From 49d619ea05743a3df6b9bf8160aaa0b4306118db Mon Sep 17 00:00:00 2001 From: Holger Dengler Date: Tue, 16 Apr 2024 14:18:23 +0200 Subject: [PATCH 1/2] test: disable CEX usage in OpenSSL for all tests OpenSSL supports CEX exploitation since version v3.2.x. Libica and its testcases use OpenSSL as helper and fallback, so disable the CEX acceleration for all tests. If the environment variable is already set, use it as is without modifying it. In this case, it is up to the user to choose the right settings. Fixes: Issue #126 Link: https://github.com/opencryptoki/libica/issues/126 Signed-off-by: Holger Dengler --- test/Makefile.am | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/Makefile.am b/test/Makefile.am index 76d4f15..e56b256 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -61,10 +61,14 @@ TESTS += \ ${top_builddir}/src/internal_tests/ec_internal_test endif +# disable OpenSSL CEX usage for all tests +OPENSSL_s390xcap ?= nocex + TEST_EXTENSIONS = .sh .pl TESTS_ENVIRONMENT = export LD_LIBRARY_PATH=${builddir}/../src/.libs/:$$LD_LIBRARY_PATH \ PATH=${builddir}/../src/:$$PATH \ - LIBICA_TESTDATA=${srcdir}/testdata/; + LIBICA_TESTDATA=${srcdir}/testdata/ \ + OPENSSL_s390xcap=${OPENSSL_s390xcap}; AM_CFLAGS = @FLAGS@ -DNO_SW_FALLBACKS -I${srcdir}/../include/ -I${srcdir}/../src/include/ LDADD = @LIBS@ ${top_builddir}/src/.libs/libica.so -lcrypto -lpthread -- 2.45.1 From d3a7542e7eb45c22066ecb1be62480dde41fd544 Mon Sep 17 00:00:00 2001 From: Joerg Schmidbauer Date: Wed, 24 Apr 2024 10:44:26 +0200 Subject: [PATCH 2/2] Bugfix: correct rc handling with s390_pcc function Signed-off-by: Joerg Schmidbauer --- src/include/s390_aes.h | 2 +- src/include/s390_cmac.h | 2 +- src/include/s390_crypto.h | 23 +++++++++++++---------- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/include/s390_aes.h b/src/include/s390_aes.h index 6252dde..a6ff27b 100644 --- a/src/include/s390_aes.h +++ b/src/include/s390_aes.h @@ -674,7 +674,7 @@ static inline int s390_aes_xts_parm(unsigned long function_code, memset(&parm_block.keys, 0, key_size); - if (rc >= 0) { + if (rc == 0) { memcpy(xts_parm, parm_block.xts_parameter, sizeof(ica_aes_vector_t)); return 0; diff --git a/src/include/s390_cmac.h b/src/include/s390_cmac.h index 76b9cca..f19c069 100644 --- a/src/include/s390_cmac.h +++ b/src/include/s390_cmac.h @@ -161,7 +161,7 @@ static inline int s390_cmac_hw(unsigned long fc, /* calculate final block (last/full) */ rc = s390_pcc(fc, pb_lookup.base); memset(pb_lookup.keys, 0, key_size); - if (rc < 0) + if (rc != 0) return EIO; _stats_increment(fc, ALGO_HW, ENCRYPT); diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h index f34241f..f11eacb 100644 --- a/src/include/s390_crypto.h +++ b/src/include/s390_crypto.h @@ -244,27 +244,30 @@ void s390_crypto_switches_init(void); /** * s390_pcc: - * @func: the function code passed to KM; see s390_pcc_functions + * @func: the function code passed to PCC; see s390_pcc_functions * @param: address of parameter block; see POP for details on each func * * Executes the PCC operation of the CPU. * - * Returns -1 for failure, 0 for the query func, number of processed - * bytes for encryption/decryption funcs + * Returns condition code of the PCC instruction */ static inline int s390_pcc(unsigned long func, void *param) { register unsigned long r0 asm("0") = (unsigned long)func; register unsigned long r1 asm("1") = (unsigned long)param; + char cc; - asm volatile ( - "0: .long %[opc] << 16\n" - " brc 1,0b\n" - : - : [fc] "d" (r0), [param] "a" (r1), [opc] "i" (0xb92c) - : "cc", "memory"); + asm volatile( + "0: .insn rre,%[opc] << 16,0,0\n" /* PCC opcode */ + " brc 1,0b\n" /* handle partial completion */ + " ipm %[cc]\n" + " srl %[cc],28\n" + : [cc] "=d" (cc) + : [func] "d" (r0), [param] "a" (r1), [opc] "i" (0xb92c) + : "cc", "memory" + ); - return 0; + return cc; } /** -- 2.45.1