From 5a13a3bbec2007437dc027f87dc805f96bde1249 Mon Sep 17 00:00:00 2001 From: bcook Date: Mon, 11 Aug 2014 13:29:43 +0000 Subject: [PATCH] Guard RSA / RC4-5 ASM when NO_ASM is not defined Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined, only enabling inline assembly, but the RSA / RC4-5 blocks (used only in amd64 systems) turn on implicitly. Guard these two as well. This simplifies enabling just inline ASM in portable, no effective change in OpenBSD. --- lib/libcrypto/arch/amd64/Makefile.inc | 4 +++- lib/libcrypto/crypto/arch/amd64/Makefile.inc | 4 +++- lib/libcrypto/engine/eng_rsax.c | 7 ++++--- lib/libcrypto/evp/e_rc4_hmac_md5.c | 4 ++-- lib/libssl/src/crypto/engine/eng_rsax.c | 7 ++++--- lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c | 4 ++-- 6 files changed, 18 insertions(+), 12 deletions(-) diff --git a/lib/libcrypto/arch/amd64/Makefile.inc b/lib/libcrypto/arch/amd64/Makefile.inc index 24f16d0a812..fe7e17df0eb 100644 --- a/lib/libcrypto/arch/amd64/Makefile.inc +++ b/lib/libcrypto/arch/amd64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.2 2014/05/06 19:55:06 miod Exp $ +# $OpenBSD: Makefile.inc,v 1.3 2014/08/11 13:29:43 bcook Exp $ # amd64-specific libcrypto build rules @@ -15,6 +15,7 @@ SSLASM+= aes aesni-sha1-x86_64 SRCS+= bf_enc.c # bn CFLAGS+= -DOPENSSL_IA32_SSE2 +CFLAGS+= -DRSA_ASM SSLASM+= bn modexp512-x86_64 CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn x86_64-mont @@ -31,6 +32,7 @@ SSLASM+= md5 md5-x86_64 CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-x86_64 # rc4 +CFLAGS+= -DRC4_MD5_ASM SSLASM+= rc4 rc4-x86_64 SSLASM+= rc4 rc4-md5-x86_64 # ripemd diff --git a/lib/libcrypto/crypto/arch/amd64/Makefile.inc b/lib/libcrypto/crypto/arch/amd64/Makefile.inc index 24f16d0a812..fe7e17df0eb 100644 --- a/lib/libcrypto/crypto/arch/amd64/Makefile.inc +++ b/lib/libcrypto/crypto/arch/amd64/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.2 2014/05/06 19:55:06 miod Exp $ +# $OpenBSD: Makefile.inc,v 1.3 2014/08/11 13:29:43 bcook Exp $ # amd64-specific libcrypto build rules @@ -15,6 +15,7 @@ SSLASM+= aes aesni-sha1-x86_64 SRCS+= bf_enc.c # bn CFLAGS+= -DOPENSSL_IA32_SSE2 +CFLAGS+= -DRSA_ASM SSLASM+= bn modexp512-x86_64 CFLAGS+= -DOPENSSL_BN_ASM_MONT SSLASM+= bn x86_64-mont @@ -31,6 +32,7 @@ SSLASM+= md5 md5-x86_64 CFLAGS+= -DGHASH_ASM SSLASM+= modes ghash-x86_64 # rc4 +CFLAGS+= -DRC4_MD5_ASM SSLASM+= rc4 rc4-x86_64 SSLASM+= rc4 rc4-md5-x86_64 # ripemd diff --git a/lib/libcrypto/engine/eng_rsax.c b/lib/libcrypto/engine/eng_rsax.c index 358dac20888..728b89d5f38 100644 --- a/lib/libcrypto/engine/eng_rsax.c +++ b/lib/libcrypto/engine/eng_rsax.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eng_rsax.c,v 1.10 2014/07/12 16:03:37 miod Exp $ */ +/* $OpenBSD: eng_rsax.c,v 1.11 2014/08/11 13:29:43 bcook Exp $ */ /* Copyright (c) 2010-2010 Intel Corp. * Author: Vinodh.Gopal@intel.com * Jim Guilford @@ -81,8 +81,9 @@ /* RSAX is available **ONLY* on x86_64 CPUs */ #undef COMPILE_RSAX -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM) +#if !defined(OPENSSL_NO_ASM) && defined(RSA_ASM) && \ + (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined (_M_X64)) #define COMPILE_RSAX static ENGINE *ENGINE_rsax (void); #endif diff --git a/lib/libcrypto/evp/e_rc4_hmac_md5.c b/lib/libcrypto/evp/e_rc4_hmac_md5.c index 05c79ff09dc..1f085af4039 100644 --- a/lib/libcrypto/evp/e_rc4_hmac_md5.c +++ b/lib/libcrypto/evp/e_rc4_hmac_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc4_hmac_md5.c,v 1.4 2014/07/10 22:45:57 jsing Exp $ */ +/* $OpenBSD: e_rc4_hmac_md5.c,v 1.5 2014/08/11 13:29:43 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * @@ -99,7 +99,7 @@ rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, return 1; } -#if !defined(OPENSSL_NO_ASM) && ( \ +#if !defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) && \ diff --git a/lib/libssl/src/crypto/engine/eng_rsax.c b/lib/libssl/src/crypto/engine/eng_rsax.c index 358dac20888..728b89d5f38 100644 --- a/lib/libssl/src/crypto/engine/eng_rsax.c +++ b/lib/libssl/src/crypto/engine/eng_rsax.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eng_rsax.c,v 1.10 2014/07/12 16:03:37 miod Exp $ */ +/* $OpenBSD: eng_rsax.c,v 1.11 2014/08/11 13:29:43 bcook Exp $ */ /* Copyright (c) 2010-2010 Intel Corp. * Author: Vinodh.Gopal@intel.com * Jim Guilford @@ -81,8 +81,9 @@ /* RSAX is available **ONLY* on x86_64 CPUs */ #undef COMPILE_RSAX -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM) +#if !defined(OPENSSL_NO_ASM) && defined(RSA_ASM) && \ + (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined (_M_X64)) #define COMPILE_RSAX static ENGINE *ENGINE_rsax (void); #endif diff --git a/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c b/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c index 05c79ff09dc..1f085af4039 100644 --- a/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c +++ b/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc4_hmac_md5.c,v 1.4 2014/07/10 22:45:57 jsing Exp $ */ +/* $OpenBSD: e_rc4_hmac_md5.c,v 1.5 2014/08/11 13:29:43 bcook Exp $ */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * @@ -99,7 +99,7 @@ rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, return 1; } -#if !defined(OPENSSL_NO_ASM) && ( \ +#if !defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) && \ -- 2.20.1