199 lines
6.5 KiB
Diff
199 lines
6.5 KiB
Diff
|
diff -up openssl-1.0.2a/engines/e_padlock.c.padlock64 openssl-1.0.2a/engines/e_padlock.c
|
||
|
--- openssl-1.0.2a/engines/e_padlock.c.padlock64 2015-03-19 14:19:00.000000000 +0100
|
||
|
+++ openssl-1.0.2a/engines/e_padlock.c 2015-04-22 16:23:44.105617468 +0200
|
||
|
@@ -101,7 +101,10 @@
|
||
|
*/
|
||
|
# undef COMPILE_HW_PADLOCK
|
||
|
# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
|
||
|
-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
|
||
|
+# if (defined(__GNUC__) && __GNUC__>=2 && \
|
||
|
+ (defined(__i386__) || defined(__i386) || \
|
||
|
+ defined(__x86_64__) || defined(__x86_64)) \
|
||
|
+ ) || \
|
||
|
(defined(_MSC_VER) && defined(_M_IX86))
|
||
|
# define COMPILE_HW_PADLOCK
|
||
|
# endif
|
||
|
@@ -140,7 +143,7 @@ void ENGINE_load_padlock(void)
|
||
|
# endif
|
||
|
# elif defined(__GNUC__)
|
||
|
# ifndef alloca
|
||
|
-# define alloca(s) __builtin_alloca(s)
|
||
|
+# define alloca(s) __builtin_alloca((s))
|
||
|
# endif
|
||
|
# endif
|
||
|
|
||
|
@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_da
|
||
|
* =======================================================
|
||
|
*/
|
||
|
# if defined(__GNUC__) && __GNUC__>=2
|
||
|
+# if defined(__i386__) || defined(__i386)
|
||
|
/*
|
||
|
* As for excessive "push %ebx"/"pop %ebx" found all over.
|
||
|
* When generating position-independent code GCC won't let
|
||
|
@@ -379,22 +383,6 @@ static int padlock_available(void)
|
||
|
return padlock_use_ace + padlock_use_rng;
|
||
|
}
|
||
|
|
||
|
-# ifndef OPENSSL_NO_AES
|
||
|
-# ifndef AES_ASM
|
||
|
-/* Our own htonl()/ntohl() */
|
||
|
-static inline void padlock_bswapl(AES_KEY *ks)
|
||
|
-{
|
||
|
- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
|
||
|
- unsigned int *key = ks->rd_key;
|
||
|
-
|
||
|
- while (i--) {
|
||
|
- asm volatile ("bswapl %0":"+r" (*key));
|
||
|
- key++;
|
||
|
- }
|
||
|
-}
|
||
|
-# endif
|
||
|
-# endif
|
||
|
-
|
||
|
/*
|
||
|
* Force key reload from memory to the CPU microcode. Loading EFLAGS from the
|
||
|
* stack clears EFLAGS[30] which does the trick.
|
||
|
@@ -404,7 +392,7 @@ static inline void padlock_reload_key(vo
|
||
|
asm volatile ("pushfl; popfl");
|
||
|
}
|
||
|
|
||
|
-# ifndef OPENSSL_NO_AES
|
||
|
+# ifndef OPENSSL_NO_AES
|
||
|
/*
|
||
|
* This is heuristic key context tracing. At first one
|
||
|
* believes that one should use atomic swap instructions,
|
||
|
@@ -448,6 +436,101 @@ static inline void *name(size_t cnt,
|
||
|
: "edx", "cc", "memory"); \
|
||
|
return iv; \
|
||
|
}
|
||
|
+# endif
|
||
|
+
|
||
|
+# elif defined(__x86_64__) || defined(__x86_64)
|
||
|
+
|
||
|
+/* Load supported features of the CPU to see if
|
||
|
+ the PadLock is available. */
|
||
|
+static int padlock_available(void)
|
||
|
+{
|
||
|
+ char vendor_string[16];
|
||
|
+ unsigned int eax, edx;
|
||
|
+
|
||
|
+ /* Are we running on the Centaur (VIA) CPU? */
|
||
|
+ eax = 0x00000000;
|
||
|
+ vendor_string[12] = 0;
|
||
|
+ asm volatile ("cpuid\n"
|
||
|
+ "movl %%ebx,(%1)\n"
|
||
|
+ "movl %%edx,4(%1)\n"
|
||
|
+ "movl %%ecx,8(%1)\n":"+a" (eax):"r"(vendor_string):"rbx",
|
||
|
+ "rcx", "rdx");
|
||
|
+ if (strcmp(vendor_string, "CentaurHauls") != 0)
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ /* Check for Centaur Extended Feature Flags presence */
|
||
|
+ eax = 0xC0000000;
|
||
|
+ asm volatile ("cpuid":"+a" (eax)::"rbx", "rcx", "rdx");
|
||
|
+ if (eax < 0xC0000001)
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ /* Read the Centaur Extended Feature Flags */
|
||
|
+ eax = 0xC0000001;
|
||
|
+ asm volatile ("cpuid":"+a" (eax), "=d"(edx)::"rbx", "rcx");
|
||
|
+
|
||
|
+ /* Fill up some flags */
|
||
|
+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
|
||
|
+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
|
||
|
+
|
||
|
+ return padlock_use_ace + padlock_use_rng;
|
||
|
+}
|
||
|
+
|
||
|
+/* Force key reload from memory to the CPU microcode.
|
||
|
+ Loading EFLAGS from the stack clears EFLAGS[30]
|
||
|
+ which does the trick. */
|
||
|
+static inline void padlock_reload_key(void)
|
||
|
+{
|
||
|
+ asm volatile ("pushfq; popfq");
|
||
|
+}
|
||
|
+
|
||
|
+# ifndef OPENSSL_NO_AES
|
||
|
+/*
|
||
|
+ * This is heuristic key context tracing. At first one
|
||
|
+ * believes that one should use atomic swap instructions,
|
||
|
+ * but it's not actually necessary. Point is that if
|
||
|
+ * padlock_saved_context was changed by another thread
|
||
|
+ * after we've read it and before we compare it with cdata,
|
||
|
+ * our key *shall* be reloaded upon thread context switch
|
||
|
+ * and we are therefore set in either case...
|
||
|
+ */
|
||
|
+static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
|
||
|
+{
|
||
|
+ asm volatile ("pushfq\n"
|
||
|
+ " btl $30,(%%rsp)\n"
|
||
|
+ " jnc 1f\n"
|
||
|
+ " cmpq %2,%1\n"
|
||
|
+ " je 1f\n"
|
||
|
+ " popfq\n"
|
||
|
+ " subq $8,%%rsp\n"
|
||
|
+ "1: addq $8,%%rsp\n"
|
||
|
+ " movq %2,%0":"+m" (padlock_saved_context)
|
||
|
+ :"r"(padlock_saved_context), "r"(cdata):"cc");
|
||
|
+}
|
||
|
+
|
||
|
+/* Template for padlock_xcrypt_* modes */
|
||
|
+/* BIG FAT WARNING:
|
||
|
+ * The offsets used with 'leal' instructions
|
||
|
+ * describe items of the 'padlock_cipher_data'
|
||
|
+ * structure.
|
||
|
+ */
|
||
|
+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
|
||
|
+static inline void *name(size_t cnt, \
|
||
|
+ struct padlock_cipher_data *cdata, \
|
||
|
+ void *out, const void *inp) \
|
||
|
+{ void *iv; \
|
||
|
+ asm volatile ( "leaq 16(%0),%%rdx\n" \
|
||
|
+ " leaq 32(%0),%%rbx\n" \
|
||
|
+ rep_xcrypt "\n" \
|
||
|
+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
|
||
|
+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
|
||
|
+ : "rbx", "rdx", "cc", "memory"); \
|
||
|
+ return iv; \
|
||
|
+}
|
||
|
+# endif
|
||
|
+
|
||
|
+# endif /* cpu */
|
||
|
+
|
||
|
+# ifndef OPENSSL_NO_AES
|
||
|
|
||
|
/* Generate all functions with appropriate opcodes */
|
||
|
/* rep xcryptecb */
|
||
|
@@ -458,6 +541,20 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, "
|
||
|
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
|
||
|
/* rep xcryptofb */
|
||
|
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
|
||
|
+
|
||
|
+# ifndef AES_ASM
|
||
|
+/* Our own htonl()/ntohl() */
|
||
|
+static inline void padlock_bswapl(AES_KEY *ks)
|
||
|
+{
|
||
|
+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
|
||
|
+ unsigned int *key = ks->rd_key;
|
||
|
+
|
||
|
+ while (i--) {
|
||
|
+ asm volatile ("bswapl %0":"+r" (*key));
|
||
|
+ key++;
|
||
|
+ }
|
||
|
+}
|
||
|
+# endif
|
||
|
# endif
|
||
|
/* The RNG call itself */
|
||
|
static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
|
||
|
@@ -485,8 +582,8 @@ static inline unsigned int padlock_xstor
|
||
|
static inline unsigned char *padlock_memcpy(void *dst, const void *src,
|
||
|
size_t n)
|
||
|
{
|
||
|
- long *d = dst;
|
||
|
- const long *s = src;
|
||
|
+ size_t *d = dst;
|
||
|
+ const size_t *s = src;
|
||
|
|
||
|
n /= sizeof(*d);
|
||
|
do {
|