[openssl] do not use AVX instructions when osxsave bit not set add direct known answer tests for SHA2 algorith

Tomáš Mráz tmraz at fedoraproject.org
Thu Nov 3 09:18:58 UTC 2011 

commit 6f65ffce68d9edbffaab9bdade2348af01909c87
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Thu Nov 3 10:18:52 2011 +0100

    do not use AVX instructions when osxsave bit not set
    add direct known answer tests for SHA2 algorithms

 openssl-1.0.0-sha2test.patch   |   77 ++++++++++++++++++++++++++++++++++++++++
 openssl-1.0.0d-intelopts.patch |   57 +++++++++++++----------------
 openssl.spec                   |    8 ++++-
 3 files changed, 109 insertions(+), 33 deletions(-)
---
diff --git a/openssl-1.0.0-sha2test.patch b/openssl-1.0.0-sha2test.patch
new file mode 100644
index 0000000..b8bd9e5
--- /dev/null
+++ b/openssl-1.0.0-sha2test.patch
@@ -0,0 +1,77 @@
+diff -up openssl-1.0.0/crypto/fips/fips.c.sha2test openssl-1.0.0/crypto/fips/fips.c
+--- openssl-1.0.0/crypto/fips/fips.c.sha2test	2011-09-12 15:07:42.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips.c	2011-09-26 11:03:17.000000000 +0200
+@@ -163,6 +163,7 @@ int FIPS_selftest()
+     {
+ 
+     return FIPS_selftest_sha1()
++	&& FIPS_selftest_sha2()
+ 	&& FIPS_selftest_hmac()
+ 	&& FIPS_selftest_aes()
+ 	&& FIPS_selftest_des()
+@@ -323,6 +324,8 @@ FIPSCHECK_verify(const char *libname, co
+ 		return 0;
+ 
+ 	hmacpath = make_hmac_path(path);
++	if (hmacpath == NULL)
++		return 0;
+ 
+ 	hf = fopen(hmacpath, "r");
+ 	if (hf == NULL) {
+@@ -627,6 +630,45 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx
+ 	return 1;
+ 	}
+ 
++static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
++					    0xfc };
++static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
++					    0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
++					    0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
++					    0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a };
++
++static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
++					    0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd };
++static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
++					    0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
++					    0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
++					    0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
++					    0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
++					    0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
++					    0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
++					    0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 };
++
++int FIPS_selftest_sha2(void)
++	{
++	unsigned char md[SHA512_DIGEST_LENGTH];
++
++	EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
++	if(memcmp(dig_sha256, md, sizeof(dig_sha256)))
++		{
++		FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++
++	EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
++	if(memcmp(dig_sha512, md, sizeof(dig_sha512)))
++		{
++		FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++
++	return 1;
++	}
++
+ #if 0
+ /* The purpose of this is to ensure the error code exists and the function
+  * name is to keep the error checking script quiet
+diff -up openssl-1.0.0/crypto/fips/fips.h.sha2test openssl-1.0.0/crypto/fips/fips.h
+--- openssl-1.0.0/crypto/fips/fips.h.sha2test	2011-09-12 15:07:42.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips.h	2011-09-26 11:00:55.000000000 +0200
+@@ -72,6 +72,7 @@ int FIPS_selftest_failed(void);
+ void FIPS_selftest_check(void);
+ void FIPS_corrupt_sha1(void);
+ int FIPS_selftest_sha1(void);
++int FIPS_selftest_sha2(void);
+ void FIPS_corrupt_aes(void);
+ int FIPS_selftest_aes(void);
+ void FIPS_corrupt_des(void);
diff --git a/openssl-1.0.0d-intelopts.patch b/openssl-1.0.0d-intelopts.patch
index 99957b3..6aba7b3 100644
--- a/openssl-1.0.0d-intelopts.patch
+++ b/openssl-1.0.0d-intelopts.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl.intelopts openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl
---- openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl.intelopts	2011-08-24 12:36:33.000000000 +0200
-+++ openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl	2011-08-24 12:36:34.000000000 +0200
+--- openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl.intelopts	2011-08-24 12:50:55.000000000 +0200
++++ openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -1021,8 +1021,8 @@ diff -up openssl-1.0.0d/crypto/aes/asm/aesni-x86.pl.intelopts openssl-1.0.0d/cry
  
  	&$movekey	("xmm0",&QWP(0,$key));	# inverse middle
 diff -up openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl.intelopts openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl
---- openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl.intelopts	2011-08-24 12:36:33.000000000 +0200
-+++ openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl	2011-08-24 12:36:34.000000000 +0200
+--- openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl.intelopts	2011-08-24 12:50:55.000000000 +0200
++++ openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -2315,7 +2315,7 @@ diff -up openssl-1.0.0d/crypto/aes/asm/aesni-x86_64.pl.intelopts openssl-1.0.0d/
  ___
 diff -up openssl-1.0.0d/crypto/cryptlib.c.intelopts openssl-1.0.0d/crypto/cryptlib.c
 --- openssl-1.0.0d/crypto/cryptlib.c.intelopts	2010-11-19 01:11:27.000000000 +0100
-+++ openssl-1.0.0d/crypto/cryptlib.c	2011-08-24 12:36:33.000000000 +0200
++++ openssl-1.0.0d/crypto/cryptlib.c	2011-08-24 12:50:55.000000000 +0200
 @@ -662,22 +662,23 @@ const char *CRYPTO_get_lock_name(int typ
  	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
  
@@ -2344,8 +2344,8 @@ diff -up openssl-1.0.0d/crypto/cryptlib.c.intelopts openssl-1.0.0d/crypto/cryptl
       * |(1<<10) sets a reserved bit to signal that variable
       * was initialized already... This is to avoid interference
 diff -up openssl-1.0.0d/crypto/engine/eng_aesni.c.intelopts openssl-1.0.0d/crypto/engine/eng_aesni.c
---- openssl-1.0.0d/crypto/engine/eng_aesni.c.intelopts	2011-08-24 12:36:33.000000000 +0200
-+++ openssl-1.0.0d/crypto/engine/eng_aesni.c	2011-08-24 12:36:33.000000000 +0200
+--- openssl-1.0.0d/crypto/engine/eng_aesni.c.intelopts	2011-08-24 12:50:55.000000000 +0200
++++ openssl-1.0.0d/crypto/engine/eng_aesni.c	2011-08-24 12:50:55.000000000 +0200
 @@ -157,16 +157,20 @@ typedef unsigned __int64 IA32CAP;
  typedef unsigned long long IA32CAP;
  #endif
@@ -2373,8 +2373,8 @@ diff -up openssl-1.0.0d/crypto/engine/eng_aesni.c.intelopts openssl-1.0.0d/crypt
  
  	/* Register everything or return with an error */
 diff -up openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c.intelopts openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c
---- openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c.intelopts	2011-08-24 12:36:33.000000000 +0200
-+++ openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c	2011-08-24 12:36:33.000000000 +0200
+--- openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c.intelopts	2011-08-24 12:50:55.000000000 +0200
++++ openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c	2011-08-24 12:50:55.000000000 +0200
 @@ -62,6 +62,8 @@ void OPENSSL_cleanse(void *p,size_t len)
  
  #ifdef OPENSSL_FIPS
@@ -2386,7 +2386,7 @@ diff -up openssl-1.0.0d/crypto/fips/fips_standalone_sha1.c.intelopts openssl-1.0
      {
 diff -up openssl-1.0.0d/crypto/perlasm/x86asm.pl.intelopts openssl-1.0.0d/crypto/perlasm/x86asm.pl
 --- openssl-1.0.0d/crypto/perlasm/x86asm.pl.intelopts	2008-12-17 20:56:47.000000000 +0100
-+++ openssl-1.0.0d/crypto/perlasm/x86asm.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/perlasm/x86asm.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -2453,7 +2453,7 @@ diff -up openssl-1.0.0d/crypto/perlasm/x86asm.pl.intelopts openssl-1.0.0d/crypto
  $label="000";
 diff -up openssl-1.0.0d/crypto/perlasm/x86gas.pl.intelopts openssl-1.0.0d/crypto/perlasm/x86gas.pl
 --- openssl-1.0.0d/crypto/perlasm/x86gas.pl.intelopts	2008-12-17 20:56:47.000000000 +0100
-+++ openssl-1.0.0d/crypto/perlasm/x86gas.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/perlasm/x86gas.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -2487,7 +2487,7 @@ diff -up openssl-1.0.0d/crypto/perlasm/x86gas.pl.intelopts openssl-1.0.0d/crypto
  sub ::align
 diff -up openssl-1.0.0d/crypto/perlasm/x86_64-xlate.pl.intelopts openssl-1.0.0d/crypto/perlasm/x86_64-xlate.pl
 --- openssl-1.0.0d/crypto/perlasm/x86_64-xlate.pl.intelopts	2010-10-10 23:14:17.000000000 +0200
-+++ openssl-1.0.0d/crypto/perlasm/x86_64-xlate.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/perlasm/x86_64-xlate.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -2781,8 +2781,8 @@ diff -up openssl-1.0.0d/crypto/perlasm/x86_64-xlate.pl.intelopts openssl-1.0.0d/
  	    printf "\t%s",$opcode->out();
  	}
 diff -up openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl.intelopts openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl.intelopts	2011-08-24 12:36:33.000000000 +0200
-+++ openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl	2011-08-24 12:49:09.000000000 +0200
+--- openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl.intelopts	2011-08-24 12:50:55.000000000 +0200
++++ openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -3229,8 +3229,8 @@ diff -up openssl-1.0.0d/crypto/rc4/asm/rc4-x86_64.pl.intelopts openssl-1.0.0d/cr
  
  print $code;
 diff -up openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl.intelopts openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl
---- openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl.intelopts	2011-08-24 12:36:33.000000000 +0200
-+++ openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl	2011-08-24 12:50:40.000000000 +0200
+--- openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl.intelopts	2011-08-24 12:50:55.000000000 +0200
++++ openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -3449,7 +3449,7 @@ diff -up openssl-1.0.0d/crypto/rc4/asm/rc4-586.pl.intelopts openssl-1.0.0d/crypt
  &function_end_B("RC4_options");
 diff -up openssl-1.0.0d/crypto/sha/asm/sha1-x86_64.pl.intelopts openssl-1.0.0d/crypto/sha/asm/sha1-x86_64.pl
 --- openssl-1.0.0d/crypto/sha/asm/sha1-x86_64.pl.intelopts	2010-01-17 17:58:56.000000000 +0100
-+++ openssl-1.0.0d/crypto/sha/asm/sha1-x86_64.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/sha/asm/sha1-x86_64.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -4765,7 +4765,7 @@ diff -up openssl-1.0.0d/crypto/sha/asm/sha1-x86_64.pl.intelopts openssl-1.0.0d/c
  
 diff -up openssl-1.0.0d/crypto/sha/asm/sha1-586.pl.intelopts openssl-1.0.0d/crypto/sha/asm/sha1-586.pl
 --- openssl-1.0.0d/crypto/sha/asm/sha1-586.pl.intelopts	2008-07-17 11:50:56.000000000 +0200
-+++ openssl-1.0.0d/crypto/sha/asm/sha1-586.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/sha/asm/sha1-586.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -5972,7 +5972,7 @@ diff -up openssl-1.0.0d/crypto/sha/asm/sha1-586.pl.intelopts openssl-1.0.0d/cryp
  &asm_finish();
 diff -up openssl-1.0.0d/crypto/x86cpuid.pl.intelopts openssl-1.0.0d/crypto/x86cpuid.pl
 --- openssl-1.0.0d/crypto/x86cpuid.pl.intelopts	2010-02-12 18:02:12.000000000 +0100
-+++ openssl-1.0.0d/crypto/x86cpuid.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/x86cpuid.pl	2011-11-03 09:55:42.000000000 +0100
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
@@ -6021,7 +6021,7 @@ diff -up openssl-1.0.0d/crypto/x86cpuid.pl.intelopts openssl-1.0.0d/crypto/x86cp
  	
  &set_label("intel");
  	&cmp	("edi",4);
-@@ -85,27 +92,52 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
+@@ -85,27 +92,45 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
  &set_label("nocacheinfo");
  	&mov	("eax",1);
  	&cpuid	();
@@ -6059,20 +6059,13 @@ diff -up openssl-1.0.0d/crypto/x86cpuid.pl.intelopts openssl-1.0.0d/crypto/x86cp
 +	&mov	("esi","edx");
 +	&or	("ebp","ecx");		# merge AMD XOP flag
 +
-+	&bt	("ecx",26);		# check XSAVE bit
-+	&jnc	(&label("done"));
 +	&bt	("ecx",27);		# check OSXSAVE bit
-+	&jnc	(&label("clear_xmm"));
-+	&xor	("ecx","ecx");
++	&jnc	(&label("clear_avx"));
++	&xor	("ecx","ecx");          # XCR0
 +	&data_byte(0x0f,0x01,0xd0);	# xgetbv
-+	&and	("eax",6);
++	&and	("eax",6);              # isolate XMM and YMM state support
 +	&cmp	("eax",6);
 +	&je	(&label("done"));
-+	&cmp	("eax",2);
-+	&je	(&label("clear_avx"));
-+&set_label("clear_xmm");
-+	&and	("ebp",0xfdfffffd);	# clear AESNI and PCLMULQDQ bits
-+	&and	("esi",0xfeffffff);	# clear FXSR
 +&set_label("clear_avx");
 +	&and	("ebp",0xefffe7ff);	# clear AVX, FMA and AMD XOP bits
  &set_label("done");
@@ -6083,7 +6076,7 @@ diff -up openssl-1.0.0d/crypto/x86cpuid.pl.intelopts openssl-1.0.0d/crypto/x86cp
  &function_end("OPENSSL_ia32_cpuid");
  
  &external_label("OPENSSL_ia32cap_P");
-@@ -199,8 +231,9 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
+@@ -199,8 +224,9 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
  	&bt	(&DWP(0,"ecx"),1);
  	&jnc	(&label("no_x87"));
  	if ($sse2) {
@@ -6097,7 +6090,7 @@ diff -up openssl-1.0.0d/crypto/x86cpuid.pl.intelopts openssl-1.0.0d/crypto/x86cp
  		&pxor	("xmm2","xmm2");
 diff -up openssl-1.0.0d/crypto/x86_64cpuid.pl.intelopts openssl-1.0.0d/crypto/x86_64cpuid.pl
 --- openssl-1.0.0d/crypto/x86_64cpuid.pl.intelopts	2010-04-14 21:25:09.000000000 +0200
-+++ openssl-1.0.0d/crypto/x86_64cpuid.pl	2011-08-24 12:36:34.000000000 +0200
++++ openssl-1.0.0d/crypto/x86_64cpuid.pl	2011-08-24 12:50:56.000000000 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
diff --git a/openssl.spec b/openssl.spec
index 2a3ce57..bd07689 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.0e
-Release: 2%{?dist}
+Release: 3%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
 Source: openssl-%{version}-usa.tar.bz2
@@ -76,6 +76,7 @@ Patch62: openssl-1.0.0-fips-aesni.patch
 Patch63: openssl-1.0.0d-xmpp-starttls.patch
 Patch64: openssl-1.0.0d-intelopts.patch
 Patch65: openssl-1.0.0e-chil-fixes.patch
+Patch66: openssl-1.0.0-sha2test.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.0d-padlock64.patch
 
@@ -173,6 +174,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch63 -p1 -b .starttls
 %patch64 -p1 -b .intelopts
 %patch65 -p1 -b .chil
+%patch66 -p1 -b .sha2test
 
 %patch81 -p1 -b .padlock64
 
@@ -424,6 +426,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun -p /sbin/ldconfig
 
 %changelog
+* Thu Nov  3 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0e-3
+- do not use AVX instructions when osxsave bit not set
+- add direct known answer tests for SHA2 algorithms
+
 * Wed Sep 21 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0e-2
 - fix missing initialization of variable in CHIL engine

More information about the scm-commits mailing list