Hello community, here is the log from the commit of package openssl-1_1 for openSUSE:Factory checked in at 2018-03-01 12:05:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openssl-1_1" Thu Mar 1 12:05:23 2018 rev:1 rq:580922 version:1.1.0g Changes: -------- New Changes file: --- /dev/null 2018-03-01 08:56:54.644963210 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-1_1.new/openssl-1_1.changes 2018-03-01 12:05:25.379235790 +0100 @@ -0,0 +1,2626 @@ +------------------------------------------------------------------- +Tue Feb 27 20:13:14 UTC 2018 - dimstar@opensuse.org + +- Move the libopenssl1_1_0-32bit obsoletes in baselibs.conf to the + new libopenssl1_1-32bit: it does not belong to the devel + package. + +------------------------------------------------------------------- +Fri Feb 16 12:01:50 UTC 2018 - vcizek@suse.com + +- Renamed from openssl-1_1_0 (bsc#1081335) + * All the minor versions of the 1.1.x openssl branch have the same + sonum and keep ABI compatibility + * obsolete the 1_1_0 packages +- update baselibs.conf with the new version names + +------------------------------------------------------------------- +Thu Feb 15 15:47:07 UTC 2018 - tchvatal@suse.com + +- Remove bit obsolete syntax +- Use %license macro + +------------------------------------------------------------------- +Mon Jan 22 15:29:33 UTC 2018 - schwab@suse.de + +- Don't disable afalgeng on aarch64 + +------------------------------------------------------------------- +Tue Jan 9 17:37:39 UTC 2018 - vcizek@suse.com + +- Add support for s390x CPACF enhancements (fate#321518) + patches taken from https://github.com/openssl/openssl/pull/2859: + * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch + * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch + * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch + * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch + * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch + * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch + * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch + * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch + * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch + * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch + * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch + +------------------------------------------------------------------- +Tue Nov 28 09:54:38 UTC 2017 - dimstar@opensuse.org + +- Do not filter pkgconfig() provides/requires. + +------------------------------------------------------------------- +Tue Nov 28 08:24:53 UTC 2017 - dimstar@opensuse.org + +- Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a + clean upgrade path as an aid to zypp (boo#1070003). + +------------------------------------------------------------------- +Thu Nov 2 19:56:54 UTC 2017 - vcizek@suse.com + +- Update to 1.1.0g + OpenSSL Security Advisory [02 Nov 2017] + * bn_sqrx8x_internal carry bug on x86_64 + (CVE-2017-3736) (bsc#1066242) + * Malformed X.509 IPAddressFamily could cause OOB read + (CVE-2017-3735) (bsc#1056058) +- drop 0001-Fix-a-TLSProxy-race-condition.patch (upstream) +- refresh 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch + +------------------------------------------------------------------- +Fri Sep 1 11:33:46 UTC 2017 - vcizek@suse.com + +- update DEFAULT_SUSE cipher list (bsc#1055825) + * add CHACHA20-POLY1305 + * add ECDSA ciphers + * remove 3DES +- modified openssl-1.0.1e-add-suse-default-cipher.patch + +------------------------------------------------------------------- +Tue Aug 15 08:48:59 UTC 2017 - meissner@suse.com + +- do not require openssl1_1_0-targettype in devel-targettype, as it + is not built (it has no libraries) + +------------------------------------------------------------------- +Mon Aug 7 23:29:33 UTC 2017 - jengelh@inai.de + +- The description is supposed to describe the package, not the + development process or history. (Synchronize with the + already-updates descriptions in openssl-1_0_0.) +- Update historic copypasted boilerplate summaries + ("include files mandatory for development") + +------------------------------------------------------------------- +Thu Aug 3 07:04:30 UTC 2017 - tchvatal@suse.com + +- Disable the verbosity of the tests as we expose yet another race + condition in that + +------------------------------------------------------------------- +Tue Jul 18 11:06:41 UTC 2017 - vcizek@suse.com + +- Fix a race condition in tests to make the package build reliably + * https://github.com/openssl/openssl/issues/3562 + * 0001-Fix-a-TLSProxy-race-condition.patch + +------------------------------------------------------------------- +Tue Jul 18 05:50:05 UTC 2017 - jimmy@boombatower.com + +- Add Provides and Conflicts for -devel package in baselibs.conf. + +------------------------------------------------------------------- +Sun Jun 25 12:33:59 UTC 2017 - tchvatal@suse.com + +- Add patch openssl-no-date.patch to disable date inclusion in most + of the binaries +- Use autopatch to make things smaller +- Enable verbose output on the tests +- Paralelize depmod + +------------------------------------------------------------------- +Mon May 29 09:57:39 UTC 2017 - vcizek@suse.com + +- update to 1.1.0f + * bugfix only release +- disable RSA keygen tests, because they use too small modulus, which + is rejected by our CC/FIPS hardening patches + * added openssl-disable_rsa_keygen_tests_with_small_modulus.patch +- refreshed openssl-rsakeygen-minimum-distance.patch and + 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch + +------------------------------------------------------------------- +Wed May 10 11:11:33 UTC 2017 - tchvatal@suse.com + +- Add conflict for any libopenssl-devel that is not in our version + +------------------------------------------------------------------- +Wed May 10 10:40:53 UTC 2017 - tchvatal@suse.com + +- Avoid the requires conflict between 1.1 and 1.0 openssl + +------------------------------------------------------------------- +Fri May 5 07:42:41 UTC 2017 - tchvatal@suse.com + +- Add conflict on docu packages + +------------------------------------------------------------------- +Wed May 3 12:48:11 UTC 2017 - vcizek@suse.com + +- drop unnecessary README.SUSE + +------------------------------------------------------------------- +Wed May 3 11:46:58 UTC 2017 - vcizek@suse.com + +- add openssl-1.1-fix-ppc64.patch from Marcus Meissner to fix build + on ppc64 + +------------------------------------------------------------------- +Wed May 3 09:06:06 UTC 2017 - tchvatal@suse.com + +- Fix build on aarch64 + +------------------------------------------------------------------- +Wed May 3 08:50:07 UTC 2017 - tchvatal@suse.com + +- Remove libpadlock conditional, no longer present + +------------------------------------------------------------------- +Tue May 2 10:28:38 UTC 2017 - tchvatal@suse.com + +- Update baselibs.conf to contain all the renamed packages + +------------------------------------------------------------------- +Wed Apr 26 12:43:47 UTC 2017 - vcizek@suse.com + +- re-enable tests on SLE-12 and below despite current failure, so + they are automatically run once the issue is resolved + +------------------------------------------------------------------- +Wed Apr 26 12:37:14 UTC 2017 - tchvatal@suse.com + +- Filter out the pkgconfig provides to force usage of the main + openssl package provides + +------------------------------------------------------------------- +Fri Apr 21 13:04:42 UTC 2017 - vcizek@suse.com + +- disable tests on SLE-12 and its derivates + * they fail because of glibc bug bsc#1035445 +- remove README-FIPS.txt (outdated) + +------------------------------------------------------------------- +Thu Apr 20 15:08:43 UTC 2017 - vcizek@suse.com + +- drop openssl-fipslocking.patch + The locking in 1.1.0 has been rewritten and converted to the new + threading API. The fips deadlock (at least bsc#991193) can't be + reproduced anymore. +- don't ship useless INSTALL* files ++++ 2429 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Factory/.openssl-1_1.new/openssl-1_1.changes New: ---- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch baselibs.conf openssl-1.0.1e-add-suse-default-cipher.patch openssl-1.0.1e-add-test-suse-default-cipher-suite.patch openssl-1.1.0-fips.patch openssl-1.1.0-no-html.patch openssl-1.1.0g.tar.gz openssl-1.1.0g.tar.gz.asc openssl-1_1.changes openssl-1_1.spec openssl-disable_rsa_keygen_tests_with_small_modulus.patch openssl-fips-clearerror.patch openssl-fips-dont-fall-back-to-default-digest.patch openssl-fips-dont_run_FIPS_module_installed.patch openssl-fips-fix-odd-rsakeybits.patch openssl-fips-rsagen-d-bits.patch openssl-fips-selftests_in_nonfips_mode.patch openssl-fips_disallow_ENGINE_loading.patch openssl-no-date.patch openssl-pkgconfig.patch openssl-ppc64-config.patch openssl-rsakeygen-minimum-distance.patch openssl-static-deps.patch openssl-truststore.patch openssl-urandom-reseeding.patch openssl.keyring showciphers.c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_1.spec ++++++ # # spec file for package openssl-1_1 # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define ssletcdir %{_sysconfdir}/ssl %define maj_min 1.1 %define _rname openssl Name: openssl-1_1 Version: 1.1.0g Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security Url: https://www.openssl.org/ Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz # to get mtime of file: Source1: %{name}.changes Source2: baselibs.conf Source42: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc # https://www.openssl.org/about/ # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openss... Source43: %{_rname}.keyring Source99: showciphers.c # https://github.com/openssl/openssl/pull/2045 Patch0: 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch # PATCH-FIX-OPENSUSE: upstream won't use glibc Patch1: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch # PATCH-FIX-OPENSUSE: do not install html mans it takes ages Patch2: openssl-1.1.0-no-html.patch # PATCH-FIX-UPSTREAM: patch to allow deps and linking to static libs # needed for fips and taken from upstream Patch3: openssl-static-deps.patch Patch4: openssl-truststore.patch Patch5: openssl-pkgconfig.patch Patch6: openssl-1.0.1e-add-suse-default-cipher.patch Patch7: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch8: openssl-ppc64-config.patch Patch9: openssl-no-date.patch # FIPS patches: Patch51: openssl-1.1.0-fips.patch Patch52: openssl-fips-dont_run_FIPS_module_installed.patch Patch53: openssl-fips_disallow_ENGINE_loading.patch Patch54: openssl-rsakeygen-minimum-distance.patch Patch55: openssl-urandom-reseeding.patch Patch56: openssl-fips-rsagen-d-bits.patch Patch57: openssl-fips-selftests_in_nonfips_mode.patch Patch58: openssl-fips-fix-odd-rsakeybits.patch Patch59: openssl-fips-clearerror.patch Patch60: openssl-fips-dont-fall-back-to-default-digest.patch Patch61: openssl-disable_rsa_keygen_tests_with_small_modulus.patch # FATE#321518 Add support for s390x CPACF enhancements (https://fate.suse.com/321518) Patch62: 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch Patch63: 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch Patch64: 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch Patch65: 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch Patch66: 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch Patch67: 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch Patch68: 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch Patch69: 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch Patch70: 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch Patch71: 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch Patch72: 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch BuildRequires: bc BuildRequires: ed BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) Conflicts: ssl Provides: ssl # Needed for clean upgrade path, boo#1070003 Obsoletes: openssl-1_0_0 # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: openssl-1_1_0 %description OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols. %package -n libopenssl1_1 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security Recommends: ca-certificates-mozilla # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: libopenssl1_1_0 %description -n libopenssl1_1 OpenSSL is a software library to be used in applications that need to secure communications over computer networks against eavesdropping or need to ascertain the identity of the party at the other end. OpenSSL contains an implementation of the SSL and TLS protocols. %package -n libopenssl-1_1-devel Summary: Development files for OpenSSL License: OpenSSL Group: Development/Libraries/C and C++ Requires: %{name} = %{version} Requires: libopenssl1_1 = %{version} Requires: pkgconfig(zlib) # we need to have around only the exact version we are able to operate with Conflicts: libopenssl-devel < %{version} Conflicts: libopenssl-devel > %{version} Conflicts: ssl-devel Provides: ssl-devel # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: libopenssl-1_1_0-devel %description -n libopenssl-1_1-devel This subpackage contains header files for developing applications that want to make use of the OpenSSL C API. %package -n libopenssl1_1-hmac Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries License: BSD-3-Clause Group: Productivity/Networking/Security Requires: libopenssl1_1 = %{version}-%{release} # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: libopenssl1_1_0-hmac %description -n libopenssl1_1-hmac The FIPS compliant operation of the openssl shared libraries is NOT possible without the HMAC hashes contained in this package! %package doc Summary: Additional Package Documentation License: OpenSSL Group: Productivity/Networking/Security Conflicts: openssl-doc Provides: openssl-doc = %{version} Obsoletes: openssl-doc < %{version} BuildArch: noarch %description doc This package contains optional documentation provided in addition to this package's base documentation. %prep %setup -q -n %{_rname}-%{version} %autopatch -p1 %build %ifarch armv5el armv5tel export MACHINE=armv5el %endif %ifarch armv6l armv6hl export MACHINE=armv6l %endif ./config \ no-rc5 no-idea \ fips \ no-ssl3 \ enable-rfc3779 \ %ifarch x86_64 aarch64 ppc64le enable-ec_nistp_64_gcc_128 \ %endif enable-camellia \ zlib \ no-ec2m \ --prefix=%{_prefix} \ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ %{optflags} -std=gnu99 \ -Wa,--noexecstack \ -Wl,-z,relro,-z,now \ -fno-common \ -DTERMIO \ -DPURIFY \ -D_GNU_SOURCE \ -DOPENSSL_NO_BUF_FREELISTS \ $(getconf LFS_CFLAGS) \ -Wall util/mkdef.pl crypto update make depend %{?_smp_mflags} make all %{?_smp_mflags} %check export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) LD_LIBRARY_PATH=`pwd` make test -j1 # show cyphers gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE99} -L%{buildroot}%{_libdir} -lssl -lcrypto LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers %install %make_install %{?_smp_mflags} # kill static libs rm -f %{buildroot}%{_libdir}/lib*.a # remove the cnf.dist rm -f %{buildroot}%{_sysconfdir}/ssl/openssl.cnf.dist ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl mkdir %{buildroot}/%{_datadir}/ssl mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/ # avoid file conflicts with man pages from other packages # set +x pushd %{buildroot}/%{_mandir} # some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check. # replace spaces by underscores #for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) } for i in man?/*; do if test -L $i ; then LDEST=`readlink $i` rm -f $i ${i}ssl ln -sf ${LDEST}ssl ${i}ssl else mv $i ${i}ssl fi case "$i" in *.1) # these are the pages mentioned in openssl(1). They go into the main package. echo %doc %{_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist;; *) # the rest goes into the openssl-doc package. echo %doc %{_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist.doc;; esac done popd set -x # Do not install demo scripts executable under /usr/share/doc find demos -type f -perm /111 -exec chmod 644 {} \; # Place showciphers.c for %doc macro cp %{SOURCE99} . # the hmac hashes: # # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %expand of # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs' %{expand:%%global __os_install_post {%__os_install_post %{buildroot}%{_bindir}/fips_standalone_hmac \ %{buildroot}%{_libdir}/libssl.so.%{maj_min} > \ %{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac %{buildroot}%{_bindir}/fips_standalone_hmac \ %{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \ %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac }} %post -n libopenssl1_1 -p /sbin/ldconfig %postun -n libopenssl1_1 -p /sbin/ldconfig %files -n libopenssl1_1 %license LICENSE %{_libdir}/libssl.so.%{maj_min} %{_libdir}/libcrypto.so.%{maj_min} %{_libdir}/engines-%{maj_min} %files -n libopenssl1_1-hmac %{_libdir}/.libssl.so.%{maj_min}.hmac %{_libdir}/.libcrypto.so.%{maj_min}.hmac %files -n libopenssl-1_1-devel %{_includedir}/%{_rname}/ %{_includedir}/ssl %{_libdir}/libssl.so %{_libdir}/libcrypto.so %{_libdir}/pkgconfig/libcrypto.pc %{_libdir}/pkgconfig/libssl.pc %{_libdir}/pkgconfig/openssl.pc %files doc -f filelist.doc %doc doc/* demos %doc showciphers.c %files -f filelist %doc CHANGE* NEWS README %dir %{ssletcdir} %config (noreplace) %{ssletcdir}/openssl.cnf %attr(700,root,root) %{ssletcdir}/private %dir %{_datadir}/ssl %{_datadir}/ssl/misc %{_bindir}/c_rehash %{_bindir}/fips_standalone_hmac %{_bindir}/%{_rname} %changelog ++++++ 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch ++++++ ++++ 956 lines (skipped) ++++++ 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch ++++++

From c5ac41de1511f898301c298b2b28d05372cba817 Mon Sep 17 00:00:00 2001 From: Vitezslav Cizek <vcizek@suse.com> Date: Thu, 8 Dec 2016 13:10:33 +0100 Subject: [PATCH] Resume reading from randfile when interrupted by a signal.

It was regularly observed with openssh: sshd: fatal: cannot read from /dev/urandom, Interrupted system call --- crypto/rand/randfile.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index c96383a..6e39e86 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -104,6 +104,12 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = #define RFILE ".rnd" +#ifdef EINTR +# define INTERRUPTED(in) (ferror(in) && errno == EINTR) +#else +# define INTERRUPTED (0) +#endif + /* * Note that these functions are intended for seed files only. Entropy * devices and EGD sockets are handled in rand_unix.c @@ -162,9 +168,16 @@ int RAND_load_file(const char *file, long bytes) n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE; else n = BUFSIZE; + i = fread(buf, 1, n, in); - if (i <= 0) + if (i <= 0) { + if (INTERRUPTED(in)) { + /* Interrupted by a signal, resume reading */ + clearerr(in); + continue; + } break; + } RAND_add(buf, i, (double)i); ret += i; -- 2.10.2 ++++++ 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch ++++++

From 7b46a0ed5938e28d974757db44cc9d299ad5cb4e Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Thu, 23 Feb 2017 14:03:39 +0100 Subject: [PATCH 02/44] crypto/modes/asm/ghash-s390x.pl: fix gcm_gmult_4bit KIMD code path.

gcm_gmult_4bit KIMD code path assumed that that Xi is processed. However, with iv lengths not equal to 12, the function is also used to process Yi, resulting in wrong ghash computation. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/modes/asm/ghash-s390x.pl | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl index f8b038c708..6dbb8232d6 100644 --- a/crypto/modes/asm/ghash-s390x.pl +++ b/crypto/modes/asm/ghash-s390x.pl @@ -95,14 +95,23 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block... lg %r1,24(%r1) # load second word of kimd capabilities vector tmhh %r1,0x4000 # check for function 65 jz .Lsoft_gmult + lghi %r1,-16 stg %r0,16($sp) # arrange 16 bytes of zero input stg %r0,24($sp) + la $Htbl,0(%r1,$Htbl) # H lies right before Htable + lghi %r0,65 # function 65 - la %r1,0($Xi) # H lies right after Xi in gcm128_context + la %r1,32($sp) + mvc 32(16,$sp),0($Xi) # copy Xi/Yi + mvc 48(16,$sp),0($Htbl) # copy H la $inp,16($sp) lghi $len,16 .long 0xb93e0004 # kimd %r0,$inp brc 1,.-4 # pay attention to "partial completion" + + mvc 0(16,$Xi),32($sp) + xc 32(32,$sp),32($sp) # wipe stack + br %r14 .align 32 .Lsoft_gmult: -- 2.13.6 ++++++ 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch ++++++

From 3e1c11dd482dd4626989bb6d84fc708d9bb95219 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Mon, 30 Jan 2017 17:37:54 +0100 Subject: [PATCH 04/44] s390x assembly pack: add OPENSSL_s390xcap environment variable.

The OPENSSL_s390xcap environment variable is used to set bits in the s390x capability vector to zero. This simplifies testing of different code paths. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/s390x_arch.h | 28 ++++++++++++++++++++++++++++ crypto/s390xcap.c | 33 +++++++++++++++++++++++++++++---- 2 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 crypto/s390x_arch.h Index: openssl-1.1.0g/crypto/s390x_arch.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 15:26:40.291112320 +0100 @@ -0,0 +1,28 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef S390X_ARCH_H +# define S390X_ARCH_H + +# include <stdint.h> + +/* + * The elements of OPENSSL_s390xcap_P are the doublewords returned by the STFLE + * instruction followed by the doubleword pairs returned by instructions' QUERY + * functions. If STFLE returns fewer doublewords or an instruction is not + * supported, the corresponding element is zero. The order is as follows: + * + * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR + */ +# define S390X_STFLE_DWORDS 2 +# define S390X_QUERY_DWORDS 8 +# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS) +extern unsigned long long OPENSSL_s390xcap_P[]; + +#endif Index: openssl-1.1.0g/crypto/s390xcap.c =================================================================== --- openssl-1.1.0g.orig/crypto/s390xcap.c 2017-11-02 15:29:03.000000000 +0100 +++ openssl-1.1.0g/crypto/s390xcap.c 2018-01-10 15:27:42.988113439 +0100 @@ -14,6 +14,7 @@ #include <signal.h> unsigned long long OPENSSL_s390xcap_P[10]; +#include "s390x_arch.h" static sigjmp_buf ill_jmp; static void ill_handler(int sig) @@ -21,17 +22,21 @@ static void ill_handler(int sig) siglongjmp(ill_jmp, sig); } -unsigned long OPENSSL_s390x_facilities(void); +void OPENSSL_s390x_facilities(void); void OPENSSL_cpuid_setup(void) { sigset_t oset; struct sigaction ill_act, oact; + uint64_t vec; + char *env; + int off; + int i; if (OPENSSL_s390xcap_P[0]) return; - OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1); + OPENSSL_s390xcap_P[0] = 1ULL << (8 * sizeof(uint64_t) - 1); memset(&ill_act, 0, sizeof(ill_act)); ill_act.sa_handler = ill_handler; @@ -47,4 +52,26 @@ void OPENSSL_cpuid_setup(void) sigaction(SIGILL, &oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); + + if ((env = getenv("OPENSSL_s390xcap")) != NULL) { + for (i = 0; i < S390X_CAP_DWORDS; i++) { + off = (env[0] == '~') ? 1 : 0; + + if (sscanf(env + off, "%llx", (unsigned long long *)&vec) == 1) + OPENSSL_s390xcap_P[i] &= off ? ~vec : vec; + + if (i == S390X_STFLE_DWORDS - 1) + env = strchr(env, '.'); + else + env = strpbrk(env, ":."); + + if (env == NULL) + break; + + if (env[0] == '.') + i = S390X_STFLE_DWORDS - 1; + + env++; + } + } } ++++++ 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch ++++++

From 79310b18d90badd58595cf2fff40591ad76c301a Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Tue, 31 Jan 2017 12:43:35 +0100 Subject: [PATCH 05/44] s390x assembly pack: add OPENSSL_s390xcap man page.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- doc/man3/OPENSSL_s390xcap.pod | 94 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 doc/man3/OPENSSL_s390xcap.pod diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod new file mode 100644 index 0000000000..de56c7cf55 --- /dev/null +++ b/doc/man3/OPENSSL_s390xcap.pod @@ -0,0 +1,94 @@ +=pod + +=head1 NAME + +OPENSSL_s390xcap - the z processor capabilities vector + +=head1 SYNOPSIS + + env OPENSSL_s390xcap=... <application> + +=head1 DESCRIPTION + +libcrypto supports z architecture instruction set extensions. These +extensions are denoted by individual bits in the capability vector. +When libcrypto is initialized, the bits returned by the STFLE instruction +and by the QUERY functions are stored in the vector. + +The OPENSSL_s390xcap environment variable can be set before starting an +application to affect capability detection. It is specified by a +colon-separated list of 64-bit values in hexadecimal notation, the 0x +prefix being optional. The ~ prefix means bitwise NOT and a point +indicates the end of the STFLE bits respectively the beginning of the +QUERY bits. + +After initialization, the capability vector is ANDed bitwise with the +corresponding parts of the environment variable. + +The following bits are significant: + +. + +=over + +=item #60 KIMD-SHA-512 + +=item #61 KIMD-SHA-256 + +=item #62 KIMD-SHA-1 + +=back + +: + +=over + +=item #62 KIMD-GHASH + +=back + +: + +=over + +=item #11 KM-XTS-AES-256 + +=item #13 KM-XTS-AES-128 + +=item #43 KM-AES-256 + +=item #44 KM-AES-192 + +=item #45 KM-AES-128 + +=back + +: +: + +=over + +=item #43 KMC-AES-256 + +=item #44 KMC-AES-192 + +=item #45 KMC-AES-128 + +=back + +=head1 EXAMPLES + +OPENSSL_s390xcap=.0:0 disables KIMD. + +OPENSSL_s390xcap=.::~0x2800 disables KM-XTS-AES. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut -- 2.13.6 ++++++ 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch ++++++

From 9c59438dadc2b8026c058deb0759da78de1bb7ba Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Fri, 10 Feb 2017 19:43:08 +0100 Subject: [PATCH 06/44] s390x assembly pack: extended s390x capability vector (STFLE).

Extended the s390x capability vector to store the longer facility list available from z13 onwards. The bits indicating the vector extensions are set to zero, if the kernel does not enable the vector facility. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/aes/asm/aes-s390x.pl | 10 +++++----- crypto/modes/asm/ghash-s390x.pl | 4 ++-- crypto/s390x_arch.h | 9 +++++++-- crypto/s390xcap.c | 31 +++++++++++++++++++++++++++++++ crypto/s390xcpuid.S | 14 +++++++++----- crypto/sha/asm/sha1-s390x.pl | 4 ++-- crypto/sha/asm/sha512-s390x.pl | 4 ++-- 7 files changed, 58 insertions(+), 18 deletions(-) Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl =================================================================== --- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl 2018-01-10 17:22:31.466891754 +0100 @@ -823,8 +823,8 @@ $code.=<<___ if (!$softonly); larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 srlg %r0,%r0,0(%r5) - ng %r0,32(%r1) # check availability of both km... - ng %r0,48(%r1) # ...and kmc support for given key length + ng %r0,40(%r1) # check availability of both km... + ng %r0,56(%r1) # ...and kmc support for given key length jz .Lekey_internal lmg %r0,%r1,0($inp) # just copy 128 bits... @@ -1442,7 +1442,7 @@ $code.=<<___ if (!$softonly && 0);# kmct larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 # check if kmctr supports the function code srlg %r0,%r0,0($s0) - ng %r0,64(%r1) # check kmctr capability vector + ng %r0,72(%r1) # check kmctr capability vector lgr %r0,$s0 lgr %r1,$s1 jz .Lctr32_km_loop @@ -1592,7 +1592,7 @@ $code.=<<___ if(1); larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 srlg %r0,%r0,32($s1) # check for 32+function code - ng %r0,32(%r1) # check km capability vector + ng %r0,40(%r1) # check km capability vector lgr %r0,$s0 # restore the function code la %r1,0($key1) # restore $key1 jz .Lxts_km_vanilla Index: openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl =================================================================== --- openssl-1.1.0g.orig/crypto/modes/asm/ghash-s390x.pl 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl 2018-01-10 17:13:07.430224756 +0100 @@ -89,7 +89,7 @@ ___ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block... larl %r1,OPENSSL_s390xcap_P lghi %r0,0 - lg %r1,24(%r1) # load second word of kimd capabilities vector + lg %r1,32(%r1) # load second word of kimd capabilities vector tmhh %r1,0x4000 # check for function 65 jz .Lsoft_gmult lghi %r1,-16 @@ -132,7 +132,7 @@ gcm_ghash_4bit: ___ $code.=<<___ if(!$softonly); larl %r1,OPENSSL_s390xcap_P - lg %r0,24(%r1) # load second word of kimd capabilities vector + lg %r0,32(%r1) # load second word of kimd capabilities vector tmhh %r0,0x4000 # check for function 65 jz .Lsoft_ghash lghi %r0,65 # function 65 Index: openssl-1.1.0g/crypto/s390x_arch.h =================================================================== --- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 17:13:07.430224756 +0100 @@ -18,11 +18,16 @@ * functions. If STFLE returns fewer doublewords or an instruction is not * supported, the corresponding element is zero. The order is as follows: * - * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR + * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR */ -# define S390X_STFLE_DWORDS 2 +# define S390X_STFLE_DWORDS 3 # define S390X_QUERY_DWORDS 8 # define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS) extern unsigned long long OPENSSL_s390xcap_P[]; +/* OPENSSL_s390xcap_P[2] flags */ +# define S390X_STFLE_VXE (1ULL << 56) +# define S390X_STFLE_VXD (1ULL << 57) +# define S390X_STFLE_VX (1ULL << 62) + #endif Index: openssl-1.1.0g/crypto/s390xcap.c =================================================================== --- openssl-1.1.0g.orig/crypto/s390xcap.c 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/s390xcap.c 2018-01-10 17:13:07.430224756 +0100 @@ -22,6 +22,31 @@ static void ill_handler(int sig) siglongjmp(ill_jmp, sig); } +/*- + * os-specific function to check if "vector enablement control"-bit and + * "AFP register control"-bit in control register 0 are set. + */ +static int vx_enabled(void) +{ +#if defined(OPENSSL_SYS_LINUX) + FILE *fd; + char buf[4096]; + + if ((fd = fopen("/proc/cpuinfo", "r")) == NULL) + return 0; + + buf[0] = '\0'; + + while ((fgets(buf, sizeof(buf), fd) != NULL) + && (strstr(buf, "features") != buf)); + + fclose(fd); + return (strstr(buf, " vx ") != NULL) ? 1 : 0; +#else + return 0; +#endif +} + void OPENSSL_s390x_facilities(void); void OPENSSL_cpuid_setup(void) @@ -53,6 +78,12 @@ void OPENSSL_cpuid_setup(void) sigaction(SIGILL, &oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); + /* protection against disabled vector facility */ + if (!vx_enabled()) { + OPENSSL_s390xcap_P[2] &= ~(S390X_STFLE_VXE | S390X_STFLE_VXD | + S390X_STFLE_VX); + } + if ((env = getenv("OPENSSL_s390xcap")) != NULL) { for (i = 0; i < S390X_CAP_DWORDS; i++) { off = (env[0] == '~') ? 1 : 0; Index: openssl-1.1.0g/crypto/s390xcpuid.S =================================================================== --- openssl-1.1.0g.orig/crypto/s390xcpuid.S 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/s390xcpuid.S 2018-01-10 17:13:07.430224756 +0100 @@ -21,33 +21,37 @@ OPENSSL_s390x_facilities: stg %r0,56(%r4) stg %r0,64(%r4) stg %r0,72(%r4) + stg %r0,80(%r4) .long 0xb2b04000 # stfle 0(%r4) brc 8,.Ldone lghi %r0,1 .long 0xb2b04000 # stfle 0(%r4) + brc 8,.Ldone + lghi %r0,2 + .long 0xb2b04000 # stfle 0(%r4) .Ldone: lmg %r2,%r3,0(%r4) tmhl %r2,0x4000 # check for message-security-assist jz .Lret lghi %r0,0 # query kimd capabilities - la %r1,16(%r4) + la %r1,24(%r4) .long 0xb93e0002 # kimd %r0,%r2 lghi %r0,0 # query km capability vector - la %r1,32(%r4) + la %r1,40(%r4) .long 0xb92e0042 # km %r4,%r2 lghi %r0,0 # query kmc capability vector - la %r1,48(%r4) + la %r1,56(%r4) .long 0xb92f0042 # kmc %r4,%r2 tmhh %r3,0x0004 # check for message-security-assist-4 jz .Lret lghi %r0,0 # query kmctr capability vector - la %r1,64(%r4) + la %r1,72(%r4) .long 0xb92d2042 # kmctr %r4,%r2,%r2 .Lret: Index: openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl =================================================================== --- openssl-1.1.0g.orig/crypto/sha/asm/sha1-s390x.pl 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl 2018-01-10 17:13:07.430224756 +0100 @@ -172,7 +172,7 @@ sha1_block_data_order: ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,16(%r1) # check kimd capabilities + lg %r0,24(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc Index: openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl =================================================================== --- openssl-1.1.0g.orig/crypto/sha/asm/sha512-s390x.pl 2018-01-10 17:13:05.962202226 +0100 +++ openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl 2018-01-10 17:13:07.430224756 +0100 @@ -244,7 +244,7 @@ $Func: ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,16(%r1) # check kimd capabilities + lg %r0,24(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc ++++++ 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch ++++++

From 29039576b1512a3508d40929dad605cefe806186 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Thu, 16 Feb 2017 09:05:28 +0100 Subject: [PATCH 07/44] crypto/evp/e_aes.c: add foundations for extended s390x support.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/evp/e_aes.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/s390x_arch.h | 10 +++ 2 files changed, 185 insertions(+) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 802b1d814d..d5932e1c64 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -950,6 +950,181 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } +#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY) +/* + * IBM S390X support + */ +# include "s390x_arch.h" + +/*- + * If KM and KMC support the function code, AES_KEY structure holds + * key/function code (instead of key schedule/number of rounds). + */ +# define S390X_AES_FC (((AES_KEY *)(key))->rounds) + +# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\ + (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128)) +# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\ + (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192)) +# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\ + (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256)) + +# define s390x_aes_init_key aes_init_key +static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 + +# define s390x_aes_cbc_cipher aes_cbc_cipher +static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ecb_CAPABLE 0 +# define S390X_aes_192_ecb_CAPABLE 0 +# define S390X_aes_256_ecb_CAPABLE 0 + +# define s390x_aes_ecb_cipher aes_ecb_cipher +static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ofb_CAPABLE 0 +# define S390X_aes_192_ofb_CAPABLE 0 +# define S390X_aes_256_ofb_CAPABLE 0 + +# define s390x_aes_ofb_cipher aes_ofb_cipher +static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_cfb_CAPABLE 0 +# define S390X_aes_192_cfb_CAPABLE 0 +# define S390X_aes_256_cfb_CAPABLE 0 + +# define s390x_aes_cfb_cipher aes_cfb_cipher +static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_cfb8_CAPABLE 0 +# define S390X_aes_192_cfb8_CAPABLE 0 +# define S390X_aes_256_cfb8_CAPABLE 0 + +# define s390x_aes_cfb8_cipher aes_cfb8_cipher +static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 + +# define s390x_aes_cfb1_cipher aes_cfb1_cipher +static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 + +# define s390x_aes_ctr_cipher aes_ctr_cipher +static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_gcm_CAPABLE 0 +# define S390X_aes_192_gcm_CAPABLE 0 +# define S390X_aes_256_gcm_CAPABLE 0 + +# define s390x_aes_gcm_init_key aes_gcm_init_key +static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); + +# define s390x_aes_gcm_cipher aes_gcm_cipher +static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 1 + +# define s390x_aes_xts_init_key aes_xts_init_key +static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); + +# define s390x_aes_xts_cipher aes_xts_cipher +static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ccm_CAPABLE 0 +# define S390X_aes_192_ccm_CAPABLE 0 +# define S390X_aes_256_ccm_CAPABLE 0 + +# define s390x_aes_ccm_init_key aes_ccm_init_key +static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); + +# define s390x_aes_ccm_cipher aes_ccm_cipher +static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# ifndef OPENSSL_NO_OCB +# define S390X_aes_128_ocb_CAPABLE 0 +# define S390X_aes_192_ocb_CAPABLE 0 +# define S390X_aes_256_ocb_CAPABLE 0 + +# define s390x_aes_ocb_init_key aes_ocb_init_key +static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +# define s390x_aes_ocb_cipher aes_ocb_cipher +static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# endif + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + s390x_aes_init_key, \ + s390x_aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize, \ + keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \ + &aes_##keylen##_##mode; } + +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \ + &aes_##keylen##_##mode; } + #else # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 434f8e3f4e..5bf24930ed 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -30,4 +30,14 @@ extern uint64_t OPENSSL_s390xcap_P[]; # define S390X_STFLE_VXD (1ULL << 57) # define S390X_STFLE_VX (1ULL << 62) +/* OPENSSL_s390xcap_P[5] flags */ +# define S390X_KM_AES_256 (1ULL << 43) +# define S390X_KM_AES_192 (1ULL << 44) +# define S390X_KM_AES_128 (1ULL << 45) + +/* OPENSSL_s390xcap_P[7] flags */ +# define S390X_KMC_AES_256 (1ULL << 43) +# define S390X_KMC_AES_192 (1ULL << 44) +# define S390X_KMC_AES_128 (1ULL << 45) + #endif -- 2.13.6 ++++++ 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch ++++++

From 5534badade984ccad7dbe56e17bcf0b2d00820c0 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Sun, 12 Feb 2017 12:27:00 +0100 Subject: [PATCH 08/44] s390x assembly pack: extended s390x capability vector (KMA).

Extended the s390x capability vector to store the doubleword pair returned by the KMA instruction's QUERY function. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/aes/asm/aes-s390x.pl | 2 +- crypto/s390x_arch.h | 9 +++++++-- crypto/s390xcpuid.S | 12 +++++++++++- crypto/sha/asm/sha1-s390x.pl | 2 +- crypto/sha/asm/sha512-s390x.pl | 2 +- 5 files changed, 21 insertions(+), 6 deletions(-) Index: openssl-1.1.0g/crypto/s390x_arch.h =================================================================== --- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-10 15:38:21.714301915 +0100 +++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 15:38:28.942417111 +0100 @@ -18,10 +18,10 @@ * functions. If STFLE returns fewer doublewords or an instruction is not * supported, the corresponding element is zero. The order is as follows: * - * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR + * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR:KMA:KMA */ # define S390X_STFLE_DWORDS 3 -# define S390X_QUERY_DWORDS 8 +# define S390X_QUERY_DWORDS 10 # define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS) extern unsigned long long OPENSSL_s390xcap_P[]; @@ -40,4 +40,9 @@ extern unsigned long long OPENSSL_s390xc # define S390X_KMC_AES_192 (1ULL << 44) # define S390X_KMC_AES_128 (1ULL << 45) +/* OPENSSL_s390xcap_P[11] flags */ +# define S390X_KMA_GCM_AES_256 (1ULL << 43) +# define S390X_KMA_GCM_AES_192 (1ULL << 44) +# define S390X_KMA_GCM_AES_128 (1ULL << 45) + #endif Index: openssl-1.1.0g/crypto/s390xcpuid.S =================================================================== --- openssl-1.1.0g.orig/crypto/s390xcpuid.S 2018-01-10 15:38:21.706301789 +0100 +++ openssl-1.1.0g/crypto/s390xcpuid.S 2018-01-10 15:38:21.722302044 +0100 @@ -22,6 +22,8 @@ OPENSSL_s390x_facilities: stg %r0,64(%r4) stg %r0,72(%r4) stg %r0,80(%r4) + stg %r0,88(%r4) + stg %r0,96(%r4) .long 0xb2b04000 # stfle 0(%r4) brc 8,.Ldone @@ -54,6 +56,14 @@ OPENSSL_s390x_facilities: la %r1,72(%r4) .long 0xb92d2042 # kmctr %r4,%r2,%r2 + lg %r2,16(%r4) + tmhl %r2,0x2000 # check for message-security-assist-8 + jz .Lret + + lghi %r0,0 # query kma capability vector + la %r1,88(%r4) + .long 0xb9294022 # kma %r2,%r4,%r2 + .Lret: br %r14 .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities ++++++ 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch ++++++

From 6d4165cf2b6c19162fdcc98e0f093b12ce765191 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Tue, 14 Feb 2017 02:07:37 +0100 Subject: [PATCH 09/44] crypto/aes/asm/aes-s390x.pl: add KMA code path.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/aes/asm/aes-s390x.pl | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index b546c16025..750f61e87a 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1403,7 +1403,39 @@ $code.=<<___ if (!$softonly); clr %r0,%r1 jl .Lctr32_software - stm${g} %r6,$s3,6*$SIZE_T($sp) + stm${g} $s2,$s3,10*$SIZE_T($sp) + llgfr $s2,%r0 + larl %r1,OPENSSL_s390xcap_P + llihh %r0,0x8000 # check if kma supports the function code + srlg %r0,%r0,0($s2) + ng %r0,88(%r1) # check kma capability vector + lgr %r0,$s2 + jz .Lctr32_nokma + + aghi $sp,-112 + lhi %r1,0x0600 + sllg $len,$len,4 + or %r0,%r1 # set HS and LAAD flags + lmg $s2,$s3,0($ivp) + la %r1,0($sp) # prepare parameter block + ahi $s3,-1 # decrement counter + mvc 80(32,$sp),0($key) # copy key + stmg $s2,$s3,64($sp) # copy iv + st $s3,12($sp) # copy counter + lghi $s3,0 # no AAD + + .long 0xb929a042 # kma $out,$s2,$inp + brc 1,.-4 # pay attention to "partial completion" + + xc 80(32,$sp),80($sp) # wipe key copy + la $sp,112($sp) + lm${g} $s2,$s3,10*$SIZE_T($sp) + br $ra + +.align 16 +.Lctr32_nokma: + + stm${g} %r6,$s1,6*$SIZE_T($sp) slgr $out,$inp la %r1,0($key) # %r1 is permanent copy of $key -- 2.13.6 ++++++ 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch ++++++

From 98100dfe2659b43c1e80c54e5666e6f5d0330759 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Mon, 13 Feb 2017 16:43:12 +0100 Subject: [PATCH 10/44] doc/man3/OPENSSL_s390xcap.pod: update (KMA).

List KMA-GCM-AES bits as significant. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- doc/man3/OPENSSL_s390xcap.pod | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod index de56c7cf55..adf2c02036 100644 --- a/doc/man3/OPENSSL_s390xcap.pod +++ b/doc/man3/OPENSSL_s390xcap.pod @@ -76,6 +76,21 @@ The following bits are significant: =back +: +: +: +: + +=over + +=item #43 KMA-GCM-AES-256 + +=item #44 KMA-GCM-AES-192 + +=item #45 KMA-GCM-AES-128 + +=back + =head1 EXAMPLES OPENSSL_s390xcap=.0:0 disables KIMD. -- 2.13.6 ++++++ 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch ++++++

From f34474dd00118128ed574e838895167efddf7359 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Tue, 14 Feb 2017 11:15:51 +0100 Subject: [PATCH 11/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations (KMA code path).

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/aes/asm/aes-s390x.pl | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 750f61e87a..6cabdf5069 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1392,6 +1392,7 @@ $code.=<<___; .type AES_ctr32_encrypt,\@function .align 16 AES_ctr32_encrypt: +.cfi_startproc xgr %r3,%r4 # flip %r3 and %r4, $out and $len xgr %r4,%r3 xgr %r3,%r4 @@ -1404,6 +1405,8 @@ $code.=<<___ if (!$softonly); jl .Lctr32_software stm${g} $s2,$s3,10*$SIZE_T($sp) + .cfi_rel_offset $s2,10*$SIZE_T + .cfi_rel_offset $s3,11*$SIZE_T llgfr $s2,%r0 larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 # check if kma supports the function code @@ -1413,6 +1416,7 @@ $code.=<<___ if (!$softonly); jz .Lctr32_nokma aghi $sp,-112 + .cfi_adjust_cfa_offset 112 lhi %r1,0x0600 sllg $len,$len,4 or %r0,%r1 # set HS and LAAD flags @@ -1429,7 +1433,10 @@ $code.=<<___ if (!$softonly); xc 80(32,$sp),80($sp) # wipe key copy la $sp,112($sp) + .cfi_adjust_cfa_offset -112 lm${g} $s2,$s3,10*$SIZE_T($sp) + .cfi_restore $s2 + .cfi_restore $s3 br $ra .align 16 @@ -1594,6 +1601,7 @@ $code.=<<___; lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra +.cfi_endproc .size AES_ctr32_encrypt,.-AES_ctr32_encrypt ___ } -- 2.13.6 ++++++ 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch ++++++

From acef148f0aac18d78c3c857065b3a1274279b2df Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Sat, 25 Feb 2017 10:05:12 +0100 Subject: [PATCH 12/44] s390x assembly pack: add KMA code path for aes-gcm.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/aes/asm/aes-s390x.pl | 52 ++++++++++++ crypto/evp/e_aes.c | 200 ++++++++++++++++++++++++++++++++++++++++++-- crypto/modes/gcm128.c | 4 + crypto/s390x_arch.h | 5 ++ 4 files changed, 253 insertions(+), 8 deletions(-) Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl =================================================================== --- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl 2018-01-09 17:35:12.231011406 +0100 +++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl 2018-01-09 17:35:16.795082242 +0100 @@ -2257,6 +2257,58 @@ $code.=<<___; .size AES_xts_decrypt,.-AES_xts_decrypt ___ } + +################ +# void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx, +# const unsigned char *in, size_t len, +# const unsigned char *aad, size_t alen, +# const AES_KEY *key, int enc) +{ +my ($out,$ctx,$in,$len,$aad,$alen,$key,$enc) = map("%r$_",(2..9)); +$code.=<<___ if (!$softonly); +.globl s390x_aes_gcm_blocks +.type s390x_aes_gcm_blocks,\@function +.align 16 +s390x_aes_gcm_blocks: + stm$g $alen,$enc,7*$SIZE_T($sp) + lm$g $alen,$enc,$stdframe($sp) + + aghi $sp,-112 + + lmg %r0,%r1,0($ctx) + ahi %r1,-1 + + mvc 16(32,$sp),64($ctx) # copy Xi/H + #mvc 48(16,$sp),48($ctx) # copy len + mvc 80(32,$sp),0($key) # copy key + st %r1,12($sp) # copy Yi + stmg %r0,%r1,64($sp) + + lhi %r1,128 + l %r0,240($key) # kma capability vector checked by caller + sll $enc,7 + xr $enc,%r1 + or %r0,$enc + + la %r1,0($sp) + + .long 0xb9296024 # kma $out,$aad,$in + brc 1,.-4 # pay attention to "partial completion" + + l %r0,12($sp) + mvc 64(16,$ctx),16($sp) # update Xi + xc 0(112,$sp),0($sp) # wipe stack + + la $sp,112($sp) + ahi %r0,1 + st %r0,12($ctx) + + lm$g $alen,$enc,7*$SIZE_T($sp) + br $ra +.size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks +___ +} + $code.=<<___; .string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>" ___ Index: openssl-1.1.0g/crypto/evp/e_aes.c =================================================================== --- openssl-1.1.0g.orig/crypto/evp/e_aes.c 2018-01-09 17:35:12.199010909 +0100 +++ openssl-1.1.0g/crypto/evp/e_aes.c 2018-01-09 17:35:12.239011531 +0100 @@ -960,7 +960,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m * If KM and KMC support the function code, AES_KEY structure holds * key/function code (instead of key schedule/number of rounds). */ -# define S390X_AES_FC (((AES_KEY *)(key))->rounds) +# define S390X_AES_FC(key) (((AES_KEY *)(key))->rounds) # define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128)) @@ -969,6 +969,11 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m # define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256)) +void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx, + const unsigned char *in, size_t len, + const unsigned char *aad, size_t alen, + const AES_KEY *key, int enc); + # define s390x_aes_init_key aes_init_key static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -1029,18 +1034,197 @@ static int s390x_aes_cfb1_cipher(EVP_CIP static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_gcm_CAPABLE 0 -# define S390X_aes_192_gcm_CAPABLE 0 -# define S390X_aes_256_gcm_CAPABLE 0 +# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE&&\ + OPENSSL_s390xcap_P[17]\ + &S390X_KMA_GCM_AES_128) +# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE&&\ + OPENSSL_s390xcap_P[17]\ + &S390X_KMA_GCM_AES_192) +# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE&&\ + OPENSSL_s390xcap_P[17]\ + &S390X_KMA_GCM_AES_256) + +static int s390x_aes_gcm(GCM128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len, int enc) +{ + int n; + size_t rem; + u64 mlen = ctx->len.u[1]; + unsigned char tmp; + + mlen += len; + + if (mlen > ((1ULL << 36) - 32) || (sizeof(len) == 8 && mlen < len)) + return -1; + + ctx->len.u[1] = mlen; + + if (ctx->ares) { + (*ctx->gmult)(ctx->Xi.u, ctx->Htable); + ctx->ares = 0; + } + S390X_AES_FC(ctx->key) |= S390X_KMA_LAAD; + n = ctx->mres; + + if (n) { + while (n && len) { + tmp = *in; + *out = tmp ^ ctx->EKi.c[n]; + ctx->Xi.c[n] ^= enc ? *out : tmp; + n = (n + 1) % AES_BLOCK_SIZE; + --len; + ++in; + ++out; + } + if (n == 0) { + (*ctx->gmult)(ctx->Xi.u, ctx->Htable); + } else { + ctx->mres = n; + return 0; + } + } + rem = len % AES_BLOCK_SIZE; + len -= rem; + + s390x_aes_gcm_blocks(out, ctx, in, len, NULL, 0, ctx->key, enc); + + if (rem) { + in += len; + out += len; + (*ctx->block)(ctx->Yi.c, ctx->EKi.c, ctx->key); + ++ctx->Yi.d[3]; + while (rem--) { + tmp = in[n]; + out[n] = tmp ^ ctx->EKi.c[n]; + ctx->Xi.c[n] ^= enc ? out[n] : tmp; + ++n; + } + } + + ctx->mres = n; + return 0; +} -# define s390x_aes_gcm_init_key aes_gcm_init_key static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc) +{ + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + const int keybitlen = EVP_CIPHER_CTX_key_length(ctx) * 8; + + if (!iv && !key) + return 1; + + if (key) { + AES_set_encrypt_key(key, keybitlen, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt); + S390X_AES_FC(&gctx->ks) |= S390X_KMA_HS; + + if (iv == NULL && gctx->iv_set) + iv = gctx->iv; + + if (iv) { + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + gctx->iv_set = 1; + } + gctx->key_set = 1; + } else { + if (gctx->key_set) + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + else + memcpy(gctx->iv, iv, gctx->ivlen); + + gctx->iv_set = 1; + gctx->iv_gen = 0; + } + return 1; +} + +static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + int enc = EVP_CIPHER_CTX_encrypting(ctx); + int rv = -1; + + if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) + return -1; + + if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN : + EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + goto err; + + if (CRYPTO_gcm128_aad(&gctx->gcm, buf, gctx->tls_aad_len)) + goto err; + + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + + if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc)) + goto err; + + if (enc) { + out += len; + CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); + rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + } else { + CRYPTO_gcm128_tag(&gctx->gcm, buf, EVP_GCM_TLS_TAG_LEN); + + if (CRYPTO_memcmp(buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + OPENSSL_cleanse(out, len); + goto err; + } + rv = len; + } + err: + gctx->iv_set = 0; + gctx->tls_aad_len = -1; + return rv; +} -# define s390x_aes_gcm_cipher aes_gcm_cipher static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + const unsigned char *in, size_t len) +{ + EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); + unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + int enc = EVP_CIPHER_CTX_encrypting(ctx); + + if (!gctx->key_set) + return -1; + + if (gctx->tls_aad_len >= 0) + return s390x_aes_gcm_tls_cipher(ctx, out, in, len); + + if (!gctx->iv_set) + return -1; + + if (in) { + if (out == NULL) { + if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) + return -1; + } else { + if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc)) + return -1; + } + return len; + } else { + if (enc) { + gctx->taglen = 16; + CRYPTO_gcm128_tag(&gctx->gcm, buf, gctx->taglen); + } else { + if (gctx->taglen < 0) + return -1; + + if (CRYPTO_gcm128_finish(&gctx->gcm, buf, gctx->taglen)) + return -1; + } + gctx->iv_set = 0; + return 0; + } +} # define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ # define S390X_aes_256_xts_CAPABLE 1 Index: openssl-1.1.0g/crypto/modes/gcm128.c =================================================================== --- openssl-1.1.0g.orig/crypto/modes/gcm128.c 2017-11-02 15:29:03.000000000 +0100 +++ openssl-1.1.0g/crypto/modes/gcm128.c 2018-01-09 17:35:12.239011531 +0100 @@ -817,6 +817,10 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT * ctx->gmult = gcm_gmult_4bit; CTX__GHASH(gcm_ghash_4bit); } +# elif defined(GHASH_ASM) + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; + CTX__GHASH(gcm_ghash_4bit); # else gcm_init_4bit(ctx->Htable, ctx->H.u); # endif Index: openssl-1.1.0g/crypto/s390x_arch.h =================================================================== --- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-09 17:35:12.207011034 +0100 +++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-09 17:35:12.239011531 +0100 @@ -45,4 +45,9 @@ extern uint64_t OPENSSL_s390xcap_P[]; # define S390X_KMA_GCM_AES_192 (1ULL << 44) # define S390X_KMA_GCM_AES_128 (1ULL << 45) +/* %r0 flags */ +# define S390X_KMA_LPC (1ULL << 8) +# define S390X_KMA_LAAD (1ULL << 9) +# define S390X_KMA_HS (1ULL << 10) + #endif ++++++ 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch ++++++

From d137c24cbf25bae932dcfc0b58fa667a9ef63bf0 Mon Sep 17 00:00:00 2001 From: Patrick Steuer <patrick.steuer@de.ibm.com> Date: Sun, 26 Feb 2017 22:36:39 +0100 Subject: [PATCH 13/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations (KMA-gcm code path).

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> --- crypto/aes/asm/aes-s390x.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index f23b1231c1..dfe79f84a6 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -2270,10 +2270,15 @@ $code.=<<___ if (!$softonly); .type s390x_aes_gcm_blocks,\@function .align 16 s390x_aes_gcm_blocks: +.cfi_startproc stm$g $alen,$enc,7*$SIZE_T($sp) + .cfi_rel_offset $alen,7*$SIZE_T + .cfi_rel_offset $key,8*$SIZE_T + .cfi_rel_offset $enc,9*$SIZE_T lm$g $alen,$enc,$stdframe($sp) aghi $sp,-112 + .cfi_adjust_cfa_offset 112 lmg %r0,%r1,0($ctx) ahi %r1,-1 @@ -2300,11 +2305,16 @@ s390x_aes_gcm_blocks: xc 0(112,$sp),0($sp) # wipe stack la $sp,112($sp) + .cfi_adjust_cfa_offset -112 ahi %r0,1 st %r0,12($ctx) lm$g $alen,$enc,7*$SIZE_T($sp) + .cfi_restore $alen + .cfi_restore $key + .cfi_restore $enc br $ra +.cfi_endproc .size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks ___ } -- 2.13.6 ++++++ baselibs.conf ++++++ libopenssl1_1 obsoletes "libopenssl1_1_0-<targettype>" libopenssl-1_1-devel provides "libopenssl-devel-<targettype> = <version>" conflicts "otherproviders(libopenssl-devel-<targettype>)" requires -"openssl-1_1-<targettype>" requires "libopenssl1_1-<targettype> = <version>" libopenssl1_1-hmac requires "libopenssl1_1-<targettype> = <version>-%release" obsoletes "libopenssl1_1_0-hmac-<targettype>" ++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++ Index: openssl-1.1.0f/ssl/ssl_ciph.c =================================================================== --- openssl-1.1.0f.orig/ssl/ssl_ciph.c 2017-05-25 14:46:20.000000000 +0200 +++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-09-01 11:54:09.848587297 +0200 @@ -1461,7 +1461,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; rule_p = rule_str; - if (strncmp(rule_str, "DEFAULT", 7) == 0) { + if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) { + ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST, + &head, &tail, ca_list, c); + rule_p += 12; + if (*rule_p == ':') + rule_p++; + } + else if (strncmp(rule_str, "DEFAULT", 7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, ca_list, c); rule_p += 7; Index: openssl-1.1.0f/include/openssl/ssl.h =================================================================== --- openssl-1.1.0f.orig/include/openssl/ssl.h 2017-05-25 14:46:20.000000000 +0200 +++ openssl-1.1.0f/include/openssl/ssl.h 2017-09-01 13:16:59.850407734 +0200 @@ -195,6 +195,11 @@ extern "C" { * an application-defined cipher list string starts with 'DEFAULT'. */ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\ + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\ + "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ + "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is ++++++ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ++++++ Index: openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t 2016-12-19 13:59:16.662066548 +0100 @@ -0,0 +1,22 @@ +#! /usr/bin/env perl + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT/; +use OpenSSL::Test::Utils; + + +setup("test_default_ciphersuites"); + +plan tests => 4; + +my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT"); + +foreach my $cipherlist (@cipher_suites) { + ok(run(app(["openssl", "ciphers", $cipherlist])), + "openssl ciphers works with ciphersuite $cipherlist"); + ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "DEFAULT_SUSE"]), capture => 1)), + "$cipherlist shouldn't contain MD5, DES or RC4\n"); +} + ++++++ openssl-1.1.0-fips.patch ++++++ ++++ 12296 lines (skipped) ++++++ openssl-1.1.0-no-html.patch ++++++ diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl --- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200 +++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200 @@ -288,7 +288,7 @@ install_sw: all install_dev install_engi uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev -install_docs: install_man_docs install_html_docs +install_docs: install_man_docs uninstall_docs: uninstall_man_docs uninstall_html_docs $(RM) -r -v $(DESTDIR)$(DOCDIR) ++++++ openssl-disable_rsa_keygen_tests_with_small_modulus.patch ++++++ Index: openssl-1.1.0f/test/recipes/15-test_genrsa.t =================================================================== --- openssl-1.1.0f.orig/test/recipes/15-test_genrsa.t 2017-05-25 14:46:21.000000000 +0200 +++ openssl-1.1.0f/test/recipes/15-test_genrsa.t 2017-05-29 17:56:31.900331435 +0200 @@ -16,6 +16,7 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); +plan skip_all => 'Minimal RSA modulus size is 200 bits'; plan tests => 5; is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); ++++++ openssl-fips-clearerror.patch ++++++ Index: openssl-1.0.2g/crypto/o_init.c =================================================================== --- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:54:05.763929573 +0200 +++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:59:08.366168879 +0200 @@ -91,6 +91,7 @@ static void init_fips_mode(void) NONFIPS_selftest_check(); /* drop down to non-FIPS mode if it is not requested */ FIPS_mode_set(0); + ERR_clear_error(); } else { /* abort if selftest failed */ FIPS_selftest_check(); ++++++ openssl-fips-dont-fall-back-to-default-digest.patch ++++++ Index: openssl-1.1.0e/apps/dgst.c =================================================================== --- openssl-1.1.0e.orig/apps/dgst.c 2017-04-20 12:31:52.471544178 +0200 +++ openssl-1.1.0e/apps/dgst.c 2017-04-20 12:38:46.669771843 +0200 @@ -94,6 +94,10 @@ int dgst_main(int argc, char **argv) prog = opt_progname(argv[0]); buf = app_malloc(BUFSIZE, "I/O buffer"); md = EVP_get_digestbyname(prog); + if (md == NULL && strcmp(prog, "dgst") != 0) { + BIO_printf(bio_err, "%s is not a known digest\n", prog); + goto end; + } prog = opt_init(argc, argv, dgst_options); while ((o = opt_next()) != OPT_EOF) { ++++++ openssl-fips-dont_run_FIPS_module_installed.patch ++++++ Index: openssl-1.0.2h/crypto/o_init.c =================================================================== --- openssl-1.0.2h.orig/crypto/o_init.c 2016-06-01 15:26:25.026937000 +0200 +++ openssl-1.0.2h/crypto/o_init.c 2016-06-01 16:23:24.980858697 +0200 @@ -111,9 +111,9 @@ void __attribute__ ((constructor)) OPENS return; done = 1; #ifdef OPENSSL_FIPS - if (!FIPS_module_installed()) { + /*if (!FIPS_module_installed()) { return; - } + }*/ RAND_init_fips(); init_fips_mode(); if (!FIPS_mode()) { ++++++ openssl-fips-fix-odd-rsakeybits.patch ++++++ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:52:34.187646539 +0200 +++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:53:39.335559301 +0200 @@ -465,7 +465,8 @@ static int rsa_builtin_keygen(RSA *rsa, goto err; bitsp = (bits + 1) / 2; - bitsq = bits - bitsp; + /* Use the same number of bits for p and q, our checks assume it. */ + bitsq = bitsp; /* prepare a maximum for p and q */ /* 0xB504F334 is (sqrt(2)/2)*2^32 */ ++++++ openssl-fips-rsagen-d-bits.patch ++++++ Index: openssl-1.1.0c/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.1.0c.orig/crypto/rsa/rsa_gen.c 2016-12-08 17:55:15.968669184 +0100 +++ openssl-1.1.0c/crypto/rsa/rsa_gen.c 2016-12-08 17:55:15.976669308 +0100 @@ -173,6 +173,12 @@ static int fips_rsa_builtin_keygen(RSA * goto err; } + BN_copy(rsa->e, e_value); + + if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) + test = 1; + +retry: /* prepare approximate minimum p and q */ if (!BN_set_word(r0, 0xB504F334)) goto err; @@ -185,12 +191,6 @@ static int fips_rsa_builtin_keygen(RSA * if (!BN_lshift(r3, r3, pbits - 100)) goto err; - BN_copy(rsa->e, e_value); - - if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) - test = 1; - - retry: /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { ploop: @@ -323,6 +323,8 @@ static int fips_rsa_builtin_keygen(RSA * BN_free(pr0); } + /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */ + /* the LCM part is covered due to the generation by modulo above */ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */ ++++++ openssl-fips-selftests_in_nonfips_mode.patch ++++++ Index: openssl-1.1.0c/crypto/fips/fips.c =================================================================== --- openssl-1.1.0c.orig/crypto/fips/fips.c 2016-12-09 11:34:28.778291575 +0100 +++ openssl-1.1.0c/crypto/fips/fips.c 2016-12-09 11:37:18.192847119 +0100 @@ -472,6 +472,44 @@ int FIPS_module_mode_set(int onoff) return ret; } +/* In non-FIPS mode, the selftests must succeed if the + * checksum files are present + */ +void NONFIPS_selftest_check(void) +{ + int rv; + char *hmacpath; + char path[PATH_MAX+1]; + + if (fips_selftest_fail) + { + /* check if the checksum files are installed */ + rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path)); + if (rv < 0) + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); + + hmacpath = make_hmac_path(path); + if (hmacpath == NULL) + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); + + if (access(hmacpath, F_OK)) + { + /* no hmac file is present, ignore the failed selftests */ + if (errno == ENOENT) + { + free(hmacpath); + return; + } + /* we fail on any other error */ + } + /* if the file exists, but the selftests failed + (eg wrong checksum), we fail too */ + free(hmacpath); + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); + } + /* otherwise ok, selftests were successful */ +} + static CRYPTO_THREAD_ID fips_threadid; static int fips_thread_set = 0; Index: openssl-1.1.0c/crypto/o_init.c =================================================================== --- openssl-1.1.0c.orig/crypto/o_init.c 2016-12-09 11:34:28.726290785 +0100 +++ openssl-1.1.0c/crypto/o_init.c 2016-12-09 11:34:28.778291575 +0100 @@ -44,6 +44,8 @@ static void init_fips_mode(void) */ if (buf[0] != '1') { + /* abort if selftest failed and the module is complete */ + NONFIPS_selftest_check(); /* drop down to non-FIPS mode if it is not requested */ FIPS_mode_set(0); } else { Index: openssl-1.1.0c/include/openssl/fips.h =================================================================== --- openssl-1.1.0c.orig/include/openssl/fips.h 2016-12-09 11:34:28.654289692 +0100 +++ openssl-1.1.0c/include/openssl/fips.h 2016-12-09 11:38:18.553750517 +0100 @@ -65,6 +65,7 @@ extern "C" { int FIPS_selftest(void); int FIPS_selftest_failed(void); int FIPS_selftest_drbg_all(void); + void NONFIPS_selftest_check(void); int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, const EVP_MD *evpmd, const unsigned char *seed_in, ++++++ openssl-fips_disallow_ENGINE_loading.patch ++++++ Index: openssl-1.1.0c/crypto/init.c =================================================================== --- openssl-1.1.0c.orig/crypto/init.c 2016-12-08 17:36:03.170689184 +0100 +++ openssl-1.1.0c/crypto/init.c 2016-12-08 17:36:14.938873308 +0100 @@ -564,6 +564,9 @@ int OPENSSL_init_crypto(uint64_t opts, c && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) return 0; # endif +# ifdef OPENSSL_FIPS + if (!FIPS_mode()) +# endif if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) return 0; ++++++ openssl-no-date.patch ++++++ Index: openssl-1.1.0f/util/mkbuildinf.pl =================================================================== --- openssl-1.1.0f.orig/util/mkbuildinf.pl +++ openssl-1.1.0f/util/mkbuildinf.pl @@ -37,5 +37,5 @@ print <<"END_OUTPUT"; '\\0' }; #define PLATFORM "platform: $platform" -#define DATE "built on: $date" +#define DATE "" END_OUTPUT ++++++ openssl-pkgconfig.patch ++++++ Index: openssl-1.1.0c/Configurations/unix-Makefile.tmpl =================================================================== --- openssl-1.1.0c.orig/Configurations/unix-Makefile.tmpl 2016-11-10 15:03:43.000000000 +0100 +++ openssl-1.1.0c/Configurations/unix-Makefile.tmpl 2016-12-02 14:42:03.547865145 +0100 @@ -790,7 +790,7 @@ libcrypto.pc: echo 'Version: '$(VERSION); \ echo 'Libs: -L$${libdir} -lcrypto'; \ echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir}' ) > libcrypto.pc + echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libcrypto.pc libssl.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ @@ -804,7 +804,7 @@ libssl.pc: echo 'Requires.private: libcrypto'; \ echo 'Libs: -L$${libdir} -lssl'; \ echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir}' ) > libssl.pc + echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libssl.pc openssl.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ ++++++ openssl-ppc64-config.patch ++++++ Index: openssl-1.1.0e/config =================================================================== --- openssl-1.1.0e.orig/config +++ openssl-1.1.0e/config @@ -550,7 +550,7 @@ case "$GUESSOS" in OUT="linux-ppc64" else OUT="linux-ppc" - (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" + (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || OUT="linux-ppc64" fi ;; ppc64le-*-linux2) OUT="linux-ppc64le" ;; ++++++ openssl-rsakeygen-minimum-distance.patch ++++++ Index: openssl-1.1.0f/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.1.0f.orig/crypto/rsa/rsa_gen.c 2017-05-29 13:02:47.095166778 +0200 +++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-05-29 13:03:29.415824383 +0200 @@ -419,6 +419,19 @@ static int rsa_builtin_keygen(RSA *rsa, bitsp = (bits + 1) / 2; bitsq = bits - bitsp; + /* prepare a maximum for p and q */ + /* 0xB504F334 is (sqrt(2)/2)*2^32 */ + if (!BN_set_word(r0, 0xB504F334)) + goto err; + if (!BN_lshift(r0, r0, bitsp - 32)) + goto err; + + /* prepare minimum p and q difference */ + if (!BN_one(r3)) + goto err; + if (!BN_lshift(r3, r3, bitsp - 100)) + goto err; + /* We need the RSA components non-NULL */ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) goto err; @@ -444,6 +457,8 @@ static int rsa_builtin_keygen(RSA *rsa, for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; + if (BN_cmp(rsa->p, r0) < 0) + continue; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) @@ -460,6 +475,13 @@ static int rsa_builtin_keygen(RSA *rsa, if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) goto err; } while (BN_cmp(rsa->p, rsa->q) == 0); + if (BN_cmp(rsa->q, r0) < 0) + continue; + /* check for minimum distance between p and q, 2^(bitsp-100) */ + if (!BN_sub(r2, rsa->q, rsa->p)) + goto err; + if (BN_ucmp(r2, r3) <= 0) + continue; if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) ++++++ openssl-static-deps.patch ++++++

From 186a31e510d1326063cfeca17e58fadec236ad2a Mon Sep 17 00:00:00 2001 From: Richard Levitte <levitte@openssl.org> Date: Wed, 9 Nov 2016 20:01:51 +0100 Subject: [PATCH] Building: make it possible to force linking with static OpenSSL libs

Very simply, support having the .a extension to denote depending on static libraries. Note that this is not supported on native Windows when building shared libraries, as there is not static library then, just an import library with the same name. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889) --- Configurations/common.tmpl | 14 +++++++++++--- Configurations/descrip.mms.tmpl | 23 ++++++++++++++--------- Configurations/unix-Makefile.tmpl | 19 ++++++++++++------- Configurations/windows-makefile.tmpl | 4 +++- Configure | 7 +++++++ 5 files changed, 47 insertions(+), 20 deletions(-) Index: openssl-1.1.0e/Configurations/common.tmpl =================================================================== --- openssl-1.1.0e.orig/Configurations/common.tmpl +++ openssl-1.1.0e/Configurations/common.tmpl @@ -9,15 +9,22 @@ # there are no duplicate dependencies and that they are in the # right order. This is especially used to sort the list of # libraries that a build depends on. + sub extensionlesslib { + my @result = map { $_ =~ /(\.a)?$/; $` } @_; + return @result if wantarray; + return $result[0]; + } sub resolvedepends { my $thing = shift; + my $extensionlessthing = extensionlesslib($thing); my @listsofar = @_; # to check if we're looping - my @list = @{$unified_info{depends}->{$thing}}; + my @list = @{$unified_info{depends}->{$extensionlessthing}}; my @newlist = (); if (scalar @list) { foreach my $item (@list) { + my $extensionlessitem = extensionlesslib($item); # It's time to break off when the dependency list starts looping - next if grep { $_ eq $item } @listsofar; + next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar; push @newlist, $item, resolvedepends($item, @listsofar, $item); } } @@ -28,8 +35,9 @@ my @newlist = (); while (@list) { my $item = shift @list; + my $extensionlessitem = extensionlesslib($item); push @newlist, $item - unless grep { $item eq $_ } @list; + unless grep { $extensionlessitem eq extensionlesslib($_) } @list; } @newlist; } Index: openssl-1.1.0e/Configurations/descrip.mms.tmpl =================================================================== --- openssl-1.1.0e.orig/Configurations/descrip.mms.tmpl +++ openssl-1.1.0e/Configurations/descrip.mms.tmpl @@ -524,6 +524,17 @@ configdata.pm : $(SRCDIR)Configure $(SRC use File::Basename; use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/; + # Helper function to figure out dependencies on libraries + # It takes a list of library names and outputs a list of dependencies + sub compute_lib_depends { + if ($disabled{shared}) { + return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_; + } + return map { $_ =~ /\.a$/ + ? $`.".OLB" + : $unified_info{sharednames}->{$_}.".EXE" } @_; + } + sub generatesrc { my %args = @_; my $generator = join(" ", @{$args{generator}}); @@ -619,9 +630,7 @@ EOF my $libd = dirname($lib); my $libn = basename($lib); (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i; - my @deps = map { - $disabled{shared} ? $_.".OLB" - : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my @deps = compute_lib_depends(@{$args{deps}}); my $deps = join(", -\n\t\t", @deps); my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; @@ -667,9 +676,7 @@ EOF my $libn = basename($lib); (my $libn_nolib = $libn) =~ s/^lib//; my @objs = map { "$_.OBJ" } @{$args{objs}}; - my @deps = map { - $disabled{shared} ? $_.".OLB" - : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my @deps = compute_lib_depends(@{$args{deps}}); my $deps = join(", -\n\t\t", @objs, @deps); my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir}, @@ -719,9 +726,7 @@ EOF my $bind = dirname($bin); my $binn = basename($bin); my @objs = map { "$_.OBJ" } @{$args{objs}}; - my @deps = map { - $disabled{shared} ? $_.".OLB" - : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my @deps = compute_lib_depends(@{$args{deps}}); my $deps = join(", -\n\t\t", @objs, @deps); # The "[]" hack is because in .OPT files, each line inherits the # previous line's file spec as default, so if no directory spec Index: openssl-1.1.0e/Configurations/unix-Makefile.tmpl =================================================================== --- openssl-1.1.0e.orig/Configurations/unix-Makefile.tmpl +++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl @@ -837,13 +837,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRC # It takes a list of library names and outputs a list of dependencies sub compute_lib_depends { if ($disabled{shared}) { - return map { $_.$libext } @_; + return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_; } # Depending on shared libraries: # On Windows POSIX layers, we depend on {libname}.dll.a # On Unix platforms, we depend on {shlibname}.so - return map { shlib_simple($_) } @_; + return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_; } sub generatesrc { @@ -1056,11 +1056,16 @@ EOF my $binn = basename($bin); my $objs = join(" ", map { $_.$objext } @{$args{objs}}); my $deps = join(" ",compute_lib_depends(@{$args{deps}})); - my $linklibs = join("", map { my $d = dirname($_); - my $f = basename($_); - $d = "." if $d eq $f; - (my $l = $f) =~ s/^lib//; - " -L$d -l$l" } @{$args{deps}}); + my $linklibs = join("", map { if ($_ =~ /\.a$/) { + " $_"; + } else { + my $d = dirname($_); + my $f = basename($_); + $d = "." if $d eq $f; + (my $l = $f) =~ s/^lib//; + " -L$d -l$l" + } + } @{$args{deps}}); my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; return <<"EOF"; $bin$exeext: $objs $deps Index: openssl-1.1.0e/Configurations/windows-makefile.tmpl =================================================================== --- openssl-1.1.0e.orig/Configurations/windows-makefile.tmpl +++ openssl-1.1.0e/Configurations/windows-makefile.tmpl @@ -342,8 +342,10 @@ configdata.pm: "$(SRCDIR)\Configure" {- # It takes a list of library names and outputs a list of dependencies sub compute_lib_depends { if ($disabled{shared}) { - return map { $_.$libext } @_; + return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_; } + die "Linking with static OpenSSL libraries is not supported in this configuration\n" + if grep /\.a$/, @_; return map { shlib_import($_) } @_; } Index: openssl-1.1.0e/Configure =================================================================== --- openssl-1.1.0e.orig/Configure +++ openssl-1.1.0e/Configure @@ -1838,9 +1838,16 @@ EOF $d = cleanfile($buildd, $_, $blddir); } # Take note if the file to depend on is being renamed + # Take extra care with files ending with .a, they should + # be treated without that extension, and the extension + # should be added back after treatment. + $d =~ /(\.a)?$/; + my $e = $1 // ""; + $d = $`; if ($unified_info{rename}->{$d}) { $d = $unified_info{rename}->{$d}; } + $d .= $e; $unified_info{depends}->{$ddest}->{$d} = 1; # If we depend on a header file or a perl module, let's make # sure it can get included ++++++ openssl-truststore.patch ++++++ Don't use the legacy /etc/ssl/certs directory anymore but rather the p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991) Index: openssl-1.1.0e/crypto/include/internal/cryptlib.h =================================================================== --- openssl-1.1.0e.orig/crypto/include/internal/cryptlib.h +++ openssl-1.1.0e/crypto/include/internal/cryptlib.h @@ -41,8 +41,8 @@ DEFINE_LHASH_OF(MEM); # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR -# define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_CERT_DIR "/var/lib/ca-certificates/openssl" +# define X509_CERT_FILE "/var/lib/ca-certificates/ca-bundle.pem" # define X509_PRIVATE_DIR OPENSSLDIR "/private" # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" # else ++++++ openssl-urandom-reseeding.patch ++++++ Index: openssl-1.1.0c/crypto/rand/rand_unix.c =================================================================== --- openssl-1.1.0c.orig/crypto/rand/rand_unix.c 2016-12-12 17:33:05.654295693 +0100 +++ openssl-1.1.0c/crypto/rand/rand_unix.c 2016-12-12 17:44:44.608814886 +0100 @@ -144,7 +144,8 @@ int RAND_poll(void) unsigned long l; pid_t curr_pid = getpid(); # if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD)) - unsigned char tmpbuf[ENTROPY_NEEDED]; + /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */ + unsigned char tmpbuf[1024]; int n = 0; # endif # ifdef DEVRANDOM @@ -166,7 +167,7 @@ int RAND_poll(void) * out of random entries. */ - for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { + for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) { if ((fd = open(randomfiles[i], O_RDONLY # ifdef O_NONBLOCK | O_NONBLOCK @@ -246,7 +247,7 @@ int RAND_poll(void) if (try_read) { r = read(fd, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); + sizeof(tmpbuf) - n); if (r > 0) n += r; } else @@ -263,7 +264,7 @@ int RAND_poll(void) } while ((r > 0 || (errno == EINTR || errno == EAGAIN)) && usec != 0 - && n < ENTROPY_NEEDED); + && n < sizeof(tmpbuf)); close(fd); } @@ -276,12 +277,12 @@ int RAND_poll(void) * collecting daemon. */ - for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; + for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf); egdsocket++) { int r; r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); + sizeof(tmpbuf) - n); if (r > 0) n += r; } Index: openssl-1.1.0c/crypto/rand/md_rand.c =================================================================== --- openssl-1.1.0c.orig/crypto/rand/md_rand.c 2016-12-12 17:33:05.690296235 +0100 +++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-12-12 18:01:49.036286763 +0100 @@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf if (num <= 0) return 1; + /* special rule for /dev/urandom seeding ... seed with as much bytes + * from /dev/urandom as you get out */ + RAND_load_file("/dev/urandom", num); + m = EVP_MD_CTX_new(); if (m == NULL) goto err_mem; Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c =================================================================== --- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c 2016-12-12 17:33:05.690296235 +0100 +++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-12-12 18:05:52.779971206 +0100 @@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char int rv = 0; unsigned char *adin = NULL; size_t adinlen = 0; + + /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */ + if (count > dctx->min_entropy) + RAND_load_file("/dev/urandom", count - dctx->min_entropy); + CRYPTO_THREAD_write_lock(fips_rand_lock); do { size_t rcnt; Index: openssl-1.1.0c/crypto/rand/rand_lib.c =================================================================== --- openssl-1.1.0c.orig/crypto/rand/rand_lib.c 2016-12-12 17:33:05.690296235 +0100 +++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-12-12 18:05:01.499195179 +0100 @@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx, { RAND_OpenSSL()->add(in, inlen, entropy); if (FIPS_rand_status()) { - FIPS_drbg_reseed(ctx, NULL, 0); + FIPS_drbg_reseed(ctx, in, inlen); } return 1; } ++++++ showciphers.c ++++++ #include <openssl/err.h> #include <openssl/ssl.h> int main() { SSL_CTX *ctx = NULL; SSL *ssl = NULL; STACK_OF(SSL_CIPHER) *sk = NULL; const SSL_METHOD *meth = TLS_server_method(); int i; const char *p; ctx = SSL_CTX_new(meth); if (ctx == NULL) return 1; ssl = SSL_new(ctx); if (ssl == NULL) return 1; sk = SSL_get_ciphers(ssl); for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); p = SSL_CIPHER_get_name(c); if (p == NULL) break; printf("%s\n", p); } return 0; }