329 static void pk11_free_all_locks(void); |
329 static void pk11_free_all_locks(void); |
330 |
330 |
331 #ifdef SOLARIS_HW_SLOT_SELECTION |
331 #ifdef SOLARIS_HW_SLOT_SELECTION |
332 static int check_hw_mechanisms(void); |
332 static int check_hw_mechanisms(void); |
333 static int nid_in_table(int nid, int *nid_table); |
333 static int nid_in_table(int nid, int *nid_table); |
334 static int hw_aes_instruction_set_present(void); |
334 #if defined(__amd64) || defined(__i386) |
|
335 static int hw_x86_aes_instruction_set_present(void); |
|
336 #endif |
335 #if defined(__sparc) |
337 #if defined(__sparc) |
|
338 static int hw_yf_aes_instruction_set_present(void); |
|
339 static int hw_fj_aes_instruction_set_present(void); |
336 static int hw_yf_digest_instruction_present(void); |
340 static int hw_yf_digest_instruction_present(void); |
337 #endif |
341 #endif |
338 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
342 #endif /* SOLARIS_HW_SLOT_SELECTION */ |
339 |
343 |
340 #define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type) \ |
344 #define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type) \ |
2647 pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
2651 pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
2648 const int **nids, int nid) |
2652 const int **nids, int nid) |
2649 { |
2653 { |
2650 if (!cipher) |
2654 if (!cipher) |
2651 return (pk11_usable_ciphers(nids)); |
2655 return (pk11_usable_ciphers(nids)); |
|
2656 |
|
2657 #ifdef __sparc |
|
2658 /* |
|
2659 * If T4 AES instructions are present, don't advertise |
|
2660 * the AES mechanisms for pkcs11 engine as AES operations |
|
2661 * should be accelerated by the inline T4 instructions |
|
2662 * in the OpenSSL upstream code. |
|
2663 */ |
|
2664 if (hw_yf_aes_instruction_set_present() == 1) { |
|
2665 switch (nid) { |
|
2666 case NID_aes_128_cbc: |
|
2667 case NID_aes_192_cbc: |
|
2668 case NID_aes_256_cbc: |
|
2669 case NID_aes_128_ecb: |
|
2670 case NID_aes_192_ecb: |
|
2671 case NID_aes_256_ecb: |
|
2672 case NID_aes_128_ctr: |
|
2673 case NID_aes_192_ctr: |
|
2674 case NID_aes_256_ctr: |
|
2675 *cipher = NULL; |
|
2676 return (0); |
|
2677 } |
|
2678 } |
|
2679 #endif |
2652 |
2680 |
2653 switch (nid) |
2681 switch (nid) |
2654 { |
2682 { |
2655 case NID_des_ede3_cbc: |
2683 case NID_des_ede3_cbc: |
2656 *cipher = &pk11_3des_cbc; |
2684 *cipher = &pk11_3des_cbc; |
3485 { |
3513 { |
3486 int i; |
3514 int i; |
3487 |
3515 |
3488 for (i = 0; i < PK11_CIPHER_MAX; ++i) |
3516 for (i = 0; i < PK11_CIPHER_MAX; ++i) |
3489 { |
3517 { |
|
3518 #ifdef __sparc |
|
3519 /* |
|
3520 * if T4 AES instruction is present, don't include AES mechanism |
|
3521 * in the supported symmetric cipher list. |
|
3522 */ |
|
3523 if (hw_yf_aes_instruction_set_present() == 1) { |
|
3524 switch (ciphers[i].mech_type) { |
|
3525 case CKM_AES_CBC: |
|
3526 case CKM_AES_ECB: |
|
3527 case CKM_AES_CTR: |
|
3528 continue; |
|
3529 } |
|
3530 } |
|
3531 #endif |
|
3532 |
3490 pk11_get_symmetric_cipher(pflist, current_slot, |
3533 pk11_get_symmetric_cipher(pflist, current_slot, |
3491 current_slot_n_cipher, local_cipher_nids, &ciphers[i]); |
3534 current_slot_n_cipher, local_cipher_nids, &ciphers[i]); |
3492 } |
3535 } |
3493 } |
3536 } |
3494 |
3537 |
3736 * Special case first. NULL means that we are initializing a new table. |
3779 * Special case first. NULL means that we are initializing a new table. |
3737 */ |
3780 */ |
3738 if (nid_table == NULL) |
3781 if (nid_table == NULL) |
3739 return (1); |
3782 return (1); |
3740 |
3783 |
|
3784 #if defined(__x86) |
3741 /* |
3785 /* |
3742 * If we have an AES instruction set on SPARC we route everything |
|
3743 * through the Crypto Framework (ie., through pkcs11_softtoken in this |
|
3744 * case). This is for T4 which has HW instructions for AES, DES, MD5, |
|
3745 * SHA1, SHA256, SHA512, MONTMUL, and MPMUL. |
|
3746 * |
|
3747 * On Intel, if we have AES-NI instruction set we route AES to the |
3786 * On Intel, if we have AES-NI instruction set we route AES to the |
3748 * Crypto Framework. Intel CPUs do not have other instruction sets for |
3787 * Crypto Framework. Intel CPUs do not have other instruction sets for |
3749 * HW crypto acceleration so we check the HW NID table for any other |
3788 * HW crypto acceleration so we check the HW NID table for any other |
3750 * mechanism. |
3789 * mechanism. |
3751 */ |
3790 */ |
3752 #if defined(__x86) |
3791 if (hw_x86_aes_instruction_set_present() == 1) |
3753 if (hw_aes_instruction_set_present() == 1) |
|
3754 { |
3792 { |
3755 switch (nid) |
3793 switch (nid) |
3756 { |
3794 { |
3757 case NID_aes_128_ecb: |
3795 case NID_aes_128_ecb: |
3758 case NID_aes_192_ecb: |
3796 case NID_aes_192_ecb: |
3759 case NID_aes_256_ecb: |
3797 case NID_aes_256_ecb: |
3760 case NID_aes_128_cbc: |
3798 case NID_aes_128_cbc: |
3761 case NID_aes_192_cbc: |
3799 case NID_aes_192_cbc: |
3762 case NID_aes_256_cbc: |
3800 case NID_aes_256_cbc: |
|
3801 case NID_aes_128_ctr: |
|
3802 case NID_aes_192_ctr: |
|
3803 case NID_aes_256_ctr: |
3763 return (1); |
3804 return (1); |
3764 } |
3805 } |
3765 /* |
|
3766 * These are variables, cannot be used as case expressions. |
|
3767 */ |
|
3768 if (nid == NID_aes_128_ctr || |
|
3769 nid == NID_aes_192_ctr || |
|
3770 nid == NID_aes_256_ctr) |
|
3771 { |
|
3772 return (1); |
|
3773 } |
|
3774 } |
3806 } |
3775 #elif defined(__sparc) |
3807 #elif defined(__sparc) |
3776 if (hw_aes_instruction_set_present() == 1) |
3808 /* |
|
3809 * If we have a T4 AES instruction set on SPARC, we won't process AES in |
|
3810 * the Crypto Framework so that the job can be process directly using |
|
3811 * the inline AES instruction. This is for T4 which has HW instructions |
|
3812 * for AES, DES, MD5, SHA1, SHA256, SHA512, MONTMUL, and MPMUL. |
|
3813 */ |
|
3814 if (hw_yf_aes_instruction_set_present() == 1) { |
|
3815 return (0); |
|
3816 } else if (hw_fj_aes_instruction_set_present() == 1) { |
3777 return (1); |
3817 return (1); |
|
3818 } |
3778 #endif |
3819 #endif |
3779 |
3820 |
3780 /* The table is never full, there is always at least one NID_undef. */ |
3821 /* The table is never full, there is always at least one NID_undef. */ |
3781 while (nid_table[i] != NID_undef) |
3822 while (nid_table[i] != NID_undef) |
3782 { |
3823 { |
3788 } |
3829 } |
3789 |
3830 |
3790 return (0); |
3831 return (0); |
3791 } |
3832 } |
3792 |
3833 |
|
3834 #if defined(__amd64) || defined(__i386) |
3793 /* Do we have an AES instruction set? */ |
3835 /* Do we have an AES instruction set? */ |
3794 static int |
3836 static int |
3795 hw_aes_instruction_set_present(void) |
3837 hw_x86_aes_instruction_set_present(void) |
3796 { |
3838 { |
3797 static int present = -1; |
3839 static int present = -1; |
3798 |
3840 |
3799 if (present == -1) |
3841 if (present == -1) |
3800 { |
3842 { |
3801 uint_t ui = 0; |
3843 uint_t ui = 0; |
3802 |
|
3803 (void) getisax(&ui, 1); |
3844 (void) getisax(&ui, 1); |
3804 |
|
3805 #if defined(__amd64) || defined(__i386) |
|
3806 present = (ui & AV_386_AES) > 0; |
3845 present = (ui & AV_386_AES) > 0; |
3807 #elif defined(__sparc) |
3846 } |
3808 present = (ui & (AV_SPARC_AES|AV_SPARC_FJAES)) > 0; |
3847 |
|
3848 return (present); |
|
3849 } |
3809 #endif |
3850 #endif |
3810 } |
3851 |
3811 |
3852 #if defined(__sparc) |
|
3853 |
|
3854 static int |
|
3855 hw_yf_aes_instruction_set_present(void) |
|
3856 { |
|
3857 static int present = -1; |
|
3858 if (present == -1) |
|
3859 { |
|
3860 uint_t ui = 0; |
|
3861 (void) getisax(&ui, 1); |
|
3862 present = (ui & (AV_SPARC_AES)) > 0; |
|
3863 } |
3812 return (present); |
3864 return (present); |
3813 } |
3865 } |
3814 |
3866 |
3815 #if defined(__sparc) |
3867 /* Do we have a Fujitsu AES instruction set? */ |
|
3868 static int |
|
3869 hw_fj_aes_instruction_set_present(void) |
|
3870 { |
|
3871 static int present = -1; |
|
3872 if (present == -1) |
|
3873 { |
|
3874 uint_t ui = 0; |
|
3875 (void) getisax(&ui, 1); |
|
3876 present = (ui & (AV_SPARC_AES)) > 0; |
|
3877 } |
|
3878 |
|
3879 return (present); |
|
3880 } |
|
3881 |
3816 static int |
3882 static int |
3817 hw_yf_digest_instruction_present(void) |
3883 hw_yf_digest_instruction_present(void) |
3818 { |
3884 { |
3819 static int cached_result = -1; |
3885 static int cached_result = -1; |
3820 uint_t ui = 0; |
3886 uint_t ui = 0; |