diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index d3be27ade..6a1d12595 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.213 2024/10/18 11:12:10 tb Exp $ +# $OpenBSD: Makefile,v 1.214 2024/10/19 08:26:03 tb Exp $ LIB= crypto LIBREBUILD=y @@ -281,7 +281,6 @@ SRCS+= dsa_prn.c # ec/ SRCS+= ec_ameth.c SRCS+= ec_asn1.c -SRCS+= ec_check.c SRCS+= ec_curve.c SRCS+= ec_err.c SRCS+= ec_key.c diff --git a/lib/libcrypto/arch/amd64/crypto_arch.h b/lib/libcrypto/arch/amd64/crypto_arch.h index 6feeaa209..64b2da587 100644 --- a/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/lib/libcrypto/arch/amd64/crypto_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_arch.h,v 1.2 2024/10/18 13:36:24 jsing Exp $ */ +/* $OpenBSD: crypto_arch.h,v 1.3 2024/10/19 13:06:11 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -19,6 +19,7 @@ #define HEADER_CRYPTO_ARCH_H #define HAVE_CRYPTO_CPU_CAPS_INIT +#define HAVE_CRYPTO_CPU_CAPS_IA32 #ifndef OPENSSL_NO_ASM diff --git a/lib/libcrypto/arch/amd64/crypto_cpu_caps.c b/lib/libcrypto/arch/amd64/crypto_cpu_caps.c index 8cbf24edb..b0da0d636 100644 --- a/lib/libcrypto/arch/amd64/crypto_cpu_caps.c +++ b/lib/libcrypto/arch/amd64/crypto_cpu_caps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_cpu_caps.c,v 1.1 2024/10/18 13:36:24 jsing Exp $ */ +/* $OpenBSD: crypto_cpu_caps.c,v 1.2 2024/10/19 13:06:11 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -22,7 +22,7 @@ #include "x86_arch.h" /* Legacy architecture specific capabilities, used by perlasm. */ -extern uint64_t OPENSSL_ia32cap_P; +uint64_t OPENSSL_ia32cap_P; /* Machine independent CPU capabilities. */ extern uint64_t crypto_cpu_caps; @@ -112,3 +112,9 @@ crypto_cpu_caps_init(void) OPENSSL_ia32cap_P = caps; } + +uint64_t +crypto_cpu_caps_ia32(void) +{ + return OPENSSL_ia32cap_P; +} diff --git a/lib/libcrypto/arch/i386/crypto_arch.h b/lib/libcrypto/arch/i386/crypto_arch.h index d566d8064..64b2da587 100644 --- a/lib/libcrypto/arch/i386/crypto_arch.h +++ b/lib/libcrypto/arch/i386/crypto_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_arch.h,v 1.2 2024/10/18 14:44:02 jsing Exp $ */ +/* $OpenBSD: crypto_arch.h,v 1.3 2024/10/19 13:06:11 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -19,6 +19,7 @@ #define HEADER_CRYPTO_ARCH_H #define HAVE_CRYPTO_CPU_CAPS_INIT +#define HAVE_CRYPTO_CPU_CAPS_IA32 #ifndef OPENSSL_NO_ASM diff --git a/lib/libcrypto/arch/i386/crypto_cpu_caps.c b/lib/libcrypto/arch/i386/crypto_cpu_caps.c index e5b36a15c..b0da0d636 100644 --- a/lib/libcrypto/arch/i386/crypto_cpu_caps.c +++ b/lib/libcrypto/arch/i386/crypto_cpu_caps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_cpu_caps.c,v 1.1 2024/10/18 14:44:02 jsing Exp $ */ +/* $OpenBSD: crypto_cpu_caps.c,v 1.2 2024/10/19 13:06:11 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -22,7 +22,7 @@ #include "x86_arch.h" /* Legacy architecture specific capabilities, used by perlasm. */ -extern uint64_t OPENSSL_ia32cap_P; +uint64_t OPENSSL_ia32cap_P; /* Machine independent CPU capabilities. */ extern uint64_t crypto_cpu_caps; @@ -112,3 +112,9 @@ crypto_cpu_caps_init(void) OPENSSL_ia32cap_P = caps; } + +uint64_t +crypto_cpu_caps_ia32(void) +{ + return OPENSSL_ia32cap_P; +} diff --git a/lib/libcrypto/arch/sparc64/Makefile.inc b/lib/libcrypto/arch/sparc64/Makefile.inc index 9101d8a89..43b4b199c 100644 --- a/lib/libcrypto/arch/sparc64/Makefile.inc +++ b/lib/libcrypto/arch/sparc64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.19 2024/08/11 13:02:39 jsing Exp $ +# $OpenBSD: Makefile.inc,v 1.20 2024/10/19 11:55:32 jsing Exp $ # sparc64-specific libcrypto build rules @@ -24,7 +24,3 @@ ${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl /usr/bin/env CC=${CC} /usr/bin/perl \ ${LCRYPTO_SRC}/${dir}/asm/${src}.pl ${.TARGET} -m64 > ${.TARGET} .endfor - -# not until Montgomery code enabled -#CFLAGS+= -DOPENSSL_CPUID_OBJ -#SRCS+= sparccpuid.S sparcv9cap.c diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index 60f14eba1..8cb05e8cb 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.c,v 1.56 2024/10/17 14:27:57 jsing Exp $ */ +/* $OpenBSD: cryptlib.c,v 1.57 2024/10/19 13:06:11 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -330,40 +330,6 @@ CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) return id->val; } -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__INTEL__) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) - -uint64_t OPENSSL_ia32cap_P; - -uint64_t -crypto_cpu_caps_ia32(void) -{ - return OPENSSL_ia32cap_P; -} - -#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_CPUID_SETUP -void -OPENSSL_cpuid_setup(void) -{ - uint64_t OPENSSL_ia32_cpuid(void); - - OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid(); - - if ((OPENSSL_ia32cap_P & CPUCAP_MASK_AESNI) != 0) - crypto_cpu_caps |= CRYPTO_CPU_CAPS_ACCELERATED_AES; -} -#endif - -#else -uint64_t -crypto_cpu_caps_ia32(void) -{ - return 0; -} -#endif - #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) void OPENSSL_cpuid_setup(void) @@ -379,6 +345,14 @@ crypto_cpu_caps_init(void) } #endif +#ifndef HAVE_CRYPTO_CPU_CAPS_IA32 +uint64_t +crypto_cpu_caps_ia32(void) +{ + return 0; +} +#endif + uint64_t OPENSSL_cpu_caps(void) { diff --git a/lib/libcrypto/dsa/dsa_pmeth.c b/lib/libcrypto/dsa/dsa_pmeth.c index 019bee68b..adc731973 100644 --- a/lib/libcrypto/dsa/dsa_pmeth.c +++ b/lib/libcrypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.20 2024/08/26 22:00:47 op Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.21 2024/10/19 14:39:44 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -205,7 +205,7 @@ pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_MD: /* ANSI X9.57 and NIST CSOR. */ - switch (EVP_MD_type((const EVP_MD *)p2)) { + switch (EVP_MD_type(p2)) { case NID_sha1: case NID_dsa: case NID_dsaWithSHA: diff --git a/lib/libcrypto/ec/ec_asn1.c b/lib/libcrypto/ec/ec_asn1.c index 289bc3b27..548afb2d1 100644 --- a/lib/libcrypto/ec/ec_asn1.c +++ b/lib/libcrypto/ec/ec_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_asn1.c,v 1.74 2024/10/17 14:34:06 tb Exp $ */ +/* $OpenBSD: ec_asn1.c,v 1.75 2024/10/18 17:27:07 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -993,6 +993,8 @@ ec_asn1_parameters2group(const ECPARAMETERS *params) if (!ec_asn1_parameters_extract_prime_group(params, &group)) goto err; + if (!ec_group_is_builtin_curve(group)) + goto err; return group; diff --git a/lib/libcrypto/ec/ec_check.c b/lib/libcrypto/ec/ec_check.c deleted file mode 100644 index 0f98ef613..000000000 --- a/lib/libcrypto/ec/ec_check.c +++ /dev/null @@ -1,112 +0,0 @@ -/* $OpenBSD: ec_check.c,v 1.15 2023/07/07 13:54:45 beck Exp $ */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ec_local.h" -#include - -int -EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in) -{ - BN_CTX *ctx; - EC_POINT *point = NULL; - const BIGNUM *order; - int ret = 0; - - if ((ctx = ctx_in) == NULL) - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - - /* check the discriminant */ - if (!EC_GROUP_check_discriminant(group, ctx)) { - ECerror(EC_R_DISCRIMINANT_IS_ZERO); - goto err; - } - /* check the generator */ - if (group->generator == NULL) { - ECerror(EC_R_UNDEFINED_GENERATOR); - goto err; - } - if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { - ECerror(EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - /* check the order of the generator */ - if ((point = EC_POINT_new(group)) == NULL) - goto err; - if ((order = EC_GROUP_get0_order(group)) == NULL) - goto err; - if (BN_is_zero(order)) { - ECerror(EC_R_UNDEFINED_ORDER); - goto err; - } - if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) - goto err; - if (EC_POINT_is_at_infinity(group, point) <= 0) { - ECerror(EC_R_INVALID_GROUP_ORDER); - goto err; - } - - ret = 1; - - err: - if (ctx != ctx_in) - BN_CTX_free(ctx); - - EC_POINT_free(point); - - return ret; -} -LCRYPTO_ALIAS(EC_GROUP_check); diff --git a/lib/libcrypto/ec/ec_curve.c b/lib/libcrypto/ec/ec_curve.c index dc7779358..6d7eea81c 100644 --- a/lib/libcrypto/ec/ec_curve.c +++ b/lib/libcrypto/ec/ec_curve.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_curve.c,v 1.43 2024/03/24 06:05:41 tb Exp $ */ +/* $OpenBSD: ec_curve.c,v 1.46 2024/10/18 18:03:45 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -69,6 +69,7 @@ * */ +#include #include #include @@ -1790,7 +1791,7 @@ static const struct { }, }; -static const struct ec_list_element { +static const struct ec_curve { const char *comment; int nid; int seed_len; @@ -1803,7 +1804,7 @@ static const struct ec_list_element { const uint8_t *x; const uint8_t *y; const uint8_t *order; -} curve_list[] = { +} ec_curve_list[] = { /* secg curves */ { .comment = "SECG/WTLS curve over a 112 bit prime field", @@ -2328,10 +2329,10 @@ static const struct ec_list_element { }, }; -#define CURVE_LIST_LENGTH (sizeof(curve_list) / sizeof(curve_list[0])) +#define EC_CURVE_LIST_LENGTH (sizeof(ec_curve_list) / sizeof(ec_curve_list[0])) static EC_GROUP * -ec_group_new_from_data(const struct ec_list_element *curve) +ec_group_new_from_data(const struct ec_curve *curve) { EC_GROUP *group = NULL, *ret = NULL; EC_POINT *generator = NULL; @@ -2447,9 +2448,9 @@ EC_GROUP_new_by_curve_name(int nid) if (nid <= 0) return NULL; - for (i = 0; i < CURVE_LIST_LENGTH; i++) { - if (curve_list[i].nid == nid) - return ec_group_new_from_data(&curve_list[i]); + for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) { + if (ec_curve_list[i].nid == nid) + return ec_group_new_from_data(&ec_curve_list[i]); } ECerror(EC_R_UNKNOWN_GROUP); @@ -2457,22 +2458,242 @@ EC_GROUP_new_by_curve_name(int nid) } LCRYPTO_ALIAS(EC_GROUP_new_by_curve_name); +static void +ec_curve_free(struct ec_curve *curve) +{ + if (curve == NULL) + return; + + /* PERM UGLY CASTS */ + free((uint8_t *)curve->seed); + free((uint8_t *)curve->p); + free((uint8_t *)curve->a); + free((uint8_t *)curve->b); + free((uint8_t *)curve->x); + free((uint8_t *)curve->y); + free((uint8_t *)curve->order); + + free(curve); +} + +static int +ec_curve_encode_parameter(const BIGNUM *bn, int param_len, + const uint8_t **out_param) +{ + uint8_t *buf = NULL; + int ret = 0; + + if (out_param == NULL || *out_param != NULL) + goto err; + + if ((buf = calloc(1, param_len)) == NULL) + goto err; + if (BN_bn2binpad(bn, buf, param_len) != param_len) + goto err; + + *out_param = buf; + buf = NULL; + + ret = 1; + + err: + free(buf); + + return ret; +} + +static struct ec_curve * +ec_curve_from_group(const EC_GROUP *group) +{ + struct ec_curve *curve = NULL; + BN_CTX *ctx; + BIGNUM *p, *a, *b, *x, *y; + const EC_POINT *generator = NULL; + const BIGNUM *order, *cofactor; + size_t seed_len; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + + if ((p = BN_CTX_get(ctx)) == NULL) + goto err; + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!EC_GROUP_get_curve(group, p, a, b, ctx)) + goto err; + if ((generator = EC_GROUP_get0_generator(group)) == NULL) + goto err; + if (!EC_POINT_get_affine_coordinates(group, generator, x, y, ctx)) + goto err; + if ((order = EC_GROUP_get0_order(group)) == NULL) + goto err; + + if ((curve = calloc(1, sizeof(*curve))) == NULL) + goto err; + + curve->param_len = BN_num_bytes(p); + if (BN_num_bytes(order) > curve->param_len) + curve->param_len = BN_num_bytes(order); + + if (!ec_curve_encode_parameter(p, curve->param_len, &curve->p)) + goto err; + if (!ec_curve_encode_parameter(a, curve->param_len, &curve->a)) + goto err; + if (!ec_curve_encode_parameter(b, curve->param_len, &curve->b)) + goto err; + if (!ec_curve_encode_parameter(x, curve->param_len, &curve->x)) + goto err; + if (!ec_curve_encode_parameter(y, curve->param_len, &curve->y)) + goto err; + if (!ec_curve_encode_parameter(order, curve->param_len, &curve->order)) + goto err; + + if ((cofactor = EC_GROUP_get0_cofactor(group)) != NULL) { + BN_ULONG cofactor_word; + + if ((cofactor_word = BN_get_word(cofactor)) == BN_MASK2) + goto err; + if (cofactor_word > INT_MAX) + goto err; + + curve->cofactor = cofactor_word; + } + + if ((seed_len = EC_GROUP_get_seed_len(group)) > 0) { + uint8_t *seed; + + if (seed_len > INT_MAX) + goto err; + if ((seed = calloc(1, seed_len)) == NULL) + goto err; + memcpy(seed, EC_GROUP_get0_seed(group), seed_len); + + curve->seed = seed; + curve->seed_len = seed_len; + } + + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return curve; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + ec_curve_free(curve); + + return NULL; +} + +static int +ec_curve_cmp(const struct ec_curve *a, const struct ec_curve *b) +{ + int cmp; + + /* Treat nid as optional. The OID isn't part of EC parameters. */ + if (a->nid != NID_undef && b->nid != NID_undef) { + if (a->nid < b->nid) + return -1; + if (a->nid > b->nid) + return 1; + } + + if (a->cofactor < b->cofactor) + return -1; + if (a->cofactor > b->cofactor) + return 1; + if (a->param_len < b->param_len) + return -1; + if (a->param_len > b->param_len) + return 1; + + if ((cmp = memcmp(a->p, b->p, a->param_len)) != 0) + return cmp; + if ((cmp = memcmp(a->a, b->a, a->param_len)) != 0) + return cmp; + if ((cmp = memcmp(a->b, b->b, a->param_len)) != 0) + return cmp; + if ((cmp = memcmp(a->x, b->x, a->param_len)) != 0) + return cmp; + if ((cmp = memcmp(a->y, b->y, a->param_len)) != 0) + return cmp; + if ((cmp = memcmp(a->order, b->order, a->param_len)) != 0) + return cmp; + + /* Seed is optional, not used for computation. Must match if present. */ + if (a->seed_len != 0 && b->seed_len != 0) { + if (a->seed_len < b->seed_len) + return -1; + if (a->seed_len > b->seed_len) + return 1; + if (a->seed != NULL && b->seed != NULL) { + if ((cmp = memcmp(a->seed, b->seed, a->seed_len)) != 0) + return cmp; + } + } + + return 0; +} + +static int +ec_group_nid_from_curve(const struct ec_curve *curve) +{ + size_t i; + + for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) { + if (ec_curve_cmp(curve, &ec_curve_list[i]) == 0) + return ec_curve_list[i].nid; + } + + return NID_undef; +} + +int +ec_group_is_builtin_curve(const EC_GROUP *group) +{ + struct ec_curve *curve; + int ret = 0; + + if ((curve = ec_curve_from_group(group)) == NULL) + goto err; + + if (ec_group_nid_from_curve(curve) == NID_undef) + goto err; + + ret = 1; + + err: + ec_curve_free(curve); + + return ret; +} + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) { - size_t i, min; + size_t i; if (r == NULL || nitems == 0) - return CURVE_LIST_LENGTH; + return EC_CURVE_LIST_LENGTH; - min = nitems < CURVE_LIST_LENGTH ? nitems : CURVE_LIST_LENGTH; + if (nitems > EC_CURVE_LIST_LENGTH) + nitems = EC_CURVE_LIST_LENGTH; - for (i = 0; i < min; i++) { - r[i].nid = curve_list[i].nid; - r[i].comment = curve_list[i].comment; + for (i = 0; i < nitems; i++) { + r[i].nid = ec_curve_list[i].nid; + r[i].comment = ec_curve_list[i].comment; } - return CURVE_LIST_LENGTH; + return EC_CURVE_LIST_LENGTH; } LCRYPTO_ALIAS(EC_get_builtin_curves); diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index 0e5897da9..1918d0ba5 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.70 2024/10/18 10:57:26 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.72 2024/10/19 08:29:40 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -601,6 +601,60 @@ EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx_in) } LCRYPTO_ALIAS(EC_GROUP_check_discriminant); +int +EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in) +{ + BN_CTX *ctx; + EC_POINT *point = NULL; + const BIGNUM *order; + int ret = 0; + + if ((ctx = ctx_in) == NULL) + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + + if (!EC_GROUP_check_discriminant(group, ctx)) { + ECerror(EC_R_DISCRIMINANT_IS_ZERO); + goto err; + } + + if (group->generator == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + goto err; + } + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + + if ((point = EC_POINT_new(group)) == NULL) + goto err; + if ((order = EC_GROUP_get0_order(group)) == NULL) + goto err; + if (BN_is_zero(order)) { + ECerror(EC_R_UNDEFINED_ORDER); + goto err; + } + if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) + goto err; + if (EC_POINT_is_at_infinity(group, point) <= 0) { + ECerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + + ret = 1; + + err: + if (ctx != ctx_in) + BN_CTX_free(ctx); + + EC_POINT_free(point); + + return ret; +} +LCRYPTO_ALIAS(EC_GROUP_check); + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) { diff --git a/lib/libcrypto/ec/ec_local.h b/lib/libcrypto/ec/ec_local.h index ca55770ba..b837e291f 100644 --- a/lib/libcrypto/ec/ec_local.h +++ b/lib/libcrypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.29 2024/10/15 06:27:43 tb Exp $ */ +/* $OpenBSD: ec_local.h,v 1.30 2024/10/18 17:27:07 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -355,6 +355,8 @@ int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p, int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); +int ec_group_is_builtin_curve(const EC_GROUP *group); + /* Public API in OpenSSL */ const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); diff --git a/lib/libcrypto/ec/ec_pmeth.c b/lib/libcrypto/ec/ec_pmeth.c index d422765b0..424d1896b 100644 --- a/lib/libcrypto/ec/ec_pmeth.c +++ b/lib/libcrypto/ec/ec_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_pmeth.c,v 1.22 2024/08/26 22:01:28 op Exp $ */ +/* $OpenBSD: ec_pmeth.c,v 1.23 2024/10/19 14:41:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -381,16 +381,19 @@ pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_MD: /* RFC 3279, RFC 5758 and NIST CSOR. */ - if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha256 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha512 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha3_224 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha3_256 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha3_384 && - EVP_MD_type((const EVP_MD *) p2) != NID_sha3_512) { + switch (EVP_MD_type(p2)) { + case NID_sha1: + case NID_ecdsa_with_SHA1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + case NID_sha3_224: + case NID_sha3_256: + case NID_sha3_384: + case NID_sha3_512: + break; + default: ECerror(EC_R_INVALID_DIGEST_TYPE); return 0; } diff --git a/lib/libcrypto/sparccpuid.S b/lib/libcrypto/sparccpuid.S deleted file mode 100644 index 5d314d5d8..000000000 --- a/lib/libcrypto/sparccpuid.S +++ /dev/null @@ -1,101 +0,0 @@ -#if defined(__SUNPRO_C) && defined(__sparcv9) -# define ABI64 /* They've said -xarch=v9 at command line */ -#elif defined(__GNUC__) && defined(__arch64__) -# define ABI64 /* They've said -m64 at command line */ -#endif - -#ifdef ABI64 - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -# define BIAS 2047 -#else -# define FRAME -96 -# define BIAS 0 -#endif - -.global _sparcv9_vis1_probe -.align 8 -_sparcv9_vis1_probe: - add %sp,BIAS+2,%o1 - .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 - retl - .word 0x81b00d80 !fxor %f0,%f0,%f0 -.type _sparcv9_vis1_probe,#function -.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe - -! Probe and instrument VIS1 instruction. Output is number of cycles it -! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit -! is slow (documented to be 6 cycles on T2) and the core is in-order -! single-issue, it should be possible to distinguish Tx reliably... -! Observed return values are: -! -! UltraSPARC IIe 7 -! UltraSPARC III 7 -! UltraSPARC T1 24 -! -! Numbers for T2 and SPARC64 V-VII are more than welcomed. -! -! It would be possible to detect specifically US-T1 by instrumenting -! fmul8ulx16, which is emulated on T1 and as such accounts for quite -! a lot of %tick-s, couple of thousand on Linux... -.global _sparcv9_vis1_instrument -.align 8 -_sparcv9_vis1_instrument: - .word 0x91410000 !rd %tick,%o0 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x93410000 !rd %tick,%o1 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x95410000 !rd %tick,%o2 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x97410000 !rd %tick,%o3 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x99410000 !rd %tick,%o4 - - ! calculate intervals - sub %o1,%o0,%o0 - sub %o2,%o1,%o1 - sub %o3,%o2,%o2 - sub %o4,%o3,%o3 - - ! find minimum value - cmp %o0,%o1 - .word 0x38680002 !bgu,a %xcc,.+8 - mov %o1,%o0 - cmp %o0,%o2 - .word 0x38680002 !bgu,a %xcc,.+8 - mov %o2,%o0 - cmp %o0,%o3 - .word 0x38680002 !bgu,a %xcc,.+8 - mov %o3,%o0 - - retl - nop -.type _sparcv9_vis1_instrument,#function -.size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument - -.global _sparcv9_vis2_probe -.align 8 -_sparcv9_vis2_probe: - retl - .word 0x81b00980 !bshuffle %f0,%f0,%f0 -.type _sparcv9_vis2_probe,#function -.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe - -.global _sparcv9_fmadd_probe -.align 8 -_sparcv9_fmadd_probe: - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - retl - .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0 -.type _sparcv9_fmadd_probe,#function -.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe - -.section ".init",#alloc,#execinstr - call OPENSSL_cpuid_setup - nop diff --git a/lib/libcrypto/sparcv9cap.c b/lib/libcrypto/sparcv9cap.c deleted file mode 100644 index cc39c1bf4..000000000 --- a/lib/libcrypto/sparcv9cap.c +++ /dev/null @@ -1,98 +0,0 @@ -/* $OpenBSD: sparcv9cap.c,v 1.7 2014/06/20 21:00:46 deraadt Exp $ */ -#include -#include -#include -#include -#include -#include -#include - -#define SPARCV9_PREFER_FPU (1<<1) -#define SPARCV9_VIS1 (1<<2) -#define SPARCV9_VIS2 (1<<3) /* reserved */ -#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ - -static int OPENSSL_sparcv9cap_P = 0; - -int -bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - - if (num >= 8 && !(num & 1) && - (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) == - (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) - return bn_mul_mont_fpu(rp, ap, bp, np, n0, num); - else - return bn_mul_mont_int(rp, ap, bp, np, n0, num); -} - -void _sparcv9_vis1_probe(void); -unsigned long _sparcv9_vis1_instrument(void); -void _sparcv9_vis2_probe(void); -void _sparcv9_fmadd_probe(void); - -static sigjmp_buf common_jmp; -static void -common_handler(int sig) -{ - siglongjmp(common_jmp, sig); -} - -void -OPENSSL_cpuid_setup(void) -{ - char *e; - struct sigaction common_act, ill_oact, bus_oact; - sigset_t all_masked, oset; - static int trigger = 0; - - if (trigger) - return; - trigger = 1; - - /* Initial value, fits UltraSPARC-I&II... */ - OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU; - - sigfillset(&all_masked); - sigdelset(&all_masked, SIGILL); - sigdelset(&all_masked, SIGTRAP); -#ifdef SIGEMT - sigdelset(&all_masked, SIGEMT); -#endif - sigdelset(&all_masked, SIGFPE); - sigdelset(&all_masked, SIGBUS); - sigdelset(&all_masked, SIGSEGV); - sigprocmask(SIG_SETMASK, &all_masked, &oset); - - memset(&common_act, 0, sizeof(common_act)); - common_act.sa_handler = common_handler; - common_act.sa_mask = all_masked; - - sigaction(SIGILL, &common_act, &ill_oact); - sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */ - - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_vis1_probe(); - OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; - /* detect UltraSPARC-Tx, see sparccpud.S for details... */ - if (_sparcv9_vis1_instrument() >= 12) - OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); - else { - _sparcv9_vis2_probe(); - OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; - } - } - - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_fmadd_probe(); - OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; - } - - sigaction(SIGBUS, &bus_oact, NULL); - sigaction(SIGILL, &ill_oact, NULL); - - sigprocmask(SIG_SETMASK, &oset, NULL); -} diff --git a/regress/lib/libcrypto/ec/ec_asn1_test.c b/regress/lib/libcrypto/ec/ec_asn1_test.c index e5e899264..aaff4aa11 100644 --- a/regress/lib/libcrypto/ec/ec_asn1_test.c +++ b/regress/lib/libcrypto/ec/ec_asn1_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_asn1_test.c,v 1.10 2024/10/18 10:40:31 tb Exp $ */ +/* $OpenBSD: ec_asn1_test.c,v 1.13 2024/10/18 19:58:43 tb Exp $ */ /* * Copyright (c) 2017, 2021 Joel Sing * Copyright (c) 2024 Theo Buehler @@ -117,7 +117,7 @@ compare_data(const char *label, const unsigned char *d1, size_t d1_len, return -1; } if (memcmp(d1, d2, d1_len) != 0) { - fprintf(stderr, "FAIL: %sdiffer\n", label); + fprintf(stderr, "FAIL: %s differ\n", label); fprintf(stderr, "got:\n"); hexdump(d1, d1_len); fprintf(stderr, "want:\n"); @@ -287,11 +287,16 @@ static int ec_group_roundtrip_builtin_curve(const EC_builtin_curve *curve) { EC_GROUP *group = NULL; - int failed = 0; + int failed = 1; if ((group = EC_GROUP_new_by_curve_name(curve->nid)) == NULL) errx(1, "failed to instantiate curve %d", curve->nid); + if (!EC_GROUP_check(group, NULL)) { + fprintf(stderr, "FAIL: EC_GROUP_check(%d) failed\n", curve->nid); + goto err; + } + if (EC_GROUP_get_asn1_flag(group) != OPENSSL_EC_NAMED_CURVE) { fprintf(stderr, "FAIL: ASN.1 flag not set for %d\n", curve->nid); goto err; @@ -303,6 +308,8 @@ ec_group_roundtrip_builtin_curve(const EC_builtin_curve *curve) goto err; } + failed = 0; + failed |= ec_group_roundtrip_curve(group, "named", curve->nid); EC_GROUP_set_asn1_flag(group, 0); @@ -834,9 +841,9 @@ ec_group_non_builtin_curve(const struct curve *curve, const EC_METHOD *method, } ERR_clear_error(); + pder = curve->param; der_len = curve->param_len; -#if 0 if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) != NULL) { fprintf(stderr, "FAIL: managed to decode non-builtin parameters %s\n", curve->descr); @@ -849,18 +856,6 @@ ec_group_non_builtin_curve(const struct curve *curve, const EC_METHOD *method, curve->descr, EC_R_UNKNOWN_GROUP, ERR_GET_REASON(error)); goto err; } -#else - if ((new_group = d2i_ECPKParameters(NULL, &pder, der_len)) == NULL) { - fprintf(stderr, "FAIL: d2i_ECPKParameters(%s)\n", curve->descr); - goto err; - } - if (method == EC_GFp_mont_method() && - EC_GROUP_cmp(group, new_group, ctx) != 0) { - fprintf(stderr, "FAIL: %s Weierstrass groups do not match!\n", - curve->descr); - goto err; - } -#endif failed = 0; diff --git a/regress/lib/libcrypto/ec/ectest.c b/regress/lib/libcrypto/ec/ectest.c index e60fde60e..b653ab787 100644 --- a/regress/lib/libcrypto/ec/ectest.c +++ b/regress/lib/libcrypto/ec/ectest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ectest.c,v 1.23 2024/02/29 20:04:43 tb Exp $ */ +/* $OpenBSD: ectest.c,v 1.24 2024/10/18 19:55:34 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -703,68 +703,12 @@ prime_field_tests(void) } -static void -internal_curve_test(void) -{ - EC_builtin_curve *curves = NULL; - size_t crv_len = 0, n = 0; - int ok = 1; - - crv_len = EC_get_builtin_curves(NULL, 0); - - curves = reallocarray(NULL, sizeof(EC_builtin_curve), crv_len); - - if (curves == NULL) - return; - - if (!EC_get_builtin_curves(curves, crv_len)) { - free(curves); - return; - } - - fprintf(stdout, "testing internal curves: "); - - for (n = 0; n < crv_len; n++) { - EC_GROUP *group = NULL; - int nid = curves[n].nid; - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { - ok = 0; - fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" - " curve %s\n", OBJ_nid2sn(nid)); - /* try next curve */ - continue; - } - if (!EC_GROUP_check(group, NULL)) { - ok = 0; - fprintf(stdout, "\nEC_GROUP_check() failed with" - " curve %s\n", OBJ_nid2sn(nid)); - EC_GROUP_free(group); - /* try the next curve */ - continue; - } - fprintf(stdout, "."); - fflush(stdout); - EC_GROUP_free(group); - } - if (ok) - fprintf(stdout, " ok\n\n"); - else { - fprintf(stdout, " failed\n\n"); - ABORT; - } - free(curves); - return; -} - int main(int argc, char *argv[]) { ERR_load_crypto_strings(); prime_field_tests(); - puts(""); - /* test the internal curves */ - internal_curve_test(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); diff --git a/regress/sbin/ifconfig/Makefile b/regress/sbin/ifconfig/Makefile index 8a7acc19c..225b878ea 100644 --- a/regress/sbin/ifconfig/Makefile +++ b/regress/sbin/ifconfig/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 2020/12/17 00:51:12 bluhm Exp $ +# $OpenBSD: Makefile,v 1.7 2024/10/19 07:10:55 anton Exp $ # Copyright (c) 2019 Alexander Bluhm # @@ -291,6 +291,8 @@ run-ether-ifaddr-prefixlen: grep 'inet ${ETHER_ADDR} netmask 0xffffff00 ' ifconfig.out REGRESS_TARGETS += run-ppp-ifaddr-destination +# XXX uses unsupported SIOCSIFDSTADDR ioctl command. +REGRESS_EXPECTED_FAILURES += run-ppp-ifaddr-destination run-ppp-ifaddr-destination: ${IFADDR} ${PPP_IF} ${PPP_ADDR} ${PPP_DEST} /sbin/ifconfig ${PPP_IF} >ifconfig.out @@ -320,6 +322,8 @@ run-ether-ifaddr-change-netmask: grep 'inet ${ETHER_NET}.2 netmask 0xffffff00 ' ifconfig.out REGRESS_TARGETS += run-ppp-ifaddr-change-destination +# XXX uses unsupported SIOCSIFDSTADDR ioctl command. +REGRESS_EXPECTED_FAILURES += run-ppp-ifaddr-change-destination run-ppp-ifaddr-change-destination: ${IFADDR} ${PPP_IF} ${PPP_NET}.1 ${PPP_NET}.11 ${IFADDR} ${PPP_IF} ${PPP_NET}.2 ${PPP_NET}.12 alias