Rohan McLure [Fri, 25 Nov 2022 03:41:08 +0000 (14:41 +1100)]
Remove redundant assignment in felem_mul_ref in p521
ftmp4 is assigned immediately before receiving the reduced output of the
multiplication of ftmp and ftmp3, without being read inbetween these
assignments. Remove redundant assignment.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19766)
(cherry picked from commit
3d4dfeb28a5cb944b8300b4cf807e19ab97d04f5)
Pauli [Mon, 28 Nov 2022 01:25:47 +0000 (12:25 +1100)]
doc: fix location of AES-SIV ciphers
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19776)
(cherry picked from commit
d1aa7d11363ebb0dff080966f842fade91135eaa)
Nicola Tuveri [Sun, 27 Nov 2022 21:43:16 +0000 (23:43 +0200)]
Update pyca-cryptography submodule to 38.0.4
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19681)
Nicola Tuveri [Sat, 18 Sep 2021 15:17:39 +0000 (18:17 +0300)]
Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
3.1 change in behavior for our providers.
Fixes #16595
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19681)
Tomas Mraz [Thu, 24 Nov 2022 17:48:10 +0000 (18:48 +0100)]
Fix occasional assertion failure when storing properties
Fixes #18631
The store lock does not prevent concurrent access to the
property cache, because there are multiple stores.
We drop the newly created entry and use the exisiting one
if there is one already.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19762)
(cherry picked from commit
92a25e24e6ec9735dea9ec645502cb075a5f8d24)
Tomas Mraz [Wed, 23 Nov 2022 08:09:24 +0000 (09:09 +0100)]
Drop incorrect skipping of some evp_test testcases with no-gost
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19739)
(cherry picked from commit
d5e1fe9c04c7eb28e21070e3dfe0d2242504a9bc)
Tomas Mraz [Thu, 24 Nov 2022 15:46:38 +0000 (16:46 +0100)]
Add test for EVP_PKEY_Q_keygen
Test for #19736
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19761)
(cherry picked from commit
667a8501f0b6e5705fd611d5bb3ca24848b07154)
Marco Abbadini [Thu, 24 Nov 2022 01:11:25 +0000 (02:11 +0100)]
Fix typos in doc/man3/EVP_EncryptInit.pod
Fixes #19728
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19753)
(cherry picked from commit
0dbd3a81e46dd7ea9f7832307fdd0b2ac207a5bf)
Tomas Mraz [Wed, 26 Oct 2022 09:29:49 +0000 (11:29 +0200)]
When using PEM_read_bio_PrivateKey_ex() the public key is optional
Fixes #19498
However the private key part is not optional which was
mishandled by the legacy routine.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19505)
(cherry picked from commit
adb408dc791e83f59f3a86bd90d8e804c814ac30)
Dr. David von Oheimb [Mon, 19 Sep 2022 11:15:04 +0000 (13:15 +0200)]
add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function
Fixup for glitch while handling merge conflict in OSSL_CMP_CTX_new.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
a2ede0396addd13f7fe9a629b450a14892152a83)
Dr. David von Oheimb [Mon, 19 Sep 2022 11:15:04 +0000 (13:15 +0200)]
add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() function
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
a2ede0396addd13f7fe9a629b450a14892152a83)
Dr. David von Oheimb [Wed, 14 Sep 2022 15:37:27 +0000 (17:37 +0200)]
OSSL_CMP_CTX_reinit(): fix missing reset of ctx->genm_ITAVs
Otherwise, further OSSL_CMP_exec_GENM_ses() calls will go wrong.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
1c04866c671db4a6db0a1784399b351ea061bc16)
Dr. David von Oheimb [Sat, 17 Sep 2022 18:58:16 +0000 (20:58 +0200)]
CMP: fix gen_new() in cmp_msg.c checking wrong ITAVs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19216)
(cherry picked from commit
7e3034939b40ee15013bdba9ff6178de6bcc26d4)
Jan [Wed, 23 Nov 2022 15:14:07 +0000 (16:14 +0100)]
Fix typo in openssl-x509.pod.in
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19746)
(cherry picked from commit
0b7ad5d928f9ee749cfc670ad08067a961217fea)
Richard Levitte [Sat, 19 Nov 2022 12:05:19 +0000 (13:05 +0100)]
test/timing_load_creds.c: use OPENSSL_SYS_ macros
A previous change was only half done. To avoid such mistakes again, we
switch to using the OPENSSL_SYS_ macros, as the are clearer than having
to check a pile of very platform and compiler specific macros.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19720)
(cherry picked from commit
83c1220ad137bb4b651478444c3666c66ec9d640)
Richard Levitte [Fri, 18 Nov 2022 12:28:35 +0000 (13:28 +0100)]
Disable test/timing_load_creds.c on VMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19713)
(cherry picked from commit
81929ac49aa583b2347348953d8399ad775c6fd1)
Jiaxun Yang [Tue, 22 Nov 2022 19:53:38 +0000 (19:53 +0000)]
Add SM2 support for EVP_PKEY_Q_keygen
There is no reason preventing this API to support SM2,
which gives us a simple method to do SM2 key gen.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19736)
(cherry picked from commit
3f32d29ad464591ed968a1e430111e1525280f4c)
Dr. David von Oheimb [Tue, 13 Sep 2022 20:22:48 +0000 (22:22 +0200)]
CMP: fix handling of unset or missing failInfo PKI status information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit
cba0e2afd6a222aa041e05f8455e83c9e959d05b)
Dr. David von Oheimb [Tue, 13 Sep 2022 13:43:59 +0000 (15:43 +0200)]
CMP: fix status held in OSSL_CMP_CTX, in particular for genp messages
On this occasion, replace magic constants by mnemonic ones; update doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19205)
(cherry picked from commit
19ddcc4cbb43464493a4b82332a1ab96da823451)
Everton Constantino [Thu, 27 Oct 2022 18:07:48 +0000 (15:07 -0300)]
Add two new build targets to enable the possibility of using clang-cl as
an assembler for Windows on Arm builds and also clang-cl as the compiler
as well. Make appropriate changes to armcap source and peralsm scripts.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19523)
(cherry picked from commit
b863e1e4c69068e4166bdfbbf9f04bb07991dd40)
Dr. David von Oheimb [Tue, 24 May 2022 18:33:32 +0000 (20:33 +0200)]
OSSL_trace_enabled.pod and OSSL_trace_set_channel.pod: improve doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18386)
(cherry picked from commit
3b7398843c1cfd170494a03a4be54042fb821172)
Dr. David von Oheimb [Mon, 23 May 2022 17:43:56 +0000 (19:43 +0200)]
http_client.c: Dump response on error when tracing is enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18386)
(cherry picked from commit
e8fdb0603572bf051dad6abc56291cdf1313a905)
Tobias Girstmair [Tue, 18 Oct 2022 11:23:21 +0000 (13:23 +0200)]
c_rehash: Fix file extension matching
For some reason, parenthesis were added 8 years ago in commit
a787c2590e468585a1a19738e0c7f481ec91b762. This essentially removed the
\. and $ constructs from the middle branches. Hence a file called e.g.
cert.key would accidentally match the (cer) rule.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19427)
(cherry picked from commit
706fc5f6ebd63e1fcd18d4764248206ab3c18a0a)
Pauli [Fri, 14 Oct 2022 01:53:02 +0000 (12:53 +1100)]
Coverity
1515953: negative loop bound
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19413)
(cherry picked from commit
9ab57f29c78d8d69b6ba9c579521594d7170ca44)
slontis [Tue, 4 Oct 2022 23:57:51 +0000 (09:57 +1000)]
Improve performance of the encoder collection
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19344)
(cherry picked from commit
c3b46409559c18f103ebb2221c6f8af3cd7db00d)
zhangzhilei [Sat, 24 Sep 2022 02:32:36 +0000 (10:32 +0800)]
optimize ossl_sm4_set_key speed
this optimization comes from libgcrypt, increse about 48% speed
Benchmark on my AMD Ryzen Threadripper 3990X
before:
Did
5752000 SM4 setup operations in 1000151us (
5751131.6 ops/sec)
after:
Did
8506000 SM4 setup operations in 1000023us (
8505804.4 ops/sec)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19270)
(cherry picked from commit
704e8090b4a789f52af07de9a3ebbe11db8e19f8)
zhuchen [Thu, 29 Sep 2022 12:14:00 +0000 (20:14 +0800)]
Add vpaes-loongarch64.pl module.
Add 128 bit lsx vector expansion optimization code of Loongarch64 architecture
to AES. The test result on the 3A5000 improves performance by about 40%~50%.
Signed-off-by: zhuchen <zhuchen@loongson.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19364)
(cherry picked from commit
ef917549f5867d269d359155ff67b8ccb5e66a76)
zhuchen [Thu, 29 Sep 2022 11:50:52 +0000 (19:50 +0800)]
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
Loongarch64 architecture defines 128 bit vector extension lsx and 256 bit
vector extension lasx. The cpucfg instruction can be used to obtain whether
the CPU has a corresponding extension. This part of code is added to prepare
for the subsequent addition of corresponding vector instruction optimization.
Signed-off-by: zhuchen <zhuchen@loongson.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19364)
(cherry picked from commit
7f2d6188c7b16ef7a4deeeedb56f42014156b9f8)
FdaSilvaYY [Tue, 23 Aug 2022 18:53:31 +0000 (20:53 +0200)]
nit: fix some pointer comparisons
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
(cherry picked from commit
e1e93f7a07dfc7a8dddd4ddbb79d1d9bc9760d32)
FdaSilvaYY [Tue, 23 Aug 2022 18:45:13 +0000 (20:45 +0200)]
apps & al : Fix various typos, repeated words, align some spelling to LDP.
Mostly revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
(cherry picked from commit
9929c81702381bff54f833d6fe0a3304f4e2b635)
FdaSilvaYY [Tue, 23 Aug 2022 18:40:44 +0000 (20:40 +0200)]
Fix various typos, repeated words, align some spelling to LDP.
Partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
(cherry picked from commit
d7f3a2cc8691c062ef5bdeef28b66f80c8f7d5c3)
FdaSilvaYY [Tue, 23 Aug 2022 18:37:03 +0000 (20:37 +0200)]
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
(cherry picked from commit
c7340583097a80a4fe42bacea745b2bbaa6d16db)
FdaSilvaYY [Tue, 23 Aug 2022 18:33:58 +0000 (20:33 +0200)]
crypto: Fix various typos, repeated words, align some spelling to LDP.
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- file name -> filename
- host name -> hostname
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
(cherry picked from commit
1567a821a4616f59748fa8982724f88e542867d6)
Thiago Suchorski [Thu, 22 Sep 2022 11:27:27 +0000 (08:27 -0300)]
Fixed some grammar and spelling
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/19262)
(cherry picked from commit
af33b200da8040c78dbfd8405878190980727171)
Dr. David von Oheimb [Fri, 26 Aug 2022 08:04:01 +0000 (10:04 +0200)]
ERR: replace remnant ECerr() and EVPerr() calls in crypto/
except those throwing ERR_R_MALLOC_FAILURE
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19302)
(cherry picked from commit
bd07cc1c7e3ca38689e59868b5945dc223235a49)
Juergen Christ [Mon, 29 Aug 2022 15:05:41 +0000 (17:05 +0200)]
apps/speed.c: Lock buffer in memory
Lock the buffers used for throughput measurements into memory. This removes
some side effects of paging.
Errors from the memory locking functions are ignored since they are not
critical to the application.
This feature is limited to Linux and Windows.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19091)
(cherry picked from commit
9710d72b95f4fc218ed613f42dc90ad0d263b14f)
Kan [Tue, 21 Jun 2022 06:55:55 +0000 (14:55 +0800)]
Add config option for speed command
Fixed #16986
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18616)
(cherry picked from commit
8403c7350fd836ea44baf69c0b7dc3af1189253f)
Dr. David von Oheimb [Sat, 24 Sep 2022 21:57:19 +0000 (23:57 +0200)]
test/trace_api_test.c: fix gcc error on -Werror=strict-prototypes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19277)
(cherry picked from commit
1fcd84c7017416a3c9461914d7a943591ad87a82)
Daniel Fiala [Fri, 5 Aug 2022 02:44:51 +0000 (04:44 +0200)]
Add tests for trace_api.
Fixes openssl#17422
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19096)
(cherry picked from commit
fcff5bd43c85418cc4aa8052e3dc3dba344d763e)
Tomas Mraz [Fri, 9 Sep 2022 12:46:24 +0000 (14:46 +0200)]
Fix AES-GCM on Power 8 CPUs
Properly fallback to the default implementation on CPUs
missing necessary instructions.
Fixes #19163
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19182)
(cherry picked from commit
9ab6b64ac856157a31a54c0d12207c2338bfa8e2)
David Carlier [Thu, 8 Sep 2022 21:16:31 +0000 (22:16 +0100)]
OSSL_CRYPTO_ALLOC attribute introduction proposal.
Giving hint to the compiler the returned pointer is not aliased
(so realloc-like api is de facto excluded).
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19180)
(cherry picked from commit
e1035957eba1e6ebdefd0e18dcbad5cbfa7a969a)
Paul Yang [Fri, 9 Sep 2022 07:48:24 +0000 (15:48 +0800)]
Fix PROV_RC5_CTX's original structure name
It looks like a typo when copy & pasting the structure from blowfish.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19186)
(cherry picked from commit
53ef02baf80130a81d019e85c528fdc13af9db33)
a1346054 [Thu, 8 Sep 2022 08:11:53 +0000 (08:11 +0000)]
openssl.cnf: split option value and comment and remove leading space
CLA: trivial
Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19173)
(cherry picked from commit
fd24de9f93049b05a54c48da5316f42882489230)
Todd Short [Thu, 1 Sep 2022 19:31:21 +0000 (15:31 -0400)]
Cleanup EBCDIC string defintions
Use a single definiton for protocol string defintions.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19122)
(cherry picked from commit
44e47328178328198018c23e6918884af5e8ce4b)
Matt Caswell [Wed, 31 Aug 2022 11:31:24 +0000 (12:31 +0100)]
Add some API tests for TLSv1.3 record padding
We have some ssl_test_new tests for record padding. But these only use
the block padding approach set via a config file on the SSL_CTX. We add
tests for all the various API calls.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19103)
(cherry picked from commit
f3f8e53c852f07d38c124e45f7c678e854be4a54)
Matt Caswell [Tue, 17 May 2022 13:36:39 +0000 (14:36 +0100)]
Add a test for read_ahead data crossing a key change
If read_ahead is switched on, it should still work even if the data that
is read cross epochs.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
(cherry picked from commit
f7565348c22785f69239883feb1f3c91d1cfd675)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 16:01:11 +0000 (00:01 +0800)]
provider: cipher: aes: add riscv32 zkn (zbkb) support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
(cherry picked from commit
5ccee69b1384fa9377986a6f7730e0d9a372b42b)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 15:44:31 +0000 (23:44 +0800)]
aes_platform: add riscv32 zkn asm support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
(cherry picked from commit
cbb15b31b98f47276cf9e87453831d96274baf66)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 15:29:34 +0000 (23:29 +0800)]
add build support for riscv32 aes zkn
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
(cherry picked from commit
b733ce73a423b99c0354b42e268216e0656e556b)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 16:02:44 +0000 (00:02 +0800)]
Add RISC-V 32 cpuid support
Mainly from #17640
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
(cherry picked from commit
61170642b1ad084ae4f52e43d39c5c1e471b323a)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 15:23:29 +0000 (23:23 +0800)]
Add linux32-riscv32/BSD-riscv32 target
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
(cherry picked from commit
42ee6e7be43c57136d71e5612fed22a06f7f5d0e)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 14:24:43 +0000 (22:24 +0800)]
Add AES implementation in riscv32 zkn asm
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18308)
(cherry picked from commit
b1b889d1b3fc92a56ead5536bee06f3415b78482)
Piotr Kubaj [Fri, 29 Jul 2022 10:47:29 +0000 (12:47 +0200)]
Add BSD-armv4 target based on linux-armv4
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18910)
(cherry picked from commit
a9389c0b75e69ebaf74fdc8fee0c983809e45931)
Daniel Hu [Tue, 19 Jul 2022 17:43:28 +0000 (18:43 +0100)]
Improve chacha20 perfomance on aarch64 by interleaving scalar with SVE/SVE2
The patch will process one extra block by scalar in addition to
blocks by SVE/SVE2 in parallel. This is esp. helpful in the
scenario where we only have 128-bit vector length.
The actual uplift to performance is complicated, depending on the
vector length and input data size. SVE/SVE2 implementation don't
always perform better than Neon, but it should prevail in most
cases
On a CPU with 256-bit SVE/SVE2, interleaved processing can
handle 9 blocks in parallel (8 blocks by SVE and 1 by Scalar).
on 128-bit SVE/SVE2 it is 5 blocks. Input size that is a multiple
of 9/5 blocks on respective CPU can be typically handled at
maximum speed.
Here are test data for 256-bit and 128-bit SVE/SVE2 by running
"openssl speed -evp chacha20 -bytes 576" (and other size)
----------------------------------+---------------------------------
256-bit SVE | 128-bit SVE2
----------------------------------|---------------------------------
Input 576 bytes 512 bytes | 320 bytes 256 bytes
----------------------------------|---------------------------------
SVE
1716361.91k
1556699.18k |
1615789.06k
1302864.40k
----------------------------------|---------------------------------
Neon
1262643.44k
1509044.05k | 680075.67k
1060532.31k
----------------------------------+---------------------------------
If the input size gets very large, the advantage of SVE/SVE2 over
Neon will fade out.
Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
Change-Id: Ieedfcb767b9c08280d7c8c9a8648919c69728fab
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18901)
(cherry picked from commit
3f42f41ad19c631287386fd8d58f9e02466c5e3f)
Matt Caswell [Wed, 24 Aug 2022 14:10:56 +0000 (15:10 +0100)]
Drop the optimisation level for ppc64le cross-compile
The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems
buggy and causes a seg fault in sslapitest. This doesn't impact any other
CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross
compiler.
We just drop the optimisation level on that platform.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19056)
(cherry picked from commit
200d9521a0d406a7d02778d1c6c5a5230caeecf5)
Dr. Matthias St. Pierre [Mon, 15 Aug 2022 13:01:11 +0000 (15:01 +0200)]
Add CODE-OF-CONDUCT.md
Fixes #18820
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19002)
(cherry picked from commit
63df86b041aaafba3e4998b2e3872fa8695a2377)
Rohan McLure [Thu, 30 Jun 2022 06:21:06 +0000 (16:21 +1000)]
Fix unrolled montgomery multiplication for POWER9
In the reference C implementation in bn_asm.c, tp[num + 1] contains the
carry bit for accumulations into tp[num]. tp[num + 1] is only ever
assigned, never itself incremented.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)
(cherry picked from commit
2f1112b22a826dc8854b41b60a422c987f8ddafb)
Rohan McLure [Mon, 27 Jun 2022 02:14:55 +0000 (12:14 +1000)]
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""
This reverts commit
712d9cc90e355b2c98a959d4e9398610d2269c9e.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)
(cherry picked from commit
eae70100fadbc94f18ba7a729bf065cb524a9fc9)
Dr. David von Oheimb [Mon, 25 Jul 2022 07:19:40 +0000 (09:19 +0200)]
test/timing_load_creds.c: fix coding style and other (mostly minor) issues
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)
(cherry picked from commit
45479dcee1672661e4f5b6d8b6c9a50453581e65)
Dr. David von Oheimb [Mon, 18 Jul 2022 18:26:57 +0000 (20:26 +0200)]
Rename the "timing" program to "timing_load_creds" and integrate it with test/build.info
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)
(cherry picked from commit
c02036e1ad759fca228a2201f1c4752670ad59bd)
Rich Salz [Thu, 29 Apr 2021 17:48:45 +0000 (13:48 -0400)]
Add a stand-alone "timing" program
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18821)
(cherry picked from commit
6212fc6814e8a8968bb35239cd454afd22b6a083)
Hongren (Zenithal) Zheng [Wed, 11 May 2022 10:32:13 +0000 (18:32 +0800)]
Add ROTATE inline RISC-V zbb/zbkb asm for DES
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18290)
(cherry picked from commit
6136408e6abf10672e399bf95be064868f2f7ca6)
Juergen Christ [Tue, 2 Aug 2022 12:41:00 +0000 (14:41 +0200)]
Fix GHASH-ASM implementation on s390x
s390x GHASH assembler implementation assumed it was called from a
gcm128_context structure where the Xi paramter to the ghash function was
embedded in that structure. Since the structure layout resembles the paramter
block required for kimd-GHASH, the assembler code simply assumed the 128 bytes
after Xi are the hash subkey.
This assumption was broken with the introduction of AES-GCM-SIV which uses the
GHASH implementation without a gcm128_context structure. Furthermore, the
bytes following the Xi input parameter to the GHASH function do not contain
the hash subkey. To fix this, we remove the assumption about the calling
context and build the parameter block on the stack. This requires some
copying of data to and from the stack. While this introduces a performance
degradation, new systems anyway use kma for GHASH/AES-GCM.
Finally fixes #18693 for s390x.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18939)
(cherry picked from commit
cd854f225bbef9561fad680e2628dfd55be1b141)
Kurt Roeckx [Tue, 2 Aug 2022 16:49:40 +0000 (18:49 +0200)]
Change name of parameter in documentation from sigret to sig
The rest of the documentation talks about sig, not sigret
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18943)
(cherry picked from commit
2bd8190aace8109a06aff495a3e20c863ef48653)
Tomas Mraz [Mon, 14 Nov 2022 18:31:17 +0000 (19:31 +0100)]
gcm_get_funcs(): Add missing fallback for ghash on x86_64
Fixes #19673
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19674)
(cherry picked from commit
be0161ff100bf10c9549fc09ce4513681011da1c)
Tomas Mraz [Thu, 28 Jul 2022 14:23:51 +0000 (16:23 +0200)]
Fix regression from GCM mode refactoring
Fixes #18896
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18903)
(cherry picked from commit
186be8ed26f5561faf91d6da3ed14cd9cb6617dd)
Juergen Christ [Mon, 25 Jul 2022 09:31:20 +0000 (11:31 +0200)]
s390x: Optimize kmac
Use hardware acceleration for kmac on s390x. Since klmd does not support
kmac, perform padding of the last block by hand and use kimd. Yields a
performance improvement of between 2x and 3x.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18863)
(cherry picked from commit
affc070aabc930aeaba50f0dd6b3e0b7a2ddc399)
Juergen Christ [Mon, 25 Jul 2022 08:34:26 +0000 (10:34 +0200)]
s390x: Fix GCM setup
Rework of GCM code did not include s390x causing NULL pointer dereferences on
GCM operations other than AES-GCM on platforms that support kma. Fix this by
a proper setup of the function pointers.
Fixes: 92c9086e5c2b ("Use separate function to get GCM functions")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18862)
(cherry picked from commit
48e35b99bd0071207cfe39da22eb2502db5c09dc)
Todd Short [Wed, 20 Jul 2022 15:11:41 +0000 (11:11 -0400)]
Clean up GCM_MUL and remove GCM_FUNCREF_4BIT
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
(cherry picked from commit
d50e0934e5b1537db0ea43986464b8f8f8b4e9fd)
Todd Short [Wed, 20 Jul 2022 15:06:59 +0000 (11:06 -0400)]
Clean up use of GHASH macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
(cherry picked from commit
95201ef45711220455e8abf1cc6b334393384af2)
Todd Short [Wed, 20 Jul 2022 14:54:24 +0000 (10:54 -0400)]
Use separate function to get GCM functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
(cherry picked from commit
92c9086e5c2b63606cd28a7f13f09b9ff35a0de3)
Todd Short [Wed, 20 Jul 2022 14:04:34 +0000 (10:04 -0400)]
Remove some unused 4bit GCM code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
(cherry picked from commit
7da952bcc54604141ea8ed40ec5ed1fd2f74cc25)
Todd Short [Wed, 20 Jul 2022 13:48:21 +0000 (09:48 -0400)]
Remove unused 1bit GCM implementation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
(cherry picked from commit
7b6e19fc4e6cc1a7000f71789ef50636dacdbb85)
Todd Short [Wed, 20 Jul 2022 13:38:07 +0000 (09:38 -0400)]
Remove unused 8bit GCM implementation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18835)
(cherry picked from commit
a8b5128fd724bc23f7454d64e401d15129634a01)
marcfedorow [Tue, 19 Jul 2022 16:15:44 +0000 (19:15 +0300)]
Emit rev8 on __riscv_zbkb as on __riscv_zbb
Also add early clobber for two-insn bswap.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18827)
(cherry picked from commit
48b6776678d794406c625dcb5767102b73081962)
FdaSilvaYY [Sat, 20 Feb 2021 22:39:30 +0000 (23:39 +0100)]
Cleanup : directly include of `internal/nelem.h` when required.
And so clean a few useless includes
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19721)
(cherry picked from commit
f2a6f83862be3e20260b708288a8f7d0928e9018)
slontis [Wed, 2 Nov 2022 03:20:55 +0000 (13:20 +1000)]
Improve FIPS RSA keygen performance.
Reduce the Miller Rabin counts to the values specified by FIPS 186-5.
The old code was using a fixed value of 64.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19579)
(cherry picked from commit
d2f6e66d2837bff1f5f7636bb2118e3a45c9df61)
Tomas Mraz [Mon, 14 Nov 2022 19:02:13 +0000 (20:02 +0100)]
params_api_test.c: Fix mistake in backported test fix
Fixup for
e8f1d76b50204d87a0ef7f6879eb1dd507a54368.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19675)
Tomas Mraz [Tue, 11 Oct 2022 15:26:23 +0000 (17:26 +0200)]
Release the drbg in the global default context before engines
Fixes #17995
Fixes #18578
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/19386)
(cherry picked from commit
a88e97fcace01ecf557b207f04328a72df5110df)
Bernd Edlinger [Sat, 2 Apr 2022 11:41:12 +0000 (13:41 +0200)]
Add a test case for the engine crash with AES-256-CTR
Implement the AES-256-CTR cipher in the dasync engine.
Use that to reproduce the reported problems with the
devcrypto engine in our normal test environment.
See #17995 and #17532 for details.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19386)
(cherry picked from commit
bd363ef32403d58a8b41553b5abd602b30073b10)
Daniel Fiala [Fri, 21 Oct 2022 04:28:12 +0000 (06:28 +0200)]
Add an EVP signature demo using DSA
Fixes openssl#14114
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19492)
(cherry picked from commit
858b5d12b85b0639519d21206c9da7e1bb976a00)
Richard Levitte [Tue, 22 Nov 2022 14:05:45 +0000 (15:05 +0100)]
test/recipes/80-test_cms.t: Fix the "CAdES ko" test
This test had commands that assumes that runner_loop() is used to perform
the tests. These tests still run fine because Unix accepts braces in file
names, but other operating systems might not.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19731)
slontis [Thu, 17 Nov 2022 01:58:36 +0000 (11:58 +1000)]
Fix coverity issues in X509v3_addr
CID
1516955 : Null pointer deref (REVERSE_INULL)
CID
1516954 : Null pointer deref (REVERSE_INULL)
CID
1516953 : RESOURCE_LEAK of child
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19700)
(cherry picked from commit
26cfa4cd85f6b26dd7a48c2ff06bfa4a2cea4764)
slontis [Wed, 16 Nov 2022 21:26:06 +0000 (07:26 +1000)]
Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)
(cherry picked from commit
4741c80c0556653c74252ec91425dcb74066b2ec)
slontis [Wed, 2 Nov 2022 02:01:34 +0000 (12:01 +1000)]
Improve FIPS RSA keygen performance.
FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.
Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.
The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.
For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)
(cherry picked from commit
dd1d7bcb69994d81662e709b0ad838880b943870)
Matt Caswell [Fri, 22 Jul 2022 10:12:52 +0000 (11:12 +0100)]
Fix no-dtls1_2
dtlstest.c needs some adjusting to handle no-dtls1_2 since commit
7bf2e4d7f0c banned DTLSv1 at the default security level - causing the
test to fail.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18848)
(cherry picked from commit
a6843e6ae8ae0551aae8555783f06dab7951f112)
Tomas Mraz [Tue, 12 Jul 2022 10:32:44 +0000 (12:32 +0200)]
dhparam: Correct the documentation of -dsaparam
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
(cherry picked from commit
2885b2ca4eee5586baa50208e41a1ca54532eb3a)
Tomas Mraz [Fri, 10 Jun 2022 08:06:24 +0000 (10:06 +0200)]
dhparam_test: Test that we add private key length on generation and print it
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
(cherry picked from commit
2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a)
Tomas Mraz [Mon, 6 Jun 2022 08:22:00 +0000 (10:22 +0200)]
Use as small dh key size as possible to support the security
Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.
We use minimum key sizes as defined in RFC7919.
For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.
However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.
That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
(cherry picked from commit
ddb13b283be84d771deba1e964610b1670641f03)
Hongren (Zenithal) Zheng [Wed, 11 May 2022 10:09:46 +0000 (18:09 +0800)]
Add ROTATE inline RISC-V zbb/zbkb asm for chacha
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18289)
(cherry picked from commit
ca6286c382a7eb527fac9aba2a018354acb27b16)
Max Bachmann [Thu, 5 May 2022 16:46:03 +0000 (18:46 +0200)]
Add config option OPENSSL_NO_UNIX_SOCK
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18256)
(cherry picked from commit
081f3484593cdd3be2b7fdd8818c3f928ce729bc)
Matt Caswell [Fri, 17 Jun 2022 15:37:24 +0000 (16:37 +0100)]
Add a DTLS next epoch test
Test that if we receive a packet from the next epoch, we can buffer it
and still use it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18601)
(cherry picked from commit
e1c153d31d4f913ebe2202a4bc20305919274d1f)
Richard Levitte [Wed, 5 Oct 2022 10:47:32 +0000 (12:47 +0200)]
VMS: For executables, process the use of /INCLUDE=main a bit differently
The way it was implemented didn't play well with perl's join(), so it's
reimplemented a bit differently.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19347)
(cherry picked from commit
1ec0acf264652bd981e95842723e5414d634cd93)
Richard Levitte [Sat, 1 Oct 2022 09:18:57 +0000 (11:18 +0200)]
VMS: use selective search when linking with shareable images
VMS linking complains a lot about multiply defined symbols unless told
otherwise, especially when shareable images are involved. For example, this
involves the legacy provider, where there are overriding implementations of
certain ERR functions.
To quiet the linker down, we need to say that symbols should be searched
selectively in shareable images.
However, that's not quite enough. The order in which the VMS linker
processes files isn't necessarily top to bottom as given on the command line
or the option file(s), which may result in some symbols appearing undefined,
even though they are. To remedy that, it's necessary to explicitly include
all object files and object libraries into a cluster, thus ensuring that
they will be processed first. This allows the search for remaining symbol
references to be done in the as desired in the shareable images that follow.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19327)
(cherry picked from commit
c62a9cd720eccdbb388890ee4a36801d01315be4)
Hongren (Zenithal) Zheng [Wed, 11 May 2022 09:18:27 +0000 (17:18 +0800)]
Add ROTATE inline asm support for SM3
And move ROTATE inline asm to header.
Now this benefits SM3, SHA (when with Zbb only and no Zknh)
and other hash functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18287)
(cherry picked from commit
eea820f3e239a4c11d618741fd5d00a6bc877347)
Hongren (Zenithal) Zheng [Wed, 11 May 2022 08:11:18 +0000 (16:11 +0800)]
Add SM3 implementation in RISC-V Zksh asm
This works for both RV32 and RV64
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18287)
(cherry picked from commit
7ae2bc9df6e0916a8f16183f07dfa1815dd4b66d)
Hugo Landau [Tue, 22 Mar 2022 11:52:27 +0000 (11:52 +0000)]
Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17937)
(cherry picked from commit
5317b6ee1fc3db20de5976fbb46cc49a45c0768a)
Daniel Hu [Wed, 25 May 2022 09:23:40 +0000 (10:23 +0100)]
Optimize chacha20 on aarch64 by SVE2
This patch improves existing chacha20 SVE patch by using SVE2,
which is an optional architecture feature of aarch64, with XAR
instruction that can improve the performance of chacha20.
Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18522)
(cherry picked from commit
bcb52bcc9f9c36a85d037976676fd5ca52f307cd)
Lutz Jaenicke [Fri, 17 Jun 2022 11:11:31 +0000 (13:11 +0200)]
Add test cases for verification of time stamping certificates
Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)
(cherry picked from commit
386ab7f1fefdd77521e670d9593e9894e2774be0)
Daniel Fiala [Wed, 15 Jun 2022 06:54:39 +0000 (08:54 +0200)]
Remove debug and other outdated build targets.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18571)
(cherry picked from commit
909d590fe7a0935e7856ec618afd652ae03a9260)