[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Fri Sep 1 06:51:17 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  d020a65a03ec10b9f7a6415ec89759c385a37d3a (commit)
      from  0d13ed3a17e9a98678a1695921bb479294b4b210 (commit)


- Log -----------------------------------------------------------------
commit d020a65a03ec10b9f7a6415ec89759c385a37d3a
Author: Andy Polyakov <appro at openssl.org>
Date:   Thu Aug 31 01:09:48 2017 +0200

    crypto/cryptlib.c: mask more capability bits upon FXSR bit flip.
    
    OPENSSL_ia32cap.pod discusses possibility to disable operations on
    XMM register bank. This formally means that this flag has to be checked
    in combination with other flags. But it customarily isn't. But instead
    of chasing all the cases we can flip more bits together with FXSR one.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4303)
    
    (cherry picked from commit 6e5a853bda24e8aece325ecf5aa68b8ea832e414)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cryptlib.c     | 25 ++++++++++++++++++++-----
 crypto/modes/gcm128.c |  3 +--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 01b8ce5..f011b4b 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -46,12 +46,24 @@ void OPENSSL_cpuid_setup(void)
         if (!sscanf(env + off, "%lli", (long long *)&vec))
             vec = strtoul(env + off, NULL, 0);
 #  endif
-        if (off)
-            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~vec;
-        else if (env[0] == ':')
+        if (off) {
+            IA32CAP mask = vec;
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask;
+            if (mask & (1<<24)) {
+                /*
+                 * User disables FXSR bit, mask even other capabilities
+                 * that operate exclusively on XMM, so we don't have to
+                 * double-check all the time. We mask PCLMULQDQ, AMD XOP,
+                 * AES-NI and AVX. Formally speaking we don't have to
+                 * do it in x86_64 case, but we can safely assume that
+                 * x86_64 users won't actually flip this flag.
+                 */
+                vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32);
+            }
+        } else if (env[0] == ':') {
             vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+        }
 
-        OPENSSL_ia32cap_P[2] = 0;
         if ((env = strchr(env, ':'))) {
             unsigned int vecx;
             env++;
@@ -61,9 +73,12 @@ void OPENSSL_cpuid_setup(void)
                 OPENSSL_ia32cap_P[2] &= ~vecx;
             else
                 OPENSSL_ia32cap_P[2] = vecx;
+        } else {
+            OPENSSL_ia32cap_P[2] = 0;
         }
-    } else
+    } else {
         vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+    }
 
     /*
      * |(1<<10) sets a reserved bit to signal that variable
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index df9f654..a2b05c4 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -747,8 +747,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
 # endif
 # if    defined(GHASH_ASM_X86_OR_64)
 #  if   !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
-    if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */
-        OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
+    if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
         if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
             gcm_init_avx(ctx->Htable, ctx->H.u);
             ctx->gmult = gcm_gmult_avx;


More information about the openssl-commits mailing list