02427a3414
* All the minor versions of the 1.1.x openssl branch have the same
sonum and keep ABI compatibility
- Remove bit obsolete syntax
- Use %license macro
- Don't disable afalgeng on aarch64
- Add support for s390x CPACF enhancements (fate#321518)
patches taken from https://github.com/openssl/openssl/pull/2859:
* 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
* 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
* 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
* 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
* 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
* 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
* 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
* 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
* 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
* 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
* 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
- Do not filter pkgconfig() provides/requires.
- Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a
clean upgrade path as an aid to zypp (boo#1070003).
- Update to 1.1.0g
OpenSSL Security Advisory [02 Nov 2017]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2
221 lines
8.9 KiB
Diff
221 lines
8.9 KiB
Diff
From 29039576b1512a3508d40929dad605cefe806186 Mon Sep 17 00:00:00 2001
|
|
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
Date: Thu, 16 Feb 2017 09:05:28 +0100
|
|
Subject: [PATCH 07/44] crypto/evp/e_aes.c: add foundations for extended s390x
|
|
support.
|
|
|
|
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
---
|
|
crypto/evp/e_aes.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
crypto/s390x_arch.h | 10 +++
|
|
2 files changed, 185 insertions(+)
|
|
|
|
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
|
|
index 802b1d814d..d5932e1c64 100644
|
|
--- a/crypto/evp/e_aes.c
|
|
+++ b/crypto/evp/e_aes.c
|
|
@@ -950,6 +950,181 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
|
|
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
|
|
{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
|
|
|
|
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY)
|
|
+/*
|
|
+ * IBM S390X support
|
|
+ */
|
|
+# include "s390x_arch.h"
|
|
+
|
|
+/*-
|
|
+ * If KM and KMC support the function code, AES_KEY structure holds
|
|
+ * key/function code (instead of key schedule/number of rounds).
|
|
+ */
|
|
+# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
|
|
+
|
|
+# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
|
|
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
|
|
+# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\
|
|
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192))
|
|
+# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
|
|
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
|
|
+
|
|
+# define s390x_aes_init_key aes_init_key
|
|
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
|
+ const unsigned char *iv, int enc);
|
|
+
|
|
+# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
|
|
+# define S390X_aes_192_cbc_CAPABLE 1
|
|
+# define S390X_aes_256_cbc_CAPABLE 1
|
|
+
|
|
+# define s390x_aes_cbc_cipher aes_cbc_cipher
|
|
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_ecb_CAPABLE 0
|
|
+# define S390X_aes_192_ecb_CAPABLE 0
|
|
+# define S390X_aes_256_ecb_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_ecb_cipher aes_ecb_cipher
|
|
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_ofb_CAPABLE 0
|
|
+# define S390X_aes_192_ofb_CAPABLE 0
|
|
+# define S390X_aes_256_ofb_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_ofb_cipher aes_ofb_cipher
|
|
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_cfb_CAPABLE 0
|
|
+# define S390X_aes_192_cfb_CAPABLE 0
|
|
+# define S390X_aes_256_cfb_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_cfb_cipher aes_cfb_cipher
|
|
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_cfb8_CAPABLE 0
|
|
+# define S390X_aes_192_cfb8_CAPABLE 0
|
|
+# define S390X_aes_256_cfb8_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_cfb8_cipher aes_cfb8_cipher
|
|
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_cfb1_CAPABLE 0
|
|
+# define S390X_aes_192_cfb1_CAPABLE 0
|
|
+# define S390X_aes_256_cfb1_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
|
|
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
|
|
+# define S390X_aes_192_ctr_CAPABLE 1
|
|
+# define S390X_aes_256_ctr_CAPABLE 1
|
|
+
|
|
+# define s390x_aes_ctr_cipher aes_ctr_cipher
|
|
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_gcm_CAPABLE 0
|
|
+# define S390X_aes_192_gcm_CAPABLE 0
|
|
+# define S390X_aes_256_gcm_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_gcm_init_key aes_gcm_init_key
|
|
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
|
|
+ const unsigned char *key,
|
|
+ const unsigned char *iv, int enc);
|
|
+
|
|
+# define s390x_aes_gcm_cipher aes_gcm_cipher
|
|
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
|
|
+# define S390X_aes_256_xts_CAPABLE 1
|
|
+
|
|
+# define s390x_aes_xts_init_key aes_xts_init_key
|
|
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
|
|
+ const unsigned char *key,
|
|
+ const unsigned char *iv, int enc);
|
|
+
|
|
+# define s390x_aes_xts_cipher aes_xts_cipher
|
|
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# define S390X_aes_128_ccm_CAPABLE 0
|
|
+# define S390X_aes_192_ccm_CAPABLE 0
|
|
+# define S390X_aes_256_ccm_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_ccm_init_key aes_ccm_init_key
|
|
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
|
|
+ const unsigned char *key,
|
|
+ const unsigned char *iv, int enc);
|
|
+
|
|
+# define s390x_aes_ccm_cipher aes_ccm_cipher
|
|
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+
|
|
+# ifndef OPENSSL_NO_OCB
|
|
+# define S390X_aes_128_ocb_CAPABLE 0
|
|
+# define S390X_aes_192_ocb_CAPABLE 0
|
|
+# define S390X_aes_256_ocb_CAPABLE 0
|
|
+
|
|
+# define s390x_aes_ocb_init_key aes_ocb_init_key
|
|
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
|
+ const unsigned char *iv, int enc);
|
|
+# define s390x_aes_ocb_cipher aes_ocb_cipher
|
|
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|
+ const unsigned char *in, size_t len);
|
|
+# endif
|
|
+
|
|
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
|
|
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
|
|
+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
|
|
+ flags|EVP_CIPH_##MODE##_MODE, \
|
|
+ s390x_aes_init_key, \
|
|
+ s390x_aes_##mode##_cipher, \
|
|
+ NULL, \
|
|
+ sizeof(EVP_AES_KEY), \
|
|
+ NULL,NULL,NULL,NULL }; \
|
|
+static const EVP_CIPHER aes_##keylen##_##mode = { \
|
|
+ nid##_##keylen##_##nmode,blocksize, \
|
|
+ keylen/8,ivlen, \
|
|
+ flags|EVP_CIPH_##MODE##_MODE, \
|
|
+ aes_init_key, \
|
|
+ aes_##mode##_cipher, \
|
|
+ NULL, \
|
|
+ sizeof(EVP_AES_KEY), \
|
|
+ NULL,NULL,NULL,NULL }; \
|
|
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
|
|
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
|
|
+ &aes_##keylen##_##mode; }
|
|
+
|
|
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
|
|
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
|
|
+ nid##_##keylen##_##mode,blocksize, \
|
|
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
|
|
+ flags|EVP_CIPH_##MODE##_MODE, \
|
|
+ s390x_aes_##mode##_init_key, \
|
|
+ s390x_aes_##mode##_cipher, \
|
|
+ aes_##mode##_cleanup, \
|
|
+ sizeof(EVP_AES_##MODE##_CTX), \
|
|
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
|
|
+static const EVP_CIPHER aes_##keylen##_##mode = { \
|
|
+ nid##_##keylen##_##mode,blocksize, \
|
|
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
|
|
+ flags|EVP_CIPH_##MODE##_MODE, \
|
|
+ aes_##mode##_init_key, \
|
|
+ aes_##mode##_cipher, \
|
|
+ aes_##mode##_cleanup, \
|
|
+ sizeof(EVP_AES_##MODE##_CTX), \
|
|
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
|
|
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
|
|
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
|
|
+ &aes_##keylen##_##mode; }
|
|
+
|
|
#else
|
|
|
|
# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
|
|
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
|
|
index 434f8e3f4e..5bf24930ed 100644
|
|
--- a/crypto/s390x_arch.h
|
|
+++ b/crypto/s390x_arch.h
|
|
@@ -30,4 +30,14 @@ extern uint64_t OPENSSL_s390xcap_P[];
|
|
# define S390X_STFLE_VXD (1ULL << 57)
|
|
# define S390X_STFLE_VX (1ULL << 62)
|
|
|
|
+/* OPENSSL_s390xcap_P[5] flags */
|
|
+# define S390X_KM_AES_256 (1ULL << 43)
|
|
+# define S390X_KM_AES_192 (1ULL << 44)
|
|
+# define S390X_KM_AES_128 (1ULL << 45)
|
|
+
|
|
+/* OPENSSL_s390xcap_P[7] flags */
|
|
+# define S390X_KMC_AES_256 (1ULL << 43)
|
|
+# define S390X_KMC_AES_192 (1ULL << 44)
|
|
+# define S390X_KMC_AES_128 (1ULL << 45)
|
|
+
|
|
#endif
|
|
--
|
|
2.13.6
|
|
|