| #
4209ce68 |
| 13-Feb-2023 |
Bernd Edlinger |
Revert "Fix Timing Oracle in RSA decryption"
This reverts commit b1892d21f8f0435deb0250f24a97915dc641c807.
Except for the moving derive_kdk to a separate function.
Reviewed
Revert "Fix Timing Oracle in RSA decryption"
This reverts commit b1892d21f8f0435deb0250f24a97915dc641c807.
Except for the moving derive_kdk to a separate function.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20281)
show more ...
|
| #
79040cf2 |
| 20-Jan-2023 |
Juergen Christ |
S390x: Support ME and CRT offloading
S390x has to ability to offload modular exponentiation and CRT operations to
Crypto Express Adapters. This possible performance optimization was not
S390x: Support ME and CRT offloading
S390x has to ability to offload modular exponentiation and CRT operations to
Crypto Express Adapters. This possible performance optimization was not yet
used by OpenSSL. Add support for offloading and implement an optimized
version of RSA and DH with it.
The environment variable OPENSSL_s390xcap now recognizes the token "nocex" to
prevent offloading.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20113)
show more ...
|
| #
b1892d21 |
| 30-Nov-2022 |
Dmitry Belyavskiy |
Fix Timing Oracle in RSA decryption
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network
Fix Timing Oracle in RSA decryption
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
Patch written by Dmitry Belyavsky and Hubert Kario
CVE-2022-4304
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
show more ...
|
| #
f6a6f7b6 |
| 25-Jan-2023 |
Tomas Mraz |
Avoid duplicating symbols in legacy.a with some build options
If no-module or no-shared is used, the symbols from
libcrypto should not be duplicated in legacy.a
Also the BIGNUM
Avoid duplicating symbols in legacy.a with some build options
If no-module or no-shared is used, the symbols from
libcrypto should not be duplicated in legacy.a
Also the BIGNUM functions are currently not needed
in legacy.a at all.
Fixes #20124
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20137)
show more ...
|
| #
eae70100 |
| 27-Jun-2022 |
Rohan McLure |
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""
This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.
Reviewed-by: Hugo Landau <hlandau@
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""
This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)
show more ...
|
| #
712d9cc9 |
| 09-Jun-2022 |
Tomas Mraz |
Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"
This reverts commit 0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79.
It was found that the computation produces
Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"
This reverts commit 0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79.
It was found that the computation produces incorrect results in some
cases.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18512)
show more ...
|
| #
9968c775 |
| 19-May-2022 |
Sebastian Andrzej Siewior |
Rename x86-32 assembly files from .s to .S.
Rename x86-32 assembly files from .s to .S. While processing the .S file
gcc will use the pre-processor whic will evaluate macros and ifdef. T
Rename x86-32 assembly files from .s to .S.
Rename x86-32 assembly files from .s to .S. While processing the .S file
gcc will use the pre-processor whic will evaluate macros and ifdef. This
is turn will be used to enable the endbr32 opcode based on the __CET__
define.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18353)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
| #
f87b4c4e |
| 08-Dec-2020 |
Andrey Matyukov |
Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU
It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to
keep lower power license.
Reviewed-by:
Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU
It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to
keep lower power license.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14908)
show more ...
|
| #
52f7e44e |
| 07-Jul-2021 |
Tomas Mraz |
Split bignum code out of the sparcv9cap.c
Fixes #15978
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16019)
|
| #
92d7120c |
| 01-Jul-2021 |
Shane Lontis |
Fix compile errors when building with --api=1.1.0 no-deprecated.
Fixes #15963
INSTALL.md uses these exact options as an example so it should work.
Reviewed-by: Tomas Mraz <
Fix compile errors when building with --api=1.1.0 no-deprecated.
Fixes #15963
INSTALL.md uses these exact options as an example so it should work.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15965)
show more ...
|
| #
3d178db7 |
| 18-Jun-2021 |
Tomas Mraz |
ppccap.c: Split out algorithm-specific functions
Fixes #13336
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15828)
|
| #
10646160 |
| 19-Mar-2021 |
fangming.fang |
Optimize RSA on armv8
Add Neon path for RSA on armv8, this optimisation targets to A72
and N1 that are ones of important cores of infrastructure. Other
platforms are not impacted.
Optimize RSA on armv8
Add Neon path for RSA on armv8, this optimisation targets to A72
and N1 that are ones of important cores of infrastructure. Other
platforms are not impacted.
A72
old new improved
rsa 512 sign 9828.6 9738.7 -1%
rsa 512 verify 121497.2 122367.7 1%
rsa 1024 sign 1818 1816.9 0%
rsa 1024 verify 37175.6 37161.3 0%
rsa 2048 sign 267.3 267.4 0%
rsa 2048 verify 10127.6 10119.6 0%
rsa 3072 sign 86.8 87 0%
rsa 3072 verify 4604.2 4956.2 8%
rsa 4096 sign 38.3 38.5 1%
rsa 4096 verify 2619.8 2972.1 13%
rsa 7680 sign 5 7 40%
rsa 7680 verify 756 929.4 23%
rsa 15360 sign 0.8 1 25%
rsa 15360 verify 190.4 246 29%
N1
old new improved
rsa 512 sign 12599.2 12596.7 0%
rsa 512 verify 148636.1 148656.2 0%
rsa 1024 sign 2150.6 2148.9 0%
rsa 1024 verify 42353.5 42265.2 0%
rsa 2048 sign 305.5 305.3 0%
rsa 2048 verify 11209.7 11205.2 0%
rsa 3072 sign 97.8 98.2 0%
rsa 3072 verify 5061.3 5990.7 18%
rsa 4096 sign 42.8 43 0%
rsa 4096 verify 2867.6 3509.8 22%
rsa 7680 sign 5.5 8.4 53%
rsa 7680 verify 823.5 1058.3 29%
rsa 15360 sign 0.9 1.1 22%
rsa 15360 verify 207 273.9 32%
CustomizedGitHooks: yes
Change-Id: I01c732cc429d793c4eb5ffd27ccd30ff9cebf8af
Jira: SECLIB-540
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14761)
show more ...
|
| #
0d40ca47 |
| 14-Apr-2021 |
Martin Schwenke |
bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
Overall improvement for p384 of ~18% on Power 9, compared to existing
Power assembling code. See comment in code for m
bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
Overall improvement for p384 of ~18% on Power 9, compared to existing
Power assembling code. See comment in code for more details.
Multiple unrolled versions could be generated for values other than
6. However, for TLS 1.3 the only other ECC algorithms that might use
Montgomery Multiplication are p256 and p521, but these have custom
algorithms that don't use Montgomery Multiplication. Non-ECC
algorithms are likely to use larger key lengths that won't fit into
the n <= 10 length limitation of this code.
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15175)
show more ...
|
| #
848af5e8 |
| 06-May-2021 |
Richard Levitte |
Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:
1. The idea to have common code in libimplementations.a and FIPS
sensitive helper funct
Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:
1. The idea to have common code in libimplementations.a and FIPS
sensitive helper functions in libfips.a / libnonfips.a didn't
catch on, and we saw full implementation ending up in them instead
and not appearing in libimplementations.a at all.
2. Because more or less ALL algorithm implementations were included
in libimplementations.a (the idea being that the appropriate
objects from it would be selected automatically by the linker when
building the shared libraries), it's very hard to find only the
implementation source that should go into the FIPS module, with
the result that the FIPS checksum mechanism include source files
that it shouldn't
To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries. With that, we not
have:
libfips.a
Includes all implementations that should become part of the FIPS
provider.
liblegacy.a
Includes all implementations that should become part of the legacy
provider.
libdefault.a
Includes all implementations that should become part of the
default and base providers.
With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.
Fixes #15157
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
| #
5ad3e6c5 |
| 15-Apr-2020 |
Richard Levitte |
Include BN assembler alongside CPUID code
It turns out that some CPUID code requires the presence of some BN
assembler code, so we make sure it's included in the same manner as
the C
Include BN assembler alongside CPUID code
It turns out that some CPUID code requires the presence of some BN
assembler code, so we make sure it's included in the same manner as
the CPUID code itself.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14755)
show more ...
|
| #
c781eb1c |
| 08-Dec-2020 |
Andrey Matyukov |
Dual 1024-bit exponentiation optimization for Intel IceLake CPU
with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key
operations. It uses 256-bit registers to avoid CPU
Dual 1024-bit exponentiation optimization for Intel IceLake CPU
with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key
operations. It uses 256-bit registers to avoid CPU frequency scaling issues.
The performance speedup for RSA2k signature on ICL is ~2x.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13750)
show more ...
|
| #
c27e7922 |
| 21-Jan-2021 |
Tomas Mraz |
bn: Deprecate the X9.31 RSA key generation related functions
This key generation method is obsolete.
Fixes #10111
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Me
bn: Deprecate the X9.31 RSA key generation related functions
This key generation method is obsolete.
Fixes #10111
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13921)
show more ...
|
| #
13c45372 |
| 16-Oct-2020 |
Matt Caswell |
Only disabled what we need to in a no-dh build
no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quit
Only disabled what we need to in a no-dh build
no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quite so
much.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
| #
b830e004 |
| 08-Sep-2020 |
Richard Levitte |
Diverse build.info: Adjust paths
Fixes #12815
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from http
Diverse build.info: Adjust paths
Fixes #12815
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12816)
show more ...
|
| #
c450922c |
| 01-May-2020 |
Shane Lontis |
Add solaris assembler fixes for legacy provider
The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembl
Add solaris assembler fixes for legacy provider
The legacy provider contains assembler references. Most code is automagically pulled in from the libcrypto - but the platform specific assembler functions will not be visible in the symbol table. Copying BNASM and DESASM into liblegacy seems to be a better solution than exposing platform specific function in libcrypto.num.
Added a missing call in the des_cbc code for sparc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11697)
show more ...
|
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
705536e2 |
| 05-Mar-2020 |
Rich Salz |
Use build.info, not ifdef for crypto modules
Don't wrap conditionally-compiled files in global ifndef tests.
Instead, test if the feature is disabled and, if so, do not
compile it.
Use build.info, not ifdef for crypto modules
Don't wrap conditionally-compiled files in global ifndef tests.
Instead, test if the feature is disabled and, if so, do not
compile it.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11263)
show more ...
|
| #
5ce87e11 |
| 31-Jan-2020 |
Matt Caswell |
Fix builds with no-dh
The various functions in bn_const.c return primes that are
specified for use in DH. However they were not being excluded from
a no-dh build - and was therefore
Fix builds with no-dh
The various functions in bn_const.c return primes that are
specified for use in DH. However they were not being excluded from
a no-dh build - and was therefore causing the build to fail.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10990)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u |
|
| #
64fd90fb |
| 15-Oct-2019 |
Shane Lontis |
Fix missing Assembler defines
Implementations are now spread across several libraries, so the assembler
related defines need to be applied to all affected libraries and modules.
Fix missing Assembler defines
Implementations are now spread across several libraries, so the assembler
related defines need to be applied to all affected libraries and modules.
AES_ASM define was missing from libimplementations.a which disabled AESNI
aarch64 changes were made by xkqian.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10180)
show more ...
|
| #
dec95d75 |
| 03-Oct-2019 |
Richard Levitte |
Rework how our providers are built
We put almost everything in these internal static libraries:
libcommon Block building code that can be used by all
Rework how our providers are built
We put almost everything in these internal static libraries:
libcommon Block building code that can be used by all
our implementations, legacy and non-legacy
alike.
libimplementations All non-legacy algorithm implementations and
only them. All the code that ends up here is
agnostic to the definitions of FIPS_MODE.
liblegacy All legacy implementations.
libnonfips Support code for the algorithm implementations.
Built with FIPS_MODE undefined. Any code that
checks that FIPS_MODE isn't defined must end
up in this library.
libfips Support code for the algorithm implementations.
Built with FIPS_MODE defined. Any code that
checks that FIPS_MODE is defined must end up
in this library.
The FIPS provider module is built from providers/fips/*.c and linked
with libimplementations, libcommon and libfips.
The Legacy provider module is built from providers/legacy/*.c and
linked with liblegacy, libcommon and libcrypto.
If module building is disabled, the object files from liblegacy and
libcommon are added to libcrypto and the Legacy provider becomes a
built-in provider.
The Default provider module is built-in, so it ends up being linked
with libimplementations, libcommon and libnonfips. For libcrypto in
form of static library, the object files from those other libraries
are simply being added to libcrypto.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
show more ...
|
| #
d5d32e78 |
| 12-Sep-2019 |
Richard Levitte |
crypto/bn/build.info: Correct use of SSE2 definition
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9879)
|
