Commit 475631c3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Use common source files for FIPS mode and utilize same optimizations.

parent 218ba8cb

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 0.9.8e and 0.9.8f-fips  [xx XXX xxxx]



  *) Use standard implementations of SHAx, DES, AES under crypto/ in FIPS

     mode to avoid having to maintain two versions. This will also make use

     of appropriate assembly language optimizations.

     [Steve Henson]



  *) Check for selftest status in all crypto operations and exit with a

     fatal error if selftest failed.

     [Steve Henson]

Configure

+0 −19
Original line number Diff line number Diff line
@@ -1223,24 +1223,8 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; 
$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);

$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);



my $fips_des_obj;

my $fips_aes_obj;

my $fips_sha1_obj;

if ($fips)

	{

	if ($des_obj =~ /\-elf\.o$/)

		{

		$fips_des_obj='asm/fips-dx86-elf.o';

		$openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n";

		$fips_aes_obj='asm/fips-ax86-elf.o';

		$openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n";

		}

	else	{

		$fips_des_obj=$fips_des_enc;

		$fips_aes_obj='fips_aes_core.o';

		}

	$fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);

	$des_obj=$sha1_obj=$aes_obj="";

	$openssl_other_defines.="#define OPENSSL_FIPS\n";

	}
@@ -1354,8 +1338,6 @@ while (<IN>) 
	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;

	s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;

	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;

	s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;

	s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/;

	s/^DES_ENC=.*$/DES_ENC= $des_obj/;

	s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;

	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -1364,7 +1346,6 @@ while (<IN>) 
	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;

	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;

	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;

	s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/;

	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;

	s/^PROCESSOR=.*/PROCESSOR= $processor/;

	s/^RANLIB=.*/RANLIB= $ranlib/;

Makefile.org

+6 −11
Original line number Diff line number Diff line
@@ -87,8 +87,6 @@ PROCESSOR= 
# CPUID module collects small commonly used assembler snippets

CPUID_OBJ= 

BN_ASM= bn_asm.o

FIPS_DES_ENC= des_enc.o fcrypt_b.o

FIPS_AES_ENC= fips_aes_core.o

DES_ENC= des_enc.o fcrypt_b.o

AES_ASM_OBJ=aes_core.o aes_cbc.o

BF_ENC= bf_enc.o
@@ -96,7 +94,6 @@ CAST_ENC= c_enc.o 
RC4_ENC= rc4_enc.o

RC5_ENC= rc5_enc.o

MD5_ASM_OBJ= 

FIPS_SHA1_ASM_OBJ= 

SHA1_ASM_OBJ= 

RMD160_ASM_OBJ=
@@ -222,9 +219,6 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ 
		SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'			\

		MD5_ASM_OBJ='${MD5_ASM_OBJ}'			\

		RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'		\

		FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}'	\

		FIPS_DES_ENC='${FIPS_DES_ENC}'		 	\

		FIPS_AES_ENC='${FIPS_AES_ENC}'		 	\

		FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \

		FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'	\

		FIPS_EX_OBJ='${FIPS_EX_OBJ}'	\
@@ -259,8 +253,7 @@ BUILD_ONE_CMD=\ 
reflect:

	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)



FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \

	../crypto/aes/aes_cfb.o \

FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \

	../crypto/aes/aes_ecb.o \

	../crypto/aes/aes_ofb.o \

	../crypto/bn/bn_add.o \
@@ -286,13 +279,12 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ 
	../crypto/des/cfb64ede.o \

	../crypto/des/cfb64enc.o \

	../crypto/des/cfb_enc.o \

	../crypto/des/des_enc.o \

	../crypto/des/ecb3_enc.o \

	../crypto/des/ecb_enc.o \

	../crypto/des/ofb64ede.o \

	../crypto/des/ofb64enc.o \

	../crypto/des/fcrypt_b.o \

	../crypto/des/fcrypt.o \

	../crypto/des/set_key.o \

	../crypto/dsa/dsa_utl.o \

	../crypto/dsa/dsa_sign.o \

	../crypto/dsa/dsa_vrf.o \
@@ -319,6 +311,9 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ 
	../crypto/rsa/rsa_pss.o \

	../crypto/rsa/rsa_ssl.o \

	../crypto/rsa/rsa_x931.o \

	../crypto/sha/sha1dgst.o \

	../crypto/sha/sha256.o \

	../crypto/sha/sha512.o \

	../crypto/uid.o



sub_all: build_all
@@ -328,7 +323,7 @@ build_libs: build_crypto build_fips build_ssl build_engines 


build_crypto:

	if [ -n "$(FIPSCANLIB)" ]; then \

		EXCL_OBJ='$(BN_ASM) $(CPUID_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \

		EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \

		ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \

	else \

		ARX='${AR}' ; \

crypto/aes/aes_core.c

+4 −4
Original line number Diff line number Diff line
@@ -39,8 +39,6 @@ 
#include <openssl/aes.h>

#include "aes_locl.h"



#ifndef OPENSSL_FIPS



/*

Te0[x] = S [x].[02, 01, 01, 03];

Te1[x] = S [x].[03, 02, 01, 01];
@@ -633,6 +631,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, 
   	int i = 0;

	u32 temp;



#ifdef OPENSSL_FIPS

	FIPS_selftest_check();

#endif



	if (!userKey || !key)

		return -1;

	if (bits != 128 && bits != 192 && bits != 256)
@@ -1159,5 +1161,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, 
}



#endif /* AES_ASM */
 


#endif

crypto/des/des_enc.c

+0 −4
Original line number Diff line number Diff line
@@ -58,8 +58,6 @@ 


#include "des_locl.h"



#ifndef OPENSSL_FIPS



void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)

	{

	register DES_LONG l,r,t,u;
@@ -289,8 +287,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, 
	data[1]=r;

	}



#endif



#ifndef DES_DEFAULT_OPTIONS



#if !defined(OPENSSL_FIPS_DES_ASM)