| Age | Commit message (Collapse) | Author |
|---|
|
FreeBSD does not provide a global timezone variable containing the
offset to UTC. Instead, FreeBSD's libc includes a legacy timezone
function dating back to Version 7 AT&T UNIX. As a result,
asn1_string_to_time_t currently fails to compile on FreeBSD as it
subtracts a function from a time_t value:
../crypto/asn1/a_time.c:625:37: error: invalid operands to binary expression ('time_t' (aka 'long') and 'char *(int, int)')
timestamp_utc = timestamp_local - timezone;
~~~~~~~~~~~~~~~ ^ ~~~~~~~~
1 error generated.
However, FreeBSD's libc does include a non-standard (but widely
available) timegm function which converts a struct tm directly to a
UTC time_t value. Use this on FreeBSD instead of mktime.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17765)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
|
|
We need to handle signatures with and without digest algs
and we generalize the ossl_cms_ecdsa_dsa_sign() function
to other algorithms that are handled in the same way.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17733)
|
|
This patch use table-lookup borrow from aes in crypto/aes/aes_core.c.
Test on my PC(AMD Ryzen Threadripper 3990X 64-Core Processor),
before and after optimization:
debug mode:
Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 40101.14k 41453.80k 42073.86k 42174.81k 42216.11k 42227.03k
SM4-ECB 41222.60k 42074.88k 42673.66k 42868.05k 42896.04k 42844.16k
SM4-CTR 35867.22k 36874.47k 37004.97k 37083.82k 37052.42k 37076.99k
After:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 47273.51k 48957.40k 49665.19k 49810.77k 49859.24k 49834.67k
SM4-ECB 48100.01k 49323.34k 50224.04k 50273.28k 50533.72k 50730.12k
SM4-CTR 41352.64k 42621.29k 42971.22k 43061.59k 43089.92k 43100.84k
non-debug mode:
Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 141596.59k 145102.93k 146794.50k 146540.89k 146650.45k 146877.10k
SM4-ECB 144774.71k 155106.28k 158166.36k 158279.00k 158520.66k 159280.97k
SM4-CTR 138021.10k 141577.60k 142493.53k 142736.38k 142852.10k 143125.16k
After:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
SM4-CBC 142016.95k 150068.48k 152238.25k 152773.97k 153094.83k 152027.14k
SM4-ECB 148842.94k 159919.87k 163628.37k 164515.84k 164697.43k 164790.27k
SM4-CTR 141774.23k 146206.89k 147470.25k 147816.28k 146770.60k 148346.20k
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17766)
|
|
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.
Regression test added. Fixes #17648.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17783)
|
|
Reverting to using swapcontext() when compiling with clang on BTI-enabled
builds fixes the BTI setjmp() failure seen when running asynctest.
The issue with setjmp/longjmp is a known clang bug: see
https://github.com/llvm/llvm-project/issues/48888
Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17698)
|
|
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
|
|
Fixes #17753
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17764)
|
|
Previously, a NULL property query was never cached and this lead to a
performance degregation. Now, such a query is converted to an empty string
and cached.
Fixes #17752
Fixes https://github.openssl.org/openssl/openssl/issues/26
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17769)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)
|
|
Performance increase around 50%.
Co-authored-by: Madhusudhanan Duraisamy <madurais@in.ibm.com>
Co-authored-by: Nilamjyoti Goswami <nilamgoswami@in.ibm.com>
Co-authored-by: Siva Sundar Anbareeswaran <srisivasundar@in.ibm.com>
Reviewed-by: Danny Tsen <dtsen@us.ibm.com>
Tested-by: Danny Tsen <dtsen@us.ibm.com>
Signed-off-by: Danny <dtsen@us.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16637)
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)
|
|
As the potential failure of the rand_get_global(),
for example fail to get lock, 'dgbl' could be NULL
pointer and be dereferenced later.
Therefore, it should be better to check it and return
error if fails, like RAND_get0_primary() and other callers.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17690)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17691)
|
|
Fixes #13944
Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.
Added function "asn1_string_to_time_t" including tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)
|
|
There were still a few files mentioning the old OpenSSL license.
Fixes #17684
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)
|
|
X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).
Fixes #17665
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)
|
|
This prevents VS2022 from mis-identify an uninitialized local pointer
variable.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17567)
|
|
Vectorized 'stitched' encrypt + ghash implementation of AES-GCM enabled
with AVX512 vAES and vPCLMULQDQ instructions (available starting Intel's
IceLake micro-architecture).
The performance details for representative IceLake Server and Client
platforms are shown below
Performance data:
OpenSSL Speed KBs/Sec
Intel(R) Xeon(R) Platinum 8380 CPU @ 2.30GHz (1Core/1Thread)
Payload in Bytes 16 64 256 1024 8192 16384
AES-128-GCM
Baseline 478708.27 1118296.96 2428092.52 3518199.4 4172355.99 4235762.07
Patched 534613.95 2009345.55 3775588.15 5059517.64 8476794.88 8941541.79
Speedup 1.12 1.80 1.55 1.44 2.03 2.11
AES-256-GCM
Baseline 399237.27 961699.9 2136377.65 2979889.15 3554823.37 3617757.5
Patched 475948.13 1720128.51 3462407.12 4696832.2 7532013.16 7924953.91
Speedup 1.19 1.79 1.62 1.58 2.12 2.19
Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz (1Core/1Thread)
Payload in Bytes 16 64 256 1024 8192 16384
AES-128-GCM
Baseline 259128.54 570756.43 1362554.16 1990654.57 2359128.88 2401671.58
Patched 292139.47 1079320.95 2001974.63 2829007.46 4510318.59 4705314.41
Speedup 1.13 1.89 1.47 1.42 1.91 1.96
AES-256-GCM
Baseline 236000.34 550506.76 1234638.08 1716734.57 2011255.6 2028099.99
Patched 247256.32 919731.34 1773270.43 2553239.55 3953115.14 4111227.29
Speedup 1.05 1.67 1.44 1.49 1.97 2.03
Reviewed-by: TJ O'Dwyer, Marcel Cornu, Pablo de Lara
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17239)
|
|
Update the comment "../md32_common.h" to "crypto/md32_common.h".
CLA: trivial
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17670)
|
|
Add missing AARCH64_VALID_CALL_TARGET to armv8_rng_probe(). Also add
these to the functions defined by gen_random(), and note that this Perl
sub prints the assembler out directly, not going via the $code xlate
mechanism (and therefore coming before the include of arm_arch.h). So
fix this too.
In KeccakF1600_int, AARCH64_SIGN_LINK_REGISTER functions as
AARCH64_VALID_CALL_TARGET on BTI-only builds, so it needs to come before
the 'adr' line.
Change-Id: If241efe71591c88253a3e36647ced00300c3c1a3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17653)
|
|
As the potential failure of getting lock, we need to check the return
value of the BN_BLINDING_lock() in order to avoid the dirty data.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17642)
|
|
if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17112)
|
|
It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.
However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.
Fixes #15465
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17607)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17634)
|
|
Instead of doing a heavy params based query every time a context is
asked for its key length, this value is cached in the context and only
queried if it could have been modified.
Fixes #17064
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)
|
|
Instead of doing a heavy params based query every time a context is asked for
its IV length, this value is cached in the context and only queried if it could
have been modified.
Fixes #17064
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17543)
|
|
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
|
|
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17622)
|
|
CLA: trivial
To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.
Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.
In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:
- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)
|
|
Add copyright to files that were missing it.
Update license from OpenSSL to Apache as needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17606)
|
|
The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)
|
|
After OMC and OTC discussions, the 95% performance loss resulting from
the constant time code was deemed excessive for something outside of
our security policy.
The option to use the constant time code exists as it was in OpenSSL 1.1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17600)
|
|
The get_globals could return NULL, for example,
CRYPTO_THREAD_read_lock() failed.
Therefore, just checking the member of 'bcgbl' is not enough.
We need to check 'bcgbl' itself too in order to avoid the dereference of
the NULL pointer.
And the caller of ossl_bio_init_core(), OSSL_LIB_CTX_new_from_dispatch()
in `crypto/context.c`, has already checked return value and dealed with
the situation if it returns 0.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17581)
|
|
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.
Fixes #17367
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17382)
|
|
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162)
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162)
|
|
The OPENSSL_memdup() is not always success, as the potential failure of
the allocation.
Then the '*pptr'could be NULL pointer but the ui_dup_method_data() will
still return 1.
In CRYPTO_dup_ex_data(), the 'storage[i]->dup_func' will not fail and
'ptr' will be used in CRYPTO_set_ex_data().
Also, if '*pptr' is NULL, I think it should also return 0 to tell the
caller that the duplication fails in order to prevernt using the NULL
pointer.
Therefore, it should be better to add the check and return 1 only if the
duplication succeed.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17582)
|
|
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
|
|
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.
Fixes: https://github.com/openssl/openssl/issues/17506
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
|
|
Since we may fail to get the lock, for example there is no lock, the
X509_STORE_lock() will return 0.
Therefore, we should check it in order to prevent the dirty data.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17575)
|
|
Increase the block numbers to 8 for every iteration. Increase the hash
table capacity. Make use of EOR3 instruction to improve the performance.
This can improve performance 25-40% on out-of-order microarchitectures
with a large number of fast execution units, such as Neoverse V1. We also
see 20-30% performance improvements on other architectures such as the M1.
Assembly code reviewd by Tom Cosgrove (ARM).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15916)
|
|
Assembly code reviewed by Shricharan Srivatsan <ssrivat@us.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16854)
|
|
Move them to their own source file, so they end up in a separate
object file. This allows providers to override their implementation
to use the corresponding OSSL_FUNC upcalls without having to
reimplement everything from crypto/err/err.c.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17474)
|
|
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.
Avoid those problems by not compiling the formating code for floating
point numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)
|
|
This reverts commit 328bf5adf9e23da523d4195db309083aa02403c4.
Turned out it isn't that simple, the fix is incomplete.
So revert and try again with another approach.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17547)
|
|
This adds the functions BN_signed_bin2bn(), BN_signed_bn2bin(),
BN_signed_lebin2bn(), BN_signed_bn2lebin(), BN_signed_native2bn(),
and BN_signed_bn2native(), all essentially doing the same job as
BN_bin2bn(), BN_bn2binpad(), BN_lebin2bn(), BN_bn2lebinpad(),
BN_native2bn(), and BN_bn2nativepad(), except that the 'signed'
ones operate on signed number bins in 2's complement form.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)
|
