SHA256
1
0
forked from pool/openssl-1_1
openssl-1_1/openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
Pedro Monreal Gonzalez 32ced036f1 Accepting request 786956 from home:vitezslav_cizek:branches:security:tls
- Update to 1.1.1e
  * Properly detect EOF while reading in libssl. Previously if we hit an EOF
    while reading in libssl then we would report an error back to the
    application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
    an error to the stack (which means we instead return SSL_ERROR_SSL) and
    therefore give a hint as to what went wrong.
  * Check that ed25519 and ed448 are allowed by the security level. Previously
    signature algorithms not using an MD were not being checked that they were
    allowed by the security level.
  * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
    was not quite right. The behaviour was not consistent between resumption
    and normal handshakes, and also not quite consistent with historical
    behaviour. The behaviour in various scenarios has been clarified and
    it has been updated to make it match historical behaviour as closely as
    possible.
  * Corrected the documentation of the return values from the EVP_DigestSign*
    set of functions.  The documentation mentioned negative values for some
    errors, but this was never the case, so the mention of negative values
    was removed.
  * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
    The presence of this system service is determined at run-time.
  * Added newline escaping functionality to a filename when using openssl dgst.
    This output format is to replicate the output format found in the '*sum'
    checksum programs. This aims to preserve backward compatibility.
  * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
    the first value.
- Update bunch of patches as the internal crypto headers got reorganized
- drop openssl-1_1-CVE-2019-1551.patch (upstream)

- openssl dgst: default to SHA256 only when called without a digest,

OBS-URL: https://build.opensuse.org/request/show/786956
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
2020-03-20 17:43:35 +00:00

695 lines
25 KiB
Diff

From f39ad8dcaa75293968d2633d043de3f5fce4f37b Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Mon, 30 Jan 2017 17:37:54 +0100
Subject: [PATCH] s390x assembly pack: add OPENSSL_s390xcap environment
variable.
The OPENSSL_s390xcap environment variable is used to set bits in the s390x
capability vector to zero. This simplifies testing of different code paths.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6813)
---
crypto/s390x_arch.h | 23 +-
crypto/s390xcap.c | 515 +++++++++++++++++++++++++++++++++++++++++++
crypto/s390xcpuid.pl | 31 ++-
3 files changed, 556 insertions(+), 13 deletions(-)
Index: openssl-1.1.1e/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1e.orig/crypto/s390x_arch.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390x_arch.h 2020-03-20 17:29:30.459520742 +0100
@@ -49,6 +49,9 @@ struct OPENSSL_s390xcap_st {
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+/* Max number of 64-bit words currently returned by STFLE */
+# define S390X_STFLE_MAX 3
+
/* convert facility bit number or function code to bit mask */
# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64))
@@ -68,9 +71,15 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_KMA 0xb0
/* Facility Bit Numbers */
-# define S390X_VX 129
-# define S390X_VXD 134
-# define S390X_VXE 135
+# define S390X_MSA 17 /* message-security-assist */
+# define S390X_STCKF 25 /* store-clock-fast */
+# define S390X_MSA5 57 /* message-security-assist-ext. 5 */
+# define S390X_MSA3 76 /* message-security-assist-ext. 3 */
+# define S390X_MSA4 77 /* message-security-assist-ext. 4 */
+# define S390X_VX 129 /* vector */
+# define S390X_VXD 134 /* vector packed decimal */
+# define S390X_VXE 135 /* vector enhancements 1 */
+# define S390X_MSA8 146 /* message-security-assist-ext. 8 */
/* Function Codes */
@@ -78,6 +87,9 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_QUERY 0
/* kimd/klmd */
+# define S390X_SHA_1 1
+# define S390X_SHA_256 2
+# define S390X_SHA_512 3
# define S390X_SHA3_224 32
# define S390X_SHA3_256 33
# define S390X_SHA3_384 34
@@ -91,7 +103,12 @@ extern struct OPENSSL_s390xcap_st OPENSS
# define S390X_AES_192 19
# define S390X_AES_256 20
+/* km */
+# define S390X_XTS_AES_128 50
+# define S390X_XTS_AES_256 52
+
/* prno */
+# define S390X_SHA_512_DRNG 3
# define S390X_TRNG 114
/* Register 0 Flags */
Index: openssl-1.1.1e/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1e.orig/crypto/s390xcap.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390xcap.c 2020-03-20 17:29:58.011664305 +0100
@@ -13,15 +13,51 @@
#include <setjmp.h>
#include <signal.h>
#include "internal/cryptlib.h"
+#include "crypto/ctype.h"
#include "s390x_arch.h"
+#define LEN 128
+#define STR_(S) #S
+#define STR(S) STR_(S)
+
+#define TOK_FUNC(NAME) \
+ (sscanf(tok_begin, \
+ " " STR(NAME) " : %" STR(LEN) "[^:] : " \
+ "%" STR(LEN) "s %" STR(LEN) "s ", \
+ tok[0], tok[1], tok[2]) == 2) { \
+ \
+ off = (tok[0][0] == '~') ? 1 : 0; \
+ if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \
+ goto ret; \
+ if (off) \
+ cap->NAME[0] = ~cap->NAME[0]; \
+ \
+ off = (tok[1][0] == '~') ? 1 : 0; \
+ if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \
+ goto ret; \
+ if (off) \
+ cap->NAME[1] = ~cap->NAME[1]; \
+ }
+
+#define TOK_CPU(NAME) \
+ (sscanf(tok_begin, \
+ " %" STR(LEN) "s %" STR(LEN) "s ", \
+ tok[0], tok[1]) == 1 \
+ && !strcmp(tok[0], #NAME)) { \
+ memcpy(cap, &NAME, sizeof(*cap)); \
+ }
+
static sigjmp_buf ill_jmp;
static void ill_handler(int sig)
{
siglongjmp(ill_jmp, sig);
}
+static const char *env;
+static int parse_env(struct OPENSSL_s390xcap_st *cap);
+
void OPENSSL_s390x_facilities(void);
+void OPENSSL_s390x_functions(void);
void OPENSSL_vx_probe(void);
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
@@ -30,6 +66,7 @@ void OPENSSL_cpuid_setup(void)
{
sigset_t oset;
struct sigaction ill_act, oact_ill, oact_fpe;
+ struct OPENSSL_s390xcap_st cap;
if (OPENSSL_s390xcap_P.stfle[0])
return;
@@ -37,6 +74,12 @@ void OPENSSL_cpuid_setup(void)
/* set a bit that will not be tested later */
OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0);
+ env = getenv("OPENSSL_s390xcap");
+ if (env != NULL) {
+ if (!parse_env(&cap))
+ env = NULL;
+ }
+
memset(&ill_act, 0, sizeof(ill_act));
ill_act.sa_handler = ill_handler;
sigfillset(&ill_act.sa_mask);
@@ -51,6 +94,12 @@ void OPENSSL_cpuid_setup(void)
if (sigsetjmp(ill_jmp, 1) == 0)
OPENSSL_s390x_facilities();
+ if (env != NULL) {
+ OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0];
+ OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1];
+ OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2];
+ }
+
/* protection against disabled vector facility */
if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX))
&& (sigsetjmp(ill_jmp, 1) == 0)) {
@@ -64,4 +113,470 @@ void OPENSSL_cpuid_setup(void)
sigaction(SIGFPE, &oact_fpe, NULL);
sigaction(SIGILL, &oact_ill, NULL);
sigprocmask(SIG_SETMASK, &oset, NULL);
+
+ OPENSSL_s390x_functions();
+
+ if (env != NULL) {
+ OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0];
+ OPENSSL_s390xcap_P.kimd[1] &= cap.kimd[1];
+ OPENSSL_s390xcap_P.klmd[0] &= cap.klmd[0];
+ OPENSSL_s390xcap_P.klmd[1] &= cap.klmd[1];
+ OPENSSL_s390xcap_P.km[0] &= cap.km[0];
+ OPENSSL_s390xcap_P.km[1] &= cap.km[1];
+ OPENSSL_s390xcap_P.kmc[0] &= cap.kmc[0];
+ OPENSSL_s390xcap_P.kmc[1] &= cap.kmc[1];
+ OPENSSL_s390xcap_P.kmac[0] &= cap.kmac[0];
+ OPENSSL_s390xcap_P.kmac[1] &= cap.kmac[1];
+ OPENSSL_s390xcap_P.kmctr[0] &= cap.kmctr[0];
+ OPENSSL_s390xcap_P.kmctr[1] &= cap.kmctr[1];
+ OPENSSL_s390xcap_P.kmo[0] &= cap.kmo[0];
+ OPENSSL_s390xcap_P.kmo[1] &= cap.kmo[1];
+ OPENSSL_s390xcap_P.kmf[0] &= cap.kmf[0];
+ OPENSSL_s390xcap_P.kmf[1] &= cap.kmf[1];
+ OPENSSL_s390xcap_P.prno[0] &= cap.prno[0];
+ OPENSSL_s390xcap_P.prno[1] &= cap.prno[1];
+ OPENSSL_s390xcap_P.kma[0] &= cap.kma[0];
+ OPENSSL_s390xcap_P.kma[1] &= cap.kma[1];
+ }
+}
+
+static int parse_env(struct OPENSSL_s390xcap_st *cap)
+{
+ /*-
+ * CPU model data
+ * (only the STFLE- and QUERY-bits relevant to libcrypto are set)
+ */
+
+ /*-
+ * z900 (2000) - z/Architecture POP SA22-7832-00
+ * Facility detection would fail on real hw (no STFLE).
+ */
+ static const struct OPENSSL_s390xcap_st z900 = {
+ .stfle = {0ULL, 0ULL, 0ULL, 0ULL},
+ .kimd = {0ULL, 0ULL},
+ .klmd = {0ULL, 0ULL},
+ .km = {0ULL, 0ULL},
+ .kmc = {0ULL, 0ULL},
+ .kmac = {0ULL, 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z990 (2003) - z/Architecture POP SA22-7832-02
+ * Implements MSA. Facility detection would fail on real hw (no STFLE).
+ */
+ static const struct OPENSSL_s390xcap_st z990 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA),
+ 0ULL, 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1),
+ 0ULL},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z9 (2005) - z/Architecture POP SA22-7832-04
+ * Implements MSA and MSA1.
+ */
+ static const struct OPENSSL_s390xcap_st z9 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ 0ULL, 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256),
+ 0ULL},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z10 (2008) - z/Architecture POP SA22-7832-06
+ * Implements MSA and MSA1-2.
+ */
+ static const struct OPENSSL_s390xcap_st z10 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ 0ULL, 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY),
+ 0ULL},
+ .kmctr = {0ULL, 0ULL},
+ .kmo = {0ULL, 0ULL},
+ .kmf = {0ULL, 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z196 (2010) - z/Architecture POP SA22-7832-08
+ * Implements MSA and MSA1-4.
+ */
+ static const struct OPENSSL_s390xcap_st z196 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * zEC12 (2012) - z/Architecture POP SA22-7832-09
+ * Implements MSA and MSA1-4.
+ */
+ static const struct OPENSSL_s390xcap_st zEC12 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ 0ULL, 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {0ULL, 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z13 (2015) - z/Architecture POP SA22-7832-10
+ * Implements MSA and MSA1-5.
+ */
+ static const struct OPENSSL_s390xcap_st z13 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF)
+ | S390X_CAPBIT(S390X_MSA5),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ S390X_CAPBIT(S390X_VX),
+ 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
+ 0ULL},
+ .kma = {0ULL, 0ULL},
+ };
+
+ /*-
+ * z14 (2017) - z/Architecture POP SA22-7832-11
+ * Implements MSA and MSA1-8.
+ */
+ static const struct OPENSSL_s390xcap_st z14 = {
+ .stfle = {S390X_CAPBIT(S390X_MSA)
+ | S390X_CAPBIT(S390X_STCKF)
+ | S390X_CAPBIT(S390X_MSA5),
+ S390X_CAPBIT(S390X_MSA3)
+ | S390X_CAPBIT(S390X_MSA4),
+ S390X_CAPBIT(S390X_VX)
+ | S390X_CAPBIT(S390X_VXD)
+ | S390X_CAPBIT(S390X_VXE)
+ | S390X_CAPBIT(S390X_MSA8),
+ 0ULL},
+ .kimd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512)
+ | S390X_CAPBIT(S390X_SHA3_224)
+ | S390X_CAPBIT(S390X_SHA3_256)
+ | S390X_CAPBIT(S390X_SHA3_384)
+ | S390X_CAPBIT(S390X_SHA3_512)
+ | S390X_CAPBIT(S390X_SHAKE_128)
+ | S390X_CAPBIT(S390X_SHAKE_256),
+ S390X_CAPBIT(S390X_GHASH)},
+ .klmd = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_1)
+ | S390X_CAPBIT(S390X_SHA_256)
+ | S390X_CAPBIT(S390X_SHA_512)
+ | S390X_CAPBIT(S390X_SHA3_224)
+ | S390X_CAPBIT(S390X_SHA3_256)
+ | S390X_CAPBIT(S390X_SHA3_384)
+ | S390X_CAPBIT(S390X_SHA3_512)
+ | S390X_CAPBIT(S390X_SHAKE_128)
+ | S390X_CAPBIT(S390X_SHAKE_256),
+ 0ULL},
+ .km = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256)
+ | S390X_CAPBIT(S390X_XTS_AES_128)
+ | S390X_CAPBIT(S390X_XTS_AES_256),
+ 0ULL},
+ .kmc = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmac = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmctr = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmo = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .kmf = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ .prno = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_SHA_512_DRNG),
+ S390X_CAPBIT(S390X_TRNG)},
+ .kma = {S390X_CAPBIT(S390X_QUERY)
+ | S390X_CAPBIT(S390X_AES_128)
+ | S390X_CAPBIT(S390X_AES_192)
+ | S390X_CAPBIT(S390X_AES_256),
+ 0ULL},
+ };
+
+ char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1];
+ int rc, off, i, n;
+
+ buff = malloc(strlen(env) + 1);
+ if (buff == NULL)
+ return 0;
+
+ rc = 0;
+ memset(cap, ~0, sizeof(*cap));
+ strcpy(buff, env);
+
+ tok_begin = buff + strspn(buff, ";");
+ strtok(tok_begin, ";");
+ tok_end = strtok(NULL, ";");
+
+ while (tok_begin != NULL) {
+ /* stfle token */
+ if ((n = sscanf(tok_begin,
+ " stfle : %" STR(LEN) "[^:] : "
+ "%" STR(LEN) "[^:] : %" STR(LEN) "s ",
+ tok[0], tok[1], tok[2]))) {
+ for (i = 0; i < n; i++) {
+ off = (tok[i][0] == '~') ? 1 : 0;
+ if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1)
+ goto ret;
+ if (off)
+ cap->stfle[i] = ~cap->stfle[i];
+ }
+ }
+
+ /* query function tokens */
+ else if TOK_FUNC(kimd)
+ else if TOK_FUNC(klmd)
+ else if TOK_FUNC(km)
+ else if TOK_FUNC(kmc)
+ else if TOK_FUNC(kmac)
+ else if TOK_FUNC(kmctr)
+ else if TOK_FUNC(kmo)
+ else if TOK_FUNC(kmf)
+ else if TOK_FUNC(prno)
+ else if TOK_FUNC(kma)
+
+ /* CPU model tokens */
+ else if TOK_CPU(z900)
+ else if TOK_CPU(z990)
+ else if TOK_CPU(z9)
+ else if TOK_CPU(z10)
+ else if TOK_CPU(z196)
+ else if TOK_CPU(zEC12)
+ else if TOK_CPU(z13)
+ else if TOK_CPU(z14)
+
+ /* whitespace(ignored) or invalid tokens */
+ else {
+ while (*tok_begin != '\0') {
+ if (!ossl_isspace(*tok_begin))
+ goto ret;
+ tok_begin++;
+ }
+ }
+
+ tok_begin = tok_end;
+ tok_end = strtok(NULL, ";");
+ }
+
+ rc = 1;
+ret:
+ free(buff);
+ return rc;
}
Index: openssl-1.1.1e/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1e.orig/crypto/s390xcpuid.pl 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390xcpuid.pl 2020-03-20 17:29:30.459520742 +0100
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
stg %r0,S390X_STFLE+16(%r4)
stg %r0,S390X_STFLE+24(%r4)
- stg %r0,S390X_KIMD(%r4)
+
+ .long 0xb2b04000 # stfle 0(%r4)
+ brc 8,.Ldone
+ lghi %r0,1
+ .long 0xb2b04000 # stfle 0(%r4)
+ brc 8,.Ldone
+ lghi %r0,2
+ .long 0xb2b04000 # stfle 0(%r4)
+.Ldone:
+ br $ra
+.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+
+.globl OPENSSL_s390x_functions
+.type OPENSSL_s390x_functions,\@function
+.align 16
+OPENSSL_s390x_functions:
+ lghi %r0,0
+ larl %r4,OPENSSL_s390xcap_P
+
+ stg %r0,S390X_KIMD(%r4) # wipe capability vectors
stg %r0,S390X_KIMD+8(%r4)
stg %r0,S390X_KLMD(%r4)
stg %r0,S390X_KLMD+8(%r4)
@@ -59,14 +78,6 @@ OPENSSL_s390x_facilities:
stg %r0,S390X_KMA(%r4)
stg %r0,S390X_KMA+8(%r4)
- .long 0xb2b04000 # stfle 0(%r4)
- brc 8,.Ldone
- lghi %r0,1
- .long 0xb2b04000 # stfle 0(%r4)
- brc 8,.Ldone
- lghi %r0,2
- .long 0xb2b04000 # stfle 0(%r4)
-.Ldone:
lmg %r2,%r3,S390X_STFLE(%r4)
tmhl %r2,0x4000 # check for message-security-assist
jz .Lret
@@ -123,7 +134,7 @@ OPENSSL_s390x_facilities:
.Lret:
br $ra
-.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
+.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions
.globl OPENSSL_rdtsc
.type OPENSSL_rdtsc,\@function