git: cc43f991ab3e - stable/14 - openssl: Import OpenSSL 3.0.15.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 28 Sep 2024 03:52:30 UTC
The branch stable/14 has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=cc43f991ab3e46ec16f3f1395160805f01bf932e
commit cc43f991ab3e46ec16f3f1395160805f01bf932e
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2024-09-08 04:30:17 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2024-09-28 03:50:47 +0000
openssl: Import OpenSSL 3.0.15.
This release incorporates the following bug fixes and mitigations:
- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
- Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])
Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html
Co-authored-by: gordon
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46602
Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
(cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09)
Update config/build info for OpenSSL 3.0.15
This is a companion commit to the OpenSSL 3.0.15 update.
`opensslv.h` was regenerated via the following process:
```
cd crypto/openssl
./config
git reset --hard
gmake include/openssl/opensslv.h
```
`Makefile.inc` has been updated to match.
MFC after: 1 week
MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09
Differential Revision: https://reviews.freebsd.org/D46603
(cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187)
sys/crypto/openssl: update powerpc* ASM
This change updates the crypto powerpc* ASM via the prescribed process
documented in `crypto/openssl/FREEBSD-upgrade`.
This change syncs the ASM with 3.0.15's generated ASM.
MFC after: 1 week
MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09
MFC with: cc717b574d7faa2e0b2de1a985076286cef74187
Differential Revision: https://reviews.freebsd.org/D46604
(cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233)
---
crypto/openssl/CHANGES.md | 34 ++
crypto/openssl/CONTRIBUTING.md | 6 +-
crypto/openssl/Configurations/10-main.conf | 36 ++
crypto/openssl/Configurations/15-ios.conf | 2 +-
crypto/openssl/Configure | 10 +-
crypto/openssl/FAQ.md | 6 -
crypto/openssl/INSTALL.md | 4 +-
crypto/openssl/NEWS.md | 15 +
crypto/openssl/VERSION.dat | 4 +-
crypto/openssl/apps/cms.c | 4 +-
crypto/openssl/apps/dgst.c | 9 +-
crypto/openssl/apps/lib/opt.c | 4 +-
crypto/openssl/apps/lib/s_cb.c | 3 +-
crypto/openssl/apps/smime.c | 4 +-
crypto/openssl/crypto/aes/asm/aesp8-ppc.pl | 147 ++++--
crypto/openssl/crypto/aes/build.info | 4 +
crypto/openssl/crypto/asn1/a_d2i_fp.c | 5 +-
crypto/openssl/crypto/asn1/a_mbstr.c | 14 +-
crypto/openssl/crypto/asn1/a_strex.c | 11 +-
crypto/openssl/crypto/asn1/a_verify.c | 4 +-
crypto/openssl/crypto/asn1/tasn_fre.c | 8 +-
crypto/openssl/crypto/bio/bf_readbuff.c | 7 +-
crypto/openssl/crypto/bio/bio_addr.c | 12 +-
crypto/openssl/crypto/cmp/cmp_vfy.c | 4 +-
crypto/openssl/crypto/conf/conf_def.c | 4 +-
crypto/openssl/crypto/conf/conf_lib.c | 5 +-
crypto/openssl/crypto/conf/conf_sap.c | 4 +-
crypto/openssl/crypto/context.c | 4 +-
crypto/openssl/crypto/ec/ecdsa_ossl.c | 12 +-
crypto/openssl/crypto/engine/eng_table.c | 8 +-
crypto/openssl/crypto/evp/ctrl_params_translate.c | 5 +-
crypto/openssl/crypto/evp/digest.c | 4 +-
crypto/openssl/crypto/evp/names.c | 36 +-
crypto/openssl/crypto/evp/pmeth_lib.c | 11 +-
crypto/openssl/crypto/o_str.c | 6 +-
crypto/openssl/crypto/pkcs12/p12_crt.c | 17 +-
crypto/openssl/crypto/pkcs7/pk7_doit.c | 45 +-
crypto/openssl/crypto/property/property.c | 55 +-
crypto/openssl/crypto/rand/randfile.c | 13 +-
crypto/openssl/crypto/rsa/rsa_oaep.c | 4 +-
crypto/openssl/crypto/x509/v3_utl.c | 2 +-
crypto/openssl/crypto/x509/x_name.c | 6 +-
crypto/openssl/doc/HOWTO/certificates.txt | 2 +-
crypto/openssl/doc/fingerprints.txt | 3 -
crypto/openssl/doc/man1/openssl-enc.pod.in | 13 +-
.../doc/man1/openssl-passphrase-options.pod | 24 +-
crypto/openssl/doc/man1/openssl-s_client.pod.in | 8 +-
crypto/openssl/doc/man1/openssl-s_server.pod.in | 7 +-
.../doc/man1/openssl-verification-options.pod | 4 +-
crypto/openssl/doc/man3/ASN1_INTEGER_new.pod | 3 +-
crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod | 5 +-
crypto/openssl/doc/man3/BIO_ADDR.pod | 3 +-
crypto/openssl/doc/man3/BIO_ADDRINFO.pod | 4 +-
crypto/openssl/doc/man3/BIO_f_base64.pod | 26 +-
crypto/openssl/doc/man3/BIO_meth_new.pod | 4 +-
crypto/openssl/doc/man3/BN_add.pod | 22 +-
crypto/openssl/doc/man3/BN_generate_prime.pod | 5 +-
crypto/openssl/doc/man3/BN_set_bit.pod | 9 +-
crypto/openssl/doc/man3/BUF_MEM_new.pod | 3 +-
crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod | 12 +-
crypto/openssl/doc/man3/CTLOG_STORE_new.pod | 4 +-
crypto/openssl/doc/man3/CTLOG_new.pod | 4 +-
crypto/openssl/doc/man3/CT_POLICY_EVAL_CTX_new.pod | 5 +-
crypto/openssl/doc/man3/DH_meth_new.pod | 4 +-
crypto/openssl/doc/man3/DSA_SIG_new.pod | 3 +-
crypto/openssl/doc/man3/DSA_meth_new.pod | 4 +-
crypto/openssl/doc/man3/ECDSA_SIG_new.pod | 3 +-
crypto/openssl/doc/man3/ENGINE_add.pod | 5 +-
crypto/openssl/doc/man3/EVP_ASYM_CIPHER_free.pod | 4 +-
crypto/openssl/doc/man3/EVP_CIPHER_meth_new.pod | 3 +-
crypto/openssl/doc/man3/EVP_DigestInit.pod | 10 +-
crypto/openssl/doc/man3/EVP_EncodeInit.pod | 4 +-
crypto/openssl/doc/man3/EVP_EncryptInit.pod | 19 +-
crypto/openssl/doc/man3/EVP_KEM_free.pod | 3 +-
crypto/openssl/doc/man3/EVP_KEYEXCH_free.pod | 4 +-
crypto/openssl/doc/man3/EVP_KEYMGMT.pod | 3 +-
crypto/openssl/doc/man3/EVP_MD_meth_new.pod | 3 +-
crypto/openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 +-
crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod | 4 +-
crypto/openssl/doc/man3/EVP_RAND.pod | 4 +-
crypto/openssl/doc/man3/EVP_SIGNATURE.pod | 4 +-
crypto/openssl/doc/man3/HMAC.pod | 4 +-
crypto/openssl/doc/man3/MD5.pod | 15 +-
crypto/openssl/doc/man3/NCONF_new_ex.pod | 4 +-
crypto/openssl/doc/man3/OCSP_REQUEST_new.pod | 3 +-
crypto/openssl/doc/man3/OCSP_cert_to_id.pod | 3 +-
crypto/openssl/doc/man3/OCSP_response_status.pod | 3 +-
crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod | 4 +-
crypto/openssl/doc/man3/OPENSSL_init_crypto.pod | 3 +-
crypto/openssl/doc/man3/OPENSSL_malloc.pod | 5 +-
crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod | 8 +-
crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod | 8 +-
crypto/openssl/doc/man3/OSSL_CMP_SRV_CTX_new.pod | 3 +-
crypto/openssl/doc/man3/OSSL_CMP_validate_msg.pod | 9 +-
crypto/openssl/doc/man3/OSSL_DECODER.pod | 3 +-
crypto/openssl/doc/man3/OSSL_DECODER_CTX.pod | 3 +-
.../doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod | 4 +-
crypto/openssl/doc/man3/OSSL_ENCODER.pod | 3 +-
crypto/openssl/doc/man3/OSSL_ENCODER_CTX.pod | 3 +-
crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod | 3 +-
crypto/openssl/doc/man3/OSSL_LIB_CTX.pod | 4 +-
crypto/openssl/doc/man3/OSSL_PARAM_BLD.pod | 3 +-
crypto/openssl/doc/man3/OSSL_PARAM_dup.pod | 3 +-
crypto/openssl/doc/man3/OSSL_SELF_TEST_new.pod | 3 +-
crypto/openssl/doc/man3/OSSL_STORE_INFO.pod | 3 +-
crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod | 23 +-
crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod | 3 +-
.../openssl/doc/man3/PEM_read_bio_PrivateKey.pod | 6 +-
crypto/openssl/doc/man3/RAND_set_DRBG_type.pod | 4 +-
crypto/openssl/doc/man3/RSA_meth_new.pod | 4 +-
crypto/openssl/doc/man3/SCT_new.pod | 8 +-
.../doc/man3/SSL_CTX_set_alpn_select_cb.pod | 28 +-
.../openssl/doc/man3/SSL_CTX_set_cipher_list.pod | 4 +-
.../doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 8 +-
crypto/openssl/doc/man3/TS_RESP_CTX_new.pod | 3 +-
crypto/openssl/doc/man3/X509V3_get_d2i.pod | 3 +-
crypto/openssl/doc/man3/X509_LOOKUP.pod | 3 +-
crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod | 3 +-
crypto/openssl/doc/man3/X509_STORE_new.pod | 3 +-
crypto/openssl/doc/man3/X509_dup.pod | 2 +-
crypto/openssl/doc/man3/X509_new.pod | 7 +-
crypto/openssl/doc/man3/d2i_X509.pod | 6 +-
crypto/openssl/doc/man7/EVP_KEYEXCH-DH.pod | 11 +-
crypto/openssl/doc/man7/EVP_PKEY-DH.pod | 62 +--
crypto/openssl/doc/man7/ossl_store.pod | 9 +-
crypto/openssl/fuzz/bignum.c | 9 +-
crypto/openssl/include/crypto/aes_platform.h | 4 +-
crypto/openssl/include/crypto/bn.h | 2 +-
crypto/openssl/include/openssl/opensslv.h | 10 +-
crypto/openssl/include/openssl/tls1.h | 4 +-
crypto/openssl/providers/fips-sources.checksums | 18 +-
crypto/openssl/providers/fips.checksum | 2 +-
.../implementations/encode_decode/decode_der2key.c | 35 +-
.../openssl/providers/implementations/rands/drbg.c | 5 +
crypto/openssl/ssl/bio_ssl.c | 4 +-
crypto/openssl/ssl/ssl_lib.c | 63 ++-
crypto/openssl/ssl/ssl_sess.c | 34 +-
crypto/openssl/ssl/statem/extensions.c | 14 +-
crypto/openssl/ssl/statem/extensions_clnt.c | 29 +-
crypto/openssl/ssl/statem/extensions_srvr.c | 34 +-
crypto/openssl/ssl/statem/statem_lib.c | 6 +-
crypto/openssl/ssl/t1_lib.c | 2 +
crypto/openssl/test/build.info | 6 +-
crypto/openssl/test/crltest.c | 65 ++-
crypto/openssl/test/endecode_test.c | 22 +-
crypto/openssl/test/evp_byname_test.c | 40 ++
crypto/openssl/test/evp_extra_test.c | 21 +
crypto/openssl/test/helpers/handshake.c | 8 +-
crypto/openssl/test/hexstr_test.c | 11 +-
crypto/openssl/test/prov_config_test.c | 9 +-
crypto/openssl/test/provider_fallback_test.c | 14 +-
crypto/openssl/test/provider_internal_test.c | 4 +-
crypto/openssl/test/provider_test.c | 3 +-
crypto/openssl/test/recipes/03-test_fipsinstall.t | 44 +-
crypto/openssl/test/recipes/04-test_conf.t | 3 +-
.../recipes/04-test_conf_data/oversized_line.cnf | 3 +
.../recipes/04-test_conf_data/oversized_line.txt | 4 +
crypto/openssl/test/recipes/25-test_eai_data.t | 2 +-
crypto/openssl/test/recipes/30-test_evp_byname.t | 16 +
.../test/recipes/30-test_evp_data/evppkey_dsa.txt | 6 +-
.../recipes/30-test_evp_data/evppkey_ecdsa.txt | 3 +-
.../30-test_evp_data/evppkey_rsa_common.txt | 3 +-
crypto/openssl/test/recipes/70-test_npn.t | 73 +++
crypto/openssl/test/ssl-tests/08-npn.cnf | 553 ++++++++++++---------
crypto/openssl/test/ssl-tests/08-npn.cnf.in | 37 +-
crypto/openssl/test/ssl-tests/09-alpn.cnf | 66 ++-
crypto/openssl/test/ssl-tests/09-alpn.cnf.in | 35 +-
crypto/openssl/test/sslapitest.c | 370 +++++++++++++-
crypto/openssl/util/check-format-commit.sh | 171 +++++++
crypto/openssl/util/check-format-test-negatives.c | 5 +-
crypto/openssl/util/check-format.pl | 13 +-
crypto/openssl/util/perl/OpenSSL/Test/Utils.pm | 18 +-
crypto/openssl/util/perl/TLSProxy/Message.pm | 11 +-
crypto/openssl/util/perl/TLSProxy/NextProto.pm | 54 ++
crypto/openssl/util/perl/TLSProxy/Proxy.pm | 3 +-
secure/lib/libcrypto/Makefile.inc | 4 +-
sys/crypto/openssl/powerpc/aesp8-ppc.S | 143 ++++--
sys/crypto/openssl/powerpc/poly1305-ppc.S | 64 +--
sys/crypto/openssl/powerpc64/aesp8-ppc.S | 143 ++++--
sys/crypto/openssl/powerpc64/poly1305-ppc.S | 64 +--
sys/crypto/openssl/powerpc64le/aesp8-ppc.S | 143 ++++--
sys/crypto/openssl/powerpc64le/poly1305-ppc.S | 64 +--
182 files changed, 2697 insertions(+), 1062 deletions(-)
diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md
index 19e0fd6e25a5..e41181b5bbb0 100644
--- a/crypto/openssl/CHANGES.md
+++ b/crypto/openssl/CHANGES.md
@@ -28,6 +28,30 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
+
+ * Fixed possible denial of service in X.509 name checks.
+
+ Applications performing certificate name checks (e.g., TLS clients checking
+ server certificates) may attempt to read an invalid memory address when
+ comparing the expected name with an `otherName` subject alternative name of
+ an X.509 certificate. This may result in an exception that terminates the
+ application program.
+
+ ([CVE-2024-6119])
+
+ *Viktor Dukhovni*
+
+ * Fixed possible buffer overread in SSL_select_next_proto().
+
+ Calling the OpenSSL API function SSL_select_next_proto with an empty
+ supported client protocols buffer may cause a crash or memory contents
+ to be sent to the peer.
+
+ ([CVE-2024-5535])
+
+ *Matt Caswell*
+
### Changes between 3.0.13 and 3.0.14 [4 Jun 2024]
* Fixed potential use after free after SSL_free_buffers() is called.
@@ -70,6 +94,14 @@ breaking changes, and mappings for the large list of deprecated functions.
*Tomáš Mráz*
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+ side channel leaks.
+
+ Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+ and Hubert Kario from Red Hat for reporting the issues.
+
+ *Tomáš Mráz and Paul Dale*
+
* Fixed an issue where some non-default TLS server configurations can cause
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
exploit certain server configurations to trigger unbounded memory growth that
@@ -19890,6 +19922,8 @@ ndif
<!-- Links -->
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
+[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
diff --git a/crypto/openssl/CONTRIBUTING.md b/crypto/openssl/CONTRIBUTING.md
index fec6616e21fe..cced15347d05 100644
--- a/crypto/openssl/CONTRIBUTING.md
+++ b/crypto/openssl/CONTRIBUTING.md
@@ -3,7 +3,7 @@ HOW TO CONTRIBUTE TO OpenSSL
Please visit our [Getting Started] page for other ideas about how to contribute.
- [Getting Started]: <https://www.openssl.org/community/getting-started.html>
+ [Getting Started]: <https://openssl-library.org/community/getting-started>
Development is done on GitHub in the [openssl/openssl] repository.
@@ -77,8 +77,8 @@ guidelines:
Clean builds via GitHub Actions are required. They are started automatically
whenever a PR is created or updated by committers.
- [coding style]: https://www.openssl.org/policies/technical/coding-style.html
- [documentation policy]: https://openssl.org/policies/technical/documentation-policy.html
+ [coding style]: https://openssl-library.org/policies/technical/coding-style/
+ [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
5. When at all possible, code contributions should include tests. These can
either be added to an existing test, or completely new. Please see
diff --git a/crypto/openssl/Configurations/10-main.conf b/crypto/openssl/Configurations/10-main.conf
index 1155d9859c56..e74adb50cc3c 100644
--- a/crypto/openssl/Configurations/10-main.conf
+++ b/crypto/openssl/Configurations/10-main.conf
@@ -1264,6 +1264,25 @@ my %targets = (
AR => add("-X32"),
RANLIB => add("-X32"),
},
+ # To enable openxl compiler for aix
+ # If 17.1 openxl runtime is available, -latomic can be used
+ # instead of -DBROKEN_CLANG_ATOMICS
+ "aix-clang" => {
+ inherit_from => [ "aix-common" ],
+ CC => "ibm-clang",
+ CFLAGS => picker(debug => "-O0 -g",
+ release => "-O"),
+ cflags => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS",
+ threads("-pthread")),
+ ex_libs => add(threads("-pthread")),
+ bn_ops => "BN_LLONG RC4_CHAR",
+ asm_arch => 'ppc32',
+ perlasm_scheme => "aix32",
+ shared_cflag => "-fpic",
+ shared_ldflag => add("-shared"),
+ AR => add("-X32"),
+ RANLIB => add("-X32"),
+ },
"aix64-cc" => {
inherit_from => [ "aix-common" ],
CC => "cc",
@@ -1282,6 +1301,23 @@ my %targets = (
AR => add("-X64"),
RANLIB => add("-X64"),
},
+ "aix64-clang" => {
+ inherit_from => [ "aix-common" ],
+ CC => "ibm-clang",
+ CFLAGS => picker(debug => "-O0 -g",
+ release => "-O"),
+ cflags => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large",
+ threads("-pthread")),
+ ex_libs => add(threads("-pthread")),
+ bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+ asm_arch => 'ppc64',
+ perlasm_scheme => "aix64",
+ shared_cflag => "-fpic",
+ shared_ldflag => add("-shared"),
+ shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
+ AR => add("-X64"),
+ RANLIB => add("-X64"),
+ },
# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
"BS2000-OSD" => {
diff --git a/crypto/openssl/Configurations/15-ios.conf b/crypto/openssl/Configurations/15-ios.conf
index 81e3d68bc7f0..84c9cfeb3a14 100644
--- a/crypto/openssl/Configurations/15-ios.conf
+++ b/crypto/openssl/Configurations/15-ios.conf
@@ -10,7 +10,7 @@ my %targets = (
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
- disable => [ "shared", "async" ],
+ disable => [ "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common" ],
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 40c03ad0af32..0c60d1da1659 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -178,7 +178,6 @@ my @gcc_devteam_warn = qw(
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my @clang_devteam_warn = qw(
-Wno-unknown-warning-option
- -Wswitch-default
-Wno-parentheses-equality
-Wno-language-extension-token
-Wno-extended-offsetof
@@ -1583,7 +1582,7 @@ if (!$disabled{makedepend}) {
disable('unavailable', 'makedepend') unless $config{makedep_scheme};
}
-if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') {
+if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) {
# probe for -Wa,--noexecstack option...
if ($predefined_C{__clang__}) {
# clang has builtin assembler, which doesn't recognize --help,
@@ -3407,6 +3406,13 @@ sub absolutedir {
return rel2abs($dir);
}
+ # realpath() on Windows seems to check if the directory actually exists,
+ # which isn't what is wanted here. All we want to know is if a directory
+ # spec is absolute, not if it exists.
+ if ($^O eq "MSWin32") {
+ return rel2abs($dir);
+ }
+
# We use realpath() on Unix, since no other will properly clean out
# a directory spec.
use Cwd qw/realpath/;
diff --git a/crypto/openssl/FAQ.md b/crypto/openssl/FAQ.md
deleted file mode 100644
index 30f5010ce3a4..000000000000
--- a/crypto/openssl/FAQ.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Frequently Asked Questions (FAQ)
-================================
-
-The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage.
-
- [FAQ]: https://www.openssl.org/docs/faq.html
diff --git a/crypto/openssl/INSTALL.md b/crypto/openssl/INSTALL.md
index c0dae491c94d..47d64b1a39d8 100644
--- a/crypto/openssl/INSTALL.md
+++ b/crypto/openssl/INSTALL.md
@@ -1164,7 +1164,7 @@ Configure OpenSSL
### Automatic Configuration
In previous version, the `config` script determined the platform type and
-compiler and then called `Configure`. Starting with this release, they are
+compiler and then called `Configure`. Starting with version 3.0, they are
the same.
#### Unix / Linux / macOS
@@ -1618,7 +1618,7 @@ More about our support resources can be found in the [SUPPORT] file.
### Configuration Errors
-If the `./Configure` or `./Configure` command fails with an error message,
+If the `./config` or `./Configure` command fails with an error message,
read the error message carefully and try to figure out whether you made
a mistake (e.g., by providing a wrong option), or whether the script is
working incorrectly. If you think you encountered a bug, please
diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md
index fb231bcd8459..e0a81703ee8d 100644
--- a/crypto/openssl/NEWS.md
+++ b/crypto/openssl/NEWS.md
@@ -18,6 +18,19 @@ OpenSSL Releases
OpenSSL 3.0
-----------
+### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
+
+OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
+release is Moderate.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed possible denial of service in X.509 name checks
+ ([CVE-2024-6119])
+
+ * Fixed possible buffer overread in SSL_select_next_proto()
+ ([CVE-2024-5535])
+
### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [4 Jun 2024]
* Fixed potential use after free after SSL_free_buffers() is called
@@ -1482,6 +1495,8 @@ OpenSSL 0.9.x
<!-- Links -->
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
+[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat
index 5de9bf3d01ba..0942ddc200ca 100644
--- a/crypto/openssl/VERSION.dat
+++ b/crypto/openssl/VERSION.dat
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
-PATCH=14
+PATCH=15
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="4 Jun 2024"
+RELEASE_DATE="3 Sep 2024"
SHLIB_VERSION=3
diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c
index 3994cb0fcd58..abb9f196a760 100644
--- a/crypto/openssl/apps/cms.c
+++ b/crypto/openssl/apps/cms.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -132,7 +132,7 @@ const OPTIONS cms_options[] = {
{"binary", OPT_BINARY, '-',
"Treat input as binary: do not translate to canonical form"},
{"crlfeol", OPT_CRLFEOL, '-',
- "Use CRLF as EOL termination instead of CR only" },
+ "Use CRLF as EOL termination instead of LF only" },
{"asciicrlf", OPT_ASCIICRLF, '-',
"Perform CRLF canonicalisation when signing"},
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 3f02af0d5738..51383bec26ca 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -478,7 +478,7 @@ int dgst_main(int argc, char **argv)
static void show_digests(const OBJ_NAME *name, void *arg)
{
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
- const EVP_MD *md = NULL;
+ EVP_MD *md = NULL;
/* Filter out signed digests (a.k.a signature algorithms) */
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
@@ -490,8 +490,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
/* Filter out message digests that we cannot use */
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
if (md == NULL) {
- md = EVP_get_digestbyname(name->name);
- if (md == NULL)
+ if (EVP_get_digestbyname(name->name) == NULL)
return;
}
@@ -502,6 +501,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
} else {
BIO_printf(dec->bio, " ");
}
+
+ EVP_MD_free(md);
}
/*
diff --git a/crypto/openssl/apps/lib/opt.c b/crypto/openssl/apps/lib/opt.c
index d56964dbe7ba..88db9ad6947b 100644
--- a/crypto/openssl/apps/lib/opt.c
+++ b/crypto/openssl/apps/lib/opt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -616,7 +616,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result)
opt_number_error(value);
return 0;
}
- *result = (ossl_intmax_t)m;
+ *result = (ossl_uintmax_t)m;
errno = oerrno;
return 1;
}
diff --git a/crypto/openssl/apps/lib/s_cb.c b/crypto/openssl/apps/lib/s_cb.c
index 7881c1667626..6440b496099e 100644
--- a/crypto/openssl/apps/lib/s_cb.c
+++ b/crypto/openssl/apps/lib/s_cb.c
@@ -649,7 +649,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
(void)BIO_flush(bio);
}
-static STRINT_PAIR tlsext_types[] = {
+static const STRINT_PAIR tlsext_types[] = {
{"server name", TLSEXT_TYPE_server_name},
{"max fragment length", TLSEXT_TYPE_max_fragment_length},
{"client certificate URL", TLSEXT_TYPE_client_certificate_url},
@@ -688,6 +688,7 @@ static STRINT_PAIR tlsext_types[] = {
{"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
{"certificate authorities", TLSEXT_TYPE_certificate_authorities},
{"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
+ {"early_data", TLSEXT_TYPE_early_data},
{NULL}
};
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
index 52b4a01c232f..651294e46daa 100644
--- a/crypto/openssl/apps/smime.c
+++ b/crypto/openssl/apps/smime.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -118,7 +118,7 @@ const OPTIONS smime_options[] = {
"Do not load certificates from the default certificates store"},
{"nochain", OPT_NOCHAIN, '-',
"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
- {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+ {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"},
OPT_R_OPTIONS,
OPT_V_OPTIONS,
diff --git a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
index 60cf86f52aed..f7f78d04b0e1 100755
--- a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -99,11 +99,12 @@ rcon:
.long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev
.long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev
.long 0,0,0,0 ?asis
+.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe
Lconsts:
mflr r0
bcl 20,31,\$+4
mflr $ptr #vvvvv "distance between . and rcon
- addi $ptr,$ptr,-0x48
+ addi $ptr,$ptr,-0x58
mtlr r0
blr
.long 0
@@ -2405,7 +2406,7 @@ ___
my $key_=$key2;
my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
$x00=0 if ($flavour =~ /osx/);
-my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5));
+my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5));
my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys
@@ -2460,6 +2461,18 @@ _aesp8_xts_encrypt6x:
li $x70,0x70
mtspr 256,r0
+ # Reverse eighty7 to 0x010101..87
+ xxlor 2, 32+$eighty7, 32+$eighty7
+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
+ xxlor 1, 32+$eighty7, 32+$eighty7
+
+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe
+ mr $x70, r6
+ bl Lconsts
+ lxvw4x 0, $x40, r6 # load XOR contents
+ mr r6, $x70
+ li $x70,0x70
+
subi $rounds,$rounds,3 # -4 in total
lvx $rndkey0,$x00,$key1 # load key schedule
@@ -2502,69 +2515,77 @@ Load_xts_enc_key:
?vperm v31,v31,$twk5,$keyperm
lvx v25,$x10,$key_ # pre-load round[2]
+ # Switch to use the following codes with 0x010101..87 to generate tweak.
+ # eighty7 = 0x010101..87
+ # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits
+ # vand tmp, tmp, eighty7 # last byte with carry
+ # vaddubm tweak, tweak, tweak # left shift 1 bit (x2)
+ # xxlor vsx, 0, 0
+ # vpermxor tweak, tweak, tmp, vsx
+
vperm $in0,$inout,$inptail,$inpperm
subi $inp,$inp,31 # undo "caller"
vxor $twk0,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vand $tmp,$tmp,$eighty7
vxor $out0,$in0,$twk0
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
lvx_u $in1,$x10,$inp
vxor $twk1,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in1,$in1,$in1,$leperm
vand $tmp,$tmp,$eighty7
vxor $out1,$in1,$twk1
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
lvx_u $in2,$x20,$inp
andi. $taillen,$len,15
vxor $twk2,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in2,$in2,$in2,$leperm
vand $tmp,$tmp,$eighty7
vxor $out2,$in2,$twk2
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
lvx_u $in3,$x30,$inp
sub $len,$len,$taillen
vxor $twk3,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in3,$in3,$in3,$leperm
vand $tmp,$tmp,$eighty7
vxor $out3,$in3,$twk3
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
lvx_u $in4,$x40,$inp
subi $len,$len,0x60
vxor $twk4,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in4,$in4,$in4,$leperm
vand $tmp,$tmp,$eighty7
vxor $out4,$in4,$twk4
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
lvx_u $in5,$x50,$inp
addi $inp,$inp,0x60
vxor $twk5,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in5,$in5,$in5,$leperm
vand $tmp,$tmp,$eighty7
vxor $out5,$in5,$twk5
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in0, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in0
vxor v31,v31,$rndkey0
mtctr $rounds
@@ -2590,6 +2611,8 @@ Loop_xts_enc6x:
lvx v25,$x10,$key_ # round[4]
bdnz Loop_xts_enc6x
+ xxlor 32+$eighty7, 1, 1 # 0x010101..87
+
subic $len,$len,96 # $len-=96
vxor $in0,$twk0,v31 # xor with last round key
vcipher $out0,$out0,v24
@@ -2599,7 +2622,6 @@ Loop_xts_enc6x:
vaddubm $tweak,$tweak,$tweak
vcipher $out2,$out2,v24
vcipher $out3,$out3,v24
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out4,$out4,v24
vcipher $out5,$out5,v24
@@ -2607,7 +2629,8 @@ Loop_xts_enc6x:
vand $tmp,$tmp,$eighty7
vcipher $out0,$out0,v25
vcipher $out1,$out1,v25
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
vcipher $out2,$out2,v25
vcipher $out3,$out3,v25
vxor $in1,$twk1,v31
@@ -2618,13 +2641,13 @@ Loop_xts_enc6x:
and r0,r0,$len
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out0,$out0,v26
vcipher $out1,$out1,v26
vand $tmp,$tmp,$eighty7
vcipher $out2,$out2,v26
vcipher $out3,$out3,v26
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
vcipher $out4,$out4,v26
vcipher $out5,$out5,v26
@@ -2638,7 +2661,6 @@ Loop_xts_enc6x:
vaddubm $tweak,$tweak,$tweak
vcipher $out0,$out0,v27
vcipher $out1,$out1,v27
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out2,$out2,v27
vcipher $out3,$out3,v27
vand $tmp,$tmp,$eighty7
@@ -2646,7 +2668,8 @@ Loop_xts_enc6x:
vcipher $out5,$out5,v27
addi $key_,$sp,$FRAME+15 # rewind $key_
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
vcipher $out0,$out0,v28
vcipher $out1,$out1,v28
vxor $in3,$twk3,v31
@@ -2655,7 +2678,6 @@ Loop_xts_enc6x:
vcipher $out2,$out2,v28
vcipher $out3,$out3,v28
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out4,$out4,v28
vcipher $out5,$out5,v28
lvx v24,$x00,$key_ # re-pre-load round[1]
@@ -2663,7 +2685,8 @@ Loop_xts_enc6x:
vcipher $out0,$out0,v29
vcipher $out1,$out1,v29
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
vcipher $out2,$out2,v29
vcipher $out3,$out3,v29
vxor $in4,$twk4,v31
@@ -2673,14 +2696,14 @@ Loop_xts_enc6x:
vcipher $out5,$out5,v29
lvx v25,$x10,$key_ # re-pre-load round[2]
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipher $out0,$out0,v30
vcipher $out1,$out1,v30
vand $tmp,$tmp,$eighty7
vcipher $out2,$out2,v30
vcipher $out3,$out3,v30
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
vcipher $out4,$out4,v30
vcipher $out5,$out5,v30
vxor $in5,$twk5,v31
@@ -2690,7 +2713,6 @@ Loop_xts_enc6x:
vcipherlast $out0,$out0,$in0
lvx_u $in0,$x00,$inp # load next input block
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vcipherlast $out1,$out1,$in1
lvx_u $in1,$x10,$inp
vcipherlast $out2,$out2,$in2
@@ -2703,7 +2725,10 @@ Loop_xts_enc6x:
vcipherlast $out4,$out4,$in4
le?vperm $in2,$in2,$in2,$leperm
lvx_u $in4,$x40,$inp
- vxor $tweak,$tweak,$tmp
+ xxlor 10, 32+$in0, 32+$in0
+ xxlor 32+$in0, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in0
+ xxlor 32+$in0, 10, 10
vcipherlast $tmp,$out5,$in5 # last block might be needed
# in stealing mode
le?vperm $in3,$in3,$in3,$leperm
@@ -2736,6 +2761,8 @@ Loop_xts_enc6x:
mtctr $rounds
beq Loop_xts_enc6x # did $len-=96 borrow?
+ xxlor 32+$eighty7, 2, 2 # 0x870101..01
+
addic. $len,$len,0x60
beq Lxts_enc6x_zero
cmpwi $len,0x20
@@ -3112,6 +3139,18 @@ _aesp8_xts_decrypt6x:
li $x70,0x70
mtspr 256,r0
+ # Reverse eighty7 to 0x010101..87
+ xxlor 2, 32+$eighty7, 32+$eighty7
+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
+ xxlor 1, 32+$eighty7, 32+$eighty7
+
+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe
+ mr $x70, r6
+ bl Lconsts
+ lxvw4x 0, $x40, r6 # load XOR contents
+ mr r6, $x70
+ li $x70,0x70
+
subi $rounds,$rounds,3 # -4 in total
lvx $rndkey0,$x00,$key1 # load key schedule
@@ -3159,64 +3198,64 @@ Load_xts_dec_key:
vxor $twk0,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
vand $tmp,$tmp,$eighty7
vxor $out0,$in0,$twk0
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in1, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in1
lvx_u $in1,$x10,$inp
vxor $twk1,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in1,$in1,$in1,$leperm
vand $tmp,$tmp,$eighty7
vxor $out1,$in1,$twk1
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in2, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in2
lvx_u $in2,$x20,$inp
andi. $taillen,$len,15
vxor $twk2,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in2,$in2,$in2,$leperm
vand $tmp,$tmp,$eighty7
vxor $out2,$in2,$twk2
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in3, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in3
lvx_u $in3,$x30,$inp
sub $len,$len,$taillen
vxor $twk3,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in3,$in3,$in3,$leperm
vand $tmp,$tmp,$eighty7
vxor $out3,$in3,$twk3
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in4, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in4
lvx_u $in4,$x40,$inp
subi $len,$len,0x60
vxor $twk4,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
- vsldoi $tmp,$tmp,$tmp,15
le?vperm $in4,$in4,$in4,$leperm
vand $tmp,$tmp,$eighty7
vxor $out4,$in4,$twk4
- vxor $tweak,$tweak,$tmp
+ xxlor 32+$in5, 0, 0
+ vpermxor $tweak, $tweak, $tmp, $in5
lvx_u $in5,$x50,$inp
addi $inp,$inp,0x60
vxor $twk5,$tweak,$rndkey0
vsrab $tmp,$tweak,$seven # next tweak value
vaddubm $tweak,$tweak,$tweak
*** 8393 LINES SKIPPED ***