openssl-1_1/openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch

674 lines
24 KiB
Diff
Raw Normal View History

diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index 64e7ebb..34e04b4 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -52,6 +52,9 @@ __attribute__ ((visibility("hidden")))
#endif
2020-01-24 12:52:58 +01:00
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+/* Max number of 64-bit words currently returned by STFLE */
+# define S390X_STFLE_MAX 3
+
/* convert facility bit number or function code to bit mask */
# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64))
@@ -71,9 +74,15 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
2020-01-24 12:52:58 +01:00
# define S390X_KMA 0xb0
/* Facility Bit Numbers */
-# define S390X_VX 129
-# define S390X_VXD 134
-# define S390X_VXE 135
+# define S390X_MSA 17 /* message-security-assist */
+# define S390X_STCKF 25 /* store-clock-fast */
+# define S390X_MSA5 57 /* message-security-assist-ext. 5 */
+# define S390X_MSA3 76 /* message-security-assist-ext. 3 */
+# define S390X_MSA4 77 /* message-security-assist-ext. 4 */
+# define S390X_VX 129 /* vector */
+# define S390X_VXD 134 /* vector packed decimal */
+# define S390X_VXE 135 /* vector enhancements 1 */
+# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
/* Function Codes */
@@ -81,6 +90,9 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
2020-01-24 12:52:58 +01:00
# define S390X_QUERY 0
/* kimd/klmd */
+# define S390X_SHA_1 1
+# define S390X_SHA_256 2
+# define S390X_SHA_512 3
# define S390X_SHA3_224 32
# define S390X_SHA3_256 33
# define S390X_SHA3_384 34
@@ -94,7 +106,12 @@ extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
2020-01-24 12:52:58 +01:00
# define S390X_AES_192 19
# define S390X_AES_256 20
+/* km */
+# define S390X_XTS_AES_128 50
+# define S390X_XTS_AES_256 52
+
/* prno */
+# define S390X_SHA_512_DRNG 3
# define S390X_TRNG 114
/* Register 0 Flags */
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
index 1097c70..da6af34 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c
2020-01-24 12:52:58 +01:00
@@ -13,15 +13,51 @@
#include <setjmp.h>
#include <signal.h>
#include "internal/cryptlib.h"
Accepting request 786956 from home:vitezslav_cizek:branches:security:tls - Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 18:43:35 +01:00
+#include "crypto/ctype.h"
2020-01-24 12:52:58 +01:00
#include "s390x_arch.h"
+#define LEN 128
+#define STR_(S) #S
+#define STR(S) STR_(S)
+
+#define TOK_FUNC(NAME) \
+ (sscanf(tok_begin, \
+ " " STR(NAME) " : %" STR(LEN) "[^:] : " \
+ "%" STR(LEN) "s %" STR(LEN) "s ", \
+ tok[0], tok[1], tok[2]) == 2) { \
+ \
+ off = (tok[0][0] == '~') ? 1 : 0; \
+ if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \
+ goto ret; \
+ if (off) \
+ cap->NAME[0] = ~cap->NAME[0]; \
+ \
+ off = (tok[1][0] == '~') ? 1 : 0; \
+ if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \
+ goto ret; \
+ if (off) \
+ cap->NAME[1] = ~cap->NAME[1]; \
+ }
+
+#define TOK_CPU(NAME) \
+ (sscanf(tok_begin, \
+ " %" STR(LEN) "s %" STR(LEN) "s ", \
+ tok[0], tok[1]) == 1 \
+ && !strcmp(tok[0], #NAME)) { \
+ memcpy(cap, &NAME, sizeof(*cap)); \
+ }
+
static sigjmp_buf ill_jmp;
static void ill_handler(int sig)
{
siglongjmp(ill_jmp, sig);
}
+static const char *env;
+static int parse_env(struct OPENSSL_s390xcap_st *cap);
+
void OPENSSL_s390x_facilities(void);
+void OPENSSL_s390x_functions(void);
void OPENSSL_vx_probe(void);
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
@@ -33,6 +69,7 @@ void OPENSSL_cpuid_setup(void)
2020-01-24 12:52:58 +01:00
{
sigset_t oset;
struct sigaction ill_act, oact_ill, oact_fpe;
+ struct OPENSSL_s390xcap_st cap;
if (OPENSSL_s390xcap_P.stfle[0])
return;
@@ -40,6 +77,12 @@ void OPENSSL_cpuid_setup(void)
2020-01-24 12:52:58 +01:00
/* set a bit that will not be tested later */
OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
+ env = getenv("OPENSSL_s390xcap");
+ if (env != NULL) {
+ if (!parse_env(&cap))
+ env = NULL;
+ }
+
memset(&ill_act, 0, sizeof(ill_act));
ill_act.sa_handler = ill_handler;
sigfillset(&ill_act.sa_mask);
@@ -54,6 +97,12 @@ void OPENSSL_cpuid_setup(void)
2020-01-24 12:52:58 +01:00
if (sigsetjmp(ill_jmp, 1) == 0)
OPENSSL_s390x_facilities();
+ if (env != NULL) {
+ OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0];
+ OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1];
+ OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2];
+ }
+
/* protection against disabled vector facility */
if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
&& (sigsetjmp(ill_jmp, 1) == 0)) {
@@ -67,4 +116,470 @@ void OPENSSL_cpuid_setup(void)
2020-01-24 12:52:58 +01:00
sigaction(SIGFPE, &oact_fpe, NULL);
sigaction(SIGILL, &oact_ill, NULL);
sigprocmask(SIG_SETMASK, &oset, NULL);
+
+ OPENSSL_s390x_functions();
+
+ if (env != NULL) {
+ OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0];
+ OPENSSL_s390xcap_P.kimd[1] &= cap.kimd[1];
+ OPENSSL_s390xcap_P.klmd[0] &= cap.klmd[0];
+ OPENSSL_s390xcap_P.klmd[1] &= cap.klmd[1];
+ OPENSSL_s390xcap_P.km[0] &= cap.km[0];
+ OPENSSL_s390xcap_P.km[1] &= cap.km[1];
+ OPENSSL_s390xcap_P.kmc[0] &= cap.kmc[0];
+ OPENSSL_s390xcap_P.kmc[1] &= cap.kmc[1];
+ OPENSSL_s390xcap_P.kmac[0] &= cap.kmac[0];
+ OPENSSL_s390xcap_P.kmac[1] &= cap.kmac[1];
+ OPENSSL_s390xcap_P.kmctr[0] &= cap.kmctr[0];
+ OPENSSL_s390xcap_P.kmctr[1] &= cap.kmctr[1];
+ OPENSSL_s390xcap_P.kmo[0] &= cap.kmo[0];
+ OPENSSL_s390xcap_P.kmo[1] &= cap.kmo[1];
+ OPENSSL_s390xcap_P.kmf[0] &= cap.kmf[0];
+ OPENSSL_s390xcap_P.kmf[1] &= cap.kmf[1];
+ OPENSSL_s390xcap_P.prno[0] &= cap.prno[0];
+ OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
+ OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
+ OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
+ }
+}
+
+static int parse_env(struct OPENSSL_s390xcap_st *cap)
+{
+ /*-
+ * CPU model data
+ * (only the STFLE- and QUERY-bits relevant to libcrypto are set)
+ */
+
+ /*-
+ * z900 (2000) - z/Architecture POP SA22-7832-00
+ * Facility detection would fail on real hw (no STFLE).
+ */
+ static const struct OPENSSL_s390xcap_st z900 = {
+ .stfle = {0ULL, 0ULL, 0ULL, 0ULL},
+ .kimd = {0ULL, 0ULL},
+ .klmd = {0ULL, 0ULL},
+ .km = {0ULL, 0ULL},
+ .kmc = {0ULL, 0ULL},
+ .kmac = {0ULL, 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z990 (2003) - z/Architecture POP SA22-7832-02
+ * Implements MSA. Facility detection would fail on real hw (no STFLE).
+ */
+ static const struct OPENSSL_s390xcap_st z990 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA),
+ 0ULL, 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1),
+ 0ULL},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z9 (2005) - z/Architecture POP SA22-7832-04
+ * Implements MSA and MSA1.
+ */
+ static const struct OPENSSL_s390xcap_st z9 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ 0ULL, 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256),
+ 0ULL},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z10 (2008) - z/Architecture POP SA22-7832-06
+ * Implements MSA and MSA1-2.
+ */
+ static const struct OPENSSL_s390xcap_st z10 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ 0ULL, 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z196 (2010) - z/Architecture POP SA22-7832-08
+ * Implements MSA and MSA1-4.
+ */
+ static const struct OPENSSL_s390xcap_st z196 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * zEC12 (2012) - z/Architecture POP SA22-7832-09
+ * Implements MSA and MSA1-4.
+ */
+ static const struct OPENSSL_s390xcap_st zEC12 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z13 (2015) - z/Architecture POP SA22-7832-10
+ * Implements MSA and MSA1-5.
+ */
+ static const struct OPENSSL_s390xcap_st z13 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF)
+ | S390X_CAPBIT(S390X_MSA5),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ S390X_CAPBIT(S390X_VX),
+ 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
+ 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z14 (2017) - z/Architecture POP SA22-7832-11
+ * Implements MSA and MSA1-8.
+ */
+ static const struct OPENSSL_s390xcap_st z14 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF)
+ | S390X_CAPBIT(S390X_MSA5),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ S390X_CAPBIT(S390X_VX)
+ | S390X_CAPBIT(S390X_VXD)
+ | S390X_CAPBIT(S390X_VXE)
+ | S390X_CAPBIT(S390X_MSA8),
+ 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512)
+ | S390X_CAPBIT(S390X_SHA3_224)
+ | S390X_CAPBIT(S390X_SHA3_256)
+ | S390X_CAPBIT(S390X_SHA3_384)
+ | S390X_CAPBIT(S390X_SHA3_512)
+ | S390X_CAPBIT(S390X_SHAKE_128)
+ | S390X_CAPBIT(S390X_SHAKE_256),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512)
+ | S390X_CAPBIT(S390X_SHA3_224)
+ | S390X_CAPBIT(S390X_SHA3_256)
+ | S390X_CAPBIT(S390X_SHA3_384)
+ | S390X_CAPBIT(S390X_SHA3_512)
+ | S390X_CAPBIT(S390X_SHAKE_128)
+ | S390X_CAPBIT(S390X_SHAKE_256),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
+ S390X_CAPBIT(S390X_TRNG)},
+ .kma = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ };
+
+ char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
+ int rc, off, i, n;
+
+ buff = malloc(strlen(env) + 1);
+ if (buff == NULL)
+ return 0;
+
+ rc = 0;
+ memset(cap, ~0, sizeof(*cap));
+ strcpy(buff, env);
+
+ tok_begin = buff + strspn(buff, ";");
+ strtok(tok_begin, ";");
+ tok_end = strtok(NULL, ";");
+
+ while (tok_begin != NULL) {
+ /* stfle token */
+ if ((n = sscanf(tok_begin,
+ " stfle : %" STR(LEN) "[^:] : "
+ "%" STR(LEN) "[^:] : %" STR(LEN) "s ",
+ tok[0], tok[1], tok[2]))) {
+ for (i = 0; i < n; i++) {
+ off = (tok[i][0] == '~') ? 1 : 0;
+ if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1)
+ goto ret;
+ if (off)
+ cap->stfle[i] = ~cap->stfle[i];
+ }
+ }
+
+ /* query function tokens */
+ else if TOK_FUNC(kimd)
+ else if TOK_FUNC(klmd)
+ else if TOK_FUNC(km)
+ else if TOK_FUNC(kmc)
+ else if TOK_FUNC(kmac)
+ else if TOK_FUNC(kmctr)
+ else if TOK_FUNC(kmo)
+ else if TOK_FUNC(kmf)
+ else if TOK_FUNC(prno)
+ else if TOK_FUNC(kma)
+
+ /* CPU model tokens */
+ else if TOK_CPU(z900)
+ else if TOK_CPU(z990)
+ else if TOK_CPU(z9)
+ else if TOK_CPU(z10)
+ else if TOK_CPU(z196)
+ else if TOK_CPU(zEC12)
+ else if TOK_CPU(z13)
+ else if TOK_CPU(z14)
+
+ /* whitespace(ignored) or invalid tokens */
+ else {
+ while (*tok_begin != '\0') {
+ if (!ossl_isspace(*tok_begin))
+ goto ret;
+ tok_begin++;
+ }
+ }
+
+ tok_begin = tok_end;
+ tok_end = strtok(NULL, ";");
+ }
+
+ rc = 1;
+ret:
+ free(buff);
+ return rc;
}
diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl
index 5cbb962..3602301 100755
--- a/crypto/s390xcpuid.pl
+++ b/crypto/s390xcpuid.pl
2020-01-24 12:52:58 +01:00
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
stg %r0,S390X_STFLE+16(%r4)
stg %r0,S390X_STFLE+24(%r4)
- stg %r0,S390X_KIMD(%r4)
+
+ .long 0xb2b04000 # stfle 0(%r4)
+ brc 8,.Ldone
+ lghi %r0,1
+ .long 0xb2b04000 # stfle 0(%r4)
+ brc 8,.Ldone
+ lghi %r0,2
+ .long 0xb2b04000 # stfle 0(%r4)
+.Ldone:
+ br $ra
+.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+
+.globl OPENSSL_s390x_functions
+.type OPENSSL_s390x_functions,\@function
+.align 16
+OPENSSL_s390x_functions:
+ lghi %r0,0
+ larl %r4,OPENSSL_s390xcap_P
+
+ stg %r0,S390X_KIMD(%r4) # wipe capability vectors
stg %r0,S390X_KIMD+8(%r4)
stg %r0,S390X_KLMD(%r4)
stg %r0,S390X_KLMD+8(%r4)
@@ -59,14 +78,6 @@ OPENSSL_s390x_facilities:
stg %r0,S390X_KMA(%r4)
stg %r0,S390X_KMA+8(%r4)
- .long 0xb2b04000 # stfle 0(%r4)
- brc 8,.Ldone
- lghi %r0,1
- .long 0xb2b04000 # stfle 0(%r4)
- brc 8,.Ldone
- lghi %r0,2
- .long 0xb2b04000 # stfle 0(%r4)
-.Ldone:
lmg %r2,%r3,S390X_STFLE(%r4)
tmhl %r2,0x4000 # check for message-security-assist
jz .Lret
@@ -123,7 +134,7 @@ OPENSSL_s390x_facilities:
.Lret:
br $ra
-.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
.globl OPENSSL_rdtsc
.type OPENSSL_rdtsc,\@function