Ensure we get all the right defines for AES assembler in FIPS module

There are various C macro definitions that are passed via the compiler
to enable AES assembler optimisation. We need to make sure that these
defines are also passed during compilation of the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)
This commit is contained in:
Matt Caswell 2019-05-30 14:40:57 +01:00
parent 66ad63e801
commit 41525ed628
6 changed files with 58 additions and 17 deletions

View file

@ -287,7 +287,17 @@ DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
@{$config{module_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
$target{module_cppflags} || (),
$target{module_cppflag} || (),
(map { '-D'.quotify1($_) }
@{$target{dso_defines}},
@{$target{module_defines}},
@{$config{dso_defines}},
@{$config{module_defines}}),
(map { '-I'.quotify1($_) }
@{$target{dso_includes}},
@{$target{module_includes}},
@{$config{dso_includes}},
@{$config{module_includes}}),
@{$config{dso_cppflags}},
@{$config{module_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}

View file

@ -1400,7 +1400,10 @@ if ($target{sys_id} ne "")
unless ($disabled{asm}) {
$target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386");
push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ" if ($target{cpuid_asm_src} ne "mem_clr.c");
if ($target{cpuid_asm_src} ne "mem_clr.c") {
push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ";
push @{$config{module_defines}}, "OPENSSL_CPUID_OBJ";
}
$target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));
@ -1432,15 +1435,30 @@ unless ($disabled{asm}) {
push @{$config{lib_defines}}, "RMD160_ASM";
}
if ($target{aes_asm_src}) {
push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
if ($target{aes_asm_src} =~ m/\baes-/) {
push @{$config{lib_defines}}, "AES_ASM";
push @{$config{module_defines}}, "AES_ASM";
}
# aes-ctr.fake is not a real file, only indication that assembler
# module implements AES_ctr32_encrypt...
push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//) {
push @{$config{lib_defines}}, "AES_CTR_ASM";
push @{$config{module_defines}}, "AES_CTR_ASM";
}
# aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//) {
push @{$config{lib_defines}}, "AES_XTS_ASM";
push @{$config{module_defines}}, "AES_XTS_ASM";
}
$target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
if ($target{aes_asm_src} =~ m/vpaes/) {
push @{$config{lib_defines}}, "VPAES_ASM";
push @{$config{module_defines}}, "VPAES_ASM";
}
if ($target{aes_asm_src} =~ m/bsaes/) {
push @{$config{lib_defines}}, "BSAES_ASM";
push @{$config{module_defines}}, "BSAES_ASM";
}
}
if ($target{wp_asm_src} =~ /mmx/) {
if ($config{processor} eq "386") {

View file

@ -26,9 +26,9 @@ SOURCE[../libcrypto]=\
# FIPS module
SOURCE[../providers/fips]=\
cryptlib.c mem.c mem_clr.c params.c bsearch.c ex_data.c o_str.c \
cryptlib.c mem.c params.c bsearch.c ex_data.c o_str.c \
ctype.c threads_pthread.c threads_win.c threads_none.c context.c \
sparse_array.c
sparse_array.c {- $target{cpuid_asm_src} -}
DEPEND[cversion.o]=buildinf.h

View file

@ -38,7 +38,12 @@ unsigned int OPENSSL_ppccap_P = 0;
static sigset_t all_masked;
#ifdef OPENSSL_BN_ASM_MONT
/*
* TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
* the FIPS module yet.
*/
#ifndef FIPS_MODE
# ifdef OPENSSL_BN_ASM_MONT
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
@ -63,7 +68,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
}
#endif
# endif
void sha256_block_p8(void *ctx, const void *inp, size_t len);
void sha256_block_ppc(void *ctx, const void *inp, size_t len);
@ -83,7 +88,7 @@ void sha512_block_data_order(void *ctx, const void *inp, size_t len)
sha512_block_ppc(ctx, inp, len);
}
#ifndef OPENSSL_NO_CHACHA
# ifndef OPENSSL_NO_CHACHA
void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
size_t len, const unsigned int key[8],
const unsigned int counter[4]);
@ -103,9 +108,9 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
: ChaCha20_ctr32_int(out, inp, len, key, counter);
}
#endif
# endif
#ifndef OPENSSL_NO_POLY1305
# ifndef OPENSSL_NO_POLY1305
void poly1305_init_int(void *ctx, const unsigned char key[16]);
void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
unsigned int padbit);
@ -139,9 +144,9 @@ int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
}
return 1;
}
#endif
# endif
#ifdef ECP_NISTZ256_ASM
# ifdef ECP_NISTZ256_ASM
void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
const unsigned long b[4]);
@ -163,7 +168,8 @@ void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
ecp_nistz256_mul_mont(res, in, one);
}
#endif
# endif
#endif /* FIPS_MODE */
static sigjmp_buf ill_jmp;
static void ill_handler(int sig)

View file

@ -24,6 +24,11 @@ __attribute__ ((visibility("hidden")))
#endif
unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
/*
* TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
* the FIPS module yet.
*/
#ifndef FIPS_MODE
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
@ -86,6 +91,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
}
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
}
#endif /* FIPS_MODE */
unsigned long _sparcv9_rdtick(void);
void _sparcv9_vis1_probe(void);

View file

@ -5,3 +5,4 @@ INCLUDE[../../../libcrypto]=. ../../../crypto
SOURCE[../../fips]=\
block.c aes.c aes_basic.c
INCLUDE[../../fips]=. ../../../crypto