Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Sep 2024 03:52:30 GMT
From:      Enji Cooper <ngie@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: cc43f991ab3e - stable/14 - openssl: Import OpenSSL 3.0.15.
Message-ID:  <202409280352.48S3qUAk014436@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=cc43f991ab3e46ec16f3f1395160805f01bf932e

commit cc43f991ab3e46ec16f3f1395160805f01bf932e
Author:     Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2024-09-08 04:30:17 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2024-09-28 03:50:47 +0000

    openssl: Import OpenSSL 3.0.15.
    
    This release incorporates the following bug fixes and mitigations:
    - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
    - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])
    
    Release notes can be found at:
    https://openssl-library.org/news/openssl-3.0-notes/index.html
    
    Co-authored-by: gordon
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D46602
    
    Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
    
    (cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09)
    
    Update config/build info for OpenSSL 3.0.15
    
    This is a companion commit to the OpenSSL 3.0.15 update.
    
    `opensslv.h` was regenerated via the following process:
    
    ```
    cd crypto/openssl
    ./config
    git reset --hard
    gmake include/openssl/opensslv.h
    ```
    
    `Makefile.inc` has been updated to match.
    
    MFC after:      1 week
    MFC with:       a7148ab39c03abd4d1a84997c70bf96f15dd2a09
    Differential Revision:  https://reviews.freebsd.org/D46603
    
    (cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187)
    
    sys/crypto/openssl: update powerpc* ASM
    
    This change updates the crypto powerpc* ASM via the prescribed process
    documented in `crypto/openssl/FREEBSD-upgrade`.
    
    This change syncs the ASM with 3.0.15's generated ASM.
    
    MFC after:      1 week
    MFC with:       a7148ab39c03abd4d1a84997c70bf96f15dd2a09
    MFC with:       cc717b574d7faa2e0b2de1a985076286cef74187
    Differential Revision:  https://reviews.freebsd.org/D46604
    
    (cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233)
---
 crypto/openssl/CHANGES.md                          |  34 ++
 crypto/openssl/CONTRIBUTING.md                     |   6 +-
 crypto/openssl/Configurations/10-main.conf         |  36 ++
 crypto/openssl/Configurations/15-ios.conf          |   2 +-
 crypto/openssl/Configure                           |  10 +-
 crypto/openssl/FAQ.md                              |   6 -
 crypto/openssl/INSTALL.md                          |   4 +-
 crypto/openssl/NEWS.md                             |  15 +
 crypto/openssl/VERSION.dat                         |   4 +-
 crypto/openssl/apps/cms.c                          |   4 +-
 crypto/openssl/apps/dgst.c                         |   9 +-
 crypto/openssl/apps/lib/opt.c                      |   4 +-
 crypto/openssl/apps/lib/s_cb.c                     |   3 +-
 crypto/openssl/apps/smime.c                        |   4 +-
 crypto/openssl/crypto/aes/asm/aesp8-ppc.pl         | 147 ++++--
 crypto/openssl/crypto/aes/build.info               |   4 +
 crypto/openssl/crypto/asn1/a_d2i_fp.c              |   5 +-
 crypto/openssl/crypto/asn1/a_mbstr.c               |  14 +-
 crypto/openssl/crypto/asn1/a_strex.c               |  11 +-
 crypto/openssl/crypto/asn1/a_verify.c              |   4 +-
 crypto/openssl/crypto/asn1/tasn_fre.c              |   8 +-
 crypto/openssl/crypto/bio/bf_readbuff.c            |   7 +-
 crypto/openssl/crypto/bio/bio_addr.c               |  12 +-
 crypto/openssl/crypto/cmp/cmp_vfy.c                |   4 +-
 crypto/openssl/crypto/conf/conf_def.c              |   4 +-
 crypto/openssl/crypto/conf/conf_lib.c              |   5 +-
 crypto/openssl/crypto/conf/conf_sap.c              |   4 +-
 crypto/openssl/crypto/context.c                    |   4 +-
 crypto/openssl/crypto/ec/ecdsa_ossl.c              |  12 +-
 crypto/openssl/crypto/engine/eng_table.c           |   8 +-
 crypto/openssl/crypto/evp/ctrl_params_translate.c  |   5 +-
 crypto/openssl/crypto/evp/digest.c                 |   4 +-
 crypto/openssl/crypto/evp/names.c                  |  36 +-
 crypto/openssl/crypto/evp/pmeth_lib.c              |  11 +-
 crypto/openssl/crypto/o_str.c                      |   6 +-
 crypto/openssl/crypto/pkcs12/p12_crt.c             |  17 +-
 crypto/openssl/crypto/pkcs7/pk7_doit.c             |  45 +-
 crypto/openssl/crypto/property/property.c          |  55 +-
 crypto/openssl/crypto/rand/randfile.c              |  13 +-
 crypto/openssl/crypto/rsa/rsa_oaep.c               |   4 +-
 crypto/openssl/crypto/x509/v3_utl.c                |   2 +-
 crypto/openssl/crypto/x509/x_name.c                |   6 +-
 crypto/openssl/doc/HOWTO/certificates.txt          |   2 +-
 crypto/openssl/doc/fingerprints.txt                |   3 -
 crypto/openssl/doc/man1/openssl-enc.pod.in         |  13 +-
 .../doc/man1/openssl-passphrase-options.pod        |  24 +-
 crypto/openssl/doc/man1/openssl-s_client.pod.in    |   8 +-
 crypto/openssl/doc/man1/openssl-s_server.pod.in    |   7 +-
 .../doc/man1/openssl-verification-options.pod      |   4 +-
 crypto/openssl/doc/man3/ASN1_INTEGER_new.pod       |   3 +-
 crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod     |   5 +-
 crypto/openssl/doc/man3/BIO_ADDR.pod               |   3 +-
 crypto/openssl/doc/man3/BIO_ADDRINFO.pod           |   4 +-
 crypto/openssl/doc/man3/BIO_f_base64.pod           |  26 +-
 crypto/openssl/doc/man3/BIO_meth_new.pod           |   4 +-
 crypto/openssl/doc/man3/BN_add.pod                 |  22 +-
 crypto/openssl/doc/man3/BN_generate_prime.pod      |   5 +-
 crypto/openssl/doc/man3/BN_set_bit.pod             |   9 +-
 crypto/openssl/doc/man3/BUF_MEM_new.pod            |   3 +-
 crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod |  12 +-
 crypto/openssl/doc/man3/CTLOG_STORE_new.pod        |   4 +-
 crypto/openssl/doc/man3/CTLOG_new.pod              |   4 +-
 crypto/openssl/doc/man3/CT_POLICY_EVAL_CTX_new.pod |   5 +-
 crypto/openssl/doc/man3/DH_meth_new.pod            |   4 +-
 crypto/openssl/doc/man3/DSA_SIG_new.pod            |   3 +-
 crypto/openssl/doc/man3/DSA_meth_new.pod           |   4 +-
 crypto/openssl/doc/man3/ECDSA_SIG_new.pod          |   3 +-
 crypto/openssl/doc/man3/ENGINE_add.pod             |   5 +-
 crypto/openssl/doc/man3/EVP_ASYM_CIPHER_free.pod   |   4 +-
 crypto/openssl/doc/man3/EVP_CIPHER_meth_new.pod    |   3 +-
 crypto/openssl/doc/man3/EVP_DigestInit.pod         |  10 +-
 crypto/openssl/doc/man3/EVP_EncodeInit.pod         |   4 +-
 crypto/openssl/doc/man3/EVP_EncryptInit.pod        |  19 +-
 crypto/openssl/doc/man3/EVP_KEM_free.pod           |   3 +-
 crypto/openssl/doc/man3/EVP_KEYEXCH_free.pod       |   4 +-
 crypto/openssl/doc/man3/EVP_KEYMGMT.pod            |   3 +-
 crypto/openssl/doc/man3/EVP_MD_meth_new.pod        |   3 +-
 crypto/openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod   |   4 +-
 crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod      |   4 +-
 crypto/openssl/doc/man3/EVP_RAND.pod               |   4 +-
 crypto/openssl/doc/man3/EVP_SIGNATURE.pod          |   4 +-
 crypto/openssl/doc/man3/HMAC.pod                   |   4 +-
 crypto/openssl/doc/man3/MD5.pod                    |  15 +-
 crypto/openssl/doc/man3/NCONF_new_ex.pod           |   4 +-
 crypto/openssl/doc/man3/OCSP_REQUEST_new.pod       |   3 +-
 crypto/openssl/doc/man3/OCSP_cert_to_id.pod        |   3 +-
 crypto/openssl/doc/man3/OCSP_response_status.pod   |   3 +-
 crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod    |   4 +-
 crypto/openssl/doc/man3/OPENSSL_init_crypto.pod    |   3 +-
 crypto/openssl/doc/man3/OPENSSL_malloc.pod         |   5 +-
 crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod  |   8 +-
 crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod       |   8 +-
 crypto/openssl/doc/man3/OSSL_CMP_SRV_CTX_new.pod   |   3 +-
 crypto/openssl/doc/man3/OSSL_CMP_validate_msg.pod  |   9 +-
 crypto/openssl/doc/man3/OSSL_DECODER.pod           |   3 +-
 crypto/openssl/doc/man3/OSSL_DECODER_CTX.pod       |   3 +-
 .../doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod     |   4 +-
 crypto/openssl/doc/man3/OSSL_ENCODER.pod           |   3 +-
 crypto/openssl/doc/man3/OSSL_ENCODER_CTX.pod       |   3 +-
 crypto/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod      |   3 +-
 crypto/openssl/doc/man3/OSSL_LIB_CTX.pod           |   4 +-
 crypto/openssl/doc/man3/OSSL_PARAM_BLD.pod         |   3 +-
 crypto/openssl/doc/man3/OSSL_PARAM_dup.pod         |   3 +-
 crypto/openssl/doc/man3/OSSL_SELF_TEST_new.pod     |   3 +-
 crypto/openssl/doc/man3/OSSL_STORE_INFO.pod        |   3 +-
 crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod      |  23 +-
 crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod      |   3 +-
 .../openssl/doc/man3/PEM_read_bio_PrivateKey.pod   |   6 +-
 crypto/openssl/doc/man3/RAND_set_DRBG_type.pod     |   4 +-
 crypto/openssl/doc/man3/RSA_meth_new.pod           |   4 +-
 crypto/openssl/doc/man3/SCT_new.pod                |   8 +-
 .../doc/man3/SSL_CTX_set_alpn_select_cb.pod        |  28 +-
 .../openssl/doc/man3/SSL_CTX_set_cipher_list.pod   |   4 +-
 .../doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod  |   8 +-
 crypto/openssl/doc/man3/TS_RESP_CTX_new.pod        |   3 +-
 crypto/openssl/doc/man3/X509V3_get_d2i.pod         |   3 +-
 crypto/openssl/doc/man3/X509_LOOKUP.pod            |   3 +-
 crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod   |   3 +-
 crypto/openssl/doc/man3/X509_STORE_new.pod         |   3 +-
 crypto/openssl/doc/man3/X509_dup.pod               |   2 +-
 crypto/openssl/doc/man3/X509_new.pod               |   7 +-
 crypto/openssl/doc/man3/d2i_X509.pod               |   6 +-
 crypto/openssl/doc/man7/EVP_KEYEXCH-DH.pod         |  11 +-
 crypto/openssl/doc/man7/EVP_PKEY-DH.pod            |  62 +--
 crypto/openssl/doc/man7/ossl_store.pod             |   9 +-
 crypto/openssl/fuzz/bignum.c                       |   9 +-
 crypto/openssl/include/crypto/aes_platform.h       |   4 +-
 crypto/openssl/include/crypto/bn.h                 |   2 +-
 crypto/openssl/include/openssl/opensslv.h          |  10 +-
 crypto/openssl/include/openssl/tls1.h              |   4 +-
 crypto/openssl/providers/fips-sources.checksums    |  18 +-
 crypto/openssl/providers/fips.checksum             |   2 +-
 .../implementations/encode_decode/decode_der2key.c |  35 +-
 .../openssl/providers/implementations/rands/drbg.c |   5 +
 crypto/openssl/ssl/bio_ssl.c                       |   4 +-
 crypto/openssl/ssl/ssl_lib.c                       |  63 ++-
 crypto/openssl/ssl/ssl_sess.c                      |  34 +-
 crypto/openssl/ssl/statem/extensions.c             |  14 +-
 crypto/openssl/ssl/statem/extensions_clnt.c        |  29 +-
 crypto/openssl/ssl/statem/extensions_srvr.c        |  34 +-
 crypto/openssl/ssl/statem/statem_lib.c             |   6 +-
 crypto/openssl/ssl/t1_lib.c                        |   2 +
 crypto/openssl/test/build.info                     |   6 +-
 crypto/openssl/test/crltest.c                      |  65 ++-
 crypto/openssl/test/endecode_test.c                |  22 +-
 crypto/openssl/test/evp_byname_test.c              |  40 ++
 crypto/openssl/test/evp_extra_test.c               |  21 +
 crypto/openssl/test/helpers/handshake.c            |   8 +-
 crypto/openssl/test/hexstr_test.c                  |  11 +-
 crypto/openssl/test/prov_config_test.c             |   9 +-
 crypto/openssl/test/provider_fallback_test.c       |  14 +-
 crypto/openssl/test/provider_internal_test.c       |   4 +-
 crypto/openssl/test/provider_test.c                |   3 +-
 crypto/openssl/test/recipes/03-test_fipsinstall.t  |  44 +-
 crypto/openssl/test/recipes/04-test_conf.t         |   3 +-
 .../recipes/04-test_conf_data/oversized_line.cnf   |   3 +
 .../recipes/04-test_conf_data/oversized_line.txt   |   4 +
 crypto/openssl/test/recipes/25-test_eai_data.t     |   2 +-
 crypto/openssl/test/recipes/30-test_evp_byname.t   |  16 +
 .../test/recipes/30-test_evp_data/evppkey_dsa.txt  |   6 +-
 .../recipes/30-test_evp_data/evppkey_ecdsa.txt     |   3 +-
 .../30-test_evp_data/evppkey_rsa_common.txt        |   3 +-
 crypto/openssl/test/recipes/70-test_npn.t          |  73 +++
 crypto/openssl/test/ssl-tests/08-npn.cnf           | 553 ++++++++++++---------
 crypto/openssl/test/ssl-tests/08-npn.cnf.in        |  37 +-
 crypto/openssl/test/ssl-tests/09-alpn.cnf          |  66 ++-
 crypto/openssl/test/ssl-tests/09-alpn.cnf.in       |  35 +-
 crypto/openssl/test/sslapitest.c                   | 370 +++++++++++++-
 crypto/openssl/util/check-format-commit.sh         | 171 +++++++
 crypto/openssl/util/check-format-test-negatives.c  |   5 +-
 crypto/openssl/util/check-format.pl                |  13 +-
 crypto/openssl/util/perl/OpenSSL/Test/Utils.pm     |  18 +-
 crypto/openssl/util/perl/TLSProxy/Message.pm       |  11 +-
 crypto/openssl/util/perl/TLSProxy/NextProto.pm     |  54 ++
 crypto/openssl/util/perl/TLSProxy/Proxy.pm         |   3 +-
 secure/lib/libcrypto/Makefile.inc                  |   4 +-
 sys/crypto/openssl/powerpc/aesp8-ppc.S             | 143 ++++--
 sys/crypto/openssl/powerpc/poly1305-ppc.S          |  64 +--
 sys/crypto/openssl/powerpc64/aesp8-ppc.S           | 143 ++++--
 sys/crypto/openssl/powerpc64/poly1305-ppc.S        |  64 +--
 sys/crypto/openssl/powerpc64le/aesp8-ppc.S         | 143 ++++--
 sys/crypto/openssl/powerpc64le/poly1305-ppc.S      |  64 +--
 182 files changed, 2697 insertions(+), 1062 deletions(-)

diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md
index 19e0fd6e25a5..e41181b5bbb0 100644
--- a/crypto/openssl/CHANGES.md
+++ b/crypto/openssl/CHANGES.md
@@ -28,6 +28,30 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 
+### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
+
+ * Fixed possible denial of service in X.509 name checks.
+
+   Applications performing certificate name checks (e.g., TLS clients checking
+   server certificates) may attempt to read an invalid memory address when
+   comparing the expected name with an `otherName` subject alternative name of
+   an X.509 certificate. This may result in an exception that terminates the
+   application program.
+
+   ([CVE-2024-6119])
+
+   *Viktor Dukhovni*
+
+ * Fixed possible buffer overread in SSL_select_next_proto().
+
+   Calling the OpenSSL API function SSL_select_next_proto with an empty
+   supported client protocols buffer may cause a crash or memory contents
+   to be sent to the peer.
+
+   ([CVE-2024-5535])
+
+   *Matt Caswell*
+
 ### Changes between 3.0.13 and 3.0.14 [4 Jun 2024]
 
  * Fixed potential use after free after SSL_free_buffers() is called.
@@ -70,6 +94,14 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Tomáš Mráz*
 
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+   side channel leaks.
+
+   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+   and Hubert Kario from Red Hat for reporting the issues.
+
+   *Tomáš Mráz and Paul Dale*
+
  * Fixed an issue where some non-default TLS server configurations can cause
    unbounded memory growth when processing TLSv1.3 sessions. An attacker may
    exploit certain server configurations to trigger unbounded memory growth that
@@ -19890,6 +19922,8 @@ ndif
 
 <!-- Links -->
 
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
+[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
diff --git a/crypto/openssl/CONTRIBUTING.md b/crypto/openssl/CONTRIBUTING.md
index fec6616e21fe..cced15347d05 100644
--- a/crypto/openssl/CONTRIBUTING.md
+++ b/crypto/openssl/CONTRIBUTING.md
@@ -3,7 +3,7 @@ HOW TO CONTRIBUTE TO OpenSSL
 
 Please visit our [Getting Started] page for other ideas about how to contribute.
 
-  [Getting Started]: <https://www.openssl.org/community/getting-started.html>;
+  [Getting Started]: <https://openssl-library.org/community/getting-started>;
 
 Development is done on GitHub in the [openssl/openssl] repository.
 
@@ -77,8 +77,8 @@ guidelines:
     Clean builds via GitHub Actions are required. They are started automatically
     whenever a PR is created or updated by committers.
 
-    [coding style]: https://www.openssl.org/policies/technical/coding-style.html
-    [documentation policy]: https://openssl.org/policies/technical/documentation-policy.html
+    [coding style]: https://openssl-library.org/policies/technical/coding-style/
+    [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
 
  5. When at all possible, code contributions should include tests. These can
     either be added to an existing test, or completely new.  Please see
diff --git a/crypto/openssl/Configurations/10-main.conf b/crypto/openssl/Configurations/10-main.conf
index 1155d9859c56..e74adb50cc3c 100644
--- a/crypto/openssl/Configurations/10-main.conf
+++ b/crypto/openssl/Configurations/10-main.conf
@@ -1264,6 +1264,25 @@ my %targets = (
         AR               => add("-X32"),
         RANLIB           => add("-X32"),
     },
+    # To enable openxl compiler for aix
+    # If 17.1 openxl runtime is available, -latomic can be used
+    # instead of -DBROKEN_CLANG_ATOMICS
+    "aix-clang" => {
+        inherit_from     => [ "aix-common" ],
+        CC               => "ibm-clang",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS",
+                            threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        asm_arch         => 'ppc32',
+        perlasm_scheme   => "aix32",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add("-shared"),
+        AR               => add("-X32"),
+        RANLIB           => add("-X32"),
+    },
     "aix64-cc" => {
         inherit_from     => [ "aix-common" ],
         CC               => "cc",
@@ -1282,6 +1301,23 @@ my %targets = (
         AR               => add("-X64"),
         RANLIB           => add("-X64"),
     },
+    "aix64-clang" => {
+        inherit_from     => [ "aix-common" ],
+        CC               => "ibm-clang",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large",
+                            threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        asm_arch         => 'ppc64',
+        perlasm_scheme   => "aix64",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add("-shared"),
+        shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
+        AR               => add("-X64"),
+        RANLIB           => add("-X64"),
+    },
 
 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
     "BS2000-OSD" => {
diff --git a/crypto/openssl/Configurations/15-ios.conf b/crypto/openssl/Configurations/15-ios.conf
index 81e3d68bc7f0..84c9cfeb3a14 100644
--- a/crypto/openssl/Configurations/15-ios.conf
+++ b/crypto/openssl/Configurations/15-ios.conf
@@ -10,7 +10,7 @@ my %targets = (
         template         => 1,
         inherit_from     => [ "darwin-common" ],
         sys_id           => "iOS",
-        disable          => [ "shared", "async" ],
+        disable          => [ "async" ],
     },
     "ios-xcrun" => {
         inherit_from     => [ "ios-common" ],
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 40c03ad0af32..0c60d1da1659 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -178,7 +178,6 @@ my @gcc_devteam_warn = qw(
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
 my @clang_devteam_warn = qw(
     -Wno-unknown-warning-option
-    -Wswitch-default
     -Wno-parentheses-equality
     -Wno-language-extension-token
     -Wno-extended-offsetof
@@ -1583,7 +1582,7 @@ if (!$disabled{makedepend}) {
     disable('unavailable', 'makedepend') unless $config{makedep_scheme};
 }
 
-if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') {
+if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) {
     # probe for -Wa,--noexecstack option...
     if ($predefined_C{__clang__}) {
         # clang has builtin assembler, which doesn't recognize --help,
@@ -3407,6 +3406,13 @@ sub absolutedir {
         return rel2abs($dir);
     }
 
+    # realpath() on Windows seems to check if the directory actually exists,
+    # which isn't what is wanted here.  All we want to know is if a directory
+    # spec is absolute, not if it exists.
+    if ($^O eq "MSWin32") {
+        return rel2abs($dir);
+    }
+
     # We use realpath() on Unix, since no other will properly clean out
     # a directory spec.
     use Cwd qw/realpath/;
diff --git a/crypto/openssl/FAQ.md b/crypto/openssl/FAQ.md
deleted file mode 100644
index 30f5010ce3a4..000000000000
--- a/crypto/openssl/FAQ.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Frequently Asked Questions (FAQ)
-================================
-
-The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage.
-
-  [FAQ]: https://www.openssl.org/docs/faq.html
diff --git a/crypto/openssl/INSTALL.md b/crypto/openssl/INSTALL.md
index c0dae491c94d..47d64b1a39d8 100644
--- a/crypto/openssl/INSTALL.md
+++ b/crypto/openssl/INSTALL.md
@@ -1164,7 +1164,7 @@ Configure OpenSSL
 ### Automatic Configuration
 
 In previous version, the `config` script determined the platform type and
-compiler and then called `Configure`. Starting with this release, they are
+compiler and then called `Configure`. Starting with version 3.0, they are
 the same.
 
 #### Unix / Linux / macOS
@@ -1618,7 +1618,7 @@ More about our support resources can be found in the [SUPPORT] file.
 
 ### Configuration Errors
 
-If the `./Configure` or `./Configure` command fails with an error message,
+If the `./config` or `./Configure` command fails with an error message,
 read the error message carefully and try to figure out whether you made
 a mistake (e.g., by providing a wrong option), or whether the script is
 working incorrectly. If you think you encountered a bug, please
diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md
index fb231bcd8459..e0a81703ee8d 100644
--- a/crypto/openssl/NEWS.md
+++ b/crypto/openssl/NEWS.md
@@ -18,6 +18,19 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 
+### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
+
+OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
+release is Moderate.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed possible denial of service in X.509 name checks
+    ([CVE-2024-6119])
+
+  * Fixed possible buffer overread in SSL_select_next_proto()
+    ([CVE-2024-5535])
+
 ### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [4 Jun 2024]
 
   * Fixed potential use after free after SSL_free_buffers() is called
@@ -1482,6 +1495,8 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
+[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat
index 5de9bf3d01ba..0942ddc200ca 100644
--- a/crypto/openssl/VERSION.dat
+++ b/crypto/openssl/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
-PATCH=14
+PATCH=15
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="4 Jun 2024"
+RELEASE_DATE="3 Sep 2024"
 SHLIB_VERSION=3
diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c
index 3994cb0fcd58..abb9f196a760 100644
--- a/crypto/openssl/apps/cms.c
+++ b/crypto/openssl/apps/cms.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -132,7 +132,7 @@ const OPTIONS cms_options[] = {
     {"binary", OPT_BINARY, '-',
      "Treat input as binary: do not translate to canonical form"},
     {"crlfeol", OPT_CRLFEOL, '-',
-     "Use CRLF as EOL termination instead of CR only" },
+     "Use CRLF as EOL termination instead of LF only" },
     {"asciicrlf", OPT_ASCIICRLF, '-',
      "Perform CRLF canonicalisation when signing"},
 
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 3f02af0d5738..51383bec26ca 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -478,7 +478,7 @@ int dgst_main(int argc, char **argv)
 static void show_digests(const OBJ_NAME *name, void *arg)
 {
     struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
-    const EVP_MD *md = NULL;
+    EVP_MD *md = NULL;
 
     /* Filter out signed digests (a.k.a signature algorithms) */
     if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
@@ -490,8 +490,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
     /* Filter out message digests that we cannot use */
     md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
     if (md == NULL) {
-        md = EVP_get_digestbyname(name->name);
-        if (md == NULL)
+        if (EVP_get_digestbyname(name->name) == NULL)
             return;
     }
 
@@ -502,6 +501,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
     } else {
         BIO_printf(dec->bio, " ");
     }
+
+    EVP_MD_free(md);
 }
 
 /*
diff --git a/crypto/openssl/apps/lib/opt.c b/crypto/openssl/apps/lib/opt.c
index d56964dbe7ba..88db9ad6947b 100644
--- a/crypto/openssl/apps/lib/opt.c
+++ b/crypto/openssl/apps/lib/opt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -616,7 +616,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result)
         opt_number_error(value);
         return 0;
     }
-    *result = (ossl_intmax_t)m;
+    *result = (ossl_uintmax_t)m;
     errno = oerrno;
     return 1;
 }
diff --git a/crypto/openssl/apps/lib/s_cb.c b/crypto/openssl/apps/lib/s_cb.c
index 7881c1667626..6440b496099e 100644
--- a/crypto/openssl/apps/lib/s_cb.c
+++ b/crypto/openssl/apps/lib/s_cb.c
@@ -649,7 +649,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
     (void)BIO_flush(bio);
 }
 
-static STRINT_PAIR tlsext_types[] = {
+static const STRINT_PAIR tlsext_types[] = {
     {"server name", TLSEXT_TYPE_server_name},
     {"max fragment length", TLSEXT_TYPE_max_fragment_length},
     {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
@@ -688,6 +688,7 @@ static STRINT_PAIR tlsext_types[] = {
     {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
     {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
     {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
+    {"early_data", TLSEXT_TYPE_early_data},
     {NULL}
 };
 
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
index 52b4a01c232f..651294e46daa 100644
--- a/crypto/openssl/apps/smime.c
+++ b/crypto/openssl/apps/smime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -118,7 +118,7 @@ const OPTIONS smime_options[] = {
      "Do not load certificates from the default certificates store"},
     {"nochain", OPT_NOCHAIN, '-',
      "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
-    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"},
 
     OPT_R_OPTIONS,
     OPT_V_OPTIONS,
diff --git a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
index 60cf86f52aed..f7f78d04b0e1 100755
--- a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -99,11 +99,12 @@ rcon:
 .long	0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000	?rev
 .long	0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c	?rev
 .long	0,0,0,0						?asis
+.long	0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe
 Lconsts:
 	mflr	r0
 	bcl	20,31,\$+4
 	mflr	$ptr	 #vvvvv "distance between . and rcon
-	addi	$ptr,$ptr,-0x48
+	addi	$ptr,$ptr,-0x58
 	mtlr	r0
 	blr
 	.long	0
@@ -2405,7 +2406,7 @@ ___
 my $key_=$key2;
 my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
     $x00=0 if ($flavour =~ /osx/);
-my ($in0,  $in1,  $in2,  $in3,  $in4,  $in5 )=map("v$_",(0..5));
+my ($in0,  $in1,  $in2,  $in3,  $in4,  $in5)=map("v$_",(0..5));
 my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
 my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
 my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
@@ -2460,6 +2461,18 @@ _aesp8_xts_encrypt6x:
 	li		$x70,0x70
 	mtspr		256,r0
 
+	# Reverse eighty7 to 0x010101..87
+	xxlor		2, 32+$eighty7, 32+$eighty7
+	vsldoi		$eighty7,$tmp,$eighty7,1	# 0x010101..87
+	xxlor		1, 32+$eighty7, 32+$eighty7
+
+	# Load XOR contents. 0xf102132435465768798a9bacbdcedfe
+	mr		$x70, r6
+	bl		Lconsts
+	lxvw4x		0, $x40, r6		# load XOR contents
+	mr		r6, $x70
+	li		$x70,0x70
+
 	subi		$rounds,$rounds,3	# -4 in total
 
 	lvx		$rndkey0,$x00,$key1	# load key schedule
@@ -2502,69 +2515,77 @@ Load_xts_enc_key:
 	?vperm		v31,v31,$twk5,$keyperm
 	lvx		v25,$x10,$key_		# pre-load round[2]
 
+	# Switch to use the following codes with 0x010101..87 to generate tweak.
+	#     eighty7 = 0x010101..87
+	# vsrab		tmp, tweak, seven	# next tweak value, right shift 7 bits
+	# vand		tmp, tmp, eighty7	# last byte with carry
+	# vaddubm	tweak, tweak, tweak	# left shift 1 bit (x2)
+	# xxlor		vsx, 0, 0
+	# vpermxor	tweak, tweak, tmp, vsx
+
 	 vperm		$in0,$inout,$inptail,$inpperm
 	 subi		$inp,$inp,31		# undo "caller"
 	vxor		$twk0,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out0,$in0,$twk0
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in1, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in1
 
 	 lvx_u		$in1,$x10,$inp
 	vxor		$twk1,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in1,$in1,$in1,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out1,$in1,$twk1
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in2, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in2
 
 	 lvx_u		$in2,$x20,$inp
 	 andi.		$taillen,$len,15
 	vxor		$twk2,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in2,$in2,$in2,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out2,$in2,$twk2
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in3, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in3
 
 	 lvx_u		$in3,$x30,$inp
 	 sub		$len,$len,$taillen
 	vxor		$twk3,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in3,$in3,$in3,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out3,$in3,$twk3
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in4, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in4
 
 	 lvx_u		$in4,$x40,$inp
 	 subi		$len,$len,0x60
 	vxor		$twk4,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in4,$in4,$in4,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out4,$in4,$twk4
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in5, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in5
 
 	 lvx_u		$in5,$x50,$inp
 	 addi		$inp,$inp,0x60
 	vxor		$twk5,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in5,$in5,$in5,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out5,$in5,$twk5
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in0, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in0
 
 	vxor		v31,v31,$rndkey0
 	mtctr		$rounds
@@ -2590,6 +2611,8 @@ Loop_xts_enc6x:
 	lvx		v25,$x10,$key_		# round[4]
 	bdnz		Loop_xts_enc6x
 
+	xxlor		32+$eighty7, 1, 1		# 0x010101..87
+
 	subic		$len,$len,96		# $len-=96
 	 vxor		$in0,$twk0,v31		# xor with last round key
 	vcipher		$out0,$out0,v24
@@ -2599,7 +2622,6 @@ Loop_xts_enc6x:
 	 vaddubm	$tweak,$tweak,$tweak
 	vcipher		$out2,$out2,v24
 	vcipher		$out3,$out3,v24
-	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out4,$out4,v24
 	vcipher		$out5,$out5,v24
 
@@ -2607,7 +2629,8 @@ Loop_xts_enc6x:
 	 vand		$tmp,$tmp,$eighty7
 	vcipher		$out0,$out0,v25
 	vcipher		$out1,$out1,v25
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in1, 0, 0
+	 vpermxor	$tweak, $tweak, $tmp, $in1
 	vcipher		$out2,$out2,v25
 	vcipher		$out3,$out3,v25
 	 vxor		$in1,$twk1,v31
@@ -2618,13 +2641,13 @@ Loop_xts_enc6x:
 
 	and		r0,r0,$len
 	 vaddubm	$tweak,$tweak,$tweak
-	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out0,$out0,v26
 	vcipher		$out1,$out1,v26
 	 vand		$tmp,$tmp,$eighty7
 	vcipher		$out2,$out2,v26
 	vcipher		$out3,$out3,v26
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in2, 0, 0
+	 vpermxor	$tweak, $tweak, $tmp, $in2
 	vcipher		$out4,$out4,v26
 	vcipher		$out5,$out5,v26
 
@@ -2638,7 +2661,6 @@ Loop_xts_enc6x:
 	 vaddubm	$tweak,$tweak,$tweak
 	vcipher		$out0,$out0,v27
 	vcipher		$out1,$out1,v27
-	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out2,$out2,v27
 	vcipher		$out3,$out3,v27
 	 vand		$tmp,$tmp,$eighty7
@@ -2646,7 +2668,8 @@ Loop_xts_enc6x:
 	vcipher		$out5,$out5,v27
 
 	addi		$key_,$sp,$FRAME+15	# rewind $key_
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in3, 0, 0
+	 vpermxor	$tweak, $tweak, $tmp, $in3
 	vcipher		$out0,$out0,v28
 	vcipher		$out1,$out1,v28
 	 vxor		$in3,$twk3,v31
@@ -2655,7 +2678,6 @@ Loop_xts_enc6x:
 	vcipher		$out2,$out2,v28
 	vcipher		$out3,$out3,v28
 	 vaddubm	$tweak,$tweak,$tweak
-	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out4,$out4,v28
 	vcipher		$out5,$out5,v28
 	lvx		v24,$x00,$key_		# re-pre-load round[1]
@@ -2663,7 +2685,8 @@ Loop_xts_enc6x:
 
 	vcipher		$out0,$out0,v29
 	vcipher		$out1,$out1,v29
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in4, 0, 0
+	 vpermxor	$tweak, $tweak, $tmp, $in4
 	vcipher		$out2,$out2,v29
 	vcipher		$out3,$out3,v29
 	 vxor		$in4,$twk4,v31
@@ -2673,14 +2696,14 @@ Loop_xts_enc6x:
 	vcipher		$out5,$out5,v29
 	lvx		v25,$x10,$key_		# re-pre-load round[2]
 	 vaddubm	$tweak,$tweak,$tweak
-	 vsldoi		$tmp,$tmp,$tmp,15
 
 	vcipher		$out0,$out0,v30
 	vcipher		$out1,$out1,v30
 	 vand		$tmp,$tmp,$eighty7
 	vcipher		$out2,$out2,v30
 	vcipher		$out3,$out3,v30
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in5, 0, 0
+	 vpermxor	$tweak, $tweak, $tmp, $in5
 	vcipher		$out4,$out4,v30
 	vcipher		$out5,$out5,v30
 	 vxor		$in5,$twk5,v31
@@ -2690,7 +2713,6 @@ Loop_xts_enc6x:
 	vcipherlast	$out0,$out0,$in0
 	 lvx_u		$in0,$x00,$inp		# load next input block
 	 vaddubm	$tweak,$tweak,$tweak
-	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipherlast	$out1,$out1,$in1
 	 lvx_u		$in1,$x10,$inp
 	vcipherlast	$out2,$out2,$in2
@@ -2703,7 +2725,10 @@ Loop_xts_enc6x:
 	vcipherlast	$out4,$out4,$in4
 	 le?vperm	$in2,$in2,$in2,$leperm
 	 lvx_u		$in4,$x40,$inp
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		10, 32+$in0, 32+$in0
+	 xxlor		32+$in0, 0, 0
+	 vpermxor	$tweak, $tweak, $tmp, $in0
+	 xxlor		32+$in0, 10, 10
 	vcipherlast	$tmp,$out5,$in5		# last block might be needed
 						# in stealing mode
 	 le?vperm	$in3,$in3,$in3,$leperm
@@ -2736,6 +2761,8 @@ Loop_xts_enc6x:
 	mtctr		$rounds
 	beq		Loop_xts_enc6x		# did $len-=96 borrow?
 
+	xxlor		32+$eighty7, 2, 2		# 0x870101..01
+
 	addic.		$len,$len,0x60
 	beq		Lxts_enc6x_zero
 	cmpwi		$len,0x20
@@ -3112,6 +3139,18 @@ _aesp8_xts_decrypt6x:
 	li		$x70,0x70
 	mtspr		256,r0
 
+	# Reverse eighty7 to 0x010101..87
+	xxlor		2, 32+$eighty7, 32+$eighty7
+	vsldoi		$eighty7,$tmp,$eighty7,1	# 0x010101..87
+	xxlor		1, 32+$eighty7, 32+$eighty7
+
+	# Load XOR contents. 0xf102132435465768798a9bacbdcedfe
+	mr		$x70, r6
+	bl		Lconsts
+	lxvw4x		0, $x40, r6		# load XOR contents
+	mr		r6, $x70
+	li		$x70,0x70
+
 	subi		$rounds,$rounds,3	# -4 in total
 
 	lvx		$rndkey0,$x00,$key1	# load key schedule
@@ -3159,64 +3198,64 @@ Load_xts_dec_key:
 	vxor		$twk0,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out0,$in0,$twk0
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in1, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in1
 
 	 lvx_u		$in1,$x10,$inp
 	vxor		$twk1,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in1,$in1,$in1,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out1,$in1,$twk1
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in2, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in2
 
 	 lvx_u		$in2,$x20,$inp
 	 andi.		$taillen,$len,15
 	vxor		$twk2,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in2,$in2,$in2,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out2,$in2,$twk2
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in3, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in3
 
 	 lvx_u		$in3,$x30,$inp
 	 sub		$len,$len,$taillen
 	vxor		$twk3,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in3,$in3,$in3,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out3,$in3,$twk3
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in4, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in4
 
 	 lvx_u		$in4,$x40,$inp
 	 subi		$len,$len,0x60
 	vxor		$twk4,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
-	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in4,$in4,$in4,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out4,$in4,$twk4
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in5, 0, 0
+	vpermxor	$tweak, $tweak, $tmp, $in5
 
 	 lvx_u		$in5,$x50,$inp
 	 addi		$inp,$inp,0x60
 	vxor		$twk5,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
*** 8393 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409280352.48S3qUAk014436>