Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
openssl-1_0_0
openssl-fips-OPENSSL_s390xcap.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-fips-OPENSSL_s390xcap.patch of Package openssl-1_0_0
Index: openssl-1.0.2l/doc/crypto/OPENSSL_s390xcap.pod =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2l/doc/crypto/OPENSSL_s390xcap.pod 2017-07-04 10:44:15.311146555 +0200 @@ -0,0 +1,175 @@ +=pod + +=head1 NAME + +OPENSSL_s390xcap - the z processor capabilities vector + +=head1 SYNOPSIS + + env OPENSSL_s390xcap=... <application> + +=head1 DESCRIPTION + +libcrypto supports z architecture instruction set extensions. These +extensions are denoted by individual bits in the capability vector. +When libcrypto is initialized, the bits returned by the STFLE instruction +and by the QUERY functions are stored in the vector. + +The OPENSSL_s390xcap environment variable can be set before starting an +application to affect capability detection. It is specified by a +colon-separated list of 64-bit values in hexadecimal notation, the 0x +prefix being optional. The ~ prefix means bitwise NOT and a point +indicates the end of the STFLE bits respectively the beginning of the +QUERY bits. + +After initialization, the capability vector is ANDed bitwise with the +corresponding parts of the environment variable. + +The following bits are significant: + +: +: + +=over + +=item #62 vector facility + +=back + +. + +=over + +=item #60 KIMD-SHA-512 + +=item #61 KIMD-SHA-256 + +=item #62 KIMD-SHA-1 + +=back + +: + +=over + +=item #62 KIMD-GHASH + +=back + +: + +=over + +=item #11 KM-XTS-AES-256 + +=item #13 KM-XTS-AES-128 + +=item #43 KM-AES-256 + +=item #44 KM-AES-192 + +=item #45 KM-AES-128 + +=back + +: +: + +=over + +=item #43 KMC-AES-256 + +=item #44 KMC-AES-192 + +=item #45 KMC-AES-128 + +=back + +: +: + +=over + +=item #43 KMAC-AES-256 + +=item #44 KMAC-AES-192 + +=item #45 KMAC-AES-128 + +=back + +: +: +: +: + +=over + +=item #43 KMO-AES-256 + +=item #44 KMO-AES-192 + +=item #45 KMO-AES-128 + +=back + +: +: + +=over + +=item #43 KMF-AES-256 + +=item #44 KMF-AES-192 + +=item #45 KMF-AES-128 + +=back + +: +: + +=over + +=item #60 PRNO-SHA-512-DRNG + +=back + +: + +=over + +=item #13 PRNO-TRNG + +=back + +: + +=over + +=item #43 KMA-GCM-AES-256 + +=item #44 KMA-GCM-AES-192 + +=item #45 KMA-GCM-AES-128 + +=back + +=head1 EXAMPLES + +OPENSSL_s390xcap=0:0:~0x4000000000000000 disables the vector facility. + +OPENSSL_s390xcap=.0:0 disables KIMD. + +OPENSSL_s390xcap=.::~0x2800 disables KM-XTS-AES. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut Index: openssl-1.0.2l/crypto/aes/asm/aes-s390x.pl =================================================================== --- openssl-1.0.2l.orig/crypto/aes/asm/aes-s390x.pl 2017-05-25 14:54:34.000000000 +0200 +++ openssl-1.0.2l/crypto/aes/asm/aes-s390x.pl 2017-07-04 10:46:19.041026703 +0200 @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -92,10 +99,12 @@ if ($flavour =~ /3[12]/) { $g="g"; } -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; -$softonly=0; # allow hardware support +# 0: Enable hardware support. +# 1: Disable hardware support. Requires -DAES_SOFTONLY built. +$softonly=0; $t0="%r0"; $mask="%r0"; $t1="%r1"; @@ -814,13 +823,10 @@ $code.=<<___ if (!$softonly); ar %r5,%r0 larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security assist - jz .Lekey_internal - llihh %r0,0x8000 srlg %r0,%r0,0(%r5) - ng %r0,48(%r1) # check kmc capability vector + ng %r0,40(%r1) # check km capability vector + ng %r0,56(%r1) # check kmc capability vector jz .Lekey_internal lmg %r0,%r1,0($inp) # just copy 128 bits... @@ -1388,6 +1394,7 @@ $code.=<<___; .type AES_ctr32_encrypt,\@function .align 16 AES_ctr32_encrypt: +.cfi_startproc xgr %r3,%r4 # flip %r3 and %r4, $out and $len xgr %r4,%r3 xgr %r3,%r4 @@ -1399,7 +1406,45 @@ $code.=<<___ if (!$softonly); clr %r0,%r1 jl .Lctr32_software - stm${g} %r6,$s3,6*$SIZE_T($sp) + stm${g} $s2,$s3,10*$SIZE_T($sp) + .cfi_rel_offset $s2,10*$SIZE_T + .cfi_rel_offset $s3,11*$SIZE_T + llgfr $s2,%r0 + larl %r1,OPENSSL_s390xcap_P + llihh %r0,0x8000 # check if kma supports the function code + srlg %r0,%r0,0($s2) + ng %r0,152(%r1) # check kma capability vector + lgr %r0,$s2 + jz .Lctr32_nokma + + aghi $sp,-112 + .cfi_adjust_cfa_offset 112 + lhi %r1,0x0600 + sllg $len,$len,4 + or %r0,%r1 # set HS and LAAD flags + lmg $s2,$s3,0($ivp) + la %r1,0($sp) # prepare parameter block + ahi $s3,-1 # decrement counter + mvc 80(32,$sp),0($key) # copy key + stmg $s2,$s3,64($sp) # copy iv + st $s3,12($sp) # copy counter + lghi $s3,0 # no AAD + + .long 0xb929a042 # kma $out,$s2,$inp + brc 1,.-4 # pay attention to "partial completion" + + xc 80(32,$sp),80($sp) # wipe key copy + la $sp,112($sp) + .cfi_adjust_cfa_offset -112 + lm${g} $s2,$s3,10*$SIZE_T($sp) + .cfi_restore $s2 + .cfi_restore $s3 + br $ra + +.align 16 +.Lctr32_nokma: + + stm${g} %r6,$s1,6*$SIZE_T($sp) slgr $out,$inp la %r1,0($key) # %r1 is permanent copy of $key @@ -1432,18 +1477,13 @@ $code.=<<___ if (!$softonly); .Lctr32_hw_switch: ___ -$code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower - larl $s0,OPENSSL_s390xcap_P - lg $s0,8($s0) - tmhh $s0,0x0004 # check for message_security-assist-4 - jz .Lctr32_km_loop - +$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower llgfr $s0,%r0 lgr $s1,%r1 larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 # check if kmctr supports the function code srlg %r0,%r0,0($s0) - ng %r0,64(%r1) # check kmctr capability vector + ng %r0,88(%r1) # check kmctr capability vector lgr %r0,$s0 lgr %r1,$s1 jz .Lctr32_km_loop @@ -1481,7 +1521,7 @@ $code.=<<___ if (0); ######### kmctr cod br $ra .align 16 ___ -$code.=<<___; +$code.=<<___ if (!$softonly); .Lctr32_km_loop: la $s2,16($sp) lgr $s3,$fp @@ -1563,6 +1603,7 @@ $code.=<<___; lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra +.cfi_endproc .size AES_ctr32_encrypt,.-AES_ctr32_encrypt ___ } @@ -1593,7 +1634,7 @@ $code.=<<___ if(1); larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 srlg %r0,%r0,32($s1) # check for 32+function code - ng %r0,32(%r1) # check km capability vector + ng %r0,40(%r1) # check km capability vector lgr %r0,$s0 # restore the function code la %r1,0($key1) # restore $key1 jz .Lxts_km_vanilla @@ -1628,7 +1669,7 @@ $code.=<<___ if(1); llgc $len,2*$SIZE_T-1($sp) nill $len,0x0f # $len%=16 br $ra - + .align 16 .Lxts_km_vanilla: ___ @@ -1855,7 +1896,7 @@ $code.=<<___; xgr $s1,%r1 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits + srlg $s0,$s1,32 # smash the tweak to 4x32-bits stg $s1,$tweak+0($sp) # save the tweak llgfr $s1,$s1 srlg $s2,$s3,32 @@ -1906,7 +1947,7 @@ $code.=<<___; xgr $s1,%r1 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits + srlg $s0,$s1,32 # smash the tweak to 4x32-bits stg $s1,$tweak+0($sp) # save the tweak llgfr $s1,$s1 srlg $s2,$s3,32 @@ -2098,7 +2139,7 @@ $code.=<<___; xgr $s1,%r1 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits + srlg $s0,$s1,32 # smash the tweak to 4x32-bits stg $s1,$tweak+0($sp) # save the tweak llgfr $s1,$s1 srlg $s2,$s3,32 @@ -2218,9 +2259,211 @@ $code.=<<___; .size AES_xts_decrypt,.-AES_xts_decrypt ___ } + +################ +# void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx, +# const unsigned char *in, size_t len, +# const unsigned char *aad, size_t alen, +# const AES_KEY *key, int enc) +{ +my ($out,$ctx,$in,$len,$aad,$alen,$key,$enc) = map("%r$_",(2..9)); +$code.=<<___ if (!$softonly); +.globl s390x_aes_gcm_blocks +.type s390x_aes_gcm_blocks,\@function +.align 16 +s390x_aes_gcm_blocks: +.cfi_startproc + stm$g $alen,$enc,7*$SIZE_T($sp) + .cfi_rel_offset $alen,7*$SIZE_T + .cfi_rel_offset $key,8*$SIZE_T + .cfi_rel_offset $enc,9*$SIZE_T + lm$g $alen,$enc,$stdframe($sp) + + aghi $sp,-112 + .cfi_adjust_cfa_offset 112 + + lmg %r0,%r1,0($ctx) + ahi %r1,-1 + + mvc 16(32,$sp),64($ctx) # copy Xi/H + #mvc 48(16,$sp),48($ctx) # copy len + mvc 80(32,$sp),0($key) # copy key + st %r1,12($sp) # copy Yi + stmg %r0,%r1,64($sp) + + lhi %r1,128 + l %r0,240($key) # kma capability vector checked by caller + sll $enc,7 + xr $enc,%r1 + or %r0,$enc + + la %r1,0($sp) + + .long 0xb9296024 # kma $out,$aad,$in + brc 1,.-4 # pay attention to "partial completion" + + l %r0,12($sp) + mvc 64(16,$ctx),16($sp) # update Xi + xc 0(112,$sp),0($sp) # wipe stack + + la $sp,112($sp) + .cfi_adjust_cfa_offset -112 + ahi %r0,1 + st %r0,12($ctx) + + lm$g $alen,$enc,7*$SIZE_T($sp) + .cfi_restore $alen + .cfi_restore $key + .cfi_restore $enc + br $ra +.cfi_endproc +.size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks +___ +} + +################ +# void s390x_aes_ofb_blocks(unsigned char *out, +# unsigned char iv[AES_BLOCK_SIZE], +# const unsigned char *in, size_t len, +# const AES_KEY *key) +{ +my ($out,$iv,$in,$len,$key) = map("%r$_",(2..6)); + +$code.=<<___ if (!$softonly); +.globl s390x_aes_ofb_blocks +.type s390x_aes_ofb_blocks,\@function +.align 16 +s390x_aes_ofb_blocks: +.cfi_startproc + aghi $sp,-48 + .cfi_adjust_cfa_offset 48 + l %r0,240($key) # kmo capability vector checked by caller + + mvc 0(16,$sp),0($iv) + mvc 16(32,$sp),0($key) + la %r1,0($sp) + + .long 0xb92b0024 # kmo $out,$in + brc 1,.-4 # pay attention to "partial completion" + + mvc 0(16,$iv),0($sp) + xc 0(48,$sp),0($sp) # wipe iv,key + la $sp,48($sp) + .cfi_adjust_cfa_offset -48 + br $ra +.cfi_endproc +.size s390x_aes_ofb_blocks,.-s390x_aes_ofb_blocks +___ +} + +################ +# void s390x_aes_ecb_blocks(unsigned char *out, const AES_KEY *key, +# const unsigned char *in, size_t len) +{ +my ($out,$key,$in,$len) = map("%r$_",(2..5)); + +$code.=<<___ if (!$softonly); +.globl s390x_aes_ecb_blocks +.type s390x_aes_ecb_blocks,\@function +.align 16 +s390x_aes_ecb_blocks: + l %r0,240($key) # km capability vector checked by caller + la %r1,0($key) + + .long 0xb92e0024 # km $out,$in + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_aes_ecb_blocks,.-s390x_aes_ecb_blocks +___ +} + +################ +# void s390x_aes_cfb_blocks(unsigned char *out, +# unsigned char iv[AES_BLOCK_SIZE], +# const unsigned char *in, size_t len, +# const AES_KEY *key, int s, int enc) +{ +my ($out,$iv,$in,$len,$key,$s,$enc) = map("%r$_",(2..8)); +$code.=<<___ if (!$softonly); +.globl s390x_aes_cfb_blocks +.type s390x_aes_cfb_blocks,\@function +.align 16 +s390x_aes_cfb_blocks: +.cfi_startproc + stm$g $s,$enc,7*$SIZE_T($sp) + .cfi_rel_offset $s,7*$SIZE_T + .cfi_rel_offset $enc,8*$SIZE_T + lm$g $s,$enc,$stdframe($sp) + aghi $sp,-48 + .cfi_adjust_cfa_offset 48 + lhi %r1,128 + + sllg %r0,$s,24 + sll $enc,7 + xr $enc,%r1 + o %r0,240($key) # kmf capability vector checked by caller + or %r0,$enc + + mvc 0(16,$sp),0($iv) + mvc 16(32,$sp),0($key) + la %r1,0($sp) + + .long 0xb92a0024 # kmf $out,$in + brc 1,.-4 # pay attention to "partial completion" + + mvc 0(16,$iv),0($sp) + xc 0(48,$sp),0($sp) # wipe iv,key + + la $sp,48($sp) + .cfi_adjust_cfa_offset -48 + lm$g $s,$enc,7*$SIZE_T($sp) + .cfi_restore $s + .cfi_restore $enc + br $ra +.cfi_endproc +.size s390x_aes_cfb_blocks,.-s390x_aes_cfb_blocks +___ +} + +################ +# void s390x_aes_cbc_mac_blocks(unsigned char mac[AES_BLOCK_SIZE], +# const AES_KEY *key, const unsigned char *in, +# size_t len) +{ +my ($mac,$key,$in,$len) = map("%r$_",(2..6)); +$code.=<<___ if (!$softonly); +.globl s390x_aes_cbc_mac_blocks +.type s390x_aes_cbc_mac_blocks,\@function +.align 16 +s390x_aes_cbc_mac_blocks: +.cfi_startproc + aghi $sp,-48 + .cfi_adjust_cfa_offset 48 + l %r0,240($key) # kmac capability vector checked by caller + nill %r0,0xff7f # clear "decrypt" bit + + mvc 0(16,$sp),0($mac) + mvc 16(32,$sp),0($key) + la %r1,0($sp) + + .long 0xb91e0024 # kmac %r2,$in + brc 1,.-4 # pay attention to "partial completion" + + mvc 0(16,$mac),0($sp) + xc 0(48,$sp),0($sp) # wipe mac,key + + la $sp,48($sp) + .cfi_adjust_cfa_offset -48 + br $ra +.cfi_endproc +.size s390x_aes_cbc_mac_blocks,.-s390x_aes_cbc_mac_blocks +___ +} + $code.=<<___; .string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>" -.comm OPENSSL_s390xcap_P,80,8 +.comm OPENSSL_s390xcap_P,168,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; Index: openssl-1.0.2l/crypto/s390x_arch.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2l/crypto/s390x_arch.h 2017-07-04 10:44:15.315146616 +0200 @@ -0,0 +1,80 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef S390X_ARCH_H +# define S390X_ARCH_H + +# include <stdint.h> + +/* + * The elements of OPENSSL_s390xcap_P are the doublewords returned by the STFLE + * instruction followed by the doubleword pairs returned by instructions' QUERY + * functions. If STFLE returns fewer doublewords or an instruction is not + * supported, the corresponding element is zero. The order is as follows: + * + * STFLE:STFLE:STFLE. + * KIMD:KIMD:KM:KM:KMC:KMC:KMAC:KMAC:KMCTR:KMCTR:KMO:KMO:KMF:KMF:PPNO:PPNO: + * KMA:KMA + */ +# define S390X_STFLE_DWORDS 3 +# define S390X_QUERY_DWORDS 18 +# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS) +extern uint64_t OPENSSL_s390xcap_P[]; + +/* OPENSSL_s390xcap_P[2] flags */ +# define S390X_STFLE_VXE (1ULL << 56) +# define S390X_STFLE_VXD (1ULL << 57) +# define S390X_STFLE_VX (1ULL << 62) + +/* OPENSSL_s390xcap_P[5] flags */ +# define S390X_KM_AES_256 (1ULL << 43) +# define S390X_KM_AES_192 (1ULL << 44) +# define S390X_KM_AES_128 (1ULL << 45) + +/* OPENSSL_s390xcap_P[7] flags */ +# define S390X_KMC_AES_256 (1ULL << 43) +# define S390X_KMC_AES_192 (1ULL << 44) +# define S390X_KMC_AES_128 (1ULL << 45) + +/* OPENSSL_s390xcap_P[9] flags */ +# define S390X_KMAC_AES_256 (1ULL << 43) +# define S390X_KMAC_AES_192 (1ULL << 44) +# define S390X_KMAC_AES_128 (1ULL << 45) + +/* OPENSSL_s390xcap_P[13] flags */ +# define S390X_KMO_AES_256 (1ULL << 43) +# define S390X_KMO_AES_192 (1ULL << 44) +# define S390X_KMO_AES_128 (1ULL << 45) + +/* OPENSSL_s390xcap_P[15] flags */ +# define S390X_KMF_AES_256 (1ULL << 43) +# define S390X_KMF_AES_192 (1ULL << 44) +# define S390X_KMF_AES_128 (1ULL << 45) + +/* OPENSSL_s390xcap_P[17] flags */ +# define S390X_PRNO_SHA_512_DRNG (1ULL << 60) + +/* OPENSSL_s390xcap_P[18] flags */ +# define S390X_PRNO_TRNG (1ULL << 13) + +/* OPENSSL_s390xcap_P[19] flags */ +# define S390X_KMA_GCM_AES_256 (1ULL << 43) +# define S390X_KMA_GCM_AES_192 (1ULL << 44) +# define S390X_KMA_GCM_AES_128 (1ULL << 45) + +/* %r0 flags */ +# define S390X_PRNO_SEED (1ULL << 7) +# define S390X_KMA_LPC (1ULL << 8) +# define S390X_KMA_LAAD (1ULL << 9) +# define S390X_KMA_HS (1ULL << 10) + +/* %r0 function codes */ +# define S390X_PRNO_SHA_512_DRNG_FC 3 + +#endif Index: openssl-1.0.2l/crypto/s390xcap.c =================================================================== --- openssl-1.0.2l.orig/crypto/s390xcap.c 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/s390xcap.c 2017-07-04 10:47:22.797994083 +0200 @@ -4,8 +4,7 @@ #include <setjmp.h> #include <signal.h> #include "cryptlib.h" - -extern unsigned long OPENSSL_s390xcap_P[]; +#include "s390x_arch.h" static sigjmp_buf ill_jmp; static void ill_handler(int sig) @@ -13,17 +12,47 @@ static void ill_handler(int sig) siglongjmp(ill_jmp, sig); } -unsigned long OPENSSL_s390x_facilities(void); +/*- + * os-specific function to check if "vector enablement control"-bit and + * "AFP register control"-bit in control register 0 are set. + */ +static int vx_enabled(void) +{ +#if defined(OPENSSL_SYS_LINUX) + FILE *fd; + char buf[4096]; + + if ((fd = fopen("/proc/cpuinfo", "r")) == NULL) + return 0; + + buf[0] = '\0'; + + while ((fgets(buf, sizeof(buf), fd) != NULL) + && (strstr(buf, "features") != buf)); + + fclose(fd); + return (strstr(buf, " vx ") != NULL) ? 1 : 0; +#else + return 0; +#endif +} + + +void OPENSSL_s390x_facilities(void); void OPENSSL_cpuid_setup(void) { sigset_t oset; struct sigaction ill_act, oact; + uint64_t vec; + char *env; + int off; + int i; if (OPENSSL_s390xcap_P[0]) return; - OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1); + OPENSSL_s390xcap_P[0] = 1ULL << (8 * sizeof(uint64_t) - 1); memset(&ill_act, 0, sizeof(ill_act)); ill_act.sa_handler = ill_handler; @@ -39,4 +68,32 @@ void OPENSSL_cpuid_setup(void) sigaction(SIGILL, &oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); + + /* protection against disabled vector facility */ + if (!vx_enabled()) { + OPENSSL_s390xcap_P[2] &= ~(S390X_STFLE_VXE | S390X_STFLE_VXD | + S390X_STFLE_VX); + } + + if ((env = getenv("OPENSSL_s390xcap")) != NULL) { + for (i = 0; i < S390X_CAP_DWORDS; i++) { + off = (env[0] == '~') ? 1 : 0; + + if (sscanf(env + off, "%llx", (unsigned long long *)&vec) == 1) + OPENSSL_s390xcap_P[i] &= off ? ~vec : vec; + + if (i == S390X_STFLE_DWORDS - 1) + env = strchr(env, '.'); + else + env = strpbrk(env, ":."); + + if (env == NULL) + break; + + if (env[0] == '.') + i = S390X_STFLE_DWORDS - 1; + + env++; + } + } } Index: openssl-1.0.2l/crypto/s390xcpuid.S =================================================================== --- openssl-1.0.2l.orig/crypto/s390xcpuid.S 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/s390xcpuid.S 2017-07-04 10:44:15.315146616 +0200 @@ -1,4 +1,10 @@ .text +// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +// +// Licensed under the OpenSSL license (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy +// in the file LICENSE in the source distribution or at +// https://www.openssl.org/source/license.html .globl OPENSSL_s390x_facilities .type OPENSSL_s390x_facilities,@function @@ -15,35 +21,76 @@ OPENSSL_s390x_facilities: stg %r0,56(%r4) stg %r0,64(%r4) stg %r0,72(%r4) + stg %r0,80(%r4) + stg %r0,88(%r4) + stg %r0,96(%r4) + stg %r0,104(%r4) + stg %r0,112(%r4) + stg %r0,120(%r4) + stg %r0,128(%r4) + stg %r0,136(%r4) + stg %r0,144(%r4) + stg %r0,152(%r4) + stg %r0,160(%r4) .long 0xb2b04000 # stfle 0(%r4) brc 8,.Ldone lghi %r0,1 .long 0xb2b04000 # stfle 0(%r4) + brc 8,.Ldone + lghi %r0,2 + .long 0xb2b04000 # stfle 0(%r4) .Ldone: lmg %r2,%r3,0(%r4) tmhl %r2,0x4000 # check for message-security-assist jz .Lret lghi %r0,0 # query kimd capabilities - la %r1,16(%r4) + la %r1,24(%r4) .long 0xb93e0002 # kimd %r0,%r2 lghi %r0,0 # query km capability vector - la %r1,32(%r4) + la %r1,40(%r4) .long 0xb92e0042 # km %r4,%r2 lghi %r0,0 # query kmc capability vector - la %r1,48(%r4) + la %r1,56(%r4) .long 0xb92f0042 # kmc %r4,%r2 + lghi %r0,0 # query kmac capability vector + la %r1,72(%r4) + .long 0xb91e0042 # kmac %r4,%r2 + tmhh %r3,0x0004 # check for message-security-assist-4 jz .Lret lghi %r0,0 # query kmctr capability vector - la %r1,64(%r4) + la %r1,88(%r4) .long 0xb92d2042 # kmctr %r4,%r2,%r2 + lghi %r0,0 # query kmo capability vector + la %r1,104(%r4) + .long 0xb92b0042 # kmo %r4,%r2 + + lghi %r0,0 # query kmf capability vector + la %r1,120(%r4) + .long 0xb92a0042 # kmf %r4,%r2 + + tml %r2,0x40 # check for message-security-assist-5 + jz .Lret + + lghi %r0,0 # query prno capability vector + la %r1,136(%r4) + .long 0xb93c0042 # prno %r4,%r2 + + lg %r2,16(%r4) + tmhl %r2,0x2000 # check for message-security-assist-8 + jz .Lret + + lghi %r0,0 # query kma capability vector + la %r1,152(%r4) + .long 0xb9294022 # kma %r2,%r4,%r2 + .Lret: br %r14 .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities @@ -125,7 +172,49 @@ OPENSSL_cleanse: br %r14 .size OPENSSL_cleanse,.-OPENSSL_cleanse +.globl OPENSSL_instrument_bus +.type OPENSSL_instrument_bus,@function +.align 16 +OPENSSL_instrument_bus: + lghi %r2,0 + br %r14 +.size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus + +.globl OPENSSL_instrument_bus2 +.type OPENSSL_instrument_bus2,@function +.align 16 +OPENSSL_instrument_bus2: + lghi %r2,0 + br %r14 +.size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 + +.globl s390x_trng +.type s390x_trng,@function +.align 16 +s390x_trng: + lghi %r5,0 + lghi %r0,114 # prno capability vector checked by caller + .long 0xb93c0042 # prno %r4,%r2 + brc 1,.-4 # pay attention to "partial completion" + br %r14 +.size s390x_trng,.-s390x_trng + +.globl s390x_drng +.type s390x_drng,@function +.align 16 +s390x_drng: +#if !defined(__s390x__) && !defined(__s390x) + l %r1,96(%r15) +#else + lg %r1,160(%r15) +#endif + lr %r0,%r6 # prno capability vector checked by caller + .long 0xb93c0024 # prno %r2,%r4 + brc 1,.-4 # pay attention to "partial completion" + br %r14 +.size s390x_drng,.-s390x_drng + .section .init brasl %r14,OPENSSL_cpuid_setup -.comm OPENSSL_s390xcap_P,80,8 +.comm OPENSSL_s390xcap_P,168,8 Index: openssl-1.0.2l/crypto/modes/asm/ghash-s390x.pl =================================================================== --- openssl-1.0.2l.orig/crypto/modes/asm/ghash-s390x.pl 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/modes/asm/ghash-s390x.pl 2017-07-04 10:44:15.315146616 +0200 @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL @@ -47,7 +54,7 @@ if ($flavour =~ /3[12]/) { $g="g"; } -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $softonly=0; @@ -81,21 +88,27 @@ gcm_gmult_4bit: ___ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block... larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security-assist - jz .Lsoft_gmult lghi %r0,0 - lg %r1,24(%r1) # load second word of kimd capabilities vector + lg %r1,32(%r1) # load second word of kimd capabilities vector tmhh %r1,0x4000 # check for function 65 jz .Lsoft_gmult + lghi %r1,-16 stg %r0,16($sp) # arrange 16 bytes of zero input stg %r0,24($sp) + la $Htbl,0(%r1,$Htbl) # H lies right before Htable + lghi %r0,65 # function 65 - la %r1,0($Xi) # H lies right after Xi in gcm128_context + la %r1,32($sp) + mvc 32(16,$sp),0($Xi) # copy Xi/Yi + mvc 48(16,$sp),0($Htbl) # copy H la $inp,16($sp) lghi $len,16 .long 0xb93e0004 # kimd %r0,$inp brc 1,.-4 # pay attention to "partial completion" + + mvc 0(16,$Xi),32($sp) + xc 32(32,$sp),32($sp) # wipe stack + br %r14 .align 32 .Lsoft_gmult: @@ -119,14 +132,8 @@ gcm_ghash_4bit: ___ $code.=<<___ if(!$softonly); larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security-assist - jz .Lsoft_ghash - lghi %r0,0 - la %r1,16($sp) - .long 0xb93e0004 # kimd %r0,%r4 - lg %r1,24($sp) - tmhh %r1,0x4000 # check for function 65 + lg %r0,32(%r1) # load second word of kimd capabilities vector + tmhh %r0,0x4000 # check for function 65 jz .Lsoft_ghash lghi %r0,65 # function 65 la %r1,0($Xi) # H lies right after Xi in gcm128_context @@ -151,7 +158,7 @@ $code.=<<___; lg $Zhi,0+1($Xi) lghi $tmp,0 .Louter: - xg $Zhi,0($inp) # Xi ^= inp + xg $Zhi,0($inp) # Xi ^= inp xg $Zlo,8($inp) xgr $Zhi,$tmp stg $Zlo,8+1($Xi) Index: openssl-1.0.2l/crypto/sha/asm/sha1-s390x.pl =================================================================== --- openssl-1.0.2l.orig/crypto/sha/asm/sha1-s390x.pl 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/sha/asm/sha1-s390x.pl 2017-07-04 10:44:15.315146616 +0200 @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -28,7 +35,8 @@ # instructions and achieve "64-bit" performance even in 31-bit legacy # application context. The feature is not specific to any particular # processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. +# remains z/Architecture specific. On z990 it was measured to perform +# 23% better than code generated by gcc 4.3. $kimdfunc=1; # magic function code for kimd instruction @@ -42,7 +50,7 @@ if ($flavour =~ /3[12]/) { $g="g"; } -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; $K_00_39="%r0"; $K=$K_00_39; @@ -164,10 +172,7 @@ sha1_block_data_order: ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security assist - jz .Lsoftware - lg %r0,16(%r1) # check kimd capabilities + lg %r0,24(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc @@ -234,7 +239,7 @@ $code.=<<___; br %r14 .size sha1_block_data_order,.-sha1_block_data_order .string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" -.comm OPENSSL_s390xcap_P,80,8 +.comm OPENSSL_s390xcap_P,168,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; Index: openssl-1.0.2l/crypto/sha/asm/sha512-s390x.pl =================================================================== --- openssl-1.0.2l.orig/crypto/sha/asm/sha512-s390x.pl 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/sha/asm/sha512-s390x.pl 2017-07-04 10:44:15.315146616 +0200 @@ -1,4 +1,11 @@ -#!/usr/bin/env perl +#! /usr/bin/env perl +# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + # ==================================================================== # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL @@ -33,7 +40,7 @@ # instructions and achieve "64-bit" performance even in 31-bit legacy # application context. The feature is not specific to any particular # processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z900 SHA256 was measured to +# remains z/Architecture specific. On z990 SHA256 was measured to # perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3. $flavour = shift; @@ -64,7 +71,7 @@ $tbl="%r13"; $T1="%r14"; $sp="%r15"; -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} open STDOUT,">$output"; if ($output =~ /512/) { @@ -237,10 +244,7 @@ $Func: ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security assist - jz .Lsoftware - lg %r0,16(%r1) # check kimd capabilities + lg %r0,24(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc @@ -304,11 +308,11 @@ $code.=<<___; cl${g} $inp,`$frame+4*$SIZE_T`($sp) jne .Lloop - lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) + lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) br %r14 .size $Func,.-$Func .string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" -.comm OPENSSL_s390xcap_P,80,8 +.comm OPENSSL_s390xcap_P,168,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; Index: openssl-1.0.2l/crypto/modes/gcm128.c =================================================================== --- openssl-1.0.2l.orig/crypto/modes/gcm128.c 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/modes/gcm128.c 2017-07-04 10:44:15.315146616 +0200 @@ -882,6 +882,10 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT * ctx->ghash = NULL; # endif } +# elif defined(GHASH_ASM) + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; + ctx->ghash = gcm_ghash_4bit; # else gcm_init_4bit(ctx->Htable, ctx->H.u); # endif Index: openssl-1.0.2l/crypto/evp/e_aes.c =================================================================== --- openssl-1.0.2l.orig/crypto/evp/e_aes.c 2017-07-04 10:44:04.942989018 +0200 +++ openssl-1.0.2l/crypto/evp/e_aes.c 2017-07-04 10:44:15.319146676 +0200 @@ -873,6 +873,181 @@ static const EVP_CIPHER aes_##keylen##_# const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } +#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY) +/* + * IBM S390X support + */ +# include "s390x_arch.h" + +/*- + * If KM and KMC support the function code, AES_KEY structure holds + * key/function code (instead of key schedule/number of rounds). + */ +# define S390X_AES_FC(key) (((AES_KEY *)(key))->rounds) + +# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\ + (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128)) +# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\ + (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192)) +# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\ + (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256)) + +# define s390x_aes_init_key aes_init_key +static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 + +# define s390x_aes_cbc_cipher aes_cbc_cipher +static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ecb_CAPABLE 0 +# define S390X_aes_192_ecb_CAPABLE 0 +# define S390X_aes_256_ecb_CAPABLE 0 + +# define s390x_aes_ecb_cipher aes_ecb_cipher +static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ofb_CAPABLE 0 +# define S390X_aes_192_ofb_CAPABLE 0 +# define S390X_aes_256_ofb_CAPABLE 0 + +# define s390x_aes_ofb_cipher aes_ofb_cipher +static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_cfb_CAPABLE 0 +# define S390X_aes_192_cfb_CAPABLE 0 +# define S390X_aes_256_cfb_CAPABLE 0 + +# define s390x_aes_cfb_cipher aes_cfb_cipher +static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_cfb8_CAPABLE 0 +# define S390X_aes_192_cfb8_CAPABLE 0 +# define S390X_aes_256_cfb8_CAPABLE 0 + +# define s390x_aes_cfb8_cipher aes_cfb8_cipher +static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 + +# define s390x_aes_cfb1_cipher aes_cfb1_cipher +static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 + +# define s390x_aes_ctr_cipher aes_ctr_cipher +static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_gcm_CAPABLE 0 +# define S390X_aes_192_gcm_CAPABLE 0 +# define S390X_aes_256_gcm_CAPABLE 0 + +# define s390x_aes_gcm_init_key aes_gcm_init_key +static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); + +# define s390x_aes_gcm_cipher aes_gcm_cipher +static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 1 + +# define s390x_aes_xts_init_key aes_xts_init_key +static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); + +# define s390x_aes_xts_cipher aes_xts_cipher +static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ccm_CAPABLE 0 +# define S390X_aes_192_ccm_CAPABLE 0 +# define S390X_aes_256_ccm_CAPABLE 0 + +# define s390x_aes_ccm_init_key aes_ccm_init_key +static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); + +# define s390x_aes_ccm_cipher aes_ccm_cipher +static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# ifndef OPENSSL_NO_OCB +# define S390X_aes_128_ocb_CAPABLE 0 +# define S390X_aes_192_ocb_CAPABLE 0 +# define S390X_aes_256_ocb_CAPABLE 0 + +# define s390x_aes_ocb_init_key aes_ocb_init_key +static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +# define s390x_aes_ocb_cipher aes_ocb_cipher +static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# endif + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + s390x_aes_init_key, \ + s390x_aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize, \ + keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \ + &aes_##keylen##_##mode; } + +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \ + &aes_##keylen##_##mode; } + # else # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor