pool/openssl-3
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
openssl-3/openssl-3-add-defines-CPACF-funcs.patch
Pedro Monreal Gonzalez 8c598ed63d - Support MSA 11 HMAC on s390x jsc#PED-10273 
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
  * Add openssl-3-fix-hmac-digest-detection-s390x.patch
  * Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch

- Add hardware acceleration for full AES-XTS  jsc#PED-10273
  * Add openssl-3-hw-acceleration-aes-xts-s390x.patch

- Support MSA 12 SHA3 on s390x jsc#PED-10280
  * Add openssl-3-add_EVP_DigestSqueeze_api.patch
  * Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
  * Add openssl-3-add-xof-state-handling-s3_absorb.patch
  * Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
  * Add openssl-3-fix-state-handling-sha3_final_s390x.patch
  * Add openssl-3-fix-state-handling-shake_final_s390x.patch
  * Add openssl-3-fix-state-handling-keccak_final_s390x.patch
  * Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
  * Add openssl-3-add-defines-CPACF-funcs.patch
  * Add openssl-3-add-hw-acceleration-hmac.patch
  * Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
  * Add openssl-3-fix-s390x_sha3_absorb.patch
  * Add openssl-3-fix-s390x_shake_squeeze.patch

- Update to 3.2.3:
  * Changes between 3.2.2 and 3.2.3:
    - Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
    - Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
  * Changes between 3.2.1 and 3.2.2:
    - Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
    - Fixed an issue where checking excessively long DSA keys or parameters may

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
2024-11-05 19:08:08 +00:00

83 lines
3.1 KiB
Diff
Raw Permalink Blame History

commit 518b53b139d7b4ac082ccedd401d2ee08fc66985
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Jan 31 16:26:52 2024 +0100
s390x: Add defines for new CPACF functions
Add defines for new CPACF functions codes, its required MSA levels, and
document how to disable these functions via the OPENSSL_s390xcap environment
variable.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index fdc682af06..88ed866b0d 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -115,6 +115,7 @@ extern int OPENSSL_s390xcex;
# define S390X_MSA5 57 /* message-security-assist-ext. 5 */
# define S390X_MSA3 76 /* message-security-assist-ext. 3 */
# define S390X_MSA4 77 /* message-security-assist-ext. 4 */
+# define S390X_MSA12 86 /* message-security-assist-ext. 12 */
# define S390X_VX 129 /* vector */
# define S390X_VXD 134 /* vector packed decimal */
# define S390X_VXE 135 /* vector enhancements 1 */
@@ -150,6 +151,14 @@ extern int OPENSSL_s390xcex;
/* km */
# define S390X_XTS_AES_128 50
# define S390X_XTS_AES_256 52
+# define S390X_XTS_AES_128_MSA10 82
+# define S390X_XTS_AES_256_MSA10 84
+
+/* kmac */
+# define S390X_HMAC_SHA_224 112
+# define S390X_HMAC_SHA_256 113
+# define S390X_HMAC_SHA_384 114
+# define S390X_HMAC_SHA_512 115
/* prno */
# define S390X_SHA_512_DRNG 3
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
index d7185530ec..363003d8d3 100644
--- a/doc/man3/OPENSSL_s390xcap.pod
+++ b/doc/man3/OPENSSL_s390xcap.pod
@@ -74,6 +74,7 @@ the numbering is continuous across 64-bit mask boundaries.
:
# 76 1<<51 message-security assist extension 3
# 77 1<<50 message-security assist extension 4
+ # 86 1<<41 message-security-assist extension 12
:
#129 1<<62 vector facility
#134 1<<57 vector packed decimal facility
@@ -110,6 +111,8 @@ the numbering is continuous across 64-bit mask boundaries.
# 50 1<<13 KM-XTS-AES-128
# 52 1<<11 KM-XTS-AES-256
:
+ # 82 1<<45 KM-XTS-AES-128-MSA10
+ # 84 1<<43 KM-XTS-AES-256-MSA10
kmc :
# 18 1<<45 KMC-AES-128
@@ -122,6 +125,10 @@ the numbering is continuous across 64-bit mask boundaries.
# 19 1<<44 KMAC-AES-192
# 20 1<<43 KMAC-AES-256
:
+ # 112 1<<15 KMAC-SHA-224
+ # 113 1<<14 KMAC-SHA-256
+ # 114 1<<13 KMAC-SHA-384
+ # 115 1<<12 KMAC-SHA-512
kmctr:
:
Reference in New Issue View Git Blame Copy Permalink