RSA_F_RSA_PUBLIC_DECRYPT 173
|
||||
+# define RSA_F_RSA_PUBLIC_ENCRYPT 174
|
||||
# define RSA_F_RSA_PUB_DECODE 139
|
||||
-# define RSA_F_RSA_PUBLIC_DECRYPT 202
|
||||
-# define RSA_F_RSA_PUBLIC_ENCRYPT 203
|
||||
# define RSA_F_RSA_SETUP_BLINDING 136
|
||||
-# define RSA_F_RSA_SET_DEFAULT_METHOD 205
|
||||
-# define RSA_F_RSA_SET_METHOD 204
|
||||
+# define RSA_F_RSA_SET_DEFAULT_METHOD 175
|
||||
+# define RSA_F_RSA_SET_METHOD 176
|
||||
# define RSA_F_RSA_SIGN 117
|
||||
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
|
||||
# define RSA_F_RSA_VERIFY 119
|
||||
@@ -139,19 +137,19 @@ int ERR_load_RSA_strings(void);
|
||||
# define RSA_R_KEY_PRIME_NUM_INVALID 165
|
||||
# define RSA_R_KEY_SIZE_TOO_SMALL 120
|
||||
# define RSA_R_LAST_OCTET_INVALID 134
|
||||
-# define RSA_R_MISSING_PRIVATE_KEY 179
|
||||
# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152
|
||||
+# define RSA_R_MISSING_PRIVATE_KEY 179
|
||||
# define RSA_R_MODULUS_TOO_LARGE 105
|
||||
# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168
|
||||
# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169
|
||||
# define RSA_R_MP_R_NOT_PRIME 170
|
||||
+# define RSA_R_NON_FIPS_RSA_METHOD 171
|
||||
# define RSA_R_NO_PUBLIC_EXPONENT 140
|
||||
-# define RSA_R_NON_FIPS_RSA_METHOD 200
|
||||
# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
|
||||
# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172
|
||||
# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||
# define RSA_R_OAEP_DECODING_ERROR 121
|
||||
-# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201
|
||||
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 173
|
||||
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
|
||||
# define RSA_R_PADDING_CHECK_FAILED 114
|
||||
# define RSA_R_PKCS_DECODING_ERROR 159
|
||||
@@ -171,7 +169,7 @@ int ERR_load_RSA_strings(void);
|
||||
# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
|
||||
# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
|
||||
# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
|
||||
-# define RSA_R_UNSUPPORTED_PARAMETERS 202
|
||||
+# define RSA_R_UNSUPPORTED_PARAMETERS 174
|
||||
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
|
||||
# define RSA_R_VALUE_MISSING 147
|
||||
# define RSA_R_WRONG_SIGNATURE_LENGTH 119
|
3333
openssl-1_1-ossl-sli-003-add-sli.patch
Normal file
3333
openssl-1_1-ossl-sli-003-add-sli.patch
Normal file
File diff suppressed because it is too large
Load Diff
39
openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
Normal file
39
openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
Normal file
@ -0,0 +1,39 @@
|
||||
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
|
||||
index 6adff696c..29b23f9f7 100644
|
||||
--- a/crypto/evp/e_aes.c
|
||||
+++ b/crypto/evp/e_aes.c
|
||||
@@ -4366,6 +4366,21 @@ FIPS_STATUS EVP_CIPHER_get_fips_status(const EVP_CIPHER *cipher) {
|
||||
/* intended fall-through */
|
||||
case 256:
|
||||
return FIPS_APPROVED;
|
||||
+ case 512:
|
||||
+ if (cipher->do_cipher == aes_xts_cipher
|
||||
+ #if defined(OPENSSL_CPUID_OBJ) && ( \
|
||||
+ ((defined(__i386) || defined(__i386__) || defined(_M_IX86))\
|
||||
+ && defined(OPENSSL_IA32_SSE2)) \
|
||||
+ || defined(__x86_64) || defined(__x86_64__) \
|
||||
+ || defined(_M_AMD64) || defined(_M_X64))
|
||||
+ || cipher->do_cipher == aesni_xts_cipher
|
||||
+ #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
|
||||
+ || cipher->do_cipher == s390x_aes_xts_cipher
|
||||
+ #endif
|
||||
+ )
|
||||
+ return FIPS_APPROVED;
|
||||
+ else
|
||||
+ return FIPS_ERROR;
|
||||
}
|
||||
}
|
||||
/* disapproved for enc and dec: all others, including
|
||||
diff --git a/test/fips_slitest.c b/test/fips_slitest.c
|
||||
index d32f748a6..9e37cf36b 100644
|
||||
--- a/test/fips_slitest.c
|
||||
+++ b/test/fips_slitest.c
|
||||
@@ -260,6 +260,8 @@ static const SLI_CIPHER_TEST cipher_tests[] = {
|
||||
{0, NID_des_ede_ecb},
|
||||
{0, NID_des_ede_ofb64},
|
||||
{0, NID_idea_cbc},
|
||||
+ {1, NID_aes_128_xts},
|
||||
+ {1, NID_aes_256_xts},
|
||||
};
|
||||
static const size_t cipher_tests_len = sizeof(cipher_tests) / sizeof(cipher_tests[0]);
|
||||
|
24
openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
Normal file
24
openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
crypto/fips/fips_sli.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/crypto/fips/fips_sli.c
|
||||
+++ b/crypto/fips/fips_sli.c
|
||||
@@ -328,14 +328,14 @@ static FIPS_STATUS get_fips_keygen_ecdsa
|
||||
BN_set_bit(pwr24, 24);
|
||||
BN_set_bit(pwr32, 32);
|
||||
|
||||
- if (224 < n && n <= 255) {
|
||||
+ if (224 <= n && n <= 255) {
|
||||
if (BN_cmp(cofactor, pwr14) != 1)
|
||||
ret = FIPS_APPROVED;
|
||||
- } else if (256 < n && n <= 383) {
|
||||
+ } else if (256 <= n && n <= 383) {
|
||||
if (BN_cmp(cofactor, pwr16) != 1)
|
||||
ret = FIPS_APPROVED;
|
||||
|
||||
- } else if (384 < n && n <= 511) {
|
||||
+ } else if (384 <= n && n <= 511) {
|
||||
if (BN_cmp(cofactor, pwr24) != 1)
|
||||
ret = FIPS_APPROVED;
|
||||
|
52
openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
Normal file
52
openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
Normal file
@ -0,0 +1,52 @@
|
||||
Index: openssl-1.1.1l/crypto/rsa/rsa_pmeth.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/rsa/rsa_pmeth.c
|
||||
+++ openssl-1.1.1l/crypto/rsa/rsa_pmeth.c
|
||||
@@ -140,13 +140,11 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
|
||||
unsigned int sltmp;
|
||||
if (rctx->pad_mode != RSA_PKCS1_PADDING)
|
||||
return -1;
|
||||
- /* PKCS1-v1.5 padding is disallowed after 2023 */
|
||||
- fips_sli_disapprove_EVP_PKEY_CTX(ctx);
|
||||
ret = RSA_sign_ASN1_OCTET_STRING(0,
|
||||
tbs, tbslen, sig, &sltmp, rsa);
|
||||
-
|
||||
if (ret <= 0)
|
||||
return ret;
|
||||
+ fips_sli_check_hash_siggen_EVP_PKEY_CTX(ctx, rctx->md);
|
||||
ret = sltmp;
|
||||
} else if (rctx->pad_mode == RSA_X931_PADDING) {
|
||||
if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
|
||||
@@ -179,13 +177,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
|
||||
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
|
||||
sig, rsa, RSA_X931_PADDING);
|
||||
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
|
||||
- /* PKCS1-v1.5 padding is disallowed after 2023 */
|
||||
- fips_sli_disapprove_EVP_PKEY_CTX(ctx);
|
||||
unsigned int sltmp;
|
||||
ret = RSA_sign(EVP_MD_type(rctx->md),
|
||||
tbs, tbslen, sig, &sltmp, rsa);
|
||||
if (ret <= 0)
|
||||
return ret;
|
||||
+ fips_sli_check_hash_siggen_EVP_PKEY_CTX(ctx, rctx->md);
|
||||
ret = sltmp;
|
||||
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||
if (!setup_tbuf(rctx, ctx))
|
||||
@@ -290,10 +287,13 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
|
||||
|
||||
if (rctx->md) {
|
||||
if (rctx->pad_mode == RSA_PKCS1_PADDING) {
|
||||
- /* PKCS1-v1.5 padding is disallowed after 2023 */
|
||||
- fips_sli_disapprove_EVP_PKEY_CTX(ctx);
|
||||
- return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
|
||||
- sig, siglen, rsa);
|
||||
+ int ret;
|
||||
+ ret = RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
|
||||
+ sig, siglen, rsa);
|
||||
+ if (ret <= 0)
|
||||
+ return 0;
|
||||
+ fips_sli_check_hash_sigver_EVP_PKEY_CTX(ctx, rctx->md);
|
||||
+ return ret;
|
||||
}
|
||||
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
|
||||
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
|
14
openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
Normal file
14
openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Index: openssl-1.1.1l/crypto/kdf/pbkdf2.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/kdf/pbkdf2.c
|
||||
+++ openssl-1.1.1l/crypto/kdf/pbkdf2.c
|
||||
@@ -185,7 +185,8 @@ static int kdf_pbkdf2_derive(EVP_KDF_IMP
|
||||
}
|
||||
|
||||
fips_sli_check_hash_kdf_struct_evp_kdf_impl_st(impl);
|
||||
-
|
||||
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
|
||||
+ fips_sli_get_kdf_keylen_status(keylen));
|
||||
return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len,
|
||||
impl->salt, impl->salt_len, impl->iter,
|
||||
impl->md, key, keylen);
|
136
openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
Normal file
136
openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
Normal file
@ -0,0 +1,136 @@
|
||||
---
|
||||
crypto/fips/fips_sli.c | 21 +++++++++++++++++++
|
||||
crypto/kdf/pbkdf2.c | 6 +++++
|
||||
include/internal/fips_sli_local.h | 3 ++
|
||||
test/fips_slitest.c | 41 ++++++++++++++++++++++----------------
|
||||
4 files changed, 54 insertions(+), 17 deletions(-)
|
||||
|
||||
--- a/crypto/fips/fips_sli.c
|
||||
+++ b/crypto/fips/fips_sli.c
|
||||
@@ -231,6 +231,27 @@ FIPS_STATUS fips_sli_get_kdf_keylen_stat
|
||||
return FIPS_NONAPPROVED;
|
||||
}
|
||||
|
||||
+FIPS_STATUS fips_sli_get_kdf_saltlen_status(size_t saltlen_bytes) {
|
||||
+ if (saltlen_bytes >= 128/8)
|
||||
+ return FIPS_APPROVED;
|
||||
+ else
|
||||
+ return FIPS_NONAPPROVED;
|
||||
+}
|
||||
+
|
||||
+FIPS_STATUS fips_sli_get_kdf_iteration_status(size_t iter) {
|
||||
+ if (iter >= 1000)
|
||||
+ return FIPS_APPROVED;
|
||||
+ else
|
||||
+ return FIPS_NONAPPROVED;
|
||||
+}
|
||||
+
|
||||
+FIPS_STATUS fips_sli_get_kdf_passlen_status(size_t passlen_bytes) {
|
||||
+ if (passlen_bytes >= 20)
|
||||
+ return FIPS_APPROVED;
|
||||
+ else
|
||||
+ return FIPS_NONAPPROVED;
|
||||
+}
|
||||
+
|
||||
void fips_sli_check_key_rsa_keygen_EVP_PKEY_CTX(EVP_PKEY_CTX * ctx, const RSA * rsa) {
|
||||
fips_sli_check_key_rsa_siggen_EVP_PKEY_CTX(ctx, rsa);
|
||||
}
|
||||
--- a/crypto/kdf/pbkdf2.c
|
||||
+++ b/crypto/kdf/pbkdf2.c
|
||||
@@ -187,6 +187,12 @@ static int kdf_pbkdf2_derive(EVP_KDF_IMP
|
||||
fips_sli_check_hash_kdf_struct_evp_kdf_impl_st(impl);
|
||||
fips_sli_fsm_struct_evp_kdf_impl_st(impl,
|
||||
fips_sli_get_kdf_keylen_status(keylen));
|
||||
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
|
||||
+ fips_sli_get_kdf_saltlen_status(impl->salt_len));
|
||||
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
|
||||
+ fips_sli_get_kdf_iteration_status(impl->iter));
|
||||
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
|
||||
+ fips_sli_get_kdf_passlen_status(impl->pass_len));
|
||||
return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len,
|
||||
impl->salt, impl->salt_len, impl->iter,
|
||||
impl->md, key, keylen);
|
||||
--- a/include/internal/fips_sli_local.h
|
||||
+++ b/include/internal/fips_sli_local.h
|
||||
@@ -70,6 +70,9 @@ FIPS_STATUS fips_sli_get_hash_status_ssh
|
||||
FIPS_STATUS fips_sli_get_hash_status_pbkdf2(const EVP_MD * md);
|
||||
FIPS_STATUS fips_sli_get_hash_status_kdf_tls1_prf(const EVP_MD * md);
|
||||
FIPS_STATUS fips_sli_get_kdf_keylen_status(size_t keylen_bytes);
|
||||
+FIPS_STATUS fips_sli_get_kdf_saltlen_status(size_t saltlen_bytes);
|
||||
+FIPS_STATUS fips_sli_get_kdf_iteration_status(size_t iter);
|
||||
+FIPS_STATUS fips_sli_get_kdf_passlen_status(size_t passlen_bytes);
|
||||
|
||||
/* Check if used curve is okay for and in this context */
|
||||
void fips_sli_check_curve_siggen_EVP_PKEY_CTX(EVP_PKEY_CTX *ctx, const EC_GROUP *group);
|
||||
--- a/test/fips_slitest.c
|
||||
+++ b/test/fips_slitest.c
|
||||
@@ -490,36 +490,41 @@ typedef struct {
|
||||
int nid_digest;
|
||||
const uint8_t key_expected[32]; // length has to be 32
|
||||
} SLI_PBKDF2_TEST;
|
||||
-
|
||||
static const SLI_PBKDF2_TEST pbkdf2_tests[] = {
|
||||
{
|
||||
- 1, 4200, NID_sha256, {
|
||||
- 0xE7, 0xBE, 0x37, 0x75, 0x9D, 0x53, 0x3E, 0x5A, 0x06, 0x20, 0xC9, 0xA5, 0x3A, 0x8D, 0xA2, 0x9E,
|
||||
- 0x9C, 0x27, 0xDF, 0x26, 0x24, 0xAB, 0xD8, 0x8E, 0x56, 0xE5, 0xB9, 0xF5, 0xA0, 0xD6, 0xD5, 0xEE
|
||||
+ 1, 4096, NID_sha1, {
|
||||
+ 0x3D, 0x2E, 0xEC, 0x4F, 0xE4, 0x1C, 0x84, 0x9B, 0x80, 0xC8, 0xD8, 0x36, 0x62, 0xC0, 0xE4, 0x4A,
|
||||
+ 0x8B, 0x29, 0x1A, 0x96, 0x4C, 0xF2, 0xF0, 0x70, 0x38, 0xB6, 0xB8, 0x9A, 0x48, 0x61, 0x2C, 0x5A
|
||||
+ }
|
||||
+ },
|
||||
+ {
|
||||
+ 1, 4096, NID_sha256, {
|
||||
+ 0x34, 0x8C, 0x89, 0xDB, 0xCB, 0xD3, 0x2B, 0x2F, 0x32, 0xD8, 0x14, 0xB8, 0x11, 0x6E, 0x84, 0xCF,
|
||||
+ 0x2B, 0x17, 0x34, 0x7E, 0xBC, 0x18, 0x00, 0x18, 0x1C, 0x4E, 0x2A, 0x1F, 0xB8, 0xDD, 0x53, 0xE1
|
||||
}
|
||||
},
|
||||
{
|
||||
1, 1347, NID_sha256, {
|
||||
- 0xFB, 0xBB, 0xEC, 0x28, 0x5B, 0x48, 0xE7, 0xC2, 0x54, 0x4E, 0x65, 0x0F, 0x1E, 0xC8, 0xB5, 0x1C,
|
||||
- 0xF5, 0xAD, 0xAE, 0x2A, 0x21, 0x56, 0x94, 0xD2, 0xE1, 0xB7, 0xC8, 0x7D, 0x7A, 0x0D, 0x63, 0x86
|
||||
+ 0xD5, 0x99, 0x16, 0xFF, 0x8A, 0xBC, 0x26, 0x37, 0xAF, 0x4B, 0x26, 0xF1, 0x7E, 0x56, 0x8B, 0x7A,
|
||||
+ 0x00, 0x16, 0xA9, 0xF2, 0x7D, 0x96, 0xDB, 0x33, 0x0A, 0xD0, 0x5F, 0xC3, 0x0C, 0x22, 0xA2, 0xD0
|
||||
}
|
||||
},
|
||||
{
|
||||
- 1, 4200, NID_sha1, {
|
||||
- 0x45, 0x96, 0x78, 0xF3, 0x92, 0x74, 0xAC, 0x5B, 0x1F, 0x2B, 0xD3, 0x75, 0x1A, 0xBA, 0x5D, 0xBE,
|
||||
- 0xF2, 0xDE, 0xE9, 0x88, 0x16, 0x4B, 0x0B, 0x84, 0x94, 0xD9, 0xC2, 0x2D, 0xC1, 0xB9, 0xB0, 0x8A
|
||||
+ 1, 4096, NID_sha512, {
|
||||
+ 0x8C, 0x05, 0x11, 0xF4, 0xC6, 0xE5, 0x97, 0xC6, 0xAC, 0x63, 0x15, 0xD8, 0xF0, 0x36, 0x2E, 0x22,
|
||||
+ 0x5F, 0x3C, 0x50, 0x14, 0x95, 0xBA, 0x23, 0xB8, 0x68, 0xC0, 0x05, 0x17, 0x4D, 0xC4, 0xEE, 0x71
|
||||
}
|
||||
},
|
||||
{
|
||||
- 1, 4200, NID_sha3_512, {
|
||||
- 0x1E, 0x77, 0xC8, 0x28, 0x9A, 0x79, 0x2E, 0x25, 0x85, 0x8D, 0x73, 0xB3, 0x0D, 0xA1, 0x26, 0x65,
|
||||
- 0xC0, 0x04, 0x7D, 0x91, 0xB6, 0x5F, 0x89, 0x5E, 0x01, 0x82, 0x23, 0x35, 0x19, 0x2E, 0x5C, 0x09
|
||||
+ 1, 4096, NID_sha3_512, {
|
||||
+ 0xD6, 0x07, 0x91, 0xA4, 0xED, 0x27, 0x19, 0x5D, 0x81, 0x3F, 0x35, 0x51, 0x03, 0x51, 0xB9, 0xD1,
|
||||
+ 0xFF, 0x9A, 0xD4, 0x26, 0x21, 0x53, 0x94, 0x46, 0x09, 0x50, 0xA4, 0xFE, 0x03, 0xDD, 0x9F, 0x54
|
||||
}
|
||||
},
|
||||
{
|
||||
- 0, 1347, NID_md5, {
|
||||
- 0xC2, 0x78, 0x16, 0xDC, 0xD1, 0xC5, 0x71, 0xBD, 0x4A, 0x06, 0x2B, 0x38, 0x50, 0xE7, 0x4E, 0xC2,
|
||||
- 0x0E, 0x74, 0x9D, 0xB1, 0x59, 0xA8, 0xFF, 0x11, 0x24, 0x68, 0xD0, 0xCF, 0x69, 0xE5, 0x30, 0x36
|
||||
+ 0, 4096, NID_md5, {
|
||||
+ 0x8D, 0x5D, 0x0A, 0xAD, 0x94, 0xD1, 0x44, 0x20, 0x42, 0x9F, 0xBC, 0x7E, 0x5B, 0x08, 0x7D, 0x7A,
|
||||
+ 0x55, 0x27, 0xE6, 0x5D, 0xFD, 0x0D, 0x48, 0x6A, 0x31, 0x0E, 0x8A, 0x7B, 0x6F, 0xF5, 0xA2, 0x1B
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -527,8 +532,10 @@ static const size_t pbkdf2_tests_len = s
|
||||
|
||||
static int test_PKCS5_PBKDF2_HMAC(int pbkdf2_tests_idx) {
|
||||
int success = 0;
|
||||
- const char password[] = "password";
|
||||
- const unsigned char salt[] = {'s', 'a', 'l', 't'};
|
||||
+ const char password[] = "passwordPASSWORDpassword";
|
||||
+ const unsigned char salt[] = {'s', 'a', 'l', 't', 'S', 'A', 'L', 'T', 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
|
||||
+ 's', 'a', 'l', 't', 'S', 'A', 'L', 'T', 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
|
||||
+ 's', 'a', 'l', 't'};
|
||||
const size_t password_len = sizeof(password) / sizeof(password[0]);
|
||||
const size_t salt_len = sizeof(salt) / sizeof(salt[0]);
|
||||
|
88
openssl-1_1-paramgen-default_to_rfc7919.patch
Normal file
88
openssl-1_1-paramgen-default_to_rfc7919.patch
Normal file
@ -0,0 +1,88 @@
|
||||
diff --git a/apps/dhparam.c b/apps/dhparam.c
|
||||
index 98c7321..ac7feb4 100644
|
||||
--- a/apps/dhparam.c
|
||||
+++ b/apps/dhparam.c
|
||||
@@ -194,15 +194,42 @@ int dhparam_main(int argc, char **argv)
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
- dh = DH_new();
|
||||
- BIO_printf(bio_err,
|
||||
- "Generating DH parameters, %d bit long safe prime, generator %d\n",
|
||||
- num, g);
|
||||
- BIO_printf(bio_err, "This is going to take a long time\n");
|
||||
- if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ if (FIPS_mode()) {
|
||||
+ /* In FIPS mode, instead of generating DH parameters we use parameters from an approved group,
|
||||
+ in this case, RFC-7919. */
|
||||
+ int param_nid;
|
||||
+ switch (num) {
|
||||
+ case 8192:
|
||||
+ param_nid = NID_ffdhe8192;
|
||||
+ break;
|
||||
+ case 6144:
|
||||
+ param_nid = NID_ffdhe6144;
|
||||
+ break;
|
||||
+ case 4096:
|
||||
+ param_nid = NID_ffdhe4096;
|
||||
+ break;
|
||||
+ case 3072:
|
||||
+ param_nid = NID_ffdhe3072;
|
||||
+ break;
|
||||
+ default:
|
||||
+ param_nid = NID_ffdhe2048;
|
||||
+ break;
|
||||
+ }
|
||||
+ dh = DH_new_by_nid(param_nid);
|
||||
+ } else
|
||||
+#endif /* OPENSSL_FIPS */
|
||||
+ {
|
||||
+ dh = DH_new();
|
||||
+ BIO_printf(bio_err,
|
||||
+ "Generating DH parameters, %d bit long safe prime, generator %d\n",
|
||||
+ num, g);
|
||||
+ BIO_printf(bio_err, "This is going to take a long time\n");
|
||||
+ if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
|
||||
BN_GENCB_free(cb);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
|
||||
index 261c8a1..d281873 100644
|
||||
--- a/crypto/dh/dh_pmeth.c
|
||||
+++ b/crypto/dh/dh_pmeth.c
|
||||
@@ -330,6 +330,30 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
||||
DH_PKEY_CTX *dctx = ctx->data;
|
||||
BN_GENCB *pcb;
|
||||
int ret;
|
||||
+
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ /* In FIPS mode we default to an appropriate group. */
|
||||
+ if (FIPS_mode() && (!(dctx->rfc5114_param)) && (dctx->param_nid == 0)) {
|
||||
+ switch (dctx->prime_len) {
|
||||
+ case 8192:
|
||||
+ dctx->param_nid = NID_ffdhe8192;
|
||||
+ break;
|
||||
+ case 6144:
|
||||
+ dctx->param_nid = NID_ffdhe6144;
|
||||
+ break;
|
||||
+ case 4096:
|
||||
+ dctx->param_nid = NID_ffdhe4096;
|
||||
+ break;
|
||||
+ case 3072:
|
||||
+ dctx->param_nid = NID_ffdhe3072;
|
||||
+ break;
|
||||
+ default:
|
||||
+ dctx->param_nid = NID_ffdhe2048;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* OPENSSL_FIPS */
|
||||
+
|
||||
if (dctx->rfc5114_param) {
|
||||
switch (dctx->rfc5114_param) {
|
||||
case 1:
|
160
openssl-1_1-seclevel.patch
Normal file
160
openssl-1_1-seclevel.patch
Normal file
@ -0,0 +1,160 @@
|
||||
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200
|
||||
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
|
||||
}
|
||||
|
||||
static const int minbits_table[] = { 80, 112, 128, 192, 256 };
|
||||
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
|
||||
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
|
||||
|
||||
/*
|
||||
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
|
||||
|
||||
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
||||
return 0;
|
||||
-
|
||||
- return secbits >= minbits_table[level - 1];
|
||||
+ /*
|
||||
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
|
||||
+ * disable SHA1 flag is not set.
|
||||
+ */
|
||||
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode())
|
||||
+ return secbits >= minbits_table[level - 1];
|
||||
+ return secbits >= minbits_digest_table[level - 1];
|
||||
}
|
||||
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
|
||||
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200
|
||||
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
|
||||
|
||||
=item B<Level 2>
|
||||
|
||||
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
|
||||
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
|
||||
+Security level set to 112 bits of security with the exception of SHA1 allowed
|
||||
+for signatures.
|
||||
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
|
||||
+shorter than 224 bits are prohibited.
|
||||
In addition to the level 1 exclusions any cipher suite using RC4 is also
|
||||
prohibited. SSL version 3 is also not allowed. Compression is disabled.
|
||||
|
||||
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
|
||||
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200
|
||||
@@ -27,6 +27,7 @@
|
||||
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
||||
int op, int bits, int nid, void *other,
|
||||
void *ex);
|
||||
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
|
||||
|
||||
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
|
||||
static volatile int ssl_x509_store_ctx_idx = -1;
|
||||
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
|
||||
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
|
||||
|
||||
/* Set suite B flags if needed */
|
||||
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
|
||||
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
|
||||
if (!X509_STORE_CTX_set_ex_data
|
||||
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
|
||||
goto end;
|
||||
@@ -953,12 +954,33 @@ static int ssl_security_default_callback
|
||||
return 0;
|
||||
break;
|
||||
default:
|
||||
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
|
||||
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
|
||||
+ break;
|
||||
if (bits < minbits)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
|
||||
+{
|
||||
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
|
||||
+ const CERT *c;
|
||||
+
|
||||
+ if (FIPS_mode())
|
||||
+ return ret;
|
||||
+
|
||||
+ if (ctx != NULL) {
|
||||
+ c = ctx->cert;
|
||||
+ } else {
|
||||
+ c = s->cert;
|
||||
+ }
|
||||
+ if (tls1_cert_sigalgs_have_sha1(c))
|
||||
+ return 0;
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
|
||||
{
|
||||
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
|
||||
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
|
||||
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200
|
||||
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200
|
||||
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
|
||||
__owur int tls1_process_sigalgs(SSL *s);
|
||||
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
|
||||
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
|
||||
+int tls1_cert_sigalgs_have_sha1(const CERT *c);
|
||||
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
|
||||
# ifndef OPENSSL_NO_EC
|
||||
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
|
||||
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
|
||||
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200
|
||||
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200
|
||||
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
|
||||
+{
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < sigalgslen; i++, sigalgs++) {
|
||||
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
|
||||
+
|
||||
+ if (lu == NULL)
|
||||
+ continue;
|
||||
+ if (lu->hash == NID_sha1)
|
||||
+ return 1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int tls1_cert_sigalgs_have_sha1(const CERT *c)
|
||||
+{
|
||||
+ if (c->client_sigalgs != NULL) {
|
||||
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
|
||||
+ return 1;
|
||||
+ }
|
||||
+ if (c->conf_sigalgs != NULL) {
|
||||
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
|
||||
+ return 1;
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
|
||||
{
|
||||
int sig_nid, use_pc_sigalgs = 0;
|
||||
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
|
||||
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200
|
||||
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
|
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
|
||||
"CA with PSS signature using SHA256");
|
||||
|
||||
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||
- "Reject PSS signature using SHA1 and auth level 2");
|
||||
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
|
||||
+ "Reject PSS signature using SHA1 and auth level 3");
|
||||
|
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||
"PSS signature using SHA256 and auth level 2");
|
80
openssl-1_1-serialize-jitterentropy-calls.patch
Normal file
80
openssl-1_1-serialize-jitterentropy-calls.patch
Normal file
@ -0,0 +1,80 @@
|
||||
---
|
||||
crypto/fips/fips_entropy.c | 40 ++++++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/crypto/fips/fips_entropy.c
|
||||
+++ b/crypto/fips/fips_entropy.c
|
||||
@@ -4,35 +4,71 @@
|
||||
#include "jitterentropy.h"
|
||||
|
||||
static struct rand_data* ec = NULL;
|
||||
+static CRYPTO_RWLOCK *jent_lock = NULL;
|
||||
+static int stop = 0;
|
||||
|
||||
struct rand_data* FIPS_entropy_init(void)
|
||||
{
|
||||
- if (ec != NULL)
|
||||
+ if (ec != NULL) {
|
||||
/* Entropy source has been initiated and collector allocated */
|
||||
return ec;
|
||||
+ }
|
||||
+ if (stop != 0) {
|
||||
+ /* FIPS_entropy_cleanup() already called, don't initialize it again */
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ if (jent_lock == NULL) {
|
||||
+ /* Allocates a new lock to serialize access to jent library */
|
||||
+ jent_lock = CRYPTO_THREAD_lock_new();
|
||||
+ if (jent_lock == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ if (CRYPTO_THREAD_write_lock(jent_lock) == 0) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
/* If the initialization is successful, the call returns with 0 */
|
||||
if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0)
|
||||
/* Allocate entropy collector */
|
||||
ec = jent_entropy_collector_alloc(1, JENT_FORCE_FIPS);
|
||||
+ CRYPTO_THREAD_unlock(jent_lock);
|
||||
return ec;
|
||||
}
|
||||
|
||||
void FIPS_entropy_cleanup(void)
|
||||
{
|
||||
+ if (jent_lock != NULL && stop == 0) {
|
||||
+ CRYPTO_THREAD_write_lock(jent_lock);
|
||||
+ }
|
||||
+ /* Disable re-initialization in FIPS_entropy_init() */
|
||||
+ stop = 1;
|
||||
/* Free entropy collector */
|
||||
if (ec != NULL) {
|
||||
jent_entropy_collector_free(ec);
|
||||
ec = NULL;
|
||||
}
|
||||
+ CRYPTO_THREAD_lock_free(jent_lock);
|
||||
+ jent_lock = NULL;
|
||||
}
|
||||
|
||||
ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen)
|
||||
{
|
||||
ssize_t ent_bytes = -1;
|
||||
|
||||
- if (buf != NULL && buflen != 0 && FIPS_entropy_init()) {
|
||||
+ /*
|
||||
+ * Order is important. We need to call FIPS_entropy_init() before we
|
||||
+ * acquire jent_lock, otherwise it can lead to deadlock. Once we have
|
||||
+ * jent_lock, we need to ensure that FIPS_entropy_cleanup() was not called
|
||||
+ * in the meantime. Then it's safe to read entropy.
|
||||
+ */
|
||||
+ if (buf != NULL
|
||||
+ && buflen != 0
|
||||
+ && FIPS_entropy_init()
|
||||
+ && CRYPTO_THREAD_write_lock(jent_lock) != 0
|
||||
+ && stop == 0) {
|
||||
/* Get entropy */
|
||||
ent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen);
|
||||
+ CRYPTO_THREAD_unlock(jent_lock);
|
||||
}
|
||||
return ent_bytes;
|
||||
}
|
14
openssl-1_1-shortcut-test_afalg_aes_cbc.patch
Normal file
14
openssl-1_1-shortcut-test_afalg_aes_cbc.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff --git a/test/afalgtest.c b/test/afalgtest.c
|
||||
index adb2977..c4f848a 100644
|
||||
--- a/test/afalgtest.c
|
||||
+++ b/test/afalgtest.c
|
||||
@@ -43,6 +43,9 @@ static ENGINE *e;
|
||||
|
||||
static int test_afalg_aes_cbc(int keysize_idx)
|
||||
{
|
||||
+ /* This test fails in fips mode, so just shortcut out. */
|
||||
+ if ( FIPS_mode()) return 1;
|
||||
+
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
const EVP_CIPHER *cipher;
|
||||
unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
|
29
openssl-1_1-use-include-directive.patch
Normal file
29
openssl-1_1-use-include-directive.patch
Normal file
@ -0,0 +1,29 @@
|
||||
Index: openssl-1.1.1m/apps/openssl.cnf
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/apps/openssl.cnf
|
||||
+++ openssl-1.1.1m/apps/openssl.cnf
|
||||
@@ -11,6 +11,24 @@
|
||||
# defined.
|
||||
HOME = .
|
||||
|
||||
+openssl_conf = openssl_init
|
||||
+
|
||||
+[ openssl_init ]
|
||||
+
|
||||
+engines = engine_section
|
||||
+
|
||||
+[ engine_section ]
|
||||
+
|
||||
+# This include will look through the directory that will contain the
|
||||
+# engine declarations for any engines provided by other packages.
|
||||
+.include /etc/ssl/engines1.1.d
|
||||
+
|
||||
+# This include will look through the directory that will contain the
|
||||
+# definitions of the engines declared in the engine section.
|
||||
+.include /etc/ssl/engdef1.1.d
|
||||
+
|
||||
+[ oid_section ]
|
||||
+
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
38
openssl-1_1-use-seclevel2-in-tests.patch
Normal file
38
openssl-1_1-use-seclevel2-in-tests.patch
Normal file
@ -0,0 +1,38 @@
|
||||
Index: openssl-1.1.1d/test/ssl_test.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/ssl_test.c
|
||||
+++ openssl-1.1.1d/test/ssl_test.c
|
||||
@@ -435,6 +440,7 @@ static int test_handshake(int idx)
|
||||
#endif
|
||||
if (test_ctx->method == SSL_TEST_METHOD_TLS) {
|
||||
server_ctx = SSL_CTX_new(TLS_server_method());
|
||||
+ SSL_CTX_set_security_level(server_ctx, 1);
|
||||
if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
|
||||
TLS_MAX_VERSION)))
|
||||
goto err;
|
||||
@@ -443,21 +449,25 @@ static int test_handshake(int idx)
|
||||
SSL_TEST_SERVERNAME_CB_NONE) {
|
||||
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
|
||||
goto err;
|
||||
+ SSL_CTX_set_security_level(server2_ctx, 1);
|
||||
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
|
||||
TLS_MAX_VERSION)))
|
||||
goto err;
|
||||
}
|
||||
client_ctx = SSL_CTX_new(TLS_client_method());
|
||||
+ SSL_CTX_set_security_level(client_ctx, 1);
|
||||
if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
|
||||
TLS_MAX_VERSION)))
|
||||
goto err;
|
||||
|
||||
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
|
||||
resume_server_ctx = SSL_CTX_new(TLS_server_method());
|
||||
+ SSL_CTX_set_security_level(resume_server_ctx, 1);
|
||||
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
|
||||
TLS_MAX_VERSION)))
|
||||
goto err;
|
||||
resume_client_ctx = SSL_CTX_new(TLS_client_method());
|
||||
+ SSL_CTX_set_security_level(resume_client_ctx, 1);
|
||||
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
|
||||
TLS_MAX_VERSION)))
|
||||
goto err;
|
3986
openssl-1_1.changes
Normal file
3986
openssl-1_1.changes
Normal file
File diff suppressed because it is too large
Load Diff
527
openssl-1_1.spec
Normal file
527
openssl-1_1.spec
Normal file
@ -0,0 +1,527 @@
|
||||
#
|
||||
# spec file for package openssl-1_1
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define livepatchable 1
|
||||
|
||||
%define ssletcdir %{_sysconfdir}/ssl
|
||||
%define maj_min 1.1
|
||||
%define _rname openssl
|
||||
%global sslengcnf %{ssletcdir}/engines1.1.d
|
||||
%global sslengdef %{ssletcdir}/engdef1.1.d
|
||||
Name: openssl-1_1
|
||||
# Don't forget to update the version in the "openssl" meta-package!
|
||||
Version: 1.1.1w
|
||||
Release: 0
|
||||
Summary: Secure Sockets and Transport Layer Security
|
||||
License: OpenSSL
|
||||
Group: Productivity/Networking/Security
|
||||
URL: https://www.openssl.org/
|
||||
Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
|
||||
# to get mtime of file:
|
||||
Source1: %{name}.changes
|
||||
Source2: baselibs.conf
|
||||
Source3: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
|
||||
# https://www.openssl.org/about/
|
||||
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
|
||||
Source4: %{_rname}.keyring
|
||||
Source5: showciphers.c
|
||||
# PATCH-FIX-OPENSUSE: do not install html mans it takes ages
|
||||
Patch1: openssl-1.1.0-no-html.patch
|
||||
Patch2: openssl-truststore.patch
|
||||
Patch3: openssl-pkgconfig.patch
|
||||
Patch4: openssl-DEFAULT_SUSE_cipher.patch
|
||||
Patch5: openssl-ppc64-config.patch
|
||||
Patch6: openssl-riscv64-config.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129
|
||||
Patch8: 0001-s390x-assembly-pack-perlasm-support.patch
|
||||
Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
|
||||
Patch10: 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
|
||||
Patch11: 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch
|
||||
Patch12: 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
|
||||
Patch13: 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1152695 jsc#SLE-7861 Support for CPACF enhancements - part 1 (crypto)
|
||||
Patch16: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
|
||||
Patch17: openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
|
||||
Patch18: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
|
||||
Patch19: openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
|
||||
Patch20: openssl-s390xcpuid.pl-fix-comment.patch
|
||||
Patch21: openssl-assembly-pack-accelerate-scalar-multiplication.patch
|
||||
Patch22: openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
|
||||
Patch23: openssl-s390x-assembly-pack-accelerate-ECDSA.patch
|
||||
Patch24: openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
|
||||
Patch25: openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
|
||||
Patch26: openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
|
||||
Patch27: openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
|
||||
Patch28: openssl-Fix-9bf682f-which-broke-nistp224_method.patch
|
||||
# FIPS patches
|
||||
Patch30: openssl-1.1.1-fips.patch
|
||||
Patch31: openssl-1.1.1-fips-post-rand.patch
|
||||
Patch32: openssl-1.1.1-fips-crng-test.patch
|
||||
Patch33: openssl-1.1.0-issuer-hash.patch
|
||||
Patch34: openssl-fips-run_selftests_only_when_module_is_complete.patch
|
||||
Patch35: openssl-ship_fips_standalone_hmac.patch
|
||||
Patch36: openssl-fips_mode.patch
|
||||
Patch37: openssl-1.1.1-evp-kdf.patch
|
||||
Patch38: openssl-1.1.1-ssh-kdf.patch
|
||||
Patch40: openssl-fips-selftests_in_nonfips_mode.patch
|
||||
Patch41: openssl-fips-clearerror.patch
|
||||
Patch42: openssl-fips-ignore_broken_atexit_test.patch
|
||||
Patch45: openssl-fips-add-SHA3-selftest.patch
|
||||
Patch46: openssl-fips_selftest_upstream_drbg.patch
|
||||
Patch47: openssl-unknown_dgst.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto)
|
||||
Patch50: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
|
||||
Patch51: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1175844 FIPS: (EC)Diffie-Hellman requirements
|
||||
# from SP800-56Arev3 SLE-15-SP2
|
||||
Patch52: openssl-DH.patch
|
||||
Patch53: openssl-kdf-selftest.patch
|
||||
Patch54: openssl-kdf-tls-selftest.patch
|
||||
Patch55: openssl-kdf-ssh-selftest.patch
|
||||
Patch56: openssl-fips-DH_selftest_shared_secret_KAT.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1192442 FIPS: missing KAT for HKDF/TLS 1.3/IPSEC IKEv2
|
||||
Patch57: openssl-fips-kdf-hkdf-selftest.patch
|
||||
Patch58: openssl-1.1.1-system-cipherlist.patch
|
||||
# PATCH-FIX-OPENSUSE jsc#SLE-15832 Centralized Crypto Compliance Configuration
|
||||
Patch59: openssl-1_1-seclevel.patch
|
||||
Patch60: openssl-1_1-use-seclevel2-in-tests.patch
|
||||
Patch61: openssl-1_1-disable-test_srp-sslapi.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#SLE-18136 POWER10 performance enhancements for cryptography
|
||||
Patch69: openssl-1_1-Optimize-ppc64.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#SLE-19742 Backport Arm improvements from OpenSSL 3
|
||||
Patch70: openssl-1_1-Optimize-RSA-armv8.patch
|
||||
Patch71: openssl-1_1-Optimize-AES-XTS-aarch64.patch
|
||||
Patch72: openssl-1_1-Optimize-AES-GCM-uarchs.patch
|
||||
# PATCH-FIX-SUSE bsc#1185320 FIPS: move the HMAC-SHA2-256 used for integrity test
|
||||
Patch73: openssl-FIPS-KAT-before-integrity-tests.patch
|
||||
# PATCH-FIX-SUSE bsc#1182959 FIPS: Fix function and reason error codes
|
||||
Patch74: openssl-1_1-FIPS-fix-error-reason-codes.patch
|
||||
#PATCH-FIX-SUSE bsc#1190652 FIPS: Add release number to version string
|
||||
Patch75: openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch
|
||||
# PATCH-FIX-SUSE bsc#1180995 Default to RFC7919 groups in FIPS mode
|
||||
Patch76: openssl-1_1-paramgen-default_to_rfc7919.patch
|
||||
# PATCH-FIX-SUSE bsc#1194187 bsc#1004463 Add engines section in openssl.cnf
|
||||
Patch77: openssl-1_1-use-include-directive.patch
|
||||
# PATCH-FIX-SUSE bsc#1197280 FIPS: Additional PBKDF2 requirements for KAT
|
||||
Patch78: openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
|
||||
Patch79: bsc1185319-FIPS-KAT-for-ECDSA.patch
|
||||
Patch80: bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
|
||||
Patch82: openssl-1_1-shortcut-test_afalg_aes_cbc.patch
|
||||
# PATCH-FIX-SUSE bsc#1190653 FIPS: Provide methods to zeroize all unprotected SSPs and key components
|
||||
Patch84: openssl-1_1-Zeroization.patch
|
||||
# PATCH-FIX-SUSE bsc#1190651 FIPS: Provide a service-level indicator
|
||||
Patch85: openssl-1_1-ossl-sli-000-fix-build-error.patch
|
||||
Patch86: openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
|
||||
Patch87: openssl-1_1-ossl-sli-002-ran-make-update.patch
|
||||
Patch88: openssl-1_1-ossl-sli-003-add-sli.patch
|
||||
# PATCH-FIX-SUSE bsc#1202148 FIPS: Port openssl to use jitterentropy
|
||||
Patch89: openssl-1_1-jitterentropy-3.4.0.patch
|
||||
# PATCH-FIX-SUSE bsc#1203046 FIPS: Fix memory leak when FIPS mode is enabled
|
||||
Patch90: openssl-1.1.1-fips-fix-memory-leaks.patch
|
||||
# PATCH-FIX-FEDORA bsc#1201293 FIPS: RAND api should call into FIPS DRBG
|
||||
Patch91: openssl-1_1-FIPS_drbg-rewire.patch
|
||||
# PATCH-FIX-FEDORA bsc#1203069 FIPS: Add KAT for the RAND_DRBG implementation
|
||||
Patch92: openssl-1_1-fips-drbg-selftest.patch
|
||||
# PATCH-FIX-SUSE bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472
|
||||
# FIPS: List only approved digest and pubkey algorithms
|
||||
Patch93: openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
|
||||
# PATCH-FIX-SUSE bsc#1190651 FIPS: Provide a service-level indicator
|
||||
Patch94: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
|
||||
Patch95: openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
|
||||
Patch96: openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
|
||||
Patch97: openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#PED-512
|
||||
# POWER10 performance enhancements for cryptography
|
||||
Patch98: openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch
|
||||
Patch99: openssl-1_1-Fixed-counter-overflow.patch
|
||||
Patch100: openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch
|
||||
Patch101: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch
|
||||
Patch102: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
|
||||
# PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
|
||||
Patch103: openssl-1_1-openssl-config.patch
|
||||
# PATCH-FIX-SUSE bsc#1207994 FIPS Make jitterentropy calls thread-safe
|
||||
Patch104: openssl-1_1-serialize-jitterentropy-calls.patch
|
||||
# PATCH-FIX-SUSE bsc#1208998 FIPS: PBKDF2 requirements for openssl
|
||||
Patch105: openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
|
||||
# PATCH-FIX-SUSE bsc#1212623 openssl s_client does not honor ocsp revocation status
|
||||
Patch106: openssl-s_client-check-ocsp-status.patch
|
||||
# PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher
|
||||
Patch107: openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
|
||||
#PATCH-FIX-SUSE bsc#1215215 FIPS: Add "fips" to version string
|
||||
Patch108: openssl-1_1-fips-bsc1215215_fips_in_version_string.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#PED-5086, jsc#PED-3514
|
||||
# POWER10 performance enhancements for cryptography
|
||||
Patch109: openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
|
||||
Patch110: openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
|
||||
Patch111: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
|
||||
Patch112: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
|
||||
Patch113: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
|
||||
Patch114: openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1216922 CVE-2023-5678 Generating excessively long X9.42 DH keys or
|
||||
# checking excessively long X9.42 DH keys or parameters may be very slow
|
||||
Patch115: openssl-CVE-2023-5678.patch
|
||||
# PATCH-FIX-OPENSUSE skip SHA1 test in FIPS mode
|
||||
Patch116: openssl-Skip_SHA1-test-in-FIPS-mode.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1219243 CVE-2024-0727: denial of service via null dereference
|
||||
Patch117: openssl-CVE-2024-0727.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1222548 CVE-2024-2511: Unbounded memory growth with session handling in TLSv1.3
|
||||
Patch118: openssl-CVE-2024-2511.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1225551 CVE-2024-4741: use After Free with SSL_free_buffers
|
||||
Patch119: openssl-CVE-2024-4741.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1227138 CVE-2024-5535: SSL_select_next_proto buffer overread
|
||||
Patch120: openssl-CVE-2024-5535.patch
|
||||
Patch121: reproducibledate.patch
|
||||
BuildRequires: jitterentropy-devel >= 3.4.0
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
Requires: libjitterentropy3 >= 3.4.0
|
||||
Provides: ssl
|
||||
Requires: libopenssl1_1 = %{version}-%{release}
|
||||
# Needed for clean upgrade path, boo#1070003
|
||||
Obsoletes: openssl-1_0_0
|
||||
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
|
||||
Obsoletes: openssl-1_1_0
|
||||
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
|
||||
Requires: crypto-policies
|
||||
%endif
|
||||
# ulp-macros is available according to SUSE version.
|
||||
%ifarch x86_64
|
||||
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
|
||||
BuildRequires: ulp-macros
|
||||
%endif
|
||||
%endif
|
||||
%ifarch ppc64le
|
||||
%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570
|
||||
BuildRequires: gcc13
|
||||
BuildRequires: ulp-macros
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%description
|
||||
OpenSSL is a software library to be used in applications that need to
|
||||
secure communications over computer networks against eavesdropping or
|
||||
need to ascertain the identity of the party at the other end.
|
||||
OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
|
||||
%package -n libopenssl1_1
|
||||
Summary: Secure Sockets and Transport Layer Security
|
||||
Group: Productivity/Networking/Security
|
||||
Recommends: ca-certificates-mozilla
|
||||
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
|
||||
Obsoletes: libopenssl1_1_0
|
||||
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
|
||||
Requires: crypto-policies
|
||||
%endif
|
||||
Conflicts: %{name} < %{version}-%{release}
|
||||
# Merge back the hmac files bsc#1185116
|
||||
Provides: libopenssl1_1-hmac = %{version}-%{release}
|
||||
Obsoletes: libopenssl1_1-hmac < %{version}-%{release}
|
||||
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
|
||||
Obsoletes: libopenssl1_1_0-hmac
|
||||
# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
|
||||
Obsoletes: libopenssl-1_0_0-hmac
|
||||
|
||||
%description -n libopenssl1_1
|
||||
OpenSSL is a software library to be used in applications that need to
|
||||
secure communications over computer networks against eavesdropping or
|
||||
need to ascertain the identity of the party at the other end.
|
||||
OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
|
||||
%package -n libopenssl-1_1-devel
|
||||
Summary: Development files for OpenSSL
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: jitterentropy-devel >= 3.4.0
|
||||
Requires: libopenssl1_1 = %{version}
|
||||
Requires: pkgconfig(zlib)
|
||||
Recommends: %{name} = %{version}
|
||||
Conflicts: ssl-devel
|
||||
Provides: ssl-devel
|
||||
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
|
||||
Obsoletes: libopenssl-1_1_0-devel
|
||||
# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
|
||||
Obsoletes: libopenssl-1_0_0-devel
|
||||
|
||||
%description -n libopenssl-1_1-devel
|
||||
This subpackage contains header files for developing applications
|
||||
that want to make use of the OpenSSL C API.
|
||||
|
||||
%package doc
|
||||
Summary: Additional Package Documentation
|
||||
Group: Productivity/Networking/Security
|
||||
Conflicts: openssl-doc
|
||||
Provides: openssl-doc = %{version}
|
||||
Obsoletes: openssl-doc < %{version}
|
||||
BuildArch: noarch
|
||||
|
||||
%description doc
|
||||
This package contains optional documentation provided in addition to
|
||||
this package's base documentation.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{_rname}-%{version}
|
||||
|
||||
cp apps/openssl.cnf apps/openssl-1_1.cnf
|
||||
|
||||
%build
|
||||
%ifarch armv5el armv5tel
|
||||
export MACHINE=armv5el
|
||||
%endif
|
||||
%ifarch armv6l armv6hl
|
||||
export MACHINE=armv6l
|
||||
%endif
|
||||
|
||||
# In ppc64le we need gcc-13 for userspace livepatching until we have the
|
||||
# required -fpatchable-functions-entry patch merged into the mainline
|
||||
%ifarch ppc64le
|
||||
%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570
|
||||
export CC=gcc-13
|
||||
export CXX=g++-13
|
||||
%endif
|
||||
%endif
|
||||
|
||||
./config \
|
||||
no-idea \
|
||||
no-afalgeng \
|
||||
enable-rfc3779 \
|
||||
%ifarch x86_64 aarch64 ppc64le
|
||||
enable-ec_nistp_64_gcc_128 \
|
||||
%endif
|
||||
enable-camellia \
|
||||
zlib \
|
||||
no-ec2m \
|
||||
--prefix=%{_prefix} \
|
||||
--libdir=%{_lib} \
|
||||
--openssldir=%{ssletcdir} \
|
||||
%{optflags} \
|
||||
%{?cflags_livepatching} \
|
||||
-Wa,--noexecstack \
|
||||
-Wl,-z,relro,-z,now \
|
||||
-fno-common \
|
||||
-DTERMIO \
|
||||
-DPURIFY \
|
||||
-D_GNU_SOURCE \
|
||||
-DOPENSSL_NO_BUF_FREELISTS \
|
||||
$(getconf LFS_CFLAGS) \
|
||||
-Wall \
|
||||
--with-rand-seed=getrandom \
|
||||
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config
|
||||
|
||||
# Show build configuration
|
||||
perl configdata.pm --dump
|
||||
|
||||
util/mkdef.pl crypto update
|
||||
%make_build depend
|
||||
%make_build all
|
||||
|
||||
%check
|
||||
export MALLOC_CHECK_=3
|
||||
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
|
||||
LD_LIBRARY_PATH=`pwd` make test -j1
|
||||
|
||||
# Create the hmac files required to run the regression tests in FIPS mode
|
||||
LD_LIBRARY_PATH=`pwd` %{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
libssl.so.%{maj_min} > .libssl.so.%{maj_min}.hmac
|
||||
LD_LIBRARY_PATH=`pwd` %{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
libcrypto.so.%{maj_min} > .libcrypto.so.%{maj_min}.hmac
|
||||
OPENSSL_FORCE_FIPS_MODE=1 LD_LIBRARY_PATH=`pwd` make TESTS='-test_pem \
|
||||
-test_hmac -test_mdc2 -test_dh -test_dsa -test_genrsa \
|
||||
-test_mp_rsa -test_enc -test_enc_more -test_passwd -test_req \
|
||||
-test_verify -test_evp -test_evp_extra -test_pkey_meth_kdf \
|
||||
-test_bad_dtls -test_comp -test_key_share -test_renegotiation \
|
||||
-test_sslcbcpadding -test_sslcertstatus -test_sslextension \
|
||||
-test_sslmessages -test_sslrecords -test_sslsessiontick \
|
||||
-test_sslsigalgs -test_sslsignature -test_sslskewith0p \
|
||||
-test_sslversions -test_sslvertol -test_tls13alerts \
|
||||
-test_tls13cookie -test_tls13downgrade -test_tls13hrr \
|
||||
-test_tls13kexmodes -test_tls13messages -test_tls13psk \
|
||||
-test_tlsextms -test_ca -test_cipherlist -test_cms \
|
||||
-test_dtls_mtu -test_ssl_new -test_ssl_old -test_bio_enc \
|
||||
-test_sslapi -test_tls13ccs -test_ec' test -j1
|
||||
|
||||
# show ciphers
|
||||
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
|
||||
|
||||
%install
|
||||
%{?pack_ipa_dumps}
|
||||
%make_install %{?_smp_mflags}
|
||||
# kill static libs
|
||||
rm -f %{buildroot}%{_libdir}/lib*.a
|
||||
|
||||
# Rename the openssl CLI to openssl-1_1
|
||||
mv %{buildroot}%{_bindir}/openssl %{buildroot}%{_bindir}/openssl-1_1
|
||||
|
||||
# Install the openssl-1_1.cnf config file
|
||||
install -m 644 apps/openssl-1_1.cnf %{buildroot}%{_sysconfdir}/ssl/openssl-1_1.cnf
|
||||
|
||||
# remove the cnf.dist
|
||||
rm -f %{buildroot}%{_sysconfdir}/ssl/openssl-1_1.cnf.dist
|
||||
rm -f %{buildroot}%{_sysconfdir}/ssl/ct_log_list.cnf
|
||||
rm -f %{buildroot}%{_sysconfdir}/ssl/ct_log_list.cnf.dist
|
||||
ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl
|
||||
|
||||
mkdir %{buildroot}/%{_datadir}/ssl
|
||||
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/
|
||||
# Create the two directories into which packages will drop their configuration
|
||||
# files.
|
||||
mkdir %{buildroot}/%{sslengcnf}
|
||||
mkdir %{buildroot}/%{sslengdef}
|
||||
|
||||
# avoid file conflicts with man pages from other packages
|
||||
#
|
||||
pushd %{buildroot}/%{_mandir}
|
||||
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
|
||||
# replace spaces by underscores
|
||||
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
|
||||
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
|
||||
for i in man?/*; do
|
||||
if test -L $i ; then
|
||||
LDEST=`readlink $i`
|
||||
rm -f $i ${i}ssl
|
||||
ln -sf ${LDEST}ssl ${i}ssl
|
||||
else
|
||||
mv $i ${i}ssl
|
||||
fi
|
||||
case "$i" in
|
||||
*.1)
|
||||
# these are the pages mentioned in openssl(1). They go into the main package.
|
||||
echo %doc %{_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist;;
|
||||
*)
|
||||
# the rest goes into the openssl-doc package.
|
||||
echo %doc %{_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist.doc;;
|
||||
esac
|
||||
done
|
||||
popd
|
||||
|
||||
# Do not install demo scripts executable under /usr/share/doc
|
||||
find demos -type f -perm /111 -exec chmod 644 {} \;
|
||||
|
||||
# Place showciphers.c for %%doc macro
|
||||
cp %{SOURCE5} .
|
||||
|
||||
# the hmac hashes:
|
||||
#
|
||||
# this is a hack that re-defines the __os_install_post macro
|
||||
# for a simple reason: the macro strips the binaries and thereby
|
||||
# invalidates a HMAC that may have been created earlier.
|
||||
# solution: create the hashes _after_ the macro runs.
|
||||
#
|
||||
# this shows up earlier because otherwise the expand of
|
||||
# the macro is too late.
|
||||
# remark: This is the same as running
|
||||
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
|
||||
%{expand:%%global __os_install_post {%__os_install_post
|
||||
|
||||
# Point linker to the newly installed libcrypto in order to avoid BuildRequiring itself (libopenssl1_1)
|
||||
export LD_LIBRARY_PATH="%{buildroot}%{_libdir}"
|
||||
|
||||
%{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
%{buildroot}%{_libdir}/libssl.so.%{maj_min} > \
|
||||
%{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac
|
||||
|
||||
# As fips_standalone_hmac now uses the very same library it checksums,
|
||||
# the libcrypto hmac needs to be saved to a temporary file, otherwise
|
||||
# the library will detect the empty hmac and abort due to a wrong checksum
|
||||
%{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
%{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \
|
||||
%{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.temphmac
|
||||
|
||||
# rename the temporary checksum to its proper name
|
||||
mv %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.temphmac %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac
|
||||
unset LD_LIBRARY_PATH
|
||||
|
||||
}}
|
||||
|
||||
%pre
|
||||
# Migrate old engines.d to engines1.1.d.rpmsave
|
||||
if [ ! -L %{ssletcdir}/engines.d ] && [ -d %{ssletcdir}/engines.d ]; then
|
||||
mkdir %{ssletcdir}/engines1.1.d.rpmsave ||:
|
||||
mv -v %{ssletcdir}/engines.d/* %{ssletcdir}/engines1.1.d.rpmsave ||:
|
||||
rmdir %{ssletcdir}/engines.d ||:
|
||||
fi
|
||||
|
||||
# Migrate old engdef.d to engdef1.1.d.rpmsave
|
||||
if [ ! -L %{ssletcdir}/engdef.d ] && [ -d %{ssletcdir}/engdef.d ]; then
|
||||
mkdir %{ssletcdir}/engdef1.1.d.rpmsave ||:
|
||||
mv -v %{ssletcdir}/engdef.d/* %{ssletcdir}/engdef1.1.d.rpmsave ||:
|
||||
rmdir %{ssletcdir}/engdef.d ||:
|
||||
fi
|
||||
|
||||
%posttrans
|
||||
# Restore engines1.1.d.rpmsave to engines1.1.d
|
||||
if [ -d %{ssletcdir}/engines1.1.d.rpmsave ]; then
|
||||
mv -v %{ssletcdir}/engines1.1.d.rpmsave/* %{ssletcdir}/engines1.1.d ||:
|
||||
rmdir %{ssletcdir}/engines1.1.d.rpmsave ||:
|
||||
fi
|
||||
|
||||
# Restore engdef1.1.d.rpmsave to engdef1.1.d
|
||||
if [ -d %{ssletcdir}/engdef1.1.d.rpmsave ]; then
|
||||
mv -v %{ssletcdir}/engdef1.1.d.rpmsave/* %{ssletcdir}/engdef1.1.d ||:
|
||||
rmdir %{ssletcdir}/engdef1.1.d.rpmsave ||:
|
||||
fi
|
||||
|
||||
# Move engines1_1.d to engines1.1.d
|
||||
if [ -d %{ssletcdir}/engines1_1.d ]; then
|
||||
mv -v %{ssletcdir}/engines1_1.d/* %{ssletcdir}/engines1.1.d ||:
|
||||
rmdir %{ssletcdir}/engines1_1.d ||:
|
||||
fi
|
||||
|
||||
# Move engdef1_1.d to engdef1.1.d
|
||||
if [ -d %{ssletcdir}/engdef1_1.d ]; then
|
||||
mv -v %{ssletcdir}/engdef1_1.d/* %{ssletcdir}/engdef1.1.d ||:
|
||||
rmdir %{ssletcdir}/engdef1_1.d ||:
|
||||
fi
|
||||
|
||||
%post -n libopenssl1_1 -p /sbin/ldconfig
|
||||
%postun -n libopenssl1_1 -p /sbin/ldconfig
|
||||
|
||||
%files -n libopenssl1_1
|
||||
%license LICENSE
|
||||
%{_libdir}/libssl.so.%{maj_min}
|
||||
%{_libdir}/libcrypto.so.%{maj_min}
|
||||
%{_libdir}/.libssl.so.%{maj_min}.hmac
|
||||
%{_libdir}/.libcrypto.so.%{maj_min}.hmac
|
||||
%{_libdir}/engines-%{maj_min}
|
||||
|
||||
%files -n libopenssl-1_1-devel
|
||||
%{_includedir}/%{_rname}/
|
||||
%{_includedir}/ssl
|
||||
%{_libdir}/libssl.so
|
||||
%{_libdir}/libcrypto.so
|
||||
%{_libdir}/pkgconfig/libcrypto.pc
|
||||
%{_libdir}/pkgconfig/libssl.pc
|
||||
%{_libdir}/pkgconfig/openssl.pc
|
||||
|
||||
%files doc -f filelist.doc
|
||||
%doc doc/* demos
|
||||
%doc showciphers.c
|
||||
|
||||
%files -f filelist
|
||||
%doc CHANGE* NEWS README
|
||||
%dir %{ssletcdir}
|
||||
%config (noreplace) %{ssletcdir}/openssl-1_1.cnf
|
||||
%attr(700,root,root) %{ssletcdir}/private
|
||||
%dir %{sslengcnf}
|
||||
%dir %{sslengdef}
|
||||
%dir %{_datadir}/ssl
|
||||
%{_datadir}/ssl/misc
|
||||
%{_bindir}/c_rehash-1_1
|
||||
%{_bindir}/fips_standalone_hmac
|
||||
%{_bindir}/openssl-1_1
|
||||
|
||||
%changelog
|
174
openssl-CVE-2023-5678.patch
Normal file
174
openssl-CVE-2023-5678.patch
Normal file
@ -0,0 +1,174 @@
|
||||
From db925ae2e65d0d925adef429afc37f75bd1c2017 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Levitte <levitte@openssl.org>
|
||||
Date: Fri, 20 Oct 2023 09:18:19 +0200
|
||||
Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
|
||||
|
||||
We already check for an excessively large P in DH_generate_key(), but not in
|
||||
DH_check_pub_key(), and none of them check for an excessively large Q.
|
||||
|
||||
This change adds all the missing excessive size checks of P and Q.
|
||||
|
||||
It's to be noted that behaviours surrounding excessively sized P and Q
|
||||
differ. DH_check() raises an error on the excessively sized P, but only
|
||||
sets a flag for the excessively sized Q. This behaviour is mimicked in
|
||||
DH_check_pub_key().
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/22518)
|
||||
|
||||
(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
|
||||
---
|
||||
crypto/dh/dh_check.c | 12 ++++++++++++
|
||||
crypto/dh/dh_err.c | 3 ++-
|
||||
crypto/dh/dh_key.c | 12 ++++++++++++
|
||||
crypto/err/openssl.txt | 1 +
|
||||
include/crypto/dherr.h | 2 +-
|
||||
include/openssl/dh.h | 6 +++---
|
||||
include/openssl/dherr.h | 3 ++-
|
||||
7 files changed, 33 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1w/crypto/dh/dh_err.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/dh/dh_err.c
|
||||
+++ openssl-1.1.1w/crypto/dh/dh_err.c
|
||||
@@ -21,6 +21,7 @@ static const ERR_STRING_DATA DH_str_func
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY, 0), "DH_check_pub_key"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
|
||||
@@ -87,6 +88,7 @@ static const ERR_STRING_DATA DH_str_reas
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
||||
"parameter encoding error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
|
||||
"unable to check generator"},
|
||||
Index: openssl-1.1.1w/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/err/openssl.txt
|
||||
+++ openssl-1.1.1w/crypto/err/openssl.txt
|
||||
@@ -404,6 +404,7 @@ DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin
|
||||
DH_F_DH_CHECK:126:DH_check
|
||||
DH_F_DH_CHECK_EX:121:DH_check_ex
|
||||
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
|
||||
+DH_F_DH_CHECK_PUB_KEY:128:DH_check_pub_key
|
||||
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
|
||||
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
|
||||
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
|
||||
@@ -2226,6 +2227,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters
|
||||
DH_R_NO_PRIVATE_VALUE:100:no private value
|
||||
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
||||
DH_R_PEER_KEY_ERROR:111:peer key error
|
||||
+DH_R_Q_TOO_LARGE:130:q too large
|
||||
DH_R_SHARED_INFO_ERROR:113:shared info error
|
||||
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
|
||||
DSA_R_BAD_Q_VALUE:102:bad q value
|
||||
Index: openssl-1.1.1w/include/openssl/dherr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/include/openssl/dherr.h
|
||||
+++ openssl-1.1.1w/include/openssl/dherr.h
|
||||
@@ -31,6 +31,7 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_F_DH_CHECK 126
|
||||
# define DH_F_DH_CHECK_EX 121
|
||||
# define DH_F_DH_CHECK_PARAMS_EX 122
|
||||
+# define DH_F_DH_CHECK_PUB_KEY 128
|
||||
# define DH_F_DH_CHECK_PUB_KEY_EX 123
|
||||
# define DH_F_DH_CMS_DECRYPT 114
|
||||
# define DH_F_DH_CMS_SET_PEERKEY 115
|
||||
@@ -84,6 +85,7 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_R_NO_PRIVATE_VALUE 100
|
||||
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
||||
# define DH_R_PEER_KEY_ERROR 111
|
||||
+# define DH_R_Q_TOO_LARGE 130
|
||||
# define DH_R_SHARED_INFO_ERROR 113
|
||||
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
|
||||
|
||||
Index: openssl-1.1.1w/crypto/dh/dh_check.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/dh/dh_check.c
|
||||
+++ openssl-1.1.1w/crypto/dh/dh_check.c
|
||||
@@ -260,6 +260,18 @@ static int dh_check_pub_key_int(const DH
|
||||
*/
|
||||
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
+ /* Don't do any checks at all with an excessively large modulus */
|
||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE);
|
||||
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
|
||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
return dh_check_pub_key_int(dh, dh->q, pub_key, ret);
|
||||
}
|
||||
|
||||
Index: openssl-1.1.1w/crypto/dh/dh_key.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/dh/dh_key.c
|
||||
+++ openssl-1.1.1w/crypto/dh/dh_key.c
|
||||
@@ -51,6 +51,12 @@ int DH_compute_key(unsigned char *key, c
|
||||
int ret = 0, i;
|
||||
volatile size_t npad = 0, mask = 1;
|
||||
|
||||
+ if (dh->q != NULL
|
||||
+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
/* compute the key; ret is constant unless compute_key is external */
|
||||
if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
|
||||
return ret;
|
||||
@@ -147,6 +153,12 @@ static int generate_key(DH *dh)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (dh->q != NULL
|
||||
+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
Index: openssl-1.1.1w/doc/man3/DH_generate_parameters.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/doc/man3/DH_generate_parameters.pod
|
||||
+++ openssl-1.1.1w/doc/man3/DH_generate_parameters.pod
|
||||
@@ -73,6 +73,10 @@ The generator B<g> is not suitable.
|
||||
Note that the lack of this bit doesn't guarantee that B<g> is
|
||||
suitable, unless B<p> is known to be a strong prime.
|
||||
|
||||
+=item DH_MODULUS_TOO_LARGE
|
||||
+
|
||||
+The modulus is too large.
|
||||
+
|
||||
=back
|
||||
|
||||
DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
|
||||
Index: openssl-1.1.1w/include/openssl/dh.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/include/openssl/dh.h
|
||||
+++ openssl-1.1.1w/include/openssl/dh.h
|
||||
@@ -78,8 +78,9 @@ DECLARE_ASN1_ITEM(DHparams)
|
||||
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
|
||||
# define DH_NOT_SUITABLE_GENERATOR 0x08
|
||||
# define DH_CHECK_Q_NOT_PRIME 0x10
|
||||
-# define DH_CHECK_INVALID_Q_VALUE 0x20
|
||||
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
|
||||
# define DH_CHECK_INVALID_J_VALUE 0x40
|
||||
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
|
||||
|
||||
/* DH_check_pub_key error codes */
|
||||
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
158
openssl-CVE-2024-0727.patch
Normal file
158
openssl-CVE-2024-0727.patch
Normal file
@ -0,0 +1,158 @@
|
||||
From 09df4395b5071217b76dc7d3d2e630eb8c5a79c2 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Fri, 19 Jan 2024 11:28:58 +0000
|
||||
Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL
|
||||
|
||||
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
|
||||
optional and can be NULL even if the "type" is a valid value. OpenSSL
|
||||
was not properly accounting for this and a NULL dereference can occur
|
||||
causing a crash.
|
||||
|
||||
CVE-2024-0727
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/23362)
|
||||
|
||||
(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c)
|
||||
---
|
||||
crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++
|
||||
crypto/pkcs12/p12_mutl.c | 5 +++++
|
||||
crypto/pkcs12/p12_npas.c | 5 +++--
|
||||
crypto/pkcs7/pk7_mime.c | 7 +++++--
|
||||
4 files changed, 31 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1w/crypto/pkcs12/p12_add.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/pkcs12/p12_add.c
|
||||
+++ openssl-1.1.1w/crypto/pkcs12/p12_add.c
|
||||
@@ -76,6 +76,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_
|
||||
PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
+ if (p7->d.data == NULL) {
|
||||
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
|
||||
}
|
||||
|
||||
@@ -132,6 +138,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_
|
||||
{
|
||||
if (!PKCS7_type_is_encrypted(p7))
|
||||
return NULL;
|
||||
+
|
||||
+ if (p7->d.encrypted == NULL) {
|
||||
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7ENCDATA, PKCS12_R_DECODE_ERROR);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
|
||||
ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
|
||||
pass, passlen,
|
||||
@@ -159,6 +171,13 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes
|
||||
PKCS12_R_CONTENT_TYPE_NOT_DATA);
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
+ if (p12->authsafes->d.data == NULL) {
|
||||
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
|
||||
+ PKCS12_R_DECODE_ERROR);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return ASN1_item_unpack(p12->authsafes->d.data,
|
||||
ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
|
||||
}
|
||||
Index: openssl-1.1.1w/crypto/pkcs12/p12_mutl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/pkcs12/p12_mutl.c
|
||||
+++ openssl-1.1.1w/crypto/pkcs12/p12_mutl.c
|
||||
@@ -93,6 +93,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, c
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (p12->authsafes->d.data == NULL) {
|
||||
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
salt = p12->mac->salt->data;
|
||||
saltlen = p12->mac->salt->length;
|
||||
if (!p12->mac->iter)
|
||||
Index: openssl-1.1.1w/crypto/pkcs12/p12_npas.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/pkcs12/p12_npas.c
|
||||
+++ openssl-1.1.1w/crypto/pkcs12/p12_npas.c
|
||||
@@ -78,8 +78,9 @@ static int newpass_p12(PKCS12 *p12, cons
|
||||
bags = PKCS12_unpack_p7data(p7);
|
||||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
|
||||
- if (!alg_get(p7->d.encrypted->enc_data->algorithm,
|
||||
- &pbe_nid, &pbe_iter, &pbe_saltlen))
|
||||
+ if (p7->d.encrypted == NULL
|
||||
+ || !alg_get(p7->d.encrypted->enc_data->algorithm,
|
||||
+ &pbe_nid, &pbe_iter, &pbe_saltlen))
|
||||
goto err;
|
||||
} else {
|
||||
continue;
|
||||
Index: openssl-1.1.1w/crypto/pkcs7/pk7_mime.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/pkcs7/pk7_mime.c
|
||||
+++ openssl-1.1.1w/crypto/pkcs7/pk7_mime.c
|
||||
@@ -30,10 +30,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p
|
||||
{
|
||||
STACK_OF(X509_ALGOR) *mdalgs;
|
||||
int ctype_nid = OBJ_obj2nid(p7->type);
|
||||
- if (ctype_nid == NID_pkcs7_signed)
|
||||
+ if (ctype_nid == NID_pkcs7_signed) {
|
||||
+ if (p7->d.sign == NULL)
|
||||
+ return 0;
|
||||
mdalgs = p7->d.sign->md_algs;
|
||||
- else
|
||||
+ } else {
|
||||
mdalgs = NULL;
|
||||
+ }
|
||||
|
||||
flags ^= SMIME_OLDMIME;
|
||||
|
||||
Index: openssl-1.1.1w/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/err/openssl.txt
|
||||
+++ openssl-1.1.1w/crypto/err/openssl.txt
|
||||
@@ -1079,6 +1079,7 @@ PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_set
|
||||
PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac
|
||||
PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes
|
||||
PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data
|
||||
+PKCS12_F_PKCS12_UNPACK_P7ENCDATA:233:PKCS12_unpack_p7encdata
|
||||
PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac
|
||||
PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt
|
||||
PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe
|
||||
Index: openssl-1.1.1w/crypto/pkcs12/pk12err.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/crypto/pkcs12/pk12err.c
|
||||
+++ openssl-1.1.1w/crypto/pkcs12/pk12err.c
|
||||
@@ -58,6 +58,8 @@ static const ERR_STRING_DATA PKCS12_str_
|
||||
"PKCS12_unpack_authsafes"},
|
||||
{ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0),
|
||||
"PKCS12_unpack_p7data"},
|
||||
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7ENCDATA, 0),
|
||||
+ "PKCS12_unpack_p7encdata"},
|
||||
{ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0),
|
||||
"PKCS12_verify_mac"},
|
||||
{ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"},
|
||||
Index: openssl-1.1.1w/include/openssl/pkcs12err.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/include/openssl/pkcs12err.h
|
||||
+++ openssl-1.1.1w/include/openssl/pkcs12err.h
|
||||
@@ -49,6 +49,7 @@ int ERR_load_PKCS12_strings(void);
|
||||
# define PKCS12_F_PKCS12_SET_MAC 123
|
||||
# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
|
||||
# define PKCS12_F_PKCS12_UNPACK_P7DATA 131
|
||||
+# define PKCS12_F_PKCS12_UNPACK_P7ENCDATA 233
|
||||
# define PKCS12_F_PKCS12_VERIFY_MAC 126
|
||||
# define PKCS12_F_PKCS8_ENCRYPT 125
|
||||
# define PKCS12_F_PKCS8_SET0_PBE 132
|
118
openssl-CVE-2024-2511.patch
Normal file
118
openssl-CVE-2024-2511.patch
Normal file
@ -0,0 +1,118 @@
|
||||
From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Tue, 5 Mar 2024 15:43:53 +0000
|
||||
Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
|
||||
|
||||
In TLSv1.3 we create a new session object for each ticket that we send.
|
||||
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
|
||||
use then the new session will be added to the session cache. However, if
|
||||
early data is not in use (and therefore anti-replay protection is being
|
||||
used), then multiple threads could be resuming from the same session
|
||||
simultaneously. If this happens and a problem occurs on one of the threads,
|
||||
then the original session object could be marked as not_resumable. When we
|
||||
duplicate the session object this not_resumable status gets copied into the
|
||||
new session object. The new session object is then added to the session
|
||||
cache even though it is not_resumable.
|
||||
|
||||
Subsequently, another bug means that the session_id_length is set to 0 for
|
||||
sessions that are marked as not_resumable - even though that session is
|
||||
still in the cache. Once this happens the session can never be removed from
|
||||
the cache. When that object gets to be the session cache tail object the
|
||||
cache never shrinks again and grows indefinitely.
|
||||
|
||||
CVE-2024-2511
|
||||
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/24044)
|
||||
|
||||
(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce)
|
||||
---
|
||||
ssl/ssl_lib.c | 5 +++--
|
||||
ssl/ssl_sess.c | 28 ++++++++++++++++++++++------
|
||||
ssl/statem/statem_srvr.c | 5 ++---
|
||||
3 files changed, 27 insertions(+), 11 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1w/ssl/ssl_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/ssl_lib.c
|
||||
+++ openssl-1.1.1w/ssl/ssl_lib.c
|
||||
@@ -3524,9 +3524,10 @@ void ssl_update_cache(SSL *s, int mode)
|
||||
|
||||
/*
|
||||
* If the session_id_length is 0, we are not supposed to cache it, and it
|
||||
- * would be rather hard to do anyway :-)
|
||||
+ * would be rather hard to do anyway :-). Also if the session has already
|
||||
+ * been marked as not_resumable we should not cache it for later reuse.
|
||||
*/
|
||||
- if (s->session->session_id_length == 0)
|
||||
+ if (s->session->session_id_length == 0 || s->session->not_resumable)
|
||||
return;
|
||||
|
||||
/*
|
||||
Index: openssl-1.1.1w/ssl/ssl_sess.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/ssl_sess.c
|
||||
+++ openssl-1.1.1w/ssl/ssl_sess.c
|
||||
@@ -94,16 +94,11 @@ SSL_SESSION *SSL_SESSION_new(void)
|
||||
return ss;
|
||||
}
|
||||
|
||||
-SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
|
||||
-{
|
||||
- return ssl_session_dup(src, 1);
|
||||
-}
|
||||
-
|
||||
/*
|
||||
* Create a new SSL_SESSION and duplicate the contents of |src| into it. If
|
||||
* ticket == 0 then no ticket information is duplicated, otherwise it is.
|
||||
*/
|
||||
-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
||||
+static SSL_SESSION *ssl_session_dup_intern(SSL_SESSION *src, int ticket)
|
||||
{
|
||||
SSL_SESSION *dest;
|
||||
|
||||
@@ -226,6 +221,27 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
|
||||
+{
|
||||
+ return ssl_session_dup_intern(src, 1);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Used internally when duplicating a session which might be already shared.
|
||||
+ * We will have resumed the original session. Subsequently we might have marked
|
||||
+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
|
||||
+ * resume from.
|
||||
+ */
|
||||
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
||||
+{
|
||||
+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
|
||||
+
|
||||
+ if (sess != NULL)
|
||||
+ sess->not_resumable = 0;
|
||||
+
|
||||
+ return sess;
|
||||
+}
|
||||
+
|
||||
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
|
||||
{
|
||||
if (len)
|
||||
Index: openssl-1.1.1w/ssl/statem/statem_srvr.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/statem/statem_srvr.c
|
||||
+++ openssl-1.1.1w/ssl/statem/statem_srvr.c
|
||||
@@ -2403,9 +2403,8 @@ int tls_construct_server_hello(SSL *s, W
|
||||
* so the following won't overwrite an ID that we're supposed
|
||||
* to send back.
|
||||
*/
|
||||
- if (s->session->not_resumable ||
|
||||
- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
|
||||
- && !s->hit))
|
||||
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
|
||||
+ && !s->hit)
|
||||
s->session->session_id_length = 0;
|
||||
|
||||
if (usetls13) {
|
41
openssl-CVE-2024-4741.patch
Normal file
41
openssl-CVE-2024-4741.patch
Normal file
@ -0,0 +1,41 @@
|
||||
@@ -, +, @@
|
||||
---
|
||||
ssl/record/methods/tls_common.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
Index: openssl-1.1.1w/ssl/record/ssl3_buffer.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/record/ssl3_buffer.c 2023-09-11 14:08:11.000000000 +0000
|
||||
+++ openssl-1.1.1w/ssl/record/ssl3_buffer.c 2024-06-12 07:58:27.817211675 +0000
|
||||
@@ -179,5 +179,7 @@ int ssl3_release_read_buffer(SSL *s)
|
||||
b = RECORD_LAYER_get_rbuf(&s->rlayer);
|
||||
OPENSSL_free(b->buf);
|
||||
b->buf = NULL;
|
||||
+ s->rlayer.packet = NULL;
|
||||
+ s->rlayer.packet_length = 0;
|
||||
return 1;
|
||||
}
|
||||
Index: openssl-1.1.1w/ssl/record/rec_layer_s3.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/record/rec_layer_s3.c 2023-09-11 14:08:11.000000000 +0000
|
||||
+++ openssl-1.1.1w/ssl/record/rec_layer_s3.c 2024-06-12 07:58:27.817211675 +0000
|
||||
@@ -17,6 +17,7 @@
|
||||
#include "record_local.h"
|
||||
#include "../packet_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "internal/cryptlib.h"
|
||||
|
||||
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
|
||||
!( defined(AESNI_ASM) && ( \
|
||||
@@ -238,6 +239,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t
|
||||
s->rlayer.packet_length = 0;
|
||||
/* ... now we can act as if 'extend' was set */
|
||||
}
|
||||
+ if (!ossl_assert(s->rlayer.packet != NULL)) {
|
||||
+ /* does not happen */
|
||||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
|
||||
+ ERR_R_INTERNAL_ERROR);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
len = s->rlayer.packet_length;
|
||||
pkt = rb->buf + align;
|
234
openssl-CVE-2024-5535.patch
Normal file
234
openssl-CVE-2024-5535.patch
Normal file
@ -0,0 +1,234 @@
|
||||
From 4ada436a1946cbb24db5ab4ca082b69c1bc10f37 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Fri, 31 May 2024 11:14:33 +0100
|
||||
Subject: [PATCH] Fix SSL_select_next_proto
|
||||
|
||||
Ensure that the provided client list is non-NULL and starts with a valid
|
||||
entry. When called from the ALPN callback the client list should already
|
||||
have been validated by OpenSSL so this should not cause a problem. When
|
||||
called from the NPN callback the client list is locally configured and
|
||||
will not have already been validated. Therefore SSL_select_next_proto
|
||||
should not assume that it is correctly formatted.
|
||||
|
||||
We implement stricter checking of the client protocol list. We also do the
|
||||
same for the server list while we are about it.
|
||||
|
||||
CVE-2024-5535
|
||||
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/24718)
|
||||
---
|
||||
ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++-------------------
|
||||
1 file changed, 40 insertions(+), 23 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1w/ssl/ssl_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/ssl_lib.c
|
||||
+++ openssl-1.1.1w/ssl/ssl_lib.c
|
||||
@@ -2761,37 +2761,54 @@ int SSL_select_next_proto(unsigned char
|
||||
unsigned int server_len,
|
||||
const unsigned char *client, unsigned int client_len)
|
||||
{
|
||||
- unsigned int i, j;
|
||||
- const unsigned char *result;
|
||||
- int status = OPENSSL_NPN_UNSUPPORTED;
|
||||
+ PACKET cpkt, csubpkt, spkt, ssubpkt;
|
||||
+
|
||||
+ if (!PACKET_buf_init(&cpkt, client, client_len)
|
||||
+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
|
||||
+ || PACKET_remaining(&csubpkt) == 0) {
|
||||
+ *out = NULL;
|
||||
+ *outlen = 0;
|
||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Set the default opportunistic protocol. Will be overwritten if we find
|
||||
+ * a match.
|
||||
+ */
|
||||
+ *out = (unsigned char *)PACKET_data(&csubpkt);
|
||||
+ *outlen = (unsigned char)PACKET_remaining(&csubpkt);
|
||||
|
||||
/*
|
||||
* For each protocol in server preference order, see if we support it.
|
||||
*/
|
||||
- for (i = 0; i < server_len;) {
|
||||
- for (j = 0; j < client_len;) {
|
||||
- if (server[i] == client[j] &&
|
||||
- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
|
||||
- /* We found a match */
|
||||
- result = &server[i];
|
||||
- status = OPENSSL_NPN_NEGOTIATED;
|
||||
- goto found;
|
||||
+ if (PACKET_buf_init(&spkt, server, server_len)) {
|
||||
+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
|
||||
+ if (PACKET_remaining(&ssubpkt) == 0)
|
||||
+ continue; /* Invalid - ignore it */
|
||||
+ if (PACKET_buf_init(&cpkt, client, client_len)) {
|
||||
+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
|
||||
+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
|
||||
+ PACKET_remaining(&ssubpkt))) {
|
||||
+ /* We found a match */
|
||||
+ *out = (unsigned char *)PACKET_data(&ssubpkt);
|
||||
+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
|
||||
+ return OPENSSL_NPN_NEGOTIATED;
|
||||
+ }
|
||||
+ }
|
||||
+ /* Ignore spurious trailing bytes in the client list */
|
||||
+ } else {
|
||||
+ /* This should never happen */
|
||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
||||
}
|
||||
- j += client[j];
|
||||
- j++;
|
||||
}
|
||||
- i += server[i];
|
||||
- i++;
|
||||
+ /* Ignore spurious trailing bytes in the server list */
|
||||
}
|
||||
|
||||
- /* There's no overlap between our protocols and the server's list. */
|
||||
- result = client;
|
||||
- status = OPENSSL_NPN_NO_OVERLAP;
|
||||
-
|
||||
- found:
|
||||
- *out = (unsigned char *)result + 1;
|
||||
- *outlen = result[0];
|
||||
- return status;
|
||||
+ /*
|
||||
+ * There's no overlap between our protocols and the server's list. We use
|
||||
+ * the default opportunistic protocol selected earlier
|
||||
+ */
|
||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
Index: openssl-1.1.1w/ssl/statem/extensions_clnt.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/statem/extensions_clnt.c
|
||||
+++ openssl-1.1.1w/ssl/statem/extensions_clnt.c
|
||||
@@ -1599,7 +1599,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *p
|
||||
PACKET_data(pkt),
|
||||
PACKET_remaining(pkt),
|
||||
s->ctx->ext.npn_select_cb_arg) !=
|
||||
- SSL_TLSEXT_ERR_OK) {
|
||||
+ SSL_TLSEXT_ERR_OK
|
||||
+ || selected_len == 0) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
|
||||
SSL_R_BAD_EXTENSION);
|
||||
return 0;
|
||||
@@ -1630,6 +1631,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *
|
||||
size_t chainidx)
|
||||
{
|
||||
size_t len;
|
||||
+ PACKET confpkt, protpkt;
|
||||
+ int valid = 0;
|
||||
|
||||
/* We must have requested it. */
|
||||
if (!s->s3->alpn_sent) {
|
||||
@@ -1650,6 +1653,30 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *
|
||||
SSL_R_BAD_EXTENSION);
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+ /* It must be a protocol that we sent */
|
||||
+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
|
||||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
||||
+ ERR_R_INTERNAL_ERROR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
|
||||
+ if (PACKET_remaining(&protpkt) != len)
|
||||
+ continue;
|
||||
+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
|
||||
+ /* Valid protocol found */
|
||||
+ valid = 1;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!valid) {
|
||||
+ /* The protocol sent from the server does not match one we advertised */
|
||||
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
||||
+ SSL_R_BAD_EXTENSION);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_malloc(len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
Index: openssl-1.1.1w/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
||||
+++ openssl-1.1.1w/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
||||
@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_sel
|
||||
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
|
||||
set the list of protocols available to be negotiated. The B<protos> must be in
|
||||
protocol-list format, described below. The length of B<protos> is specified in
|
||||
-B<protos_len>.
|
||||
+B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
|
||||
+protocols and no ALPN extension will be sent to the server.
|
||||
|
||||
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
|
||||
server to select which protocol to use for the incoming connection. When B<cb>
|
||||
@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_le
|
||||
described below. The first item in the B<server>, B<server_len> list that
|
||||
matches an item in the B<client>, B<client_len> list is selected, and returned
|
||||
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
|
||||
-B<client>, so it should be copied immediately. If no match is found, the first
|
||||
-item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
|
||||
-function can also be used in the NPN callback.
|
||||
+B<client>, so it should be copied immediately. The client list must include at
|
||||
+least one valid (nonempty) protocol entry in the list.
|
||||
+
|
||||
+The SSL_select_next_proto() helper function can be useful from either the ALPN
|
||||
+callback or the NPN callback (described below). If no match is found, the first
|
||||
+item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
|
||||
+B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
|
||||
+the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
|
||||
+must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
|
||||
+SSL_select_next_proto().
|
||||
|
||||
SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
|
||||
client needs to select a protocol from the server's provided list, and a
|
||||
@@ -85,9 +93,10 @@ must be set to point to the selected pro
|
||||
The length of the protocol name must be written into B<outlen>. The
|
||||
server's advertised protocols are provided in B<in> and B<inlen>. The
|
||||
callback can assume that B<in> is syntactically valid. The client must
|
||||
-select a protocol. It is fatal to the connection if this callback returns
|
||||
-a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
|
||||
-set via SSL_CTX_set_next_proto_select_cb().
|
||||
+select a protocol (although it may be an empty, zero length protocol). It is
|
||||
+fatal to the connection if this callback returns a value other than
|
||||
+B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
|
||||
+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
|
||||
|
||||
SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
|
||||
when a TLS server needs a list of supported protocols for Next Protocol
|
||||
@@ -149,7 +158,8 @@ A match was found and is returned in B<o
|
||||
=item OPENSSL_NPN_NO_OVERLAP
|
||||
|
||||
No match was found. The first item in B<client>, B<client_len> is returned in
|
||||
-B<out>, B<outlen>.
|
||||
+B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
|
||||
+B<client> is invalid).
|
||||
|
||||
=back
|
||||
|
||||
Index: openssl-1.1.1w/ssl/statem/extensions_srvr.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/ssl/statem/extensions_srvr.c
|
||||
+++ openssl-1.1.1w/ssl/statem/extensions_srvr.c
|
||||
@@ -1558,9 +1558,10 @@ EXT_RETURN tls_construct_stoc_next_proto
|
||||
return EXT_RETURN_FAIL;
|
||||
}
|
||||
s->s3->npn_seen = 1;
|
||||
+ return EXT_RETURN_SENT;
|
||||
}
|
||||
|
||||
- return EXT_RETURN_SENT;
|
||||
+ return EXT_RETURN_NOT_SENT;
|
||||
}
|
||||
#endif
|
||||
|
63
openssl-DEFAULT_SUSE_cipher.patch
Normal file
63
openssl-DEFAULT_SUSE_cipher.patch
Normal file
@ -0,0 +1,63 @@
|
||||
Index: openssl-1.1.1/ssl/ssl_ciph.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1.orig/ssl/ssl_ciph.c 2018-09-11 14:48:23.000000000 +0200
|
||||
+++ openssl-1.1.1/ssl/ssl_ciph.c 2018-09-11 16:38:40.412543331 +0200
|
||||
@@ -1567,7 +1567,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*/
|
||||
ok = 1;
|
||||
rule_p = rule_str;
|
||||
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
||||
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
|
||||
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
|
||||
+ &head, &tail, ca_list, c);
|
||||
+ rule_p += 12;
|
||||
+ if (*rule_p == ':')
|
||||
+ rule_p++;
|
||||
+ }
|
||||
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
||||
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
|
||||
&head, &tail, ca_list, c);
|
||||
rule_p += 7;
|
||||
Index: openssl-1.1.1/include/openssl/ssl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200
|
||||
+++ openssl-1.1.1/include/openssl/ssl.h 2018-09-11 16:45:20.979303981 +0200
|
||||
@@ -171,6 +171,10 @@ extern "C" {
|
||||
* This applies to ciphersuites for TLSv1.2 and below.
|
||||
*/
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
||||
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
|
||||
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
|
||||
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
|
||||
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
|
||||
/* This is the default set of TLSv1.3 ciphersuites */
|
||||
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
|
||||
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
|
||||
Index: openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t 2018-09-11 16:38:23.292423281 +0200
|
||||
@@ -0,0 +1,23 @@
|
||||
+#! /usr/bin/env perl
|
||||
+
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+
|
||||
+use OpenSSL::Test qw/:DEFAULT/;
|
||||
+use OpenSSL::Test::Utils;
|
||||
+
|
||||
+setup("test_default_ciphersuites");
|
||||
+
|
||||
+plan tests => 6;
|
||||
+
|
||||
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
|
||||
+
|
||||
+foreach my $cipherlist (@cipher_suites) {
|
||||
+ ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
|
||||
+ "openssl ciphers works with ciphersuite $cipherlist");
|
||||
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
|
||||
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
|
||||
+ ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
|
||||
+ "$cipherlist should contain TLSv1.3 ciphers\n");
|
||||
+}
|
||||
+
|
3294
openssl-DH.patch
Normal file
3294
openssl-DH.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,533 @@
|
||||
From 9bf682f62bd819d2fbceb95eeabd61dd4532240f Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 11 Jul 2019 10:23:49 +0200
|
||||
Subject: [PATCH 09205/10000] Enable curve-spefific ECDSA implementations via
|
||||
EC_METHOD
|
||||
|
||||
which are already enabled for ECDH.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/ec2_smpl.c | 3 +
|
||||
crypto/ec/ec_local.h | 15 +++++
|
||||
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
|
||||
crypto/ec/ecp_mont.c | 3 +
|
||||
crypto/ec/ecp_nist.c | 3 +
|
||||
crypto/ec/ecp_nistp224.c | 3 +
|
||||
crypto/ec/ecp_nistp256.c | 3 +
|
||||
crypto/ec/ecp_nistp521.c | 3 +
|
||||
crypto/ec/ecp_nistz256.c | 3 +
|
||||
crypto/ec/ecp_s390x_nistp.c | 3 +
|
||||
crypto/ec/ecp_smpl.c | 3 +
|
||||
crypto/err/openssl.txt | 5 ++
|
||||
include/openssl/ecerr.h | 1 +
|
||||
13 files changed, 119 insertions(+), 36 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1e/crypto/ec/ec2_smpl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ec2_smpl.c 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ec2_smpl.c 2020-03-20 13:03:17.247276054 +0100
|
||||
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
ec_GF2m_simple_ladder_pre,
|
||||
Index: openssl-1.1.1e/crypto/ec/ec_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ec_local.h 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ec_local.h 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -179,6 +179,14 @@ struct ec_method_st {
|
||||
/* custom ECDH operation */
|
||||
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
|
||||
const EC_POINT *pub_key, const EC_KEY *ecdh);
|
||||
+ /* custom ECDSA */
|
||||
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp);
|
||||
+ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen,
|
||||
+ const BIGNUM *kinv, const BIGNUM *r,
|
||||
+ EC_KEY *eckey);
|
||||
+ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
/* Inverse modulo order */
|
||||
int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
|
||||
const BIGNUM *x, BN_CTX *);
|
||||
@@ -656,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un
|
||||
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
|
||||
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp);
|
||||
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
+ EC_KEY *eckey);
|
||||
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
|
||||
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
|
||||
const uint8_t public_key[32], const uint8_t private_key[32]);
|
||||
Index: openssl-1.1.1e/crypto/ec/ecdsa_ossl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:54.463471314 +0100
|
||||
@@ -14,6 +14,41 @@
|
||||
#include "crypto/bn.h"
|
||||
#include "ec_local.h"
|
||||
|
||||
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp)
|
||||
+{
|
||||
+ if (eckey->group->meth->ecdsa_sign_setup == NULL) {
|
||||
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
|
||||
+}
|
||||
+
|
||||
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
+ EC_KEY *eckey)
|
||||
+{
|
||||
+ if (eckey->group->meth->ecdsa_sign_sig == NULL) {
|
||||
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len,
|
||||
+ in_kinv, in_r, eckey);
|
||||
+}
|
||||
+
|
||||
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
||||
+{
|
||||
+ if (eckey->group->meth->ecdsa_verify_sig == NULL) {
|
||||
+ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey);
|
||||
+}
|
||||
+
|
||||
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
||||
unsigned char *sig, unsigned int *siglen,
|
||||
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
|
||||
@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
||||
return ret;
|
||||
}
|
||||
|
||||
-int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
- BIGNUM **rp)
|
||||
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp)
|
||||
{
|
||||
return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
|
||||
}
|
||||
|
||||
-ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
- const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
- EC_KEY *eckey)
|
||||
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
+ EC_KEY *eckey)
|
||||
{
|
||||
int ok = 0, i;
|
||||
BIGNUM *kinv = NULL, *s, *m = NULL;
|
||||
@@ -167,35 +202,35 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
priv_key = EC_KEY_get0_private_key(eckey);
|
||||
|
||||
if (group == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return NULL;
|
||||
}
|
||||
if (priv_key == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!EC_KEY_can_sign(eckey)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = ECDSA_SIG_new();
|
||||
if (ret == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
ret->r = BN_new();
|
||||
ret->s = BN_new();
|
||||
if (ret->r == NULL || ret->s == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
s = ret->s;
|
||||
|
||||
if ((ctx = BN_CTX_new()) == NULL
|
||||
|| (m = BN_new()) == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -207,25 +242,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
if (8 * dgst_len > i)
|
||||
dgst_len = (i + 7) / 8;
|
||||
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If still too long, truncate remaining bits with a shift */
|
||||
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
do {
|
||||
if (in_kinv == NULL || in_r == NULL) {
|
||||
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB);
|
||||
goto err;
|
||||
}
|
||||
ckinv = kinv;
|
||||
} else {
|
||||
ckinv = in_kinv;
|
||||
if (BN_copy(ret->r, in_r) == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@@ -239,11 +274,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
*/
|
||||
if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
|
||||
|| !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!bn_mod_add_fixed_top(s, s, m, order)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
@@ -252,7 +287,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
*/
|
||||
if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
|
||||
|| !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -262,7 +297,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
* generate new kinv and r values
|
||||
*/
|
||||
if (in_kinv != NULL && in_r != NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
@@ -314,8 +349,8 @@ int ossl_ecdsa_verify(int type, const un
|
||||
return ret;
|
||||
}
|
||||
|
||||
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
- const ECDSA_SIG *sig, EC_KEY *eckey)
|
||||
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
||||
{
|
||||
int ret = -1, i;
|
||||
BN_CTX *ctx;
|
||||
@@ -328,18 +363,18 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
/* check input values */
|
||||
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
|
||||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!EC_KEY_can_sign(eckey)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
BN_CTX_start(ctx);
|
||||
@@ -348,26 +383,26 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
m = BN_CTX_get(ctx);
|
||||
X = BN_CTX_get(ctx);
|
||||
if (X == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
order = EC_GROUP_get0_order(group);
|
||||
if (order == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
|
||||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
|
||||
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
||||
ret = 0; /* signature is invalid */
|
||||
goto err;
|
||||
}
|
||||
/* calculate tmp1 = inv(S) mod order */
|
||||
if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* digest -> m */
|
||||
@@ -378,41 +413,41 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
if (8 * dgst_len > i)
|
||||
dgst_len = (i + 7) / 8;
|
||||
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If still too long truncate remaining bits with a shift */
|
||||
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* u1 = m * tmp mod order */
|
||||
if (!BN_mod_mul(u1, m, u2, order, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* u2 = r * w mod q */
|
||||
if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((point = EC_POINT_new(group)) == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BN_nnmod(u1, X, order, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* if the signature is correct u1 is equal to sig->r */
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_mont.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_mont.c 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_mont.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nist.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nist.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nist.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistp224.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
||||
ec_key_simple_generate_public_key,
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
ecdh_simple_compute_key,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistp256.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistp521.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistz256.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
NULL, /* keycopy */ \
|
||||
NULL, /* keyfinish */ \
|
||||
ecdh_simple_compute_key, \
|
||||
+ ecdsa_simple_sign_setup, \
|
||||
+ ecdsa_simple_sign_sig, \
|
||||
+ ecdsa_simple_verify_sig, \
|
||||
NULL, /* field_inverse_mod_ord */ \
|
||||
ec_GFp_simple_blind_coordinates, \
|
||||
ec_GFp_simple_ladder_pre, \
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_smpl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_smpl.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_smpl.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1e/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:03:13.831258131 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
||||
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
||||
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
||||
EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
+EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
||||
+EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
||||
+EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
||||
@@ -657,6 +660,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
|
||||
EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
|
||||
EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
|
||||
EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
|
||||
+EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup
|
||||
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
|
||||
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
|
||||
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
|
||||
@@ -2133,6 +2137,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
||||
EC_R_CANNOT_INVERT:165:cannot invert
|
||||
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
|
||||
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
||||
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
|
||||
EC_R_DECODE_ERROR:142:decode error
|
||||
Index: openssl-1.1.1e/include/openssl/ecerr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/include/openssl/ecerr.h 2020-03-20 13:03:13.831258131 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/ecerr.h 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_ECDSA_SIGN_EX 254
|
||||
# define EC_F_ECDSA_SIGN_SETUP 248
|
||||
# define EC_F_ECDSA_SIG_NEW 265
|
||||
+# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310
|
||||
+# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311
|
||||
+# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312
|
||||
# define EC_F_ECDSA_VERIFY 253
|
||||
# define EC_F_ECD_ITEM_VERIFY 270
|
||||
# define EC_F_ECKEY_PARAM2TYPE 223
|
||||
@@ -185,6 +188,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_O2I_ECPUBLICKEY 152
|
||||
# define EC_F_OLD_EC_PRIV_DECODE 222
|
||||
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
|
||||
+# define EC_F_OSSL_ECDSA_SIGN_SETUP 300
|
||||
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
|
||||
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
|
||||
# define EC_F_PKEY_ECD_CTRL 271
|
||||
@@ -212,6 +216,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_R_CANNOT_INVERT 165
|
||||
# define EC_R_COORDINATES_OUT_OF_RANGE 146
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
|
||||
+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
|
||||
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
|
||||
# define EC_R_DECODE_ERROR 142
|
26
openssl-FIPS-KAT-before-integrity-tests.patch
Normal file
26
openssl-FIPS-KAT-before-integrity-tests.patch
Normal file
@ -0,0 +1,26 @@
|
||||
Index: openssl-1.1.1l/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1l.orig/crypto/fips/fips.c
|
||||
+++ openssl-1.1.1l/crypto/fips/fips.c
|
||||
@@ -453,15 +453,17 @@ int FIPS_module_mode_set(int onoff)
|
||||
|
||||
fips_post = 1;
|
||||
|
||||
- if (!verify_checksums()) {
|
||||
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
+ /* Run the KATs before the HMAC verification for FIPS 140-3 compliance */
|
||||
+ if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
- if (!FIPS_selftest()) {
|
||||
+ /* Run the HMAC verification after the KATs for FIPS 140-3 compliance */
|
||||
+ if (!verify_checksums()) {
|
||||
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
57
openssl-Fix-9bf682f-which-broke-nistp224_method.patch
Normal file
57
openssl-Fix-9bf682f-which-broke-nistp224_method.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From 653b883b97f72a15d35d21246696881aa65311e2 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 15 Aug 2019 22:51:57 +0200
|
||||
Subject: [PATCH] Fix 9bf682f which broke nistp224_method
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9607)
|
||||
---
|
||||
crypto/ec/ecp_nistp224.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c 2020-01-23 13:45:11.104632265 +0100
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c 2020-01-23 13:45:11.208632883 +0100
|
||||
@@ -291,10 +291,10 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
||||
ec_key_simple_generate_public_key,
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
+ ecdh_simple_compute_key,
|
||||
ecdsa_simple_sign_setup,
|
||||
ecdsa_simple_sign_sig,
|
||||
ecdsa_simple_verify_sig,
|
||||
- ecdh_simple_compute_key,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/build.info 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/ec/build.info 2020-01-23 13:45:11.208632883 +0100
|
||||
@@ -20,6 +20,9 @@ GENERATE[ecp_nistz256-avx2.s]=asm/ecp_ni
|
||||
GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[ecp_nistz256-sparcv9.o]=..
|
||||
|
||||
+INCLUDE[ecp_s390x_nistp.o]=..
|
||||
+INCLUDE[ecx_meth.o]=..
|
||||
+
|
||||
GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[ecp_nistz256-armv4.o]=..
|
||||
GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
|
||||
Index: openssl-1.1.1d/include/openssl/ecerr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/ecerr.h 2020-01-23 13:45:11.108632290 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/ecerr.h 2020-01-23 13:45:11.208632883 +0100
|
||||
@@ -38,6 +38,8 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257
|
||||
# define EC_F_ECDSA_DO_SIGN_EX 251
|
||||
# define EC_F_ECDSA_DO_VERIFY 252
|
||||
+# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 313
|
||||
+# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 314
|
||||
# define EC_F_ECDSA_SIGN_EX 254
|
||||
# define EC_F_ECDSA_SIGN_SETUP 248
|
||||
# define EC_F_ECDSA_SIG_NEW 265
|
@ -0,0 +1,495 @@
|
||||
From 3d3a7ecd1ae5ab08d22041f7b3b035c34f12fa02 Mon Sep 17 00:00:00 2001
|
||||
From: Danny Tsen <dtsen@linux.ibm.com>
|
||||
Date: Tue, 22 Aug 2023 15:58:53 -0400
|
||||
Subject: [PATCH] Improve performance for 6x unrolling with vpermxor
|
||||
instruction
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21812)
|
||||
---
|
||||
crypto/aes/asm/aesp8-ppc.pl | 145 +++++++++++++++++++++++-------------
|
||||
1 file changed, 95 insertions(+), 50 deletions(-)
|
||||
|
||||
diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl
|
||||
index 60cf86f52aed2..38b9405a283b7 100755
|
||||
--- a/crypto/aes/asm/aesp8-ppc.pl
|
||||
+++ b/crypto/aes/asm/aesp8-ppc.pl
|
||||
@@ -99,11 +99,12 @@
|
||||
.long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev
|
||||
.long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev
|
||||
.long 0,0,0,0 ?asis
|
||||
+.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe
|
||||
Lconsts:
|
||||
mflr r0
|
||||
bcl 20,31,\$+4
|
||||
mflr $ptr #vvvvv "distance between . and rcon
|
||||
- addi $ptr,$ptr,-0x48
|
||||
+ addi $ptr,$ptr,-0x58
|
||||
mtlr r0
|
||||
blr
|
||||
.long 0
|
||||
@@ -2405,7 +2406,7 @@ ()
|
||||
my $key_=$key2;
|
||||
my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
|
||||
$x00=0 if ($flavour =~ /osx/);
|
||||
-my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5));
|
||||
+my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5));
|
||||
my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
|
||||
my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
|
||||
my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys
|
||||
@@ -2460,6 +2461,18 @@ ()
|
||||
li $x70,0x70
|
||||
mtspr 256,r0
|
||||
|
||||
+ # Reverse eighty7 to 0x010101..87
|
||||
+ xxlor 2, 32+$eighty7, 32+$eighty7
|
||||
+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
|
||||
+ xxlor 1, 32+$eighty7, 32+$eighty7
|
||||
+
|
||||
+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe
|
||||
+ mr $x70, r6
|
||||
+ bl Lconsts
|
||||
+ lxvw4x 0, $x40, r6 # load XOR contents
|
||||
+ mr r6, $x70
|
||||
+ li $x70,0x70
|
||||
+
|
||||
subi $rounds,$rounds,3 # -4 in total
|
||||
|
||||
lvx $rndkey0,$x00,$key1 # load key schedule
|
||||
@@ -2502,69 +2515,77 @@ ()
|
||||
?vperm v31,v31,$twk5,$keyperm
|
||||
lvx v25,$x10,$key_ # pre-load round[2]
|
||||
|
||||
+ # Switch to use the following codes with 0x010101..87 to generate tweak.
|
||||
+ # eighty7 = 0x010101..87
|
||||
+ # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits
|
||||
+ # vand tmp, tmp, eighty7 # last byte with carry
|
||||
+ # vaddubm tweak, tweak, tweak # left shift 1 bit (x2)
|
||||
+ # xxlor vsx, 0, 0
|
||||
+ # vpermxor tweak, tweak, tmp, vsx
|
||||
+
|
||||
vperm $in0,$inout,$inptail,$inpperm
|
||||
subi $inp,$inp,31 # undo "caller"
|
||||
vxor $twk0,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out0,$in0,$twk0
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in1, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in1
|
||||
|
||||
lvx_u $in1,$x10,$inp
|
||||
vxor $twk1,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in1,$in1,$in1,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out1,$in1,$twk1
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in2, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in2
|
||||
|
||||
lvx_u $in2,$x20,$inp
|
||||
andi. $taillen,$len,15
|
||||
vxor $twk2,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out2,$in2,$twk2
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in3, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in3
|
||||
|
||||
lvx_u $in3,$x30,$inp
|
||||
sub $len,$len,$taillen
|
||||
vxor $twk3,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out3,$in3,$twk3
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in4, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in4
|
||||
|
||||
lvx_u $in4,$x40,$inp
|
||||
subi $len,$len,0x60
|
||||
vxor $twk4,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in4,$in4,$in4,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out4,$in4,$twk4
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in5, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in5
|
||||
|
||||
lvx_u $in5,$x50,$inp
|
||||
addi $inp,$inp,0x60
|
||||
vxor $twk5,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in5,$in5,$in5,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out5,$in5,$twk5
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in0, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in0
|
||||
|
||||
vxor v31,v31,$rndkey0
|
||||
mtctr $rounds
|
||||
@@ -2590,6 +2611,8 @@ ()
|
||||
lvx v25,$x10,$key_ # round[4]
|
||||
bdnz Loop_xts_enc6x
|
||||
|
||||
+ xxlor 32+$eighty7, 1, 1 # 0x010101..87
|
||||
+
|
||||
subic $len,$len,96 # $len-=96
|
||||
vxor $in0,$twk0,v31 # xor with last round key
|
||||
vcipher $out0,$out0,v24
|
||||
@@ -2599,7 +2622,6 @@ ()
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vcipher $out2,$out2,v24
|
||||
vcipher $out3,$out3,v24
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out4,$out4,v24
|
||||
vcipher $out5,$out5,v24
|
||||
|
||||
@@ -2607,7 +2629,8 @@ ()
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vcipher $out0,$out0,v25
|
||||
vcipher $out1,$out1,v25
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in1, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in1
|
||||
vcipher $out2,$out2,v25
|
||||
vcipher $out3,$out3,v25
|
||||
vxor $in1,$twk1,v31
|
||||
@@ -2618,13 +2641,13 @@ ()
|
||||
|
||||
and r0,r0,$len
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out0,$out0,v26
|
||||
vcipher $out1,$out1,v26
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vcipher $out2,$out2,v26
|
||||
vcipher $out3,$out3,v26
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in2, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in2
|
||||
vcipher $out4,$out4,v26
|
||||
vcipher $out5,$out5,v26
|
||||
|
||||
@@ -2638,7 +2661,6 @@ ()
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vcipher $out0,$out0,v27
|
||||
vcipher $out1,$out1,v27
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out2,$out2,v27
|
||||
vcipher $out3,$out3,v27
|
||||
vand $tmp,$tmp,$eighty7
|
||||
@@ -2646,7 +2668,8 @@ ()
|
||||
vcipher $out5,$out5,v27
|
||||
|
||||
addi $key_,$sp,$FRAME+15 # rewind $key_
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in3, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in3
|
||||
vcipher $out0,$out0,v28
|
||||
vcipher $out1,$out1,v28
|
||||
vxor $in3,$twk3,v31
|
||||
@@ -2655,7 +2678,6 @@ ()
|
||||
vcipher $out2,$out2,v28
|
||||
vcipher $out3,$out3,v28
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out4,$out4,v28
|
||||
vcipher $out5,$out5,v28
|
||||
lvx v24,$x00,$key_ # re-pre-load round[1]
|
||||
@@ -2663,7 +2685,8 @@ ()
|
||||
|
||||
vcipher $out0,$out0,v29
|
||||
vcipher $out1,$out1,v29
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in4, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in4
|
||||
vcipher $out2,$out2,v29
|
||||
vcipher $out3,$out3,v29
|
||||
vxor $in4,$twk4,v31
|
||||
@@ -2673,14 +2696,14 @@ ()
|
||||
vcipher $out5,$out5,v29
|
||||
lvx v25,$x10,$key_ # re-pre-load round[2]
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
|
||||
vcipher $out0,$out0,v30
|
||||
vcipher $out1,$out1,v30
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vcipher $out2,$out2,v30
|
||||
vcipher $out3,$out3,v30
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in5, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in5
|
||||
vcipher $out4,$out4,v30
|
||||
vcipher $out5,$out5,v30
|
||||
vxor $in5,$twk5,v31
|
||||
@@ -2690,7 +2713,6 @@ ()
|
||||
vcipherlast $out0,$out0,$in0
|
||||
lvx_u $in0,$x00,$inp # load next input block
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipherlast $out1,$out1,$in1
|
||||
lvx_u $in1,$x10,$inp
|
||||
vcipherlast $out2,$out2,$in2
|
||||
@@ -2703,7 +2725,10 @@ ()
|
||||
vcipherlast $out4,$out4,$in4
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
lvx_u $in4,$x40,$inp
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 10, 32+$in0, 32+$in0
|
||||
+ xxlor 32+$in0, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in0
|
||||
+ xxlor 32+$in0, 10, 10
|
||||
vcipherlast $tmp,$out5,$in5 # last block might be needed
|
||||
# in stealing mode
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
@@ -2736,6 +2761,8 @@ ()
|
||||
mtctr $rounds
|
||||
beq Loop_xts_enc6x # did $len-=96 borrow?
|
||||
|
||||
+ xxlor 32+$eighty7, 2, 2 # 0x870101..01
|
||||
+
|
||||
addic. $len,$len,0x60
|
||||
beq Lxts_enc6x_zero
|
||||
cmpwi $len,0x20
|
||||
@@ -3112,6 +3139,18 @@ ()
|
||||
li $x70,0x70
|
||||
mtspr 256,r0
|
||||
|
||||
+ # Reverse eighty7 to 0x010101..87
|
||||
+ xxlor 2, 32+$eighty7, 32+$eighty7
|
||||
+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
|
||||
+ xxlor 1, 32+$eighty7, 32+$eighty7
|
||||
+
|
||||
+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe
|
||||
+ mr $x70, r6
|
||||
+ bl Lconsts
|
||||
+ lxvw4x 0, $x40, r6 # load XOR contents
|
||||
+ mr r6, $x70
|
||||
+ li $x70,0x70
|
||||
+
|
||||
subi $rounds,$rounds,3 # -4 in total
|
||||
|
||||
lvx $rndkey0,$x00,$key1 # load key schedule
|
||||
@@ -3159,64 +3198,64 @@ ()
|
||||
vxor $twk0,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out0,$in0,$twk0
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in1, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in1
|
||||
|
||||
lvx_u $in1,$x10,$inp
|
||||
vxor $twk1,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in1,$in1,$in1,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out1,$in1,$twk1
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in2, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in2
|
||||
|
||||
lvx_u $in2,$x20,$inp
|
||||
andi. $taillen,$len,15
|
||||
vxor $twk2,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out2,$in2,$twk2
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in3, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in3
|
||||
|
||||
lvx_u $in3,$x30,$inp
|
||||
sub $len,$len,$taillen
|
||||
vxor $twk3,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out3,$in3,$twk3
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in4, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in4
|
||||
|
||||
lvx_u $in4,$x40,$inp
|
||||
subi $len,$len,0x60
|
||||
vxor $twk4,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in4,$in4,$in4,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out4,$in4,$twk4
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in5, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in5
|
||||
|
||||
lvx_u $in5,$x50,$inp
|
||||
addi $inp,$inp,0x60
|
||||
vxor $twk5,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in5,$in5,$in5,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out5,$in5,$twk5
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in0, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in0
|
||||
|
||||
vxor v31,v31,$rndkey0
|
||||
mtctr $rounds
|
||||
@@ -3242,6 +3281,8 @@ ()
|
||||
lvx v25,$x10,$key_ # round[4]
|
||||
bdnz Loop_xts_dec6x
|
||||
|
||||
+ xxlor 32+$eighty7, 1, 1
|
||||
+
|
||||
subic $len,$len,96 # $len-=96
|
||||
vxor $in0,$twk0,v31 # xor with last round key
|
||||
vncipher $out0,$out0,v24
|
||||
@@ -3251,7 +3292,6 @@ ()
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vncipher $out2,$out2,v24
|
||||
vncipher $out3,$out3,v24
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out4,$out4,v24
|
||||
vncipher $out5,$out5,v24
|
||||
|
||||
@@ -3259,7 +3299,8 @@ ()
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vncipher $out0,$out0,v25
|
||||
vncipher $out1,$out1,v25
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in1, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in1
|
||||
vncipher $out2,$out2,v25
|
||||
vncipher $out3,$out3,v25
|
||||
vxor $in1,$twk1,v31
|
||||
@@ -3270,13 +3311,13 @@ ()
|
||||
|
||||
and r0,r0,$len
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out0,$out0,v26
|
||||
vncipher $out1,$out1,v26
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vncipher $out2,$out2,v26
|
||||
vncipher $out3,$out3,v26
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in2, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in2
|
||||
vncipher $out4,$out4,v26
|
||||
vncipher $out5,$out5,v26
|
||||
|
||||
@@ -3290,7 +3331,6 @@ ()
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vncipher $out0,$out0,v27
|
||||
vncipher $out1,$out1,v27
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out2,$out2,v27
|
||||
vncipher $out3,$out3,v27
|
||||
vand $tmp,$tmp,$eighty7
|
||||
@@ -3298,7 +3338,8 @@ ()
|
||||
vncipher $out5,$out5,v27
|
||||
|
||||
addi $key_,$sp,$FRAME+15 # rewind $key_
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in3, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in3
|
||||
vncipher $out0,$out0,v28
|
||||
vncipher $out1,$out1,v28
|
||||
vxor $in3,$twk3,v31
|
||||
@@ -3307,7 +3348,6 @@ ()
|
||||
vncipher $out2,$out2,v28
|
||||
vncipher $out3,$out3,v28
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out4,$out4,v28
|
||||
vncipher $out5,$out5,v28
|
||||
lvx v24,$x00,$key_ # re-pre-load round[1]
|
||||
@@ -3315,7 +3355,8 @@ ()
|
||||
|
||||
vncipher $out0,$out0,v29
|
||||
vncipher $out1,$out1,v29
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in4, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in4
|
||||
vncipher $out2,$out2,v29
|
||||
vncipher $out3,$out3,v29
|
||||
vxor $in4,$twk4,v31
|
||||
@@ -3325,14 +3366,14 @@ ()
|
||||
vncipher $out5,$out5,v29
|
||||
lvx v25,$x10,$key_ # re-pre-load round[2]
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
|
||||
vncipher $out0,$out0,v30
|
||||
vncipher $out1,$out1,v30
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vncipher $out2,$out2,v30
|
||||
vncipher $out3,$out3,v30
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 32+$in5, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in5
|
||||
vncipher $out4,$out4,v30
|
||||
vncipher $out5,$out5,v30
|
||||
vxor $in5,$twk5,v31
|
||||
@@ -3342,7 +3383,6 @@ ()
|
||||
vncipherlast $out0,$out0,$in0
|
||||
lvx_u $in0,$x00,$inp # load next input block
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
- vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipherlast $out1,$out1,$in1
|
||||
lvx_u $in1,$x10,$inp
|
||||
vncipherlast $out2,$out2,$in2
|
||||
@@ -3355,7 +3395,10 @@ ()
|
||||
vncipherlast $out4,$out4,$in4
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
lvx_u $in4,$x40,$inp
|
||||
- vxor $tweak,$tweak,$tmp
|
||||
+ xxlor 10, 32+$in0, 32+$in0
|
||||
+ xxlor 32+$in0, 0, 0
|
||||
+ vpermxor $tweak, $tweak, $tmp, $in0
|
||||
+ xxlor 32+$in0, 10, 10
|
||||
vncipherlast $out5,$out5,$in5
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
lvx_u $in5,$x50,$inp
|
||||
@@ -3386,6 +3429,8 @@ ()
|
||||
mtctr $rounds
|
||||
beq Loop_xts_dec6x # did $len-=96 borrow?
|
||||
|
||||
+ xxlor 32+$eighty7, 2, 2
|
||||
+
|
||||
addic. $len,$len,0x60
|
||||
beq Lxts_dec6x_zero
|
||||
cmpwi $len,0x20
|
@ -0,0 +1,30 @@
|
||||
From 3ded2288a45d2cc3a27a1b08d29499cbcec52c0e Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Fri, 12 Jul 2019 13:47:32 +0200
|
||||
Subject: [PATCH 09207/10000] OPENSSL_s390xcap.pod: list msa9 facility bit
|
||||
(155)
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
|
||||
index e45da4467f..1f4ee85fdf 100644
|
||||
--- a/doc/man3/OPENSSL_s390xcap.pod
|
||||
+++ b/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -72,6 +72,7 @@ the numbering is continuous across 64-bit mask boundaries.
|
||||
#134 1<<57 vector packed decimal facility
|
||||
#135 1<<56 vector enhancements facility 1
|
||||
#146 1<<45 message-security assist extension 8
|
||||
+ #155 1<<36 message-security assist extension 9
|
||||
|
||||
kimd :
|
||||
# 1 1<<62 KIMD-SHA-1
|
||||
--
|
||||
2.24.0
|
||||
|
15
openssl-Skip_SHA1-test-in-FIPS-mode.patch
Normal file
15
openssl-Skip_SHA1-test-in-FIPS-mode.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Index: openssl-1.1.1w/test/recipes/20-test_dgst.t
|
||||
===================================================================
|
||||
--- openssl-1.1.1w.orig/test/recipes/20-test_dgst.t
|
||||
+++ openssl-1.1.1w/test/recipes/20-test_dgst.t
|
||||
@@ -104,8 +105,8 @@ SKIP: {
|
||||
}
|
||||
|
||||
SKIP: {
|
||||
- skip "dgst with engine is not supported by this OpenSSL build", 1
|
||||
- if disabled("engine") || disabled("dynamic-engine");
|
||||
+ skip "dgst with engine is not supported by this OpenSSL build or we are in FIPS mode", 1
|
||||
+ if disabled("engine") || disabled("dynamic-engine") || ($ENV{OPENSSL_FORCE_FIPS_MODE});
|
||||
|
||||
subtest "SHA1 generation by engine with `dgst` CLI" => sub {
|
||||
plan tests => 1;
|
311
openssl-assembly-pack-accelerate-scalar-multiplication.patch
Normal file
311
openssl-assembly-pack-accelerate-scalar-multiplication.patch
Normal file
@ -0,0 +1,311 @@
|
||||
From 1461e66706f24da657d7322706d1165ae515533f Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 9 Jul 2019 10:25:04 +0200
|
||||
Subject: [PATCH 09204/10000] s390x assembly pack: accelerate scalar
|
||||
multiplication
|
||||
|
||||
for NIST P-256, P-384 and P-521 using PCC instruction.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/build.info | 3 +-
|
||||
crypto/ec/ec_curve.c | 42 +++++---
|
||||
crypto/ec/ec_local.h | 5 +
|
||||
crypto/ec/ecp_s390x_nistp.c | 197 ++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 234 insertions(+), 13 deletions(-)
|
||||
create mode 100644 crypto/ec/ecp_s390x_nistp.c
|
||||
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_curve.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_curve.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_curve.c
|
||||
@@ -2829,16 +2829,25 @@ static const ec_list_element curve_list[
|
||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||
"SECG curve over a 256 bit prime field"},
|
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
|
||||
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
|
||||
+# if defined(S390X_NISTP_ASM)
|
||||
+ EC_GFp_s390x_nistp384_method,
|
||||
+# else
|
||||
+ 0,
|
||||
+# endif
|
||||
"NIST/SECG curve over a 384 bit prime field"},
|
||||
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
|
||||
- "NIST/SECG curve over a 521 bit prime field"},
|
||||
+
|
||||
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
|
||||
+# if defined(S390X_NISTP_ASM)
|
||||
+ EC_GFp_s390x_nistp521_method,
|
||||
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
+ EC_GFp_nistp521_method,
|
||||
#else
|
||||
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
|
||||
- "NIST/SECG curve over a 521 bit prime field"},
|
||||
+ 0,
|
||||
#endif
|
||||
- /* X9.62 curves */
|
||||
+ "NIST/SECG curve over a 521 bit prime field"},
|
||||
+
|
||||
+ /* X9.62 curves */
|
||||
{NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
|
||||
"NIST/X9.62/SECG curve over a 192 bit prime field"},
|
||||
{NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
|
||||
@@ -2854,6 +2863,8 @@ static const ec_list_element curve_list[
|
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
||||
#if defined(ECP_NISTZ256_ASM)
|
||||
EC_GFp_nistz256_method,
|
||||
+# elif defined(S390X_NISTP_ASM)
|
||||
+ EC_GFp_s390x_nistp256_method,
|
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
EC_GFp_nistp256_method,
|
||||
#else
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_local.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_local.h
|
||||
@@ -587,6 +587,11 @@ int ec_group_simple_order_bits(const EC_
|
||||
*/
|
||||
const EC_METHOD *EC_GFp_nistz256_method(void);
|
||||
#endif
|
||||
+#ifdef S390X_NISTP_ASM
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp256_method(void);
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp384_method(void);
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp521_method(void);
|
||||
+#endif
|
||||
|
||||
size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
|
||||
unsigned char *buf, size_t len);
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
@@ -0,0 +1,197 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include "ec_local.h"
|
||||
+#include "s390x_arch.h"
|
||||
+
|
||||
+/* Size of parameter blocks */
|
||||
+#define S390X_SIZE_PARAM 4096
|
||||
+
|
||||
+/* Size of fields in parameter blocks */
|
||||
+#define S390X_SIZE_P256 32
|
||||
+#define S390X_SIZE_P384 48
|
||||
+#define S390X_SIZE_P521 80
|
||||
+
|
||||
+/* Offsets of fields in PCC parameter blocks */
|
||||
+#define S390X_OFF_RES_X(n) (0 * n)
|
||||
+#define S390X_OFF_RES_Y(n) (1 * n)
|
||||
+#define S390X_OFF_SRC_X(n) (2 * n)
|
||||
+#define S390X_OFF_SRC_Y(n) (3 * n)
|
||||
+#define S390X_OFF_SCALAR(n) (4 * n)
|
||||
+
|
||||
+static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
+ const BIGNUM *scalar,
|
||||
+ size_t num, const EC_POINT *points[],
|
||||
+ const BIGNUM *scalars[],
|
||||
+ BN_CTX *ctx, unsigned int fc, int len)
|
||||
+{
|
||||
+ unsigned char param[S390X_SIZE_PARAM];
|
||||
+ BIGNUM *x, *y;
|
||||
+ const EC_POINT *point_ptr = NULL;
|
||||
+ const BIGNUM *scalar_ptr = NULL;
|
||||
+ BN_CTX *new_ctx = NULL;
|
||||
+ int rc = -1;
|
||||
+
|
||||
+ if (ctx == NULL) {
|
||||
+ ctx = new_ctx = BN_CTX_new();
|
||||
+ if (ctx == NULL)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+
|
||||
+ x = BN_CTX_get(ctx);
|
||||
+ y = BN_CTX_get(ctx);
|
||||
+ if (x == NULL || y == NULL) {
|
||||
+ rc = 0;
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Use PCC for EC keygen and ECDH key derivation:
|
||||
+ * scalar * generator and scalar * peer public key,
|
||||
+ * scalar in [0,order).
|
||||
+ */
|
||||
+ if ((scalar != NULL && num == 0 && BN_is_negative(scalar) == 0)
|
||||
+ || (scalar == NULL && num == 1 && BN_is_negative(scalars[0]) == 0)) {
|
||||
+
|
||||
+ if (num == 0) {
|
||||
+ point_ptr = EC_GROUP_get0_generator(group);
|
||||
+ scalar_ptr = scalar;
|
||||
+ } else {
|
||||
+ point_ptr = points[0];
|
||||
+ scalar_ptr = scalars[0];
|
||||
+ }
|
||||
+
|
||||
+ if (EC_POINT_is_at_infinity(group, point_ptr) == 1
|
||||
+ || BN_is_zero(scalar_ptr)) {
|
||||
+ rc = EC_POINT_set_to_infinity(group, r);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ memset(¶m, 0, sizeof(param));
|
||||
+
|
||||
+ if (group->meth->point_get_affine_coordinates(group, point_ptr,
|
||||
+ x, y, ctx) != 1
|
||||
+ || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1
|
||||
+ || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1
|
||||
+ || BN_bn2binpad(scalar_ptr,
|
||||
+ param + S390X_OFF_SCALAR(len), len) == -1
|
||||
+ || s390x_pcc(fc, param) != 0
|
||||
+ || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL
|
||||
+ || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL
|
||||
+ || group->meth->point_set_affine_coordinates(group, r,
|
||||
+ x, y, ctx) != 1)
|
||||
+ goto ret;
|
||||
+
|
||||
+ rc = 1;
|
||||
+ }
|
||||
+
|
||||
+ret:
|
||||
+ /* Otherwise use default. */
|
||||
+ if (rc == -1)
|
||||
+ rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
|
||||
+ OPENSSL_cleanse(param, sizeof(param));
|
||||
+ BN_CTX_end(ctx);
|
||||
+ BN_CTX_free(new_ctx);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+#define EC_GFP_S390X_NISTP_METHOD(bits) \
|
||||
+ \
|
||||
+static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
+ EC_POINT *r, \
|
||||
+ const BIGNUM *scalar, \
|
||||
+ size_t num, \
|
||||
+ const EC_POINT *points[], \
|
||||
+ const BIGNUM *scalars[], \
|
||||
+ BN_CTX *ctx) \
|
||||
+{ \
|
||||
+ return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \
|
||||
+ scalars, ctx, \
|
||||
+ S390X_SCALAR_MULTIPLY_P##bits, \
|
||||
+ S390X_SIZE_P##bits); \
|
||||
+} \
|
||||
+ \
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
+{ \
|
||||
+ static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
|
||||
+ EC_FLAGS_DEFAULT_OCT, \
|
||||
+ NID_X9_62_prime_field, \
|
||||
+ ec_GFp_simple_group_init, \
|
||||
+ ec_GFp_simple_group_finish, \
|
||||
+ ec_GFp_simple_group_clear_finish, \
|
||||
+ ec_GFp_simple_group_copy, \
|
||||
+ ec_GFp_simple_group_set_curve, \
|
||||
+ ec_GFp_simple_group_get_curve, \
|
||||
+ ec_GFp_simple_group_get_degree, \
|
||||
+ ec_group_simple_order_bits, \
|
||||
+ ec_GFp_simple_group_check_discriminant, \
|
||||
+ ec_GFp_simple_point_init, \
|
||||
+ ec_GFp_simple_point_finish, \
|
||||
+ ec_GFp_simple_point_clear_finish, \
|
||||
+ ec_GFp_simple_point_copy, \
|
||||
+ ec_GFp_simple_point_set_to_infinity, \
|
||||
+ ec_GFp_simple_set_Jprojective_coordinates_GFp, \
|
||||
+ ec_GFp_simple_get_Jprojective_coordinates_GFp, \
|
||||
+ ec_GFp_simple_point_set_affine_coordinates, \
|
||||
+ ec_GFp_simple_point_get_affine_coordinates, \
|
||||
+ NULL, /* point_set_compressed_coordinates */ \
|
||||
+ NULL, /* point2oct */ \
|
||||
+ NULL, /* oct2point */ \
|
||||
+ ec_GFp_simple_add, \
|
||||
+ ec_GFp_simple_dbl, \
|
||||
+ ec_GFp_simple_invert, \
|
||||
+ ec_GFp_simple_is_at_infinity, \
|
||||
+ ec_GFp_simple_is_on_curve, \
|
||||
+ ec_GFp_simple_cmp, \
|
||||
+ ec_GFp_simple_make_affine, \
|
||||
+ ec_GFp_simple_points_make_affine, \
|
||||
+ ec_GFp_s390x_nistp##bits##_mul, \
|
||||
+ NULL, /* precompute_mult */ \
|
||||
+ NULL, /* have_precompute_mult */ \
|
||||
+ ec_GFp_simple_field_mul, \
|
||||
+ ec_GFp_simple_field_sqr, \
|
||||
+ NULL, /* field_div */ \
|
||||
+ ec_GFp_simple_field_inv, \
|
||||
+ NULL, /* field_encode */ \
|
||||
+ NULL, /* field_decode */ \
|
||||
+ NULL, /* field_set_to_one */ \
|
||||
+ ec_key_simple_priv2oct, \
|
||||
+ ec_key_simple_oct2priv, \
|
||||
+ NULL, /* set_private */ \
|
||||
+ ec_key_simple_generate_key, \
|
||||
+ ec_key_simple_check_key, \
|
||||
+ ec_key_simple_generate_public_key, \
|
||||
+ NULL, /* keycopy */ \
|
||||
+ NULL, /* keyfinish */ \
|
||||
+ ecdh_simple_compute_key, \
|
||||
+ NULL, /* field_inverse_mod_ord */ \
|
||||
+ ec_GFp_simple_blind_coordinates, \
|
||||
+ ec_GFp_simple_ladder_pre, \
|
||||
+ ec_GFp_simple_ladder_step, \
|
||||
+ ec_GFp_simple_ladder_post \
|
||||
+ }; \
|
||||
+ static const EC_METHOD *ret; \
|
||||
+ \
|
||||
+ if (OPENSSL_s390xcap_P.pcc[1] \
|
||||
+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
|
||||
+ ret = &EC_GFp_s390x_nistp##bits##_meth; \
|
||||
+ else \
|
||||
+ ret = EC_GFp_mont_method(); \
|
||||
+ \
|
||||
+ return ret; \
|
||||
+}
|
||||
+
|
||||
+EC_GFP_S390X_NISTP_METHOD(256)
|
||||
+EC_GFP_S390X_NISTP_METHOD(384)
|
||||
+EC_GFP_S390X_NISTP_METHOD(521)
|
||||
Index: openssl-1.1.1d/Configurations/00-base-templates.conf
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/Configurations/00-base-templates.conf
|
||||
+++ openssl-1.1.1d/Configurations/00-base-templates.conf
|
||||
@@ -289,6 +289,7 @@ my %targets=(
|
||||
template => 1,
|
||||
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
|
||||
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
|
||||
+ ec_asm_src => "ecp_s390x_nistp.c",
|
||||
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
|
||||
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
|
||||
rc4_asm_src => "rc4-s390x.s",
|
||||
Index: openssl-1.1.1d/Configure
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/Configure
|
||||
+++ openssl-1.1.1d/Configure
|
||||
@@ -1400,6 +1400,9 @@ unless ($disabled{asm}) {
|
||||
if ($target{ec_asm_src} =~ /x25519/) {
|
||||
push @{$config{lib_defines}}, "X25519_ASM";
|
||||
}
|
||||
+ if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) {
|
||||
+ push @{$config{lib_defines}}, "S390X_NISTP_ASM";
|
||||
+ }
|
||||
if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
|
||||
push @{$config{dso_defines}}, "PADLOCK_ASM";
|
||||
}
|
16
openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
Normal file
16
openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
crypto/evp/e_aes.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
--- a/crypto/evp/e_aes.c
|
||||
+++ b/crypto/evp/e_aes.c
|
||||
@@ -2742,6 +2742,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX
|
||||
{
|
||||
EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
|
||||
|
||||
+ if (!len)
|
||||
+ return 1;
|
||||
+
|
||||
if (dat->stream.cbc)
|
||||
(*dat->stream.cbc) (in, out, len, &dat->ks,
|
||||
EVP_CIPHER_CTX_iv_noconst(ctx),
|
2197
openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
Normal file
2197
openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,65 @@
|
||||
From 3e47a286dc3274bda72a196c3a4030a1fc8302f1 Mon Sep 17 00:00:00 2001
|
||||
From: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||
Date: Fri, 23 Jun 2023 16:41:48 +1000
|
||||
Subject: [PATCH] ec: Use static linkage on nistp521 felem_{square,mul}
|
||||
wrappers
|
||||
|
||||
Runtime selection of implementations for felem_{square,mul} depends on
|
||||
felem_{square,mul}_wrapper functions, which overwrite function points in
|
||||
a similar design to that of .plt.got sections used by program loaders
|
||||
during dynamic linking.
|
||||
|
||||
There's no reason why these functions need to have external linkage.
|
||||
Mark static.
|
||||
|
||||
Signed-off-by: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||
Reviewed-by: Todd Short <todd.short@me.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21471)
|
||||
---
|
||||
crypto/ec/ecp_nistp521.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
|
||||
index 97815cac1f13..32a9268ecf17 100644
|
||||
--- a/crypto/ec/ecp_nistp521.c
|
||||
+++ b/crypto/ec/ecp_nistp521.c
|
||||
@@ -676,8 +676,8 @@ static void felem_reduce(felem out, const largefelem in)
|
||||
}
|
||||
|
||||
#if defined(ECP_NISTP521_ASM)
|
||||
-void felem_square_wrapper(largefelem out, const felem in);
|
||||
-void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
|
||||
+static void felem_square_wrapper(largefelem out, const felem in);
|
||||
+static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
|
||||
|
||||
static void (*felem_square_p)(largefelem out, const felem in) =
|
||||
felem_square_wrapper;
|
||||
@@ -691,7 +691,7 @@ void p521_felem_mul(largefelem out, const felem in1, const felem in2);
|
||||
# include "../ppc_arch.h"
|
||||
# endif
|
||||
|
||||
-void felem_select(void)
|
||||
+static void felem_select(void)
|
||||
{
|
||||
# if defined(_ARCH_PPC64)
|
||||
if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
|
||||
@@ -707,13 +707,13 @@ void felem_select(void)
|
||||
felem_mul_p = felem_mul_ref;
|
||||
}
|
||||
|
||||
-void felem_square_wrapper(largefelem out, const felem in)
|
||||
+static void felem_square_wrapper(largefelem out, const felem in)
|
||||
{
|
||||
felem_select();
|
||||
felem_square_p(out, in);
|
||||
}
|
||||
|
||||
-void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
|
||||
+static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
|
||||
{
|
||||
felem_select();
|
||||
felem_mul_p(out, in1, in2);
|
@ -0,0 +1,410 @@
|
||||
From 966047ee13188e8634af25af348940acceb9316d Mon Sep 17 00:00:00 2001
|
||||
From: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||
Date: Wed, 31 May 2023 14:32:26 +1000
|
||||
Subject: [PATCH] ec: powerpc64le: Add asm implementation of felem_{square,mul}
|
||||
|
||||
Add an assembly implementation of felem_{square,mul}, which will be
|
||||
implemented whenever Altivec support is present and the core implements
|
||||
ISA 3.0 (Power 9) or greater.
|
||||
|
||||
Signed-off-by: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||
Reviewed-by: Todd Short <todd.short@me.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21471)
|
||||
---
|
||||
crypto/ec/asm/ecp_nistp384-ppc64.pl | 355 ++++++++++++++++++++++++++++++++++++
|
||||
crypto/ec/build.info | 2
|
||||
crypto/ec/ecp_nistp384.c | 9
|
||||
3 files changed, 366 insertions(+)
|
||||
create mode 100755 crypto/ec/asm/ecp_nistp384-ppc64.pl
|
||||
|
||||
--- /dev/null
|
||||
+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
|
||||
@@ -0,0 +1,355 @@
|
||||
+#! /usr/bin/env perl
|
||||
+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+#
|
||||
+# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+# this file except in compliance with the License. You can obtain a copy
|
||||
+# in the file LICENSE in the source distribution or at
|
||||
+# https://www.openssl.org/source/license.html
|
||||
+#
|
||||
+# ====================================================================
|
||||
+# Written by Rohan McLure <rmclure@linux.ibm.com> for the OpenSSL
|
||||
+# project.
|
||||
+# ====================================================================
|
||||
+#
|
||||
+# p384 lower-level primitives for PPC64 using vector instructions.
|
||||
+#
|
||||
+
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+
|
||||
+my $flavour = shift;
|
||||
+my $output = "";
|
||||
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
|
||||
+if (!$output) {
|
||||
+ $output = "-";
|
||||
+}
|
||||
+
|
||||
+my ($xlate, $dir);
|
||||
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
|
||||
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
|
||||
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
|
||||
+die "can't locate ppc-xlate.pl";
|
||||
+
|
||||
+open OUT,"| \"$^X\" $xlate $flavour $output";
|
||||
+*STDOUT=*OUT;
|
||||
+
|
||||
+my $code = "";
|
||||
+
|
||||
+my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
|
||||
+
|
||||
+my $vzero = "v32";
|
||||
+
|
||||
+sub startproc($)
|
||||
+{
|
||||
+ my ($name) = @_;
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ .globl ${name}
|
||||
+ .align 5
|
||||
+${name}:
|
||||
+
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+sub endproc($)
|
||||
+{
|
||||
+ my ($name) = @_;
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ blr
|
||||
+ .size ${name},.-${name}
|
||||
+
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+
|
||||
+sub push_vrs($$)
|
||||
+{
|
||||
+ my ($min, $max) = @_;
|
||||
+
|
||||
+ my $count = $max - $min + 1;
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ mr $savesp,$sp
|
||||
+ stdu $sp,-16*`$count+1`($sp)
|
||||
+
|
||||
+___
|
||||
+ for (my $i = $min; $i <= $max; $i++) {
|
||||
+ my $mult = $max - $i + 1;
|
||||
+ $code.=<<___;
|
||||
+ stxv $i,-16*$mult($savesp)
|
||||
+___
|
||||
+
|
||||
+ }
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+sub pop_vrs($$)
|
||||
+{
|
||||
+ my ($min, $max) = @_;
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ ld $savesp,0($sp)
|
||||
+___
|
||||
+ for (my $i = $min; $i <= $max; $i++) {
|
||||
+ my $mult = $max - $i + 1;
|
||||
+ $code.=<<___;
|
||||
+ lxv $i,-16*$mult($savesp)
|
||||
+___
|
||||
+ }
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ mr $sp,$savesp
|
||||
+
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+sub load_vrs($$)
|
||||
+{
|
||||
+ my ($pointer, $reg_list) = @_;
|
||||
+
|
||||
+ for (my $i = 0; $i <= 6; $i++) {
|
||||
+ my $offset = $i * 8;
|
||||
+ $code.=<<___;
|
||||
+ lxsd $reg_list->[$i],$offset($pointer)
|
||||
+___
|
||||
+ }
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+sub store_vrs($$)
|
||||
+{
|
||||
+ my ($pointer, $reg_list) = @_;
|
||||
+
|
||||
+ for (my $i = 0; $i <= 12; $i++) {
|
||||
+ my $offset = $i * 16;
|
||||
+ $code.=<<___;
|
||||
+ stxv $reg_list->[$i],$offset($pointer)
|
||||
+___
|
||||
+ }
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+$code.=<<___;
|
||||
+.machine "any"
|
||||
+.text
|
||||
+
|
||||
+___
|
||||
+
|
||||
+{
|
||||
+ # mul/square common
|
||||
+ my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
|
||||
+ my ($zero, $one) = ("r8", "r9");
|
||||
+ my $out = "v51";
|
||||
+
|
||||
+ {
|
||||
+ #
|
||||
+ # p384_felem_mul
|
||||
+ #
|
||||
+
|
||||
+ my ($in1p, $in2p) = ("r4", "r5");
|
||||
+ my @in1 = map("v$_",(44..50));
|
||||
+ my @in2 = map("v$_",(35..41));
|
||||
+
|
||||
+ startproc("p384_felem_mul");
|
||||
+
|
||||
+ push_vrs(52, 63);
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ vspltisw $vzero,0
|
||||
+
|
||||
+___
|
||||
+
|
||||
+ load_vrs($in1p, \@in1);
|
||||
+ load_vrs($in2p, \@in2);
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ vmsumudm $out,$in1[0],$in2[0],$vzero
|
||||
+ stxv $out,0($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in1[0],$in1[1],0b00
|
||||
+ xxpermdi $t2,$in2[1],$in2[0],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ stxv $out,16($outp)
|
||||
+
|
||||
+ xxpermdi $t2,$in2[2],$in2[1],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$in1[2],$in2[0],$out
|
||||
+ stxv $out,32($outp)
|
||||
+
|
||||
+ xxpermdi $t2,$in2[1],$in2[0],0b00
|
||||
+ xxpermdi $t3,$in1[2],$in1[3],0b00
|
||||
+ xxpermdi $t4,$in2[3],$in2[2],0b00
|
||||
+ vmsumudm $out,$t1,$t4,$vzero
|
||||
+ vmsumudm $out,$t3,$t2,$out
|
||||
+ stxv $out,48($outp)
|
||||
+
|
||||
+ xxpermdi $t2,$in2[4],$in2[3],0b00
|
||||
+ xxpermdi $t4,$in2[2],$in2[1],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$t3,$t4,$out
|
||||
+ vmsumudm $out,$in1[4],$in2[0],$out
|
||||
+ stxv $out,64($outp)
|
||||
+
|
||||
+ xxpermdi $t2,$in2[5],$in2[4],0b00
|
||||
+ xxpermdi $t4,$in2[3],$in2[2],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$t3,$t4,$out
|
||||
+ xxpermdi $t4,$in2[1],$in2[0],0b00
|
||||
+ xxpermdi $t1,$in1[4],$in1[5],0b00
|
||||
+ vmsumudm $out,$t1,$t4,$out
|
||||
+ stxv $out,80($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in1[0],$in1[1],0b00
|
||||
+ xxpermdi $t2,$in2[6],$in2[5],0b00
|
||||
+ xxpermdi $t4,$in2[4],$in2[3],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$t3,$t4,$out
|
||||
+ xxpermdi $t2,$in2[2],$in2[1],0b00
|
||||
+ xxpermdi $t1,$in1[4],$in1[5],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$out
|
||||
+ vmsumudm $out,$in1[6],$in2[0],$out
|
||||
+ stxv $out,96($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in1[1],$in1[2],0b00
|
||||
+ xxpermdi $t2,$in2[6],$in2[5],0b00
|
||||
+ xxpermdi $t3,$in1[3],$in1[4],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$t3,$t4,$out
|
||||
+ xxpermdi $t3,$in2[2],$in2[1],0b00
|
||||
+ xxpermdi $t1,$in1[5],$in1[6],0b00
|
||||
+ vmsumudm $out,$t1,$t3,$out
|
||||
+ stxv $out,112($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in1[2],$in1[3],0b00
|
||||
+ xxpermdi $t3,$in1[4],$in1[5],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$t3,$t4,$out
|
||||
+ vmsumudm $out,$in1[6],$in2[2],$out
|
||||
+ stxv $out,128($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in1[3],$in1[4],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ xxpermdi $t1,$in1[5],$in1[6],0b00
|
||||
+ vmsumudm $out,$t1,$t4,$out
|
||||
+ stxv $out,144($outp)
|
||||
+
|
||||
+ vmsumudm $out,$t3,$t2,$vzero
|
||||
+ vmsumudm $out,$in1[6],$in2[4],$out
|
||||
+ stxv $out,160($outp)
|
||||
+
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ stxv $out,176($outp)
|
||||
+
|
||||
+ vmsumudm $out,$in1[6],$in2[6],$vzero
|
||||
+ stxv $out,192($outp)
|
||||
+___
|
||||
+
|
||||
+ endproc("p384_felem_mul");
|
||||
+ }
|
||||
+
|
||||
+ {
|
||||
+ #
|
||||
+ # p384_felem_square
|
||||
+ #
|
||||
+
|
||||
+ my ($inp) = ("r4");
|
||||
+ my @in = map("v$_",(44..50));
|
||||
+ my @inx2 = map("v$_",(35..41));
|
||||
+
|
||||
+ startproc("p384_felem_square");
|
||||
+
|
||||
+ push_vrs(52, 63);
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ vspltisw $vzero,0
|
||||
+
|
||||
+___
|
||||
+
|
||||
+ load_vrs($inp, \@in);
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ li $zero,0
|
||||
+ li $one,1
|
||||
+ mtvsrdd $t1,$one,$zero
|
||||
+___
|
||||
+
|
||||
+ for (my $i = 0; $i <= 6; $i++) {
|
||||
+ $code.=<<___;
|
||||
+ vsld $inx2[$i],$in[$i],$t1
|
||||
+___
|
||||
+ }
|
||||
+
|
||||
+ $code.=<<___;
|
||||
+ vmsumudm $out,$in[0],$in[0],$vzero
|
||||
+ stxv $out,0($outp)
|
||||
+
|
||||
+ vmsumudm $out,$in[0],$inx2[1],$vzero
|
||||
+ stxv $out,16($outp)
|
||||
+
|
||||
+ vmsumudm $out,$in[0],$inx2[2],$vzero
|
||||
+ vmsumudm $out,$in[1],$in[1],$out
|
||||
+ stxv $out,32($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in[0],$in[1],0b00
|
||||
+ xxpermdi $t2,$inx2[3],$inx2[2],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ stxv $out,48($outp)
|
||||
+
|
||||
+ xxpermdi $t4,$inx2[4],$inx2[3],0b00
|
||||
+ vmsumudm $out,$t1,$t4,$vzero
|
||||
+ vmsumudm $out,$in[2],$in[2],$out
|
||||
+ stxv $out,64($outp)
|
||||
+
|
||||
+ xxpermdi $t2,$inx2[5],$inx2[4],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$in[2],$inx2[3],$out
|
||||
+ stxv $out,80($outp)
|
||||
+
|
||||
+ xxpermdi $t2,$inx2[6],$inx2[5],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$in[2],$inx2[4],$out
|
||||
+ vmsumudm $out,$in[3],$in[3],$out
|
||||
+ stxv $out,96($outp)
|
||||
+
|
||||
+ xxpermdi $t3,$in[1],$in[2],0b00
|
||||
+ vmsumudm $out,$t3,$t2,$vzero
|
||||
+ vmsumudm $out,$in[3],$inx2[4],$out
|
||||
+ stxv $out,112($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in[2],$in[3],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ vmsumudm $out,$in[4],$in[4],$out
|
||||
+ stxv $out,128($outp)
|
||||
+
|
||||
+ xxpermdi $t1,$in[3],$in[4],0b00
|
||||
+ vmsumudm $out,$t1,$t2,$vzero
|
||||
+ stxv $out,144($outp)
|
||||
+
|
||||
+ vmsumudm $out,$in[4],$inx2[6],$vzero
|
||||
+ vmsumudm $out,$in[5],$in[5],$out
|
||||
+ stxv $out,160($outp)
|
||||
+
|
||||
+ vmsumudm $out,$in[5],$inx2[6],$vzero
|
||||
+ stxv $out,176($outp)
|
||||
+
|
||||
+ vmsumudm $out,$in[6],$in[6],$vzero
|
||||
+ stxv $out,192($outp)
|
||||
+___
|
||||
+
|
||||
+ endproc("p384_felem_square");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||
+print $code;
|
||||
+close STDOUT or die "error closing STDOUT: $!";
|
||||
--- a/crypto/ec/build.info
|
||||
+++ b/crypto/ec/build.info
|
||||
@@ -31,6 +31,8 @@ GENERATE[ecp_nistz256-armv8.S]=asm/ecp_n
|
||||
INCLUDE[ecp_nistz256-armv8.o]=..
|
||||
GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME)
|
||||
|
||||
+GENERATE[ecp_nistp384-ppc64.s]=asm/ecp_nistp384-ppc64.pl $(PERLASM_SCHEME)
|
||||
+INCLUDE[ecp_nistp384.o]=..
|
||||
GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl $(PERLASM_SCHEME)
|
||||
|
||||
GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME)
|
||||
--- a/crypto/ec/ecp_nistp384.c
|
||||
+++ b/crypto/ec/ecp_nistp384.c
|
||||
@@ -691,6 +691,15 @@ void p384_felem_mul(widefelem out, const
|
||||
|
||||
static void felem_select(void)
|
||||
{
|
||||
+# if defined(_ARCH_PPC64)
|
||||
+ if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
|
||||
+ felem_square_p = p384_felem_square;
|
||||
+ felem_mul_p = p384_felem_mul;
|
||||
+
|
||||
+ return;
|
||||
+ }
|
||||
+# endif
|
||||
+
|
||||
/* Default */
|
||||
felem_square_p = felem_square_ref;
|
||||
felem_mul_p = felem_mul_ref;
|
76
openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
Normal file
76
openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
Normal file
@ -0,0 +1,76 @@
|
||||
From 670e73d9084465384b11ef24802ca4a313e1d2f4 Mon Sep 17 00:00:00 2001
|
||||
From: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||
Date: Tue, 15 Aug 2023 15:20:20 +1000
|
||||
Subject: [PATCH] ecc: Remove extraneous parentheses in secp384r1
|
||||
|
||||
Substitutions in the felem_reduce() method feature unecessary
|
||||
parentheses, remove them.
|
||||
|
||||
Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com>
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21749)
|
||||
---
|
||||
crypto/ec/ecp_nistp384.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
|
||||
index 14f9530d07c6..ff68f9cc7ad0 100644
|
||||
--- a/crypto/ec/ecp_nistp384.c
|
||||
+++ b/crypto/ec/ecp_nistp384.c
|
||||
@@ -540,7 +540,7 @@ static void felem_reduce(felem out, const widefelem in)
|
||||
acc[7] += in[12] >> 8;
|
||||
acc[6] += (in[12] & 0xff) << 48;
|
||||
acc[6] -= in[12] >> 16;
|
||||
- acc[5] -= ((in[12] & 0xffff) << 40);
|
||||
+ acc[5] -= (in[12] & 0xffff) << 40;
|
||||
acc[6] += in[12] >> 48;
|
||||
acc[5] += (in[12] & 0xffffffffffff) << 8;
|
||||
|
||||
@@ -549,7 +549,7 @@ static void felem_reduce(felem out, const widefelem in)
|
||||
acc[6] += in[11] >> 8;
|
||||
acc[5] += (in[11] & 0xff) << 48;
|
||||
acc[5] -= in[11] >> 16;
|
||||
- acc[4] -= ((in[11] & 0xffff) << 40);
|
||||
+ acc[4] -= (in[11] & 0xffff) << 40;
|
||||
acc[5] += in[11] >> 48;
|
||||
acc[4] += (in[11] & 0xffffffffffff) << 8;
|
||||
|
||||
@@ -558,7 +558,7 @@ static void felem_reduce(felem out, const widefelem in)
|
||||
acc[5] += in[10] >> 8;
|
||||
acc[4] += (in[10] & 0xff) << 48;
|
||||
acc[4] -= in[10] >> 16;
|
||||
- acc[3] -= ((in[10] & 0xffff) << 40);
|
||||
+ acc[3] -= (in[10] & 0xffff) << 40;
|
||||
acc[4] += in[10] >> 48;
|
||||
acc[3] += (in[10] & 0xffffffffffff) << 8;
|
||||
|
||||
@@ -567,7 +567,7 @@ static void felem_reduce(felem out, const widefelem in)
|
||||
acc[4] += in[9] >> 8;
|
||||
acc[3] += (in[9] & 0xff) << 48;
|
||||
acc[3] -= in[9] >> 16;
|
||||
- acc[2] -= ((in[9] & 0xffff) << 40);
|
||||
+ acc[2] -= (in[9] & 0xffff) << 40;
|
||||
acc[3] += in[9] >> 48;
|
||||
acc[2] += (in[9] & 0xffffffffffff) << 8;
|
||||
|
||||
@@ -582,7 +582,7 @@ static void felem_reduce(felem out, const widefelem in)
|
||||
acc[3] += acc[8] >> 8;
|
||||
acc[2] += (acc[8] & 0xff) << 48;
|
||||
acc[2] -= acc[8] >> 16;
|
||||
- acc[1] -= ((acc[8] & 0xffff) << 40);
|
||||
+ acc[1] -= (acc[8] & 0xffff) << 40;
|
||||
acc[2] += acc[8] >> 48;
|
||||
acc[1] += (acc[8] & 0xffffffffffff) << 8;
|
||||
|
||||
@@ -591,7 +591,7 @@ static void felem_reduce(felem out, const widefelem in)
|
||||
acc[2] += acc[7] >> 8;
|
||||
acc[1] += (acc[7] & 0xff) << 48;
|
||||
acc[1] -= acc[7] >> 16;
|
||||
- acc[0] -= ((acc[7] & 0xffff) << 40);
|
||||
+ acc[0] -= (acc[7] & 0xffff) << 40;
|
||||
acc[1] += acc[7] >> 48;
|
||||
acc[0] += (acc[7] & 0xffffffffffff) << 8;
|
||||
|
82
openssl-fips-DH_selftest_shared_secret_KAT.patch
Normal file
82
openssl-fips-DH_selftest_shared_secret_KAT.patch
Normal file
@ -0,0 +1,82 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips_dh_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips_dh_selftest.c 2020-09-08 20:40:41.313074570 +0200
|
||||
+++ openssl-1.1.1d/crypto/fips/fips_dh_selftest.c 2020-09-08 20:41:05.337219024 +0200
|
||||
@@ -119,6 +119,41 @@ static const unsigned char dh_test_2048_
|
||||
0xEC, 0x55, 0xF6, 0xCC
|
||||
};
|
||||
|
||||
+static const unsigned char dh_test_2048_shared_secret[] = {
|
||||
+ 0x62, 0x68, 0x15, 0xbd, 0xc4, 0x9a, 0x3c, 0xfc,
|
||||
+ 0xda, 0x5d, 0xc5, 0x81, 0xc9, 0xe7, 0x1b, 0xbb,
|
||||
+ 0x94, 0x19, 0xb0, 0x5d, 0x95, 0xc3, 0x98, 0xd0,
|
||||
+ 0xc6, 0x8b, 0x05, 0x34, 0xa5, 0xe2, 0xe4, 0xa8,
|
||||
+ 0x7c, 0x4b, 0x7c, 0x41, 0xf9, 0x6d, 0xc1, 0xcc,
|
||||
+ 0x6e, 0xb6, 0x34, 0xe1, 0x71, 0xc3, 0x00, 0x03,
|
||||
+ 0x06, 0x08, 0x1d, 0x90, 0x88, 0x3c, 0x5d, 0x14,
|
||||
+ 0x2d, 0x56, 0xac, 0x78, 0x83, 0xd6, 0xe9, 0x7c,
|
||||
+ 0x6c, 0x34, 0xdf, 0xe0, 0x98, 0x14, 0xaa, 0xbe,
|
||||
+ 0x3b, 0x83, 0xc5, 0xd1, 0xac, 0xec, 0xa6, 0x0b,
|
||||
+ 0xc1, 0x94, 0x8d, 0x42, 0x3f, 0xb8, 0x63, 0xef,
|
||||
+ 0xb1, 0x1b, 0x60, 0x4f, 0xfa, 0xfa, 0xbb, 0x57,
|
||||
+ 0x28, 0x27, 0x4d, 0x78, 0xa4, 0x3d, 0x7a, 0xd8,
|
||||
+ 0xab, 0x2e, 0x7d, 0x8b, 0xd3, 0xa9, 0x78, 0x74,
|
||||
+ 0xfe, 0x3a, 0x08, 0x5f, 0xe3, 0xf5, 0x5a, 0xfa,
|
||||
+ 0xa6, 0x93, 0x67, 0xea, 0xae, 0x5e, 0xd6, 0xc5,
|
||||
+ 0xa1, 0xab, 0x0a, 0x1e, 0x78, 0xe7, 0xdd, 0xbc,
|
||||
+ 0xae, 0xb7, 0x3e, 0x7d, 0x8b, 0xd8, 0x66, 0x92,
|
||||
+ 0x38, 0x1b, 0x96, 0xeb, 0xcb, 0xcb, 0x6a, 0xcc,
|
||||
+ 0xd8, 0x42, 0x80, 0x66, 0xa9, 0xa2, 0x75, 0xeb,
|
||||
+ 0xe4, 0x79, 0x11, 0x7a, 0xca, 0x84, 0x77, 0x7a,
|
||||
+ 0xe6, 0xe2, 0x13, 0xb1, 0x90, 0xd3, 0x0f, 0x87,
|
||||
+ 0x2a, 0x0f, 0xf5, 0x17, 0x61, 0x15, 0x05, 0x31,
|
||||
+ 0x5f, 0xdf, 0xb4, 0x8e, 0xf3, 0x21, 0x27, 0x6a,
|
||||
+ 0x69, 0xdc, 0x52, 0x79, 0x64, 0x51, 0x1f, 0xc0,
|
||||
+ 0xed, 0x55, 0x57, 0xd9, 0x5c, 0x6f, 0xdb, 0xaa,
|
||||
+ 0x08, 0x44, 0xb9, 0x71, 0x71, 0x15, 0x27, 0xe8,
|
||||
+ 0xe9, 0x42, 0x78, 0xc1, 0xc4, 0xc0, 0xbd, 0x28,
|
||||
+ 0x23, 0xa1, 0x30, 0x57, 0xf0, 0x2e, 0x24, 0xf0,
|
||||
+ 0x34, 0x17, 0x97, 0x1c, 0x4c, 0x2a, 0x98, 0x76,
|
||||
+ 0x3d, 0x50, 0x7f, 0x32, 0xa2, 0x25, 0x94, 0x9e,
|
||||
+ 0x1e, 0xbc, 0x97, 0x96, 0xd6, 0x14, 0x61, 0x5b
|
||||
+};
|
||||
+
|
||||
int FIPS_selftest_dh()
|
||||
{
|
||||
DH *dh = NULL;
|
||||
@@ -127,6 +162,7 @@ int FIPS_selftest_dh()
|
||||
int len;
|
||||
BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL;
|
||||
const BIGNUM *pub_key;
|
||||
+ unsigned char *shared_secret = NULL;
|
||||
|
||||
fips_load_key_component(p, dh_test_2048);
|
||||
fips_load_key_component(g, dh_test_2048);
|
||||
@@ -162,6 +198,19 @@ int FIPS_selftest_dh()
|
||||
memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0)
|
||||
goto err;
|
||||
|
||||
+ /* Shared secret KAT test */
|
||||
+ len = DH_size(dh);
|
||||
+ if ((shared_secret = OPENSSL_malloc(len)) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ if ((len = DH_compute_key(shared_secret, pub_key, dh)) == -1)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (len != sizeof(dh_test_2048_shared_secret) ||
|
||||
+ (memcmp(shared_secret, dh_test_2048_shared_secret, len) != 0)) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
@@ -175,6 +224,7 @@ int FIPS_selftest_dh()
|
||||
}
|
||||
|
||||
OPENSSL_free(pub_key_bin);
|
||||
+ OPENSSL_free(shared_secret);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
347
openssl-fips-add-SHA3-selftest.patch
Normal file
347
openssl-fips-add-SHA3-selftest.patch
Normal file
@ -0,0 +1,347 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips_hmac_selftest.c
|
||||
+++ openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c
|
||||
@@ -55,12 +55,23 @@
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
+
|
||||
+#define MAX_SHA3_KEY_LENGTH 200
|
||||
+
|
||||
typedef struct {
|
||||
const EVP_MD *(*alg) (void);
|
||||
const char *key, *iv;
|
||||
unsigned char kaval[EVP_MAX_MD_SIZE];
|
||||
} HMAC_KAT;
|
||||
|
||||
+typedef struct {
|
||||
+ const EVP_MD *(*alg) (void);
|
||||
+ unsigned char key[MAX_SHA3_KEY_LENGTH];
|
||||
+ size_t keylen; /* strlen() doesn't work with NIST test vector keys */
|
||||
+ const char *iv;
|
||||
+ unsigned char kaval[EVP_MAX_MD_SIZE];
|
||||
+} HMAC_KAT_SHA3;
|
||||
+
|
||||
static const HMAC_KAT vector[] = {
|
||||
{EVP_sha1,
|
||||
/* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
|
||||
@@ -111,6 +122,289 @@ static const HMAC_KAT vector[] = {
|
||||
},
|
||||
};
|
||||
|
||||
+static const HMAC_KAT_SHA3 vector_SHA3[] = {
|
||||
+ /* using SHA3-224 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-224.pdf */
|
||||
+ {EVP_sha3_224,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b},
|
||||
+ 0x1c,
|
||||
+ "Sample message for keylen<blocklen",
|
||||
+ {0x33, 0x2c, 0xfd, 0x59, 0x34, 0x7f, 0xdb, 0x8e,
|
||||
+ 0x57, 0x6e, 0x77, 0x26, 0x0b, 0xe4, 0xab, 0xa2,
|
||||
+ 0xd6, 0xdc, 0x53, 0x11, 0x7b, 0x3b, 0xfb, 0x52,
|
||||
+ 0xc6, 0xd1, 0x8c, 0x04}
|
||||
+ },
|
||||
+ {EVP_sha3_224,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
|
||||
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
|
||||
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
||||
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
|
||||
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f},
|
||||
+ 0x90,
|
||||
+ "Sample message for keylen=blocklen",
|
||||
+ {0xd8, 0xb7, 0x33, 0xbc, 0xf6, 0x6c, 0x64, 0x4a,
|
||||
+ 0x12, 0x32, 0x3d, 0x56, 0x4e, 0x24, 0xdc, 0xf3,
|
||||
+ 0xfc, 0x75, 0xf2, 0x31, 0xf3, 0xb6, 0x79, 0x68,
|
||||
+ 0x35, 0x91, 0x00, 0xc7}
|
||||
+ },
|
||||
+ {EVP_sha3_224,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
|
||||
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
|
||||
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
||||
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
|
||||
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
||||
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
|
||||
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
|
||||
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
|
||||
+ 0xa8, 0xa9, 0xaa, 0xab},
|
||||
+ 0xac,
|
||||
+ "Sample message for keylen>blocklen",
|
||||
+ {0x07, 0x86, 0x95, 0xee, 0xcc, 0x22, 0x7c, 0x63,
|
||||
+ 0x6a, 0xd3, 0x1d, 0x06, 0x3a, 0x15, 0xdd, 0x05,
|
||||
+ 0xa7, 0xe8, 0x19, 0xa6, 0x6e, 0xc6, 0xd8, 0xde,
|
||||
+ 0x1e, 0x19, 0x3e, 0x59},
|
||||
+ },
|
||||
+ /* using SHA3-256 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-256.pdf */
|
||||
+ {EVP_sha3_256,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
|
||||
+ 0x30,
|
||||
+ "Sample message for keylen<blocklen",
|
||||
+ {0x4f, 0xe8, 0xe2, 0x02, 0xc4, 0xf0, 0x58, 0xe8,
|
||||
+ 0xdd, 0xdc, 0x23, 0xd8, 0xc3, 0x4e, 0x46, 0x73,
|
||||
+ 0x43, 0xe2, 0x35, 0x55, 0xe2, 0x4f, 0xc2, 0xf0,
|
||||
+ 0x25, 0xd5, 0x98, 0xf5, 0x58, 0xf6, 0x72, 0x05}
|
||||
+ },
|
||||
+ {EVP_sha3_256,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
|
||||
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
|
||||
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
||||
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
|
||||
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87},
|
||||
+ 0x88,
|
||||
+ "Sample message for keylen=blocklen",
|
||||
+ {0x68, 0xb9, 0x4e, 0x2e, 0x53, 0x8a, 0x9b, 0xe4,
|
||||
+ 0x10, 0x3b, 0xeb, 0xb5, 0xaa, 0x01, 0x6d, 0x47,
|
||||
+ 0x96, 0x1d, 0x4d, 0x1a, 0xa9, 0x06, 0x06, 0x13,
|
||||
+ 0x13, 0xb5, 0x57, 0xf8, 0xaf, 0x2c, 0x3f, 0xaa},
|
||||
+ },
|
||||
+ {EVP_sha3_256,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
|
||||
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
|
||||
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
||||
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
|
||||
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
||||
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
|
||||
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
|
||||
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7},
|
||||
+ 0xa8,
|
||||
+ "Sample message for keylen>blocklen",
|
||||
+ {0x9b, 0xcf, 0x2c, 0x23, 0x8e, 0x23, 0x5c, 0x3c,
|
||||
+ 0xe8, 0x84, 0x04, 0xe8, 0x13, 0xbd, 0x2f, 0x3a,
|
||||
+ 0x97, 0x18, 0x5a, 0xc6, 0xf2, 0x38, 0xc6, 0x3d,
|
||||
+ 0x62, 0x29, 0xa0, 0x0b, 0x07, 0x97, 0x42, 0x58},
|
||||
+ },
|
||||
+ /* using SHA3-384 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-384.pdf */
|
||||
+ {EVP_sha3_384,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f},
|
||||
+ 0x30,
|
||||
+ "Sample message for keylen<blocklen",
|
||||
+ {0xd5, 0x88, 0xa3, 0xc5, 0x1f, 0x3f, 0x2d, 0x90,
|
||||
+ 0x6e, 0x82, 0x98, 0xc1, 0x19, 0x9a, 0xa8, 0xff,
|
||||
+ 0x62, 0x96, 0x21, 0x81, 0x27, 0xf6, 0xb3, 0x8a,
|
||||
+ 0x90, 0xb6, 0xaf, 0xe2, 0xc5, 0x61, 0x77, 0x25,
|
||||
+ 0xbc, 0x99, 0x98, 0x7f, 0x79, 0xb2, 0x2a, 0x55,
|
||||
+ 0x7b, 0x65, 0x20, 0xdb, 0x71, 0x0b, 0x7f, 0x42}
|
||||
+ },
|
||||
+ {EVP_sha3_384,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67},
|
||||
+ 0x68,
|
||||
+ "Sample message for keylen=blocklen",
|
||||
+ {0xa2, 0x7d, 0x24, 0xb5, 0x92, 0xe8, 0xc8, 0xcb,
|
||||
+ 0xf6, 0xd4, 0xce, 0x6f, 0xc5, 0xbf, 0x62, 0xd8,
|
||||
+ 0xfc, 0x98, 0xbf, 0x2d, 0x48, 0x66, 0x40, 0xd9,
|
||||
+ 0xeb, 0x80, 0x99, 0xe2, 0x40, 0x47, 0x83, 0x7f,
|
||||
+ 0x5f, 0x3b, 0xff, 0xbe, 0x92, 0xdc, 0xce, 0x90,
|
||||
+ 0xb4, 0xed, 0x5b, 0x1e, 0x7e, 0x44, 0xfa, 0x90},
|
||||
+ },
|
||||
+ {EVP_sha3_384,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
|
||||
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
|
||||
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
||||
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
|
||||
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
||||
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97},
|
||||
+ 0x98,
|
||||
+ "Sample message for keylen>blocklen",
|
||||
+ {0xe5, 0xae, 0x4c, 0x73, 0x9f, 0x45, 0x52, 0x79,
|
||||
+ 0x36, 0x8e, 0xbf, 0x36, 0xd4, 0xf5, 0x35, 0x4c,
|
||||
+ 0x95, 0xaa, 0x18, 0x4c, 0x89, 0x9d, 0x38, 0x70,
|
||||
+ 0xe4, 0x60, 0xeb, 0xc2, 0x88, 0xef, 0x1f, 0x94,
|
||||
+ 0x70, 0x05, 0x3f, 0x73, 0xf7, 0xc6, 0xda, 0x2a,
|
||||
+ 0x71, 0xbc, 0xae, 0xc3, 0x8c, 0xe7, 0xd6, 0xac},
|
||||
+ },
|
||||
+
|
||||
+
|
||||
+
|
||||
+ /* using SHA3-512 from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/HMAC_SHA3-512.pdf */
|
||||
+ {EVP_sha3_512,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
|
||||
+ 0x40,
|
||||
+ "Sample message for keylen<blocklen",
|
||||
+ {0x4e, 0xfd, 0x62, 0x9d, 0x6c, 0x71, 0xbf, 0x86,
|
||||
+ 0x16, 0x26, 0x58, 0xf2, 0x99, 0x43, 0xb1, 0xc3,
|
||||
+ 0x08, 0xce, 0x27, 0xcd, 0xfa, 0x6d, 0xb0, 0xd9,
|
||||
+ 0xc3, 0xce, 0x81, 0x76, 0x3f, 0x9c, 0xbc, 0xe5,
|
||||
+ 0xf7, 0xeb, 0xe9, 0x86, 0x80, 0x31, 0xdb, 0x1a,
|
||||
+ 0x8f, 0x8e, 0xb7, 0xb6, 0xb9, 0x5e, 0x5c, 0x5e,
|
||||
+ 0x3f, 0x65, 0x7a, 0x89, 0x96, 0xc8, 0x6a, 0x2f,
|
||||
+ 0x65, 0x27, 0xe3, 0x07, 0xf0, 0x21, 0x31, 0x96}
|
||||
+ },
|
||||
+ {EVP_sha3_512,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47},
|
||||
+ 0x48,
|
||||
+ "Sample message for keylen=blocklen",
|
||||
+ {0x54, 0x4e, 0x25, 0x7e, 0xa2, 0xa3, 0xe5, 0xea,
|
||||
+ 0x19, 0xa5, 0x90, 0xe6, 0xa2, 0x4b, 0x72, 0x4c,
|
||||
+ 0xe6, 0x32, 0x77, 0x57, 0x72, 0x3f, 0xe2, 0x75,
|
||||
+ 0x1b, 0x75, 0xbf, 0x00, 0x7d, 0x80, 0xf6, 0xb3,
|
||||
+ 0x60, 0x74, 0x4b, 0xf1, 0xb7, 0xa8, 0x8e, 0xa5,
|
||||
+ 0x85, 0xf9, 0x76, 0x5b, 0x47, 0x91, 0x19, 0x76,
|
||||
+ 0xd3, 0x19, 0x1c, 0xf8, 0x3c, 0x03, 0x9f, 0x5f,
|
||||
+ 0xfa, 0xb0, 0xd2, 0x9c, 0xc9, 0xd9, 0xb6, 0xda},
|
||||
+ },
|
||||
+ {EVP_sha3_512,
|
||||
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
||||
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
|
||||
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
||||
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
|
||||
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
|
||||
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
||||
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
|
||||
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87},
|
||||
+ 0x88,
|
||||
+ "Sample message for keylen>blocklen",
|
||||
+ {0x5f, 0x46, 0x4f, 0x5e, 0x5b, 0x78, 0x48, 0xe3,
|
||||
+ 0x88, 0x5e, 0x49, 0xb2, 0xc3, 0x85, 0xf0, 0x69,
|
||||
+ 0x49, 0x85, 0xd0, 0xe3, 0x89, 0x66, 0x24, 0x2d,
|
||||
+ 0xc4, 0xa5, 0xfe, 0x3f, 0xea, 0x4b, 0x37, 0xd4,
|
||||
+ 0x6b, 0x65, 0xce, 0xce, 0xd5, 0xdc, 0xf5, 0x94,
|
||||
+ 0x38, 0xdd, 0x84, 0x0b, 0xab, 0x22, 0x26, 0x9f,
|
||||
+ 0x0b, 0xa7, 0xfe, 0xbd, 0xb9, 0xfc, 0xf7, 0x46,
|
||||
+ 0x02, 0xa3, 0x56, 0x66, 0xb2, 0xa3, 0x29, 0x15},
|
||||
+ },
|
||||
+};
|
||||
+
|
||||
+
|
||||
int FIPS_selftest_hmac()
|
||||
{
|
||||
int n;
|
||||
@@ -118,7 +412,9 @@ int FIPS_selftest_hmac()
|
||||
unsigned char out[EVP_MAX_MD_SIZE];
|
||||
const EVP_MD *md;
|
||||
const HMAC_KAT *t;
|
||||
+ const HMAC_KAT_SHA3 *t3;
|
||||
|
||||
+ /* SHA1 and SHA2 */
|
||||
for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
|
||||
md = (*t->alg) ();
|
||||
HMAC(md, t->key, strlen(t->key),
|
||||
@@ -128,6 +424,18 @@ int FIPS_selftest_hmac()
|
||||
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED);
|
||||
return 0;
|
||||
}
|
||||
+ }
|
||||
+
|
||||
+ /* SHA3 */
|
||||
+ for (n = 0, t3 = vector_SHA3; n < sizeof(vector_SHA3) / sizeof(vector_SHA3[0]); n++, t3++) {
|
||||
+ md = (*t3->alg) ();
|
||||
+ HMAC(md, t3->key, t3->keylen,
|
||||
+ (const unsigned char *)t3->iv, strlen(t3->iv), out, &outlen);
|
||||
+
|
||||
+ if (memcmp(out, t3->kaval, outlen)) {
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
return 1;
|
||||
}
|
12
openssl-fips-clearerror.patch
Normal file
12
openssl-fips-clearerror.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.1.1d/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.556634952 +0100
|
||||
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:11.572635047 +0100
|
||||
@@ -49,6 +49,7 @@ static void init_fips_mode(void)
|
||||
NONFIPS_selftest_check();
|
||||
/* drop down to non-FIPS mode if it is not requested */
|
||||
FIPS_mode_set(0);
|
||||
+ ERR_clear_error();
|
||||
} else {
|
||||
/* abort if selftest failed */
|
||||
FIPS_selftest_check();
|
22
openssl-fips-ignore_broken_atexit_test.patch
Normal file
22
openssl-fips-ignore_broken_atexit_test.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: openssl-1.1.1d/test/recipes/90-test_shlibload.t
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/recipes/90-test_shlibload.t 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/recipes/90-test_shlibload.t 2020-01-23 15:22:27.355814857 +0100
|
||||
@@ -23,7 +23,7 @@ plan skip_all => "Test is disabled on AI
|
||||
plan skip_all => "Test is disabled on VMS" if config('target') =~ m|^vms|;
|
||||
plan skip_all => "Test only supported in a dso build" if disabled("dso");
|
||||
|
||||
-plan tests => 10;
|
||||
+plan tests => 9;
|
||||
|
||||
# When libssl and libcrypto are compiled on Linux with "-rpath", but not
|
||||
# "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH,
|
||||
@@ -56,7 +56,7 @@ unlink $filename;
|
||||
($fh, $filename) = tempfile();
|
||||
ok(run(test(["shlibloadtest", "-no_atexit", $libcrypto, $libssl, $filename])),
|
||||
"running shlibloadtest -no_atexit $filename");
|
||||
-ok(!check_atexit($fh));
|
||||
+#ok(!check_atexit($fh));
|
||||
unlink $filename;
|
||||
|
||||
sub shlib {
|
103
openssl-fips-kdf-hkdf-selftest.patch
Normal file
103
openssl-fips-kdf-hkdf-selftest.patch
Normal file
@ -0,0 +1,103 @@
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
@@ -114,6 +114,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SSH), "FIPS_selftest_ssh"},
|
||||
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HKDF), "FIPS_selftest_hkdf"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
|
||||
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
@@ -16,6 +16,49 @@
|
||||
#include <openssl/kdf.h>
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
+
|
||||
+int FIPS_selftest_hkdf(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_KDF_CTX *kctx;
|
||||
+ unsigned char out[10];
|
||||
+
|
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
|
||||
+ "label", (size_t)5) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ {
|
||||
+ const unsigned char expected[sizeof(out)] = {
|
||||
+ 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
|
||||
+ };
|
||||
+ if (memcmp(out, expected, sizeof(expected))) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ ret = 1;
|
||||
+err:
|
||||
+ if (!ret)
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_HKDF, FIPS_R_SELFTEST_FAILED);
|
||||
+ EVP_KDF_CTX_free(kctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
int FIPS_selftest_pbkdf2(void)
|
||||
{
|
||||
int ret = 0;
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
@@ -110,6 +110,8 @@ int FIPS_selftest(void)
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_ssh())
|
||||
rv = 0;
|
||||
+ if (!FIPS_selftest_hkdf())
|
||||
+ rv = 0;
|
||||
|
||||
return rv;
|
||||
}
|
||||
Index: openssl-1.1.1m/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/openssl/fips.h
|
||||
+++ openssl-1.1.1m/include/openssl/fips.h
|
||||
@@ -127,6 +127,7 @@ extern "C" {
|
||||
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
||||
# define FIPS_F_FIPS_SELFTEST_TLS 153
|
||||
# define FIPS_F_FIPS_SELFTEST_SSH 154
|
||||
+# define FIPS_F_FIPS_SELFTEST_HKDF 155
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
||||
Index: openssl-1.1.1m/include/crypto/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
|
||||
+++ openssl-1.1.1m/include/crypto/fips_int.h
|
||||
@@ -79,6 +79,7 @@ int FIPS_selftest_cmac(void);
|
||||
int FIPS_selftest_pbkdf2(void);
|
||||
int FIPS_selftest_tls(void);
|
||||
int FIPS_selftest_ssh(void);
|
||||
+int FIPS_selftest_hkdf(void);
|
||||
|
||||
int fips_in_post(void);
|
||||
|
@ -0,0 +1,24 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.368633835 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:21.316692954 +0100
|
||||
@@ -454,15 +454,15 @@ int FIPS_module_mode_set(int onoff)
|
||||
|
||||
fips_post = 1;
|
||||
|
||||
- if (!FIPS_selftest()) {
|
||||
+ if (!verify_checksums()) {
|
||||
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
- if (!verify_checksums()) {
|
||||
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
+ if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
74
openssl-fips-selftests_in_nonfips_mode.patch
Normal file
74
openssl-fips-selftests_in_nonfips_mode.patch
Normal file
@ -0,0 +1,74 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.416634119 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:11.556634952 +0100
|
||||
@@ -486,6 +486,44 @@ int FIPS_module_mode_set(int onoff)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+/* In non-FIPS mode, the selftests must succeed if the
|
||||
+ * checksum files are present
|
||||
+ */
|
||||
+void NONFIPS_selftest_check(void)
|
||||
+{
|
||||
+ int rv;
|
||||
+ char *hmacpath;
|
||||
+ char path[PATH_MAX+1];
|
||||
+
|
||||
+ if (fips_selftest_fail)
|
||||
+ {
|
||||
+ /* check if the checksum files are installed */
|
||||
+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
|
||||
+ if (rv < 0)
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+
|
||||
+ hmacpath = make_hmac_path(path);
|
||||
+ if (hmacpath == NULL)
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+
|
||||
+ if (access(hmacpath, F_OK))
|
||||
+ {
|
||||
+ /* no hmac file is present, ignore the failed selftests */
|
||||
+ if (errno == ENOENT)
|
||||
+ {
|
||||
+ free(hmacpath);
|
||||
+ return;
|
||||
+ }
|
||||
+ /* we fail on any other error */
|
||||
+ }
|
||||
+ /* if the file exists, but the selftests failed
|
||||
+ (eg wrong checksum), we fail too */
|
||||
+ free(hmacpath);
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+ }
|
||||
+ /* otherwise ok, selftests were successful */
|
||||
+}
|
||||
+
|
||||
static CRYPTO_THREAD_ID fips_threadid;
|
||||
static int fips_thread_set = 0;
|
||||
|
||||
Index: openssl-1.1.1d/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.536634832 +0100
|
||||
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:17.000667299 +0100
|
||||
@@ -45,6 +45,8 @@ static void init_fips_mode(void)
|
||||
*/
|
||||
|
||||
if (buf[0] != '1') {
|
||||
+ /* abort if selftest failed and the module is complete */
|
||||
+ NONFIPS_selftest_check();
|
||||
/* drop down to non-FIPS mode if it is not requested */
|
||||
FIPS_mode_set(0);
|
||||
} else {
|
||||
Index: openssl-1.1.1d/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/fips.h 2020-01-23 13:45:11.344633691 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/fips.h 2020-01-23 13:45:11.556634952 +0100
|
||||
@@ -65,6 +65,7 @@ extern "C" {
|
||||
int FIPS_selftest(void);
|
||||
int FIPS_selftest_failed(void);
|
||||
int FIPS_selftest_drbg_all(void);
|
||||
+ void NONFIPS_selftest_check(void);
|
||||
|
||||
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
||||
const EVP_MD *evpmd, const unsigned char *seed_in,
|
20
openssl-fips_mode.patch
Normal file
20
openssl-fips_mode.patch
Normal file
@ -0,0 +1,20 @@
|
||||
Index: openssl-1.1.1d/apps/openssl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/apps/openssl.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/apps/openssl.c 2020-01-23 13:45:11.452634334 +0100
|
||||
@@ -151,8 +151,15 @@ int main(int argc, char *argv[])
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
if (getenv("OPENSSL_FIPS")) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ if (!FIPS_mode_set(1)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ return 1;
|
||||
+ }
|
||||
+#else
|
||||
BIO_printf(bio_err, "FIPS mode not supported.\n");
|
||||
return 1;
|
||||
+#endif
|
||||
}
|
||||
|
||||
if (!apps_startup()) {
|
1825
openssl-fips_selftest_upstream_drbg.patch
Normal file
1825
openssl-fips_selftest_upstream_drbg.patch
Normal file
File diff suppressed because it is too large
Load Diff
131
openssl-kdf-selftest.patch
Normal file
131
openssl-kdf-selftest.patch
Normal file
@ -0,0 +1,131 @@
|
||||
Index: openssl-1.1.1m/crypto/fips/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/build.info
|
||||
+++ openssl-1.1.1m/crypto/fips/build.info
|
||||
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
|
||||
fips_post.c drbgtest.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
||||
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
||||
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
||||
- fips_dh_selftest.c fips_ers.c
|
||||
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
|
||||
|
||||
PROGRAMS=\
|
||||
fips_standalone_hmac
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
@@ -0,0 +1,64 @@
|
||||
+/*
|
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/fips.h>
|
||||
+
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+int FIPS_selftest_pbkdf2(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_KDF_CTX *kctx;
|
||||
+ unsigned char out[32];
|
||||
+
|
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ {
|
||||
+ const unsigned char expected[sizeof(out)] = {
|
||||
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
|
||||
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
|
||||
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
|
||||
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
|
||||
+ };
|
||||
+ if (memcmp(out, expected, sizeof(expected))) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ ret = 1;
|
||||
+
|
||||
+err:
|
||||
+ if (!ret)
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
|
||||
+ EVP_KDF_CTX_free(kctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
@@ -104,6 +104,8 @@ int FIPS_selftest(void)
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_ecdh())
|
||||
rv = 0;
|
||||
+ if (!FIPS_selftest_pbkdf2())
|
||||
+ rv = 0;
|
||||
return rv;
|
||||
}
|
||||
|
||||
Index: openssl-1.1.1m/include/crypto/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
|
||||
+++ openssl-1.1.1m/include/crypto/fips_int.h
|
||||
@@ -76,6 +76,7 @@ void FIPS_drbg_stick(int onoff);
|
||||
int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
+int FIPS_selftest_pbkdf2(void);
|
||||
|
||||
int fips_in_post(void);
|
||||
|
||||
Index: openssl-1.1.1m/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/openssl/fips.h
|
||||
+++ openssl-1.1.1m/include/openssl/fips.h
|
||||
@@ -124,6 +124,7 @@ extern "C" {
|
||||
# define FIPS_F_FIPS_SELFTEST_DSA 112
|
||||
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
|
||||
# define FIPS_F_FIPS_SELFTEST_HMAC 113
|
||||
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
@@ -111,6 +111,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
|
||||
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
|
||||
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
|
122
openssl-kdf-ssh-selftest.patch
Normal file
122
openssl-kdf-ssh-selftest.patch
Normal file
@ -0,0 +1,122 @@
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
@@ -101,4 +101,68 @@ err:
|
||||
return ret;
|
||||
}
|
||||
|
||||
+int FIPS_selftest_ssh(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_KDF_CTX *kctx;
|
||||
+ unsigned char out[8];
|
||||
+
|
||||
+ /* Test data from NIST CAVS 14.1 test vectors */
|
||||
+ const unsigned char key[] = {
|
||||
+ 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
|
||||
+ 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
|
||||
+ 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
|
||||
+ 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
|
||||
+ 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
|
||||
+ 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
|
||||
+ 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
|
||||
+ 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
|
||||
+ 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
|
||||
+ 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
|
||||
+ 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
|
||||
+ 0x4e
|
||||
+ };
|
||||
+ const unsigned char xcghash[] = {
|
||||
+ 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
|
||||
+ 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
|
||||
+ 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
|
||||
+ };
|
||||
+ const unsigned char sessid[] = {
|
||||
+ 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
|
||||
+ 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
|
||||
+ 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
|
||||
+ };
|
||||
+ const unsigned char expected[sizeof(out)] = {
|
||||
+ 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
|
||||
+ };
|
||||
+
|
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) == NULL)
|
||||
+ goto err;
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
|
||||
+ goto err;
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, sizeof(key)) <= 0)
|
||||
+ goto err;
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, xcghash,
|
||||
+ sizeof(xcghash)) <= 0)
|
||||
+ goto err;
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, sessid,
|
||||
+ sizeof(sessid)) <= 0)
|
||||
+ goto err;
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
|
||||
+ (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV) <= 0)
|
||||
+ goto err;
|
||||
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
|
||||
+ goto err;
|
||||
+ if (memcmp(out, expected, sizeof(expected)))
|
||||
+ goto err;
|
||||
+
|
||||
+ ret = 1;
|
||||
+
|
||||
+ err:
|
||||
+ if (!ret)
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SSH, FIPS_R_SELFTEST_FAILED);
|
||||
+ EVP_KDF_CTX_free(kctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
@@ -108,6 +108,8 @@ int FIPS_selftest(void)
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_tls())
|
||||
rv = 0;
|
||||
+ if (!FIPS_selftest_ssh())
|
||||
+ rv = 0;
|
||||
|
||||
return rv;
|
||||
}
|
||||
Index: openssl-1.1.1m/include/crypto/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
|
||||
+++ openssl-1.1.1m/include/crypto/fips_int.h
|
||||
@@ -78,6 +78,7 @@ int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
int FIPS_selftest_pbkdf2(void);
|
||||
int FIPS_selftest_tls(void);
|
||||
+int FIPS_selftest_ssh(void);
|
||||
|
||||
int fips_in_post(void);
|
||||
|
||||
Index: openssl-1.1.1m/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/openssl/fips.h
|
||||
+++ openssl-1.1.1m/include/openssl/fips.h
|
||||
@@ -126,6 +126,7 @@ extern "C" {
|
||||
# define FIPS_F_FIPS_SELFTEST_HMAC 113
|
||||
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
||||
# define FIPS_F_FIPS_SELFTEST_TLS 153
|
||||
+# define FIPS_F_FIPS_SELFTEST_SSH 154
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
@@ -113,6 +113,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
|
||||
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SSH), "FIPS_selftest_ssh"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
|
||||
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
|
99
openssl-kdf-tls-selftest.patch
Normal file
99
openssl-kdf-tls-selftest.patch
Normal file
@ -0,0 +1,99 @@
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
||||
@@ -61,4 +61,44 @@ err:
|
||||
return ret;
|
||||
}
|
||||
|
||||
+int FIPS_selftest_tls(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_KDF_CTX *kctx;
|
||||
+ unsigned char out[16];
|
||||
+
|
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
|
||||
+ "secret", (size_t)6) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ {
|
||||
+ const unsigned char expected[sizeof(out)] = {
|
||||
+ 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
|
||||
+ 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
|
||||
+ };
|
||||
+ if (memcmp(out, expected, sizeof(expected))) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ ret = 1;
|
||||
+
|
||||
+err:
|
||||
+ if (!ret)
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_TLS, FIPS_R_SELFTEST_FAILED);
|
||||
+ EVP_KDF_CTX_free(kctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_post.c
|
||||
@@ -106,6 +106,9 @@ int FIPS_selftest(void)
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_pbkdf2())
|
||||
rv = 0;
|
||||
+ if (!FIPS_selftest_tls())
|
||||
+ rv = 0;
|
||||
+
|
||||
return rv;
|
||||
}
|
||||
|
||||
Index: openssl-1.1.1m/include/crypto/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
|
||||
+++ openssl-1.1.1m/include/crypto/fips_int.h
|
||||
@@ -77,6 +77,7 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
int FIPS_selftest_pbkdf2(void);
|
||||
+int FIPS_selftest_tls(void);
|
||||
|
||||
int fips_in_post(void);
|
||||
|
||||
Index: openssl-1.1.1m/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/include/openssl/fips.h
|
||||
+++ openssl-1.1.1m/include/openssl/fips.h
|
||||
@@ -125,6 +125,7 @@ extern "C" {
|
||||
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
|
||||
# define FIPS_F_FIPS_SELFTEST_HMAC 113
|
||||
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
||||
+# define FIPS_F_FIPS_SELFTEST_TLS 153
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
||||
Index: openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
|
||||
+++ openssl-1.1.1m/crypto/fips/fips_err.h
|
||||
@@ -112,6 +112,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
|
||||
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
|
||||
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
|
22
openssl-pkgconfig.patch
Normal file
22
openssl-pkgconfig.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.1-pre3.orig/Configurations/unix-Makefile.tmpl 2018-03-20 15:20:03.037124698 +0100
|
||||
+++ openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl 2018-03-20 15:21:04.206084731 +0100
|
||||
@@ -843,7 +843,7 @@ libcrypto.pc:
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Libs: -L$${libdir} -lcrypto'; \
|
||||
echo 'Libs.private: $(LIB_EX_LIBS)'; \
|
||||
- echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
|
||||
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libcrypto.pc
|
||||
|
||||
libssl.pc:
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
@@ -860,7 +860,7 @@ libssl.pc:
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires.private: libcrypto'; \
|
||||
echo 'Libs: -L$${libdir} -lssl'; \
|
||||
- echo 'Cflags: -I$${includedir}' ) > libssl.pc
|
||||
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libssl.pc
|
||||
|
||||
openssl.pc:
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
96
openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
Normal file
96
openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
Normal file
@ -0,0 +1,96 @@
|
||||
From 50f8b936b00dc18ce1f622a7a6aa46daf03da48b Mon Sep 17 00:00:00 2001
|
||||
From: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||
Date: Wed, 16 Aug 2023 16:52:47 +1000
|
||||
Subject: [PATCH] powerpc: ecc: Fix stack allocation secp384r1 asm
|
||||
|
||||
Assembly acceleration secp384r1 opts to not use any callee-save VSRs, as
|
||||
VSX enabled systems make extensive use of renaming, and so writebacks in
|
||||
felem_{mul,square}() can be reordered for best cache effects.
|
||||
|
||||
Remove stack allocations. This in turn fixes unmatched push/pops in
|
||||
felem_{mul,square}().
|
||||
|
||||
Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com>
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21749)
|
||||
---
|
||||
crypto/ec/asm/ecp_nistp384-ppc64.pl | 49 -----------------------------
|
||||
1 file changed, 49 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl
|
||||
index 3f86b391af69..28f4168e5218 100755
|
||||
--- a/crypto/ec/asm/ecp_nistp384-ppc64.pl
|
||||
+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
|
||||
@@ -62,51 +62,6 @@ ($)
|
||||
___
|
||||
}
|
||||
|
||||
-
|
||||
-sub push_vrs($$)
|
||||
-{
|
||||
- my ($min, $max) = @_;
|
||||
-
|
||||
- my $count = $max - $min + 1;
|
||||
-
|
||||
- $code.=<<___;
|
||||
- mr $savesp,$sp
|
||||
- stdu $sp,-16*`$count+1`($sp)
|
||||
-
|
||||
-___
|
||||
- for (my $i = $min; $i <= $max; $i++) {
|
||||
- my $mult = $max - $i + 1;
|
||||
- $code.=<<___;
|
||||
- stxv $i,-16*$mult($savesp)
|
||||
-___
|
||||
-
|
||||
- }
|
||||
-
|
||||
- $code.=<<___;
|
||||
-
|
||||
-___
|
||||
-}
|
||||
-
|
||||
-sub pop_vrs($$)
|
||||
-{
|
||||
- my ($min, $max) = @_;
|
||||
-
|
||||
- $code.=<<___;
|
||||
- ld $savesp,0($sp)
|
||||
-___
|
||||
- for (my $i = $min; $i <= $max; $i++) {
|
||||
- my $mult = $max - $i + 1;
|
||||
- $code.=<<___;
|
||||
- lxv $i,-16*$mult($savesp)
|
||||
-___
|
||||
- }
|
||||
-
|
||||
- $code.=<<___;
|
||||
- mr $sp,$savesp
|
||||
-
|
||||
-___
|
||||
-}
|
||||
-
|
||||
sub load_vrs($$)
|
||||
{
|
||||
my ($pointer, $reg_list) = @_;
|
||||
@@ -162,8 +117,6 @@ ($$)
|
||||
|
||||
startproc("p384_felem_mul");
|
||||
|
||||
- push_vrs(52, 63);
|
||||
-
|
||||
$code.=<<___;
|
||||
vspltisw $vzero,0
|
||||
|
||||
@@ -268,8 +221,6 @@ ($$)
|
||||
|
||||
startproc("p384_felem_square");
|
||||
|
||||
- push_vrs(52, 63);
|
||||
-
|
||||
$code.=<<___;
|
||||
vspltisw $vzero,0
|
||||
|
18
openssl-ppc64-config.patch
Normal file
18
openssl-ppc64-config.patch
Normal file
@ -0,0 +1,18 @@
|
||||
Index: openssl-1.1.1-pre3/config
|
||||
===================================================================
|
||||
--- openssl-1.1.1-pre3.orig/config 2018-03-20 15:24:38.037441210 +0100
|
||||
+++ openssl-1.1.1-pre3/config 2018-03-20 15:26:20.163043492 +0100
|
||||
@@ -552,12 +552,7 @@ case "$GUESSOS" in
|
||||
OUT="linux-ppc64"
|
||||
else
|
||||
OUT="linux-ppc"
|
||||
- if (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null); then
|
||||
- :;
|
||||
- else
|
||||
- __CNF_CFLAGS="$__CNF_CFLAGS -m32"
|
||||
- __CNF_CXXFLAGS="$__CNF_CXXFLAGS -m32"
|
||||
- fi
|
||||
+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || OUT="linux-ppc64"
|
||||
fi
|
||||
;;
|
||||
ppc64le-*-linux2) OUT="linux-ppc64le" ;;
|
12
openssl-riscv64-config.patch
Normal file
12
openssl-riscv64-config.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.1.1p/config
|
||||
===================================================================
|
||||
--- openssl-1.1.1p.orig/config
|
||||
+++ openssl-1.1.1p/config
|
||||
@@ -639,6 +639,7 @@ case "$GUESSOS" in
|
||||
OUT="linux-elf"
|
||||
fi ;;
|
||||
*86-*-linux1) OUT="linux-aout" ;;
|
||||
+ riscv64-*-linux?) OUT="linux64-riscv64" ;;
|
||||
*-*-linux?) OUT="linux-generic32" ;;
|
||||
sun4[uv]*-*-solaris2)
|
||||
OUT="solaris-sparcv9-$CC"
|
278
openssl-s390x-assembly-pack-accelerate-ECDSA.patch
Normal file
278
openssl-s390x-assembly-pack-accelerate-ECDSA.patch
Normal file
@ -0,0 +1,278 @@
|
||||
From 58c35587eacba090414522a6506cb86f2d0e91af Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 11 Jul 2019 10:38:18 +0200
|
||||
Subject: [PATCH 09206/10000] s390x assembly pack: accelerate ECDSA
|
||||
|
||||
for NIST P-256, P-384 and P-521 using KDSA instruction.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/ecp_s390x_nistp.c | 202 +++++++++++++++++++++++++++++++++++-
|
||||
crypto/err/openssl.txt | 2 +
|
||||
2 files changed, 200 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:13:44.618571104 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:14:20.398759363 +0100
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/rand.h>
|
||||
#include "ec_local.h"
|
||||
#include "s390x_arch.h"
|
||||
|
||||
@@ -28,6 +29,15 @@
|
||||
#define S390X_OFF_SRC_Y(n) (3 * n)
|
||||
#define S390X_OFF_SCALAR(n) (4 * n)
|
||||
|
||||
+/* Offsets of fields in KDSA parameter blocks */
|
||||
+#define S390X_OFF_R(n) (0 * n)
|
||||
+#define S390X_OFF_S(n) (1 * n)
|
||||
+#define S390X_OFF_H(n) (2 * n)
|
||||
+#define S390X_OFF_K(n) (3 * n)
|
||||
+#define S390X_OFF_X(n) (3 * n)
|
||||
+#define S390X_OFF_RN(n) (4 * n)
|
||||
+#define S390X_OFF_Y(n) (4 * n)
|
||||
+
|
||||
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *scalar,
|
||||
size_t num, const EC_POINT *points[],
|
||||
@@ -106,6 +116,163 @@ ret:
|
||||
return rc;
|
||||
}
|
||||
|
||||
+static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
|
||||
+ int dgstlen,
|
||||
+ const BIGNUM *kinv,
|
||||
+ const BIGNUM *r,
|
||||
+ EC_KEY *eckey,
|
||||
+ unsigned int fc, int len)
|
||||
+{
|
||||
+ unsigned char param[S390X_SIZE_PARAM];
|
||||
+ int ok = 0;
|
||||
+ BIGNUM *k;
|
||||
+ ECDSA_SIG *sig;
|
||||
+ const EC_GROUP *group;
|
||||
+ const BIGNUM *privkey;
|
||||
+ int off;
|
||||
+
|
||||
+ group = EC_KEY_get0_group(eckey);
|
||||
+ privkey = EC_KEY_get0_private_key(eckey);
|
||||
+ if (group == NULL || privkey == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, EC_R_MISSING_PARAMETERS);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (!EC_KEY_can_sign(eckey)) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG,
|
||||
+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ k = BN_secure_new();
|
||||
+ sig = ECDSA_SIG_new();
|
||||
+ if (k == NULL || sig == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ sig->r = BN_new();
|
||||
+ sig->s = BN_new();
|
||||
+ if (sig->r == NULL || sig->s == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ memset(param, 0, sizeof(param));
|
||||
+ off = len - (dgstlen > len ? len : dgstlen);
|
||||
+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off);
|
||||
+
|
||||
+ if (BN_bn2binpad(privkey, param + S390X_OFF_K(len), len) == -1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ if (r == NULL || kinv == NULL) {
|
||||
+ /*
|
||||
+ * Generate random k and copy to param param block. RAND_priv_bytes
|
||||
+ * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce
|
||||
+ * because kdsa instruction constructs an in-range, invertible nonce
|
||||
+ * internally implementing counter-measures for RNG weakness.
|
||||
+ */
|
||||
+ if (RAND_priv_bytes(param + S390X_OFF_RN(len), len) != 1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG,
|
||||
+ EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+ } else {
|
||||
+ /* Reconstruct k = (k^-1)^-1. */
|
||||
+ if (ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
||||
+ || BN_bn2binpad(k, param + S390X_OFF_RN(len), len) == -1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+ /* Turns KDSA internal nonce-generation off. */
|
||||
+ fc |= S390X_KDSA_D;
|
||||
+ }
|
||||
+
|
||||
+ if (s390x_kdsa(fc, param, NULL, 0) != 0) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_ECDSA_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ if (BN_bin2bn(param + S390X_OFF_R(len), len, sig->r) == NULL
|
||||
+ || BN_bin2bn(param + S390X_OFF_S(len), len, sig->s) == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ ok = 1;
|
||||
+ret:
|
||||
+ OPENSSL_cleanse(param, sizeof(param));
|
||||
+ if (ok != 1) {
|
||||
+ ECDSA_SIG_free(sig);
|
||||
+ sig = NULL;
|
||||
+ }
|
||||
+ BN_clear_free(k);
|
||||
+ return sig;
|
||||
+}
|
||||
+
|
||||
+static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey,
|
||||
+ unsigned int fc, int len)
|
||||
+{
|
||||
+ unsigned char param[S390X_SIZE_PARAM];
|
||||
+ int rc = -1;
|
||||
+ BN_CTX *ctx;
|
||||
+ BIGNUM *x, *y;
|
||||
+ const EC_GROUP *group;
|
||||
+ const EC_POINT *pubkey;
|
||||
+ int off;
|
||||
+
|
||||
+ group = EC_KEY_get0_group(eckey);
|
||||
+ pubkey = EC_KEY_get0_public_key(eckey);
|
||||
+ if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (!EC_KEY_can_sign(eckey)) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG,
|
||||
+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ctx = BN_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+
|
||||
+ x = BN_CTX_get(ctx);
|
||||
+ y = BN_CTX_get(ctx);
|
||||
+ if (x == NULL || y == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ memset(param, 0, sizeof(param));
|
||||
+ off = len - (dgstlen > len ? len : dgstlen);
|
||||
+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off);
|
||||
+
|
||||
+ if (group->meth->point_get_affine_coordinates(group, pubkey,
|
||||
+ x, y, ctx) != 1
|
||||
+ || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1
|
||||
+ || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1
|
||||
+ || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1
|
||||
+ || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0;
|
||||
+ret:
|
||||
+ BN_CTX_end(ctx);
|
||||
+ BN_CTX_free(ctx);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
#define EC_GFP_S390X_NISTP_METHOD(bits) \
|
||||
\
|
||||
static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mu
|
||||
S390X_SIZE_P##bits); \
|
||||
} \
|
||||
\
|
||||
+static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \
|
||||
+ char *dgst, \
|
||||
+ int dgstlen, \
|
||||
+ const BIGNUM *kinv,\
|
||||
+ const BIGNUM *r, \
|
||||
+ EC_KEY *eckey) \
|
||||
+{ \
|
||||
+ return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \
|
||||
+ S390X_ECDSA_SIGN_P##bits, \
|
||||
+ S390X_SIZE_P##bits); \
|
||||
+} \
|
||||
+ \
|
||||
+static int ecdsa_s390x_nistp##bits##_verify_sig(const \
|
||||
+ unsigned char *dgst, \
|
||||
+ int dgstlen, \
|
||||
+ const ECDSA_SIG *sig, \
|
||||
+ EC_KEY *eckey) \
|
||||
+{ \
|
||||
+ return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \
|
||||
+ S390X_ECDSA_VERIFY_P##bits, \
|
||||
+ S390X_SIZE_P##bits); \
|
||||
+} \
|
||||
+ \
|
||||
const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
{ \
|
||||
static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
|
||||
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
NULL, /* keyfinish */ \
|
||||
ecdh_simple_compute_key, \
|
||||
ecdsa_simple_sign_setup, \
|
||||
- ecdsa_simple_sign_sig, \
|
||||
- ecdsa_simple_verify_sig, \
|
||||
+ ecdsa_s390x_nistp##bits##_sign_sig, \
|
||||
+ ecdsa_s390x_nistp##bits##_verify_sig, \
|
||||
NULL, /* field_inverse_mod_ord */ \
|
||||
ec_GFp_simple_blind_coordinates, \
|
||||
ec_GFp_simple_ladder_pre, \
|
||||
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
}; \
|
||||
static const EC_METHOD *ret; \
|
||||
\
|
||||
- if (OPENSSL_s390xcap_P.pcc[1] \
|
||||
- & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
|
||||
+ if ((OPENSSL_s390xcap_P.pcc[1] \
|
||||
+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
|
||||
+ && (OPENSSL_s390xcap_P.kdsa[0] \
|
||||
+ & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \
|
||||
+ && (OPENSSL_s390xcap_P.kdsa[0] \
|
||||
+ & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \
|
||||
ret = &EC_GFp_s390x_nistp##bits##_meth; \
|
||||
else \
|
||||
ret = EC_GFp_mont_method(); \
|
||||
Index: openssl-1.1.1e/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:13:44.618571104 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:14:02.446664907 +0100
|
||||
@@ -499,6 +499,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
||||
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
||||
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
|
||||
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,673 @@
|
||||
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
|
||||
index 64e7ebb..34e04b4 100644
|
||||
--- a/crypto/s390x_arch.h
|
||||
+++ b/crypto/s390x_arch.h
|
||||
@@ -52,6 +52,9 @@ __attribute__ ((visibility("hidden")))
|
||||
#endif
|
||||
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
|
||||
+/* Max number of 64-bit words currently returned by STFLE */
|
||||
+# define S390X_STFLE_MAX 3
|
||||
+
|
||||
/* convert facility bit number or function code to bit mask */
|
||||
# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64))
|
||||
|
||||
@@ -71,9 +74,15 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
# define S390X_KMA 0xb0
|
||||
|
||||
/* Facility Bit Numbers */
|
||||
-# define S390X_VX 129
|
||||
-# define S390X_VXD 134
|
||||
-# define S390X_VXE 135
|
||||
+# define S390X_MSA 17 /* message-security-assist */
|
||||
+# define S390X_STCKF 25 /* store-clock-fast */
|
||||
+# define S390X_MSA5 57 /* message-security-assist-ext. 5 */
|
||||
+# define S390X_MSA3 76 /* message-security-assist-ext. 3 */
|
||||
+# define S390X_MSA4 77 /* message-security-assist-ext. 4 */
|
||||
+# define S390X_VX 129 /* vector */
|
||||
+# define S390X_VXD 134 /* vector packed decimal */
|
||||
+# define S390X_VXE 135 /* vector enhancements 1 */
|
||||
+# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
|
||||
|
||||
/* Function Codes */
|
||||
|
||||
@@ -81,6 +90,9 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
# define S390X_QUERY 0
|
||||
|
||||
/* kimd/klmd */
|
||||
+# define S390X_SHA_1 1
|
||||
+# define S390X_SHA_256 2
|
||||
+# define S390X_SHA_512 3
|
||||
# define S390X_SHA3_224 32
|
||||
# define S390X_SHA3_256 33
|
||||
# define S390X_SHA3_384 34
|
||||
@@ -94,7 +106,12 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
# define S390X_AES_192 19
|
||||
# define S390X_AES_256 20
|
||||
|
||||
+/* km */
|
||||
+# define S390X_XTS_AES_128 50
|
||||
+# define S390X_XTS_AES_256 52
|
||||
+
|
||||
/* prno */
|
||||
+# define S390X_SHA_512_DRNG 3
|
||||
# define S390X_TRNG 114
|
||||
|
||||
/* Register 0 Flags */
|
||||
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
|
||||
index 1097c70..da6af34 100644
|
||||
--- a/crypto/s390xcap.c
|
||||
+++ b/crypto/s390xcap.c
|
||||
@@ -13,15 +13,51 @@
|
||||
#include <setjmp.h>
|
||||
#include <signal.h>
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "crypto/ctype.h"
|
||||
#include "s390x_arch.h"
|
||||
|
||||
+#define LEN 128
|
||||
+#define STR_(S) #S
|
||||
+#define STR(S) STR_(S)
|
||||
+
|
||||
+#define TOK_FUNC(NAME) \
|
||||
+ (sscanf(tok_begin, \
|
||||
+ " " STR(NAME) " : %" STR(LEN) "[^:] : " \
|
||||
+ "%" STR(LEN) "s %" STR(LEN) "s ", \
|
||||
+ tok[0], tok[1], tok[2]) == 2) { \
|
||||
+ \
|
||||
+ off = (tok[0][0] == '~') ? 1 : 0; \
|
||||
+ if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \
|
||||
+ goto ret; \
|
||||
+ if (off) \
|
||||
+ cap->NAME[0] = ~cap->NAME[0]; \
|
||||
+ \
|
||||
+ off = (tok[1][0] == '~') ? 1 : 0; \
|
||||
+ if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \
|
||||
+ goto ret; \
|
||||
+ if (off) \
|
||||
+ cap->NAME[1] = ~cap->NAME[1]; \
|
||||
+ }
|
||||
+
|
||||
+#define TOK_CPU(NAME) \
|
||||
+ (sscanf(tok_begin, \
|
||||
+ " %" STR(LEN) "s %" STR(LEN) "s ", \
|
||||
+ tok[0], tok[1]) == 1 \
|
||||
+ && !strcmp(tok[0], #NAME)) { \
|
||||
+ memcpy(cap, &NAME, sizeof(*cap)); \
|
||||
+ }
|
||||
+
|
||||
static sigjmp_buf ill_jmp;
|
||||
static void ill_handler(int sig)
|
||||
{
|
||||
siglongjmp(ill_jmp, sig);
|
||||
}
|
||||
|
||||
+static const char *env;
|
||||
+static int parse_env(struct OPENSSL_s390xcap_st *cap);
|
||||
+
|
||||
void OPENSSL_s390x_facilities(void);
|
||||
+void OPENSSL_s390x_functions(void);
|
||||
void OPENSSL_vx_probe(void);
|
||||
|
||||
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
@@ -33,6 +69,7 @@ void OPENSSL_cpuid_setup(void)
|
||||
{
|
||||
sigset_t oset;
|
||||
struct sigaction ill_act, oact_ill, oact_fpe;
|
||||
+ struct OPENSSL_s390xcap_st cap;
|
||||
|
||||
if (OPENSSL_s390xcap_P.stfle[0])
|
||||
return;
|
||||
@@ -40,6 +77,12 @@ void OPENSSL_cpuid_setup(void)
|
||||
/* set a bit that will not be tested later */
|
||||
OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
|
||||
|
||||
+ env = getenv("OPENSSL_s390xcap");
|
||||
+ if (env != NULL) {
|
||||
+ if (!parse_env(&cap))
|
||||
+ env = NULL;
|
||||
+ }
|
||||
+
|
||||
memset(&ill_act, 0, sizeof(ill_act));
|
||||
ill_act.sa_handler = ill_handler;
|
||||
sigfillset(&ill_act.sa_mask);
|
||||
@@ -54,6 +97,12 @@ void OPENSSL_cpuid_setup(void)
|
||||
if (sigsetjmp(ill_jmp, 1) == 0)
|
||||
OPENSSL_s390x_facilities();
|
||||
|
||||
+ if (env != NULL) {
|
||||
+ OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0];
|
||||
+ OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1];
|
||||
+ OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2];
|
||||
+ }
|
||||
+
|
||||
/* protection against disabled vector facility */
|
||||
if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
|
||||
&& (sigsetjmp(ill_jmp, 1) == 0)) {
|
||||
@@ -67,4 +116,470 @@ void OPENSSL_cpuid_setup(void)
|
||||
sigaction(SIGFPE, &oact_fpe, NULL);
|
||||
sigaction(SIGILL, &oact_ill, NULL);
|
||||
sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
+
|
||||
+ OPENSSL_s390x_functions();
|
||||
+
|
||||
+ if (env != NULL) {
|
||||
+ OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0];
|
||||
+ OPENSSL_s390xcap_P.kimd[1] &= cap.kimd[1];
|
||||
+ OPENSSL_s390xcap_P.klmd[0] &= cap.klmd[0];
|
||||
+ OPENSSL_s390xcap_P.klmd[1] &= cap.klmd[1];
|
||||
+ OPENSSL_s390xcap_P.km[0] &= cap.km[0];
|
||||
+ OPENSSL_s390xcap_P.km[1] &= cap.km[1];
|
||||
+ OPENSSL_s390xcap_P.kmc[0] &= cap.kmc[0];
|
||||
+ OPENSSL_s390xcap_P.kmc[1] &= cap.kmc[1];
|
||||
+ OPENSSL_s390xcap_P.kmac[0] &= cap.kmac[0];
|
||||
+ OPENSSL_s390xcap_P.kmac[1] &= cap.kmac[1];
|
||||
+ OPENSSL_s390xcap_P.kmctr[0] &= cap.kmctr[0];
|
||||
+ OPENSSL_s390xcap_P.kmctr[1] &= cap.kmctr[1];
|
||||
+ OPENSSL_s390xcap_P.kmo[0] &= cap.kmo[0];
|
||||
+ OPENSSL_s390xcap_P.kmo[1] &= cap.kmo[1];
|
||||
+ OPENSSL_s390xcap_P.kmf[0] &= cap.kmf[0];
|
||||
+ OPENSSL_s390xcap_P.kmf[1] &= cap.kmf[1];
|
||||
+ OPENSSL_s390xcap_P.prno[0] &= cap.prno[0];
|
||||
+ OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
|
||||
+ OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
|
||||
+ OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
+{
|
||||
+ /*-
|
||||
+ * CPU model data
|
||||
+ * (only the STFLE- and QUERY-bits relevant to libcrypto are set)
|
||||
+ */
|
||||
+
|
||||
+ /*-
|
||||
+ * z900 (2000) - z/Architecture POP SA22-7832-00
|
||||
+ * Facility detection would fail on real hw (no STFLE).
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z900 = {
|
||||
+ .stfle = {0ULL, 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {0ULL, 0ULL},
|
||||
+ .klmd = {0ULL, 0ULL},
|
||||
+ .km = {0ULL, 0ULL},
|
||||
+ .kmc = {0ULL, 0ULL},
|
||||
+ .kmac = {0ULL, 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z990 (2003) - z/Architecture POP SA22-7832-02
|
||||
+ * Implements MSA. Facility detection would fail on real hw (no STFLE).
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z990 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA),
|
||||
+ 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1),
|
||||
+ 0ULL},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z9 (2005) - z/Architecture POP SA22-7832-04
|
||||
+ * Implements MSA and MSA1.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z9 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256),
|
||||
+ 0ULL},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z10 (2008) - z/Architecture POP SA22-7832-06
|
||||
+ * Implements MSA and MSA1-2.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z10 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z196 (2010) - z/Architecture POP SA22-7832-08
|
||||
+ * Implements MSA and MSA1-4.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z196 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * zEC12 (2012) - z/Architecture POP SA22-7832-09
|
||||
+ * Implements MSA and MSA1-4.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st zEC12 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z13 (2015) - z/Architecture POP SA22-7832-10
|
||||
+ * Implements MSA and MSA1-5.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z13 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF)
|
||||
+ | S390X_CAPBIT(S390X_MSA5),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ S390X_CAPBIT(S390X_VX),
|
||||
+ 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
+ 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z14 (2017) - z/Architecture POP SA22-7832-11
|
||||
+ * Implements MSA and MSA1-8.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z14 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF)
|
||||
+ | S390X_CAPBIT(S390X_MSA5),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ S390X_CAPBIT(S390X_VX)
|
||||
+ | S390X_CAPBIT(S390X_VXD)
|
||||
+ | S390X_CAPBIT(S390X_VXE)
|
||||
+ | S390X_CAPBIT(S390X_MSA8),
|
||||
+ 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
+ S390X_CAPBIT(S390X_TRNG)},
|
||||
+ .kma = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
|
||||
+ int rc, off, i, n;
|
||||
+
|
||||
+ buff = malloc(strlen(env) + 1);
|
||||
+ if (buff == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ rc = 0;
|
||||
+ memset(cap, ~0, sizeof(*cap));
|
||||
+ strcpy(buff, env);
|
||||
+
|
||||
+ tok_begin = buff + strspn(buff, ";");
|
||||
+ strtok(tok_begin, ";");
|
||||
+ tok_end = strtok(NULL, ";");
|
||||
+
|
||||
+ while (tok_begin != NULL) {
|
||||
+ /* stfle token */
|
||||
+ if ((n = sscanf(tok_begin,
|
||||
+ " stfle : %" STR(LEN) "[^:] : "
|
||||
+ "%" STR(LEN) "[^:] : %" STR(LEN) "s ",
|
||||
+ tok[0], tok[1], tok[2]))) {
|
||||
+ for (i = 0; i < n; i++) {
|
||||
+ off = (tok[i][0] == '~') ? 1 : 0;
|
||||
+ if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1)
|
||||
+ goto ret;
|
||||
+ if (off)
|
||||
+ cap->stfle[i] = ~cap->stfle[i];
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* query function tokens */
|
||||
+ else if TOK_FUNC(kimd)
|
||||
+ else if TOK_FUNC(klmd)
|
||||
+ else if TOK_FUNC(km)
|
||||
+ else if TOK_FUNC(kmc)
|
||||
+ else if TOK_FUNC(kmac)
|
||||
+ else if TOK_FUNC(kmctr)
|
||||
+ else if TOK_FUNC(kmo)
|
||||
+ else if TOK_FUNC(kmf)
|
||||
+ else if TOK_FUNC(prno)
|
||||
+ else if TOK_FUNC(kma)
|
||||
+
|
||||
+ /* CPU model tokens */
|
||||
+ else if TOK_CPU(z900)
|
||||
+ else if TOK_CPU(z990)
|
||||
+ else if TOK_CPU(z9)
|
||||
+ else if TOK_CPU(z10)
|
||||
+ else if TOK_CPU(z196)
|
||||
+ else if TOK_CPU(zEC12)
|
||||
+ else if TOK_CPU(z13)
|
||||
+ else if TOK_CPU(z14)
|
||||
+
|
||||
+ /* whitespace(ignored) or invalid tokens */
|
||||
+ else {
|
||||
+ while (*tok_begin != '\0') {
|
||||
+ if (!ossl_isspace(*tok_begin))
|
||||
+ goto ret;
|
||||
+ tok_begin++;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ tok_begin = tok_end;
|
||||
+ tok_end = strtok(NULL, ";");
|
||||
+ }
|
||||
+
|
||||
+ rc = 1;
|
||||
+ret:
|
||||
+ free(buff);
|
||||
+ return rc;
|
||||
}
|
||||
diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl
|
||||
index 5cbb962..3602301 100755
|
||||
--- a/crypto/s390xcpuid.pl
|
||||
+++ b/crypto/s390xcpuid.pl
|
||||
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
|
||||
stg %r0,S390X_STFLE+16(%r4)
|
||||
stg %r0,S390X_STFLE+24(%r4)
|
||||
- stg %r0,S390X_KIMD(%r4)
|
||||
+
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
+ brc 8,.Ldone
|
||||
+ lghi %r0,1
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
+ brc 8,.Ldone
|
||||
+ lghi %r0,2
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
+.Ldone:
|
||||
+ br $ra
|
||||
+.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
|
||||
+
|
||||
+.globl OPENSSL_s390x_functions
|
||||
+.type OPENSSL_s390x_functions,\@function
|
||||
+.align 16
|
||||
+OPENSSL_s390x_functions:
|
||||
+ lghi %r0,0
|
||||
+ larl %r4,OPENSSL_s390xcap_P
|
||||
+
|
||||
+ stg %r0,S390X_KIMD(%r4) # wipe capability vectors
|
||||
stg %r0,S390X_KIMD+8(%r4)
|
||||
stg %r0,S390X_KLMD(%r4)
|
||||
stg %r0,S390X_KLMD+8(%r4)
|
||||
@@ -59,14 +78,6 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,S390X_KMA(%r4)
|
||||
stg %r0,S390X_KMA+8(%r4)
|
||||
|
||||
- .long 0xb2b04000 # stfle 0(%r4)
|
||||
- brc 8,.Ldone
|
||||
- lghi %r0,1
|
||||
- .long 0xb2b04000 # stfle 0(%r4)
|
||||
- brc 8,.Ldone
|
||||
- lghi %r0,2
|
||||
- .long 0xb2b04000 # stfle 0(%r4)
|
||||
-.Ldone:
|
||||
lmg %r2,%r3,S390X_STFLE(%r4)
|
||||
tmhl %r2,0x4000 # check for message-security-assist
|
||||
jz .Lret
|
||||
@@ -123,7 +134,7 @@ OPENSSL_s390x_facilities:
|
||||
|
||||
.Lret:
|
||||
br $ra
|
||||
-.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
|
||||
+.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
|
||||
|
||||
.globl OPENSSL_rdtsc
|
||||
.type OPENSSL_rdtsc,\@function
|
208
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Normal file
208
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Normal file
@ -0,0 +1,208 @@
|
||||
From d68af00685c4a76e9545882e350717ae5e4071df Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 31 Jan 2017 12:43:35 +0100
|
||||
Subject: [PATCH] s390x assembly pack: add OPENSSL_s390xcap man page.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/6813)
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 173 ++++++++++++++++++++++++++++++++++
|
||||
util/private.num | 1 +
|
||||
2 files changed, 174 insertions(+)
|
||||
create mode 100644 doc/man3/OPENSSL_s390xcap.pod
|
||||
|
||||
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
|
||||
new file mode 100644
|
||||
index 00000000000..550136a82b8
|
||||
--- /dev/null
|
||||
+++ b/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -0,0 +1,173 @@
|
||||
+=pod
|
||||
+
|
||||
+=head1 NAME
|
||||
+
|
||||
+OPENSSL_s390xcap - the IBM z processor capabilities vector
|
||||
+
|
||||
+=head1 SYNOPSIS
|
||||
+
|
||||
+ env OPENSSL_s390xcap=... <application>
|
||||
+
|
||||
+=head1 DESCRIPTION
|
||||
+
|
||||
+libcrypto supports z/Architecture instruction set extensions. These
|
||||
+extensions are denoted by individual bits in the capabilities vector.
|
||||
+When libcrypto is initialized, the bits returned by the STFLE instruction
|
||||
+and by the QUERY functions are stored in the vector.
|
||||
+
|
||||
+To change the set of instructions available to an application, you can
|
||||
+set the OPENSSL_s390xcap environment variable before you start the
|
||||
+application. After initialization, the capability vector is ANDed bitwise
|
||||
+with a mask which is derived from the environment variable.
|
||||
+
|
||||
+The environment variable is a semicolon-separated list of tokens which is
|
||||
+processed from left to right (whitespace is ignored):
|
||||
+
|
||||
+ OPENSSL_s390xcap="<tok1>;<tok2>;..."
|
||||
+
|
||||
+There are three types of tokens:
|
||||
+
|
||||
+=over 4
|
||||
+
|
||||
+=item <string>
|
||||
+
|
||||
+The name of a processor generation. A bit in the environment variable's
|
||||
+mask is set to one if and only if the specified processor generation
|
||||
+implements the corresponding instruction set extension. Possible values
|
||||
+are z900, z990, z9, z10, z196, zEC12, z13 and z14.
|
||||
+
|
||||
+=item <string>:<mask>:<mask>
|
||||
+
|
||||
+The name of an instruction followed by two 64-bit masks. The part of the
|
||||
+environment variable's mask corresponding to the specified instruction is
|
||||
+set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc,
|
||||
+kmac, kmctr, kmo, kmf, prno and kma.
|
||||
+
|
||||
+=item stfle:<mask>:<mask>:<mask>
|
||||
+
|
||||
+Store-facility-list-extended (stfle) followed by three 64-bit masks. The
|
||||
+part of the environment variable's mask corresponding to the stfle
|
||||
+instruction is set to the specified 192-bit mask.
|
||||
+
|
||||
+=back
|
||||
+
|
||||
+The 64-bit masks are specified in hexadecimal notation. The 0x prefix is
|
||||
+optional. Prefix a mask with a tilde (~) to denote a bitwise NOT operation.
|
||||
+
|
||||
+The following is a list of significant bits for each instruction. Colon
|
||||
+rows separate the individual 64-bit masks. The bit numbers in the first
|
||||
+column are consistent with [1], that is, 0 denotes the leftmost bit and
|
||||
+the numbering is continuous across 64-bit mask boundaries.
|
||||
+
|
||||
+ Bit Mask Facility/Function
|
||||
+
|
||||
+ stfle:
|
||||
+ # 17 1<<46 message-security assist
|
||||
+ # 25 1<<38 store-clock-fast facility
|
||||
+ :
|
||||
+ # 76 1<<51 message-security assist extension 3
|
||||
+ # 77 1<<50 message-security assist extension 4
|
||||
+ :
|
||||
+ #129 1<<62 vector facility
|
||||
+ #134 1<<57 vector packed decimal facility
|
||||
+ #135 1<<56 vector enhancements facility 1
|
||||
+ #146 1<<45 message-security assist extension 8
|
||||
+
|
||||
+ kimd :
|
||||
+ # 1 1<<62 KIMD-SHA-1
|
||||
+ # 2 1<<61 KIMD-SHA-256
|
||||
+ # 3 1<<60 KIMD-SHA-512
|
||||
+ # 32 1<<31 KIMD-SHA3-224
|
||||
+ # 33 1<<30 KIMD-SHA3-256
|
||||
+ # 34 1<<29 KIMD-SHA3-384
|
||||
+ # 35 1<<28 KIMD-SHA3-512
|
||||
+ # 36 1<<27 KIMD-SHAKE-128
|
||||
+ # 37 1<<26 KIMD-SHAKE-256
|
||||
+ :
|
||||
+ # 65 1<<62 KIMD-GHASH
|
||||
+
|
||||
+ klmd :
|
||||
+ # 32 1<<31 KLMD-SHA3-224
|
||||
+ # 33 1<<30 KLMD-SHA3-256
|
||||
+ # 34 1<<29 KLMD-SHA3-384
|
||||
+ # 35 1<<28 KLMD-SHA3-512
|
||||
+ # 36 1<<27 KLMD-SHAKE-128
|
||||
+ # 37 1<<26 KLMD-SHAKE-256
|
||||
+ :
|
||||
+
|
||||
+ km :
|
||||
+ # 18 1<<45 KM-AES-128
|
||||
+ # 19 1<<44 KM-AES-192
|
||||
+ # 20 1<<43 KM-AES-256
|
||||
+ # 50 1<<13 KM-XTS-AES-128
|
||||
+ # 52 1<<11 KM-XTS-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmc :
|
||||
+ # 18 1<<45 KMC-AES-128
|
||||
+ # 19 1<<44 KMC-AES-192
|
||||
+ # 20 1<<43 KMC-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmac :
|
||||
+ # 18 1<<45 KMAC-AES-128
|
||||
+ # 19 1<<44 KMAC-AES-192
|
||||
+ # 20 1<<43 KMAC-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmctr:
|
||||
+ :
|
||||
+
|
||||
+ kmo :
|
||||
+ # 18 1<<45 KMO-AES-128
|
||||
+ # 19 1<<44 KMO-AES-192
|
||||
+ # 20 1<<43 KMO-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmf :
|
||||
+ # 18 1<<45 KMF-AES-128
|
||||
+ # 19 1<<44 KMF-AES-192
|
||||
+ # 20 1<<43 KMF-AES-256
|
||||
+ :
|
||||
+
|
||||
+ prno :
|
||||
+ :
|
||||
+
|
||||
+ kma :
|
||||
+ # 18 1<<45 KMA-GCM-AES-128
|
||||
+ # 19 1<<44 KMA-GCM-AES-192
|
||||
+ # 20 1<<43 KMA-GCM-AES-256
|
||||
+ :
|
||||
+
|
||||
+=head1 EXAMPLES
|
||||
+
|
||||
+Disables all instruction set extensions which the z196 processor does not implement:
|
||||
+
|
||||
+ OPENSSL_s390xcap="z196"
|
||||
+
|
||||
+Disables the vector facility:
|
||||
+
|
||||
+ OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000"
|
||||
+
|
||||
+Disables the KM-XTS-AES and and the KIMD-SHAKE function codes:
|
||||
+
|
||||
+ OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
|
||||
+
|
||||
+=head1 RETURN VALUES
|
||||
+
|
||||
+Not available.
|
||||
+
|
||||
+=head1 SEE ALSO
|
||||
+
|
||||
+[1] z/Architecture Principles of Operation, SA22-7832-11
|
||||
+
|
||||
+=head1 COPYRIGHT
|
||||
+
|
||||
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+
|
||||
+Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+this file except in compliance with the License. You can obtain a copy
|
||||
+in the file LICENSE in the source distribution or at
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff --git a/util/private.num b/util/private.num
|
||||
index c456578c335..2bfe987b437 100644
|
||||
--- a/util/private.num
|
||||
+++ b/util/private.num
|
||||
@@ -3,6 +3,7 @@
|
||||
# assembly language, etc.
|
||||
#
|
||||
OPENSSL_ia32cap environment
|
||||
+OPENSSL_s390xcap environment
|
||||
OPENSSL_MALLOC_FD environment
|
||||
OPENSSL_MALLOC_FAILURES environment
|
||||
OPENSSL_instrument_bus assembler
|
@ -0,0 +1,377 @@
|
||||
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
|
||||
index 34e04b4..a156c97 100644
|
||||
--- a/crypto/s390x_arch.h
|
||||
+++ b/crypto/s390x_arch.h
|
||||
@@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
|
||||
unsigned int fc, void *param);
|
||||
void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
|
||||
size_t len, unsigned char *out, unsigned int fc, void *param);
|
||||
+int s390x_pcc(unsigned int fc, void *param);
|
||||
+int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in,
|
||||
+ size_t len);
|
||||
|
||||
/*
|
||||
* The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
|
||||
@@ -45,6 +48,8 @@ struct OPENSSL_s390xcap_st {
|
||||
unsigned long long kmf[2];
|
||||
unsigned long long prno[2];
|
||||
unsigned long long kma[2];
|
||||
+ unsigned long long pcc[2];
|
||||
+ unsigned long long kdsa[2];
|
||||
};
|
||||
|
||||
#if defined(__GNUC__) && defined(__linux)
|
||||
@@ -72,6 +77,8 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
# define S390X_KMF 0x90
|
||||
# define S390X_PRNO 0xa0
|
||||
# define S390X_KMA 0xb0
|
||||
+# define S390X_PCC 0xc0
|
||||
+# define S390X_KDSA 0xd0
|
||||
|
||||
/* Facility Bit Numbers */
|
||||
# define S390X_MSA 17 /* message-security-assist */
|
||||
@@ -83,6 +90,7 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
# define S390X_VXD 134 /* vector packed decimal */
|
||||
# define S390X_VXE 135 /* vector enhancements 1 */
|
||||
# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
|
||||
+# define S390X_MSA9 155 /* message-security-assist-ext. 9 */
|
||||
|
||||
/* Function Codes */
|
||||
|
||||
@@ -114,10 +122,24 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
# define S390X_SHA_512_DRNG 3
|
||||
# define S390X_TRNG 114
|
||||
|
||||
+/* pcc */
|
||||
+# define S390X_SCALAR_MULTIPLY_P256 64
|
||||
+# define S390X_SCALAR_MULTIPLY_P384 65
|
||||
+# define S390X_SCALAR_MULTIPLY_P521 66
|
||||
+
|
||||
+/* kdsa */
|
||||
+# define S390X_ECDSA_VERIFY_P256 1
|
||||
+# define S390X_ECDSA_VERIFY_P384 2
|
||||
+# define S390X_ECDSA_VERIFY_P521 3
|
||||
+# define S390X_ECDSA_SIGN_P256 9
|
||||
+# define S390X_ECDSA_SIGN_P384 10
|
||||
+# define S390X_ECDSA_SIGN_P521 11
|
||||
+
|
||||
/* Register 0 Flags */
|
||||
# define S390X_DECRYPT 0x80
|
||||
# define S390X_KMA_LPC 0x100
|
||||
# define S390X_KMA_LAAD 0x200
|
||||
# define S390X_KMA_HS 0x400
|
||||
+# define S390X_KDSA_D 0x80
|
||||
|
||||
#endif
|
||||
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
|
||||
index da6af34..3d762fd 100644
|
||||
--- a/crypto/s390xcap.c
|
||||
+++ b/crypto/s390xcap.c
|
||||
@@ -140,6 +140,10 @@ void OPENSSL_cpuid_setup(void)
|
||||
OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
|
||||
OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
|
||||
OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
|
||||
+ OPENSSL_s390xcap_P.pcc[0] &= cap.pcc[0];
|
||||
+ OPENSSL_s390xcap_P.pcc[1] &= cap.pcc[1];
|
||||
+ OPENSSL_s390xcap_P.kdsa[0] &= cap.kdsa[0];
|
||||
+ OPENSSL_s390xcap_P.kdsa[1] &= cap.kdsa[1];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -166,6 +170,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -192,6 +198,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -223,6 +231,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -260,6 +270,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -316,6 +328,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -372,6 +387,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -432,6 +450,9 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
| S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -511,6 +532,101 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
| S390X_CAPBIT(S390X_AES_192)
|
||||
| S390X_CAPBIT(S390X_AES_256),
|
||||
0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z15 (2019) - z/Architecture POP SA22-7832-12
|
||||
+ * Implements MSA and MSA1-9.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z15 = {
|
||||
+ /*.stfle = */{S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF)
|
||||
+ | S390X_CAPBIT(S390X_MSA5),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ S390X_CAPBIT(S390X_VX)
|
||||
+ | S390X_CAPBIT(S390X_VXD)
|
||||
+ | S390X_CAPBIT(S390X_VXE)
|
||||
+ | S390X_CAPBIT(S390X_MSA8),
|
||||
+ 0ULL},
|
||||
+ /*.kimd = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ /*.klmd = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ 0ULL},
|
||||
+ /*.km = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmc = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmac = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmo = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmf = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.prno = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
+ S390X_CAPBIT(S390X_TRNG)},
|
||||
+ /*.kma = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.pcc = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521),
|
||||
+ 0ULL},
|
||||
+ /*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P256)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P384)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521),
|
||||
+ 0ULL},
|
||||
};
|
||||
|
||||
char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
|
||||
@@ -554,6 +670,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
else if TOK_FUNC(kmf)
|
||||
else if TOK_FUNC(prno)
|
||||
else if TOK_FUNC(kma)
|
||||
+ else if TOK_FUNC(pcc)
|
||||
+ else if TOK_FUNC(kdsa)
|
||||
|
||||
/* CPU model tokens */
|
||||
else if TOK_CPU(z900)
|
||||
@@ -564,6 +682,7 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
else if TOK_CPU(zEC12)
|
||||
else if TOK_CPU(z13)
|
||||
else if TOK_CPU(z14)
|
||||
+ else if TOK_CPU(z15)
|
||||
|
||||
/* whitespace(ignored) or invalid tokens */
|
||||
else {
|
||||
diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl
|
||||
index 3602301..344f4f6 100755
|
||||
--- a/crypto/s390xcpuid.pl
|
||||
+++ b/crypto/s390xcpuid.pl
|
||||
@@ -77,8 +77,13 @@ OPENSSL_s390x_functions:
|
||||
stg %r0,S390X_PRNO+8(%r4)
|
||||
stg %r0,S390X_KMA(%r4)
|
||||
stg %r0,S390X_KMA+8(%r4)
|
||||
+ stg %r0,S390X_PCC(%r4)
|
||||
+ stg %r0,S390X_PCC+8(%r4)
|
||||
+ stg %r0,S390X_KDSA(%r4)
|
||||
+ stg %r0,S390X_KDSA+8(%r4)
|
||||
|
||||
lmg %r2,%r3,S390X_STFLE(%r4)
|
||||
+
|
||||
tmhl %r2,0x4000 # check for message-security-assist
|
||||
jz .Lret
|
||||
|
||||
@@ -102,6 +107,13 @@ OPENSSL_s390x_functions:
|
||||
la %r1,S390X_KMAC(%r4)
|
||||
.long 0xb91e0042 # kmac %r4,%r2
|
||||
|
||||
+ tmhh %r3,0x0003 # check for message-security-assist-3
|
||||
+ jz .Lret
|
||||
+
|
||||
+ lghi %r0,S390X_QUERY # query pcc capability vector
|
||||
+ la %r1,S390X_PCC(%r4)
|
||||
+ .long 0xb92c0000 # pcc
|
||||
+
|
||||
tmhh %r3,0x0004 # check for message-security-assist-4
|
||||
jz .Lret
|
||||
|
||||
@@ -125,6 +137,7 @@ OPENSSL_s390x_functions:
|
||||
.long 0xb93c0042 # prno %r4,%r2
|
||||
|
||||
lg %r2,S390X_STFLE+16(%r4)
|
||||
+
|
||||
tmhl %r2,0x2000 # check for message-security-assist-8
|
||||
jz .Lret
|
||||
|
||||
@@ -132,6 +145,13 @@ OPENSSL_s390x_functions:
|
||||
la %r1,S390X_KMA(%r4)
|
||||
.long 0xb9294022 # kma %r2,%r4,%r2
|
||||
|
||||
+ tmhl %r2,0x0010 # check for message-security-assist-9
|
||||
+ jz .Lret
|
||||
+
|
||||
+ lghi %r0,S390X_QUERY # query kdsa capability vector
|
||||
+ la %r1,S390X_KDSA(%r4)
|
||||
+ .long 0xb93a0002 # kdsa %r0,%r2
|
||||
+
|
||||
.Lret:
|
||||
br $ra
|
||||
.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
|
||||
@@ -422,6 +442,57 @@ s390x_kma:
|
||||
___
|
||||
}
|
||||
|
||||
+################
|
||||
+# void s390x_pcc(unsigned int fc, void *param)
|
||||
+{
|
||||
+my ($fc,$param) = map("%r$_",(2..3));
|
||||
+$code.=<<___;
|
||||
+.globl s390x_pcc
|
||||
+.type s390x_pcc,\@function
|
||||
+.align 16
|
||||
+s390x_pcc:
|
||||
+ lr %r0,$fc
|
||||
+ l${g}r %r1,$param
|
||||
+ lhi %r2,0
|
||||
+
|
||||
+ .long 0xb92c0000 # pcc
|
||||
+ brc 1,.-4 # pay attention to "partial completion"
|
||||
+ brc 7,.Lpcc_err # if CC==0 return 0, else return 1
|
||||
+.Lpcc_out:
|
||||
+ br $ra
|
||||
+.Lpcc_err:
|
||||
+ lhi %r2,1
|
||||
+ j .Lpcc_out
|
||||
+.size s390x_pcc,.-s390x_pcc
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+################
|
||||
+# void s390x_kdsa(unsigned int fc, void *param,
|
||||
+# const unsigned char *in, size_t len)
|
||||
+{
|
||||
+my ($fc,$param,$in,$len) = map("%r$_",(2..5));
|
||||
+$code.=<<___;
|
||||
+.globl s390x_kdsa
|
||||
+.type s390x_kdsa,\@function
|
||||
+.align 16
|
||||
+s390x_kdsa:
|
||||
+ lr %r0,$fc
|
||||
+ l${g}r %r1,$param
|
||||
+ lhi %r2,0
|
||||
+
|
||||
+ .long 0xb93a0004 # kdsa %r0,$in
|
||||
+ brc 1,.-4 # pay attention to "partial completion"
|
||||
+ brc 7,.Lkdsa_err # if CC==0 return 0, else return 1
|
||||
+.Lkdsa_out:
|
||||
+ br $ra
|
||||
+.Lkdsa_err:
|
||||
+ lhi %r2,1
|
||||
+ j .Lkdsa_out
|
||||
+.size s390x_kdsa,.-s390x_kdsa
|
||||
+___
|
||||
+}
|
||||
+
|
||||
$code.=<<___;
|
||||
.section .init
|
||||
brasl $ra,OPENSSL_cpuid_setup
|
@ -0,0 +1,41 @@
|
||||
From 2281be2ed4a7df462677661d30b13826ae6b3e26 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 24 Sep 2019 14:44:27 +0200
|
||||
Subject: [PATCH 09530/10000] s390x assembly pack: cleanse only sensitive
|
||||
fields
|
||||
|
||||
of instruction parameter blocks.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/10004)
|
||||
---
|
||||
crypto/ec/ecp_s390x_nistp.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
|
||||
index be81f0b8f0..9533698b0f 100644
|
||||
--- a/crypto/ec/ecp_s390x_nistp.c
|
||||
+++ b/crypto/ec/ecp_s390x_nistp.c
|
||||
@@ -110,7 +110,7 @@ ret:
|
||||
/* Otherwise use default. */
|
||||
if (rc == -1)
|
||||
rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
|
||||
- OPENSSL_cleanse(param, sizeof(param));
|
||||
+ OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
return rc;
|
||||
@@ -203,7 +203,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
|
||||
|
||||
ok = 1;
|
||||
ret:
|
||||
- OPENSSL_cleanse(param, sizeof(param));
|
||||
+ OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
|
||||
if (ok != 1) {
|
||||
ECDSA_SIG_free(sig);
|
||||
sig = NULL;
|
||||
--
|
||||
2.24.0
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user