#
12186377 |
| 13-Jul-2022 |
Juergen Christ |
Fix EC ASM flag passing Flags for ASM implementations of EC curves were only passed to the FIPS provider and not to the default or legacy provider. This left some potential for opti
Fix EC ASM flag passing Flags for ASM implementations of EC curves were only passed to the FIPS provider and not to the default or legacy provider. This left some potential for optimization. Pass the correct flags also to these providers. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18791)
show more ...
|
#
9968c775 |
| 19-May-2022 |
Sebastian Andrzej Siewior |
Rename x86-32 assembly files from .s to .S. Rename x86-32 assembly files from .s to .S. While processing the .S file gcc will use the pre-processor whic will evaluate macros and ifdef. T
Rename x86-32 assembly files from .s to .S. Rename x86-32 assembly files from .s to .S. While processing the .S file gcc will use the pre-processor whic will evaluate macros and ifdef. This is turn will be used to enable the endbr32 opcode based on the __CET__ define. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18353)
show more ...
|
#
3d178db7 |
| 18-Jun-2021 |
Tomas Mraz |
ppccap.c: Split out algorithm-specific functions Fixes #13336 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15828)
|
#
b1fa45b0 |
| 18-Jun-2021 |
Martin Schwenke |
ec: Only build ecp_nistp521-ppc64.s if enable-ec_nistp_64_gcc_128 Signed-off-by: Martin Schwenke <martin@meltin.net> Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by
ec: Only build ecp_nistp521-ppc64.s if enable-ec_nistp_64_gcc_128 Signed-off-by: Martin Schwenke <martin@meltin.net> Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15798)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
30691da1 |
| 13-Oct-2020 |
Amitay Isaacs |
ec: Add PPC64 vector assembly version of p521 field operations Only field multiplication and squaring (but not reduction) show a significant improvement. This is enabled on Power ISA >=
ec: Add PPC64 vector assembly version of p521 field operations Only field multiplication and squaring (but not reduction) show a significant improvement. This is enabled on Power ISA >= 3.0. On a Power 9 CPU an average 10% performance improvement is seen (ECHDE: 14%, ECDSA sign: 6%, ECDSA verify 10%), compared to existing code. On an upcoming Power 10 CPU we see an average performance improvement of 26% (ECHDE: 38%, ECDSA sign: 16%, ECDSA verify 25%), compared to existing code. Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15401)
show more ...
|
#
10367498 |
| 12-May-2021 |
Martin Schwenke |
ec: Add run time code selection for p521 field operations This is only used if ECP_NISTP521_ASM is defined and this currently only occurs on PPC64. This simply chooses the C ref
ec: Add run time code selection for p521 field operations This is only used if ECP_NISTP521_ASM is defined and this currently only occurs on PPC64. This simply chooses the C reference implementation, which will be the default when custom code is available for certain CPUs. Only the multiplication and squaring operations are handled, since the upcoming assembly code only contains those. This scheme can be easily extended to handle reduction too. Signed-off-by: Martin Schwenke <martin@meltin.net> Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15401)
show more ...
|
#
83926159 |
| 06-May-2021 |
Shane Lontis |
Remove unused code from the fips module Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Remove unused code from the fips module Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15167)
show more ...
|
#
848af5e8 |
| 06-May-2021 |
Richard Levitte |
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper funct
Drop libimplementations.a libimplementations.a was a nice idea, but had a few flaws: 1. The idea to have common code in libimplementations.a and FIPS sensitive helper functions in libfips.a / libnonfips.a didn't catch on, and we saw full implementation ending up in them instead and not appearing in libimplementations.a at all. 2. Because more or less ALL algorithm implementations were included in libimplementations.a (the idea being that the appropriate objects from it would be selected automatically by the linker when building the shared libraries), it's very hard to find only the implementation source that should go into the FIPS module, with the result that the FIPS checksum mechanism include source files that it shouldn't To mitigate, we drop libimplementations.a, but retain the idea of collecting implementations in static libraries. With that, we not have: libfips.a Includes all implementations that should become part of the FIPS provider. liblegacy.a Includes all implementations that should become part of the legacy provider. libdefault.a Includes all implementations that should become part of the default and base providers. With this, libnonfips.a becomes irrelevant and is dropped. libcommon.a is retained to include common provider code that can be used uniformly by all providers. Fixes #15157 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15171)
show more ...
|
#
cd28d129 |
| 19-Apr-2021 |
Matt Caswell |
Avoid the need for Configure time 128-bit int detection We just detect this at compile time instead. This avoids cross-compilation problems where the host platform supports 128-
Avoid the need for Configure time 128-bit int detection We just detect this at compile time instead. This avoids cross-compilation problems where the host platform supports 128-bit ints, but the target platform does not (or vice versa). This was causing a problem on some platforms where, dependent on the CFLAGS, 128 bit ints were either supported or not. Fixes #14804 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14941)
show more ...
|
#
27947123 |
| 19-Jan-2021 |
Amitay Isaacs |
curve448: Integrate 64-bit reference implementation Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@
curve448: Integrate 64-bit reference implementation Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14784)
show more ...
|
#
0f4286c7 |
| 29-Mar-2021 |
Amitay Isaacs |
curve448: Use relative includes to avoid explicit dependencies Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Cas
curve448: Use relative includes to avoid explicit dependencies Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14784)
show more ...
|
#
565b3399 |
| 01-Dec-2020 |
Richard Levitte |
EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled ('no-ec' not configured). However
EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled ('no-ec' not configured). However, that makes it impossible to use these functions with an engine or a provider that happens to implement EC_KEY. This change solves that problem by shuffling these functions to more appropriate places. Partially fixes #13550 squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available By consequence, there are a number of places where we can remove the check of OPENSSL_NO_EC. This requires some re-arrangements of internal tables to translate between numeric identities and names. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)
show more ...
|
#
c1131e6a |
| 02-Nov-2020 |
Shane Lontis |
Deprecate EC_POINT_bn2point and EC_POINT_point2bn. Fixes #10366 The one place that actually used was in the legacy printing of ecparams. This has been replaced by the pointtobuf
Deprecate EC_POINT_bn2point and EC_POINT_point2bn. Fixes #10366 The one place that actually used was in the legacy printing of ecparams. This has been replaced by the pointtobuf variant. The ecparam app was using one of these functions - this line has just been removed as another PR will remove all the code generated lines.. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13294)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
#
83156454 |
| 26-Jul-2020 |
Shane Lontis |
Add libctx to ecdh_KDF_X9_63. Code is now correctly included in the fips provider. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/p
Add libctx to ecdh_KDF_X9_63. Code is now correctly included in the fips provider. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
show more ...
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g |
|
#
c1e48c51 |
| 02-Apr-2020 |
Pauli |
s390: ECX key generation fixes. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11371)
|
Revision tags: OpenSSL_1_1_1f |
|
#
43cd3701 |
| 17-Mar-2020 |
Pauli |
ecx: add key generation support. Specifically for x25519, x448, ed25519 and ed448. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/p
ecx: add key generation support. Specifically for x25519, x448, ed25519 and ed448. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11371)
show more ...
|
Revision tags: OpenSSL_1_1_1e |
|
#
705536e2 |
| 05-Mar-2020 |
Rich Salz |
Use build.info, not ifdef for crypto modules Don't wrap conditionally-compiled files in global ifndef tests. Instead, test if the feature is disabled and, if so, do not compile it.
Use build.info, not ifdef for crypto modules Don't wrap conditionally-compiled files in global ifndef tests. Instead, test if the feature is disabled and, if so, do not compile it. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11263)
show more ...
|
#
10d756a7 |
| 19-Mar-2020 |
Richard Levitte |
EC: Refactor EVP_PKEY_CTX curve setting macros for param generation The macros are converted to functions, and are modified to support provider implementations. Reviewed-by: Mat
EC: Refactor EVP_PKEY_CTX curve setting macros for param generation The macros are converted to functions, and are modified to support provider implementations. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11328)
show more ...
|
#
2d956b32 |
| 31-Mar-2020 |
Richard Levitte |
PROV: Add DERlib support for ECDSA and EC keys This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from htt
PROV: Add DERlib support for ECDSA and EC keys This replaces crypto/ec/ecdsa_aid.c with new code and generated OIDs Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11450)
show more ...
|
#
0abae163 |
| 23-Mar-2020 |
Richard Levitte |
EVP: Implement support for key downgrading in backends Downgrading EVP_PKEYs from containing provider side internal keys to containing legacy keys demands support in the EVP_PKEY_ASN1_ME
EVP: Implement support for key downgrading in backends Downgrading EVP_PKEYs from containing provider side internal keys to containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD. This became a bit elaborate because the code would be almost exactly the same as the import functions int EVP_KEYMGMT. Therefore, we end up moving most of the code to common backend support files that can be used both by legacy backend code and by our providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
show more ...
|
#
edd3b7a3 |
| 15-Mar-2020 |
Shane Lontis |
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/opens
Add ECDSA to providers Added ECDSA support for OSSL_SIGNATURE_PARAM_ALGORITHM_ID Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10968)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
4fe54d67 |
| 14-Dec-2019 |
Nicola Tuveri |
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shan
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10631)
show more ...
|
#
4de88fe6 |
| 27-Jan-2020 |
Matt Caswell |
Implement a stricter ECX_KEY type Add ref counting and control how we allocate storage for the private key. We will need this type in following commits where we move the ecx code to
Implement a stricter ECX_KEY type Add ref counting and control how we allocate storage for the private key. We will need this type in following commits where we move the ecx code to be provider aware. Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10964)
show more ...
|
#
c47a56d6 |
| 31-Oct-2019 |
Patrick Steuer |
s390x: fix build errors ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitt
s390x: fix build errors ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10317)
show more ...
|
#
64fd90fb |
| 15-Oct-2019 |
Shane Lontis |
Fix missing Assembler defines Implementations are now spread across several libraries, so the assembler related defines need to be applied to all affected libraries and modules.
Fix missing Assembler defines Implementations are now spread across several libraries, so the assembler related defines need to be applied to all affected libraries and modules. AES_ASM define was missing from libimplementations.a which disabled AESNI aarch64 changes were made by xkqian. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10180)
show more ...
|