rpm/openssl-1_1
SHA256
1
0
Fork 0
forked from pool/openssl-1_1
Code Pull Requests Activity
02427a3414
openssl-1_1/0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
Vítězslav Čížek 02427a3414 - Renamed from openssl-1_1_0 (bsc#1081335) 
* All the minor versions of the 1.1.x openssl branch have the same
    sonum and keep ABI compatibility

- Remove bit obsolete syntax
- Use %license macro

- Don't disable afalgeng on aarch64

- Add support for s390x CPACF enhancements (fate#321518)
  patches taken from https://github.com/openssl/openssl/pull/2859:
  * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
  * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
  * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
  * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
  * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
  * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
  * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
  * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
  * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
  * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
  * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch

- Do not filter pkgconfig() provides/requires.

- Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a
  clean upgrade path as an aid to zypp (boo#1070003).

- Update to 1.1.0g
  OpenSSL Security Advisory [02 Nov 2017]

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2
2018-02-16 12:13:08 +00:00

221 lines
8.9 KiB
Diff
Raw Blame History

From 29039576b1512a3508d40929dad605cefe806186 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Thu, 16 Feb 2017 09:05:28 +0100
Subject: [PATCH 07/44] crypto/evp/e_aes.c: add foundations for extended s390x
support.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/evp/e_aes.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/s390x_arch.h | 10 +++
2 files changed, 185 insertions(+)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 802b1d814d..d5932e1c64 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -950,6 +950,181 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+/*-
+ * If KM and KMC support the function code, AES_KEY structure holds
+ * key/function code (instead of key schedule/number of rounds).
+ */
+# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
+
+# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
+# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192))
+# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE 1
+# define S390X_aes_256_cbc_CAPABLE 1
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE 0
+# define S390X_aes_192_ecb_CAPABLE 0
+# define S390X_aes_256_ecb_CAPABLE 0
+
+# define s390x_aes_ecb_cipher aes_ecb_cipher
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ofb_CAPABLE 0
+# define S390X_aes_192_ofb_CAPABLE 0
+# define S390X_aes_256_ofb_CAPABLE 0
+
+# define s390x_aes_ofb_cipher aes_ofb_cipher
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_cfb_CAPABLE 0
+# define S390X_aes_192_cfb_CAPABLE 0
+# define S390X_aes_256_cfb_CAPABLE 0
+
+# define s390x_aes_cfb_cipher aes_cfb_cipher
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_cfb8_CAPABLE 0
+# define S390X_aes_192_cfb8_CAPABLE 0
+# define S390X_aes_256_cfb8_CAPABLE 0
+
+# define s390x_aes_cfb8_cipher aes_cfb8_cipher
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_cfb1_CAPABLE 0
+# define S390X_aes_192_cfb1_CAPABLE 0
+# define S390X_aes_256_cfb1_CAPABLE 0
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE 1
+# define S390X_aes_256_ctr_CAPABLE 1
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE 0
+# define S390X_aes_192_gcm_CAPABLE 0
+# define S390X_aes_256_gcm_CAPABLE 0
+
+# define s390x_aes_gcm_init_key aes_gcm_init_key
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define s390x_aes_gcm_cipher aes_gcm_cipher
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
+# define S390X_aes_256_xts_CAPABLE 1
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ccm_CAPABLE 0
+# define S390X_aes_192_ccm_CAPABLE 0
+# define S390X_aes_256_ccm_CAPABLE 0
+
+# define s390x_aes_ccm_init_key aes_ccm_init_key
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define s390x_aes_ccm_cipher aes_ccm_cipher
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+# define S390X_aes_128_ocb_CAPABLE 0
+# define S390X_aes_192_ocb_CAPABLE 0
+# define S390X_aes_256_ocb_CAPABLE 0
+
+# define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+# define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ s390x_aes_init_key, \
+ s390x_aes_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_AES_KEY), \
+ NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode,blocksize, \
+ keylen/8,ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ aes_init_key, \
+ aes_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_AES_KEY), \
+ NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
+ &aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
+ nid##_##keylen##_##mode,blocksize, \
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ s390x_aes_##mode##_init_key, \
+ s390x_aes_##mode##_cipher, \
+ aes_##mode##_cleanup, \
+ sizeof(EVP_AES_##MODE##_CTX), \
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+ nid##_##keylen##_##mode,blocksize, \
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ aes_##mode##_init_key, \
+ aes_##mode##_cipher, \
+ aes_##mode##_cleanup, \
+ sizeof(EVP_AES_##MODE##_CTX), \
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
+ &aes_##keylen##_##mode; }
+
#else
# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index 434f8e3f4e..5bf24930ed 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -30,4 +30,14 @@ extern uint64_t OPENSSL_s390xcap_P[];
# define S390X_STFLE_VXD (1ULL << 57)
# define S390X_STFLE_VX (1ULL << 62)
+/* OPENSSL_s390xcap_P[5] flags */
+# define S390X_KM_AES_256 (1ULL << 43)
+# define S390X_KM_AES_192 (1ULL << 44)
+# define S390X_KM_AES_128 (1ULL << 45)
+
+/* OPENSSL_s390xcap_P[7] flags */
+# define S390X_KMC_AES_256 (1ULL << 43)
+# define S390X_KMC_AES_192 (1ULL << 44)
+# define S390X_KMC_AES_128 (1ULL << 45)
+
#endif
--
2.13.6
View Git Blame Copy Permalink