Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

Allow group methods to customize initialization for speed

This commit also adds an implementation for P256 that avoids some
expensive initialization of Montgomery arithmetic structures i

Allow group methods to customize initialization for speed

This commit also adds an implementation for P256 that avoids some
expensive initialization of Montgomery arithmetic structures in favor
of precomputation. Since ECC groups are not always cached by higher
layers this brings significant savings to TLS handshakes.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22746)

show more ...

Optimize SM2 on aarch64

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merge

Optimize SM2 on aarch64

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20754)

show more ...

ec: 56-bit Limb Solinas' Strategy for secp384r1

Adopt a 56-bit redundant-limb Solinas' reduction approach for efficient
modular multiplication in P384. This has the affect of acceleratin

ec: 56-bit Limb Solinas' Strategy for secp384r1

Adopt a 56-bit redundant-limb Solinas' reduction approach for efficient
modular multiplication in P384. This has the affect of accelerating
digital signing by 446% and verification by 106%. The implementation
strategy and names of methods are the same as that provided in
ecp_nistp224 and ecp_nistp521.

As in Commit 1036749883cc ("ec: Add run time code selection for p521
field operations"), allow for run time selection of implementation for
felem_{square,mul}, where an assembly implementation is proclaimed to
be present when ECP_NISTP384_ASM is present.

Signed-off-by: Rohan McLure <rohanmclure@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21471)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID

Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of par

[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID

Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.

This is a follow-up to https://github.com/openssl/openssl/pull/12312

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)

Fix external symbols related to ec & sm2 keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*

Reviewed-

Fix external symbols related to ec & sm2 keys

Partial fix for #12964

This adds ossl_ names for the following symbols:

ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_*

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)

show more ...

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
EC_KEY. This change solves that problem by shuffling these functions
to more appropriate places.

Partially fixes #13550

squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_EC. This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

show more ...

CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()

This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex,

CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()

This is not done absolutely everywhere, as there are places where
the use of ERR_add_error_data() is quite complex, but at least the
simple cases are done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using ut

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull

EC_GROUP_new_by_curve_name_with_libctx(): Add name of unknown group to error output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)

show more ...

Add more complete support for libctx/propq in the EC code

Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.

Add more complete support for libctx/propq in the EC code

Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)

show more ...

Move EC_METHOD to internal-only

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/

Move EC_METHOD to internal-only

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11928)

show more ...

Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.

Fixes #11538

Rename FIPS_MODE to FIPS_MODULE

This macro is used to determine if certain pieces of code should
become part of the FIPS module or not. The old name was confusing.

Fixes #11538

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11539)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

EC: Refactor ec_curve_name2nid() to accept NIST curve names

We can find no reason why everyone should have to call both
EC_curve_nist2nid() and ec_curve_name2nid() to find the NID for a

EC: Refactor ec_curve_name2nid() to accept NIST curve names

We can find no reason why everyone should have to call both
EC_curve_nist2nid() and ec_curve_name2nid() to find the NID for a
name, and it's too easy to forget EC_curve_nist2nid(), so we make life
simpler.

One could argue that FIPS only allows a limited set of names, but that
now gets handled internally, and those who really want to be really
sure to only get the NIST names can still do so with EC_curve_nist2nid()

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11391)

show more ...

Add ECDH to fips provider

Note: This PR has not attempted to move the curves into the provider dispatch table.
Mappings between the curve name / nid have been added to the inbuilt curve

Add ECDH to fips provider

Note: This PR has not attempted to move the curves into the provider dispatch table.
Mappings between the curve name / nid have been added to the inbuilt curve table.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11133)

show more ...

Deprecate the ECDSA and EV_KEY_METHOD functions.

Use of the low level ECDSA and EC_KEY_METHOD functions has been informally discouraged for a
long time. We now formally deprecate them.

Deprecate the ECDSA and EV_KEY_METHOD functions.

Use of the low level ECDSA and EC_KEY_METHOD functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10960)

show more ...

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

'*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...

s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448

using PCC and KDSA instructions.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Rich

s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448

using PCC and KDSA instructions.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)

show more ...

s390x assembly pack: accelerate scalar multiplication

for NIST P-256, P-384 and P-521 using PCC instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Revie

s390x assembly pack: accelerate scalar multiplication

for NIST P-256, P-384 and P-521 using PCC instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)

show more ...

Make the EC code available from inside the FIPS provider

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)