forked from pool/openssl-1_1
Accepting request 768078 from security:tls
OBS-URL: https://build.opensuse.org/request/show/768078 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=12
This commit is contained in:
commit
847afcdb2d
12
openssl-1.1.0-issuer-hash.patch
Normal file
12
openssl-1.1.0-issuer-hash.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.1.1d/crypto/x509/x509_cmp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/x509/x509_cmp.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/x509/x509_cmp.c 2020-01-23 13:45:11.404634047 +0100
|
||||
@@ -38,6 +38,7 @@ unsigned long X509_issuer_and_serial_has
|
||||
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
|
||||
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
|
||||
goto err;
|
5279
openssl-1.1.1-evp-kdf.patch
Normal file
5279
openssl-1.1.1-evp-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
412
openssl-1.1.1-fips-crng-test.patch
Normal file
412
openssl-1.1.1-fips-crng-test.patch
Normal file
@ -0,0 +1,412 @@
|
||||
Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/rand_int.h 2020-01-23 13:45:11.368633835 +0100
|
||||
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||
|
||||
+/* CRNG test entropy filter callbacks. */
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance);
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen);
|
||||
+
|
||||
/*
|
||||
* RAND_POOL functions
|
||||
*/
|
||||
Index: openssl-1.1.1d/crypto/rand/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/build.info 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/build.info 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -1,4 +1,4 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/drbg_lib.c 2020-01-23 13:45:11.368633835 +0100
|
||||
+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
|
||||
|
||||
|
||||
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
|
||||
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
|
||||
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
|
||||
|
||||
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
|
||||
|
||||
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
|
||||
drbg->parent = parent;
|
||||
|
||||
if (parent == NULL) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ drbg->get_entropy = rand_crngt_get_entropy;
|
||||
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
|
||||
+#else
|
||||
drbg->get_entropy = rand_drbg_get_entropy;
|
||||
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
|
||||
+#endif
|
||||
#ifndef RAND_DRBG_GET_RANDOM_NONCE
|
||||
drbg->get_nonce = rand_drbg_get_nonce;
|
||||
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_crng_test.c 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -0,0 +1,118 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "internal/rand_int.h"
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "rand_lcl.h"
|
||||
+
|
||||
+static RAND_POOL *crngt_pool;
|
||||
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
|
||||
+
|
||||
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
|
||||
+ = &rand_crngt_get_entropy_cb;
|
||||
+
|
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size)
|
||||
+{
|
||||
+ int r;
|
||||
+ size_t n;
|
||||
+ unsigned char *p;
|
||||
+
|
||||
+ n = rand_pool_acquire_entropy(crngt_pool);
|
||||
+ if (n >= CRNGT_BUFSIZ) {
|
||||
+ p = rand_pool_detach(crngt_pool);
|
||||
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||
+ if (r != 0)
|
||||
+ memcpy(buf, p, CRNGT_BUFSIZ);
|
||||
+ rand_pool_reattach(crngt_pool, p);
|
||||
+ return r;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void rand_crngt_cleanup(void)
|
||||
+{
|
||||
+ rand_pool_free(crngt_pool);
|
||||
+ crngt_pool = NULL;
|
||||
+}
|
||||
+
|
||||
+int rand_crngt_init(void)
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ];
|
||||
+
|
||||
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
|
||||
+ return 0;
|
||||
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
+ return 1;
|
||||
+ }
|
||||
+ rand_crngt_cleanup();
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
|
||||
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
|
||||
+{
|
||||
+ return OPENSSL_init_crypto(0, NULL)
|
||||
+ && rand_crngt_init()
|
||||
+ && OPENSSL_atexit(&rand_crngt_cleanup);
|
||||
+}
|
||||
+
|
||||
+int rand_crngt_single_init(void)
|
||||
+{
|
||||
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
|
||||
+}
|
||||
+
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance)
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
|
||||
+ unsigned int sz;
|
||||
+ RAND_POOL *pool;
|
||||
+ size_t q, r = 0, s, t = 0;
|
||||
+ int attempts = 3;
|
||||
+
|
||||
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
|
||||
+ s = q > sizeof(buf) ? sizeof(buf) : q;
|
||||
+ if (!crngt_get_entropy(buf, md, &sz)
|
||||
+ || memcmp(crngt_prev, md, sz) == 0
|
||||
+ || !rand_pool_add(pool, buf, s, s * 8))
|
||||
+ goto err;
|
||||
+ memcpy(crngt_prev, md, sz);
|
||||
+ t += s;
|
||||
+ attempts++;
|
||||
+ }
|
||||
+ r = t;
|
||||
+ *pout = rand_pool_detach(pool);
|
||||
+err:
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
+ rand_pool_free(pool);
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen)
|
||||
+{
|
||||
+ OPENSSL_secure_clear_free(out, outlen);
|
||||
+}
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_lcl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/rand_lcl.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_lcl.h 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -33,7 +33,15 @@
|
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||
|
||||
-
|
||||
+/*
|
||||
+ * The number of bytes that constitutes an atomic lump of entropy with respect
|
||||
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
|
||||
+ * arbitrary, the smaller the value, the less entropy is consumed on first
|
||||
+ * read but the higher the probability of the test failing by accident.
|
||||
+ *
|
||||
+ * The value is in bytes.
|
||||
+ */
|
||||
+#define CRNGT_BUFSIZ 16
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
@@ -44,6 +52,8 @@
|
||||
*/
|
||||
# define DRBG_MAX_LENGTH INT32_MAX
|
||||
|
||||
+/* The default nonce */
|
||||
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
|
||||
|
||||
/*
|
||||
* Maximum allocation size for RANDOM_POOL buffers
|
||||
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
|
||||
/* initializes the AES-CTR DRBG implementation */
|
||||
int drbg_ctr_init(RAND_DRBG *drbg);
|
||||
|
||||
+/*
|
||||
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||
+ * These need to be exposed for the unit tests.
|
||||
+ */
|
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size);
|
||||
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size);
|
||||
+int rand_crngt_init(void);
|
||||
+void rand_crngt_cleanup(void);
|
||||
+
|
||||
+/*
|
||||
+ * Expose the run once initialisation function for the unit tests because.
|
||||
+ * they need to restart from scratch to validate the first block is skipped
|
||||
+ * properly.
|
||||
+ */
|
||||
+int rand_crngt_single_init(void);
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.1d/test/drbgtest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/drbgtest.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/drbgtest.c 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
|
||||
return t->noncelen;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Disable CRNG testing if it is enabled.
|
||||
+ * If the DRBG is ready or in an error state, this means an instantiate cycle
|
||||
+ * for which the default personalisation string is used.
|
||||
+ */
|
||||
+static int disable_crngt(RAND_DRBG *drbg)
|
||||
+{
|
||||
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
|
||||
+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
|
||||
+
|
||||
+ if (drbg->get_entropy != rand_crngt_get_entropy)
|
||||
+ return 1;
|
||||
+
|
||||
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
|
||||
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
|
||||
+ &rand_drbg_cleanup_entropy,
|
||||
+ &rand_drbg_get_nonce,
|
||||
+ &rand_drbg_cleanup_nonce))
|
||||
+ || (instantiate
|
||||
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
|
||||
+ sizeof(pers) - 1)))
|
||||
+ return 0;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static int uninstantiate(RAND_DRBG *drbg)
|
||||
{
|
||||
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
|
||||
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
|
||||
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
|
||||
return 0;
|
||||
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
- kat_nonce, NULL))) {
|
||||
+ kat_nonce, NULL))
|
||||
+ || !TEST_true(disable_crngt(drbg))) {
|
||||
failures++;
|
||||
goto err;
|
||||
}
|
||||
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
|
||||
unsigned int reseed_counter_tmp;
|
||||
int ret = 0;
|
||||
|
||||
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
|
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
|
||||
+ || !TEST_true(disable_crngt(drbg)))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
|
||||
|| !TEST_ptr_eq(private->parent, master))
|
||||
return 0;
|
||||
|
||||
+ /* Disable CRNG testing for the master DRBG */
|
||||
+ if (!TEST_true(disable_crngt(master)))
|
||||
+ return 0;
|
||||
+
|
||||
/* uninstantiate the three global DRBGs */
|
||||
RAND_DRBG_uninstantiate(private);
|
||||
RAND_DRBG_uninstantiate(public);
|
||||
@@ -964,7 +995,8 @@ static int test_rand_seed(void)
|
||||
size_t rand_buflen;
|
||||
size_t required_seed_buflen = 0;
|
||||
|
||||
- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
|
||||
+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
|
||||
+ || !TEST_true(disable_crngt(master)))
|
||||
return 0;
|
||||
|
||||
#ifdef OPENSSL_RAND_SEED_NONE
|
||||
@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * A list of the FIPS DRGB types.
|
||||
+ */
|
||||
+static const struct s_drgb_types {
|
||||
+ int nid;
|
||||
+ int flags;
|
||||
+} drgb_types[] = {
|
||||
+ { NID_aes_128_ctr, 0 },
|
||||
+ { NID_aes_192_ctr, 0 },
|
||||
+ { NID_aes_256_ctr, 0 },
|
||||
+};
|
||||
+
|
||||
+/* Six cases for each covers seed sizes up to 32 bytes */
|
||||
+static const size_t crngt_num_cases = 6;
|
||||
+
|
||||
+static size_t crngt_case, crngt_idx;
|
||||
+
|
||||
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size)
|
||||
+{
|
||||
+ size_t i, z;
|
||||
+
|
||||
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
|
||||
+ return 0;
|
||||
+ /* Generate a block of unique data unless this is the duplication point */
|
||||
+ z = crngt_idx++;
|
||||
+ if (z > 0 && crngt_case == z)
|
||||
+ z--;
|
||||
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
|
||||
+ buf[i] = (unsigned char)(i + 'A' + z);
|
||||
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||
+}
|
||||
+
|
||||
+static int test_crngt(int n)
|
||||
+{
|
||||
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char buff[100];
|
||||
+ size_t ent;
|
||||
+ int res = 0;
|
||||
+ int expect;
|
||||
+
|
||||
+ if (!TEST_true(rand_crngt_single_init()))
|
||||
+ return 0;
|
||||
+ rand_crngt_cleanup();
|
||||
+
|
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
|
||||
+ return 0;
|
||||
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
|
||||
+ crngt_case = n % crngt_num_cases;
|
||||
+ crngt_idx = 0;
|
||||
+ crngt_get_entropy = &crngt_entropy_cb;
|
||||
+ if (!TEST_true(rand_crngt_init()))
|
||||
+ goto err;
|
||||
+#ifndef OPENSSL_FIPS
|
||||
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
|
||||
+ &rand_crngt_cleanup_entropy,
|
||||
+ &rand_drbg_get_nonce,
|
||||
+ &rand_drbg_cleanup_nonce)))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+ expect = crngt_case == 0 || crngt_case > ent;
|
||||
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
|
||||
+ goto err;
|
||||
+ if (!expect)
|
||||
+ goto fin;
|
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||
+ goto err;
|
||||
+
|
||||
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
|
||||
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
|
||||
+ goto err;
|
||||
+ if (!expect)
|
||||
+ goto fin;
|
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||
+ goto err;
|
||||
+
|
||||
+fin:
|
||||
+ res = 1;
|
||||
+err:
|
||||
+ if (!res)
|
||||
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
|
||||
+ crngt_case, crngt_idx);
|
||||
+ uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
|
||||
+ return res;
|
||||
+}
|
||||
+
|
||||
int setup_tests(void)
|
||||
{
|
||||
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
@@ -1025,5 +1146,6 @@ int setup_tests(void)
|
||||
#if defined(OPENSSL_THREADS)
|
||||
ADD_TEST(test_multi_thread);
|
||||
#endif
|
||||
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
|
||||
return 1;
|
||||
}
|
194
openssl-1.1.1-fips-post-rand.patch
Normal file
194
openssl-1.1.1-fips-post-rand.patch
Normal file
@ -0,0 +1,194 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.232633025 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:48.216852822 +0100
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "internal/thread_once.h"
|
||||
+# include "internal/rand_int.h"
|
||||
|
||||
# ifndef PATH_MAX
|
||||
# define PATH_MAX 1024
|
||||
@@ -76,6 +77,7 @@
|
||||
static int fips_selftest_fail = 0;
|
||||
static int fips_mode = 0;
|
||||
static int fips_started = 0;
|
||||
+static int fips_post = 0;
|
||||
|
||||
static int fips_is_owning_thread(void);
|
||||
static int fips_set_owning_thread(void);
|
||||
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
|
||||
fips_selftest_fail = 1;
|
||||
}
|
||||
|
||||
+int fips_in_post(void)
|
||||
+{
|
||||
+ return fips_post;
|
||||
+}
|
||||
+
|
||||
/* we implement what libfipscheck does ourselves */
|
||||
|
||||
static int
|
||||
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
|
||||
}
|
||||
# endif
|
||||
|
||||
+ fips_post = 1;
|
||||
+
|
||||
if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
|
||||
goto end;
|
||||
}
|
||||
|
||||
+ fips_post = 0;
|
||||
+
|
||||
fips_set_mode(onoff);
|
||||
+ /* force RNG reseed with entropy from getrandom() on next call */
|
||||
+ rand_force_reseed();
|
||||
+
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
Index: openssl-1.1.1d/crypto/include/internal/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/fips_int.h 2020-01-23 13:45:11.336633643 +0100
|
||||
+++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2020-01-23 13:45:11.368633835 +0100
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
|
||||
+int fips_in_post(void);
|
||||
+
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/rand_int.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2020-01-23 13:45:53.964886989 +0100
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
void rand_cleanup_int(void);
|
||||
+void rand_force_reseed(void);
|
||||
void rand_drbg_cleanup_int(void);
|
||||
void drbg_delete_thread_state(void);
|
||||
|
||||
Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/drbg_lib.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2020-01-23 13:45:53.964886989 +0100
|
||||
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
|
||||
+void rand_force_reseed(void)
|
||||
+{
|
||||
+ RAND_DRBG *drbg;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_master();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_private();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_public();
|
||||
+ drbg->fork_id = 0;
|
||||
+}
|
||||
+
|
||||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/rand_unix.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_unix.c 2020-01-23 13:45:11.368633835 +0100
|
||||
@@ -17,10 +17,12 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include "rand_lcl.h"
|
||||
#include "internal/rand_int.h"
|
||||
+#include "internal/fips_int.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#ifdef __linux
|
||||
# include <sys/syscall.h>
|
||||
+# include <sys/random.h>
|
||||
# ifdef DEVRANDOM_WAIT
|
||||
# include <sys/shm.h>
|
||||
# include <sys/utsname.h>
|
||||
@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
-static ssize_t syscall_random(void *buf, size_t buflen)
|
||||
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
*/
|
||||
+# if 0
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
-
|
||||
+# endif
|
||||
/* Linux supports this since version 3.17 */
|
||||
-# if defined(__linux) && defined(__NR_getrandom)
|
||||
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||
+# if defined(__linux) && defined(SYS_getrandom)
|
||||
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t entropy_available;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
+ int in_post;
|
||||
+
|
||||
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||
{
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
- bytes = syscall_random(buffer, bytes_needed);
|
||||
+ bytes = syscall_random(buffer, bytes_needed, in_post);
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
- if (fd == -1)
|
||||
+ if (fd == -1) {
|
||||
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
|
||||
continue;
|
||||
+ }
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
-
|
||||
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
|
||||
+ }
|
||||
+# endif
|
||||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
11873
openssl-1.1.1-fips.patch
Normal file
11873
openssl-1.1.1-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,67 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 28 12:14:59 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Support for CPACF enhancements - part 2 (crypto) [jsc#SLE-7575]
|
||||
- Add patches:
|
||||
* openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
|
||||
* openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 23 14:32:28 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Temporarily ignore broken OPENSSL_INIT_NO_ATEXIT due to our
|
||||
layered FIPS initialization (bsc#1161789)
|
||||
* openssl-fips-ignore_broken_atexit_test.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 22 13:59:15 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Import FIPS patches from SLE-15
|
||||
* openssl-fips-dont_run_FIPS_module_installed.patch
|
||||
* openssl-fips_mode.patch
|
||||
* openssl-ship_fips_standalone_hmac.patch
|
||||
* openssl-fips-clearerror.patch
|
||||
* openssl-fips-selftests_in_nonfips_mode.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 21 16:08:21 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Don't run FIPS power-up self-tests when the checksum files aren't
|
||||
installed (bsc#1042392)
|
||||
* add openssl-fips-run_selftests_only_when_module_is_complete.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 21 11:10:42 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Import FIPS patches from Fedora (bsc#1157702, jsc#SLE-9553)
|
||||
* openssl-1.1.1-fips-crng-test.patch
|
||||
* openssl-1.1.1-fips-post-rand.patch
|
||||
* openssl-1.1.1-fips.patch
|
||||
* openssl-1.1.0-issuer-hash.patch
|
||||
* openssl-1.1.1-evp-kdf.patch
|
||||
* openssl-1.1.1-ssh-kdf.patch replaces openssl-jsc-SLE-8789-backport_KDF.patch
|
||||
- keep EVP_KDF functions at version 1.1.1d for backward compatibility
|
||||
* add openssl-keep_EVP_KDF_functions_version.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 20 13:44:06 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861]
|
||||
- Add patches:
|
||||
* openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
|
||||
* openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
|
||||
* openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
|
||||
* openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
|
||||
* openssl-s390xcpuid.pl-fix-comment.patch
|
||||
* openssl-assembly-pack-accelerate-scalar-multiplication.patch
|
||||
* openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
|
||||
* openssl-s390x-assembly-pack-accelerate-ECDSA.patch
|
||||
* openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
|
||||
* openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
|
||||
* openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
|
||||
* openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
|
||||
* openssl-Fix-9bf682f-which-broke-nistp224_method.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 18 16:29:46 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
|
@ -50,10 +50,41 @@ Patch10: 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
|
||||
Patch11: 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch
|
||||
Patch12: 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
|
||||
Patch13: 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
|
||||
Patch14: openssl-jsc-SLE-8789-backport_KDF.patch
|
||||
# OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551
|
||||
# PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64
|
||||
Patch15: openssl-1_1-CVE-2019-1551.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1152695 jsc#SLE-7861 Support for CPACF enhancements - part 1 (crypto)
|
||||
Patch16: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
|
||||
Patch17: openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
|
||||
Patch18: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
|
||||
Patch19: openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
|
||||
Patch20: openssl-s390xcpuid.pl-fix-comment.patch
|
||||
Patch21: openssl-assembly-pack-accelerate-scalar-multiplication.patch
|
||||
Patch22: openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
|
||||
Patch23: openssl-s390x-assembly-pack-accelerate-ECDSA.patch
|
||||
Patch24: openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
|
||||
Patch25: openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
|
||||
Patch26: openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
|
||||
Patch27: openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
|
||||
Patch28: openssl-Fix-9bf682f-which-broke-nistp224_method.patch
|
||||
# FIPS patches
|
||||
Patch30: openssl-1.1.1-fips.patch
|
||||
Patch31: openssl-1.1.1-fips-post-rand.patch
|
||||
Patch32: openssl-1.1.1-fips-crng-test.patch
|
||||
Patch33: openssl-1.1.0-issuer-hash.patch
|
||||
Patch34: openssl-fips-run_selftests_only_when_module_is_complete.patch
|
||||
Patch35: openssl-ship_fips_standalone_hmac.patch
|
||||
Patch36: openssl-fips_mode.patch
|
||||
Patch37: openssl-1.1.1-evp-kdf.patch
|
||||
Patch38: openssl-1.1.1-ssh-kdf.patch
|
||||
Patch39: openssl-fips-dont_run_FIPS_module_installed.patch
|
||||
Patch40: openssl-fips-selftests_in_nonfips_mode.patch
|
||||
Patch41: openssl-fips-clearerror.patch
|
||||
Patch42: openssl-fips-ignore_broken_atexit_test.patch
|
||||
Patch43: openssl-keep_EVP_KDF_functions_version.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#SLE-7575 Support for CPACF enhancements - part 2 (crypto)
|
||||
Patch44: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
|
||||
Patch45: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
|
||||
BuildRequires: pkgconfig
|
||||
Conflicts: ssl
|
||||
Provides: ssl
|
||||
@ -71,8 +102,11 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
|
||||
%package -n libopenssl1_1
|
||||
Summary: Secure Sockets and Transport Layer Security
|
||||
License: OpenSSL
|
||||
Group: Productivity/Networking/Security
|
||||
Recommends: ca-certificates-mozilla
|
||||
# install libopenssl and libopenssl-hmac close together (bsc#1090765)
|
||||
Suggests: libopenssl1_1-hmac = %{version}-%{release}
|
||||
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
|
||||
Obsoletes: libopenssl1_1_0
|
||||
|
||||
@ -84,6 +118,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
|
||||
%package -n libopenssl-1_1-devel
|
||||
Summary: Development files for OpenSSL
|
||||
License: OpenSSL
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libopenssl1_1 = %{version}
|
||||
Recommends: %{name} = %{version}
|
||||
@ -101,8 +136,23 @@ Obsoletes: libopenssl-1_0_0-devel
|
||||
This subpackage contains header files for developing applications
|
||||
that want to make use of the OpenSSL C API.
|
||||
|
||||
%package -n libopenssl1_1-hmac
|
||||
Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
|
||||
License: BSD-3-Clause
|
||||
Group: Productivity/Networking/Security
|
||||
Requires: libopenssl1_1 = %{version}-%{release}
|
||||
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
|
||||
Obsoletes: libopenssl1_1_0-hmac
|
||||
# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
|
||||
Obsoletes: libopenssl-1_0_0-hmac
|
||||
|
||||
%description -n libopenssl1_1-hmac
|
||||
The FIPS compliant operation of the openssl shared libraries is NOT
|
||||
possible without the HMAC hashes contained in this package!
|
||||
|
||||
%package doc
|
||||
Summary: Additional Package Documentation
|
||||
License: OpenSSL
|
||||
Group: Productivity/Networking/Security
|
||||
Conflicts: openssl-doc
|
||||
Provides: openssl-doc = %{version}
|
||||
@ -175,7 +225,6 @@ mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/
|
||||
|
||||
# avoid file conflicts with man pages from other packages
|
||||
#
|
||||
set +x
|
||||
pushd %{buildroot}/%{_mandir}
|
||||
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
|
||||
# replace spaces by underscores
|
||||
@ -199,7 +248,6 @@ for i in man?/*; do
|
||||
esac
|
||||
done
|
||||
popd
|
||||
set -x
|
||||
|
||||
# Do not install demo scripts executable under /usr/share/doc
|
||||
find demos -type f -perm /111 -exec chmod 644 {} \;
|
||||
@ -207,6 +255,29 @@ find demos -type f -perm /111 -exec chmod 644 {} \;
|
||||
# Place showciphers.c for %%doc macro
|
||||
cp %{SOURCE5} .
|
||||
|
||||
# the hmac hashes:
|
||||
#
|
||||
# this is a hack that re-defines the __os_install_post macro
|
||||
# for a simple reason: the macro strips the binaries and thereby
|
||||
# invalidates a HMAC that may have been created earlier.
|
||||
# solution: create the hashes _after_ the macro runs.
|
||||
#
|
||||
# this shows up earlier because otherwise the %expand of
|
||||
# the macro is too late.
|
||||
# remark: This is the same as running
|
||||
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
|
||||
%{expand:%%global __os_install_post {%__os_install_post
|
||||
|
||||
%{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
%{buildroot}%{_libdir}/libssl.so.%{maj_min} > \
|
||||
%{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac
|
||||
|
||||
%{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
%{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \
|
||||
%{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac
|
||||
|
||||
}}
|
||||
|
||||
%post -n libopenssl1_1 -p /sbin/ldconfig
|
||||
%postun -n libopenssl1_1 -p /sbin/ldconfig
|
||||
|
||||
@ -216,6 +287,10 @@ cp %{SOURCE5} .
|
||||
%{_libdir}/libcrypto.so.%{maj_min}
|
||||
%{_libdir}/engines-%{maj_min}
|
||||
|
||||
%files -n libopenssl1_1-hmac
|
||||
%{_libdir}/.libssl.so.%{maj_min}.hmac
|
||||
%{_libdir}/.libcrypto.so.%{maj_min}.hmac
|
||||
|
||||
%files -n libopenssl-1_1-devel
|
||||
%{_includedir}/%{_rname}/
|
||||
%{_includedir}/ssl
|
||||
@ -240,6 +315,7 @@ cp %{SOURCE5} .
|
||||
%dir %{_datadir}/ssl
|
||||
%{_datadir}/ssl/misc
|
||||
%{_bindir}/c_rehash
|
||||
%{_bindir}/fips_standalone_hmac
|
||||
%{_bindir}/%{_rname}
|
||||
|
||||
%changelog
|
||||
|
@ -0,0 +1,533 @@
|
||||
From 9bf682f62bd819d2fbceb95eeabd61dd4532240f Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 11 Jul 2019 10:23:49 +0200
|
||||
Subject: [PATCH 09205/10000] Enable curve-spefific ECDSA implementations via
|
||||
EC_METHOD
|
||||
|
||||
which are already enabled for ECDH.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/ec2_smpl.c | 3 +
|
||||
crypto/ec/ec_lcl.h | 15 +++++
|
||||
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
|
||||
crypto/ec/ecp_mont.c | 3 +
|
||||
crypto/ec/ecp_nist.c | 3 +
|
||||
crypto/ec/ecp_nistp224.c | 3 +
|
||||
crypto/ec/ecp_nistp256.c | 3 +
|
||||
crypto/ec/ecp_nistp521.c | 3 +
|
||||
crypto/ec/ecp_nistz256.c | 3 +
|
||||
crypto/ec/ecp_s390x_nistp.c | 3 +
|
||||
crypto/ec/ecp_smpl.c | 3 +
|
||||
crypto/err/openssl.txt | 5 ++
|
||||
include/openssl/ecerr.h | 1 +
|
||||
13 files changed, 119 insertions(+), 36 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec2_smpl.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
||||
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
ec_GF2m_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
@@ -179,6 +179,14 @@ struct ec_method_st {
|
||||
/* custom ECDH operation */
|
||||
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
|
||||
const EC_POINT *pub_key, const EC_KEY *ecdh);
|
||||
+ /* custom ECDSA */
|
||||
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp);
|
||||
+ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen,
|
||||
+ const BIGNUM *kinv, const BIGNUM *r,
|
||||
+ EC_KEY *eckey);
|
||||
+ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
/* Inverse modulo order */
|
||||
int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
|
||||
const BIGNUM *x, BN_CTX *);
|
||||
@@ -656,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un
|
||||
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
|
||||
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp);
|
||||
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
+ EC_KEY *eckey);
|
||||
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
|
||||
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
|
||||
const uint8_t public_key[32], const uint8_t private_key[32]);
|
||||
Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecdsa_ossl.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
||||
@@ -14,6 +14,41 @@
|
||||
#include "internal/bn_int.h"
|
||||
#include "ec_lcl.h"
|
||||
|
||||
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp)
|
||||
+{
|
||||
+ if (eckey->group->meth->ecdsa_sign_setup == NULL) {
|
||||
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
|
||||
+}
|
||||
+
|
||||
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
+ EC_KEY *eckey)
|
||||
+{
|
||||
+ if (eckey->group->meth->ecdsa_sign_sig == NULL) {
|
||||
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len,
|
||||
+ in_kinv, in_r, eckey);
|
||||
+}
|
||||
+
|
||||
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
||||
+{
|
||||
+ if (eckey->group->meth->ecdsa_verify_sig == NULL) {
|
||||
+ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey);
|
||||
+}
|
||||
+
|
||||
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
||||
unsigned char *sig, unsigned int *siglen,
|
||||
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
|
||||
@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
||||
return ret;
|
||||
}
|
||||
|
||||
-int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
- BIGNUM **rp)
|
||||
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp)
|
||||
{
|
||||
return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
|
||||
}
|
||||
|
||||
-ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
- const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
- EC_KEY *eckey)
|
||||
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
+ EC_KEY *eckey)
|
||||
{
|
||||
int ok = 0, i;
|
||||
BIGNUM *kinv = NULL, *s, *m = NULL;
|
||||
@@ -167,35 +202,35 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
priv_key = EC_KEY_get0_private_key(eckey);
|
||||
|
||||
if (group == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return NULL;
|
||||
}
|
||||
if (priv_key == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!EC_KEY_can_sign(eckey)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = ECDSA_SIG_new();
|
||||
if (ret == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
ret->r = BN_new();
|
||||
ret->s = BN_new();
|
||||
if (ret->r == NULL || ret->s == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
s = ret->s;
|
||||
|
||||
if ((ctx = BN_CTX_new()) == NULL
|
||||
|| (m = BN_new()) == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -207,25 +242,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
if (8 * dgst_len > i)
|
||||
dgst_len = (i + 7) / 8;
|
||||
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If still too long, truncate remaining bits with a shift */
|
||||
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
do {
|
||||
if (in_kinv == NULL || in_r == NULL) {
|
||||
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB);
|
||||
goto err;
|
||||
}
|
||||
ckinv = kinv;
|
||||
} else {
|
||||
ckinv = in_kinv;
|
||||
if (BN_copy(ret->r, in_r) == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@@ -239,11 +274,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
*/
|
||||
if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
|
||||
|| !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!bn_mod_add_fixed_top(s, s, m, order)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
@@ -252,7 +287,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
*/
|
||||
if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
|
||||
|| !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -262,7 +297,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
* generate new kinv and r values
|
||||
*/
|
||||
if (in_kinv != NULL && in_r != NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
@@ -314,8 +349,8 @@ int ossl_ecdsa_verify(int type, const un
|
||||
return ret;
|
||||
}
|
||||
|
||||
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
- const ECDSA_SIG *sig, EC_KEY *eckey)
|
||||
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey)
|
||||
{
|
||||
int ret = -1, i;
|
||||
BN_CTX *ctx;
|
||||
@@ -328,18 +363,18 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
/* check input values */
|
||||
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
|
||||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!EC_KEY_can_sign(eckey)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
BN_CTX_start(ctx);
|
||||
@@ -348,26 +383,26 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
m = BN_CTX_get(ctx);
|
||||
X = BN_CTX_get(ctx);
|
||||
if (X == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
order = EC_GROUP_get0_order(group);
|
||||
if (order == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
|
||||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
|
||||
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE);
|
||||
ret = 0; /* signature is invalid */
|
||||
goto err;
|
||||
}
|
||||
/* calculate tmp1 = inv(S) mod order */
|
||||
if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* digest -> m */
|
||||
@@ -378,41 +413,41 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
if (8 * dgst_len > i)
|
||||
dgst_len = (i + 7) / 8;
|
||||
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If still too long truncate remaining bits with a shift */
|
||||
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* u1 = m * tmp mod order */
|
||||
if (!BN_mod_mul(u1, m, u2, order, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* u2 = r * w mod q */
|
||||
if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((point = EC_POINT_new(group)) == NULL) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BN_nnmod(u1, X, order, ctx)) {
|
||||
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* if the signature is correct u1 is equal to sig->r */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_mont.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_mont.c
|
||||
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nist.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nist.c
|
||||
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
||||
ec_key_simple_generate_public_key,
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
ecdh_simple_compute_key,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp256.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
||||
@@ -1809,6 +1809,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp521.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
||||
@@ -1651,6 +1651,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistz256.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
||||
@@ -1689,6 +1689,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_s390x_nistp.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
NULL, /* keycopy */ \
|
||||
NULL, /* keyfinish */ \
|
||||
ecdh_simple_compute_key, \
|
||||
+ ecdsa_simple_sign_setup, \
|
||||
+ ecdsa_simple_sign_sig, \
|
||||
+ ecdsa_simple_verify_sig, \
|
||||
NULL, /* field_inverse_mod_ord */ \
|
||||
ec_GFp_simple_blind_coordinates, \
|
||||
ec_GFp_simple_ladder_pre, \
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_smpl.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
||||
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
+ ecdsa_simple_sign_setup,
|
||||
+ ecdsa_simple_sign_sig,
|
||||
+ ecdsa_simple_verify_sig,
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
|
||||
+++ openssl-1.1.1d/crypto/err/openssl.txt
|
||||
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
||||
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
||||
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
||||
EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
+EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
||||
+EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
||||
+EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
||||
@@ -657,6 +660,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
|
||||
EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
|
||||
EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
|
||||
EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
|
||||
+EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup
|
||||
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
|
||||
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
|
||||
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
|
||||
@@ -2130,6 +2134,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
||||
EC_R_CANNOT_INVERT:165:cannot invert
|
||||
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
|
||||
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
||||
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
|
||||
EC_R_DECODE_ERROR:142:decode error
|
||||
Index: openssl-1.1.1d/include/openssl/ecerr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
|
||||
+++ openssl-1.1.1d/include/openssl/ecerr.h
|
||||
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_ECDSA_SIGN_EX 254
|
||||
# define EC_F_ECDSA_SIGN_SETUP 248
|
||||
# define EC_F_ECDSA_SIG_NEW 265
|
||||
+# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310
|
||||
+# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311
|
||||
+# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312
|
||||
# define EC_F_ECDSA_VERIFY 253
|
||||
# define EC_F_ECD_ITEM_VERIFY 270
|
||||
# define EC_F_ECKEY_PARAM2TYPE 223
|
||||
@@ -185,6 +186,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_O2I_ECPUBLICKEY 152
|
||||
# define EC_F_OLD_EC_PRIV_DECODE 222
|
||||
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
|
||||
+# define EC_F_OSSL_ECDSA_SIGN_SETUP 300
|
||||
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
|
||||
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
|
||||
# define EC_F_PKEY_ECD_CTRL 271
|
||||
@@ -212,6 +214,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_R_CANNOT_INVERT 165
|
||||
# define EC_R_COORDINATES_OUT_OF_RANGE 146
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
|
||||
+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
|
||||
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
|
||||
# define EC_R_DECODE_ERROR 142
|
57
openssl-Fix-9bf682f-which-broke-nistp224_method.patch
Normal file
57
openssl-Fix-9bf682f-which-broke-nistp224_method.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From 653b883b97f72a15d35d21246696881aa65311e2 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 15 Aug 2019 22:51:57 +0200
|
||||
Subject: [PATCH] Fix 9bf682f which broke nistp224_method
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9607)
|
||||
---
|
||||
crypto/ec/ecp_nistp224.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c 2020-01-23 13:45:11.104632265 +0100
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c 2020-01-23 13:45:11.208632883 +0100
|
||||
@@ -291,10 +291,10 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
||||
ec_key_simple_generate_public_key,
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
+ ecdh_simple_compute_key,
|
||||
ecdsa_simple_sign_setup,
|
||||
ecdsa_simple_sign_sig,
|
||||
ecdsa_simple_verify_sig,
|
||||
- ecdh_simple_compute_key,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/build.info 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/ec/build.info 2020-01-23 13:45:11.208632883 +0100
|
||||
@@ -20,6 +20,9 @@ GENERATE[ecp_nistz256-avx2.s]=asm/ecp_ni
|
||||
GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[ecp_nistz256-sparcv9.o]=..
|
||||
|
||||
+INCLUDE[ecp_s390x_nistp.o]=..
|
||||
+INCLUDE[ecx_meth.o]=..
|
||||
+
|
||||
GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[ecp_nistz256-armv4.o]=..
|
||||
GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
|
||||
Index: openssl-1.1.1d/include/openssl/ecerr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/ecerr.h 2020-01-23 13:45:11.108632290 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/ecerr.h 2020-01-23 13:45:11.208632883 +0100
|
||||
@@ -38,6 +38,8 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257
|
||||
# define EC_F_ECDSA_DO_SIGN_EX 251
|
||||
# define EC_F_ECDSA_DO_VERIFY 252
|
||||
+# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 313
|
||||
+# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 314
|
||||
# define EC_F_ECDSA_SIGN_EX 254
|
||||
# define EC_F_ECDSA_SIGN_SETUP 248
|
||||
# define EC_F_ECDSA_SIG_NEW 265
|
@ -0,0 +1,30 @@
|
||||
From 3ded2288a45d2cc3a27a1b08d29499cbcec52c0e Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Fri, 12 Jul 2019 13:47:32 +0200
|
||||
Subject: [PATCH 09207/10000] OPENSSL_s390xcap.pod: list msa9 facility bit
|
||||
(155)
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
|
||||
index e45da4467f..1f4ee85fdf 100644
|
||||
--- a/doc/man3/OPENSSL_s390xcap.pod
|
||||
+++ b/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -72,6 +72,7 @@ the numbering is continuous across 64-bit mask boundaries.
|
||||
#134 1<<57 vector packed decimal facility
|
||||
#135 1<<56 vector enhancements facility 1
|
||||
#146 1<<45 message-security assist extension 8
|
||||
+ #155 1<<36 message-security assist extension 9
|
||||
|
||||
kimd :
|
||||
# 1 1<<62 KIMD-SHA-1
|
||||
--
|
||||
2.24.0
|
||||
|
311
openssl-assembly-pack-accelerate-scalar-multiplication.patch
Normal file
311
openssl-assembly-pack-accelerate-scalar-multiplication.patch
Normal file
@ -0,0 +1,311 @@
|
||||
From 1461e66706f24da657d7322706d1165ae515533f Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 9 Jul 2019 10:25:04 +0200
|
||||
Subject: [PATCH 09204/10000] s390x assembly pack: accelerate scalar
|
||||
multiplication
|
||||
|
||||
for NIST P-256, P-384 and P-521 using PCC instruction.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/build.info | 3 +-
|
||||
crypto/ec/ec_curve.c | 42 +++++---
|
||||
crypto/ec/ec_lcl.h | 5 +
|
||||
crypto/ec/ecp_s390x_nistp.c | 197 ++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 234 insertions(+), 13 deletions(-)
|
||||
create mode 100644 crypto/ec/ecp_s390x_nistp.c
|
||||
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_curve.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_curve.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_curve.c
|
||||
@@ -2829,16 +2829,25 @@ static const ec_list_element curve_list[
|
||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||
"SECG curve over a 256 bit prime field"},
|
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
|
||||
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
|
||||
+# if defined(S390X_NISTP_ASM)
|
||||
+ EC_GFp_s390x_nistp384_method,
|
||||
+# else
|
||||
+ 0,
|
||||
+# endif
|
||||
"NIST/SECG curve over a 384 bit prime field"},
|
||||
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
|
||||
- "NIST/SECG curve over a 521 bit prime field"},
|
||||
+
|
||||
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
|
||||
+# if defined(S390X_NISTP_ASM)
|
||||
+ EC_GFp_s390x_nistp521_method,
|
||||
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
+ EC_GFp_nistp521_method,
|
||||
#else
|
||||
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
|
||||
- "NIST/SECG curve over a 521 bit prime field"},
|
||||
+ 0,
|
||||
#endif
|
||||
- /* X9.62 curves */
|
||||
+ "NIST/SECG curve over a 521 bit prime field"},
|
||||
+
|
||||
+ /* X9.62 curves */
|
||||
{NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
|
||||
"NIST/X9.62/SECG curve over a 192 bit prime field"},
|
||||
{NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
|
||||
@@ -2854,6 +2863,8 @@ static const ec_list_element curve_list[
|
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
||||
#if defined(ECP_NISTZ256_ASM)
|
||||
EC_GFp_nistz256_method,
|
||||
+# elif defined(S390X_NISTP_ASM)
|
||||
+ EC_GFp_s390x_nistp256_method,
|
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
EC_GFp_nistp256_method,
|
||||
#else
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
@@ -587,6 +587,11 @@ int ec_group_simple_order_bits(const EC_
|
||||
*/
|
||||
const EC_METHOD *EC_GFp_nistz256_method(void);
|
||||
#endif
|
||||
+#ifdef S390X_NISTP_ASM
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp256_method(void);
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp384_method(void);
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp521_method(void);
|
||||
+#endif
|
||||
|
||||
size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
|
||||
unsigned char *buf, size_t len);
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
@@ -0,0 +1,197 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include "ec_lcl.h"
|
||||
+#include "s390x_arch.h"
|
||||
+
|
||||
+/* Size of parameter blocks */
|
||||
+#define S390X_SIZE_PARAM 4096
|
||||
+
|
||||
+/* Size of fields in parameter blocks */
|
||||
+#define S390X_SIZE_P256 32
|
||||
+#define S390X_SIZE_P384 48
|
||||
+#define S390X_SIZE_P521 80
|
||||
+
|
||||
+/* Offsets of fields in PCC parameter blocks */
|
||||
+#define S390X_OFF_RES_X(n) (0 * n)
|
||||
+#define S390X_OFF_RES_Y(n) (1 * n)
|
||||
+#define S390X_OFF_SRC_X(n) (2 * n)
|
||||
+#define S390X_OFF_SRC_Y(n) (3 * n)
|
||||
+#define S390X_OFF_SCALAR(n) (4 * n)
|
||||
+
|
||||
+static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
+ const BIGNUM *scalar,
|
||||
+ size_t num, const EC_POINT *points[],
|
||||
+ const BIGNUM *scalars[],
|
||||
+ BN_CTX *ctx, unsigned int fc, int len)
|
||||
+{
|
||||
+ unsigned char param[S390X_SIZE_PARAM];
|
||||
+ BIGNUM *x, *y;
|
||||
+ const EC_POINT *point_ptr = NULL;
|
||||
+ const BIGNUM *scalar_ptr = NULL;
|
||||
+ BN_CTX *new_ctx = NULL;
|
||||
+ int rc = -1;
|
||||
+
|
||||
+ if (ctx == NULL) {
|
||||
+ ctx = new_ctx = BN_CTX_new();
|
||||
+ if (ctx == NULL)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+
|
||||
+ x = BN_CTX_get(ctx);
|
||||
+ y = BN_CTX_get(ctx);
|
||||
+ if (x == NULL || y == NULL) {
|
||||
+ rc = 0;
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Use PCC for EC keygen and ECDH key derivation:
|
||||
+ * scalar * generator and scalar * peer public key,
|
||||
+ * scalar in [0,order).
|
||||
+ */
|
||||
+ if ((scalar != NULL && num == 0 && BN_is_negative(scalar) == 0)
|
||||
+ || (scalar == NULL && num == 1 && BN_is_negative(scalars[0]) == 0)) {
|
||||
+
|
||||
+ if (num == 0) {
|
||||
+ point_ptr = EC_GROUP_get0_generator(group);
|
||||
+ scalar_ptr = scalar;
|
||||
+ } else {
|
||||
+ point_ptr = points[0];
|
||||
+ scalar_ptr = scalars[0];
|
||||
+ }
|
||||
+
|
||||
+ if (EC_POINT_is_at_infinity(group, point_ptr) == 1
|
||||
+ || BN_is_zero(scalar_ptr)) {
|
||||
+ rc = EC_POINT_set_to_infinity(group, r);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ memset(¶m, 0, sizeof(param));
|
||||
+
|
||||
+ if (group->meth->point_get_affine_coordinates(group, point_ptr,
|
||||
+ x, y, ctx) != 1
|
||||
+ || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1
|
||||
+ || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1
|
||||
+ || BN_bn2binpad(scalar_ptr,
|
||||
+ param + S390X_OFF_SCALAR(len), len) == -1
|
||||
+ || s390x_pcc(fc, param) != 0
|
||||
+ || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL
|
||||
+ || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL
|
||||
+ || group->meth->point_set_affine_coordinates(group, r,
|
||||
+ x, y, ctx) != 1)
|
||||
+ goto ret;
|
||||
+
|
||||
+ rc = 1;
|
||||
+ }
|
||||
+
|
||||
+ret:
|
||||
+ /* Otherwise use default. */
|
||||
+ if (rc == -1)
|
||||
+ rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
|
||||
+ OPENSSL_cleanse(param, sizeof(param));
|
||||
+ BN_CTX_end(ctx);
|
||||
+ BN_CTX_free(new_ctx);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+#define EC_GFP_S390X_NISTP_METHOD(bits) \
|
||||
+ \
|
||||
+static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
+ EC_POINT *r, \
|
||||
+ const BIGNUM *scalar, \
|
||||
+ size_t num, \
|
||||
+ const EC_POINT *points[], \
|
||||
+ const BIGNUM *scalars[], \
|
||||
+ BN_CTX *ctx) \
|
||||
+{ \
|
||||
+ return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \
|
||||
+ scalars, ctx, \
|
||||
+ S390X_SCALAR_MULTIPLY_P##bits, \
|
||||
+ S390X_SIZE_P##bits); \
|
||||
+} \
|
||||
+ \
|
||||
+const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
+{ \
|
||||
+ static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
|
||||
+ EC_FLAGS_DEFAULT_OCT, \
|
||||
+ NID_X9_62_prime_field, \
|
||||
+ ec_GFp_simple_group_init, \
|
||||
+ ec_GFp_simple_group_finish, \
|
||||
+ ec_GFp_simple_group_clear_finish, \
|
||||
+ ec_GFp_simple_group_copy, \
|
||||
+ ec_GFp_simple_group_set_curve, \
|
||||
+ ec_GFp_simple_group_get_curve, \
|
||||
+ ec_GFp_simple_group_get_degree, \
|
||||
+ ec_group_simple_order_bits, \
|
||||
+ ec_GFp_simple_group_check_discriminant, \
|
||||
+ ec_GFp_simple_point_init, \
|
||||
+ ec_GFp_simple_point_finish, \
|
||||
+ ec_GFp_simple_point_clear_finish, \
|
||||
+ ec_GFp_simple_point_copy, \
|
||||
+ ec_GFp_simple_point_set_to_infinity, \
|
||||
+ ec_GFp_simple_set_Jprojective_coordinates_GFp, \
|
||||
+ ec_GFp_simple_get_Jprojective_coordinates_GFp, \
|
||||
+ ec_GFp_simple_point_set_affine_coordinates, \
|
||||
+ ec_GFp_simple_point_get_affine_coordinates, \
|
||||
+ NULL, /* point_set_compressed_coordinates */ \
|
||||
+ NULL, /* point2oct */ \
|
||||
+ NULL, /* oct2point */ \
|
||||
+ ec_GFp_simple_add, \
|
||||
+ ec_GFp_simple_dbl, \
|
||||
+ ec_GFp_simple_invert, \
|
||||
+ ec_GFp_simple_is_at_infinity, \
|
||||
+ ec_GFp_simple_is_on_curve, \
|
||||
+ ec_GFp_simple_cmp, \
|
||||
+ ec_GFp_simple_make_affine, \
|
||||
+ ec_GFp_simple_points_make_affine, \
|
||||
+ ec_GFp_s390x_nistp##bits##_mul, \
|
||||
+ NULL, /* precompute_mult */ \
|
||||
+ NULL, /* have_precompute_mult */ \
|
||||
+ ec_GFp_simple_field_mul, \
|
||||
+ ec_GFp_simple_field_sqr, \
|
||||
+ NULL, /* field_div */ \
|
||||
+ ec_GFp_simple_field_inv, \
|
||||
+ NULL, /* field_encode */ \
|
||||
+ NULL, /* field_decode */ \
|
||||
+ NULL, /* field_set_to_one */ \
|
||||
+ ec_key_simple_priv2oct, \
|
||||
+ ec_key_simple_oct2priv, \
|
||||
+ NULL, /* set_private */ \
|
||||
+ ec_key_simple_generate_key, \
|
||||
+ ec_key_simple_check_key, \
|
||||
+ ec_key_simple_generate_public_key, \
|
||||
+ NULL, /* keycopy */ \
|
||||
+ NULL, /* keyfinish */ \
|
||||
+ ecdh_simple_compute_key, \
|
||||
+ NULL, /* field_inverse_mod_ord */ \
|
||||
+ ec_GFp_simple_blind_coordinates, \
|
||||
+ ec_GFp_simple_ladder_pre, \
|
||||
+ ec_GFp_simple_ladder_step, \
|
||||
+ ec_GFp_simple_ladder_post \
|
||||
+ }; \
|
||||
+ static const EC_METHOD *ret; \
|
||||
+ \
|
||||
+ if (OPENSSL_s390xcap_P.pcc[1] \
|
||||
+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
|
||||
+ ret = &EC_GFp_s390x_nistp##bits##_meth; \
|
||||
+ else \
|
||||
+ ret = EC_GFp_mont_method(); \
|
||||
+ \
|
||||
+ return ret; \
|
||||
+}
|
||||
+
|
||||
+EC_GFP_S390X_NISTP_METHOD(256)
|
||||
+EC_GFP_S390X_NISTP_METHOD(384)
|
||||
+EC_GFP_S390X_NISTP_METHOD(521)
|
||||
Index: openssl-1.1.1d/Configurations/00-base-templates.conf
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/Configurations/00-base-templates.conf
|
||||
+++ openssl-1.1.1d/Configurations/00-base-templates.conf
|
||||
@@ -289,6 +289,7 @@ my %targets=(
|
||||
template => 1,
|
||||
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
|
||||
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
|
||||
+ ec_asm_src => "ecp_s390x_nistp.c",
|
||||
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
|
||||
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
|
||||
rc4_asm_src => "rc4-s390x.s",
|
||||
Index: openssl-1.1.1d/Configure
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/Configure
|
||||
+++ openssl-1.1.1d/Configure
|
||||
@@ -1400,6 +1400,9 @@ unless ($disabled{asm}) {
|
||||
if ($target{ec_asm_src} =~ /x25519/) {
|
||||
push @{$config{lib_defines}}, "X25519_ASM";
|
||||
}
|
||||
+ if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) {
|
||||
+ push @{$config{lib_defines}}, "S390X_NISTP_ASM";
|
||||
+ }
|
||||
if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
|
||||
push @{$config{dso_defines}}, "PADLOCK_ASM";
|
||||
}
|
12
openssl-fips-clearerror.patch
Normal file
12
openssl-fips-clearerror.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.1.1d/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.556634952 +0100
|
||||
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:11.572635047 +0100
|
||||
@@ -49,6 +49,7 @@ static void init_fips_mode(void)
|
||||
NONFIPS_selftest_check();
|
||||
/* drop down to non-FIPS mode if it is not requested */
|
||||
FIPS_mode_set(0);
|
||||
+ ERR_clear_error();
|
||||
} else {
|
||||
/* abort if selftest failed */
|
||||
FIPS_selftest_check();
|
14
openssl-fips-dont_run_FIPS_module_installed.patch
Normal file
14
openssl-fips-dont_run_FIPS_module_installed.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Index: openssl-1.1.1d/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.336633643 +0100
|
||||
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:21.316692954 +0100
|
||||
@@ -63,9 +63,6 @@ void __attribute__ ((constructor)) OPENS
|
||||
if (done)
|
||||
return;
|
||||
done = 1;
|
||||
- if (!FIPS_module_installed()) {
|
||||
- return;
|
||||
- }
|
||||
init_fips_mode();
|
||||
}
|
||||
#endif
|
22
openssl-fips-ignore_broken_atexit_test.patch
Normal file
22
openssl-fips-ignore_broken_atexit_test.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: openssl-1.1.1d/test/recipes/90-test_shlibload.t
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/recipes/90-test_shlibload.t 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/recipes/90-test_shlibload.t 2020-01-23 15:22:27.355814857 +0100
|
||||
@@ -23,7 +23,7 @@ plan skip_all => "Test is disabled on AI
|
||||
plan skip_all => "Test is disabled on VMS" if config('target') =~ m|^vms|;
|
||||
plan skip_all => "Test only supported in a dso build" if disabled("dso");
|
||||
|
||||
-plan tests => 10;
|
||||
+plan tests => 9;
|
||||
|
||||
# When libssl and libcrypto are compiled on Linux with "-rpath", but not
|
||||
# "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH,
|
||||
@@ -56,7 +56,7 @@ unlink $filename;
|
||||
($fh, $filename) = tempfile();
|
||||
ok(run(test(["shlibloadtest", "-no_atexit", $libcrypto, $libssl, $filename])),
|
||||
"running shlibloadtest -no_atexit $filename");
|
||||
-ok(!check_atexit($fh));
|
||||
+#ok(!check_atexit($fh));
|
||||
unlink $filename;
|
||||
|
||||
sub shlib {
|
@ -0,0 +1,24 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.368633835 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:21.316692954 +0100
|
||||
@@ -454,15 +454,15 @@ int FIPS_module_mode_set(int onoff)
|
||||
|
||||
fips_post = 1;
|
||||
|
||||
- if (!FIPS_selftest()) {
|
||||
+ if (!verify_checksums()) {
|
||||
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
- if (!verify_checksums()) {
|
||||
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
|
||||
- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
+ if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
74
openssl-fips-selftests_in_nonfips_mode.patch
Normal file
74
openssl-fips-selftests_in_nonfips_mode.patch
Normal file
@ -0,0 +1,74 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.416634119 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:11.556634952 +0100
|
||||
@@ -486,6 +486,44 @@ int FIPS_module_mode_set(int onoff)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+/* In non-FIPS mode, the selftests must succeed if the
|
||||
+ * checksum files are present
|
||||
+ */
|
||||
+void NONFIPS_selftest_check(void)
|
||||
+{
|
||||
+ int rv;
|
||||
+ char *hmacpath;
|
||||
+ char path[PATH_MAX+1];
|
||||
+
|
||||
+ if (fips_selftest_fail)
|
||||
+ {
|
||||
+ /* check if the checksum files are installed */
|
||||
+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
|
||||
+ if (rv < 0)
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+
|
||||
+ hmacpath = make_hmac_path(path);
|
||||
+ if (hmacpath == NULL)
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+
|
||||
+ if (access(hmacpath, F_OK))
|
||||
+ {
|
||||
+ /* no hmac file is present, ignore the failed selftests */
|
||||
+ if (errno == ENOENT)
|
||||
+ {
|
||||
+ free(hmacpath);
|
||||
+ return;
|
||||
+ }
|
||||
+ /* we fail on any other error */
|
||||
+ }
|
||||
+ /* if the file exists, but the selftests failed
|
||||
+ (eg wrong checksum), we fail too */
|
||||
+ free(hmacpath);
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+ }
|
||||
+ /* otherwise ok, selftests were successful */
|
||||
+}
|
||||
+
|
||||
static CRYPTO_THREAD_ID fips_threadid;
|
||||
static int fips_thread_set = 0;
|
||||
|
||||
Index: openssl-1.1.1d/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.536634832 +0100
|
||||
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:17.000667299 +0100
|
||||
@@ -45,6 +45,8 @@ static void init_fips_mode(void)
|
||||
*/
|
||||
|
||||
if (buf[0] != '1') {
|
||||
+ /* abort if selftest failed and the module is complete */
|
||||
+ NONFIPS_selftest_check();
|
||||
/* drop down to non-FIPS mode if it is not requested */
|
||||
FIPS_mode_set(0);
|
||||
} else {
|
||||
Index: openssl-1.1.1d/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/fips.h 2020-01-23 13:45:11.344633691 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/fips.h 2020-01-23 13:45:11.556634952 +0100
|
||||
@@ -65,6 +65,7 @@ extern "C" {
|
||||
int FIPS_selftest(void);
|
||||
int FIPS_selftest_failed(void);
|
||||
int FIPS_selftest_drbg_all(void);
|
||||
+ void NONFIPS_selftest_check(void);
|
||||
|
||||
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
||||
const EVP_MD *evpmd, const unsigned char *seed_in,
|
20
openssl-fips_mode.patch
Normal file
20
openssl-fips_mode.patch
Normal file
@ -0,0 +1,20 @@
|
||||
Index: openssl-1.1.1d/apps/openssl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/apps/openssl.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/apps/openssl.c 2020-01-23 13:45:11.452634334 +0100
|
||||
@@ -151,8 +151,15 @@ int main(int argc, char *argv[])
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
|
||||
if (getenv("OPENSSL_FIPS")) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ if (!FIPS_mode_set(1)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ return 1;
|
||||
+ }
|
||||
+#else
|
||||
BIO_printf(bio_err, "FIPS mode not supported.\n");
|
||||
return 1;
|
||||
+#endif
|
||||
}
|
||||
|
||||
if (!apps_startup()) {
|
24
openssl-keep_EVP_KDF_functions_version.patch
Normal file
24
openssl-keep_EVP_KDF_functions_version.patch
Normal file
@ -0,0 +1,24 @@
|
||||
Index: openssl-1.1.1d/util/libcrypto.num
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/util/libcrypto.num 2020-01-27 12:07:26.467151662 +0100
|
||||
+++ openssl-1.1.1d/util/libcrypto.num 2020-01-27 13:18:44.456778054 +0100
|
||||
@@ -4617,11 +4617,11 @@ FIPS_drbg_get_strength
|
||||
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
|
||||
-EVP_KDF_CTX_new_id 6590 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_CTX_free 6591 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_reset 6592 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_ctrl 6593 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_vctrl 6594 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
|
||||
-EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_CTX_new_id 6590 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_CTX_free 6591 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_reset 6592 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_ctrl 6593 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_vctrl 6594 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_ctrl_str 6595 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_size 6596 1_1_1d EXIST::FUNCTION:
|
||||
+EVP_KDF_derive 6597 1_1_1d EXIST::FUNCTION:
|
281
openssl-s390x-assembly-pack-accelerate-ECDSA.patch
Normal file
281
openssl-s390x-assembly-pack-accelerate-ECDSA.patch
Normal file
@ -0,0 +1,281 @@
|
||||
From 58c35587eacba090414522a6506cb86f2d0e91af Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 11 Jul 2019 10:38:18 +0200
|
||||
Subject: [PATCH 09206/10000] s390x assembly pack: accelerate ECDSA
|
||||
|
||||
for NIST P-256, P-384 and P-521 using KDSA instruction.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/ecp_s390x_nistp.c | 202 +++++++++++++++++++++++++++++++++++-
|
||||
crypto/err/openssl.txt | 2 +
|
||||
2 files changed, 200 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
|
||||
index 0b03d7fd04..be81f0b8f0 100644
|
||||
--- a/crypto/ec/ecp_s390x_nistp.c
|
||||
+++ b/crypto/ec/ecp_s390x_nistp.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/rand.h>
|
||||
#include "ec_lcl.h"
|
||||
#include "s390x_arch.h"
|
||||
|
||||
@@ -28,6 +29,15 @@
|
||||
#define S390X_OFF_SRC_Y(n) (3 * n)
|
||||
#define S390X_OFF_SCALAR(n) (4 * n)
|
||||
|
||||
+/* Offsets of fields in KDSA parameter blocks */
|
||||
+#define S390X_OFF_R(n) (0 * n)
|
||||
+#define S390X_OFF_S(n) (1 * n)
|
||||
+#define S390X_OFF_H(n) (2 * n)
|
||||
+#define S390X_OFF_K(n) (3 * n)
|
||||
+#define S390X_OFF_X(n) (3 * n)
|
||||
+#define S390X_OFF_RN(n) (4 * n)
|
||||
+#define S390X_OFF_Y(n) (4 * n)
|
||||
+
|
||||
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *scalar,
|
||||
size_t num, const EC_POINT *points[],
|
||||
@@ -106,6 +116,163 @@ ret:
|
||||
return rc;
|
||||
}
|
||||
|
||||
+static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
|
||||
+ int dgstlen,
|
||||
+ const BIGNUM *kinv,
|
||||
+ const BIGNUM *r,
|
||||
+ EC_KEY *eckey,
|
||||
+ unsigned int fc, int len)
|
||||
+{
|
||||
+ unsigned char param[S390X_SIZE_PARAM];
|
||||
+ int ok = 0;
|
||||
+ BIGNUM *k;
|
||||
+ ECDSA_SIG *sig;
|
||||
+ const EC_GROUP *group;
|
||||
+ const BIGNUM *privkey;
|
||||
+ int off;
|
||||
+
|
||||
+ group = EC_KEY_get0_group(eckey);
|
||||
+ privkey = EC_KEY_get0_private_key(eckey);
|
||||
+ if (group == NULL || privkey == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, EC_R_MISSING_PARAMETERS);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (!EC_KEY_can_sign(eckey)) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG,
|
||||
+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ k = BN_secure_new();
|
||||
+ sig = ECDSA_SIG_new();
|
||||
+ if (k == NULL || sig == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ sig->r = BN_new();
|
||||
+ sig->s = BN_new();
|
||||
+ if (sig->r == NULL || sig->s == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ memset(param, 0, sizeof(param));
|
||||
+ off = len - (dgstlen > len ? len : dgstlen);
|
||||
+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off);
|
||||
+
|
||||
+ if (BN_bn2binpad(privkey, param + S390X_OFF_K(len), len) == -1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ if (r == NULL || kinv == NULL) {
|
||||
+ /*
|
||||
+ * Generate random k and copy to param param block. RAND_priv_bytes
|
||||
+ * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce
|
||||
+ * because kdsa instruction constructs an in-range, invertible nonce
|
||||
+ * internally implementing counter-measures for RNG weakness.
|
||||
+ */
|
||||
+ if (RAND_priv_bytes(param + S390X_OFF_RN(len), len) != 1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG,
|
||||
+ EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+ } else {
|
||||
+ /* Reconstruct k = (k^-1)^-1. */
|
||||
+ if (ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
||||
+ || BN_bn2binpad(k, param + S390X_OFF_RN(len), len) == -1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+ /* Turns KDSA internal nonce-generation off. */
|
||||
+ fc |= S390X_KDSA_D;
|
||||
+ }
|
||||
+
|
||||
+ if (s390x_kdsa(fc, param, NULL, 0) != 0) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_ECDSA_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ if (BN_bin2bn(param + S390X_OFF_R(len), len, sig->r) == NULL
|
||||
+ || BN_bin2bn(param + S390X_OFF_S(len), len, sig->s) == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ ok = 1;
|
||||
+ret:
|
||||
+ OPENSSL_cleanse(param, sizeof(param));
|
||||
+ if (ok != 1) {
|
||||
+ ECDSA_SIG_free(sig);
|
||||
+ sig = NULL;
|
||||
+ }
|
||||
+ BN_clear_free(k);
|
||||
+ return sig;
|
||||
+}
|
||||
+
|
||||
+static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen,
|
||||
+ const ECDSA_SIG *sig, EC_KEY *eckey,
|
||||
+ unsigned int fc, int len)
|
||||
+{
|
||||
+ unsigned char param[S390X_SIZE_PARAM];
|
||||
+ int rc = -1;
|
||||
+ BN_CTX *ctx;
|
||||
+ BIGNUM *x, *y;
|
||||
+ const EC_GROUP *group;
|
||||
+ const EC_POINT *pubkey;
|
||||
+ int off;
|
||||
+
|
||||
+ group = EC_KEY_get0_group(eckey);
|
||||
+ pubkey = EC_KEY_get0_public_key(eckey);
|
||||
+ if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (!EC_KEY_can_sign(eckey)) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG,
|
||||
+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ctx = BN_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+
|
||||
+ x = BN_CTX_get(ctx);
|
||||
+ y = BN_CTX_get(ctx);
|
||||
+ if (x == NULL || y == NULL) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ memset(param, 0, sizeof(param));
|
||||
+ off = len - (dgstlen > len ? len : dgstlen);
|
||||
+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off);
|
||||
+
|
||||
+ if (group->meth->point_get_affine_coordinates(group, pubkey,
|
||||
+ x, y, ctx) != 1
|
||||
+ || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1
|
||||
+ || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1
|
||||
+ || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1
|
||||
+ || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) {
|
||||
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_BN_LIB);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+ rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0;
|
||||
+ret:
|
||||
+ BN_CTX_end(ctx);
|
||||
+ BN_CTX_free(ctx);
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
#define EC_GFP_S390X_NISTP_METHOD(bits) \
|
||||
\
|
||||
static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
S390X_SIZE_P##bits); \
|
||||
} \
|
||||
\
|
||||
+static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \
|
||||
+ char *dgst, \
|
||||
+ int dgstlen, \
|
||||
+ const BIGNUM *kinv,\
|
||||
+ const BIGNUM *r, \
|
||||
+ EC_KEY *eckey) \
|
||||
+{ \
|
||||
+ return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \
|
||||
+ S390X_ECDSA_SIGN_P##bits, \
|
||||
+ S390X_SIZE_P##bits); \
|
||||
+} \
|
||||
+ \
|
||||
+static int ecdsa_s390x_nistp##bits##_verify_sig(const \
|
||||
+ unsigned char *dgst, \
|
||||
+ int dgstlen, \
|
||||
+ const ECDSA_SIG *sig, \
|
||||
+ EC_KEY *eckey) \
|
||||
+{ \
|
||||
+ return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \
|
||||
+ S390X_ECDSA_VERIFY_P##bits, \
|
||||
+ S390X_SIZE_P##bits); \
|
||||
+} \
|
||||
+ \
|
||||
const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
{ \
|
||||
static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
|
||||
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
NULL, /* keyfinish */ \
|
||||
ecdh_simple_compute_key, \
|
||||
ecdsa_simple_sign_setup, \
|
||||
- ecdsa_simple_sign_sig, \
|
||||
- ecdsa_simple_verify_sig, \
|
||||
+ ecdsa_s390x_nistp##bits##_sign_sig, \
|
||||
+ ecdsa_s390x_nistp##bits##_verify_sig, \
|
||||
NULL, /* field_inverse_mod_ord */ \
|
||||
ec_GFp_simple_blind_coordinates, \
|
||||
ec_GFp_simple_ladder_pre, \
|
||||
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
}; \
|
||||
static const EC_METHOD *ret; \
|
||||
\
|
||||
- if (OPENSSL_s390xcap_P.pcc[1] \
|
||||
- & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
|
||||
+ if ((OPENSSL_s390xcap_P.pcc[1] \
|
||||
+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
|
||||
+ && (OPENSSL_s390xcap_P.kdsa[0] \
|
||||
+ & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \
|
||||
+ && (OPENSSL_s390xcap_P.kdsa[0] \
|
||||
+ & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \
|
||||
ret = &EC_GFp_s390x_nistp##bits##_meth; \
|
||||
else \
|
||||
ret = EC_GFp_mont_method(); \
|
||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||
index 035bd729f3..5d5981035c 100644
|
||||
--- a/crypto/err/openssl.txt
|
||||
+++ b/crypto/err/openssl.txt
|
||||
@@ -554,6 +554,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
||||
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
||||
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
|
||||
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
||||
--
|
||||
2.24.0
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,694 @@
|
||||
From f39ad8dcaa75293968d2633d043de3f5fce4f37b Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Mon, 30 Jan 2017 17:37:54 +0100
|
||||
Subject: [PATCH] s390x assembly pack: add OPENSSL_s390xcap environment
|
||||
variable.
|
||||
|
||||
The OPENSSL_s390xcap environment variable is used to set bits in the s390x
|
||||
capability vector to zero. This simplifies testing of different code paths.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/6813)
|
||||
---
|
||||
crypto/s390x_arch.h | 23 +-
|
||||
crypto/s390xcap.c | 515 +++++++++++++++++++++++++++++++++++++++++++
|
||||
crypto/s390xcpuid.pl | 31 ++-
|
||||
3 files changed, 556 insertions(+), 13 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
|
||||
+++ openssl-1.1.1d/crypto/s390x_arch.h
|
||||
@@ -49,6 +49,9 @@ struct OPENSSL_s390xcap_st {
|
||||
|
||||
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
|
||||
+/* Max number of 64-bit words currently returned by STFLE */
|
||||
+# define S390X_STFLE_MAX 3
|
||||
+
|
||||
/* convert facility bit number or function code to bit mask */
|
||||
# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64))
|
||||
|
||||
@@ -68,9 +71,15 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_KMA 0xb0
|
||||
|
||||
/* Facility Bit Numbers */
|
||||
-# define S390X_VX 129
|
||||
-# define S390X_VXD 134
|
||||
-# define S390X_VXE 135
|
||||
+# define S390X_MSA 17 /* message-security-assist */
|
||||
+# define S390X_STCKF 25 /* store-clock-fast */
|
||||
+# define S390X_MSA5 57 /* message-security-assist-ext. 5 */
|
||||
+# define S390X_MSA3 76 /* message-security-assist-ext. 3 */
|
||||
+# define S390X_MSA4 77 /* message-security-assist-ext. 4 */
|
||||
+# define S390X_VX 129 /* vector */
|
||||
+# define S390X_VXD 134 /* vector packed decimal */
|
||||
+# define S390X_VXE 135 /* vector enhancements 1 */
|
||||
+# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
|
||||
|
||||
/* Function Codes */
|
||||
|
||||
@@ -78,6 +87,9 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_QUERY 0
|
||||
|
||||
/* kimd/klmd */
|
||||
+# define S390X_SHA_1 1
|
||||
+# define S390X_SHA_256 2
|
||||
+# define S390X_SHA_512 3
|
||||
# define S390X_SHA3_224 32
|
||||
# define S390X_SHA3_256 33
|
||||
# define S390X_SHA3_384 34
|
||||
@@ -91,7 +103,12 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_AES_192 19
|
||||
# define S390X_AES_256 20
|
||||
|
||||
+/* km */
|
||||
+# define S390X_XTS_AES_128 50
|
||||
+# define S390X_XTS_AES_256 52
|
||||
+
|
||||
/* prno */
|
||||
+# define S390X_SHA_512_DRNG 3
|
||||
# define S390X_TRNG 114
|
||||
|
||||
/* Register 0 Flags */
|
||||
Index: openssl-1.1.1d/crypto/s390xcap.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcap.c
|
||||
+++ openssl-1.1.1d/crypto/s390xcap.c
|
||||
@@ -13,15 +13,51 @@
|
||||
#include <setjmp.h>
|
||||
#include <signal.h>
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "internal/ctype.h"
|
||||
#include "s390x_arch.h"
|
||||
|
||||
+#define LEN 128
|
||||
+#define STR_(S) #S
|
||||
+#define STR(S) STR_(S)
|
||||
+
|
||||
+#define TOK_FUNC(NAME) \
|
||||
+ (sscanf(tok_begin, \
|
||||
+ " " STR(NAME) " : %" STR(LEN) "[^:] : " \
|
||||
+ "%" STR(LEN) "s %" STR(LEN) "s ", \
|
||||
+ tok[0], tok[1], tok[2]) == 2) { \
|
||||
+ \
|
||||
+ off = (tok[0][0] == '~') ? 1 : 0; \
|
||||
+ if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \
|
||||
+ goto ret; \
|
||||
+ if (off) \
|
||||
+ cap->NAME[0] = ~cap->NAME[0]; \
|
||||
+ \
|
||||
+ off = (tok[1][0] == '~') ? 1 : 0; \
|
||||
+ if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \
|
||||
+ goto ret; \
|
||||
+ if (off) \
|
||||
+ cap->NAME[1] = ~cap->NAME[1]; \
|
||||
+ }
|
||||
+
|
||||
+#define TOK_CPU(NAME) \
|
||||
+ (sscanf(tok_begin, \
|
||||
+ " %" STR(LEN) "s %" STR(LEN) "s ", \
|
||||
+ tok[0], tok[1]) == 1 \
|
||||
+ && !strcmp(tok[0], #NAME)) { \
|
||||
+ memcpy(cap, &NAME, sizeof(*cap)); \
|
||||
+ }
|
||||
+
|
||||
static sigjmp_buf ill_jmp;
|
||||
static void ill_handler(int sig)
|
||||
{
|
||||
siglongjmp(ill_jmp, sig);
|
||||
}
|
||||
|
||||
+static const char *env;
|
||||
+static int parse_env(struct OPENSSL_s390xcap_st *cap);
|
||||
+
|
||||
void OPENSSL_s390x_facilities(void);
|
||||
+void OPENSSL_s390x_functions(void);
|
||||
void OPENSSL_vx_probe(void);
|
||||
|
||||
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
@@ -30,6 +66,7 @@ void OPENSSL_cpuid_setup(void)
|
||||
{
|
||||
sigset_t oset;
|
||||
struct sigaction ill_act, oact_ill, oact_fpe;
|
||||
+ struct OPENSSL_s390xcap_st cap;
|
||||
|
||||
if (OPENSSL_s390xcap_P.stfle[0])
|
||||
return;
|
||||
@@ -37,6 +74,12 @@ void OPENSSL_cpuid_setup(void)
|
||||
/* set a bit that will not be tested later */
|
||||
OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
|
||||
|
||||
+ env = getenv("OPENSSL_s390xcap");
|
||||
+ if (env != NULL) {
|
||||
+ if (!parse_env(&cap))
|
||||
+ env = NULL;
|
||||
+ }
|
||||
+
|
||||
memset(&ill_act, 0, sizeof(ill_act));
|
||||
ill_act.sa_handler = ill_handler;
|
||||
sigfillset(&ill_act.sa_mask);
|
||||
@@ -51,6 +94,12 @@ void OPENSSL_cpuid_setup(void)
|
||||
if (sigsetjmp(ill_jmp, 1) == 0)
|
||||
OPENSSL_s390x_facilities();
|
||||
|
||||
+ if (env != NULL) {
|
||||
+ OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0];
|
||||
+ OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1];
|
||||
+ OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2];
|
||||
+ }
|
||||
+
|
||||
/* protection against disabled vector facility */
|
||||
if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
|
||||
&& (sigsetjmp(ill_jmp, 1) == 0)) {
|
||||
@@ -64,4 +113,470 @@ void OPENSSL_cpuid_setup(void)
|
||||
sigaction(SIGFPE, &oact_fpe, NULL);
|
||||
sigaction(SIGILL, &oact_ill, NULL);
|
||||
sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
+
|
||||
+ OPENSSL_s390x_functions();
|
||||
+
|
||||
+ if (env != NULL) {
|
||||
+ OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0];
|
||||
+ OPENSSL_s390xcap_P.kimd[1] &= cap.kimd[1];
|
||||
+ OPENSSL_s390xcap_P.klmd[0] &= cap.klmd[0];
|
||||
+ OPENSSL_s390xcap_P.klmd[1] &= cap.klmd[1];
|
||||
+ OPENSSL_s390xcap_P.km[0] &= cap.km[0];
|
||||
+ OPENSSL_s390xcap_P.km[1] &= cap.km[1];
|
||||
+ OPENSSL_s390xcap_P.kmc[0] &= cap.kmc[0];
|
||||
+ OPENSSL_s390xcap_P.kmc[1] &= cap.kmc[1];
|
||||
+ OPENSSL_s390xcap_P.kmac[0] &= cap.kmac[0];
|
||||
+ OPENSSL_s390xcap_P.kmac[1] &= cap.kmac[1];
|
||||
+ OPENSSL_s390xcap_P.kmctr[0] &= cap.kmctr[0];
|
||||
+ OPENSSL_s390xcap_P.kmctr[1] &= cap.kmctr[1];
|
||||
+ OPENSSL_s390xcap_P.kmo[0] &= cap.kmo[0];
|
||||
+ OPENSSL_s390xcap_P.kmo[1] &= cap.kmo[1];
|
||||
+ OPENSSL_s390xcap_P.kmf[0] &= cap.kmf[0];
|
||||
+ OPENSSL_s390xcap_P.kmf[1] &= cap.kmf[1];
|
||||
+ OPENSSL_s390xcap_P.prno[0] &= cap.prno[0];
|
||||
+ OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
|
||||
+ OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
|
||||
+ OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
+{
|
||||
+ /*-
|
||||
+ * CPU model data
|
||||
+ * (only the STFLE- and QUERY-bits relevant to libcrypto are set)
|
||||
+ */
|
||||
+
|
||||
+ /*-
|
||||
+ * z900 (2000) - z/Architecture POP SA22-7832-00
|
||||
+ * Facility detection would fail on real hw (no STFLE).
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z900 = {
|
||||
+ .stfle = {0ULL, 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {0ULL, 0ULL},
|
||||
+ .klmd = {0ULL, 0ULL},
|
||||
+ .km = {0ULL, 0ULL},
|
||||
+ .kmc = {0ULL, 0ULL},
|
||||
+ .kmac = {0ULL, 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z990 (2003) - z/Architecture POP SA22-7832-02
|
||||
+ * Implements MSA. Facility detection would fail on real hw (no STFLE).
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z990 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA),
|
||||
+ 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1),
|
||||
+ 0ULL},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z9 (2005) - z/Architecture POP SA22-7832-04
|
||||
+ * Implements MSA and MSA1.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z9 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256),
|
||||
+ 0ULL},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z10 (2008) - z/Architecture POP SA22-7832-06
|
||||
+ * Implements MSA and MSA1-2.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z10 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ 0ULL, 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {0ULL, 0ULL},
|
||||
+ .kmo = {0ULL, 0ULL},
|
||||
+ .kmf = {0ULL, 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z196 (2010) - z/Architecture POP SA22-7832-08
|
||||
+ * Implements MSA and MSA1-4.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z196 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * zEC12 (2012) - z/Architecture POP SA22-7832-09
|
||||
+ * Implements MSA and MSA1-4.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st zEC12 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ 0ULL, 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {0ULL, 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z13 (2015) - z/Architecture POP SA22-7832-10
|
||||
+ * Implements MSA and MSA1-5.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z13 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF)
|
||||
+ | S390X_CAPBIT(S390X_MSA5),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ S390X_CAPBIT(S390X_VX),
|
||||
+ 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
+ 0ULL},
|
||||
+ .kma = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z14 (2017) - z/Architecture POP SA22-7832-11
|
||||
+ * Implements MSA and MSA1-8.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z14 = {
|
||||
+ .stfle = {S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF)
|
||||
+ | S390X_CAPBIT(S390X_MSA5),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ S390X_CAPBIT(S390X_VX)
|
||||
+ | S390X_CAPBIT(S390X_VXD)
|
||||
+ | S390X_CAPBIT(S390X_VXE)
|
||||
+ | S390X_CAPBIT(S390X_MSA8),
|
||||
+ 0ULL},
|
||||
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ 0ULL},
|
||||
+ .km = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ .prno = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
+ S390X_CAPBIT(S390X_TRNG)},
|
||||
+ .kma = {S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
|
||||
+ int rc, off, i, n;
|
||||
+
|
||||
+ buff = malloc(strlen(env) + 1);
|
||||
+ if (buff == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ rc = 0;
|
||||
+ memset(cap, ~0, sizeof(*cap));
|
||||
+ strcpy(buff, env);
|
||||
+
|
||||
+ tok_begin = buff + strspn(buff, ";");
|
||||
+ strtok(tok_begin, ";");
|
||||
+ tok_end = strtok(NULL, ";");
|
||||
+
|
||||
+ while (tok_begin != NULL) {
|
||||
+ /* stfle token */
|
||||
+ if ((n = sscanf(tok_begin,
|
||||
+ " stfle : %" STR(LEN) "[^:] : "
|
||||
+ "%" STR(LEN) "[^:] : %" STR(LEN) "s ",
|
||||
+ tok[0], tok[1], tok[2]))) {
|
||||
+ for (i = 0; i < n; i++) {
|
||||
+ off = (tok[i][0] == '~') ? 1 : 0;
|
||||
+ if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1)
|
||||
+ goto ret;
|
||||
+ if (off)
|
||||
+ cap->stfle[i] = ~cap->stfle[i];
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* query function tokens */
|
||||
+ else if TOK_FUNC(kimd)
|
||||
+ else if TOK_FUNC(klmd)
|
||||
+ else if TOK_FUNC(km)
|
||||
+ else if TOK_FUNC(kmc)
|
||||
+ else if TOK_FUNC(kmac)
|
||||
+ else if TOK_FUNC(kmctr)
|
||||
+ else if TOK_FUNC(kmo)
|
||||
+ else if TOK_FUNC(kmf)
|
||||
+ else if TOK_FUNC(prno)
|
||||
+ else if TOK_FUNC(kma)
|
||||
+
|
||||
+ /* CPU model tokens */
|
||||
+ else if TOK_CPU(z900)
|
||||
+ else if TOK_CPU(z990)
|
||||
+ else if TOK_CPU(z9)
|
||||
+ else if TOK_CPU(z10)
|
||||
+ else if TOK_CPU(z196)
|
||||
+ else if TOK_CPU(zEC12)
|
||||
+ else if TOK_CPU(z13)
|
||||
+ else if TOK_CPU(z14)
|
||||
+
|
||||
+ /* whitespace(ignored) or invalid tokens */
|
||||
+ else {
|
||||
+ while (*tok_begin != '\0') {
|
||||
+ if (!ossl_isspace(*tok_begin))
|
||||
+ goto ret;
|
||||
+ tok_begin++;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ tok_begin = tok_end;
|
||||
+ tok_end = strtok(NULL, ";");
|
||||
+ }
|
||||
+
|
||||
+ rc = 1;
|
||||
+ret:
|
||||
+ free(buff);
|
||||
+ return rc;
|
||||
}
|
||||
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
|
||||
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
|
||||
stg %r0,S390X_STFLE+16(%r4)
|
||||
stg %r0,S390X_STFLE+24(%r4)
|
||||
- stg %r0,S390X_KIMD(%r4)
|
||||
+
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
+ brc 8,.Ldone
|
||||
+ lghi %r0,1
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
+ brc 8,.Ldone
|
||||
+ lghi %r0,2
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
+.Ldone:
|
||||
+ br $ra
|
||||
+.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
|
||||
+
|
||||
+.globl OPENSSL_s390x_functions
|
||||
+.type OPENSSL_s390x_functions,\@function
|
||||
+.align 16
|
||||
+OPENSSL_s390x_functions:
|
||||
+ lghi %r0,0
|
||||
+ larl %r4,OPENSSL_s390xcap_P
|
||||
+
|
||||
+ stg %r0,S390X_KIMD(%r4) # wipe capability vectors
|
||||
stg %r0,S390X_KIMD+8(%r4)
|
||||
stg %r0,S390X_KLMD(%r4)
|
||||
stg %r0,S390X_KLMD+8(%r4)
|
||||
@@ -59,14 +78,6 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,S390X_KMA(%r4)
|
||||
stg %r0,S390X_KMA+8(%r4)
|
||||
|
||||
- .long 0xb2b04000 # stfle 0(%r4)
|
||||
- brc 8,.Ldone
|
||||
- lghi %r0,1
|
||||
- .long 0xb2b04000 # stfle 0(%r4)
|
||||
- brc 8,.Ldone
|
||||
- lghi %r0,2
|
||||
- .long 0xb2b04000 # stfle 0(%r4)
|
||||
-.Ldone:
|
||||
lmg %r2,%r3,S390X_STFLE(%r4)
|
||||
tmhl %r2,0x4000 # check for message-security-assist
|
||||
jz .Lret
|
||||
@@ -123,7 +134,7 @@ OPENSSL_s390x_facilities:
|
||||
|
||||
.Lret:
|
||||
br $ra
|
||||
-.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
|
||||
+.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
|
||||
|
||||
.globl OPENSSL_rdtsc
|
||||
.type OPENSSL_rdtsc,\@function
|
208
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Normal file
208
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Normal file
@ -0,0 +1,208 @@
|
||||
From d68af00685c4a76e9545882e350717ae5e4071df Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 31 Jan 2017 12:43:35 +0100
|
||||
Subject: [PATCH] s390x assembly pack: add OPENSSL_s390xcap man page.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/6813)
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 173 ++++++++++++++++++++++++++++++++++
|
||||
util/private.num | 1 +
|
||||
2 files changed, 174 insertions(+)
|
||||
create mode 100644 doc/man3/OPENSSL_s390xcap.pod
|
||||
|
||||
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
|
||||
new file mode 100644
|
||||
index 00000000000..550136a82b8
|
||||
--- /dev/null
|
||||
+++ b/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -0,0 +1,173 @@
|
||||
+=pod
|
||||
+
|
||||
+=head1 NAME
|
||||
+
|
||||
+OPENSSL_s390xcap - the IBM z processor capabilities vector
|
||||
+
|
||||
+=head1 SYNOPSIS
|
||||
+
|
||||
+ env OPENSSL_s390xcap=... <application>
|
||||
+
|
||||
+=head1 DESCRIPTION
|
||||
+
|
||||
+libcrypto supports z/Architecture instruction set extensions. These
|
||||
+extensions are denoted by individual bits in the capabilities vector.
|
||||
+When libcrypto is initialized, the bits returned by the STFLE instruction
|
||||
+and by the QUERY functions are stored in the vector.
|
||||
+
|
||||
+To change the set of instructions available to an application, you can
|
||||
+set the OPENSSL_s390xcap environment variable before you start the
|
||||
+application. After initialization, the capability vector is ANDed bitwise
|
||||
+with a mask which is derived from the environment variable.
|
||||
+
|
||||
+The environment variable is a semicolon-separated list of tokens which is
|
||||
+processed from left to right (whitespace is ignored):
|
||||
+
|
||||
+ OPENSSL_s390xcap="<tok1>;<tok2>;..."
|
||||
+
|
||||
+There are three types of tokens:
|
||||
+
|
||||
+=over 4
|
||||
+
|
||||
+=item <string>
|
||||
+
|
||||
+The name of a processor generation. A bit in the environment variable's
|
||||
+mask is set to one if and only if the specified processor generation
|
||||
+implements the corresponding instruction set extension. Possible values
|
||||
+are z900, z990, z9, z10, z196, zEC12, z13 and z14.
|
||||
+
|
||||
+=item <string>:<mask>:<mask>
|
||||
+
|
||||
+The name of an instruction followed by two 64-bit masks. The part of the
|
||||
+environment variable's mask corresponding to the specified instruction is
|
||||
+set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc,
|
||||
+kmac, kmctr, kmo, kmf, prno and kma.
|
||||
+
|
||||
+=item stfle:<mask>:<mask>:<mask>
|
||||
+
|
||||
+Store-facility-list-extended (stfle) followed by three 64-bit masks. The
|
||||
+part of the environment variable's mask corresponding to the stfle
|
||||
+instruction is set to the specified 192-bit mask.
|
||||
+
|
||||
+=back
|
||||
+
|
||||
+The 64-bit masks are specified in hexadecimal notation. The 0x prefix is
|
||||
+optional. Prefix a mask with a tilde (~) to denote a bitwise NOT operation.
|
||||
+
|
||||
+The following is a list of significant bits for each instruction. Colon
|
||||
+rows separate the individual 64-bit masks. The bit numbers in the first
|
||||
+column are consistent with [1], that is, 0 denotes the leftmost bit and
|
||||
+the numbering is continuous across 64-bit mask boundaries.
|
||||
+
|
||||
+ Bit Mask Facility/Function
|
||||
+
|
||||
+ stfle:
|
||||
+ # 17 1<<46 message-security assist
|
||||
+ # 25 1<<38 store-clock-fast facility
|
||||
+ :
|
||||
+ # 76 1<<51 message-security assist extension 3
|
||||
+ # 77 1<<50 message-security assist extension 4
|
||||
+ :
|
||||
+ #129 1<<62 vector facility
|
||||
+ #134 1<<57 vector packed decimal facility
|
||||
+ #135 1<<56 vector enhancements facility 1
|
||||
+ #146 1<<45 message-security assist extension 8
|
||||
+
|
||||
+ kimd :
|
||||
+ # 1 1<<62 KIMD-SHA-1
|
||||
+ # 2 1<<61 KIMD-SHA-256
|
||||
+ # 3 1<<60 KIMD-SHA-512
|
||||
+ # 32 1<<31 KIMD-SHA3-224
|
||||
+ # 33 1<<30 KIMD-SHA3-256
|
||||
+ # 34 1<<29 KIMD-SHA3-384
|
||||
+ # 35 1<<28 KIMD-SHA3-512
|
||||
+ # 36 1<<27 KIMD-SHAKE-128
|
||||
+ # 37 1<<26 KIMD-SHAKE-256
|
||||
+ :
|
||||
+ # 65 1<<62 KIMD-GHASH
|
||||
+
|
||||
+ klmd :
|
||||
+ # 32 1<<31 KLMD-SHA3-224
|
||||
+ # 33 1<<30 KLMD-SHA3-256
|
||||
+ # 34 1<<29 KLMD-SHA3-384
|
||||
+ # 35 1<<28 KLMD-SHA3-512
|
||||
+ # 36 1<<27 KLMD-SHAKE-128
|
||||
+ # 37 1<<26 KLMD-SHAKE-256
|
||||
+ :
|
||||
+
|
||||
+ km :
|
||||
+ # 18 1<<45 KM-AES-128
|
||||
+ # 19 1<<44 KM-AES-192
|
||||
+ # 20 1<<43 KM-AES-256
|
||||
+ # 50 1<<13 KM-XTS-AES-128
|
||||
+ # 52 1<<11 KM-XTS-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmc :
|
||||
+ # 18 1<<45 KMC-AES-128
|
||||
+ # 19 1<<44 KMC-AES-192
|
||||
+ # 20 1<<43 KMC-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmac :
|
||||
+ # 18 1<<45 KMAC-AES-128
|
||||
+ # 19 1<<44 KMAC-AES-192
|
||||
+ # 20 1<<43 KMAC-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmctr:
|
||||
+ :
|
||||
+
|
||||
+ kmo :
|
||||
+ # 18 1<<45 KMO-AES-128
|
||||
+ # 19 1<<44 KMO-AES-192
|
||||
+ # 20 1<<43 KMO-AES-256
|
||||
+ :
|
||||
+
|
||||
+ kmf :
|
||||
+ # 18 1<<45 KMF-AES-128
|
||||
+ # 19 1<<44 KMF-AES-192
|
||||
+ # 20 1<<43 KMF-AES-256
|
||||
+ :
|
||||
+
|
||||
+ prno :
|
||||
+ :
|
||||
+
|
||||
+ kma :
|
||||
+ # 18 1<<45 KMA-GCM-AES-128
|
||||
+ # 19 1<<44 KMA-GCM-AES-192
|
||||
+ # 20 1<<43 KMA-GCM-AES-256
|
||||
+ :
|
||||
+
|
||||
+=head1 EXAMPLES
|
||||
+
|
||||
+Disables all instruction set extensions which the z196 processor does not implement:
|
||||
+
|
||||
+ OPENSSL_s390xcap="z196"
|
||||
+
|
||||
+Disables the vector facility:
|
||||
+
|
||||
+ OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000"
|
||||
+
|
||||
+Disables the KM-XTS-AES and and the KIMD-SHAKE function codes:
|
||||
+
|
||||
+ OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
|
||||
+
|
||||
+=head1 RETURN VALUES
|
||||
+
|
||||
+Not available.
|
||||
+
|
||||
+=head1 SEE ALSO
|
||||
+
|
||||
+[1] z/Architecture Principles of Operation, SA22-7832-11
|
||||
+
|
||||
+=head1 COPYRIGHT
|
||||
+
|
||||
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+
|
||||
+Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+this file except in compliance with the License. You can obtain a copy
|
||||
+in the file LICENSE in the source distribution or at
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff --git a/util/private.num b/util/private.num
|
||||
index c456578c335..2bfe987b437 100644
|
||||
--- a/util/private.num
|
||||
+++ b/util/private.num
|
||||
@@ -3,6 +3,7 @@
|
||||
# assembly language, etc.
|
||||
#
|
||||
OPENSSL_ia32cap environment
|
||||
+OPENSSL_s390xcap environment
|
||||
OPENSSL_MALLOC_FD environment
|
||||
OPENSSL_MALLOC_FAILURES environment
|
||||
OPENSSL_instrument_bus assembler
|
@ -0,0 +1,394 @@
|
||||
From e382f507fb67863be02bfa69b08533cc55f0cd96 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 27 Jun 2019 01:07:54 +0200
|
||||
Subject: [PATCH 08967/10000] s390x assembly pack: add support for pcc and kma
|
||||
instructions
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9258)
|
||||
---
|
||||
crypto/s390x_arch.h | 22 ++++++++
|
||||
crypto/s390xcap.c | 119 +++++++++++++++++++++++++++++++++++++++++++
|
||||
crypto/s390xcpuid.pl | 71 ++++++++++++++++++++++++++
|
||||
3 files changed, 212 insertions(+)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
|
||||
+++ openssl-1.1.1d/crypto/s390x_arch.h
|
||||
@@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in,
|
||||
unsigned int fc, void *param);
|
||||
void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
|
||||
size_t len, unsigned char *out, unsigned int fc, void *param);
|
||||
+int s390x_pcc(unsigned int fc, void *param);
|
||||
+int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in,
|
||||
+ size_t len);
|
||||
|
||||
/*
|
||||
* The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
|
||||
@@ -45,6 +48,8 @@ struct OPENSSL_s390xcap_st {
|
||||
unsigned long long kmf[2];
|
||||
unsigned long long prno[2];
|
||||
unsigned long long kma[2];
|
||||
+ unsigned long long pcc[2];
|
||||
+ unsigned long long kdsa[2];
|
||||
};
|
||||
|
||||
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
@@ -69,6 +74,8 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_KMF 0x90
|
||||
# define S390X_PRNO 0xa0
|
||||
# define S390X_KMA 0xb0
|
||||
+# define S390X_PCC 0xc0
|
||||
+# define S390X_KDSA 0xd0
|
||||
|
||||
/* Facility Bit Numbers */
|
||||
# define S390X_MSA 17 /* message-security-assist */
|
||||
@@ -80,6 +87,7 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_VXD 134 /* vector packed decimal */
|
||||
# define S390X_VXE 135 /* vector enhancements 1 */
|
||||
# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
|
||||
+# define S390X_MSA9 155 /* message-security-assist-ext. 9 */
|
||||
|
||||
/* Function Codes */
|
||||
|
||||
@@ -111,10 +119,24 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_SHA_512_DRNG 3
|
||||
# define S390X_TRNG 114
|
||||
|
||||
+/* pcc */
|
||||
+# define S390X_SCALAR_MULTIPLY_P256 64
|
||||
+# define S390X_SCALAR_MULTIPLY_P384 65
|
||||
+# define S390X_SCALAR_MULTIPLY_P521 66
|
||||
+
|
||||
+/* kdsa */
|
||||
+# define S390X_ECDSA_VERIFY_P256 1
|
||||
+# define S390X_ECDSA_VERIFY_P384 2
|
||||
+# define S390X_ECDSA_VERIFY_P521 3
|
||||
+# define S390X_ECDSA_SIGN_P256 9
|
||||
+# define S390X_ECDSA_SIGN_P384 10
|
||||
+# define S390X_ECDSA_SIGN_P521 11
|
||||
+
|
||||
/* Register 0 Flags */
|
||||
# define S390X_DECRYPT 0x80
|
||||
# define S390X_KMA_LPC 0x100
|
||||
# define S390X_KMA_LAAD 0x200
|
||||
# define S390X_KMA_HS 0x400
|
||||
+# define S390X_KDSA_D 0x80
|
||||
|
||||
#endif
|
||||
Index: openssl-1.1.1d/crypto/s390xcap.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcap.c
|
||||
+++ openssl-1.1.1d/crypto/s390xcap.c
|
||||
@@ -137,6 +137,10 @@ void OPENSSL_cpuid_setup(void)
|
||||
OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
|
||||
OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
|
||||
OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
|
||||
+ OPENSSL_s390xcap_P.pcc[0] &= cap.pcc[0];
|
||||
+ OPENSSL_s390xcap_P.pcc[1] &= cap.pcc[1];
|
||||
+ OPENSSL_s390xcap_P.kdsa[0] &= cap.kdsa[0];
|
||||
+ OPENSSL_s390xcap_P.kdsa[1] &= cap.kdsa[1];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -163,6 +167,8 @@ static int parse_env(struct OPENSSL_s390
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -189,6 +195,8 @@ static int parse_env(struct OPENSSL_s390
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -220,6 +228,8 @@ static int parse_env(struct OPENSSL_s390
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -257,6 +267,8 @@ static int parse_env(struct OPENSSL_s390
|
||||
.kmf = {0ULL, 0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {0ULL, 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -313,6 +325,9 @@ static int parse_env(struct OPENSSL_s390
|
||||
0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -369,6 +384,9 @@ static int parse_env(struct OPENSSL_s390
|
||||
0ULL},
|
||||
.prno = {0ULL, 0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -429,6 +447,9 @@ static int parse_env(struct OPENSSL_s390
|
||||
| S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
0ULL},
|
||||
.kma = {0ULL, 0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
};
|
||||
|
||||
/*-
|
||||
@@ -508,6 +529,101 @@ static int parse_env(struct OPENSSL_s390
|
||||
| S390X_CAPBIT(S390X_AES_192)
|
||||
| S390X_CAPBIT(S390X_AES_256),
|
||||
0ULL},
|
||||
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
|
||||
+ 0ULL},
|
||||
+ .kdsa = {0ULL, 0ULL},
|
||||
+ };
|
||||
+
|
||||
+ /*-
|
||||
+ * z15 (2019) - z/Architecture POP SA22-7832-12
|
||||
+ * Implements MSA and MSA1-9.
|
||||
+ */
|
||||
+ static const struct OPENSSL_s390xcap_st z15 = {
|
||||
+ /*.stfle = */{S390X_CAPBIT(S390X_MSA)
|
||||
+ | S390X_CAPBIT(S390X_STCKF)
|
||||
+ | S390X_CAPBIT(S390X_MSA5),
|
||||
+ S390X_CAPBIT(S390X_MSA3)
|
||||
+ | S390X_CAPBIT(S390X_MSA4),
|
||||
+ S390X_CAPBIT(S390X_VX)
|
||||
+ | S390X_CAPBIT(S390X_VXD)
|
||||
+ | S390X_CAPBIT(S390X_VXE)
|
||||
+ | S390X_CAPBIT(S390X_MSA8),
|
||||
+ 0ULL},
|
||||
+ /*.kimd = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ S390X_CAPBIT(S390X_GHASH)},
|
||||
+ /*.klmd = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_1)
|
||||
+ | S390X_CAPBIT(S390X_SHA_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_224)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_256)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_384)
|
||||
+ | S390X_CAPBIT(S390X_SHA3_512)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_128)
|
||||
+ | S390X_CAPBIT(S390X_SHAKE_256),
|
||||
+ 0ULL},
|
||||
+ /*.km = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_XTS_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmc = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmac = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmo = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.kmf = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.prno = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
|
||||
+ S390X_CAPBIT(S390X_TRNG)},
|
||||
+ /*.kma = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_AES_128)
|
||||
+ | S390X_CAPBIT(S390X_AES_192)
|
||||
+ | S390X_CAPBIT(S390X_AES_256),
|
||||
+ 0ULL},
|
||||
+ /*.pcc = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521),
|
||||
+ 0ULL},
|
||||
+ /*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P256)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P384)
|
||||
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521),
|
||||
+ 0ULL},
|
||||
};
|
||||
|
||||
char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
|
||||
@@ -551,6 +667,8 @@ static int parse_env(struct OPENSSL_s390
|
||||
else if TOK_FUNC(kmf)
|
||||
else if TOK_FUNC(prno)
|
||||
else if TOK_FUNC(kma)
|
||||
+ else if TOK_FUNC(pcc)
|
||||
+ else if TOK_FUNC(kdsa)
|
||||
|
||||
/* CPU model tokens */
|
||||
else if TOK_CPU(z900)
|
||||
@@ -561,6 +679,7 @@ static int parse_env(struct OPENSSL_s390
|
||||
else if TOK_CPU(zEC12)
|
||||
else if TOK_CPU(z13)
|
||||
else if TOK_CPU(z14)
|
||||
+ else if TOK_CPU(z15)
|
||||
|
||||
/* whitespace(ignored) or invalid tokens */
|
||||
else {
|
||||
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
|
||||
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
@@ -77,8 +77,13 @@ OPENSSL_s390x_functions:
|
||||
stg %r0,S390X_PRNO+8(%r4)
|
||||
stg %r0,S390X_KMA(%r4)
|
||||
stg %r0,S390X_KMA+8(%r4)
|
||||
+ stg %r0,S390X_PCC(%r4)
|
||||
+ stg %r0,S390X_PCC+8(%r4)
|
||||
+ stg %r0,S390X_KDSA(%r4)
|
||||
+ stg %r0,S390X_KDSA+8(%r4)
|
||||
|
||||
lmg %r2,%r3,S390X_STFLE(%r4)
|
||||
+
|
||||
tmhl %r2,0x4000 # check for message-security-assist
|
||||
jz .Lret
|
||||
|
||||
@@ -102,6 +107,13 @@ OPENSSL_s390x_functions:
|
||||
la %r1,S390X_KMAC(%r4)
|
||||
.long 0xb91e0042 # kmac %r4,%r2
|
||||
|
||||
+ tmhh %r3,0x0003 # check for message-security-assist-3
|
||||
+ jz .Lret
|
||||
+
|
||||
+ lghi %r0,S390X_QUERY # query pcc capability vector
|
||||
+ la %r1,S390X_PCC(%r4)
|
||||
+ .long 0xb92c0000 # pcc
|
||||
+
|
||||
tmhh %r3,0x0004 # check for message-security-assist-4
|
||||
jz .Lret
|
||||
|
||||
@@ -125,6 +137,7 @@ OPENSSL_s390x_functions:
|
||||
.long 0xb93c0042 # prno %r4,%r2
|
||||
|
||||
lg %r2,S390X_STFLE+16(%r4)
|
||||
+
|
||||
tmhl %r2,0x2000 # check for message-security-assist-8
|
||||
jz .Lret
|
||||
|
||||
@@ -132,6 +145,13 @@ OPENSSL_s390x_functions:
|
||||
la %r1,S390X_KMA(%r4)
|
||||
.long 0xb9294022 # kma %r2,%r4,%r2
|
||||
|
||||
+ tmhl %r2,0x0010 # check for message-security-assist-9
|
||||
+ jz .Lret
|
||||
+
|
||||
+ lghi %r0,S390X_QUERY # query kdsa capability vector
|
||||
+ la %r1,S390X_KDSA(%r4)
|
||||
+ .long 0xb93a0002 # kdsa %r0,%r2
|
||||
+
|
||||
.Lret:
|
||||
br $ra
|
||||
.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
|
||||
@@ -422,6 +442,57 @@ s390x_kma:
|
||||
___
|
||||
}
|
||||
|
||||
+################
|
||||
+# void s390x_pcc(unsigned int fc, void *param)
|
||||
+{
|
||||
+my ($fc,$param) = map("%r$_",(2..3));
|
||||
+$code.=<<___;
|
||||
+.globl s390x_pcc
|
||||
+.type s390x_pcc,\@function
|
||||
+.align 16
|
||||
+s390x_pcc:
|
||||
+ lr %r0,$fc
|
||||
+ l${g}r %r1,$param
|
||||
+ lhi %r2,0
|
||||
+
|
||||
+ .long 0xb92c0000 # pcc
|
||||
+ brc 1,.-4 # pay attention to "partial completion"
|
||||
+ brc 7,.Lpcc_err # if CC==0 return 0, else return 1
|
||||
+.Lpcc_out:
|
||||
+ br $ra
|
||||
+.Lpcc_err:
|
||||
+ lhi %r2,1
|
||||
+ j .Lpcc_out
|
||||
+.size s390x_pcc,.-s390x_pcc
|
||||
+___
|
||||
+}
|
||||
+
|
||||
+################
|
||||
+# void s390x_kdsa(unsigned int fc, void *param,
|
||||
+# const unsigned char *in, size_t len)
|
||||
+{
|
||||
+my ($fc,$param,$in,$len) = map("%r$_",(2..5));
|
||||
+$code.=<<___;
|
||||
+.globl s390x_kdsa
|
||||
+.type s390x_kdsa,\@function
|
||||
+.align 16
|
||||
+s390x_kdsa:
|
||||
+ lr %r0,$fc
|
||||
+ l${g}r %r1,$param
|
||||
+ lhi %r2,0
|
||||
+
|
||||
+ .long 0xb93a0004 # kdsa %r0,$in
|
||||
+ brc 1,.-4 # pay attention to "partial completion"
|
||||
+ brc 7,.Lkdsa_err # if CC==0 return 0, else return 1
|
||||
+.Lkdsa_out:
|
||||
+ br $ra
|
||||
+.Lkdsa_err:
|
||||
+ lhi %r2,1
|
||||
+ j .Lkdsa_out
|
||||
+.size s390x_kdsa,.-s390x_kdsa
|
||||
+___
|
||||
+}
|
||||
+
|
||||
$code.=<<___;
|
||||
.section .init
|
||||
brasl $ra,OPENSSL_cpuid_setup
|
@ -0,0 +1,41 @@
|
||||
From 2281be2ed4a7df462677661d30b13826ae6b3e26 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 24 Sep 2019 14:44:27 +0200
|
||||
Subject: [PATCH 09530/10000] s390x assembly pack: cleanse only sensitive
|
||||
fields
|
||||
|
||||
of instruction parameter blocks.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/10004)
|
||||
---
|
||||
crypto/ec/ecp_s390x_nistp.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
|
||||
index be81f0b8f0..9533698b0f 100644
|
||||
--- a/crypto/ec/ecp_s390x_nistp.c
|
||||
+++ b/crypto/ec/ecp_s390x_nistp.c
|
||||
@@ -110,7 +110,7 @@ ret:
|
||||
/* Otherwise use default. */
|
||||
if (rc == -1)
|
||||
rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
|
||||
- OPENSSL_cleanse(param, sizeof(param));
|
||||
+ OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
return rc;
|
||||
@@ -203,7 +203,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
|
||||
|
||||
ok = 1;
|
||||
ret:
|
||||
- OPENSSL_cleanse(param, sizeof(param));
|
||||
+ OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
|
||||
if (ok != 1) {
|
||||
ECDSA_SIG_free(sig);
|
||||
sig = NULL;
|
||||
--
|
||||
2.24.0
|
||||
|
@ -0,0 +1,46 @@
|
||||
From ac037dc874a721ca81a33b4314e26cef4a7e8d48 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 24 Sep 2019 23:20:00 +0200
|
||||
Subject: [PATCH 09529/10000] s390x assembly pack: fix OPENSSL_s390xcap z15 cpu
|
||||
mask
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/10004)
|
||||
---
|
||||
crypto/s390xcap.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
|
||||
index 5123e14fa6..3e6aeae1df 100644
|
||||
--- a/crypto/s390xcap.c
|
||||
+++ b/crypto/s390xcap.c
|
||||
@@ -578,7 +578,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
S390X_CAPBIT(S390X_VX)
|
||||
| S390X_CAPBIT(S390X_VXD)
|
||||
| S390X_CAPBIT(S390X_VXE)
|
||||
- | S390X_CAPBIT(S390X_MSA8),
|
||||
+ | S390X_CAPBIT(S390X_MSA8)
|
||||
+ | S390X_CAPBIT(S390X_MSA9),
|
||||
0ULL},
|
||||
/*.kimd = */{S390X_CAPBIT(S390X_QUERY)
|
||||
| S390X_CAPBIT(S390X_SHA_1)
|
||||
@@ -642,11 +643,10 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
|
||||
| S390X_CAPBIT(S390X_AES_192)
|
||||
| S390X_CAPBIT(S390X_AES_256),
|
||||
0ULL},
|
||||
- /*.pcc = */{S390X_CAPBIT(S390X_QUERY)
|
||||
- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
|
||||
+ /*.pcc = */{S390X_CAPBIT(S390X_QUERY),
|
||||
+ S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
|
||||
| S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
|
||||
- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521),
|
||||
- 0ULL},
|
||||
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)},
|
||||
/*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
|
||||
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
|
||||
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
|
||||
--
|
||||
2.24.0
|
||||
|
@ -0,0 +1,26 @@
|
||||
From b3681e2641999be6c1f70e66497fe384d683a07e Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 24 Sep 2019 23:03:19 +0200
|
||||
Subject: [PATCH 09528/10000] s390x assembly pack: fix msa3 stfle bit detection
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/10004)
|
||||
---
|
||||
crypto/s390xcpuid.pl | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl 2020-01-23 13:45:11.064632028 +0100
|
||||
+++ openssl-1.1.1d/crypto/s390xcpuid.pl 2020-01-23 13:45:11.188632764 +0100
|
||||
@@ -107,7 +107,7 @@ OPENSSL_s390x_functions:
|
||||
la %r1,S390X_KMAC(%r4)
|
||||
.long 0xb91e0042 # kmac %r4,%r2
|
||||
|
||||
- tmhh %r3,0x0003 # check for message-security-assist-3
|
||||
+ tmhh %r3,0x0008 # check for message-security-assist-3
|
||||
jz .Lret
|
||||
|
||||
lghi %r0,S390X_QUERY # query pcc capability vector
|
67
openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
Normal file
67
openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
Normal file
@ -0,0 +1,67 @@
|
||||
From da93b5cc2bc931b998f33ee432bc1ae2b38fccca Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Wed, 26 Jun 2019 23:41:35 +0200
|
||||
Subject: [PATCH 08968/10000] s390x assembly pack: update OPENSSL_s390xcap(3)
|
||||
|
||||
Add description of capability vector's pcc and kma parts.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9258)
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 21 ++++++++++++++++++---
|
||||
1 file changed, 18 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/doc/man3/OPENSSL_s390xcap.pod
|
||||
+++ openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -34,14 +34,14 @@ There are three types of tokens:
|
||||
The name of a processor generation. A bit in the environment variable's
|
||||
mask is set to one if and only if the specified processor generation
|
||||
implements the corresponding instruction set extension. Possible values
|
||||
-are z900, z990, z9, z10, z196, zEC12, z13 and z14.
|
||||
+are z900, z990, z9, z10, z196, zEC12, z13, z14 and z15.
|
||||
|
||||
=item <string>:<mask>:<mask>
|
||||
|
||||
The name of an instruction followed by two 64-bit masks. The part of the
|
||||
environment variable's mask corresponding to the specified instruction is
|
||||
set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc,
|
||||
-kmac, kmctr, kmo, kmf, prno and kma.
|
||||
+kmac, kmctr, kmo, kmf, prno, kma, pcc and kdsa.
|
||||
|
||||
=item stfle:<mask>:<mask>:<mask>
|
||||
|
||||
@@ -153,13 +153,28 @@ Disables the KM-XTS-AES and and the KIMD
|
||||
|
||||
OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
|
||||
|
||||
+ pcc :
|
||||
+ :
|
||||
+ # 64 1<<63 PCC-Scalar-Multiply-P256
|
||||
+ # 65 1<<62 PCC-Scalar-Multiply-P384
|
||||
+ # 66 1<<61 PCC-Scalar-Multiply-P521
|
||||
+
|
||||
+ kdsa :
|
||||
+ # 1 1<<62 KDSA-ECDSA-Verify-P256
|
||||
+ # 2 1<<61 KDSA-ECDSA-Verify-P384
|
||||
+ # 3 1<<60 KDSA-ECDSA-Verify-P521
|
||||
+ # 9 1<<54 KDSA-ECDSA-Sign-P256
|
||||
+ # 10 1<<53 KDSA-ECDSA-Sign-P384
|
||||
+ # 11 1<<52 KDSA-ECDSA-Sign-P521
|
||||
+ :
|
||||
+
|
||||
=head1 RETURN VALUES
|
||||
|
||||
Not available.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
-[1] z/Architecture Principles of Operation, SA22-7832-11
|
||||
+[1] z/Architecture Principles of Operation, SA22-7832-12
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
@ -0,0 +1,127 @@
|
||||
Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecx_meth.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecx_meth.c
|
||||
@@ -842,6 +842,7 @@ static const EVP_PKEY_METHOD ed448_pkey_
|
||||
|
||||
#ifdef S390X_EC_ASM
|
||||
# include "s390x_arch.h"
|
||||
+# include "internal/constant_time_locl.h"
|
||||
|
||||
static void s390x_x25519_mod_p(unsigned char u[32])
|
||||
{
|
||||
@@ -855,16 +856,16 @@ static void s390x_x25519_mod_p(unsigned
|
||||
u_red[31] = (unsigned char)c;
|
||||
c >>= 8;
|
||||
|
||||
- for (i = 30; c > 0 && i >= 0; i--) {
|
||||
+ for (i = 30; i >= 0; i--) {
|
||||
c += (unsigned int)u_red[i];
|
||||
u_red[i] = (unsigned char)c;
|
||||
c >>= 8;
|
||||
}
|
||||
|
||||
- if (u_red[0] & 0x80) {
|
||||
- u_red[0] &= 0x7f;
|
||||
- memcpy(u, u_red, sizeof(u_red));
|
||||
- }
|
||||
+ c = (u_red[0] & 0x80) >> 7;
|
||||
+ u_red[0] &= 0x7f;
|
||||
+ constant_time_cond_swap_buff(0 - (unsigned char)c,
|
||||
+ u, u_red, sizeof(u_red));
|
||||
}
|
||||
|
||||
static void s390x_x448_mod_p(unsigned char u[56])
|
||||
@@ -889,16 +890,14 @@ static void s390x_x448_mod_p(unsigned ch
|
||||
u_red[27] = (unsigned char)c;
|
||||
c >>= 8;
|
||||
|
||||
- for (i = 26; c > 0 && i >= 0; i--) {
|
||||
+ for (i = 26; i >= 0; i--) {
|
||||
c += (unsigned int)u_red[i];
|
||||
u_red[i] = (unsigned char)c;
|
||||
c >>= 8;
|
||||
}
|
||||
|
||||
- if (u_red[0] & 0x80) {
|
||||
- u_red[0] &= 0x7f;
|
||||
- memcpy(u, u_red, sizeof(u_red));
|
||||
- }
|
||||
+ constant_time_cond_swap_buff(0 - (unsigned char)c,
|
||||
+ u, u_red, sizeof(u_red));
|
||||
}
|
||||
|
||||
static int s390x_x25519_mul(unsigned char u_dst[32],
|
||||
@@ -954,7 +953,7 @@ static int s390x_x448_mul(unsigned char
|
||||
memcpy(param.x448.d_src, d_src, 56);
|
||||
|
||||
s390x_flip_endian64(param.x448.u_src, param.x448.u_src);
|
||||
- s390x_x448_mod_p(param.x448.u_src);
|
||||
+ s390x_x448_mod_p(param.x448.u_src + 8);
|
||||
|
||||
s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
|
||||
param.x448.d_src[63] &= 252;
|
||||
Index: openssl-1.1.1d/include/internal/constant_time_locl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/internal/constant_time_locl.h
|
||||
+++ openssl-1.1.1d/include/internal/constant_time_locl.h
|
||||
@@ -353,6 +353,34 @@ static ossl_inline void constant_time_co
|
||||
}
|
||||
|
||||
/*
|
||||
+ * mask must be 0xFF or 0x00.
|
||||
+ * "constant time" is per len.
|
||||
+ *
|
||||
+ * if (mask) {
|
||||
+ * unsigned char tmp[len];
|
||||
+ *
|
||||
+ * memcpy(tmp, a, len);
|
||||
+ * memcpy(a, b);
|
||||
+ * memcpy(b, tmp);
|
||||
+ * }
|
||||
+ */
|
||||
+static ossl_inline void constant_time_cond_swap_buff(unsigned char mask,
|
||||
+ unsigned char *a,
|
||||
+ unsigned char *b,
|
||||
+ size_t len)
|
||||
+{
|
||||
+ size_t i;
|
||||
+ unsigned char tmp;
|
||||
+
|
||||
+ for (i = 0; i < len; i++) {
|
||||
+ tmp = a[i] ^ b[i];
|
||||
+ tmp &= mask;
|
||||
+ a[i] ^= tmp;
|
||||
+ b[i] ^= tmp;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
* table is a two dimensional array of bytes. Each row has rowsize elements.
|
||||
* Copies row number idx into out. rowsize and numrows are not considered
|
||||
* private.
|
||||
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/recipes/30-test_evp_data/evppkey.txt
|
||||
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey.txt
|
||||
@@ -814,6 +814,8 @@ PublicKeyRaw=Bob-448-PUBLIC-Raw:X448:3eb
|
||||
|
||||
PrivPubKeyPair = Bob-448-Raw:Bob-448-PUBLIC-Raw
|
||||
|
||||
+PublicKeyRaw=Bob-448-PUBLIC-Raw-NonCanonical:X448:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
+
|
||||
Derive=Alice-448
|
||||
PeerKey=Bob-448-PUBLIC
|
||||
SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d
|
||||
@@ -830,6 +832,11 @@ Derive=Bob-448-Raw
|
||||
PeerKey=Alice-448-PUBLIC-Raw
|
||||
SharedSecret=07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d
|
||||
|
||||
+# Self-generated non-canonical
|
||||
+Derive=Alice-448-Raw
|
||||
+PeerKey=Bob-448-PUBLIC-Raw-NonCanonical
|
||||
+SharedSecret=66e2e682b1f8e68c809f1bb3e406bd826921d9c1a5bfbfcbab7ae72feecee63660eabd54934f3382061d17607f581a90bdac917a064959fb
|
||||
+
|
||||
# Illegal sign/verify operations with X448 key
|
||||
|
||||
Sign=Alice-448
|
38
openssl-s390xcpuid.pl-fix-comment.patch
Normal file
38
openssl-s390xcpuid.pl-fix-comment.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 9baa4d5f4c9f596faba2b3e219b367a09c472d1d Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Wed, 3 Jul 2019 18:02:11 +0200
|
||||
Subject: [PATCH 09203/10000] s390xcpuid.pl: fix comment
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/s390xcpuid.pl | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
|
||||
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
@@ -431,7 +431,7 @@ ___
|
||||
}
|
||||
|
||||
################
|
||||
-# void s390x_pcc(unsigned int fc, void *param)
|
||||
+# int s390x_pcc(unsigned int fc, void *param)
|
||||
{
|
||||
my ($fc,$param) = map("%r$_",(2..3));
|
||||
$code.=<<___;
|
||||
@@ -456,8 +456,8 @@ ___
|
||||
}
|
||||
|
||||
################
|
||||
-# void s390x_kdsa(unsigned int fc, void *param,
|
||||
-# const unsigned char *in, size_t len)
|
||||
+# int s390x_kdsa(unsigned int fc, void *param,
|
||||
+# const unsigned char *in, size_t len)
|
||||
{
|
||||
my ($fc,$param,$in,$len) = map("%r$_",(2..5));
|
||||
$code.=<<___;
|
13
openssl-ship_fips_standalone_hmac.patch
Normal file
13
openssl-ship_fips_standalone_hmac.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/build.info 2020-01-23 13:45:11.232633025 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/build.info 2020-01-23 13:45:11.432634214 +0100
|
||||
@@ -7,7 +7,7 @@ SOURCE[../../libcrypto]=\
|
||||
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
||||
fips_dh_selftest.c fips_ers.c
|
||||
|
||||
-PROGRAMS_NO_INST=\
|
||||
+PROGRAMS=\
|
||||
fips_standalone_hmac
|
||||
|
||||
SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
|
Loading…
Reference in New Issue
Block a user