[openssl/openssl] 6460c3: increase x509 code coverage metrics
James Muir
noreply at github.com
Wed Nov 9 14:36:17 UTC 2022
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: 6460c3cf931feef9aea2ad0e8264c042816c9436
https://github.com/openssl/openssl/commit/6460c3cf931feef9aea2ad0e8264c042816c9436
Author: Tavis Ormandy <taviso at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
A fuzz/corpora/x509/21c8004279f4b57fd8f904382cf138effd089b25
A fuzz/corpora/x509/2bd8a58cc944497f08ea233d69443d6696c9fb3f
A fuzz/corpora/x509/2fe700400bc899b9e7f30d66be5b19271ac47c64
A fuzz/corpora/x509/31305f3b3ee0a5510918efdad62d29da23c1d057
A fuzz/corpora/x509/382c9ce318e5d7abe889c3b2e9ace063d9ef5344
A fuzz/corpora/x509/39cf74c117b5dba51828cff51a27790c737045d7
A fuzz/corpora/x509/57927e05973120e02ca3e0af582a70d3398f085f
A fuzz/corpora/x509/5dbc640a493e76958fdb2c73c9da4d9101f30061
A fuzz/corpora/x509/6a1cee93d3b815669b0c65bde8e391c614a29ea3
A fuzz/corpora/x509/6dcc554810035cc46962eac88c1883623f3e69c6
A fuzz/corpora/x509/76b8ba06006375c9c47466dacf3a53021672df12
A fuzz/corpora/x509/8b5fc9262d78c8c87d100ead207dc93df6361295
A fuzz/corpora/x509/9900db635402ea32ef26249b5f811a0d85a56385
A fuzz/corpora/x509/aa0e6c5373568c9d7f48dc627d19400208baed83
A fuzz/corpora/x509/b1259bf4ca791b0f46887d9a959598e3ed5b6d33
A fuzz/corpora/x509/b73532123cb6a663e8cf7334de9c9771ecb432f7
A fuzz/corpora/x509/ce89063b8353b1880cb86f73f618a4008d83532a
A fuzz/corpora/x509/d056ac458b78c0344a83c0383f76a20dbb4dcdbc
A fuzz/corpora/x509/d57f9f790ec3895b7e11969a0b319bf274284be3
A fuzz/corpora/x509/d60a803dc64c2f98c732660fb006b944df9f9270
A fuzz/corpora/x509/e690741d65108fc3e8ce0af814e6b6967cfad51c
A fuzz/corpora/x509/e7c6f4d50fb62030e2259c94f3a423e0d1c0fa16
A fuzz/corpora/x509/e8ff454fe20035d1ee1c6fbb50cda330e8a48d47
A fuzz/corpora/x509/ea973eb22df5eedd5f52639e1ad0950118c76b2e
A fuzz/corpora/x509/ebabb2852689b7bedc46cc38d10deb4a4be8c8f7
A fuzz/corpora/x509/ec16dacfbdb34e2a1f0909ec9c59f9e6fa7d5ab3
A fuzz/corpora/x509/ee7a250cc7b123f8f3000fa2b0c045efd080f752
A fuzz/corpora/x509/f11550062adba3ac78fccf835a882a68e1bffab2
A fuzz/corpora/x509/f11f61828aa0a0fecaf44cbc155d7e174d814eb6
A fuzz/corpora/x509/f1506975d926f6e98be686ea147854951d8fefcc
A fuzz/corpora/x509/f3aebf0d2a2db39f8e4917e5b6a0e5fb0e0ce806
A fuzz/corpora/x509/f5f0426c6dafa100b79a8675f15aca90a68d9e16
A fuzz/corpora/x509/f6735b84d4c704f3674a50e6475c83bc2a3d6f1f
A fuzz/corpora/x509/fa4768c5efcb1b5c8ecda30b263f5e9ca4320718
A fuzz/corpora/x509/fae428be68618af3fc3fb89ab79d92f9d1a9b1b9
A fuzz/corpora/x509/fb92fed0a0bc2235437683e655533d84b64a59c0
A fuzz/corpora/x509/fc48a26e3e5e2a9229452819e8605b1cbfdd9892
A fuzz/corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
Log Message:
-----------
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
(cherry picked from commit 415e6ac80405e13b20b083315747e431274fbd33)
Commit: 0c1613aeb924b3b1baff9599132bd8bca0103f83
https://github.com/openssl/openssl/commit/0c1613aeb924b3b1baff9599132bd8bca0103f83
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M include/internal/tsan_assist.h
Log Message:
-----------
tsan: add an addition macro
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit b0b456f8c8b628c3d7e212339e31cbfd06ac4ec8)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 196c57ee6a956169aadbd760c13110671773f371
https://github.com/openssl/openssl/commit/196c57ee6a956169aadbd760c13110671773f371
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/objects/obj_dat.c
Log Message:
-----------
obj: make the OBJ_ calls thread safe
This is done using a single global lock. The premise for this is that new
objects will most frequently be added at start up and never added subsequently.
Thus, the locking will be for read most of the time.
This does, however, introduce the overhead of taking an uncontested read lock
when accessing the object database.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit 397065c621e733fff80dedb28252120ec143693e)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 26d9ed7aef61eb847359360f4c4ae4324b51f2ac
https://github.com/openssl/openssl/commit/26d9ed7aef61eb847359360f4c4ae4324b51f2ac
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/objects/obj_dat.c
Log Message:
-----------
obj: make new NIDs use tsan if possible
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit 29c80c6004de8bfd1792e421bbe03ab5f075f21d)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 060290e6aaf278f01826c37e3f55b8b8b95cbbb5
https://github.com/openssl/openssl/commit/060290e6aaf278f01826c37e3f55b8b8b95cbbb5
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/objects/obj_xref.c
Log Message:
-----------
obj: add locking to the OBJ sigid calls
This is done using a single global lock. The premise for this is that new
objects will most frequently be added at start up and never added subsequently.
Thus, the locking will be for read most of the time.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit c568900c9ac02e92c54bd3168773d54d7350a580)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: a5d27c2907ed9658df228dc0b3b5743e20f1557f
https://github.com/openssl/openssl/commit/a5d27c2907ed9658df228dc0b3b5743e20f1557f
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M doc/man3/OBJ_nid2obj.pod
M doc/man7/provider-base.pod
Log Message:
-----------
doc: Document that the OBJ creation functions are now thread safe.
With the OBJ_ thread locking in place, these documentation changes are not
required.
This reverts commit 0218bcdd3feab456135207c140998305df73ab7b.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit 06394a6cc7c784b46bc6d1e65a1ff39637093934)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: cd0cc4911f88f39f97dd13791b59a2d22463e663
https://github.com/openssl/openssl/commit/cd0cc4911f88f39f97dd13791b59a2d22463e663
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M doc/man7/openssl-threads.pod
Log Message:
-----------
doc: add note to indicate that the OBJ_ functions were not thread safe in 3.0
Also remove OBJ_thread from the list of non-threadsafe functions.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit b66b024cf7124c9639011b27b70a082e3bc3d269)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 74299cf58fefb3cdde23444bd12e6e212a4c99af
https://github.com/openssl/openssl/commit/74299cf58fefb3cdde23444bd12e6e212a4c99af
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/threadstest.c
Log Message:
-----------
test: add threading test for object creation
In addition, rework the multi tests to use common code.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit 0855591e1f3559313641c13e4b7ce900ce42321c)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 8bb214fae17097d8258f19f6c571a11306108be6
https://github.com/openssl/openssl/commit/8bb214fae17097d8258f19f6c571a11306108be6
Author: Pauli <ppzgs1 at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M CHANGES.md
Log Message:
-----------
Add changes entry indicating that the OBJ_* calls are now thread safe
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15713)
(cherry picked from commit 63d0f4d2b04ed334e534c9f6d0b18262161b0050)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 17366644e4d84b64c14302b36dac90e68d54453d
https://github.com/openssl/openssl/commit/17366644e4d84b64c14302b36dac90e68d54453d
Author: marcfedorow <mark.fedorov at cloudbear.ru>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/sha/sha512.c
Log Message:
-----------
RISC-V support for the SHA512
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16638)
(cherry picked from commit 611685adc04a7c7e9612d51e743044fdcd9d1846)
Commit: 37fdd76d06b961d650e12a0d19d8186669e80398
https://github.com/openssl/openssl/commit/37fdd76d06b961d650e12a0d19d8186669e80398
Author: Russ Butler <russ.butler at arm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/aes/asm/aesv8-armx.pl
M crypto/aes/asm/vpaes-armv8.pl
M crypto/aes/build.info
M crypto/arm64cpuid.pl
M crypto/arm_arch.h
M crypto/bn/asm/armv8-mont.pl
M crypto/chacha/asm/chacha-armv8.pl
M crypto/ec/asm/ecp_nistz256-armv8.pl
M crypto/modes/asm/aes-gcm-armv8_64.pl
M crypto/modes/asm/ghashv8-armx.pl
M crypto/poly1305/asm/poly1305-armv8.pl
M crypto/sha/asm/keccak1600-armv8.pl
M crypto/sha/asm/sha1-armv8.pl
M crypto/sha/asm/sha512-armv8.pl
M crypto/sha/build.info
Log Message:
-----------
aarch64: support BTI and pointer authentication in assembly
This change adds optional support for
- Armv8.3-A Pointer Authentication (PAuth) and
- Armv8.5-A Branch Target Identification (BTI)
features to the perl scripts.
Both features can be enabled with additional compiler flags.
Unless any of these are enabled explicitly there is no code change at
all.
The extensions are briefly described below. Please read the appropriate
chapters of the Arm Architecture Reference Manual for the complete
specification.
Scope
-----
This change only affects generated assembly code.
Armv8.3-A Pointer Authentication
--------------------------------
Pointer Authentication extension supports the authentication of the
contents of registers before they are used for indirect branching
or load.
PAuth provides a probabilistic method to detect corruption of register
values. PAuth signing instructions generate a Pointer Authentication
Code (PAC) based on the value of a register, a seed and a key.
The generated PAC is inserted into the original value in the register.
A PAuth authentication instruction recomputes the PAC, and if it matches
the PAC in the register, restores its original value. In case of a
mismatch, an architecturally unmapped address is generated instead.
With PAuth, mitigation against ROP (Return-oriented Programming) attacks
can be implemented. This is achieved by signing the contents of the
link-register (LR) before it is pushed to stack. Once LR is popped,
it is authenticated. This way a stack corruption which overwrites the
LR on the stack is detectable.
The PAuth extension adds several new instructions, some of which are not
recognized by older hardware. To support a single codebase for both pre
Armv8.3-A targets and newer ones, only NOP-space instructions are added
by this patch. These instructions are treated as NOPs on hardware
which does not support Armv8.3-A. Furthermore, this patch only considers
cases where LR is saved to the stack and then restored before branching
to its content. There are cases in the code where LR is pushed to stack
but it is not used later. We do not address these cases as they are not
affected by PAuth.
There are two keys available to sign an instruction address: A and B.
PACIASP and PACIBSP only differ in the used keys: A and B, respectively.
The keys are typically managed by the operating system.
To enable generating code for PAuth compile with
-mbranch-protection=<mode>:
- standard or pac-ret: add PACIASP and AUTIASP, also enables BTI
(read below)
- pac-ret+b-key: add PACIBSP and AUTIBSP
Armv8.5-A Branch Target Identification
--------------------------------------
Branch Target Identification features some new instructions which
protect the execution of instructions on guarded pages which are not
intended branch targets.
If Armv8.5-A is supported by the hardware, execution of an instruction
changes the value of PSTATE.BTYPE field. If an indirect branch
lands on a guarded page the target instruction must be one of the
BTI <jc> flavors, or in case of a direct call or jump it can be any
other instruction. If the target instruction is not compatible with the
value of PSTATE.BTYPE a Branch Target Exception is generated.
In short, indirect jumps are compatible with BTI <j> and <jc> while
indirect calls are compatible with BTI <c> and <jc>. Please refer to the
specification for the details.
Armv8.3-A PACIASP and PACIBSP are implicit branch target
identification instructions which are equivalent with BTI c or BTI jc
depending on system register configuration.
BTI is used to mitigate JOP (Jump-oriented Programming) attacks by
limiting the set of instructions which can be jumped to.
BTI requires active linker support to mark the pages with BTI-enabled
code as guarded. For ELF64 files BTI compatibility is recorded in the
.note.gnu.property section. For a shared object or static binary it is
required that all linked units support BTI. This means that even a
single assembly file without the required note section turns-off BTI
for the whole binary or shared object.
The new BTI instructions are treated as NOPs on hardware which does
not support Armv8.5-A or on pages which are not guarded.
To insert this new and optional instruction compile with
-mbranch-protection=standard (also enables PAuth) or +bti.
When targeting a guarded page from a non-guarded page, weaker
compatibility restrictions apply to maintain compatibility between
legacy and new code. For detailed rules please refer to the Arm ARM.
Compiler support
----------------
Compiler support requires understanding '-mbranch-protection=<mode>'
and emitting the appropriate feature macros (__ARM_FEATURE_BTI_DEFAULT
and __ARM_FEATURE_PAC_DEFAULT). The current state is the following:
-------------------------------------------------------
| Compiler | -mbranch-protection | Feature macros |
+----------+---------------------+--------------------+
| clang | 9.0.0 | 11.0.0 |
+----------+---------------------+--------------------+
| gcc | 9 | expected in 10.1+ |
-------------------------------------------------------
Available Platforms
------------------
Arm Fast Model and QEMU support both extensions.
https://developer.arm.com/tools-and-software/simulation-models/fast-models
https://www.qemu.org/
Implementation Notes
--------------------
This change adds BTI landing pads even to assembly functions which are
likely to be directly called only. In these cases, landing pads might
be superfluous depending on what code the linker generates.
Code size and performance impact for these cases would be negligible.
Interaction with C code
-----------------------
Pointer Authentication is a per-frame protection while Branch Target
Identification can be turned on and off only for all code pages of a
whole shared object or static binary. Because of these properties if
C/C++ code is compiled without any of the above features but assembly
files support any of them unconditionally there is no incompatibility
between the two.
Useful Links
------------
To fully understand the details of both PAuth and BTI it is advised to
read the related chapters of the Arm Architecture Reference Manual
(Arm ARM):
https://developer.arm.com/documentation/ddi0487/latest/
Additional materials:
"Providing protection for complex software"
https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
Arm Compiler Reference Guide Version 6.14: -mbranch-protection
https://developer.arm.com/documentation/101754/0614/armclang-Reference/armclang-Command-line-Options/-mbranch-protection?lang=en
Arm C Language Extensions (ACLE)
https://developer.arm.com/docs/101028/latest
Addional Notes
--------------
This patch is a copy of the work done by Tamas Petz in boringssl. It
contains the changes from the following commits:
aarch64: support BTI and pointer authentication in assembly
Change-Id: I4335f92e2ccc8e209c7d68a0a79f1acdf3aeb791
URL: https://boringssl-review.googlesource.com/c/boringssl/+/42084
aarch64: Improve conditional compilation
Change-Id: I14902a64e5f403c2b6a117bc9f5fb1a4f4611ebf
URL: https://boringssl-review.googlesource.com/c/boringssl/+/43524
aarch64: Fix name of gnu property note section
Change-Id: I6c432d1c852129e9c273f6469a8b60e3983671ec
URL: https://boringssl-review.googlesource.com/c/boringssl/+/44024
Change-Id: I2d95ebc5e4aeb5610d3b226f9754ee80cf74a9af
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16674)
(cherry picked from commit 19e277dd19f2897f6a7b7eb236abe46655e575bf)
Commit: 5f113755bdeb02d879ee22129d3d3e90630228a4
https://github.com/openssl/openssl/commit/5f113755bdeb02d879ee22129d3d3e90630228a4
Author: Felipe Gasper <felipe at felipegasper.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M CHANGES.md
M apps/include/s_apps.h
M apps/lib/s_cb.c
M apps/s_client.c
M apps/s_server.c
Log Message:
-----------
Revise s_client and s_server verbiage re secure renegotiation.
Since TLS v1.3 eschews renegotiation entirely it’s misleading to have
these apps say it’s “not supported” when in fact the TLS version is
new enough not to need renegotiation at all.
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16937)
(cherry picked from commit af5e63e1e3300f784f302a5d3309bf673cc08894)
Commit: 8786f7058c05d3c70fb7d269274cee1ea152584f
https://github.com/openssl/openssl/commit/8786f7058c05d3c70fb7d269274cee1ea152584f
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/evp/digest.c
Log Message:
-----------
Remove redundant tests
Removed the three checks of type against NULL since type cannot be NULL for
any of them.
Moved a check of ->engine inside a CPP guard for engines.
Didn't address the teardown and rebuild of the provider context.
Partially fixes #16947
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16952)
(cherry picked from commit 10cf46c4ef93e22f999b7b6d2c3aadc4db965e5a)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: c3f76ee8e40ff0db4174e1b12fc64ea8ea225f32
https://github.com/openssl/openssl/commit/c3f76ee8e40ff0db4174e1b12fc64ea8ea225f32
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/x509/v3_sxnet.c
Log Message:
-----------
x509: remove dead call to strlen()
The condition `userlen == -1` isn't possible because this is already checked
on line 159 above and the subsequent strlen(3) call guarantees that it's value
is positive.
Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
(Merged from https://github.com/openssl/openssl/pull/16987)
(cherry picked from commit a18cdd28077be05ec88538be84a761469f3f20c4)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: e7557d7d7475e6188cf11dcdd74d23b1356c41f0
https://github.com/openssl/openssl/commit/e7557d7d7475e6188cf11dcdd74d23b1356c41f0
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/provider_core.c
M doc/internal/man3/ossl_provider_new.pod
M include/internal/provider.h
Log Message:
-----------
prov: remove unused field `flag_fallback` and function `ossl_provider_set_fallback`
These are legacy of older versions of the code and are currently not used
anywhere.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16985)
(cherry picked from commit 90c311315c15a4fea895fd317d9c8fe801ba04a0)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: b25d775e6cc473993d16eea3bdf479d7d9c37722
https://github.com/openssl/openssl/commit/b25d775e6cc473993d16eea3bdf479d7d9c37722
Author: Anton Blanchard <anton at linux.ibm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/sha/asm/keccak1600-ppc64.pl
Log Message:
-----------
sha/asm/keccak1600-ppc64.pl: Load data in 8 byte chunks on little endian
We currently load data byte by byte in order to byteswap it on big
endian. On little endian we can just do 8 byte loads.
A SHAKE128 benchmark runs 10% faster on POWER9 with this patch applied.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8455)
(cherry picked from commit 8f9842fd03945d9484dcc9e5fab37dce7caa5f50)
Commit: 0bed814750c62c738d509cd0a9655789ae69e99b
https://github.com/openssl/openssl/commit/0bed814750c62c738d509cd0a9655789ae69e99b
Author: Shane Lontis <shane.lontis at oracle.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M demos/README.txt
A demos/encrypt/Makefile
A demos/encrypt/rsa_encrypt.c
A demos/encrypt/rsa_encrypt.h
Log Message:
-----------
Add RSA encrypt demo
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16283)
(cherry picked from commit 35530b117fcf54cf733c485e9e2e267963c081ee)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 3d2b47bcdf8cf407ef1e459d54d4501cc19f0227
https://github.com/openssl/openssl/commit/3d2b47bcdf8cf407ef1e459d54d4501cc19f0227
Author: Andrey Matyukov <andrey.matyukov at intel.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M CHANGES.md
A crypto/bn/asm/rsaz-2k-avx512.pl
A crypto/bn/asm/rsaz-3k-avx512.pl
A crypto/bn/asm/rsaz-4k-avx512.pl
R crypto/bn/asm/rsaz-avx512.pl
M crypto/bn/bn_exp.c
M crypto/bn/build.info
M crypto/bn/rsaz_exp_x2.c
M test/exptest.c
Log Message:
-----------
Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU
It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to
keep lower power license.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14908)
(cherry picked from commit f87b4c4ea67393c9269663ed40a7ea3463cc59d3)
Commit: 923140bd0036ac629cbaa712fbc2d8c11f7854fa
https://github.com/openssl/openssl/commit/923140bd0036ac629cbaa712fbc2d8c11f7854fa
Author: pkubaj <pkubaj at FreeBSD.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Configurations/10-main.conf
M Configure
M crypto/ppccap.c
M util/perl/OpenSSL/config.pm
Log Message:
-----------
Add support for BSD-ppc, BSD-ppc64 and BSD-ppc64le configurations
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
CLA: trivial
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17090)
(cherry picked from commit f5485b97b6c9977c0d39c7669b9f97a879312447)
Commit: ee51843cbe8a00ccfc222d2dc90c636ccda1b8bc
https://github.com/openssl/openssl/commit/ee51843cbe8a00ccfc222d2dc90c636ccda1b8bc
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/bn/bn_asm.c
Log Message:
-----------
Remove some unnecessary undefs in bn_asm.c
This is likely the leftover of a previous hack,
and thus should be removed now.
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17259)
(cherry picked from commit 17cca0e85e83eac23069ddc5c5ebab6d7dd13ee1)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 45c74dea20c9b5060063a9f72f85b6e1af84a656
https://github.com/openssl/openssl/commit/45c74dea20c9b5060063a9f72f85b6e1af84a656
Author: Orr Toledano <otoledan at amazon.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/arm64cpuid.pl
M crypto/arm_arch.h
M crypto/armcap.c
Log Message:
-----------
Add Arm Assembly (aarch64) support for RNG
Include aarch64 asm instructions for random number generation using the
RNDR and RNDRRS instructions. Provide detection functions for RNDR and
RNDRRS getauxval.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
(cherry picked from commit efa1f22483ee43d84e1aee01b08c0bda04060c1c)
Commit: 42ffe7812ca7be00bc24c1b06ffd5878f69fcf08
https://github.com/openssl/openssl/commit/42ffe7812ca7be00bc24c1b06ffd5878f69fcf08
Author: Orr Toledano <otoledan at amazon.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/info.c
M providers/implementations/rands/seeding/build.info
A providers/implementations/rands/seeding/rand_cpu_arm64.c
Log Message:
-----------
Add support for RNDRRS Provider
Create new provider for RNDRRS. Modify support for rand_cpu to default to
RDRAND/RDSEED on x86 and RNDRRS on aarch64.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
(cherry picked from commit eb28fda79748c303d88a8af48de5187100f2c64c)
Commit: f716af3484c5bc543b4a9d9ee99d819d017fec20
https://github.com/openssl/openssl/commit/f716af3484c5bc543b4a9d9ee99d819d017fec20
Author: Orr Toledano <otoledan at amazon.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/build.info
A test/rdcpu_sanitytest.c
R test/rdrand_sanitytest.c
A test/recipes/06-test_rdcpu_sanity.t
R test/recipes/06-test_rdrand_sanity.t
Log Message:
-----------
Add tests for RNDR and combine tests with RDRAND
Add test cases for RNDR and RNDRRS. Combine tests for RDRAND and RNDR to
share common logic.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
(cherry picked from commit 1f8ce0c9faee59ac51a5db7a8ec42c38866be090)
Commit: 25136fcf1b056c93cc8d88f2a93b76fda53bbaa2
https://github.com/openssl/openssl/commit/25136fcf1b056c93cc8d88f2a93b76fda53bbaa2
Author: Orr Toledano <otoledan at amazon.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M CHANGES.md
M INSTALL.md
Log Message:
-----------
Documentation for RNDR and RNDRRS
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15361)
(cherry picked from commit e8b597f33143410fb50bdeba8722c249524bc0b9)
Commit: 9316125febb5351c1ec791fe173fa42c20aac98a
https://github.com/openssl/openssl/commit/9316125febb5351c1ec791fe173fa42c20aac98a
Author: Michael Baentsch <info at baentsch.ch>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/upcallstest.c
Log Message:
-----------
improving tests for adding sigalg with empty digest
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17315)
(cherry picked from commit 2080da84a49b0c52fc8c6e6caef5d373235bd3e4)
Commit: ea578b6553b178e1ae2448eab175fce81da07987
https://github.com/openssl/openssl/commit/ea578b6553b178e1ae2448eab175fce81da07987
Author: x2018 <xkernel.wang at foxmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M providers/implementations/exchange/dh_exch.c
M providers/implementations/exchange/ecdh_exch.c
Log Message:
-----------
check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17153)
(cherry picked from commit 04e3ab64d58bb43efc4392d12c607bb4b5a2c562)
Commit: f53caf04eba061193055392934ad2e8c4346b0ec
https://github.com/openssl/openssl/commit/f53caf04eba061193055392934ad2e8c4346b0ec
Author: fangming.fang <fangming.fang at arm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/rdcpu_sanitytest.c
Log Message:
-----------
Fix compile error when building with no-asm
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17376)
(cherry picked from commit a8251a32a0dc449fc39f44a1768e091fcc077227)
Commit: 490934c61bdf015067c27a24243a76db186413be
https://github.com/openssl/openssl/commit/490934c61bdf015067c27a24243a76db186413be
Author: fangming.fang <fangming.fang at arm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/armcap.c
Log Message:
-----------
fix building failure when using -Wconditional-uninitialized
Use clang -Wconditional-uninitialized to build, the error "initialize
the variable 'buffer_size' to silence this warning" will be reported.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17375)
(cherry picked from commit abc4345a19430869b9a8925c6defc9e9ce977429)
Commit: 6f79bda426c3b0df70d6b8e4d0d562b724eae75a
https://github.com/openssl/openssl/commit/6f79bda426c3b0df70d6b8e4d0d562b724eae75a
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M .gitmodules
A python-ecdsa
A tlsfuzzer
A tlslite-ng
Log Message:
-----------
TLSfuzzer: submodules
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
(cherry picked from commit cccbb4fa60ca890a0ce6757fcba5669208fffa46)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: cda2f1b9d4b558f0fa60f546be199cc68a681773
https://github.com/openssl/openssl/commit/cda2f1b9d4b558f0fa60f546be199cc68a681773
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
A test/recipes/95-test_external_tlsfuzzer.t
A test/recipes/95-test_external_tlsfuzzer_data/cert.json.in
A test/recipes/95-test_external_tlsfuzzer_data/tls-fuzzer-cert.sh
A test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh
Log Message:
-----------
TLS Fuzzer: initial test infrastructure
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
(cherry picked from commit db87f89b7393eea395b82050c7fc4e1869ef112e)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 8963caee37402060520859f2ef8d1f8f0232181f
https://github.com/openssl/openssl/commit/8963caee37402060520859f2ef8d1f8f0232181f
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M .github/workflows/ci.yml
Log Message:
-----------
Run TLSfuzzer tests for CI
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
(cherry picked from commit e66c41725f03dae2b295df048312fe6d28729e98)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 53f2ed743700a15cb8e2d56a7f2ac77396f94e78
https://github.com/openssl/openssl/commit/53f2ed743700a15cb8e2d56a7f2ac77396f94e78
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/recipes/95-test_external_tlsfuzzer.t
Log Message:
-----------
Don't run TLSFuzzer tests when it is not properly set
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)
(cherry picked from commit e5fb4b1469f317aa92768cdf804dfa29b72cb8f3)
Commit: 0aaa71b90a9460e0e57c8e45163d1b2ba16e2d64
https://github.com/openssl/openssl/commit/0aaa71b90a9460e0e57c8e45163d1b2ba16e2d64
Author: Dimitris Apostolou <dimitris.apostolou at icloud.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Configure
M INSTALL.md
M README-ENGINES.md
M apps/cmp.c
M apps/include/http_server.h
M configdata.pm.in
M crypto/aes/asm/aesv8-armx.pl
M crypto/bn/asm/rsaz-2k-avx512.pl
M crypto/bn/asm/rsaz-3k-avx512.pl
M crypto/bn/asm/rsaz-4k-avx512.pl
M crypto/cmp/cmp_vfy.c
M crypto/context.c
M crypto/ec/ec2_oct.c
M crypto/encode_decode/encoder_lib.c
M crypto/evp/ctrl_params_translate.c
M crypto/evp/m_sigver.c
M crypto/ffc/ffc_params_generate.c
M crypto/rsa/rsa_lib.c
M crypto/x509/v3_ist.c
M crypto/x509/v3_utf8.c
M crypto/x509/v3_utl.c
M crypto/x509/x_pubkey.c
M demos/mac/gmac.c
M dev/release-aux/README.md
M dev/release.sh
M doc/internal/man3/OPTIONS.pod
M doc/internal/man3/ossl_random_add_conf_module.pod
M doc/internal/man7/EVP_PKEY.pod
M doc/man1/openssl-genpkey.pod.in
M doc/man1/openssl-s_client.pod.in
M doc/man1/openssl-verification-options.pod
M doc/man3/ASN1_aux_cb.pod
M doc/man3/ASN1_item_sign.pod
M doc/man3/BIO_s_core.pod
M doc/man3/BN_rand.pod
M doc/man3/CONF_modules_load_file.pod
M doc/man3/DH_get0_pqg.pod
M doc/man3/EVP_EncryptInit.pod
M doc/man3/EVP_KEYMGMT.pod
M doc/man3/EVP_PKEY2PKCS8.pod
M doc/man3/EVP_PKEY_derive.pod
M doc/man3/EVP_PKEY_gettable_params.pod
M doc/man3/EVP_PKEY_new.pod
M doc/man3/EVP_PKEY_todata.pod
M doc/man3/OCSP_resp_find_status.pod
M doc/man3/OCSP_sendreq_new.pod
M doc/man3/OSSL_CMP_log_open.pod
M doc/man3/OSSL_DECODER.pod
M doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
M doc/man3/OSSL_ENCODER.pod
M doc/man3/OSSL_ENCODER_CTX.pod
M doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
M doc/man3/OSSL_ESS_check_signing_certs.pod
M doc/man3/OSSL_HTTP_REQ_CTX.pod
M doc/man3/OSSL_HTTP_parse_url.pod
M doc/man3/OSSL_PARAM.pod
M doc/man3/OSSL_PARAM_int.pod
M doc/man3/OSSL_STORE_LOADER.pod
M doc/man3/OSSL_trace_set_channel.pod
M doc/man3/PKCS12_decrypt_skey.pod
M doc/man3/PKCS12_gen_mac.pod
M doc/man3/RAND_bytes.pod
M doc/man3/RSA_get0_key.pod
M doc/man3/SSL_CTX_set_tmp_dh_callback.pod
M doc/man3/X509_VERIFY_PARAM_set_flags.pod
M doc/man3/X509_add_cert.pod
M doc/man3/X509_digest.pod
M doc/man3/X509_dup.pod
M doc/man5/config.pod
M doc/man7/EVP_PKEY-EC.pod
M doc/man7/crypto.pod
M doc/man7/fips_module.pod
M doc/man7/life_cycle-pkey.pod
M doc/man7/migration_guide.pod
M doc/man7/openssl-glossary.pod
M doc/man7/provider-kdf.pod
M doc/man7/provider-object.pod
M include/openssl/core_dispatch.h
M providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
M providers/implementations/encode_decode/encode_key2any.c
M providers/implementations/keymgmt/kdf_legacy_kmgmt.c
M providers/implementations/keymgmt/mac_legacy_kmgmt.c
M providers/implementations/signature/sm2_sig.c
M ssl/statem/statem_srvr.c
M test/cmp_vfy_test.c
M test/evp_extra_test.c
M test/param_build_test.c
M test/params_api_test.c
M test/params_test.c
M test/recipes/70-test_sslrecords.t
M test/recipes/90-test_threads.t
M test/ssl-tests/28-seclevel.cnf.in
M test/sslapitest.c
M test/tls-provider.c
M util/add-depends.pl
Log Message:
-----------
Fix typos
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
(cherry picked from commit e304aa87b35fac5ea97c405dd3c21549faa45e78)
Commit: 00ce831152403589f7f0e558d5291de12bfedc5f
https://github.com/openssl/openssl/commit/00ce831152403589f7f0e558d5291de12bfedc5f
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/store/store_lib.c
Log Message:
-----------
OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)
(cherry picked from commit 7c64ca71c2ceeb1d47e8499bd351de7d0078ce37)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 068c7fa995249894e5935003d1ac478de1df64f3
https://github.com/openssl/openssl/commit/068c7fa995249894e5935003d1ac478de1df64f3
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M apps/lib/apps.c
Log Message:
-----------
APPS load_key_certs_crls(): Make file access errors much more readable
This reverts part of commit ef0449135c4e4e7f using a less invasive suppression.
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)
(cherry picked from commit 6e2499474cb96b28a51df1da25cc72f1cf342fad)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 0029f786658229b15f98741a336e8091305cbf15
https://github.com/openssl/openssl/commit/0029f786658229b15f98741a336e8091305cbf15
Author: David Benjamin <davidben at google.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/aes/asm/aesv8-armx.pl
M crypto/arm_arch.h
M crypto/modes/asm/ghashv8-armx.pl
M crypto/poly1305/asm/poly1305-armv8.pl
Log Message:
-----------
Don't use __ARMEL__/__ARMEB__ in aarch64 assembly
GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.
However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.
Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.
(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)
(cherry picked from commit 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef)
Commit: ec8ee00100faeddf149e70e1f0964f3a41b51545
https://github.com/openssl/openssl/commit/ec8ee00100faeddf149e70e1f0964f3a41b51545
Author: Matt Caswell <matt at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/build.info
M test/build.info
M test/endecode_test.c
Log Message:
-----------
Statically link the legacy provider to endecode_test
We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.
Fixes #17059
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)
(cherry picked from commit 7ee992a5d931ab5ad9df00d2d8e47e1b7a72d7ac)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: a99bc33130274d615a80755f80973cebedc31423
https://github.com/openssl/openssl/commit/a99bc33130274d615a80755f80973cebedc31423
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/cpt_err.c
M crypto/err/openssl.txt
M include/crypto/cryptoerr.h
M include/openssl/cryptoerr.h
Log Message:
-----------
err: add additional errors
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit 826da1451b2525b70f93fcc57ed5dbab61a19591)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 59548647a81fe77319cd66a4587d700ef3bd18bf
https://github.com/openssl/openssl/commit/59548647a81fe77319cd66a4587d700ef3bd18bf
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/params.c
Log Message:
-----------
params: add error messages for built in param conversions
Specifically:
* out of range
* unsigned negatives
* inexact reals
* bad param types
* buffers that are too small
* null function arguments
* unknown sizes of real
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit ac1082f00f991aca1c6e8282717fece16e9bb41f)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: c737132dff034a6efbcf27edd0cfd7997cd299c5
https://github.com/openssl/openssl/commit/c737132dff034a6efbcf27edd0cfd7997cd299c5
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/params_conversion_test.c
Log Message:
-----------
test: check for properly raised errors during param conversion
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit 291c5b3e39f4c98e61cf7f65056fe49780d1f0ac)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: b08f61e7c4db8bfcb94c4ea546bc3dacfd96c587
https://github.com/openssl/openssl/commit/b08f61e7c4db8bfcb94c4ea546bc3dacfd96c587
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/param_build.c
Log Message:
-----------
param build: add errors to failure returns
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit 3831351da50b7ce07edba88056394a7a33c5e5d5)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 584e447377925fbe3c253076ac170483208d9222
https://github.com/openssl/openssl/commit/584e447377925fbe3c253076ac170483208d9222
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/param_build_set.c
Log Message:
-----------
param build set: add errors to failure returns
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit 3ee3a2bd1e5763b0df5c0a2cba3b06edc26f5276)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 4c4ac7c7ddb096ca55e231bdc4f70a868746f1e4
https://github.com/openssl/openssl/commit/4c4ac7c7ddb096ca55e231bdc4f70a868746f1e4
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/params_dup.c
Log Message:
-----------
param dup: add errors to failure returns
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)
(cherry picked from commit a10a576090022e583a06271ceced8e38dd509657)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 654490cebf8ee6bd0da1f801b10206607869e623
https://github.com/openssl/openssl/commit/654490cebf8ee6bd0da1f801b10206607869e623
Author: fangming.fang <fangming.fang at arm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/arm64cpuid.pl
M crypto/arm_arch.h
M crypto/armcap.c
A crypto/sm3/asm/sm3-armv8.pl
M crypto/sm3/build.info
M crypto/sm3/sm3_local.h
Log Message:
-----------
SM3 acceleration with SM3 hardware instruction on aarch64
SM3 hardware instruction is optional feature of crypto extension for
aarch64. This implementation accelerates SM3 via SM3 instructions. For
the platform not supporting SM3 instruction, the original C
implementation still works. Thanks to AliBaba for testing and reporting
the following perf numbers for Yitian710:
Benchmark on T-Head Yitian-710 2.75GHz:
Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sm3 49297.82k 121062.63k 223106.05k 283371.52k 307574.10k 309400.92k
After (33% - 74% faster):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sm3 65640.01k 179121.79k 359854.59k 481448.96k 534055.59k 538274.47k
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17454)
(cherry picked from commit 71396cd048072b69559b46d98cfebfd4474cd712)
Commit: b1b4806a8caf92f32d18b52985fe4b14a6a694bd
https://github.com/openssl/openssl/commit/b1b4806a8caf92f32d18b52985fe4b14a6a694bd
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/property/property_string.c
Log Message:
-----------
property: use a stack to efficiently convert index to string
The existing code does this conversion by searching the hash table for the
appropriate index which is slow and expensive.
Fixes #15867
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)
(cherry picked from commit 2e3c59356f847a76a90f9f837d4983428df6eb19)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 8ea185e2e41e095421159e08500ede39bfdd4989
https://github.com/openssl/openssl/commit/8ea185e2e41e095421159e08500ede39bfdd4989
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/property_test.c
Log Message:
-----------
test: add some unit tests for the property to string functions
That is: ossl_property_name_str and ossl_property_value_str.
These only have high level tests during the creation of child library
contexts.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)
(cherry picked from commit 9f6841e9d8964943cf5f616543750cee85c4911c)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 852bb13853b6c240ecc75c99b7d30b10b1b9490b
https://github.com/openssl/openssl/commit/852bb13853b6c240ecc75c99b7d30b10b1b9490b
Author: Pauli <ppzgs1 at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/property/property_string.c
Log Message:
-----------
property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.
This takes out the lock step stacks that allow a fast property to name
resolution. Follow on from #17325.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17388)
(cherry picked from commit 57645339ab645fe5abffe14fc005b5402ce03b84)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 8c39948b2694277c591ccf57354b77442e9a7c2a
https://github.com/openssl/openssl/commit/8c39948b2694277c591ccf57354b77442e9a7c2a
Author: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M providers/defltprov.c
M providers/implementations/ciphers/build.info
A providers/implementations/ciphers/cipher_sm4_ccm.c
A providers/implementations/ciphers/cipher_sm4_ccm.h
A providers/implementations/ciphers/cipher_sm4_ccm_hw.c
A providers/implementations/ciphers/cipher_sm4_gcm.c
A providers/implementations/ciphers/cipher_sm4_gcm.h
A providers/implementations/ciphers/cipher_sm4_gcm_hw.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/include/prov/names.h
M test/recipes/30-test_evp_data/evpciph_sm4.txt
Log Message:
-----------
providers: Add SM4 GCM implementation
The GCM mode of the SM4 algorithm is specifieded by RFC8998.
Signed-off-by: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16491)
(cherry picked from commit c2ee608a234340aa735f894f8d84ead0ce58286e)
Commit: 37f1828d8701662c40cc98172001a533fe49764c
https://github.com/openssl/openssl/commit/37f1828d8701662c40cc98172001a533fe49764c
Author: Daniel Hu <Daniel.Hu at arm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/arm64cpuid.pl
M crypto/arm_arch.h
M crypto/armcap.c
M crypto/evp/e_sm4.c
A crypto/sm4/asm/sm4-armv8.pl
M crypto/sm4/build.info
A include/crypto/sm4_platform.h
M providers/implementations/ciphers/cipher_sm4.h
M providers/implementations/ciphers/cipher_sm4_gcm_hw.c
M providers/implementations/ciphers/cipher_sm4_hw.c
Log Message:
-----------
SM4 optimization for ARM by HW instruction
This patch implements the SM4 optimization for ARM processor,
using SM4 HW instruction, which is an optional feature of
crypto extension for aarch64 V8.
Tested on some modern ARM micro-architectures with SM4 support, the
performance uplift can be observed around 8X~40X over existing
C implementation in openssl. Algorithms that can be parallelized
(like CTR, ECB, CBC decryption) are on higher end, with algorithm
like CBC encryption on lower end (due to inter-block dependency)
Perf data on Yitian-710 2.75GHz hardware, before and after optimization:
Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CTR 105787.80k 107837.87k 108380.84k 108462.08k 108549.46k 108554.92k
SM4-ECB 111924.58k 118173.76k 119776.00k 120093.70k 120264.02k 120274.94k
SM4-CBC 106428.09k 109190.98k 109674.33k 109774.51k 109827.41k 109827.41k
After (7.4x - 36.6x faster):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CTR 781979.02k 2432994.28k 3437753.86k 3834177.88k 3963715.58k 3974556.33k
SM4-ECB 937590.69k 2941689.02k 3945751.81k 4328655.87k 4459181.40k 4468692.31k
SM4-CBC 890639.88k 1027746.58k 1050621.78k 1056696.66k 1058613.93k 1058701.31k
Signed-off-by: Daniel Hu <Daniel.Hu at arm.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17455)
(cherry picked from commit 15b7175f558bf9eb057ec3266685486f727dd70f)
Commit: fc83bd1a1d84bd34810fddcb0063b9bd4eb7fa9f
https://github.com/openssl/openssl/commit/fc83bd1a1d84bd34810fddcb0063b9bd4eb7fa9f
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M providers/implementations/digests/sha3_prov.c
M providers/implementations/kdfs/pbkdf2.c
Log Message:
-----------
fix indentation
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit 2c9da416a608e2aaf19c16d920baddf2473c8392)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 107b16037eda575136b62d5c106fcf4ce5bd503d
https://github.com/openssl/openssl/commit/107b16037eda575136b62d5c106fcf4ce5bd503d
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/evp/digest.c
M crypto/evp/evp_enc.c
M include/openssl/evp.h
M util/libcrypto.num
Log Message:
-----------
Add context dup functions for digests and ciphers
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit 4e62f1a3af36512a1f5e1273d2dc54e3ce7f5fca)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 0e1634db8e181b2d078cb2f1cf1f91bbce9bc249
https://github.com/openssl/openssl/commit/0e1634db8e181b2d078cb2f1cf1f91bbce9bc249
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M doc/man3/EVP_DigestInit.pod
M doc/man3/EVP_EncryptInit.pod
Log Message:
-----------
doc: document digest and cipher dup functions
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit 0324ae3e98725f722b7d7871c23fbbff596a5bf6)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 15e6cb6223af17b0d27f26245f5057f735dc6b36
https://github.com/openssl/openssl/commit/15e6cb6223af17b0d27f26245f5057f735dc6b36
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/evp_extra_test2.c
M test/evp_test.c
Log Message:
-----------
test: add digest context dup tests
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit 0be4b0403d2f65adf0d037581223dbebd0fa135e)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 3fe69d976b5fa03e2a3930b3daa14d42238aa51e
https://github.com/openssl/openssl/commit/3fe69d976b5fa03e2a3930b3daa14d42238aa51e
Author: Pauli <pauli at openssl.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M test/evp_test.c
Log Message:
-----------
test: add cipher context dup test
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
(cherry picked from commit ed16b0fc282d29f755e656043e8a70553ef7bea5)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Commit: 5948336502afca679c0d26e22ae6f9e41c807350
https://github.com/openssl/openssl/commit/5948336502afca679c0d26e22ae6f9e41c807350
Author: fangming.fang <fangming.fang at arm.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/sm3/asm/sm3-armv8.pl
Log Message:
-----------
Fix sm3ss1 translation issue in sm3-armv8.pl
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17542)
(cherry picked from commit bca6cc53d4592ccbe78eeede3bc79f09d149603c)
Commit: 08043118d1d303921537997543cafeaaae972383
https://github.com/openssl/openssl/commit/08043118d1d303921537997543cafeaaae972383
Author: James Muir <muir.james.a at gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M crypto/ec/curve25519.c
Log Message:
-----------
Simpler square-root computation for Ed25519
Description:
Mark Wooden and Franck Rondepierre noted that the square-root-mod-p
operations used in the EdDSA RFC (RFC 8032) can be simplified. For
Ed25519, instead of computing u*v^3 * (u * v^7)^((p-5)/8), we can
compute u * (u*v)^((p-5)/8). This saves 3 multiplications and 2
squarings. For more details (including a proof), see the following
message from the CFRG mailing list:
https://mailarchive.ietf.org/arch/msg/cfrg/qlKpMBqxXZYmDpXXIx6LO3Oznv4/
Note that the Ed448 implementation (see
ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio() in
./crypto/ec/curve448/curve448.c) appears to already use this simpler
method (i.e. it does not follow the method suggested in RFC 8032).
Testing:
Build and then run the test suite:
./Configure -Werror --strict-warnings
make update
make
make test
Numerical testing of the square-root computation can be done using the
following sage script:
def legendre(x,p):
return kronecker(x,p)
# Ed25519
p = 2**255-19
# -1 is a square
if legendre(-1,p)==1:
print("-1 is a square")
# suppose u/v is a square.
# to compute one of its square roots, find x such that
# x**4 == (u/v)**2 .
# this implies
# x**2 == u/v, or
# x**2 == -(u/v) ,
# which implies either x or i*x is a square-root of u/v (where i is a square root of -1).
# we can take x equal to u * (u*v)**((p-5)/8).
# 2 is a generator
# this can be checked by factoring p-1
# and then showing 2**((p-1)/q) != 1 (mod p)
# for all primes q dividing p-1.
g = 2
s = p>>2 # s = (p-1)/4
i = power_mod(g, s, p)
t = p>>3 # t = (p-5)/8
COUNT = 1<<18
while COUNT > 0:
COUNT -= 1
r = randint(0,p-1) # r = u/v
v = randint(1,p-1)
u = mod(r*v,p)
# compute x = u * (u*v)**((p-5)/8)
w = mod(u*v,p)
x = mod(u*power_mod(w, t, p), p)
# check that x**2 == r, or (i*x)**2 == r, or r is not a square
rr = power_mod(x, 2, p)
if rr==r:
continue
rr = power_mod(mod(i*x,p), 2, p)
if rr==r:
continue
if legendre(r,p) != 1:
continue
print("failure!")
exit()
print("passed!")
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17544)
(cherry picked from commit a822a0cb3c8466adbcee510a6234c0fe95ff4bfe)
Compare: https://github.com/openssl/openssl/compare/b699a1e89d2b...08043118d1d3
More information about the openssl-commits
mailing list