pool/openssl-3
SHA256
4
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openssl-3/openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch

66 lines
2.3 KiB
Diff
Raw Normal View History

- FIPS: Deny SHA-1 signature verification in FIPS provider [bsc#1221365] * SHA-1 is not allowed anymore in FIPS 186-5 for signature verification operations. After 12/31/2030, NIST will disallow SHA-1 for all of its usages. * Add openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch - FIPS: RSA keygen PCT requirements. * Skip the rsa_keygen_pairwise_test() PCT in rsa_keygen() as the self-test requirements are covered by do_rsa_pct() for both RSA-OAEP and RSA signatures [bsc#1221760] * Enforce error state if rsa_keygen PCT is run and fails [bsc#1221753] * Add openssl-3-FIPS-PCT_rsa_keygen.patch - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode. [bsc#1220523] * Rebase openssl-Force-FIPS.patch - FIPS: Port openssl to use jitterentropy [bsc#1220523] * Set the module in error state if the jitter RNG fails either on initialization or entropy gathering because health tests failed. * Add jitterentropy as a seeding source output also in crypto/info.c * Move the jitter entropy collector and the associated lock out of the header file to avoid redefinitions. * Add the fips_local.cnf symlink to the spec file. This simlink points to the openssl_fips.config file that is provided by the crypto-policies package. * Rebase openssl-3-jitterentropy-3.4.0.patch * Rebase openssl-FIPS-enforce-EMS-support.patch - FIPS: Block non-Approved Elliptic Curves [bsc#1221786] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=110
2024-08-07 21:54:42 +00:00
From 3e47a286dc3274bda72a196c3a4030a1fc8302f1 Mon Sep 17 00:00:00 2001
From: Rohan McLure <rohanmclure@linux.ibm.com>
Date: Fri, 23 Jun 2023 16:41:48 +1000
Subject: [PATCH] ec: Use static linkage on nistp521 felem_{square,mul}
wrappers
Runtime selection of implementations for felem_{square,mul} depends on
felem_{square,mul}_wrapper functions, which overwrite function points in
a similar design to that of .plt.got sections used by program loaders
during dynamic linking.
There's no reason why these functions need to have external linkage.
Mark static.
Signed-off-by: Rohan McLure <rohanmclure@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21471)
---
crypto/ec/ecp_nistp521.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 97815cac1f13..32a9268ecf17 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -676,8 +676,8 @@ static void felem_reduce(felem out, const largefelem in)
}
#if defined(ECP_NISTP521_ASM)
-void felem_square_wrapper(largefelem out, const felem in);
-void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
+static void felem_square_wrapper(largefelem out, const felem in);
+static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
static void (*felem_square_p)(largefelem out, const felem in) =
felem_square_wrapper;
@@ -691,7 +691,7 @@ void p521_felem_mul(largefelem out, const felem in1, const felem in2);
# include "crypto/ppc_arch.h"
# endif
-void felem_select(void)
+static void felem_select(void)
{
# if defined(_ARCH_PPC64)
if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
@@ -707,13 +707,13 @@ void felem_select(void)
felem_mul_p = felem_mul_ref;
}
-void felem_square_wrapper(largefelem out, const felem in)
+static void felem_square_wrapper(largefelem out, const felem in)
{
felem_select();
felem_square_p(out, in);
}
-void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
+static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
{
felem_select();
felem_mul_p(out, in1, in2);
Reference in New Issue Copy Permalink