[openssl/openssl] 88dec6: fips provider: explicitly setup cpuid when initial...

Hongren Zheng noreply at github.com
Wed May 22 11:28:25 UTC 2024


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 88dec6e12d09d8b577e3d70dd124950b4c46dd2a
      https://github.com/openssl/openssl/commit/88dec6e12d09d8b577e3d70dd124950b4c46dd2a
  Author: Hongren Zheng <i at zenithal.me>
  Date:   2024-05-20 (Mon, 20 May 2024)

  Changed paths:
    M providers/fips/fipsprov.c

  Log Message:
  -----------
  fips provider: explicitly setup cpuid when initializing

Fixes: #23979

Previously fips module relied on OPENSSL_cpuid_setup
being used as constructor by the linker to correctly
setup the capability vector, either via .section .init
(for x86_64) or via __attribute__((constructor)).

This would make ld.so call OPENSSL_cpuid_setup before
the init function for fips module. However, this early
constructing behavior has several disadvantages:

1. Not all platform/toolchain supports such behavior

2. Initialisation sequence is not well defined, and
some function might not be initialized when cpuid_setup
is called

3. Implicit path is hard to maintain and debug

Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24419)

(cherry picked from commit a192b2439c0207ce1b04ba6137329b68f9e23680)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list