- Do not use sigill to wrap all HW instructions (#665401)

- updated to 2.0.4
2011-01-12 09:07:50 +01:00 · 2011-01-12 09:07:50 +01:00 · 08a457490b
commit 08a457490b
parent ecbad6b667
5 changed files with 330 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 libica-2.0.3.tar.gz
+/libica-2.0.4.tar.gz
--- a/libica-2.0.3-remove-sigill.patch
+++ b/libica-2.0.3-remove-sigill.patch
@ -0,0 +1,275 @@
+[Bug 67452]: Do not use sigill to wrap all HW instructions.
+
+From: Felix Beck <felix.beck@de.ibm.com>
+
+As described in Bugzilla 67452 there is a performance problem using
+libica. This results from extensive usage of the signall handler to
+catch illegal signals from hw functions. This wrapping mechanism is
+removed. Instead we trust in the switches which are set during
+library initialization. This is enough to protect us from using
+illegal instructions.
+The performance impact of the former signal handler usage was
+dramatic.
+
+Signed-off-by: Felix Beck <felix.beck@de.ibm.com>
+
+diff -up libica-2/src/s390_aes.c.remove-sigill libica-2/src/s390_aes.c
+--- libica-2/src/s390_aes.c.remove-sigill	2009-02-04 16:19:22.000000000 +0100
+++ libica-2/src/s390_aes.c	2011-01-04 11:53:08.000000000 +0100
+@@ -24,23 +24,13 @@ static int s390_aes_ecb_hw(unsigned int 
+ 			   unsigned char *input_data, unsigned char *keys,
+ 			   unsigned char *output_data)
+ {
+-	struct sigaction oldact;
+-	sigset_t oldset;
+-
+ 	int rc = 0;
+-	if ((rc = begin_sigill_section(&oldact, &oldset)) == 0) {
+-
+-		rc = s390_km(function_code, keys, output_data, input_data,
+-			     input_length);
+-
+-		end_sigill_section(&oldact, &oldset);
+-
+-		if (rc >= 0)
+-			return 0;
+-		else
+-			return EIO;
+-	}
+-	return rc;
+	rc = s390_km(function_code, keys, output_data, input_data,
+		     input_length);
+	if (rc >= 0)
+		return 0;
+	else
+		return EIO;
+ }
+ 
+ static int s390_aes_ecb_sw(unsigned int function_code, unsigned int input_length,
+@@ -73,8 +63,6 @@ static int s390_aes_cbc_hw(unsigned int 
+ 			   unsigned char *input_data, ica_aes_vector_t *iv,
+ 			   unsigned char *keys, unsigned char *output_data)
+ {
+-	struct sigaction oldact;
+-	sigset_t oldset;
+ 	struct {
+ 		ica_aes_vector_t iv;
+ 		ica_aes_key_len_256_t keys;
+@@ -87,12 +75,8 @@ static int s390_aes_cbc_hw(unsigned int 
+ 	memcpy(&key_buffer.keys, keys, key_size);
+ 
+ 	int rc = 0;
+-	if ((rc = begin_sigill_section(&oldact, &oldset)) != 0)
+-		return rc;
+-
+ 	rc = s390_kmc(function_code, &key_buffer,
+ 		      output_data, input_data, input_length);
+-	end_sigill_section(&oldact, &oldset);
+ 
+ 	if (rc >= 0) {
+ 		memcpy(iv, &key_buffer.iv, sizeof(ica_aes_vector_t));
+diff -up libica-2/src/s390_des.c.remove-sigill libica-2/src/s390_des.c
+--- libica-2/src/s390_des.c.remove-sigill	2009-02-05 16:53:00.000000000 +0100
+++ libica-2/src/s390_des.c	2011-01-04 11:53:08.000000000 +0100
+@@ -25,20 +25,13 @@ int s390_des_ecb_hw(unsigned int functio
+ 		    unsigned char *output_data)
+ {
+ 	int rc = 0;
+-	struct sigaction oldact;
+-	sigset_t oldset;
+-	if ((rc = begin_sigill_section(&oldact, &oldset)) == 0) {
+-		rc = s390_km(function_code, keys, output_data, input_data,
+-			     input_length);
+-
+-		end_sigill_section(&oldact, &oldset);
+-		
+-		if (rc >= 0)
+-			return 0;
+-		else
+-			return EIO;
+-	}
+-	return rc;
+	rc = s390_km(function_code, keys, output_data, input_data,
+		     input_length);
+
+	if (rc >= 0)
+		return 0;
+	else
+		return EIO;
+ }
+ 
+ 
+@@ -109,8 +102,6 @@ static int s390_des_cbc_hw(unsigned int 
+ 			   unsigned char *input_data, ica_des_vector_t *iv,
+ 			   unsigned char *keys, unsigned char *output_data)
+ {
+-	struct sigaction oldact;
+-	sigset_t oldset;
+ 	struct {
+ 		ica_des_vector_t iv;
+ 		ica_des_key_triple_t keys;
+@@ -122,17 +113,13 @@ static int s390_des_cbc_hw(unsigned int 
+ 	memcpy(&key_buffer.iv, iv, sizeof(ica_des_vector_t));
+ 	memcpy(&key_buffer.keys, keys, key_size);
+ 
+-	if ((rc = begin_sigill_section(&oldact, &oldset)) == 0) {
+-		rc = s390_kmc(function_code, &key_buffer, output_data, input_data,
+-			      input_length);
+-		end_sigill_section(&oldact, &oldset);
+-		if (rc >= 0) {
+-			memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
+-			return 0;
+-		} else
+-			rc = EIO;
+-	}
+-	return rc;
+	rc = s390_kmc(function_code, &key_buffer, output_data, input_data,
+		      input_length);
+	if (rc >= 0) {
+		memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
+		return 0;
+	} else
+		rc = EIO;
+ }
+ 
+ 
+diff -up libica-2/src/s390_prng.c.remove-sigill libica-2/src/s390_prng.c
+--- libica-2/src/s390_prng.c.remove-sigill	2011-01-04 11:53:08.000000000 +0100
+++ libica-2/src/s390_prng.c	2011-01-04 11:53:08.000000000 +0100
+@@ -67,27 +67,22 @@ int s390_prng_init(void)
+ {
+ 	sem_init(&semaphore, 0, 1);
+ 
+-	struct sigaction oldact;
+-	sigset_t oldset;
+ 	int rc = -1;
+-	if (begin_sigill_section(&oldact, &oldset) == 0) {
+-		int handle;
+-		unsigned char seed[16];
+-		handle = open("/dev/hwrng", O_RDONLY);
+-		if (!handle)
+-			handle = open("/dev/urandom", O_RDONLY);
+-		if (handle) {
+-			rc = read(handle, seed, sizeof(seed));
+-		        if (rc != -1)
+-				rc = s390_prng_seed(seed, sizeof(seed) /
+-						    sizeof(long long));
+-			close(handle);
+-		} else
+-			rc = ENODEV;
+	int handle;
+	unsigned char seed[16];
+	handle = open("/dev/hwrng", O_RDONLY);
+	if (!handle)
+		handle = open("/dev/urandom", O_RDONLY);
+	if (handle) {
+		rc = read(handle, seed, sizeof(seed));
+	        if (rc != -1)
+			rc = s390_prng_seed(seed, sizeof(seed) /
+					    sizeof(long long));
+		close(handle);
+	} else
+		rc = ENODEV;
+ 	// If the original seeding failed, we should try to stir in some
+ 	// entropy anyway (since we already put out a message).
+-	}
+-	end_sigill_section(&oldact, &oldset);
+ 	s390_byte_count = 0;
+ 
+ 	if (rc < 0)
+@@ -107,11 +102,9 @@ static int s390_add_entropy(void)
+ 	unsigned char entropy[4 * STCK_BUFFER];
+ 	unsigned int K;
+ 	int rc = 0;
+-	struct sigaction oldact;
+-	sigset_t oldset;
+ 
+-	if (begin_sigill_section(&oldact, &oldset) != 0)
+-		return errno;
+	if (!prng_switch)
+		return ENOTSUP;
+ 
+ 	for (K = 0; K < 16; K++) {
+ 		if ((s390_stck(entropy + 0 * STCK_BUFFER)) ||
+@@ -145,7 +138,6 @@ out:
+ 		rc = 0;
+ 	else
+ 		rc = EIO;
+-	end_sigill_section(&oldact, &oldset);
+ 	return rc;
+ }
+ 
+@@ -190,12 +182,6 @@ static int s390_prng_hw(unsigned char *r
+ 	unsigned char last_dw[STCK_BUFFER];
+ 	int rc = 0;
+ 
+-	struct sigaction oldact;
+-	sigset_t oldset;
+-
+-	if ((rc = begin_sigill_section(&oldact, &oldset)) != 0)
+-		return rc;
+-
+ 	sem_wait(&semaphore);
+ 
+ 	/* Add some additional entropy when the byte count is reached.*/
+@@ -239,7 +225,6 @@ static int s390_prng_hw(unsigned char *r
+ 			return EIO;
+ 
+ 	}
+-	end_sigill_section(&oldact, &oldset);
+ 	sem_post(&semaphore);
+ 
+ 	return rc;
+@@ -252,10 +237,8 @@ static int s390_prng_hw(unsigned char *r
+  */
+ static int s390_prng_seed(void *srv, unsigned int count)
+ {
+-	struct sigaction oldact;
+-	sigset_t oldset;
+-	if (begin_sigill_section(&oldact, &oldset) != 0)
+-		return errno;
+	if (!prng_switch)
+		return ENOTSUP;
+ 
+ 	unsigned int i;
+ 	int rc;
+@@ -269,6 +252,5 @@ static int s390_prng_seed(void *srv, uns
+ 	// Stir one last time.
+ 	rc = s390_add_entropy();
+ 
+-	end_sigill_section(&oldact, &oldset);
+ 	return rc;
+ }
+diff -up libica-2/src/s390_sha.c.remove-sigill libica-2/src/s390_sha.c
+--- libica-2/src/s390_sha.c.remove-sigill	2009-02-04 16:19:22.000000000 +0100
+++ libica-2/src/s390_sha.c	2011-01-04 11:53:08.000000000 +0100
+@@ -79,9 +79,6 @@ static int s390_sha_hw(unsigned char *iv
+ 	 * this can be at most 128 byte for the hash plus 16 byte for the
+ 	 * stream length. */
+         unsigned char shabuff[128 + 16];
+-	struct sigaction oldact;
+-        sigset_t oldset;
+-
+ 	unsigned char *default_iv = sha_constants[sha_function].default_iv;
+ 	unsigned int hash_length = sha_constants[sha_function].hash_length;
+ 	unsigned int vector_length = sha_constants[sha_function].vector_length;
+@@ -111,10 +108,6 @@ static int s390_sha_hw(unsigned char *iv
+ 	     message_part == SHA_MSG_PART_MIDDLE) && (remnant != 0))
+                 return EINVAL;
+ 
+-        rc = begin_sigill_section(&oldact, &oldset);
+-        if (rc)
+-                return rc;
+-
+ 	unsigned int hw_function_code;
+ 	hw_function_code = sha_constants[sha_function].hw_function_code;
+         if (complete_blocks_length) {
+@@ -154,8 +147,6 @@ static int s390_sha_hw(unsigned char *iv
+ 			rc = 0;
+         }
+ 
+-        end_sigill_section(&oldact, &oldset);
+-
+         if (rc == 0) {
+                 memcpy((void *)output_data, shabuff, hash_length);
+                 if (message_part != SHA_MSG_PART_FINAL &&
--- a/libica-2.0.3-tests.patch
+++ b/libica-2.0.3-tests.patch
@ -0,0 +1,34 @@
+From e4d6efb9159a97c02e0569e91b47fbedd85fdbe7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Tue, 9 Nov 2010 09:50:19 +0100
+Subject: [PATCH] return a zero is missing in old_api_sha_test() in libica_sha1_test
+
+The libica_sha1_test fails with an error although the actual test were
+successful:
+
+...
+All SHA1 tests completed successfully
+old_api_sha_test failed with rc = 446276480
+
+The reason is missing "return 0;" at the end of the old_api_sha_test()
+function.
+---
+ src/tests/libica_sha1_test.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/tests/libica_sha1_test.c b/src/tests/libica_sha1_test.c
+index 4e21ff4..d4b613b 100644
+--- a/src/tests/libica_sha1_test.c
+++ b/src/tests/libica_sha1_test.c
+@@ -217,7 +217,7 @@ int old_api_sha_test(void)
+ 
+   icaCloseAdapter(adapter_handle);
+ 
+-
+  return 0;
+ }
+ 
+ int new_api_sha_test(void)
+-- 
+1.7.3.2
+
--- a/libica.spec
+++ b/libica.spec
@ -1,11 +1,15 @@
 Summary: Library for accessing ICA hardware crypto on IBM zSeries
 Name: libica
-Version: 2.0.3
-Release: 2%{?dist}
+Version: 2.0.4
+Release: 1%{?dist}
 License: CPL
 Group: System Environment/Libraries
 URL: http://sourceforge.net/projects/opencryptoki/
 Source0: http://downloads.sourceforge.net/opencryptoki/%{name}-%{version}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=624005
+Patch1: %{name}-2.0.3-tests.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=665401
+Patch2: %{name}-2.0.3-remove-sigill.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: openssl-devel
 BuildRequires: autoconf automake libtool
@ -31,7 +35,10 @@ IBM zSeries.


 %prep
-%setup -q -n %{name}-2
+%setup -q -n %{name}-2.0
+
+%patch1 -p1 -b .tests
+%patch2 -p1 -b .remove-sigill

 # fix EOLs
 sed -i -e 's/\r//g' LICENSE
@ -75,6 +82,15 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Wed Jan 12 2011 Dan Horák <dan[at]danny.cz> - 2.0.4-1
+- Do not use sigill to wrap all HW instructions (#665401)
+- updated to 2.0.4
+
+* Tue Nov  8 2010 Dan Horák <dhorak@redhat.com> - 2.0.3-3
+- Fix the return value of old_api_sha_test() in libica_sha1_test (#624005)
+- Use the right buffer length when operating in 32-bit mode (#640035)
+- Resolves: #624005, #640035
+
 * Fri May 21 2010 Dan Horák <dan[at]danny.cz> - 2.0.3-2
 - rebuilt with -fno-strict-aliasing (#593779)
 - Resolves: #593779
--- a/2
+++ b/2
@ -1 +1 @@
-da90d6c3f5ef28c67ba8e7cf17e1dc8b  libica-2.0.3.tar.gz
+1139c5280657658d9a8f9879dd9f0ec8  libica-2.0.4.tar.gz