[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Mar 19 10:38:58 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  a7e1cb8cbbefda0f31489566ad08055239ee216e (commit)
       via  958beb89b34aafe16b62416099e099ce0eb3e5e4 (commit)
      from  5f702f16e7ed108b2098042c2488fb5b86ac83c2 (commit)


- Log -----------------------------------------------------------------
commit a7e1cb8cbbefda0f31489566ad08055239ee216e
Author: Vitezslav Cizek <vcizek at suse.com>
Date:   Tue Mar 5 22:52:33 2019 +0100

    apps/speed.c: properly address NO_EC2M on systems without SIGALRM
    
    The ecdh_c array is allocated of the same size as ecdh_choices,
    whose size depends on whether the support for binary curves is enabled
    or not.  (The same goes for ecdsa_c).
    On systems without SIGALRM, ecdh_c is indexed by predefined constants
    intended for representing the index of the ciphers in the ecdh_choices
    array.
    However, in case of NO_EC2M some of the #defined constants won't match
    and would actually access the ecdh_c out-of-bounds.
    
    Use enum instead of a macro to define the curve indexes so they're
    within the bounds of the ecdh_c array.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8422)
    
    (cherry picked from commit f5c9916742655f872018426838cff4ff04da5321)

commit 958beb89b34aafe16b62416099e099ce0eb3e5e4
Author: Vitezslav Cizek <vcizek at suse.com>
Date:   Tue Mar 5 17:14:33 2019 +0100

    apps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M
    
    openssl speed doesn't take into account that the library could be
    compiled without the support for the binary curves and happily uses
    them, which results in EC_GROUP_new_by_curve_name() errors.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8422)
    
    (cherry picked from commit d61f489b5a8d8369e75ee1e4991b3d4db95d7c7c)

-----------------------------------------------------------------------

Summary of changes:
 apps/speed.c | 63 +++++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 39 insertions(+), 24 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 506737d..e47ba30 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -489,30 +489,35 @@ static const OPT_PAIR rsa_choices[] = {
 static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
 #endif /* OPENSSL_NO_RSA */
 
-#define R_EC_P160    0
-#define R_EC_P192    1
-#define R_EC_P224    2
-#define R_EC_P256    3
-#define R_EC_P384    4
-#define R_EC_P521    5
-#define R_EC_K163    6
-#define R_EC_K233    7
-#define R_EC_K283    8
-#define R_EC_K409    9
-#define R_EC_K571    10
-#define R_EC_B163    11
-#define R_EC_B233    12
-#define R_EC_B283    13
-#define R_EC_B409    14
-#define R_EC_B571    15
-#define R_EC_BRP256R1  16
-#define R_EC_BRP256T1  17
-#define R_EC_BRP384R1  18
-#define R_EC_BRP384T1  19
-#define R_EC_BRP512R1  20
-#define R_EC_BRP512T1  21
-#define R_EC_X25519  22
-#define R_EC_X448    23
+enum {
+    R_EC_P160,
+    R_EC_P192,
+    R_EC_P224,
+    R_EC_P256,
+    R_EC_P384,
+    R_EC_P521,
+#ifndef OPENSSL_NO_EC2M
+    R_EC_K163,
+    R_EC_K233,
+    R_EC_K283,
+    R_EC_K409,
+    R_EC_K571,
+    R_EC_B163,
+    R_EC_B233,
+    R_EC_B283,
+    R_EC_B409,
+    R_EC_B571,
+#endif
+    R_EC_BRP256R1,
+    R_EC_BRP256T1,
+    R_EC_BRP384R1,
+    R_EC_BRP384T1,
+    R_EC_BRP512R1,
+    R_EC_BRP512T1,
+    R_EC_X25519,
+    R_EC_X448
+};
+
 #ifndef OPENSSL_NO_EC
 static OPT_PAIR ecdsa_choices[] = {
     {"ecdsap160", R_EC_P160},
@@ -521,6 +526,7 @@ static OPT_PAIR ecdsa_choices[] = {
     {"ecdsap256", R_EC_P256},
     {"ecdsap384", R_EC_P384},
     {"ecdsap521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
     {"ecdsak163", R_EC_K163},
     {"ecdsak233", R_EC_K233},
     {"ecdsak283", R_EC_K283},
@@ -531,6 +537,7 @@ static OPT_PAIR ecdsa_choices[] = {
     {"ecdsab283", R_EC_B283},
     {"ecdsab409", R_EC_B409},
     {"ecdsab571", R_EC_B571},
+# endif
     {"ecdsabrp256r1", R_EC_BRP256R1},
     {"ecdsabrp256t1", R_EC_BRP256T1},
     {"ecdsabrp384r1", R_EC_BRP384R1},
@@ -549,6 +556,7 @@ static const OPT_PAIR ecdh_choices[] = {
     {"ecdhp256", R_EC_P256},
     {"ecdhp384", R_EC_P384},
     {"ecdhp521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
     {"ecdhk163", R_EC_K163},
     {"ecdhk233", R_EC_K233},
     {"ecdhk283", R_EC_K283},
@@ -559,6 +567,7 @@ static const OPT_PAIR ecdh_choices[] = {
     {"ecdhb283", R_EC_B283},
     {"ecdhb409", R_EC_B409},
     {"ecdhb571", R_EC_B571},
+# endif
     {"ecdhbrp256r1", R_EC_BRP256R1},
     {"ecdhbrp256t1", R_EC_BRP256T1},
     {"ecdhbrp384r1", R_EC_BRP384R1},
@@ -1501,6 +1510,7 @@ int speed_main(int argc, char **argv)
         {"nistp256", NID_X9_62_prime256v1, 256},
         {"nistp384", NID_secp384r1, 384},
         {"nistp521", NID_secp521r1, 521},
+# ifndef OPENSSL_NO_EC2M
         /* Binary Curves */
         {"nistk163", NID_sect163k1, 163},
         {"nistk233", NID_sect233k1, 233},
@@ -1512,6 +1522,7 @@ int speed_main(int argc, char **argv)
         {"nistb283", NID_sect283r1, 283},
         {"nistb409", NID_sect409r1, 409},
         {"nistb571", NID_sect571r1, 571},
+# endif
         {"brainpoolP256r1", NID_brainpoolP256r1, 256},
         {"brainpoolP256t1", NID_brainpoolP256t1, 256},
         {"brainpoolP384r1", NID_brainpoolP384r1, 384},
@@ -2031,6 +2042,7 @@ int speed_main(int argc, char **argv)
             }
         }
     }
+#   ifndef OPENSSL_NO_EC2M
     ecdsa_c[R_EC_K163][0] = count / 1000;
     ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
     for (i = R_EC_K233; i <= R_EC_K571; i++) {
@@ -2059,6 +2071,7 @@ int speed_main(int argc, char **argv)
             }
         }
     }
+#   endif
 
     ecdh_c[R_EC_P160][0] = count / 1000;
     for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -2071,6 +2084,7 @@ int speed_main(int argc, char **argv)
             }
         }
     }
+#   ifndef OPENSSL_NO_EC2M
     ecdh_c[R_EC_K163][0] = count / 1000;
     for (i = R_EC_K233; i <= R_EC_K571; i++) {
         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
@@ -2093,6 +2107,7 @@ int speed_main(int argc, char **argv)
             }
         }
     }
+#   endif
     /* repeated code good to factorize */
     ecdh_c[R_EC_BRP256R1][0] = count / 1000;
     for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {


More information about the openssl-commits mailing list