[openssl] master update
The branch master has been updated
via d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021 (commit)
from 333b31e3000ff009cdc48bf45d9af687031f7688 (commit)
- Log -
commit d29d7a7ff22e8e3be1c8bbdb8edd3ab9c72ed021
Author: Shane Lontis
Date: Wed May 5 16:58:37 2021 +1000
Fix i2d_PKCS8PrivateKey_nid_bio() regression.
This method ignores the nid and could end up saving out the private key
unencrypted
In earlier alpha releases OSSL_num_encoders() returned 0 for this test
case, which then meant that the legacy path was run, and the key was
then correctly encrypted.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15152)
---
Summary of changes:
crypto/pem/pem_pk8.c | 8 +++-
test/evp_extra_test2.c | 37 +
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 86a66b586c..5e28907be3 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -93,7 +93,13 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder,
int nid,
}
}
-if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
+/*
+ * NOTE: There is no attempt to do a EVP_CIPHER_fetch() using the nid,
+ * since the nid is a PBE algorithm which can't be fetched currently.
+ * (e.g. NID_pbe_WithSHA1And2_Key_TripleDES_CBC). Just use the legacy
+ * path if the NID is passed.
+ */
+if (nid == -1 && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
ret = 1;
if (enc != NULL) {
ret = 0;
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 6d5303ab9d..2e5861c77f 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -290,6 +290,40 @@ done:
return ret;
}
+#ifndef OPENSSL_NO_DES
+static int test_pkcs8key_nid_bio(void)
+{
+int ret;
+const int nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+static const char pwd[] = "PASSWORD";
+EVP_PKEY *pkey = NULL, *pkey_dec = NULL;
+BIO *in = NULL, *enc_bio = NULL;
+char *enc_data = NULL;
+long enc_datalen = 0;
+OSSL_PROVIDER *provider = NULL;
+
+ret = TEST_ptr(provider = OSSL_PROVIDER_load(NULL, "default"))
+ && TEST_ptr(enc_bio = BIO_new(BIO_s_mem()))
+ && TEST_ptr(in = BIO_new_mem_buf(kExampleRSAKeyPKCS8,
+ sizeof(kExampleRSAKeyPKCS8)))
+ && TEST_ptr(pkey = d2i_PrivateKey_ex_bio(in, NULL, NULL, NULL))
+ && TEST_int_eq(i2d_PKCS8PrivateKey_nid_bio(enc_bio, pkey, nid,
+ pwd, sizeof(pwd) - 1,
+ NULL, NULL), 1)
+ && TEST_int_gt(enc_datalen = BIO_get_mem_data(enc_bio, &enc_data), 0)
+ && TEST_ptr(pkey_dec = d2i_PKCS8PrivateKey_bio(enc_bio, NULL, NULL,
+ (void *)pwd))
+ && TEST_true(EVP_PKEY_eq(pkey, pkey_dec));
+
+EVP_PKEY_free(pkey_dec);
+EVP_PKEY_free(pkey);
+BIO_free(in);
+BIO_free(enc_bio);
+OSSL_PROVIDER_unload(provider);
+return ret;
+}
+#endif /* OPENSSL_NO_DES */
+
static int test_alternative_default(void)
{
OSSL_LIB_CTX *oldctx;
@@ -727,6 +761,9 @@ int setup_tests(void)
ADD_TEST(test_pkey_todata_null);
ADD_TEST(test_pkey_export_null);
ADD_TEST(test_pkey_export);
+#ifndef OPENSSL_NO_DES
+ADD_TEST(test_pkcs8key_nid_bio);
+#endif
return 1;
}
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm
Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: 8be513ae46 Mark pop/clear error stack in der2key_decode_p8 f7f0632b01 BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true 1064616012 Optimize RSA on armv8 f0f4a46c4f FIPS checksums update e70abb8b4c Test oct2point for hybrid point encoding of (0, y) 56f0237938 Avoid division by zero in hybrid point encoding 32b1da718d tasn_dec: use do/while around statement macros ab9d1af955 80-test_cmp_http.t: Improve fuzzing exclusion pattern b33cf20263 ssl.h.in: Fix deprecation exclusion for SRP-related declarations 4d49b68504 Crypto: Add deprecation compatibility declarations for SHA* message digest functions 0a8a6afdfb Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions bea31afef0 DOC: Fix all wrong occurrences of '' to 'I' 0f4fb64785 apps/mac: Add digest and cipher command line options 29f5727b83 apps/mac: avoid need for two ^D when using stdin from a terminal 68f3fb0514 apps: remove initial newline from mac output a1230dea4d apps: add mac, cipher and digest arguments to the kdf applet. 839261592c Remove unused code from the fips module 0d40ca47bd bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication 531df8185f BIO_printf.pod: Clarify that output is always null terminated. 9b53932b6f FIPS checksum update 4ed1f0bc70 provider: use a read lock when looking for a provider 2876528de5 doc: document the new ossl_provider_clear_all_operation_bits() function ced7df2638 test: add a provider load/unload cache flush test. 0090e50890 provider: flush the store cache when providers are loaded/unloaded. 43d7856499 Updated gost-engine to latest commit from master branch c9f18e5990 Unify parameter types in documentation f71a745358 Fixes #14662. Return all EC parameters even for named curves 592ea4ba94 Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers 6d1bb1fffd make update 848af5e8fe Drop libimplementations.a 5a86dac862 Rename files in providers/implementations/signatures 28a8d07d7f changes: add note about application output formatting differences. 22d1138fe2 Avoid sending alerts after shutdown 021521aa91 Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT bfe2fcc840 evp_extra_test: Avoid potential double free of params 6ef2f71ac7 Clarify where dispatch functions/ids are defined 6d418dbcd3 Clarify two comments (typos) in fipsprov.c 4c8e6f7d20 Prepare for 3.0 alpha 17 d0c041b13a Prepare for release of 3.0 alpha 16 aff636a489 Update copyright year 6269fedffb Update the FIPS checksums d105a24c89 Add some tests for -inform/keyform enforcement bee3f38905 Document the behavior of the -inform and related options 3d1becd42a provider-storemgmt: Document the input-type and properties parameters. 0b294f5647 Update gost-engine to make it compatible with the added params d382e79632 Make the -inform option to be respected if possible b86fa8c556 try to document changes in salt handling for the 'enc' command c4c8791e14 change salt handling, way 1 a35536b52d coverity: fix 1478169: dereference after NULL check 08a337fac6 Remove all trace of FIPS_mode functions Build log ended with (last 100 lines): 25-test_pkcs7.t ok 25-test_req.t .. ok 25-test_rusext.t ... ok 25-test_sid.t .. ok 25-test_verify.t ... ok 25-test_verify_store.t . ok 25-test_x509.t . ok 30-test_acvp.t . skipped: ACVP is not supported by this test 30-test_aesgcm.t ... ok 30-test_afalg.t ok 30-test_defltfips.t ok 30-test_engine.t ... ok 30-test_evp.t .. ok 30-test_evp_extra.t ok 30-test_evp_fetch_prov.t ... ok 30-test_evp_kdf.t .. ok 30-test_evp_libctx.t ... ok 30-test_evp_pkey_dparam.t .. ok 30-test_evp_pkey_provided.t ok 30-test_pbelu.t ok 30-test_pkey_meth.t ok 30-test_pkey_meth_kdf.t ok 30-test_provider_status.t .. skipped: provider_status is not supported by this test 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 61-test_bio_prefix.t ... ok 61-test_bio_readbuffer.t ... ok 65-test_cmp_asn.t .. ok 65-test_cmp_client.t ... ok 65-test_cmp_ctx.t .. ok 65-test_cmp_hdr.t .. ok 65-test_cmp_msg.t .. ok 65-test_cmp_protect.t .. ok 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_
[openssl] master update
The branch master has been updated via 333b31e3000ff009cdc48bf45d9af687031f7688 (commit) from 8be513ae46765ab4c4c3e244640652c24633288d (commit) - Log - commit 333b31e3000ff009cdc48bf45d9af687031f7688 Author: Pauli Date: Mon May 10 10:47:37 2021 +1000 checksum fix Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15209) --- Summary of changes: providers/fips-sources.checksums | 2 +- providers/fips.checksum | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 49535d99e5..da684b0718 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -31,7 +31,7 @@ fdabbeafcb4b351a13ec92f04a4427ff94e51909d3773e02ff526b4d77ded8dc crypto/asn1_ds 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a crypto/bn/asm/alpha-mont.pl 0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1 crypto/bn/asm/armv4-gf2m.pl 8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250 crypto/bn/asm/armv4-mont.pl -320a3feafffafc05a00a56202958abc258cff596c602604d6c878fa0ca3023d6 crypto/bn/asm/armv8-mont.pl +8d6192337fedb0012764229d600634f8357c3b74fd38bcbfe8b86ddc6ca96ea2 crypto/bn/asm/armv8-mont.pl cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8 crypto/bn/asm/bn-586.pl 636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd crypto/bn/asm/c64xplus-gf2m.pl c86664fb974362ee52a454c83c2c4b23fd5b7d64b3c9e23ef1e0dfd130a46ee5 crypto/bn/asm/co-586.pl diff --git a/providers/fips.checksum b/providers/fips.checksum index 2f3dff8cfc..c4d76e1822 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -5a2795b0bfeec67d234e9cf05bbac1571f205ba2da7e378e81b6e105fec1c85b providers/fips-sources.checksums +14ae4fff4bd856c7e146d65b63880ff152276fe35b0f1f4ed5f24eb6e97e7b44 providers/fips-sources.checksums
Build completed: openssl master.41985
Build openssl master.41985 completed Commit a1230dea4d by Pauli on 5/8/2021 12:13 PM: apps: add mac, cipher and digest arguments to the kdf applet. Configure your notification preferences
Build failed: openssl master.41984
Build openssl master.41984 failed Commit 839261592c by Shane Lontis on 5/8/2021 10:44 AM: Remove unused code from the fips module Configure your notification preferences
[openssl] master update
The branch master has been updated
via 8be513ae46765ab4c4c3e244640652c24633288d (commit)
from f7f0632b01cf16efccb133e395cf115c194bd003 (commit)
- Log -
commit 8be513ae46765ab4c4c3e244640652c24633288d
Author: Daniel Bevenius
Date: Wed Apr 28 10:30:13 2021 +0200
Mark pop/clear error stack in der2key_decode_p8
This commit sets the error mark before calling d2i_X509_SIG
and clear it if that function call is successful.
The motivation for this is that if d2i_X509_SIG returns NULL then the
else clause will be entered and d2i_PKCS8_PRIV_KEY_INFO will be
called. If d2i_X509_SIG raised any errors those error will be on the
error stack when d2i_PKCS8_PRIV_KEY_INFO gets called, and even if it
returns successfully those errors will still be on the error stack.
We ran into this issue when upgrading Node.js to 3.0.0-alpha15.
More details can be found in the ref links below.
Refs: https://github.com/nodejs/node/issues/38373
Refs:
https://github.com/danbev/learning-libcrypto/blob/master/notes/wrong-tag-issue2.md
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15067)
---
Summary of changes:
.../implementations/encode_decode/decode_der2key.c | 5
test/evp_extra_test.c | 35 ++
2 files changed, 40 insertions(+)
diff --git a/providers/implementations/encode_decode/decode_der2key.c
b/providers/implementations/encode_decode/decode_der2key.c
index 73acf527c1..01c050ccb0 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -124,10 +124,13 @@ static void *der2key_decode_p8(const unsigned char
**input_der,
ctx->flag_fatal = 0;
+ERR_set_mark();
if ((p8 = d2i_X509_SIG(NULL, input_der, input_der_len)) != NULL) {
char pbuf[PEM_BUFSIZE];
size_t plen = 0;
+ERR_clear_last_mark();
+
if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg))
ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
else
@@ -136,6 +139,8 @@ static void *der2key_decode_p8(const unsigned char
**input_der,
ctx->flag_fatal = 1;
X509_SIG_free(p8);
} else {
+/* Pop any errors that might have been raised by d2i_X509_SIG. */
+ERR_pop_to_mark();
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len);
}
if (p8inf != NULL
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 7fd45bc316..56522e4af9 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1172,7 +1172,41 @@ static int test_EVP_PKCS82PKEY(void)
return ret;
}
+
#endif
+static int test_EVP_PKCS82PKEY_wrong_tag(void)
+{
+EVP_PKEY *pkey = NULL;
+EVP_PKEY *pkey2 = NULL;
+BIO *membio = NULL;
+char *membuf = NULL;
+PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+int ok = 0;
+
+if (testctx != NULL)
+/* test not supported with non-default context */
+return 1;
+
+if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
+|| !TEST_ptr(pkey = load_example_rsa_key())
+|| !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
+NULL, 0, NULL, NULL),
+0)
+|| !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
+|| !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
+|| !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
+|| !TEST_int_eq(ERR_get_error(), 0)) {
+goto done;
+}
+
+ok = 1;
+ done:
+EVP_PKEY_free(pkey);
+EVP_PKEY_free(pkey2);
+PKCS8_PRIV_KEY_INFO_free(p8inf);
+BIO_free_all(membio);
+return ok;
+}
/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
static int test_privatekey_to_pkcs8(void)
@@ -2894,6 +2928,7 @@ int setup_tests(void)
ADD_TEST(test_EVP_Enveloped);
ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
ADD_TEST(test_privatekey_to_pkcs8);
+ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
#ifndef OPENSSL_NO_EC
ADD_TEST(test_EVP_PKCS82PKEY);
#endif
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 207b8693b0821aab356ce9dccb7f2fe86e5e035a (commit)
from a9e808fadcff1b1b4bf5dece753ee5eb00c9cc16 (commit)
- Log -
commit 207b8693b0821aab356ce9dccb7f2fe86e5e035a
Author: David Carlier
Date: Sat Apr 24 16:13:26 2021 +0100
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only
data and true
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15015)
(cherry picked from commit f7f0632b01cf16efccb133e395cf115c194bd003)
---
Summary of changes:
crypto/bio/b_sock2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
index 335dfabc61..f54b550ecf 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -243,7 +243,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
}
}
-# ifdef IPV6_V6ONLY
+ /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
if (BIO_ADDR_family(addr) == AF_INET6) {
/*
* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
[openssl] master update
The branch master has been updated
via f7f0632b01cf16efccb133e395cf115c194bd003 (commit)
from 10646160125ac1328d892f1dd27f2847892d33c5 (commit)
- Log -
commit f7f0632b01cf16efccb133e395cf115c194bd003
Author: David Carlier
Date: Sat Apr 24 16:13:26 2021 +0100
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only
data and true
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15015)
---
Summary of changes:
crypto/bio/b_sock2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
index 0446e7fd8d..f13f20148b 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -264,7 +264,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
}
}
-# ifdef IPV6_V6ONLY
+ /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
if (BIO_ADDR_family(addr) == AF_INET6) {
/*
* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
[openssl] master update
The branch master has been updated
via 10646160125ac1328d892f1dd27f2847892d33c5 (commit)
from f0f4a46c4f5c82d4d9d0fb8a51d546c3135668a2 (commit)
- Log -
commit 10646160125ac1328d892f1dd27f2847892d33c5
Author: fangming.fang
Date: Fri Mar 19 06:45:57 2021 +
Optimize RSA on armv8
Add Neon path for RSA on armv8, this optimisation targets to A72
and N1 that are ones of important cores of infrastructure. Other
platforms are not impacted.
A72
old new improved
rsa 512 sign 9828.6 9738.7 -1%
rsa 512 verify 121497.2122367.71%
rsa 1024 sign 18181816.9 0%
rsa 1024 verify 37175.6 37161.3 0%
rsa 2048 sign 267.3 267.4 0%
rsa 2048 verify 10127.6 10119.6 0%
rsa 3072 sign 86.887 0%
rsa 3072 verify 4604.2 4956.2 8%
rsa 4096 sign 38.338.51%
rsa 4096 verify 2619.8 2972.1 13%
rsa 7680 sign 5 7 40%
rsa 7680 verify 756 929.4 23%
rsa 15360 sign 0.8 1 25%
rsa 15360 verify190.4 246 29%
N1
old new improved
rsa 512 sign 12599.2 12596.7 0%
rsa 512 verify 148636.1148656.20%
rsa 1024 sign 2150.6 2148.9 0%
rsa 1024 verify 42353.5 42265.2 0%
rsa 2048 sign 305.5 305.3 0%
rsa 2048 verify 11209.7 11205.2 0%
rsa 3072 sign 97.898.20%
rsa 3072 verify 5061.3 5990.7 18%
rsa 4096 sign 42.843 0%
rsa 4096 verify 2867.6 3509.8 22%
rsa 7680 sign 5.5 8.4 53%
rsa 7680 verify 823.5 1058.3 29%
rsa 15360 sign 0.9 1.1 22%
rsa 15360 verify207 273.9 32%
CustomizedGitHooks: yes
Change-Id: I01c732cc429d793c4eb5ffd27ccd30ff9cebf8af
Jira: SECLIB-540
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/14761)
---
Summary of changes:
crypto/armcap.c | 7 +
crypto/bn/asm/armv8-mont.pl | 381
crypto/bn/build.info| 1 +
3 files changed, 389 insertions(+)
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 0e7c0842ad..dc2326f8f6 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -19,6 +19,7 @@
unsigned int OPENSSL_armcap_P = 0;
unsigned int OPENSSL_arm_midr = 0;
+unsigned int OPENSSL_armv8_rsa_neonized = 0;
#if __ARM_MAX_ARCH__<7
void OPENSSL_cpuid_setup(void)
@@ -237,6 +238,12 @@ void OPENSSL_cpuid_setup(void)
# ifdef __aarch64__
if (OPENSSL_armcap_P & ARMV8_CPUID)
OPENSSL_arm_midr = _armv8_cpuid_probe();
+
+if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM,
ARM_CPU_PART_CORTEX_A72) ||
+ MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM,
ARM_CPU_PART_N1)) &&
+(OPENSSL_armcap_P & ARMV7_NEON)) {
+OPENSSL_armv8_rsa_neonized = 1;
+}
# endif
}
#endif
diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl
index e8bdfa3bb8..0867ccabee 100755
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@@ -67,16 +67,34 @@ $n0="x4"; # const BN_ULONG *n0,
$num="x5"; # int num);
$code.=<<___;
+#ifndef__KERNEL__
+# include "arm_arch.h"
+.extern OPENSSL_armv8_rsa_neonized
+.hidden OPENSSL_armv8_rsa_neonized
+#endif
.text
.globl bn_mul_mont
.type bn_mul_mont,%function
.align 5
bn_mul_mont:
+.Lbn_mul_mont:
+ tst $num,#3
+ b.ne.Lmul_mont
+ cmp $num,#32
+ b.le.Lscalar_impl
+#ifndef__KERNEL__
+ adrpx17,OPENSSL_armv8_rsa_neonized
+ ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
+ cbnzw17, bn_mul8x_mont_neon
+#endif
+
+.Lscalar_impl:
tst $num,#7
b.eq__bn_sqr8x_mont
tst $num,#3
b.eq__bn_mul4x_mont
+
.Lmul_mont:
stp x29,x30,[sp,#-64]!
add x29,sp,#0
@@ -274,6 +292,369 @@ bn_mul_mont:
.size bn_mul_mont,.-bn_mul_mont
___
{
+my ($A0,$A1,$N0,$N1)=map("v$_",(0..3));
+my ($Z
[openssl] master update
The branch master has been updated
via f0f4a46c4f5c82d4d9d0fb8a51d546c3135668a2 (commit)
via e70abb8b4cb3b6259812137f72efa100797bca22 (commit)
via 56f0237938c7e99d04f004886d56cb76514c4d56 (commit)
from 32b1da718d5d6f35fcef82f3794273807d6202e9 (commit)
- Log -
commit f0f4a46c4f5c82d4d9d0fb8a51d546c3135668a2
Author: Nicola Tuveri
Date: Sun May 9 14:57:14 2021 +0300
FIPS checksums update
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15108)
commit e70abb8b4cb3b6259812137f72efa100797bca22
Author: Theo Buehler
Date: Sat May 1 13:09:10 2021 +0200
Test oct2point for hybrid point encoding of (0, y)
Reviewed-by: Nicola Tuveri
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15108)
commit 56f0237938c7e99d04f004886d56cb76514c4d56
Author: Theo Buehler
Date: Sat May 1 12:25:50 2021 +0200
Avoid division by zero in hybrid point encoding
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus incorrecly fail with a
division by zero error as found by Guido Vranken's cryptofuzz.
This commit adds a few explanatory comments to oct2point. The only
actual code change is in the last hunk which adds a BN_is_zero(x)
check to avoid the division by zero.
Fixes #15021
Reviewed-by: Nicola Tuveri
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/15108)
---
Summary of changes:
crypto/ec/ec2_oct.c | 41 +---
providers/fips-sources.checksums | 2 +-
providers/fips.checksum | 2 +-
test/ectest.c| 50
4 files changed, 85 insertions(+), 10 deletions(-)
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 9f6e5de6fd..1970efd65c 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -270,9 +270,21 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group,
EC_POINT *point,
ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL);
return 0;
}
-form = buf[0];
-y_bit = form & 1;
-form = form & ~1U;
+
+/*
+ * The first octet is the point converison octet PC, see X9.62, page 4
+ * and section 4.4.2. It must be:
+ * 0x00 for the point at infinity
+ * 0x02 or 0x03 for compressed form
+ * 0x04 for uncompressed form
+ * 0x06 or 0x07 for hybrid form.
+ * For compressed or hybrid forms, we store the last bit of buf[0] as
+ * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
+ * We error if buf[0] contains any but the above values.
+ */
+y_bit = buf[0] & 1;
+form = buf[0] & ~1U;
+
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID)) {
@@ -284,6 +296,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group,
EC_POINT *point,
return 0;
}
+/* The point at infinity is represented by a single zero octet. */
if (form == 0) {
if (len != 1) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
@@ -337,11 +350,23 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group,
EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_HYBRID) {
-if (!group->meth->field_div(group, yxi, y, x, ctx))
-goto err;
-if (y_bit != BN_is_odd(yxi)) {
-ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
-goto err;
+/*
+ * Check that the form in the encoding was set correctly
+ * according to X9.62 4.4.2.a, 4(c), see also first paragraph
+ * of X9.62, 4.4.1.b.
+ */
+if (BN_is_zero(x)) {
+if (y_bit != 0) {
+ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+goto err;
+}
+} else {
+if (!group->meth->field_div(group, yxi, y, x, ctx))
+goto err;
+if (y_bit != BN_is_odd(yxi)) {
+ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+goto err;
+}
}
}
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 0ab5e40394..49535d99e5 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -140,7 +140,7 @@
eaa9408936
Build completed: openssl master.41980
Build openssl master.41980 completed Commit 43d7856499 by Tomas Mraz on 5/7/2021 1:43 PM: Updated gost-engine to latest commit from master branch Configure your notification preferences
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DA3Ji_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHDr-2FHzsYK6RQMVfDXL7Jg1eQk56X-2B1-2FDKL17HoSGZ-2B2MSJE2ViBh5MPhOVFRd-2B9GfHZG4AXEqgOdUyCHzaOVMpyLg8zelepAqDswPZeMC2IKstCnhDi7wD3ognYchLl1sDkR-2BkzmsX9KyQ8OiHn14falhLwxwgIpgzoWg7OynlhiHtvonWrvzISmpUUWntsYc-3D Build ID: 385615 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DALlY_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEGU933lLFpYJkiOWrkpuW4WufYOtE6U3uyUGTqNWpEbaN0PS-2BeNe9NBL9Eq2Tp7IjBVM1hvEt4A10weKRPBku4BIaW6qRRP-2B-2F3vl5QImDFojeU8gjPlybrwaGAHuU3Yj7EFXewSD0sRyBPLxC5Ej2-2BAvl-2FVPC8OPbYTzQb4M1S3dLahhP8AnXQ-2Fetx0sXGiEE-3D Build ID: 385614 Analysis Summary: New defects found: 6 Defects eliminated: 9 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3D1O6r_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEGU933lLFpYJkiOWrkpuW4WufYOtE6U3uyUGTqNWpEbcBwNSS-2F3Fl3OscAKlIRw0Oy9f2t7zIoB5KpM4CrOAsP2bKNdOVxUHAApOKwE6tupCHRRZoHLbuFLy7x6vHc0Gvk9pbvlB9po-2BtD5UJYGIObbemd-2FQQBAPQ5p-2F2Q7XDSFicmJ66C1QOHlVMC3N2XSUY-3D
Build failed: openssl master.41979
Build openssl master.41979 failed Commit 93f410e2af by Tomáš Mráz on 5/7/2021 1:42 PM: Unify parameter types in documentation (#15178) Configure your notification preferences
