Ensure we get all the right defines for AES assembler in FIPS module
authorMatt Caswell <matt@openssl.org>
Thu, 30 May 2019 13:40:57 +0000 (14:40 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 3 Jun 2019 11:56:53 +0000 (12:56 +0100)
There are various C macro definitions that are passed via the compiler
to enable AES assembler optimisation. We need to make sure that these
defines are also passed during compilation of the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

Configurations/windows-makefile.tmpl
Configure
crypto/build.info
crypto/ppccap.c
crypto/sparcv9cap.c
providers/common/ciphers/build.info

index a07e142..3c8d51b 100644 (file)
@@ -287,7 +287,17 @@ DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
                          @{$config{module_asflags}},
                          '$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
 DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
-                          $target{module_cppflags} || (),
+                          $target{module_cppflag} || (),
+                          (map { '-D'.quotify1($_) }
+                               @{$target{dso_defines}},
+                               @{$target{module_defines}},
+                               @{$config{dso_defines}},
+                               @{$config{module_defines}}),
+                          (map { '-I'.quotify1($_) }
+                               @{$target{dso_includes}},
+                               @{$target{module_includes}},
+                               @{$config{dso_includes}},
+                               @{$config{module_includes}}),
                           @{$config{dso_cppflags}},
                           @{$config{module_cppflags}},
                           '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
index 2247a36..991f241 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -1400,7 +1400,10 @@ if ($target{sys_id} ne "")
 
 unless ($disabled{asm}) {
     $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386");
-    push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ" if ($target{cpuid_asm_src} ne "mem_clr.c");
+    if ($target{cpuid_asm_src} ne "mem_clr.c") {
+        push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ";
+        push @{$config{module_defines}}, "OPENSSL_CPUID_OBJ";
+    }
 
     $target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));
 
@@ -1432,15 +1435,30 @@ unless ($disabled{asm}) {
         push @{$config{lib_defines}}, "RMD160_ASM";
     }
     if ($target{aes_asm_src}) {
-        push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
+        if ($target{aes_asm_src} =~ m/\baes-/) {
+            push @{$config{lib_defines}}, "AES_ASM";
+            push @{$config{module_defines}}, "AES_ASM";
+        }
         # aes-ctr.fake is not a real file, only indication that assembler
         # module implements AES_ctr32_encrypt...
-        push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
+        if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//) {
+            push @{$config{lib_defines}}, "AES_CTR_ASM";
+            push @{$config{module_defines}}, "AES_CTR_ASM";
+        }
         # aes-xts.fake indicates presence of AES_xts_[en|de]crypt...
-        push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//);
+        if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//) {
+            push @{$config{lib_defines}}, "AES_XTS_ASM";
+            push @{$config{module_defines}}, "AES_XTS_ASM";
+        }
         $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2});
-        push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/);
-        push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/);
+        if ($target{aes_asm_src} =~ m/vpaes/) {
+            push @{$config{lib_defines}}, "VPAES_ASM";
+            push @{$config{module_defines}}, "VPAES_ASM";
+        }
+        if ($target{aes_asm_src} =~ m/bsaes/) {
+            push @{$config{lib_defines}}, "BSAES_ASM";
+            push @{$config{module_defines}}, "BSAES_ASM";
+        }
     }
     if ($target{wp_asm_src} =~ /mmx/) {
         if ($config{processor} eq "386") {
index 7798bcb..fb8f14e 100644 (file)
@@ -26,9 +26,9 @@ SOURCE[../libcrypto]=\
 
 # FIPS module
 SOURCE[../providers/fips]=\
-        cryptlib.c mem.c mem_clr.c params.c bsearch.c ex_data.c o_str.c \
+        cryptlib.c mem.c params.c bsearch.c ex_data.c o_str.c \
         ctype.c threads_pthread.c threads_win.c threads_none.c context.c \
-        sparse_array.c
+        sparse_array.c {- $target{cpuid_asm_src} -}
 
 
 DEPEND[cversion.o]=buildinf.h
index 0d5ab79..3465864 100644 (file)
@@ -38,7 +38,12 @@ unsigned int OPENSSL_ppccap_P = 0;
 
 static sigset_t all_masked;
 
-#ifdef OPENSSL_BN_ASM_MONT
+/*
+ * TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
+ * the FIPS module yet.
+ */
+#ifndef FIPS_MODE
+# ifdef OPENSSL_BN_ASM_MONT
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                 const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
@@ -63,7 +68,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
 
     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
 }
-#endif
+# endif
 
 void sha256_block_p8(void *ctx, const void *inp, size_t len);
 void sha256_block_ppc(void *ctx, const void *inp, size_t len);
@@ -83,7 +88,7 @@ void sha512_block_data_order(void *ctx, const void *inp, size_t len)
         sha512_block_ppc(ctx, inp, len);
 }
 
-#ifndef OPENSSL_NO_CHACHA
+# ifndef OPENSSL_NO_CHACHA
 void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp,
                         size_t len, const unsigned int key[8],
                         const unsigned int counter[4]);
@@ -103,9 +108,9 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
             ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
             : ChaCha20_ctr32_int(out, inp, len, key, counter);
 }
-#endif
+# endif
 
-#ifndef OPENSSL_NO_POLY1305
+# ifndef OPENSSL_NO_POLY1305
 void poly1305_init_int(void *ctx, const unsigned char key[16]);
 void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
                          unsigned int padbit);
@@ -139,9 +144,9 @@ int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
     }
     return 1;
 }
-#endif
+# endif
 
-#ifdef ECP_NISTZ256_ASM
+# ifdef ECP_NISTZ256_ASM
 void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
                            const unsigned long b[4]);
 
@@ -163,7 +168,8 @@ void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
 
     ecp_nistz256_mul_mont(res, in, one);
 }
-#endif
+# endif
+#endif /* FIPS_MODE */
 
 static sigjmp_buf ill_jmp;
 static void ill_handler(int sig)
index ec82566..e48ebf7 100644 (file)
@@ -24,6 +24,11 @@ __attribute__ ((visibility("hidden")))
 #endif
 unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
 
+/*
+ * TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
+ * the FIPS module yet.
+ */
+#ifndef FIPS_MODE
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                 const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
@@ -86,6 +91,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     }
     return bn_mul_mont_int(rp, ap, bp, np, n0, num);
 }
+#endif /* FIPS_MODE */
 
 unsigned long _sparcv9_rdtick(void);
 void _sparcv9_vis1_probe(void);
index b8c3172..fd49ccb 100644 (file)
@@ -5,3 +5,4 @@ INCLUDE[../../../libcrypto]=. ../../../crypto
 
 SOURCE[../../fips]=\
         block.c aes.c aes_basic.c
+INCLUDE[../../fips]=. ../../../crypto