Hello community,
here is the log from the commit of package openssl-1_1 for openSUSE:Leap:15.2
checked in at 2020-01-19 15:46:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/openssl-1_1 (Old)
and /work/SRC/openSUSE:Leap:15.2/.openssl-1_1.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1"
Sun Jan 19 15:46:55 2020 rev:32 rq:762782 version:1.1.1d
Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/openssl-1_1/openssl-1_1.changes
2020-01-15 15:37:19.503023442 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.openssl-1_1.new.26092/openssl-1_1.changes
2020-01-19 15:47:02.249686658 +0100
@@ -1,0 +2,25 @@
+Fri Dec 20 13:44:06 UTC 2019 - Pedro Monreal Gonzalez
<pmonrealgonza...@suse.com>
+
+- Support for CPACF enhancements - part 1 (crypto) [bsc#1152695, jsc#SLE-7861]
+- Add patches:
+ * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
+ * openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
+ * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
+ * openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
+ * openssl-s390xcpuid.pl-fix-comment.patch
+ * openssl-assembly-pack-accelerate-scalar-multiplication.patch
+ * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
+ * openssl-s390x-assembly-pack-accelerate-ECDSA.patch
+ * openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
+ * openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
+ * openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
+ * openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
+ * openssl-Fix-9bf682f-which-broke-nistp224_method.patch
+
+-------------------------------------------------------------------
+Wed Dec 18 16:29:46 UTC 2019 - Vítězslav Čížek <vci...@suse.com>
+
+- Obsolete libopenssl-1_0_0-devel and libopenssl-1_0_0-hmac in order
+ to avoid conflict upon upgrade from SLE-12 (bsc#1158499)
+
+-------------------------------------------------------------------
New:
----
openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
openssl-Fix-9bf682f-which-broke-nistp224_method.patch
openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
openssl-assembly-pack-accelerate-scalar-multiplication.patch
openssl-s390x-assembly-pack-accelerate-ECDSA.patch
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
openssl-s390xcpuid.pl-fix-comment.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-1_1.spec ++++++
--- /var/tmp/diff_new_pack.OYaKON/_old 2020-01-19 15:47:04.469687974 +0100
+++ /var/tmp/diff_new_pack.OYaKON/_new 2020-01-19 15:47:04.473687977 +0100
@@ -54,6 +54,20 @@
# OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551
# PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64
Patch15: openssl-1_1-CVE-2019-1551.patch
+# PATCH-FIX-UPSTREAM bsc#1152695 jsc#SLE-7861 Support for CPACF enhancements -
part 1 (crypto)
+Patch16:
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
+Patch17:
openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
+Patch18: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
+Patch19: openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
+Patch20: openssl-s390xcpuid.pl-fix-comment.patch
+Patch21: openssl-assembly-pack-accelerate-scalar-multiplication.patch
+Patch22:
openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
+Patch23: openssl-s390x-assembly-pack-accelerate-ECDSA.patch
+Patch24: openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
+Patch25: openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
+Patch26:
openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
+Patch27: openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
+Patch28: openssl-Fix-9bf682f-which-broke-nistp224_method.patch
BuildRequires: pkgconfig
Conflicts: ssl
Provides: ssl
@@ -96,6 +110,8 @@
Provides: ssl-devel
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes: libopenssl-1_1_0-devel
+# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
+Obsoletes: libopenssl-1_0_0-devel
%description -n libopenssl-1_1-devel
This subpackage contains header files for developing applications
@@ -108,6 +124,8 @@
Requires: libopenssl1_1 = %{version}-%{release}
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes: libopenssl1_1_0-hmac
+# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
+Obsoletes: libopenssl-1_0_0-hmac
%description -n libopenssl1_1-hmac
The FIPS compliant operation of the openssl shared libraries is NOT
++++++ openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch ++++++
>From 9bf682f62bd819d2fbceb95eeabd61dd4532240f Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Thu, 11 Jul 2019 10:23:49 +0200
Subject: [PATCH 09205/10000] Enable curve-spefific ECDSA implementations via
EC_METHOD
which are already enabled for ECDH.
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
---
crypto/ec/ec2_smpl.c | 3 +
crypto/ec/ec_lcl.h | 15 +++++
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
crypto/ec/ecp_mont.c | 3 +
crypto/ec/ecp_nist.c | 3 +
crypto/ec/ecp_nistp224.c | 3 +
crypto/ec/ecp_nistp256.c | 3 +
crypto/ec/ecp_nistp521.c | 3 +
crypto/ec/ecp_nistz256.c | 3 +
crypto/ec/ecp_s390x_nistp.c | 3 +
crypto/ec/ecp_smpl.c | 3 +
crypto/err/openssl.txt | 5 ++
include/openssl/ecerr.h | 1 +
13 files changed, 119 insertions(+), 36 deletions(-)
Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec2_smpl.c
+++ openssl-1.1.1d/crypto/ec/ec2_smpl.c
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
ec_GF2m_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
@@ -179,6 +179,14 @@ struct ec_method_st {
/* custom ECDH operation */
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
const EC_POINT *pub_key, const EC_KEY *ecdh);
+ /* custom ECDSA */
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp,
+ BIGNUM **rp);
+ ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen,
+ const BIGNUM *kinv, const BIGNUM *r,
+ EC_KEY *eckey);
+ int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
/* Inverse modulo order */
int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
const BIGNUM *x, BN_CTX *);
@@ -656,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
+ EC_KEY *eckey);
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
const uint8_t public_key[32], const uint8_t private_key[32]);
Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecdsa_ossl.c
+++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
@@ -14,6 +14,41 @@
#include "internal/bn_int.h"
#include "ec_lcl.h"
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
+{
+ if (eckey->group->meth->ecdsa_sign_setup == NULL) {
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
+ return 0;
+ }
+
+ return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
+}
+
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
+ EC_KEY *eckey)
+{
+ if (eckey->group->meth->ecdsa_sign_sig == NULL) {
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
+ return NULL;
+ }
+
+ return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len,
+ in_kinv, in_r, eckey);
+}
+
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+ if (eckey->group->meth->ecdsa_verify_sig == NULL) {
+ ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA);
+ return 0;
+ }
+
+ return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey);
+}
+
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
return ret;
}
-int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp)
+int ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
{
return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
}
-ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
- const BIGNUM *in_kinv, const BIGNUM *in_r,
- EC_KEY *eckey)
+ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
+ EC_KEY *eckey)
{
int ok = 0, i;
BIGNUM *kinv = NULL, *s, *m = NULL;
@@ -167,35 +202,35 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
priv_key = EC_KEY_get0_private_key(eckey);
if (group == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (priv_key == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
return NULL;
}
if (!EC_KEY_can_sign(eckey)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
return NULL;
}
ret = ECDSA_SIG_new();
if (ret == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->r = BN_new();
ret->s = BN_new();
if (ret->r == NULL || ret->s == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
goto err;
}
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL
|| (m = BN_new()) == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -207,25 +242,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
if (8 * dgst_len > i)
dgst_len = (i + 7) / 8;
if (!BN_bin2bn(dgst, dgst_len, m)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
goto err;
}
/* If still too long, truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
goto err;
}
do {
if (in_kinv == NULL || in_r == NULL) {
if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len))
{
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_ECDSA_LIB);
goto err;
}
ckinv = kinv;
} else {
ckinv = in_kinv;
if (BN_copy(ret->r, in_r) == NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@@ -239,11 +274,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
*/
if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
|| !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
goto err;
}
if (!bn_mod_add_fixed_top(s, s, m, order)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
goto err;
}
/*
@@ -252,7 +287,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
*/
if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
|| !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, ERR_R_BN_LIB);
goto err;
}
@@ -262,7 +297,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
* generate new kinv and r values
*/
if (in_kinv != NULL && in_r != NULL) {
- ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
+ ECerr(EC_F_ECDSA_SIMPLE_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
goto err;
}
} else {
@@ -314,8 +349,8 @@ int ossl_ecdsa_verify(int type, const un
return ret;
}
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey)
+int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey)
{
int ret = -1, i;
BN_CTX *ctx;
@@ -328,18 +363,18 @@ int ossl_ecdsa_verify_sig(const unsigned
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
return -1;
}
if (!EC_KEY_can_sign(eckey)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG,
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
return -1;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
return -1;
}
BN_CTX_start(ctx);
@@ -348,26 +383,26 @@ int ossl_ecdsa_verify_sig(const unsigned
m = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
if (X == NULL) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
order = EC_GROUP_get0_order(group);
if (order == NULL) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, EC_R_BAD_SIGNATURE);
ret = 0; /* signature is invalid */
goto err;
}
/* calculate tmp1 = inv(S) mod order */
if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
/* digest -> m */
@@ -378,41 +413,41 @@ int ossl_ecdsa_verify_sig(const unsigned
if (8 * dgst_len > i)
dgst_len = (i + 7) / 8;
if (!BN_bin2bn(dgst, dgst_len, m)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
/* If still too long truncate remaining bits with a shift */
if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
/* u1 = m * tmp mod order */
if (!BN_mod_mul(u1, m, u2, order, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
/* u2 = r * w mod q */
if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
if ((point = EC_POINT_new(group)) == NULL) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_EC_LIB);
goto err;
}
if (!BN_nnmod(u1, X, order, ctx)) {
- ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+ ECerr(EC_F_ECDSA_SIMPLE_VERIFY_SIG, ERR_R_BN_LIB);
goto err;
}
/* if the signature is correct u1 is equal to sig->r */
Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_mont.c
+++ openssl-1.1.1d/crypto/ec/ecp_mont.c
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
0, /* field_inverse_mod_ord */
ec_GFp_simple_blind_coordinates,
ec_GFp_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nist.c
+++ openssl-1.1.1d/crypto/ec/ecp_nist.c
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
0, /* field_inverse_mod_ord */
ec_GFp_simple_blind_coordinates,
ec_GFp_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
ec_key_simple_generate_public_key,
0, /* keycopy */
0, /* keyfinish */
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
ecdh_simple_compute_key,
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp256.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp256.c
@@ -1809,6 +1809,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp521.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp521.c
@@ -1651,6 +1651,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistz256.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistz256.c
@@ -1689,6 +1689,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_s390x_nistp.c
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
NULL, /* keycopy */ \
NULL, /* keyfinish */ \
ecdh_simple_compute_key, \
+ ecdsa_simple_sign_setup, \
+ ecdsa_simple_sign_sig, \
+ ecdsa_simple_verify_sig, \
NULL, /* field_inverse_mod_ord */ \
ec_GFp_simple_blind_coordinates, \
ec_GFp_simple_ladder_pre, \
Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.1.1d/crypto/ec/ecp_smpl.c
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
+ ecdsa_simple_sign_setup,
+ ecdsa_simple_sign_sig,
+ ecdsa_simple_verify_sig,
0, /* field_inverse_mod_ord */
ec_GFp_simple_blind_coordinates,
ec_GFp_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
+++ openssl-1.1.1d/crypto/err/openssl.txt
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
EC_F_ECDSA_VERIFY:253:ECDSA_verify
+EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
+EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
+EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
@@ -657,6 +660,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
+EC_F_OSSL_ECDSA_SIGN_SETUP:300:ossl_ecdsa_sign_setup
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
@@ -2130,6 +2134,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
EC_R_CANNOT_INVERT:165:cannot invert
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
EC_R_DECODE_ERROR:142:decode error
Index: openssl-1.1.1d/include/openssl/ecerr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
+++ openssl-1.1.1d/include/openssl/ecerr.h
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
# define EC_F_ECDSA_SIGN_EX 254
# define EC_F_ECDSA_SIGN_SETUP 248
# define EC_F_ECDSA_SIG_NEW 265
+# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 310
+# define EC_F_ECDSA_SIMPLE_SIGN_SIG 311
+# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 312
# define EC_F_ECDSA_VERIFY 253
# define EC_F_ECD_ITEM_VERIFY 270
# define EC_F_ECKEY_PARAM2TYPE 223
@@ -185,6 +186,7 @@ int ERR_load_EC_strings(void);
# define EC_F_O2I_ECPUBLICKEY 152
# define EC_F_OLD_EC_PRIV_DECODE 222
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
+# define EC_F_OSSL_ECDSA_SIGN_SETUP 300
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
# define EC_F_PKEY_ECD_CTRL 271
@@ -212,6 +214,7 @@ int ERR_load_EC_strings(void);
# define EC_R_CANNOT_INVERT 165
# define EC_R_COORDINATES_OUT_OF_RANGE 146
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
+# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170
# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
# define EC_R_DECODE_ERROR 142
++++++ openssl-Fix-9bf682f-which-broke-nistp224_method.patch ++++++
>From 653b883b97f72a15d35d21246696881aa65311e2 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Thu, 15 Aug 2019 22:51:57 +0200
Subject: [PATCH] Fix 9bf682f which broke nistp224_method
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9607)
---
crypto/ec/ecp_nistp224.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c
@@ -291,10 +291,10 @@ const EC_METHOD *EC_GFp_nistp224_method(
ec_key_simple_generate_public_key,
0, /* keycopy */
0, /* keyfinish */
+ ecdh_simple_compute_key,
ecdsa_simple_sign_setup,
ecdsa_simple_sign_sig,
ecdsa_simple_verify_sig,
- ecdh_simple_compute_key,
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/build.info
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/build.info
+++ openssl-1.1.1d/crypto/ec/build.info
@@ -20,6 +20,9 @@ GENERATE[ecp_nistz256-avx2.s]=asm/ecp_ni
GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME)
INCLUDE[ecp_nistz256-sparcv9.o]=..
+INCLUDE[ecp_s390x_nistp.o]=..
+INCLUDE[ecx_meth.o]=..
+
GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
INCLUDE[ecp_nistz256-armv4.o]=..
GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
Index: openssl-1.1.1d/include/openssl/ecerr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
+++ openssl-1.1.1d/include/openssl/ecerr.h
@@ -38,6 +38,8 @@ int ERR_load_EC_strings(void);
# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257
# define EC_F_ECDSA_DO_SIGN_EX 251
# define EC_F_ECDSA_DO_VERIFY 252
+# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 313
+# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 314
# define EC_F_ECDSA_SIGN_EX 254
# define EC_F_ECDSA_SIGN_SETUP 248
# define EC_F_ECDSA_SIG_NEW 265
++++++ openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch ++++++
>From 3ded2288a45d2cc3a27a1b08d29499cbcec52c0e Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Fri, 12 Jul 2019 13:47:32 +0200
Subject: [PATCH 09207/10000] OPENSSL_s390xcap.pod: list msa9 facility bit
(155)
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
---
doc/man3/OPENSSL_s390xcap.pod | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
index e45da4467f..1f4ee85fdf 100644
--- a/doc/man3/OPENSSL_s390xcap.pod
+++ b/doc/man3/OPENSSL_s390xcap.pod
@@ -72,6 +72,7 @@ the numbering is continuous across 64-bit mask boundaries.
#134 1<<57 vector packed decimal facility
#135 1<<56 vector enhancements facility 1
#146 1<<45 message-security assist extension 8
+ #155 1<<36 message-security assist extension 9
kimd :
# 1 1<<62 KIMD-SHA-1
--
2.24.0
++++++ openssl-assembly-pack-accelerate-scalar-multiplication.patch ++++++
>From 1461e66706f24da657d7322706d1165ae515533f Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Tue, 9 Jul 2019 10:25:04 +0200
Subject: [PATCH 09204/10000] s390x assembly pack: accelerate scalar
multiplication
for NIST P-256, P-384 and P-521 using PCC instruction.
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
---
crypto/ec/build.info | 3 +-
crypto/ec/ec_curve.c | 42 +++++---
crypto/ec/ec_lcl.h | 5 +
crypto/ec/ecp_s390x_nistp.c | 197 ++++++++++++++++++++++++++++++++++++
4 files changed, 234 insertions(+), 13 deletions(-)
create mode 100644 crypto/ec/ecp_s390x_nistp.c
Index: openssl-1.1.1d/crypto/ec/ec_curve.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_curve.c
+++ openssl-1.1.1d/crypto/ec/ec_curve.c
@@ -2829,16 +2829,25 @@ static const ec_list_element curve_list[
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
+ {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+# if defined(S390X_NISTP_ASM)
+ EC_GFp_s390x_nistp384_method,
+# else
+ 0,
+# endif
"NIST/SECG curve over a 384 bit prime field"},
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
- "NIST/SECG curve over a 521 bit prime field"},
+
+ {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+# if defined(S390X_NISTP_ASM)
+ EC_GFp_s390x_nistp521_method,
+# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+ EC_GFp_nistp521_method,
#else
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
- "NIST/SECG curve over a 521 bit prime field"},
+ 0,
#endif
- /* X9.62 curves */
+ "NIST/SECG curve over a 521 bit prime field"},
+
+ /* X9.62 curves */
{NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
"NIST/X9.62/SECG curve over a 192 bit prime field"},
{NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
@@ -2854,6 +2863,8 @@ static const ec_list_element curve_list[
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
+# elif defined(S390X_NISTP_ASM)
+ EC_GFp_s390x_nistp256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
#else
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
@@ -587,6 +587,11 @@ int ec_group_simple_order_bits(const EC_
*/
const EC_METHOD *EC_GFp_nistz256_method(void);
#endif
+#ifdef S390X_NISTP_ASM
+const EC_METHOD *EC_GFp_s390x_nistp256_method(void);
+const EC_METHOD *EC_GFp_s390x_nistp384_method(void);
+const EC_METHOD *EC_GFp_s390x_nistp521_method(void);
+#endif
size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
unsigned char *buf, size_t len);
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
===================================================================
--- /dev/null
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/err.h>
+#include "ec_lcl.h"
+#include "s390x_arch.h"
+
+/* Size of parameter blocks */
+#define S390X_SIZE_PARAM 4096
+
+/* Size of fields in parameter blocks */
+#define S390X_SIZE_P256 32
+#define S390X_SIZE_P384 48
+#define S390X_SIZE_P521 80
+
+/* Offsets of fields in PCC parameter blocks */
+#define S390X_OFF_RES_X(n) (0 * n)
+#define S390X_OFF_RES_Y(n) (1 * n)
+#define S390X_OFF_SRC_X(n) (2 * n)
+#define S390X_OFF_SRC_Y(n) (3 * n)
+#define S390X_OFF_SCALAR(n) (4 * n)
+
+static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
+ const BIGNUM *scalar,
+ size_t num, const EC_POINT *points[],
+ const BIGNUM *scalars[],
+ BN_CTX *ctx, unsigned int fc, int len)
+{
+ unsigned char param[S390X_SIZE_PARAM];
+ BIGNUM *x, *y;
+ const EC_POINT *point_ptr = NULL;
+ const BIGNUM *scalar_ptr = NULL;
+ BN_CTX *new_ctx = NULL;
+ int rc = -1;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (x == NULL || y == NULL) {
+ rc = 0;
+ goto ret;
+ }
+
+ /*
+ * Use PCC for EC keygen and ECDH key derivation:
+ * scalar * generator and scalar * peer public key,
+ * scalar in [0,order).
+ */
+ if ((scalar != NULL && num == 0 && BN_is_negative(scalar) == 0)
+ || (scalar == NULL && num == 1 && BN_is_negative(scalars[0]) == 0)) {
+
+ if (num == 0) {
+ point_ptr = EC_GROUP_get0_generator(group);
+ scalar_ptr = scalar;
+ } else {
+ point_ptr = points[0];
+ scalar_ptr = scalars[0];
+ }
+
+ if (EC_POINT_is_at_infinity(group, point_ptr) == 1
+ || BN_is_zero(scalar_ptr)) {
+ rc = EC_POINT_set_to_infinity(group, r);
+ goto ret;
+ }
+
+ memset(¶m, 0, sizeof(param));
+
+ if (group->meth->point_get_affine_coordinates(group, point_ptr,
+ x, y, ctx) != 1
+ || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1
+ || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1
+ || BN_bn2binpad(scalar_ptr,
+ param + S390X_OFF_SCALAR(len), len) == -1
+ || s390x_pcc(fc, param) != 0
+ || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL
+ || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL
+ || group->meth->point_set_affine_coordinates(group, r,
+ x, y, ctx) != 1)
+ goto ret;
+
+ rc = 1;
+ }
+
+ret:
+ /* Otherwise use default. */
+ if (rc == -1)
+ rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+ OPENSSL_cleanse(param, sizeof(param));
+ BN_CTX_end(ctx);
+ BN_CTX_free(new_ctx);
+ return rc;
+}
+
+#define EC_GFP_S390X_NISTP_METHOD(bits) \
+ \
+static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
+ EC_POINT *r, \
+ const BIGNUM *scalar, \
+ size_t num, \
+ const EC_POINT *points[], \
+ const BIGNUM *scalars[], \
+ BN_CTX *ctx) \
+{ \
+ return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \
+ scalars, ctx, \
+ S390X_SCALAR_MULTIPLY_P##bits, \
+ S390X_SIZE_P##bits); \
+} \
+ \
+const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
+{ \
+ static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
+ EC_FLAGS_DEFAULT_OCT, \
+ NID_X9_62_prime_field, \
+ ec_GFp_simple_group_init, \
+ ec_GFp_simple_group_finish, \
+ ec_GFp_simple_group_clear_finish, \
+ ec_GFp_simple_group_copy, \
+ ec_GFp_simple_group_set_curve, \
+ ec_GFp_simple_group_get_curve, \
+ ec_GFp_simple_group_get_degree, \
+ ec_group_simple_order_bits, \
+ ec_GFp_simple_group_check_discriminant, \
+ ec_GFp_simple_point_init, \
+ ec_GFp_simple_point_finish, \
+ ec_GFp_simple_point_clear_finish, \
+ ec_GFp_simple_point_copy, \
+ ec_GFp_simple_point_set_to_infinity, \
+ ec_GFp_simple_set_Jprojective_coordinates_GFp, \
+ ec_GFp_simple_get_Jprojective_coordinates_GFp, \
+ ec_GFp_simple_point_set_affine_coordinates, \
+ ec_GFp_simple_point_get_affine_coordinates, \
+ NULL, /* point_set_compressed_coordinates */ \
+ NULL, /* point2oct */ \
+ NULL, /* oct2point */ \
+ ec_GFp_simple_add, \
+ ec_GFp_simple_dbl, \
+ ec_GFp_simple_invert, \
+ ec_GFp_simple_is_at_infinity, \
+ ec_GFp_simple_is_on_curve, \
+ ec_GFp_simple_cmp, \
+ ec_GFp_simple_make_affine, \
+ ec_GFp_simple_points_make_affine, \
+ ec_GFp_s390x_nistp##bits##_mul, \
+ NULL, /* precompute_mult */ \
+ NULL, /* have_precompute_mult */ \
+ ec_GFp_simple_field_mul, \
+ ec_GFp_simple_field_sqr, \
+ NULL, /* field_div */ \
+ ec_GFp_simple_field_inv, \
+ NULL, /* field_encode */ \
+ NULL, /* field_decode */ \
+ NULL, /* field_set_to_one */ \
+ ec_key_simple_priv2oct, \
+ ec_key_simple_oct2priv, \
+ NULL, /* set_private */ \
+ ec_key_simple_generate_key, \
+ ec_key_simple_check_key, \
+ ec_key_simple_generate_public_key, \
+ NULL, /* keycopy */ \
+ NULL, /* keyfinish */ \
+ ecdh_simple_compute_key, \
+ NULL, /* field_inverse_mod_ord */ \
+ ec_GFp_simple_blind_coordinates, \
+ ec_GFp_simple_ladder_pre, \
+ ec_GFp_simple_ladder_step, \
+ ec_GFp_simple_ladder_post \
+ }; \
+ static const EC_METHOD *ret; \
+ \
+ if (OPENSSL_s390xcap_P.pcc[1] \
+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
+ ret = &EC_GFp_s390x_nistp##bits##_meth; \
+ else \
+ ret = EC_GFp_mont_method(); \
+ \
+ return ret; \
+}
+
+EC_GFP_S390X_NISTP_METHOD(256)
+EC_GFP_S390X_NISTP_METHOD(384)
+EC_GFP_S390X_NISTP_METHOD(521)
Index: openssl-1.1.1d/Configurations/00-base-templates.conf
===================================================================
--- openssl-1.1.1d.orig/Configurations/00-base-templates.conf
+++ openssl-1.1.1d/Configurations/00-base-templates.conf
@@ -289,6 +289,7 @@ my %targets=(
template => 1,
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
+ ec_asm_src => "ecp_s390x_nistp.c",
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
rc4_asm_src => "rc4-s390x.s",
Index: openssl-1.1.1d/Configure
===================================================================
--- openssl-1.1.1d.orig/Configure
+++ openssl-1.1.1d/Configure
@@ -1400,6 +1400,9 @@ unless ($disabled{asm}) {
if ($target{ec_asm_src} =~ /x25519/) {
push @{$config{lib_defines}}, "X25519_ASM";
}
+ if ($target{ec_asm_src} =~ /ecp_s390x_nistp/) {
+ push @{$config{lib_defines}}, "S390X_NISTP_ASM";
+ }
if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
push @{$config{dso_defines}}, "PADLOCK_ASM";
}
++++++ openssl-s390x-assembly-pack-accelerate-ECDSA.patch ++++++
>From 58c35587eacba090414522a6506cb86f2d0e91af Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Thu, 11 Jul 2019 10:38:18 +0200
Subject: [PATCH 09206/10000] s390x assembly pack: accelerate ECDSA
for NIST P-256, P-384 and P-521 using KDSA instruction.
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
---
crypto/ec/ecp_s390x_nistp.c | 202 +++++++++++++++++++++++++++++++++++-
crypto/err/openssl.txt | 2 +
2 files changed, 200 insertions(+), 4 deletions(-)
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 0b03d7fd04..be81f0b8f0 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -10,6 +10,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
#include "ec_lcl.h"
#include "s390x_arch.h"
@@ -28,6 +29,15 @@
#define S390X_OFF_SRC_Y(n) (3 * n)
#define S390X_OFF_SCALAR(n) (4 * n)
+/* Offsets of fields in KDSA parameter blocks */
+#define S390X_OFF_R(n) (0 * n)
+#define S390X_OFF_S(n) (1 * n)
+#define S390X_OFF_H(n) (2 * n)
+#define S390X_OFF_K(n) (3 * n)
+#define S390X_OFF_X(n) (3 * n)
+#define S390X_OFF_RN(n) (4 * n)
+#define S390X_OFF_Y(n) (4 * n)
+
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
const BIGNUM *scalar,
size_t num, const EC_POINT *points[],
@@ -106,6 +116,163 @@ ret:
return rc;
}
+static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
+ int dgstlen,
+ const BIGNUM *kinv,
+ const BIGNUM *r,
+ EC_KEY *eckey,
+ unsigned int fc, int len)
+{
+ unsigned char param[S390X_SIZE_PARAM];
+ int ok = 0;
+ BIGNUM *k;
+ ECDSA_SIG *sig;
+ const EC_GROUP *group;
+ const BIGNUM *privkey;
+ int off;
+
+ group = EC_KEY_get0_group(eckey);
+ privkey = EC_KEY_get0_private_key(eckey);
+ if (group == NULL || privkey == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, EC_R_MISSING_PARAMETERS);
+ return NULL;
+ }
+
+ if (!EC_KEY_can_sign(eckey)) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG,
+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+ return NULL;
+ }
+
+ k = BN_secure_new();
+ sig = ECDSA_SIG_new();
+ if (k == NULL || sig == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ goto ret;
+ }
+
+ sig->r = BN_new();
+ sig->s = BN_new();
+ if (sig->r == NULL || sig->s == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ goto ret;
+ }
+
+ memset(param, 0, sizeof(param));
+ off = len - (dgstlen > len ? len : dgstlen);
+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off);
+
+ if (BN_bn2binpad(privkey, param + S390X_OFF_K(len), len) == -1) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
+ goto ret;
+ }
+
+ if (r == NULL || kinv == NULL) {
+ /*
+ * Generate random k and copy to param param block. RAND_priv_bytes
+ * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce
+ * because kdsa instruction constructs an in-range, invertible nonce
+ * internally implementing counter-measures for RNG weakness.
+ */
+ if (RAND_priv_bytes(param + S390X_OFF_RN(len), len) != 1) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG,
+ EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+ goto ret;
+ }
+ } else {
+ /* Reconstruct k = (k^-1)^-1. */
+ if (ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
+ || BN_bn2binpad(k, param + S390X_OFF_RN(len), len) == -1) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
+ goto ret;
+ }
+ /* Turns KDSA internal nonce-generation off. */
+ fc |= S390X_KDSA_D;
+ }
+
+ if (s390x_kdsa(fc, param, NULL, 0) != 0) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_ECDSA_LIB);
+ goto ret;
+ }
+
+ if (BN_bin2bn(param + S390X_OFF_R(len), len, sig->r) == NULL
+ || BN_bin2bn(param + S390X_OFF_S(len), len, sig->s) == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_SIGN_SIG, ERR_R_BN_LIB);
+ goto ret;
+ }
+
+ ok = 1;
+ret:
+ OPENSSL_cleanse(param, sizeof(param));
+ if (ok != 1) {
+ ECDSA_SIG_free(sig);
+ sig = NULL;
+ }
+ BN_clear_free(k);
+ return sig;
+}
+
+static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen,
+ const ECDSA_SIG *sig, EC_KEY *eckey,
+ unsigned int fc, int len)
+{
+ unsigned char param[S390X_SIZE_PARAM];
+ int rc = -1;
+ BN_CTX *ctx;
+ BIGNUM *x, *y;
+ const EC_GROUP *group;
+ const EC_POINT *pubkey;
+ int off;
+
+ group = EC_KEY_get0_group(eckey);
+ pubkey = EC_KEY_get0_public_key(eckey);
+ if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
+ return -1;
+ }
+
+ if (!EC_KEY_can_sign(eckey)) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG,
+ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+ return -1;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (x == NULL || y == NULL) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+ goto ret;
+ }
+
+ memset(param, 0, sizeof(param));
+ off = len - (dgstlen > len ? len : dgstlen);
+ memcpy(param + S390X_OFF_H(len) + off, dgst, len - off);
+
+ if (group->meth->point_get_affine_coordinates(group, pubkey,
+ x, y, ctx) != 1
+ || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1
+ || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1
+ || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1
+ || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) {
+ ECerr(EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, ERR_R_BN_LIB);
+ goto ret;
+ }
+
+ rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0;
+ret:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return rc;
+}
+
#define EC_GFP_S390X_NISTP_METHOD(bits) \
\
static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP
*group, \
S390X_SIZE_P##bits); \
} \
\
+static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \
+ char *dgst, \
+ int dgstlen, \
+ const BIGNUM *kinv,\
+ const BIGNUM *r, \
+ EC_KEY *eckey) \
+{ \
+ return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \
+ S390X_ECDSA_SIGN_P##bits, \
+ S390X_SIZE_P##bits); \
+} \
+ \
+static int ecdsa_s390x_nistp##bits##_verify_sig(const \
+ unsigned char *dgst, \
+ int dgstlen, \
+ const ECDSA_SIG *sig, \
+ EC_KEY *eckey) \
+{ \
+ return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \
+ S390X_ECDSA_VERIFY_P##bits, \
+ S390X_SIZE_P##bits); \
+} \
+ \
const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
{ \
static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void)
\
NULL, /* keyfinish */ \
ecdh_simple_compute_key, \
ecdsa_simple_sign_setup, \
- ecdsa_simple_sign_sig, \
- ecdsa_simple_verify_sig, \
+ ecdsa_s390x_nistp##bits##_sign_sig, \
+ ecdsa_s390x_nistp##bits##_verify_sig, \
NULL, /* field_inverse_mod_ord */ \
ec_GFp_simple_blind_coordinates, \
ec_GFp_simple_ladder_pre, \
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void)
\
}; \
static const EC_METHOD *ret; \
\
- if (OPENSSL_s390xcap_P.pcc[1] \
- & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
+ if ((OPENSSL_s390xcap_P.pcc[1] \
+ & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \
+ && (OPENSSL_s390xcap_P.kdsa[0] \
+ & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \
+ && (OPENSSL_s390xcap_P.kdsa[0] \
+ & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \
ret = &EC_GFp_s390x_nistp##bits##_meth; \
else \
ret = EC_GFp_mont_method(); \
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 035bd729f3..5d5981035c 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -554,6 +554,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
--
2.24.0
++++++ openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch ++++++
++++ 694 lines (skipped)
++++++ openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch ++++++
>From d68af00685c4a76e9545882e350717ae5e4071df Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Tue, 31 Jan 2017 12:43:35 +0100
Subject: [PATCH] s390x assembly pack: add OPENSSL_s390xcap man page.
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Andy Polyakov <ap...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6813)
---
doc/man3/OPENSSL_s390xcap.pod | 173 ++++++++++++++++++++++++++++++++++
util/private.num | 1 +
2 files changed, 174 insertions(+)
create mode 100644 doc/man3/OPENSSL_s390xcap.pod
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
new file mode 100644
index 00000000000..550136a82b8
--- /dev/null
+++ b/doc/man3/OPENSSL_s390xcap.pod
@@ -0,0 +1,173 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_s390xcap - the IBM z processor capabilities vector
+
+=head1 SYNOPSIS
+
+ env OPENSSL_s390xcap=... <application>
+
+=head1 DESCRIPTION
+
+libcrypto supports z/Architecture instruction set extensions. These
+extensions are denoted by individual bits in the capabilities vector.
+When libcrypto is initialized, the bits returned by the STFLE instruction
+and by the QUERY functions are stored in the vector.
+
+To change the set of instructions available to an application, you can
+set the OPENSSL_s390xcap environment variable before you start the
+application. After initialization, the capability vector is ANDed bitwise
+with a mask which is derived from the environment variable.
+
+The environment variable is a semicolon-separated list of tokens which is
+processed from left to right (whitespace is ignored):
+
+ OPENSSL_s390xcap="<tok1>;<tok2>;..."
+
+There are three types of tokens:
+
+=over 4
+
+=item <string>
+
+The name of a processor generation. A bit in the environment variable's
+mask is set to one if and only if the specified processor generation
+implements the corresponding instruction set extension. Possible values
+are z900, z990, z9, z10, z196, zEC12, z13 and z14.
+
+=item <string>:<mask>:<mask>
+
+The name of an instruction followed by two 64-bit masks. The part of the
+environment variable's mask corresponding to the specified instruction is
+set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc,
+kmac, kmctr, kmo, kmf, prno and kma.
+
+=item stfle:<mask>:<mask>:<mask>
+
+Store-facility-list-extended (stfle) followed by three 64-bit masks. The
+part of the environment variable's mask corresponding to the stfle
+instruction is set to the specified 192-bit mask.
+
+=back
+
+The 64-bit masks are specified in hexadecimal notation. The 0x prefix is
+optional. Prefix a mask with a tilde (~) to denote a bitwise NOT operation.
+
+The following is a list of significant bits for each instruction. Colon
+rows separate the individual 64-bit masks. The bit numbers in the first
+column are consistent with [1], that is, 0 denotes the leftmost bit and
+the numbering is continuous across 64-bit mask boundaries.
+
+ Bit Mask Facility/Function
+
+ stfle:
+ # 17 1<<46 message-security assist
+ # 25 1<<38 store-clock-fast facility
+ :
+ # 76 1<<51 message-security assist extension 3
+ # 77 1<<50 message-security assist extension 4
+ :
+ #129 1<<62 vector facility
+ #134 1<<57 vector packed decimal facility
+ #135 1<<56 vector enhancements facility 1
+ #146 1<<45 message-security assist extension 8
+
+ kimd :
+ # 1 1<<62 KIMD-SHA-1
+ # 2 1<<61 KIMD-SHA-256
+ # 3 1<<60 KIMD-SHA-512
+ # 32 1<<31 KIMD-SHA3-224
+ # 33 1<<30 KIMD-SHA3-256
+ # 34 1<<29 KIMD-SHA3-384
+ # 35 1<<28 KIMD-SHA3-512
+ # 36 1<<27 KIMD-SHAKE-128
+ # 37 1<<26 KIMD-SHAKE-256
+ :
+ # 65 1<<62 KIMD-GHASH
+
+ klmd :
+ # 32 1<<31 KLMD-SHA3-224
+ # 33 1<<30 KLMD-SHA3-256
+ # 34 1<<29 KLMD-SHA3-384
+ # 35 1<<28 KLMD-SHA3-512
+ # 36 1<<27 KLMD-SHAKE-128
+ # 37 1<<26 KLMD-SHAKE-256
+ :
+
+ km :
+ # 18 1<<45 KM-AES-128
+ # 19 1<<44 KM-AES-192
+ # 20 1<<43 KM-AES-256
+ # 50 1<<13 KM-XTS-AES-128
+ # 52 1<<11 KM-XTS-AES-256
+ :
+
+ kmc :
+ # 18 1<<45 KMC-AES-128
+ # 19 1<<44 KMC-AES-192
+ # 20 1<<43 KMC-AES-256
+ :
+
+ kmac :
+ # 18 1<<45 KMAC-AES-128
+ # 19 1<<44 KMAC-AES-192
+ # 20 1<<43 KMAC-AES-256
+ :
+
+ kmctr:
+ :
+
+ kmo :
+ # 18 1<<45 KMO-AES-128
+ # 19 1<<44 KMO-AES-192
+ # 20 1<<43 KMO-AES-256
+ :
+
+ kmf :
+ # 18 1<<45 KMF-AES-128
+ # 19 1<<44 KMF-AES-192
+ # 20 1<<43 KMF-AES-256
+ :
+
+ prno :
+ :
+
+ kma :
+ # 18 1<<45 KMA-GCM-AES-128
+ # 19 1<<44 KMA-GCM-AES-192
+ # 20 1<<43 KMA-GCM-AES-256
+ :
+
+=head1 EXAMPLES
+
+Disables all instruction set extensions which the z196 processor does not
implement:
+
+ OPENSSL_s390xcap="z196"
+
+Disables the vector facility:
+
+ OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000"
+
+Disables the KM-XTS-AES and and the KIMD-SHAKE function codes:
+
+ OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
+
+=head1 RETURN VALUES
+
+Not available.
+
+=head1 SEE ALSO
+
+[1] z/Architecture Principles of Operation, SA22-7832-11
+
+=head1 COPYRIGHT
+
+Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/util/private.num b/util/private.num
index c456578c335..2bfe987b437 100644
--- a/util/private.num
+++ b/util/private.num
@@ -3,6 +3,7 @@
# assembly language, etc.
#
OPENSSL_ia32cap environment
+OPENSSL_s390xcap environment
OPENSSL_MALLOC_FD environment
OPENSSL_MALLOC_FAILURES environment
OPENSSL_instrument_bus assembler
++++++ openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch ++++++
>From e382f507fb67863be02bfa69b08533cc55f0cd96 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Thu, 27 Jun 2019 01:07:54 +0200
Subject: [PATCH 08967/10000] s390x assembly pack: add support for pcc and kma
instructions
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
---
crypto/s390x_arch.h | 22 ++++++++
crypto/s390xcap.c | 119 +++++++++++++++++++++++++++++++++++++++++++
crypto/s390xcpuid.pl | 71 ++++++++++++++++++++++++++
3 files changed, 212 insertions(+)
Index: openssl-1.1.1d/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
+++ openssl-1.1.1d/crypto/s390x_arch.h
@@ -26,6 +26,9 @@ void s390x_kmf(const unsigned char *in,
unsigned int fc, void *param);
void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
size_t len, unsigned char *out, unsigned int fc, void *param);
+int s390x_pcc(unsigned int fc, void *param);
+int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in,
+ size_t len);
/*
* The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
@@ -45,6 +48,8 @@ struct OPENSSL_s390xcap_st {
unsigned long long kmf[2];
unsigned long long prno[2];
unsigned long long kma[2];
+ unsigned long long pcc[2];
+ unsigned long long kdsa[2];
};
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
@@ -69,6 +74,8 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_KMF 0x90
# define S390X_PRNO 0xa0
# define S390X_KMA 0xb0
+# define S390X_PCC 0xc0
+# define S390X_KDSA 0xd0
/* Facility Bit Numbers */
# define S390X_MSA 17 /* message-security-assist */
@@ -80,6 +87,7 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_VXD 134 /* vector packed decimal */
# define S390X_VXE 135 /* vector enhancements 1 */
# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
+# define S390X_MSA9 155 /* message-security-assist-ext. 9 */
/* Function Codes */
@@ -111,10 +119,24 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_SHA_512_DRNG 3
# define S390X_TRNG 114
+/* pcc */
+# define S390X_SCALAR_MULTIPLY_P256 64
+# define S390X_SCALAR_MULTIPLY_P384 65
+# define S390X_SCALAR_MULTIPLY_P521 66
+
+/* kdsa */
+# define S390X_ECDSA_VERIFY_P256 1
+# define S390X_ECDSA_VERIFY_P384 2
+# define S390X_ECDSA_VERIFY_P521 3
+# define S390X_ECDSA_SIGN_P256 9
+# define S390X_ECDSA_SIGN_P384 10
+# define S390X_ECDSA_SIGN_P521 11
+
/* Register 0 Flags */
# define S390X_DECRYPT 0x80
# define S390X_KMA_LPC 0x100
# define S390X_KMA_LAAD 0x200
# define S390X_KMA_HS 0x400
+# define S390X_KDSA_D 0x80
#endif
Index: openssl-1.1.1d/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcap.c
+++ openssl-1.1.1d/crypto/s390xcap.c
@@ -137,6 +137,10 @@ void OPENSSL_cpuid_setup(void)
OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
+ OPENSSL_s390xcap_P.pcc[0] &= cap.pcc[0];
+ OPENSSL_s390xcap_P.pcc[1] &= cap.pcc[1];
+ OPENSSL_s390xcap_P.kdsa[0] &= cap.kdsa[0];
+ OPENSSL_s390xcap_P.kdsa[1] &= cap.kdsa[1];
}
}
@@ -163,6 +167,8 @@ static int parse_env(struct OPENSSL_s390
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {0ULL, 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -189,6 +195,8 @@ static int parse_env(struct OPENSSL_s390
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {0ULL, 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -220,6 +228,8 @@ static int parse_env(struct OPENSSL_s390
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {0ULL, 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -257,6 +267,8 @@ static int parse_env(struct OPENSSL_s390
.kmf = {0ULL, 0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {0ULL, 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -313,6 +325,9 @@ static int parse_env(struct OPENSSL_s390
0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -369,6 +384,9 @@ static int parse_env(struct OPENSSL_s390
0ULL},
.prno = {0ULL, 0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -429,6 +447,9 @@ static int parse_env(struct OPENSSL_s390
| S390X_CAPBIT(S390X_SHA_512_DRNG),
0ULL},
.kma = {0ULL, 0ULL},
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kdsa = {0ULL, 0ULL},
};
/*-
@@ -508,6 +529,101 @@ static int parse_env(struct OPENSSL_s390
| S390X_CAPBIT(S390X_AES_192)
| S390X_CAPBIT(S390X_AES_256),
0ULL},
+ .pcc = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kdsa = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z15 (2019) - z/Architecture POP SA22-7832-12
+ * Implements MSA and MSA1-9.
+ */
+ static const struct OPENSSL_s390xcap_st z15 = {
+ /*.stfle = */{S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF)
+ | S390X_CAPBIT(S390X_MSA5),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ S390X_CAPBIT(S390X_VX)
+ | S390X_CAPBIT(S390X_VXD)
+ | S390X_CAPBIT(S390X_VXE)
+ | S390X_CAPBIT(S390X_MSA8),
+ 0ULL},
+ /*.kimd = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512)
+ | S390X_CAPBIT(S390X_SHA3_224)
+ | S390X_CAPBIT(S390X_SHA3_256)
+ | S390X_CAPBIT(S390X_SHA3_384)
+ | S390X_CAPBIT(S390X_SHA3_512)
+ | S390X_CAPBIT(S390X_SHAKE_128)
+ | S390X_CAPBIT(S390X_SHAKE_256),
+ S390X_CAPBIT(S390X_GHASH)},
+ /*.klmd = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512)
+ | S390X_CAPBIT(S390X_SHA3_224)
+ | S390X_CAPBIT(S390X_SHA3_256)
+ | S390X_CAPBIT(S390X_SHA3_384)
+ | S390X_CAPBIT(S390X_SHA3_512)
+ | S390X_CAPBIT(S390X_SHAKE_128)
+ | S390X_CAPBIT(S390X_SHAKE_256),
+ 0ULL},
+ /*.km = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ /*.kmc = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ /*.kmac = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ /*.kmctr = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ /*.kmo = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ /*.kmf = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ /*.prno = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
+ S390X_CAPBIT(S390X_TRNG)},
+ /*.kma = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ /*.pcc = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521),
+ 0ULL},
+ /*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
+ | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521)
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P256)
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P384)
+ | S390X_CAPBIT(S390X_ECDSA_SIGN_P521),
+ 0ULL},
};
char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
@@ -551,6 +667,8 @@ static int parse_env(struct OPENSSL_s390
else if TOK_FUNC(kmf)
else if TOK_FUNC(prno)
else if TOK_FUNC(kma)
+ else if TOK_FUNC(pcc)
+ else if TOK_FUNC(kdsa)
/* CPU model tokens */
else if TOK_CPU(z900)
@@ -561,6 +679,7 @@ static int parse_env(struct OPENSSL_s390
else if TOK_CPU(zEC12)
else if TOK_CPU(z13)
else if TOK_CPU(z14)
+ else if TOK_CPU(z15)
/* whitespace(ignored) or invalid tokens */
else {
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
@@ -77,8 +77,13 @@ OPENSSL_s390x_functions:
stg %r0,S390X_PRNO+8(%r4)
stg %r0,S390X_KMA(%r4)
stg %r0,S390X_KMA+8(%r4)
+ stg %r0,S390X_PCC(%r4)
+ stg %r0,S390X_PCC+8(%r4)
+ stg %r0,S390X_KDSA(%r4)
+ stg %r0,S390X_KDSA+8(%r4)
lmg %r2,%r3,S390X_STFLE(%r4)
+
tmhl %r2,0x4000 # check for message-security-assist
jz .Lret
@@ -102,6 +107,13 @@ OPENSSL_s390x_functions:
la %r1,S390X_KMAC(%r4)
.long 0xb91e0042 # kmac %r4,%r2
+ tmhh %r3,0x0003 # check for message-security-assist-3
+ jz .Lret
+
+ lghi %r0,S390X_QUERY # query pcc capability vector
+ la %r1,S390X_PCC(%r4)
+ .long 0xb92c0000 # pcc
+
tmhh %r3,0x0004 # check for message-security-assist-4
jz .Lret
@@ -125,6 +137,7 @@ OPENSSL_s390x_functions:
.long 0xb93c0042 # prno %r4,%r2
lg %r2,S390X_STFLE+16(%r4)
+
tmhl %r2,0x2000 # check for message-security-assist-8
jz .Lret
@@ -132,6 +145,13 @@ OPENSSL_s390x_functions:
la %r1,S390X_KMA(%r4)
.long 0xb9294022 # kma %r2,%r4,%r2
+ tmhl %r2,0x0010 # check for message-security-assist-9
+ jz .Lret
+
+ lghi %r0,S390X_QUERY # query kdsa capability vector
+ la %r1,S390X_KDSA(%r4)
+ .long 0xb93a0002 # kdsa %r0,%r2
+
.Lret:
br $ra
.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
@@ -422,6 +442,57 @@ s390x_kma:
___
}
+################
+# void s390x_pcc(unsigned int fc, void *param)
+{
+my ($fc,$param) = map("%r$_",(2..3));
+$code.=<<___;
+.globl s390x_pcc
+.type s390x_pcc,\@function
+.align 16
+s390x_pcc:
+ lr %r0,$fc
+ l${g}r %r1,$param
+ lhi %r2,0
+
+ .long 0xb92c0000 # pcc
+ brc 1,.-4 # pay attention to "partial completion"
+ brc 7,.Lpcc_err # if CC==0 return 0, else return 1
+.Lpcc_out:
+ br $ra
+.Lpcc_err:
+ lhi %r2,1
+ j .Lpcc_out
+.size s390x_pcc,.-s390x_pcc
+___
+}
+
+################
+# void s390x_kdsa(unsigned int fc, void *param,
+# const unsigned char *in, size_t len)
+{
+my ($fc,$param,$in,$len) = map("%r$_",(2..5));
+$code.=<<___;
+.globl s390x_kdsa
+.type s390x_kdsa,\@function
+.align 16
+s390x_kdsa:
+ lr %r0,$fc
+ l${g}r %r1,$param
+ lhi %r2,0
+
+ .long 0xb93a0004 # kdsa %r0,$in
+ brc 1,.-4 # pay attention to "partial completion"
+ brc 7,.Lkdsa_err # if CC==0 return 0, else return 1
+.Lkdsa_out:
+ br $ra
+.Lkdsa_err:
+ lhi %r2,1
+ j .Lkdsa_out
+.size s390x_kdsa,.-s390x_kdsa
+___
+}
+
$code.=<<___;
.section .init
brasl $ra,OPENSSL_cpuid_setup
++++++ openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch ++++++
>From 2281be2ed4a7df462677661d30b13826ae6b3e26 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Tue, 24 Sep 2019 14:44:27 +0200
Subject: [PATCH 09530/10000] s390x assembly pack: cleanse only sensitive
fields
of instruction parameter blocks.
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
---
crypto/ec/ecp_s390x_nistp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index be81f0b8f0..9533698b0f 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -110,7 +110,7 @@ ret:
/* Otherwise use default. */
if (rc == -1)
rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
- OPENSSL_cleanse(param, sizeof(param));
+ OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);
return rc;
@@ -203,7 +203,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned
char *dgst,
ok = 1;
ret:
- OPENSSL_cleanse(param, sizeof(param));
+ OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
if (ok != 1) {
ECDSA_SIG_free(sig);
sig = NULL;
--
2.24.0
++++++ openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch ++++++
>From ac037dc874a721ca81a33b4314e26cef4a7e8d48 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Tue, 24 Sep 2019 23:20:00 +0200
Subject: [PATCH 09529/10000] s390x assembly pack: fix OPENSSL_s390xcap z15 cpu
mask
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
---
crypto/s390xcap.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
index 5123e14fa6..3e6aeae1df 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
@@ -578,7 +578,8 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
S390X_CAPBIT(S390X_VX)
| S390X_CAPBIT(S390X_VXD)
| S390X_CAPBIT(S390X_VXE)
- | S390X_CAPBIT(S390X_MSA8),
+ | S390X_CAPBIT(S390X_MSA8)
+ | S390X_CAPBIT(S390X_MSA9),
0ULL},
/*.kimd = */{S390X_CAPBIT(S390X_QUERY)
| S390X_CAPBIT(S390X_SHA_1)
@@ -642,11 +643,10 @@ static int parse_env(struct OPENSSL_s390xcap_st *cap)
| S390X_CAPBIT(S390X_AES_192)
| S390X_CAPBIT(S390X_AES_256),
0ULL},
- /*.pcc = */{S390X_CAPBIT(S390X_QUERY)
- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
+ /*.pcc = */{S390X_CAPBIT(S390X_QUERY),
+ S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256)
| S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384)
- | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521),
- 0ULL},
+ | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521)},
/*.kdsa = */{S390X_CAPBIT(S390X_QUERY)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P256)
| S390X_CAPBIT(S390X_ECDSA_VERIFY_P384)
--
2.24.0
++++++ openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch ++++++
>From b3681e2641999be6c1f70e66497fe384d683a07e Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Tue, 24 Sep 2019 23:03:19 +0200
Subject: [PATCH 09528/10000] s390x assembly pack: fix msa3 stfle bit detection
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
---
crypto/s390xcpuid.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl
index 36f742068b..4906e0366a 100755
--- a/crypto/s390xcpuid.pl
+++ b/crypto/s390xcpuid.pl
@@ -109,7 +109,7 @@ OPENSSL_s390x_functions:
la %r1,S390X_KMAC(%r4)
.long 0xb91e0042 # kmac %r4,%r2
- tmhh %r3,0x0003 # check for message-security-assist-3
+ tmhh %r3,0x0008 # check for message-security-assist-3
jz .Lret
lghi %r0,S390X_QUERY # query pcc capability vector
--
2.24.0
++++++ openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch ++++++
>From da93b5cc2bc931b998f33ee432bc1ae2b38fccca Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Wed, 26 Jun 2019 23:41:35 +0200
Subject: [PATCH 08968/10000] s390x assembly pack: update OPENSSL_s390xcap(3)
Add description of capability vector's pcc and kma parts.
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
---
doc/man3/OPENSSL_s390xcap.pod | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
Index: openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
===================================================================
--- openssl-1.1.1d.orig/doc/man3/OPENSSL_s390xcap.pod
+++ openssl-1.1.1d/doc/man3/OPENSSL_s390xcap.pod
@@ -34,14 +34,14 @@ There are three types of tokens:
The name of a processor generation. A bit in the environment variable's
mask is set to one if and only if the specified processor generation
implements the corresponding instruction set extension. Possible values
-are z900, z990, z9, z10, z196, zEC12, z13 and z14.
+are z900, z990, z9, z10, z196, zEC12, z13, z14 and z15.
=item <string>:<mask>:<mask>
The name of an instruction followed by two 64-bit masks. The part of the
environment variable's mask corresponding to the specified instruction is
set to the specified 128-bit mask. Possible values are kimd, klmd, km, kmc,
-kmac, kmctr, kmo, kmf, prno and kma.
+kmac, kmctr, kmo, kmf, prno, kma, pcc and kdsa.
=item stfle:<mask>:<mask>:<mask>
@@ -153,13 +153,28 @@ Disables the KM-XTS-AES and and the KIMD
OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
+ pcc :
+ :
+ # 64 1<<63 PCC-Scalar-Multiply-P256
+ # 65 1<<62 PCC-Scalar-Multiply-P384
+ # 66 1<<61 PCC-Scalar-Multiply-P521
+
+ kdsa :
+ # 1 1<<62 KDSA-ECDSA-Verify-P256
+ # 2 1<<61 KDSA-ECDSA-Verify-P384
+ # 3 1<<60 KDSA-ECDSA-Verify-P521
+ # 9 1<<54 KDSA-ECDSA-Sign-P256
+ # 10 1<<53 KDSA-ECDSA-Sign-P384
+ # 11 1<<52 KDSA-ECDSA-Sign-P521
+ :
+
=head1 RETURN VALUES
Not available.
=head1 SEE ALSO
-[1] z/Architecture Principles of Operation, SA22-7832-11
+[1] z/Architecture Principles of Operation, SA22-7832-12
=head1 COPYRIGHT
++++++ openssl-s390xcpuid.pl-fix-comment.patch ++++++
>From 9baa4d5f4c9f596faba2b3e219b367a09c472d1d Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.ste...@de.ibm.com>
Date: Wed, 3 Jul 2019 18:02:11 +0200
Subject: [PATCH 09203/10000] s390xcpuid.pl: fix comment
Signed-off-by: Patrick Steuer <patrick.ste...@de.ibm.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
---
crypto/s390xcpuid.pl | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
@@ -431,7 +431,7 @@ ___
}
################
-# void s390x_pcc(unsigned int fc, void *param)
+# int s390x_pcc(unsigned int fc, void *param)
{
my ($fc,$param) = map("%r$_",(2..3));
$code.=<<___;
@@ -456,8 +456,8 @@ ___
}
################
-# void s390x_kdsa(unsigned int fc, void *param,
-# const unsigned char *in, size_t len)
+# int s390x_kdsa(unsigned int fc, void *param,
+# const unsigned char *in, size_t len)
{
my ($fc,$param,$in,$len) = map("%r$_",(2..5));
$code.=<<___;
