From nobody Sat Sep 28 03:52:30 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFthH0Tkxz5Xh6d; Sat, 28 Sep 2024 03:52:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFthG74ztz4RMp; Sat, 28 Sep 2024 03:52:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727495551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nCNCtmq46naWwsO6+LGsaiOnRa8psv7bQ8kfLK4uap4=; b=TeNntmLSMin4c/Q5Imqlt8G9OPhAM/T5LPiZdFPxGJimPVVmBxIInuIYXhXOVB/IRgbybA gm9u3BuomDFOJz3pbyYLzfpGA9l9TIEXuYJeNaRX5ALyvwOdUUspoDjkbtmAhGJGu9BmrE +XgTREml98v8CVLUoDky4nc/eqmEQ49UrAeFwukejWCFaFX2/3mKiKnni3qiOgWP8HHWT1 Jw4mQcRo5p+GHoP7sdWsfW0eSlRGM/MRflPH2vlR7URKkzBn5JKk19InI6g4eLDdp8LR41 LBbQn9/tuI6tN27/ZAKSJS2SnJWZbRm94Uied+NvXFkq/b+qTRU3CCH/QS2b0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727495551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nCNCtmq46naWwsO6+LGsaiOnRa8psv7bQ8kfLK4uap4=; b=N6HWnnrrymgJi7A/rem1Kljf1M2nbGVNZlWlAWwJWfYrbRrjApZKfBMn/02KlJ9EVaNfEZ 8RvuTnCrASDKDUP2SqOZSmkCoWPDP3BQFFsCBKfRjRq1lvWgBsqfo3TXdFj5h82kD65FLt Ka6XWNeVMOvu486cZ+7kjNdJB+o0MfZa7k2w539V/5Ar6Iabi2K3vHyf2Zm4Z3f6JmSm0e vx0vjwmhv5TBZ7/8NuuM17JdTZMDx8EHKhjd4Py1s0ewLvct0cbMae0VRGvbXALbJ2sNrR HYSOIK4fj6VVr1phRiDDmdo+T+9DTQk+BKcN35iGIpU4kSplYMLrLjf5tikyjg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727495551; a=rsa-sha256; cv=none; b=cgJ6Hg187+HNBnbvEmuQMt6VA57LexdBYnAnPZWr3M8deVrhSIIWt03jCuFX9UekySPs7W RgXqllUiPnub74nwWugpHJIwSzeIwUf2Z5PTV24K/Ijp6UzD3vpEt4EDXqYursHBn817+k 3gIJOeM3x6b1ZlYmzNFbPzskejxe4S9q3/oFz3XkoqhKREJY9bhLEO7jwoKmFqEMlNMVFC 7Y7vz4m8/GWdBICd5o8ptBeBnjf+v43pYIjnp25sC4p3OJ4xXbfarVmqZi/dMtoopsLLhG lLGvvcI2i+YPie8r4iKnzbHCoXe0sRW4o5pcd1AuZ9BE9rcHCU0KBNbtoPiLkQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XFthG6h8cz17xT; Sat, 28 Sep 2024 03:52:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48S3qUKj014439; Sat, 28 Sep 2024 03:52:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48S3qUAk014436; Sat, 28 Sep 2024 03:52:30 GMT (envelope-from git) Date: Sat, 28 Sep 2024 03:52:30 GMT Message-Id: <202409280352.48S3qUAk014436@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Enji Cooper Subject: git: cc43f991ab3e - stable/14 - openssl: Import OpenSSL 3.0.15. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ngie X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: cc43f991ab3e46ec16f3f1395160805f01bf932e Auto-Submitted: auto-generated The branch stable/14 has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=cc43f991ab3e46ec16f3f1395160805f01bf932e commit cc43f991ab3e46ec16f3f1395160805f01bf932e Author: Enji Cooper AuthorDate: 2024-09-08 04:30:17 +0000 Commit: Enji Cooper CommitDate: 2024-09-28 03:50:47 +0000 openssl: Import OpenSSL 3.0.15. This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602 Merge commit '108164cf95d9594884c2dcccba2691335e6f221b' (cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09) Update config/build info for OpenSSL 3.0.15 This is a companion commit to the OpenSSL 3.0.15 update. `opensslv.h` was regenerated via the following process: ``` cd crypto/openssl ./config git reset --hard gmake include/openssl/opensslv.h ``` `Makefile.inc` has been updated to match. MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 Differential Revision: https://reviews.freebsd.org/D46603 (cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187) sys/crypto/openssl: update powerpc* ASM This change updates the crypto powerpc* ASM via the prescribed process documented in `crypto/openssl/FREEBSD-upgrade`. This change syncs the ASM with 3.0.15's generated ASM. MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 MFC with: cc717b574d7faa2e0b2de1a985076286cef74187 Differential Revision: https://reviews.freebsd.org/D46604 (cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233) --- crypto/openssl/CHANGES.md | 34 ++ crypto/openssl/CONTRIBUTING.md | 6 +- crypto/openssl/Configurations/10-main.conf | 36 ++ crypto/openssl/Configurations/15-ios.conf | 2 +- crypto/openssl/Configure | 10 +- crypto/openssl/FAQ.md | 6 - crypto/openssl/INSTALL.md | 4 +- crypto/openssl/NEWS.md | 15 + crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/cms.c | 4 +- crypto/openssl/apps/dgst.c | 9 +- crypto/openssl/apps/lib/opt.c | 4 +- crypto/openssl/apps/lib/s_cb.c | 3 +- crypto/openssl/apps/smime.c | 4 +- crypto/openssl/crypto/aes/asm/aesp8-ppc.pl | 147 ++++-- crypto/openssl/crypto/aes/build.info | 4 + crypto/openssl/crypto/asn1/a_d2i_fp.c | 5 +- crypto/openssl/crypto/asn1/a_mbstr.c | 14 +- crypto/openssl/crypto/asn1/a_strex.c | 11 +- crypto/openssl/crypto/asn1/a_verify.c | 4 +- crypto/openssl/crypto/asn1/tasn_fre.c | 8 +- crypto/openssl/crypto/bio/bf_readbuff.c | 7 +- crypto/openssl/crypto/bio/bio_addr.c | 12 +- crypto/openssl/crypto/cmp/cmp_vfy.c | 4 +- crypto/openssl/crypto/conf/conf_def.c | 4 +- crypto/openssl/crypto/conf/conf_lib.c | 5 +- crypto/openssl/crypto/conf/conf_sap.c | 4 +- crypto/openssl/crypto/context.c | 4 +- crypto/openssl/crypto/ec/ecdsa_ossl.c | 12 +- crypto/openssl/crypto/engine/eng_table.c | 8 +- crypto/openssl/crypto/evp/ctrl_params_translate.c | 5 +- crypto/openssl/crypto/evp/digest.c | 4 +- crypto/openssl/crypto/evp/names.c | 36 +- crypto/openssl/crypto/evp/pmeth_lib.c | 11 +- crypto/openssl/crypto/o_str.c | 6 +- crypto/openssl/crypto/pkcs12/p12_crt.c | 17 +- crypto/openssl/crypto/pkcs7/pk7_doit.c | 45 +- crypto/openssl/crypto/property/property.c | 55 +- crypto/openssl/crypto/rand/randfile.c | 13 +- crypto/openssl/crypto/rsa/rsa_oaep.c | 4 +- crypto/openssl/crypto/x509/v3_utl.c | 2 +- crypto/openssl/crypto/x509/x_name.c | 6 +- crypto/openssl/doc/HOWTO/certificates.txt | 2 +- crypto/openssl/doc/fingerprints.txt | 3 - crypto/openssl/doc/man1/openssl-enc.pod.in | 13 +- .../doc/man1/openssl-passphrase-options.pod | 24 +- crypto/openssl/doc/man1/openssl-s_client.pod.in | 8 +- crypto/openssl/doc/man1/openssl-s_server.pod.in | 7 +- .../doc/man1/openssl-verification-options.pod | 4 +- crypto/openssl/doc/man3/ASN1_INTEGER_new.pod | 3 +- crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod | 5 +- crypto/openssl/doc/man3/BIO_ADDR.pod | 3 +- crypto/openssl/doc/man3/BIO_ADDRINFO.pod | 4 +- crypto/openssl/doc/man3/BIO_f_base64.pod | 26 +- crypto/openssl/doc/man3/BIO_meth_new.pod | 4 +- crypto/openssl/doc/man3/BN_add.pod | 22 +- crypto/openssl/doc/man3/BN_generate_prime.pod | 5 +- crypto/openssl/doc/man3/BN_set_bit.pod | 9 +- crypto/openssl/doc/man3/BUF_MEM_new.pod | 3 +- crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod | 12 +- crypto/openssl/doc/man3/CTLOG_STORE_new.pod | 4 +- crypto/openssl/doc/man3/CTLOG_new.pod | 4 +- crypto/openssl/doc/man3/CT_POLICY_EVAL_CTX_new.pod | 5 +- crypto/openssl/doc/man3/DH_meth_new.pod | 4 +- crypto/openssl/doc/man3/DSA_SIG_new.pod | 3 +- crypto/openssl/doc/man3/DSA_meth_new.pod | 4 +- crypto/openssl/doc/man3/ECDSA_SIG_new.pod | 3 +- crypto/openssl/doc/man3/ENGINE_add.pod | 5 +- crypto/openssl/doc/man3/EVP_ASYM_CIPHER_free.pod | 4 +- crypto/openssl/doc/man3/EVP_CIPHER_meth_new.pod | 3 +- crypto/openssl/doc/man3/EVP_DigestInit.pod | 10 +- crypto/openssl/doc/man3/EVP_EncodeInit.pod | 4 +- crypto/openssl/doc/man3/EVP_EncryptInit.pod | 19 +- crypto/openssl/doc/man3/EVP_KEM_free.pod | 3 +- crypto/openssl/doc/man3/EVP_KEYEXCH_free.pod | 4 +- crypto/openssl/doc/man3/EVP_KEYMGMT.pod | 3 +- crypto/openssl/doc/man3/EVP_MD_meth_new.pod | 3 +- crypto/openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 +- crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod | 4 +- crypto/openssl/doc/man3/EVP_RAND.pod | 4 +- crypto/openssl/doc/man3/EVP_SIGNATURE.pod | 4 +- crypto/openssl/doc/man3/HMAC.pod | 4 +- crypto/openssl/doc/man3/MD5.pod | 15 +- crypto/openssl/doc/man3/NCONF_new_ex.pod | 4 +- crypto/openssl/doc/man3/OCSP_REQUEST_new.pod | 3 +- crypto/openssl/doc/man3/OCSP_cert_to_id.pod | 3 +- crypto/openssl/doc/man3/OCSP_response_status.pod | 3 +- crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod | 4 +- crypto/openssl/doc/man3/OPENSSL_init_crypto.pod | 3 +- crypto/openssl/doc/man3/OPENSSL_malloc.pod | 5 +- crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod | 8 +- crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod | 8 +- crypto/openssl/doc/man3/OSSL_CMP_SRV_CTX_new.pod | 3 +- crypto/openssl/doc/man3/OSSL_CMP_validate_msg.pod | 9 +- crypto/openssl/doc/man3/OSSL_DECODER.pod | 3 +- crypto/openssl/doc/man3/OSSL_DECODER_CTX.pod | 3 +- .../doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod | 4 +- crypto/openssl/doc/man3/OSSL_ENCODER.pod | 3 +- crypto/openssl/doc/man3/OSSL_ENCODER_CTX.pod | 3 +- crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod | 3 +- crypto/openssl/doc/man3/OSSL_LIB_CTX.pod | 4 +- crypto/openssl/doc/man3/OSSL_PARAM_BLD.pod | 3 +- crypto/openssl/doc/man3/OSSL_PARAM_dup.pod | 3 +- crypto/openssl/doc/man3/OSSL_SELF_TEST_new.pod | 3 +- crypto/openssl/doc/man3/OSSL_STORE_INFO.pod | 3 +- crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod | 23 +- crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod | 3 +- .../openssl/doc/man3/PEM_read_bio_PrivateKey.pod | 6 +- crypto/openssl/doc/man3/RAND_set_DRBG_type.pod | 4 +- crypto/openssl/doc/man3/RSA_meth_new.pod | 4 +- crypto/openssl/doc/man3/SCT_new.pod | 8 +- .../doc/man3/SSL_CTX_set_alpn_select_cb.pod | 28 +- .../openssl/doc/man3/SSL_CTX_set_cipher_list.pod | 4 +- .../doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 8 +- crypto/openssl/doc/man3/TS_RESP_CTX_new.pod | 3 +- crypto/openssl/doc/man3/X509V3_get_d2i.pod | 3 +- crypto/openssl/doc/man3/X509_LOOKUP.pod | 3 +- crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod | 3 +- crypto/openssl/doc/man3/X509_STORE_new.pod | 3 +- crypto/openssl/doc/man3/X509_dup.pod | 2 +- crypto/openssl/doc/man3/X509_new.pod | 7 +- crypto/openssl/doc/man3/d2i_X509.pod | 6 +- crypto/openssl/doc/man7/EVP_KEYEXCH-DH.pod | 11 +- crypto/openssl/doc/man7/EVP_PKEY-DH.pod | 62 +-- crypto/openssl/doc/man7/ossl_store.pod | 9 +- crypto/openssl/fuzz/bignum.c | 9 +- crypto/openssl/include/crypto/aes_platform.h | 4 +- crypto/openssl/include/crypto/bn.h | 2 +- crypto/openssl/include/openssl/opensslv.h | 10 +- crypto/openssl/include/openssl/tls1.h | 4 +- crypto/openssl/providers/fips-sources.checksums | 18 +- crypto/openssl/providers/fips.checksum | 2 +- .../implementations/encode_decode/decode_der2key.c | 35 +- .../openssl/providers/implementations/rands/drbg.c | 5 + crypto/openssl/ssl/bio_ssl.c | 4 +- crypto/openssl/ssl/ssl_lib.c | 63 ++- crypto/openssl/ssl/ssl_sess.c | 34 +- crypto/openssl/ssl/statem/extensions.c | 14 +- crypto/openssl/ssl/statem/extensions_clnt.c | 29 +- crypto/openssl/ssl/statem/extensions_srvr.c | 34 +- crypto/openssl/ssl/statem/statem_lib.c | 6 +- crypto/openssl/ssl/t1_lib.c | 2 + crypto/openssl/test/build.info | 6 +- crypto/openssl/test/crltest.c | 65 ++- crypto/openssl/test/endecode_test.c | 22 +- crypto/openssl/test/evp_byname_test.c | 40 ++ crypto/openssl/test/evp_extra_test.c | 21 + crypto/openssl/test/helpers/handshake.c | 8 +- crypto/openssl/test/hexstr_test.c | 11 +- crypto/openssl/test/prov_config_test.c | 9 +- crypto/openssl/test/provider_fallback_test.c | 14 +- crypto/openssl/test/provider_internal_test.c | 4 +- crypto/openssl/test/provider_test.c | 3 +- crypto/openssl/test/recipes/03-test_fipsinstall.t | 44 +- crypto/openssl/test/recipes/04-test_conf.t | 3 +- .../recipes/04-test_conf_data/oversized_line.cnf | 3 + .../recipes/04-test_conf_data/oversized_line.txt | 4 + crypto/openssl/test/recipes/25-test_eai_data.t | 2 +- crypto/openssl/test/recipes/30-test_evp_byname.t | 16 + .../test/recipes/30-test_evp_data/evppkey_dsa.txt | 6 +- .../recipes/30-test_evp_data/evppkey_ecdsa.txt | 3 +- .../30-test_evp_data/evppkey_rsa_common.txt | 3 +- crypto/openssl/test/recipes/70-test_npn.t | 73 +++ crypto/openssl/test/ssl-tests/08-npn.cnf | 553 ++++++++++++--------- crypto/openssl/test/ssl-tests/08-npn.cnf.in | 37 +- crypto/openssl/test/ssl-tests/09-alpn.cnf | 66 ++- crypto/openssl/test/ssl-tests/09-alpn.cnf.in | 35 +- crypto/openssl/test/sslapitest.c | 370 +++++++++++++- crypto/openssl/util/check-format-commit.sh | 171 +++++++ crypto/openssl/util/check-format-test-negatives.c | 5 +- crypto/openssl/util/check-format.pl | 13 +- crypto/openssl/util/perl/OpenSSL/Test/Utils.pm | 18 +- crypto/openssl/util/perl/TLSProxy/Message.pm | 11 +- crypto/openssl/util/perl/TLSProxy/NextProto.pm | 54 ++ crypto/openssl/util/perl/TLSProxy/Proxy.pm | 3 +- secure/lib/libcrypto/Makefile.inc | 4 +- sys/crypto/openssl/powerpc/aesp8-ppc.S | 143 ++++-- sys/crypto/openssl/powerpc/poly1305-ppc.S | 64 +-- sys/crypto/openssl/powerpc64/aesp8-ppc.S | 143 ++++-- sys/crypto/openssl/powerpc64/poly1305-ppc.S | 64 +-- sys/crypto/openssl/powerpc64le/aesp8-ppc.S | 143 ++++-- sys/crypto/openssl/powerpc64le/poly1305-ppc.S | 64 +-- 182 files changed, 2697 insertions(+), 1062 deletions(-) diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md index 19e0fd6e25a5..e41181b5bbb0 100644 --- a/crypto/openssl/CHANGES.md +++ b/crypto/openssl/CHANGES.md @@ -28,6 +28,30 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.14 and 3.0.15 [3 Sep 2024] + + * Fixed possible denial of service in X.509 name checks. + + Applications performing certificate name checks (e.g., TLS clients checking + server certificates) may attempt to read an invalid memory address when + comparing the expected name with an `otherName` subject alternative name of + an X.509 certificate. This may result in an exception that terminates the + application program. + + ([CVE-2024-6119]) + + *Viktor Dukhovni* + + * Fixed possible buffer overread in SSL_select_next_proto(). + + Calling the OpenSSL API function SSL_select_next_proto with an empty + supported client protocols buffer may cause a crash or memory contents + to be sent to the peer. + + ([CVE-2024-5535]) + + *Matt Caswell* + ### Changes between 3.0.13 and 3.0.14 [4 Jun 2024] * Fixed potential use after free after SSL_free_buffers() is called. @@ -70,6 +94,14 @@ breaking changes, and mappings for the large list of deprecated functions. *Tomáš Mráz* + * Improved EC/DSA nonce generation routines to avoid bias and timing + side channel leaks. + + Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis + and Hubert Kario from Red Hat for reporting the issues. + + *Tomáš Mráz and Paul Dale* + * Fixed an issue where some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that @@ -19890,6 +19922,8 @@ ndif +[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 +[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 diff --git a/crypto/openssl/CONTRIBUTING.md b/crypto/openssl/CONTRIBUTING.md index fec6616e21fe..cced15347d05 100644 --- a/crypto/openssl/CONTRIBUTING.md +++ b/crypto/openssl/CONTRIBUTING.md @@ -3,7 +3,7 @@ HOW TO CONTRIBUTE TO OpenSSL Please visit our [Getting Started] page for other ideas about how to contribute. - [Getting Started]: + [Getting Started]: Development is done on GitHub in the [openssl/openssl] repository. @@ -77,8 +77,8 @@ guidelines: Clean builds via GitHub Actions are required. They are started automatically whenever a PR is created or updated by committers. - [coding style]: https://www.openssl.org/policies/technical/coding-style.html - [documentation policy]: https://openssl.org/policies/technical/documentation-policy.html + [coding style]: https://openssl-library.org/policies/technical/coding-style/ + [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/ 5. When at all possible, code contributions should include tests. These can either be added to an existing test, or completely new. Please see diff --git a/crypto/openssl/Configurations/10-main.conf b/crypto/openssl/Configurations/10-main.conf index 1155d9859c56..e74adb50cc3c 100644 --- a/crypto/openssl/Configurations/10-main.conf +++ b/crypto/openssl/Configurations/10-main.conf @@ -1264,6 +1264,25 @@ my %targets = ( AR => add("-X32"), RANLIB => add("-X32"), }, + # To enable openxl compiler for aix + # If 17.1 openxl runtime is available, -latomic can be used + # instead of -DBROKEN_CLANG_ATOMICS + "aix-clang" => { + inherit_from => [ "aix-common" ], + CC => "ibm-clang", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS", + threads("-pthread")), + ex_libs => add(threads("-pthread")), + bn_ops => "BN_LLONG RC4_CHAR", + asm_arch => 'ppc32', + perlasm_scheme => "aix32", + shared_cflag => "-fpic", + shared_ldflag => add("-shared"), + AR => add("-X32"), + RANLIB => add("-X32"), + }, "aix64-cc" => { inherit_from => [ "aix-common" ], CC => "cc", @@ -1282,6 +1301,23 @@ my %targets = ( AR => add("-X64"), RANLIB => add("-X64"), }, + "aix64-clang" => { + inherit_from => [ "aix-common" ], + CC => "ibm-clang", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large", + threads("-pthread")), + ex_libs => add(threads("-pthread")), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + asm_arch => 'ppc64', + perlasm_scheme => "aix64", + shared_cflag => "-fpic", + shared_ldflag => add("-shared"), + shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", + AR => add("-X64"), + RANLIB => add("-X64"), + }, # SIEMENS BS2000/OSD: an EBCDIC-based mainframe "BS2000-OSD" => { diff --git a/crypto/openssl/Configurations/15-ios.conf b/crypto/openssl/Configurations/15-ios.conf index 81e3d68bc7f0..84c9cfeb3a14 100644 --- a/crypto/openssl/Configurations/15-ios.conf +++ b/crypto/openssl/Configurations/15-ios.conf @@ -10,7 +10,7 @@ my %targets = ( template => 1, inherit_from => [ "darwin-common" ], sys_id => "iOS", - disable => [ "shared", "async" ], + disable => [ "async" ], }, "ios-xcrun" => { inherit_from => [ "ios-common" ], diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 40c03ad0af32..0c60d1da1659 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -178,7 +178,6 @@ my @gcc_devteam_warn = qw( # -Wextended-offsetof -- no, needed in CMS ASN1 code my @clang_devteam_warn = qw( -Wno-unknown-warning-option - -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof @@ -1583,7 +1582,7 @@ if (!$disabled{makedepend}) { disable('unavailable', 'makedepend') unless $config{makedep_scheme}; } -if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') { +if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) { # probe for -Wa,--noexecstack option... if ($predefined_C{__clang__}) { # clang has builtin assembler, which doesn't recognize --help, @@ -3407,6 +3406,13 @@ sub absolutedir { return rel2abs($dir); } + # realpath() on Windows seems to check if the directory actually exists, + # which isn't what is wanted here. All we want to know is if a directory + # spec is absolute, not if it exists. + if ($^O eq "MSWin32") { + return rel2abs($dir); + } + # We use realpath() on Unix, since no other will properly clean out # a directory spec. use Cwd qw/realpath/; diff --git a/crypto/openssl/FAQ.md b/crypto/openssl/FAQ.md deleted file mode 100644 index 30f5010ce3a4..000000000000 --- a/crypto/openssl/FAQ.md +++ /dev/null @@ -1,6 +0,0 @@ -Frequently Asked Questions (FAQ) -================================ - -The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage. - - [FAQ]: https://www.openssl.org/docs/faq.html diff --git a/crypto/openssl/INSTALL.md b/crypto/openssl/INSTALL.md index c0dae491c94d..47d64b1a39d8 100644 --- a/crypto/openssl/INSTALL.md +++ b/crypto/openssl/INSTALL.md @@ -1164,7 +1164,7 @@ Configure OpenSSL ### Automatic Configuration In previous version, the `config` script determined the platform type and -compiler and then called `Configure`. Starting with this release, they are +compiler and then called `Configure`. Starting with version 3.0, they are the same. #### Unix / Linux / macOS @@ -1618,7 +1618,7 @@ More about our support resources can be found in the [SUPPORT] file. ### Configuration Errors -If the `./Configure` or `./Configure` command fails with an error message, +If the `./config` or `./Configure` command fails with an error message, read the error message carefully and try to figure out whether you made a mistake (e.g., by providing a wrong option), or whether the script is working incorrectly. If you think you encountered a bug, please diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md index fb231bcd8459..e0a81703ee8d 100644 --- a/crypto/openssl/NEWS.md +++ b/crypto/openssl/NEWS.md @@ -18,6 +18,19 @@ OpenSSL Releases OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024] + +OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this +release is Moderate. + +This release incorporates the following bug fixes and mitigations: + + * Fixed possible denial of service in X.509 name checks + ([CVE-2024-6119]) + + * Fixed possible buffer overread in SSL_select_next_proto() + ([CVE-2024-5535]) + ### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [4 Jun 2024] * Fixed potential use after free after SSL_free_buffers() is called @@ -1482,6 +1495,8 @@ OpenSSL 0.9.x +[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 +[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat index 5de9bf3d01ba..0942ddc200ca 100644 --- a/crypto/openssl/VERSION.dat +++ b/crypto/openssl/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=14 +PATCH=15 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="4 Jun 2024" +RELEASE_DATE="3 Sep 2024" SHLIB_VERSION=3 diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c index 3994cb0fcd58..abb9f196a760 100644 --- a/crypto/openssl/apps/cms.c +++ b/crypto/openssl/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -132,7 +132,7 @@ const OPTIONS cms_options[] = { {"binary", OPT_BINARY, '-', "Treat input as binary: do not translate to canonical form"}, {"crlfeol", OPT_CRLFEOL, '-', - "Use CRLF as EOL termination instead of CR only" }, + "Use CRLF as EOL termination instead of LF only" }, {"asciicrlf", OPT_ASCIICRLF, '-', "Perform CRLF canonicalisation when signing"}, diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index 3f02af0d5738..51383bec26ca 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -478,7 +478,7 @@ int dgst_main(int argc, char **argv) static void show_digests(const OBJ_NAME *name, void *arg) { struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg; - const EVP_MD *md = NULL; + EVP_MD *md = NULL; /* Filter out signed digests (a.k.a signature algorithms) */ if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL) @@ -490,8 +490,7 @@ static void show_digests(const OBJ_NAME *name, void *arg) /* Filter out message digests that we cannot use */ md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq()); if (md == NULL) { - md = EVP_get_digestbyname(name->name); - if (md == NULL) + if (EVP_get_digestbyname(name->name) == NULL) return; } @@ -502,6 +501,8 @@ static void show_digests(const OBJ_NAME *name, void *arg) } else { BIO_printf(dec->bio, " "); } + + EVP_MD_free(md); } /* diff --git a/crypto/openssl/apps/lib/opt.c b/crypto/openssl/apps/lib/opt.c index d56964dbe7ba..88db9ad6947b 100644 --- a/crypto/openssl/apps/lib/opt.c +++ b/crypto/openssl/apps/lib/opt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -616,7 +616,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result) opt_number_error(value); return 0; } - *result = (ossl_intmax_t)m; + *result = (ossl_uintmax_t)m; errno = oerrno; return 1; } diff --git a/crypto/openssl/apps/lib/s_cb.c b/crypto/openssl/apps/lib/s_cb.c index 7881c1667626..6440b496099e 100644 --- a/crypto/openssl/apps/lib/s_cb.c +++ b/crypto/openssl/apps/lib/s_cb.c @@ -649,7 +649,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, (void)BIO_flush(bio); } -static STRINT_PAIR tlsext_types[] = { +static const STRINT_PAIR tlsext_types[] = { {"server name", TLSEXT_TYPE_server_name}, {"max fragment length", TLSEXT_TYPE_max_fragment_length}, {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, @@ -688,6 +688,7 @@ static STRINT_PAIR tlsext_types[] = { {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, + {"early_data", TLSEXT_TYPE_early_data}, {NULL} }; diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c index 52b4a01c232f..651294e46daa 100644 --- a/crypto/openssl/apps/smime.c +++ b/crypto/openssl/apps/smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,7 +118,7 @@ const OPTIONS smime_options[] = { "Do not load certificates from the default certificates store"}, {"nochain", OPT_NOCHAIN, '-', "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, - {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"}, + {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"}, OPT_R_OPTIONS, OPT_V_OPTIONS, diff --git a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl index 60cf86f52aed..f7f78d04b0e1 100755 --- a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -99,11 +99,12 @@ rcon: .long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev .long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev .long 0,0,0,0 ?asis +.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe Lconsts: mflr r0 bcl 20,31,\$+4 mflr $ptr #vvvvv "distance between . and rcon - addi $ptr,$ptr,-0x48 + addi $ptr,$ptr,-0x58 mtlr r0 blr .long 0 @@ -2405,7 +2406,7 @@ ___ my $key_=$key2; my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31)); $x00=0 if ($flavour =~ /osx/); -my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5)); +my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5)); my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16)); my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22)); my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys @@ -2460,6 +2461,18 @@ _aesp8_xts_encrypt6x: li $x70,0x70 mtspr 256,r0 + # Reverse eighty7 to 0x010101..87 + xxlor 2, 32+$eighty7, 32+$eighty7 + vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 + xxlor 1, 32+$eighty7, 32+$eighty7 + + # Load XOR contents. 0xf102132435465768798a9bacbdcedfe + mr $x70, r6 + bl Lconsts + lxvw4x 0, $x40, r6 # load XOR contents + mr r6, $x70 + li $x70,0x70 + subi $rounds,$rounds,3 # -4 in total lvx $rndkey0,$x00,$key1 # load key schedule @@ -2502,69 +2515,77 @@ Load_xts_enc_key: ?vperm v31,v31,$twk5,$keyperm lvx v25,$x10,$key_ # pre-load round[2] + # Switch to use the following codes with 0x010101..87 to generate tweak. + # eighty7 = 0x010101..87 + # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits + # vand tmp, tmp, eighty7 # last byte with carry + # vaddubm tweak, tweak, tweak # left shift 1 bit (x2) + # xxlor vsx, 0, 0 + # vpermxor tweak, tweak, tmp, vsx + vperm $in0,$inout,$inptail,$inpperm subi $inp,$inp,31 # undo "caller" vxor $twk0,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vand $tmp,$tmp,$eighty7 vxor $out0,$in0,$twk0 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 lvx_u $in1,$x10,$inp vxor $twk1,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in1,$in1,$in1,$leperm vand $tmp,$tmp,$eighty7 vxor $out1,$in1,$twk1 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 lvx_u $in2,$x20,$inp andi. $taillen,$len,15 vxor $twk2,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in2,$in2,$in2,$leperm vand $tmp,$tmp,$eighty7 vxor $out2,$in2,$twk2 - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 lvx_u $in3,$x30,$inp sub $len,$len,$taillen vxor $twk3,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in3,$in3,$in3,$leperm vand $tmp,$tmp,$eighty7 vxor $out3,$in3,$twk3 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 lvx_u $in4,$x40,$inp subi $len,$len,0x60 vxor $twk4,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in4,$in4,$in4,$leperm vand $tmp,$tmp,$eighty7 vxor $out4,$in4,$twk4 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 lvx_u $in5,$x50,$inp addi $inp,$inp,0x60 vxor $twk5,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in5,$in5,$in5,$leperm vand $tmp,$tmp,$eighty7 vxor $out5,$in5,$twk5 - vxor $tweak,$tweak,$tmp + xxlor 32+$in0, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in0 vxor v31,v31,$rndkey0 mtctr $rounds @@ -2590,6 +2611,8 @@ Loop_xts_enc6x: lvx v25,$x10,$key_ # round[4] bdnz Loop_xts_enc6x + xxlor 32+$eighty7, 1, 1 # 0x010101..87 + subic $len,$len,96 # $len-=96 vxor $in0,$twk0,v31 # xor with last round key vcipher $out0,$out0,v24 @@ -2599,7 +2622,6 @@ Loop_xts_enc6x: vaddubm $tweak,$tweak,$tweak vcipher $out2,$out2,v24 vcipher $out3,$out3,v24 - vsldoi $tmp,$tmp,$tmp,15 vcipher $out4,$out4,v24 vcipher $out5,$out5,v24 @@ -2607,7 +2629,8 @@ Loop_xts_enc6x: vand $tmp,$tmp,$eighty7 vcipher $out0,$out0,v25 vcipher $out1,$out1,v25 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 vcipher $out2,$out2,v25 vcipher $out3,$out3,v25 vxor $in1,$twk1,v31 @@ -2618,13 +2641,13 @@ Loop_xts_enc6x: and r0,r0,$len vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipher $out0,$out0,v26 vcipher $out1,$out1,v26 vand $tmp,$tmp,$eighty7 vcipher $out2,$out2,v26 vcipher $out3,$out3,v26 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 vcipher $out4,$out4,v26 vcipher $out5,$out5,v26 @@ -2638,7 +2661,6 @@ Loop_xts_enc6x: vaddubm $tweak,$tweak,$tweak vcipher $out0,$out0,v27 vcipher $out1,$out1,v27 - vsldoi $tmp,$tmp,$tmp,15 vcipher $out2,$out2,v27 vcipher $out3,$out3,v27 vand $tmp,$tmp,$eighty7 @@ -2646,7 +2668,8 @@ Loop_xts_enc6x: vcipher $out5,$out5,v27 addi $key_,$sp,$FRAME+15 # rewind $key_ - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 vcipher $out0,$out0,v28 vcipher $out1,$out1,v28 vxor $in3,$twk3,v31 @@ -2655,7 +2678,6 @@ Loop_xts_enc6x: vcipher $out2,$out2,v28 vcipher $out3,$out3,v28 vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipher $out4,$out4,v28 vcipher $out5,$out5,v28 lvx v24,$x00,$key_ # re-pre-load round[1] @@ -2663,7 +2685,8 @@ Loop_xts_enc6x: vcipher $out0,$out0,v29 vcipher $out1,$out1,v29 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 vcipher $out2,$out2,v29 vcipher $out3,$out3,v29 vxor $in4,$twk4,v31 @@ -2673,14 +2696,14 @@ Loop_xts_enc6x: vcipher $out5,$out5,v29 lvx v25,$x10,$key_ # re-pre-load round[2] vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipher $out0,$out0,v30 vcipher $out1,$out1,v30 vand $tmp,$tmp,$eighty7 vcipher $out2,$out2,v30 vcipher $out3,$out3,v30 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 vcipher $out4,$out4,v30 vcipher $out5,$out5,v30 vxor $in5,$twk5,v31 @@ -2690,7 +2713,6 @@ Loop_xts_enc6x: vcipherlast $out0,$out0,$in0 lvx_u $in0,$x00,$inp # load next input block vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipherlast $out1,$out1,$in1 lvx_u $in1,$x10,$inp vcipherlast $out2,$out2,$in2 @@ -2703,7 +2725,10 @@ Loop_xts_enc6x: vcipherlast $out4,$out4,$in4 le?vperm $in2,$in2,$in2,$leperm lvx_u $in4,$x40,$inp - vxor $tweak,$tweak,$tmp + xxlor 10, 32+$in0, 32+$in0 + xxlor 32+$in0, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in0 + xxlor 32+$in0, 10, 10 vcipherlast $tmp,$out5,$in5 # last block might be needed # in stealing mode le?vperm $in3,$in3,$in3,$leperm @@ -2736,6 +2761,8 @@ Loop_xts_enc6x: mtctr $rounds beq Loop_xts_enc6x # did $len-=96 borrow? + xxlor 32+$eighty7, 2, 2 # 0x870101..01 + addic. $len,$len,0x60 beq Lxts_enc6x_zero cmpwi $len,0x20 @@ -3112,6 +3139,18 @@ _aesp8_xts_decrypt6x: li $x70,0x70 mtspr 256,r0 + # Reverse eighty7 to 0x010101..87 + xxlor 2, 32+$eighty7, 32+$eighty7 + vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 + xxlor 1, 32+$eighty7, 32+$eighty7 + + # Load XOR contents. 0xf102132435465768798a9bacbdcedfe + mr $x70, r6 + bl Lconsts + lxvw4x 0, $x40, r6 # load XOR contents + mr r6, $x70 + li $x70,0x70 + subi $rounds,$rounds,3 # -4 in total lvx $rndkey0,$x00,$key1 # load key schedule @@ -3159,64 +3198,64 @@ Load_xts_dec_key: vxor $twk0,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vand $tmp,$tmp,$eighty7 vxor $out0,$in0,$twk0 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 lvx_u $in1,$x10,$inp vxor $twk1,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in1,$in1,$in1,$leperm vand $tmp,$tmp,$eighty7 vxor $out1,$in1,$twk1 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 lvx_u $in2,$x20,$inp andi. $taillen,$len,15 vxor $twk2,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in2,$in2,$in2,$leperm vand $tmp,$tmp,$eighty7 vxor $out2,$in2,$twk2 - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 lvx_u $in3,$x30,$inp sub $len,$len,$taillen vxor $twk3,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in3,$in3,$in3,$leperm vand $tmp,$tmp,$eighty7 vxor $out3,$in3,$twk3 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 lvx_u $in4,$x40,$inp subi $len,$len,0x60 vxor $twk4,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in4,$in4,$in4,$leperm vand $tmp,$tmp,$eighty7 vxor $out4,$in4,$twk4 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 lvx_u $in5,$x50,$inp addi $inp,$inp,0x60 vxor $twk5,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak *** 8393 LINES SKIPPED ***