fips.c: x86[_64] capability masking.
authorAndy Polyakov <appro@openssl.org>
Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)
committerAndy Polyakov <appro@openssl.org>
Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)
fips/fips.c

index 5cb4bfd..4f0f64c 100644 (file)
@@ -160,6 +160,9 @@ unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
     const unsigned char *p4 = FIPS_rodata_end;
     HMAC_CTX c;
 
+#if defined(_MSC_VER)
+#endif
+
     HMAC_CTX_init(&c);
     HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
 
@@ -312,13 +315,18 @@ int FIPS_module_mode_set(int onoff, const char *auth)
            }
 
 #ifdef OPENSSL_IA32_SSE2
-       if ((OPENSSL_ia32cap & (1<<25|1<<26)) != (1<<25|1<<26))
+       {
+       unsigned int OPENSSL_ia32cap_P[];
+       if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
            {
            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
            }
+       OPENSSL_ia32cap_P[0] |= (1<<28);        /* set "shared cache"   */
+       OPENSSL_ia32cap_P[1] &= ~(1<<60);       /* clear AVX            */
+       }
 #endif
 
        if(fips_signature_witness() != FIPS_signature)