Ensure we get all the right defines for AES assembler in FIPS module (41525ed6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Configurations/windows-makefile.tmpl

+11 −1

Original line number	Diff line number	Diff line
		@@ -287,7 +287,17 @@ DSO_ASFLAGS={- join(' ', $target{dso_asflags} \|\| (),
		@{$config{module_asflags}},
		'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
		DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} \|\| (),
		$target{module_cppflags} \|\| (),
		$target{module_cppflag} \|\| (),
		(map { '-D'.quotify1($_) }
		@{$target{dso_defines}},
		@{$target{module_defines}},
		@{$config{dso_defines}},
		@{$config{module_defines}}),
		(map { '-I'.quotify1($_) }
		@{$target{dso_includes}},
		@{$target{module_includes}},
		@{$config{dso_includes}},
		@{$config{module_includes}}),
		@{$config{dso_cppflags}},
		@{$config{module_cppflags}},
		'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}

Configure

+24 −6

Original line number	Diff line number	Diff line
		@@ -1400,7 +1400,10 @@ if ($target{sys_id} ne "")

		unless ($disabled{asm}) {
		$target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386");
		push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ" if ($target{cpuid_asm_src} ne "mem_clr.c");
		if ($target{cpuid_asm_src} ne "mem_clr.c") {
		push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ";
		push @{$config{module_defines}}, "OPENSSL_CPUID_OBJ";
		}

		$target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));

		@@ -1432,15 +1435,30 @@ unless ($disabled{asm}) {
		push @{$config{lib_defines}}, "RMD160_ASM";
		}
		if ($target{aes_asm_src}) {
		push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
		if ($target{aes_asm_src} =~ m/\baes-/) {
		push @{$config{lib_defines}}, "AES_ASM";
		push @{$config{module_defines}}, "AES_ASM";
		}
		# aes-ctr.fake is not a real file, only indication that assembler
		# module implements AES_ctr32_encrypt...
		push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
		if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//) {
		push @{$config{lib_defines}}, "AES_CTR_ASM";
		push @{$config{module_defines}}, "AES_CTR_ASM";
		}
		# aes-xts.fake indicates presence of AES_xts_[en\|de]crypt...
		push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
		if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//) {
		push @{$config{lib_defines}}, "AES_XTS_ASM";
		push @{$config{module_defines}}, "AES_XTS_ASM";
		}
		$target{aes_asm_src} =~ s/\s*(vpaes\|aesni)-x86\.s//g if ($disabled{sse2});
		push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
		push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
		if ($target{aes_asm_src} =~ m/vpaes/) {
		push @{$config{lib_defines}}, "VPAES_ASM";
		push @{$config{module_defines}}, "VPAES_ASM";
		}
		if ($target{aes_asm_src} =~ m/bsaes/) {
		push @{$config{lib_defines}}, "BSAES_ASM";
		push @{$config{module_defines}}, "BSAES_ASM";
		}
		}
		if ($target{wp_asm_src} =~ /mmx/) {
		if ($config{processor} eq "386") {

crypto/build.info

+2 −2

Original line number	Diff line number	Diff line
		@@ -26,9 +26,9 @@ SOURCE[../libcrypto]=\

		# FIPS module
		SOURCE[../providers/fips]=\
		cryptlib.c mem.c mem_clr.c params.c bsearch.c ex_data.c o_str.c \
		cryptlib.c mem.c params.c bsearch.c ex_data.c o_str.c \
		ctype.c threads_pthread.c threads_win.c threads_none.c context.c \
		sparse_array.c
		sparse_array.c {- $target{cpuid_asm_src} -}


		DEPEND[cversion.o]=buildinf.h

crypto/ppccap.c

+14 −8

Original line number	Diff line number	Diff line
		@@ -38,6 +38,11 @@ unsigned int OPENSSL_ppccap_P = 0;

		static sigset_t all_masked;

		/*
		* TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
		* the FIPS module yet.
		*/
		#ifndef FIPS_MODE
		# ifdef OPENSSL_BN_ASM_MONT
		int bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
		const BN_ULONG np, const BN_ULONG n0, int num)
		@@ -164,6 +169,7 @@ void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
		ecp_nistz256_mul_mont(res, in, one);
		}
		# endif
		#endif /* FIPS_MODE */

		static sigjmp_buf ill_jmp;
		static void ill_handler(int sig)

crypto/sparcv9cap.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -24,6 +24,11 @@ __attribute__ ((visibility("hidden")))
		#endif
		unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };

		/*
		* TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
		* the FIPS module yet.
		*/
		#ifndef FIPS_MODE
		int bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
		const BN_ULONG np, const BN_ULONG n0, int num)
		{
		@@ -86,6 +91,7 @@ int bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
		}
		return bn_mul_mont_int(rp, ap, bp, np, n0, num);
		}
		#endif /* FIPS_MODE */

		unsigned long _sparcv9_rdtick(void);
		void _sparcv9_vis1_probe(void);