diff --git a/Enable-x86-64-SM2-optimizations-with-SM2-ISA-extensi.patch b/Enable-x86-64-SM2-optimizations-with-SM2-ISA-extensi.patch new file mode 100644 index 0000000000000000000000000000000000000000..02ee1b72762a3c5fb0f52f84c185ab2ba9cb843d --- /dev/null +++ b/Enable-x86-64-SM2-optimizations-with-SM2-ISA-extensi.patch @@ -0,0 +1,295 @@ +From eac98006e1a97b9693c4943a56fd522dd1b499e3 Mon Sep 17 00:00:00 2001 +From: AlanSong +Date: Fri, 13 Jun 2025 16:24:58 +0800 +Subject: [PATCH 4/4] Enable x86-64 SM2 optimizations with SM2 ISA extension + +Signed-off-by: AlanSong +--- + crypto/sm2/sm2_crypt.c | 71 +++++++++++++++++++++++++++++ + crypto/sm2/sm2_sign.c | 101 +++++++++++++++++++++++++++++++++++++++++ + include/crypto/sm2.h | 13 ++++++ + 3 files changed, 185 insertions(+) + +diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c +index 5318c619..78feb11d 100644 +--- a/crypto/sm2/sm2_crypt.c ++++ b/crypto/sm2/sm2_crypt.c +@@ -105,6 +105,35 @@ int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, + return 1; + } + ++static int GMI_SM2_encrypt(const EC_KEY *eckey, ++ const uint8_t *msg, size_t msg_len, ++ uint8_t *ciphertext_buf, size_t *ciphertext_len) ++{ ++ uint8_t *scratch = (uint8_t *)OPENSSL_zalloc(SCRATCH_SIZE); ++ uint8_t *key = NULL; ++ int ret = 0; ++ size_t cword = 0x1, out_len = 0, f_ok; ++ size_t keylen; ++ ++ keylen = EC_KEY_key2buf(eckey, POINT_CONVERSION_UNCOMPRESSED, &key, NULL); ++ __asm__ __volatile__( ++ ".byte 0xf2,0x0f,0xa6,0xc0" ++ :"=c"(out_len), "=d"(f_ok) ++ :"a"(msg), "b"(key), "c"(msg_len), "d"(cword), "S"(scratch), "D"(ciphertext_buf) ++ :"memory" ++ ); ++ ++ ret = !(f_ok & 0x40); ++ ++ if (ret) ++ *ciphertext_len = out_len; ++ ++ OPENSSL_clear_free(key, keylen); ++ OPENSSL_free(scratch); ++ ++ return ret; ++} ++ + int ossl_sm2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, size_t msg_len, +@@ -134,6 +163,13 @@ int ossl_sm2_encrypt(const EC_KEY *key, + OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + const char *propq = ossl_ec_key_get0_propq(key); + ++ const char *name = EVP_RAND_get0_name(EVP_RAND_CTX_get0_rand(RAND_get0_private(libctx))); ++ if (GMI_SM2_CAPABLE && strcmp(name, "FAKE") != 0) { ++ if (GMI_SM2_encrypt(key, msg, msg_len, ciphertext_buf, ciphertext_len)) { ++ return 1; ++ } ++ } ++ + /* NULL these before any "goto done" */ + ctext_struct.C2 = NULL; + ctext_struct.C3 = NULL; +@@ -267,6 +303,35 @@ int ossl_sm2_encrypt(const EC_KEY *key, + return rc; + } + ++static int GMI_SM2_decrypt(const EC_KEY *eckey, ++ const uint8_t *ciphertext, size_t ciphertext_len, ++ uint8_t *ptext_buf, size_t *ptext_len) ++{ ++ uint8_t *scratch = (uint8_t *)OPENSSL_zalloc(SCRATCH_SIZE); ++ int ret = 0; ++ size_t cword = 0x2, out_len = 0, f_ok; ++ unsigned char *key = NULL; ++ size_t keylen; ++ ++ keylen = EC_KEY_priv2buf(eckey, &key); ++ __asm__ __volatile__( ++ ".byte 0xf2,0x0f,0xa6,0xc0" ++ :"=c"(out_len), "=d"(f_ok) ++ :"a"(ciphertext), "b"(key), "c"(ciphertext_len), "d"(cword), "S"(scratch), "D"(ptext_buf) ++ :"memory" ++ ); ++ ++ ret = !(f_ok & 0x40); ++ ++ if (ret) ++ *ptext_len = out_len; ++ ++ OPENSSL_clear_free(key, keylen); ++ OPENSSL_free(scratch); ++ ++ return ret; ++} ++ + int ossl_sm2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, size_t ciphertext_len, +@@ -292,6 +357,12 @@ int ossl_sm2_decrypt(const EC_KEY *key, + OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + const char *propq = ossl_ec_key_get0_propq(key); + ++ if (GMI_SM2_CAPABLE) { ++ if (GMI_SM2_decrypt(key, ciphertext, ciphertext_len, ptext_buf, ptext_len)) { ++ return 1; ++ } ++ } ++ + if (field_size == 0 || hash_size <= 0) + goto done; + +diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c +index 41827fbe..7bc2632e 100644 +--- a/crypto/sm2/sm2_sign.c ++++ b/crypto/sm2/sm2_sign.c +@@ -21,6 +21,36 @@ + #include + #include + ++static int GMI_SM2_sign_preprocess1(const EC_KEY *eckey, const uint8_t *id, const size_t id_len, uint8_t *out) ++{ ++ uint16_t entl = (uint16_t)(8 * id_len); ++ uint8_t *scratch = (uint8_t *)OPENSSL_zalloc(SCRATCH_SIZE); ++ uint8_t *key = NULL; ++ int ret = 0; ++ size_t cword = 0x20, f_ok; ++ size_t keylen; ++ uint8_t *buf = (uint8_t *)OPENSSL_zalloc(2 + id_len); ++ ++ memcpy(buf, &entl, 2); ++ memcpy(buf + 2, id, id_len); ++ ++ keylen = EC_KEY_key2buf(eckey, POINT_CONVERSION_UNCOMPRESSED, &key, NULL); ++ __asm__ __volatile__( ++ ".byte 0xf2,0x0f,0xa6,0xc0" ++ :"=d"(f_ok) ++ :"a"(buf), "b"(key), "d"(cword), "S"(scratch), "D"(out) ++ :"memory" ++ ); ++ ++ ret = !(f_ok & 0x40); ++ ++ OPENSSL_clear_free(key, keylen); ++ OPENSSL_free(scratch); ++ OPENSSL_free(buf); ++ ++ return ret; ++} ++ + int ossl_sm2_compute_z_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *id, +@@ -45,6 +75,12 @@ int ossl_sm2_compute_z_digest(uint8_t *out, + const uint8_t *f_id = id; + size_t f_id_len = id_len; + ++ if (GMI_SM2_CAPABLE) { ++ if (GMI_SM2_sign_preprocess1(key, id, id_len, out)) { ++ return 1; ++ } ++ } ++ + hash = EVP_MD_CTX_new(); + ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key)); + if (hash == NULL || ctx == NULL) { +@@ -441,6 +477,33 @@ int ossl_sm2_do_verify(const EC_KEY *key, + return ret; + } + ++static int GMI_SM2_sign(const EC_KEY *eckey, const unsigned char *dgst, unsigned char *sig, unsigned int *siglen) ++{ ++ uint8_t *scratch = (uint8_t *)OPENSSL_zalloc(SCRATCH_SIZE); ++ int ret = 0; ++ size_t cword = 0x4, out_len = 0, f_ok; ++ uint8_t *key = NULL; ++ size_t keylen; ++ ++ keylen = EC_KEY_priv2buf(eckey, &key); ++ __asm__ __volatile__( ++ ".byte 0xf2,0x0f,0xa6,0xc0" ++ :"=c"(out_len),"=d"(f_ok) ++ :"a"(dgst), "b"(key), "d"(cword), "S"(scratch), "D"(sig) ++ :"memory" ++ ); ++ ++ ret = !(f_ok & 0x40); ++ ++ if (ret) ++ *siglen = out_len; ++ ++ OPENSSL_clear_free(key, keylen); ++ OPENSSL_free(scratch); ++ ++ return ret; ++} ++ + int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + EC_KEY *eckey) +@@ -450,6 +513,14 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, + int sigleni; + int ret = -1; + ++ const char *name = EVP_RAND_get0_name(EVP_RAND_CTX_get0_rand( ++ RAND_get0_private(ossl_ec_key_get_libctx(eckey)))); ++ if (GMI_SM2_CAPABLE && strcmp(name, "FAKE") != 0 && sig != NULL) { ++ if (GMI_SM2_sign(eckey, dgst, sig, siglen)) { ++ return 1; ++ } ++ } ++ + e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); +@@ -477,6 +548,30 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, + return ret; + } + ++static int GMI_SM2_verify(const EC_KEY *eckey, const unsigned char *dgst, const unsigned char *sig, int sig_len) ++{ ++ uint8_t *scratch = (uint8_t *)OPENSSL_zalloc(SCRATCH_SIZE); ++ int ret = 0; ++ size_t cword = 0x8, f_ok; ++ uint8_t *key = NULL; ++ size_t keylen; ++ ++ keylen = EC_KEY_key2buf(eckey, POINT_CONVERSION_UNCOMPRESSED, &key, NULL); ++ __asm__ __volatile__( ++ ".byte 0xf2,0x0f,0xa6,0xc0" ++ :"=c"(f_ok) ++ :"a"(dgst), "b"(key), "d"(cword), "S"(scratch), "D"(sig) ++ :"memory" ++ ); ++ ++ ret = f_ok; ++ ++ OPENSSL_clear_free(key, keylen); ++ OPENSSL_free(scratch); ++ ++ return ret; ++} ++ + int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int sig_len, + EC_KEY *eckey) +@@ -504,6 +599,12 @@ int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, + goto done; + } + ++ if (GMI_SM2_CAPABLE) { ++ if (GMI_SM2_verify(eckey, dgst, sig, sig_len)) { ++ return 1; ++ } ++ } ++ + e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); +diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h +index 9ab6c0b7..c472f94b 100644 +--- a/include/crypto/sm2.h ++++ b/include/crypto/sm2.h +@@ -18,6 +18,8 @@ + # if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) + + # include ++# include ++# include "internal/cryptlib.h" + # include "crypto/types.h" + + int ossl_sm2_key_private_check(const EC_KEY *eckey); +@@ -82,5 +84,16 @@ int ossl_sm2_decrypt(const EC_KEY *key, + + const unsigned char *ossl_sm2_algorithmidentifier_encoding(int md_nid, + size_t *len); ++ ++# if !defined(I386_ONLY) && (\ ++ defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) ) ++# define GMI_SM2_CAPABLE ((OPENSSL_ia32cap_P[4] & 0x2) && (OPENSSL_ia32cap_P[4] & 0x3)) ++# define SCRATCH_SIZE (8192) ++#else ++# define GMI_SM2_CAPABLE (0) ++# define SCRATCH_SIZE (0) ++#endif /* GMI_SM2 */ ++ + # endif /* OPENSSL_NO_SM2 */ + #endif +-- +2.34.1 + diff --git a/Enable-x86-64-SM3-optimizations-with-CCS-ISA-extensi.patch b/Enable-x86-64-SM3-optimizations-with-CCS-ISA-extensi.patch new file mode 100644 index 0000000000000000000000000000000000000000..0a8c2f7a3de705a9f9cb06ba400b80d65787f19f --- /dev/null +++ b/Enable-x86-64-SM3-optimizations-with-CCS-ISA-extensi.patch @@ -0,0 +1,195 @@ +From 9f93f34f03b9d89b9baa8e2aa1b4f9e595d61076 Mon Sep 17 00:00:00 2001 +From: AlanSong +Date: Wed, 11 Jun 2025 11:15:44 +0800 +Subject: [PATCH 2/4] Enable x86-64 SM3 optimizations with CCS ISA extension + +Signed-off-by: AlanSong +--- + crypto/sm3/asm/sm3-x86-ccs.pl | 53 +++++++++++++++++++++++++ + crypto/sm3/asm/sm3-x86_64-ccs.pl | 68 ++++++++++++++++++++++++++++++++ + crypto/sm3/build.info | 9 +++++ + crypto/sm3/sm3_local.h | 7 ++++ + 4 files changed, 137 insertions(+) + create mode 100644 crypto/sm3/asm/sm3-x86-ccs.pl + create mode 100644 crypto/sm3/asm/sm3-x86_64-ccs.pl + +diff --git a/crypto/sm3/asm/sm3-x86-ccs.pl b/crypto/sm3/asm/sm3-x86-ccs.pl +new file mode 100644 +index 00000000..f1afadb9 +--- /dev/null ++++ b/crypto/sm3/asm/sm3-x86-ccs.pl +@@ -0,0 +1,53 @@ ++#! /usr/bin/env perl ++# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++# ++# This module implements support for Zhaoxin SM3 instructions ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++push(@INC,"${dir}","${dir}../../perlasm"); ++require "x86asm.pl"; ++ ++$output = pop and open STDOUT,">$output"; ++ ++&asm_init($ARGV[0]); ++ ++ ++# void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); ++&function_begin("ossl_hwsm3_block_data_order"); ++ &mov ("edx",&wparam(0)); ++ &mov ("ecx",8); ++&set_label("bswap_loop_before"); ++ &mov ("eax",&DWP(0,"edx")); ++ &bswap ("eax"); ++ &mov (&DWP(0,"edx"),"eax"); ++ &lea ("edx",&DWP(4,"edx")); ++ &sub ("ecx",1); ++ &jnz (&label("bswap_loop_before")); ++ ++ &mov ("ebx",0x20); ++ &mov ("eax",-1); ++ &mov ("edi",&wparam(0)); ++ &mov ("esi",&wparam(1)); ++ &mov ("ecx",&wparam(2)); ++ &data_byte(0xf3,0x0f,0xa6,0xe8); ++ ++ &mov ("edx",&wparam(0)); ++ &mov ("ecx",8); ++&set_label("bswap_loop_after"); ++ &mov ("eax",&DWP(0,"edx")); ++ &bswap ("eax"); ++ &mov (&DWP(0,"edx"),"eax"); ++ &lea ("edx",&DWP(4,"edx")); ++ &sub ("ecx",1); ++ &jnz (&label("bswap_loop_after")); ++&function_end("ossl_hwsm3_block_data_order"); ++ ++ ++&asm_finish(); ++ ++close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/sm3/asm/sm3-x86_64-ccs.pl b/crypto/sm3/asm/sm3-x86_64-ccs.pl +new file mode 100644 +index 00000000..8a991c4a +--- /dev/null ++++ b/crypto/sm3/asm/sm3-x86_64-ccs.pl +@@ -0,0 +1,68 @@ ++#! /usr/bin/env perl ++# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++# ++# This module implements support for Zhaoxin SM3 instructions ++ ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or ++die "can't locate x86_64-xlate.pl"; ++ ++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; ++*STDOUT=*OUT; ++ ++$code=".text\n"; ++ ++# void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); ++# c = %rdi, p=%rsi, num=%rdx ++{ ++$code .= <<___; ++.align 16 ++.globl ossl_hwsm3_block_data_order ++.type ossl_hwsm3_block_data_order,\@function ++ossl_hwsm3_block_data_order: ++ push %rbx # save rbx ++ ++ mov \$8,%r8 ++ mov %rdi,%r9 ++.Lbswap_loop_before: ++ mov (%r9),%eax ++ bswap %eax ++ mov %eax,(%r9) ++ lea 4(%r9),%r9 ++ sub \$1,%r8 ++ jnz .Lbswap_loop_before ++ ++ mov \$0x20,%rbx ++ mov \$-1,%rax ++ mov %rdx,%rcx ++ ++ .byte 0xf3,0x0f,0xa6,0xe8 ++ ++ mov \$8,%r8 ++ mov %rdi,%r9 ++.Lbswap_loop_after: ++ mov (%r9),%eax ++ bswap %eax ++ mov %eax,(%r9) ++ lea 4(%r9),%r9 ++ sub \$1,%r8 ++ jnz .Lbswap_loop_after ++ ++ pop %rbx #restore rbx ++ ret ++ ++.size ossl_hwsm3_block_data_order,.-ossl_hwsm3_block_data_order ++___ ++} ++ ++print $code; ++close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/sm3/build.info b/crypto/sm3/build.info +index 2fa54a4a..4dbc4921 100644 +--- a/crypto/sm3/build.info ++++ b/crypto/sm3/build.info +@@ -5,6 +5,12 @@ IF[{- !$disabled{sm3} -}] + $SM3ASM_aarch64=sm3-armv8.S + $SM3DEF_aarch64=OPENSSL_SM3_ASM + ++ $SM3ASM_x86_64=sm3-x86_64-ccs.s ++ $SM3DEF_x86_64=OPENSSL_SM3_ASM ++ ++ $SM3ASM_x86=sm3-x86-ccs.s ++ $SM3DEF_x86=OPENSSL_SM3_ASM ++ + # Now that we have defined all the arch specific variables, use the + # appropriate ones, and define the appropriate macros + IF[$SM3ASM_{- $target{asm_arch} -}] +@@ -18,5 +24,8 @@ IF[{- !$disabled{sm3} -}] + + GENERATE[sm3-armv8.S]=asm/sm3-armv8.pl + INCLUDE[sm3-armv8.o]=.. ++ ++ GENERATE[sm3-x86_64-ccs.s]=asm/sm3-x86_64-ccs.pl ++ GENERATE[sm3-x86-ccs.s]=asm/sm3-x86-ccs.pl + ENDIF + +diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h +index ac8a2bf7..ffd673f5 100644 +--- a/crypto/sm3/sm3_local.h ++++ b/crypto/sm3/sm3_local.h +@@ -39,6 +39,13 @@ + # define HWSM3_CAPABLE (OPENSSL_armcap_P & ARMV8_SM3) + void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); + # endif ++# if !defined(I386_ONLY) && (\ ++ defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) ) ++#include "internal/cryptlib.h" ++# define HWSM3_CAPABLE ( (OPENSSL_ia32cap_P[4] & 0x20) && (OPENSSL_ia32cap_P[4] & 0x30) ) ++void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num); ++#endif /* CCS */ + #endif + + #if defined(HWSM3_CAPABLE) +-- +2.34.1 + diff --git a/Enable-x86-64-SM4-optimizations-with-CCS-ISA-extensi.patch b/Enable-x86-64-SM4-optimizations-with-CCS-ISA-extensi.patch new file mode 100644 index 0000000000000000000000000000000000000000..64bd9cddb1c4d49ff68aa59575c6c7f1d3a15311 --- /dev/null +++ b/Enable-x86-64-SM4-optimizations-with-CCS-ISA-extensi.patch @@ -0,0 +1,429 @@ +From e296557d9f704e1eca85726fe4db9c4d5783d614 Mon Sep 17 00:00:00 2001 +From: AlanSong +Date: Wed, 11 Jun 2025 14:13:45 +0800 +Subject: [PATCH 3/4] Enable x86-64 SM4 optimizations with CCS ISA extension + +Signed-off-by: AlanSong +--- + crypto/sm4/asm/sm4-x86-ccs.pl | 35 +++ + crypto/sm4/asm/sm4-x86_64-ccs.pl | 52 ++++ + crypto/sm4/build.info | 8 + + include/crypto/sm4_platform.h | 7 + + .../implementations/ciphers/cipher_sm4_hw.c | 10 + + .../ciphers/cipher_sm4_hw_ccs.inc | 235 ++++++++++++++++++ + 6 files changed, 347 insertions(+) + create mode 100644 crypto/sm4/asm/sm4-x86-ccs.pl + create mode 100644 crypto/sm4/asm/sm4-x86_64-ccs.pl + create mode 100644 providers/implementations/ciphers/cipher_sm4_hw_ccs.inc + +diff --git a/crypto/sm4/asm/sm4-x86-ccs.pl b/crypto/sm4/asm/sm4-x86-ccs.pl +new file mode 100644 +index 00000000..1e0e9bdc +--- /dev/null ++++ b/crypto/sm4/asm/sm4-x86-ccs.pl +@@ -0,0 +1,35 @@ ++#! /usr/bin/env perl ++# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++# ++# This module implements support for Zhaoxin SM4 instructions ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++push(@INC,"${dir}","${dir}../../perlasm"); ++require "x86asm.pl"; ++ ++$output = pop and open STDOUT,">$output"; ++ ++&asm_init($ARGV[0]); ++ ++ ++# void ccs_mode_encrypt(unsigned char *out, const unsigned char *in, ++# const SM4_KEY *key, size_t len, unsigned char *ivec, u32 ctl); ++&function_begin("ccs_mode_encrypt"); ++ &mov ("edi",&wparam(0)); ++ &mov ("esi",&wparam(1)); ++ &mov ("ebx",&wparam(2)); ++ &mov ("ecx",&wparam(3)); ++ &mov ("edx",&wparam(4)); ++ &mov ("eax",&wparam(5)); ++ &data_byte(0xf3,0x0f,0xa7,0xf0); ++&function_end("ccs_mode_encrypt"); ++ ++ ++&asm_finish(); ++ ++close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/sm4/asm/sm4-x86_64-ccs.pl b/crypto/sm4/asm/sm4-x86_64-ccs.pl +new file mode 100644 +index 00000000..7d7ef799 +--- /dev/null ++++ b/crypto/sm4/asm/sm4-x86_64-ccs.pl +@@ -0,0 +1,52 @@ ++#! /usr/bin/env perl ++# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++# ++# This module implements support for Zhaoxin SM4 instructions ++ ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or ++die "can't locate x86_64-xlate.pl"; ++ ++open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; ++*STDOUT=*OUT; ++ ++$code=".text\n"; ++ ++ ++# void ccs_mode_encrypt(unsigned char *out, const unsigned char *in, ++# const SM4_KEY *key, size_t len, unsigned char *ivec, u32 ctl); ++# out = %rdi, in=%rsi, key=%rdx, len=%rcx, ivec=%r8, ctl=%r9 ++{ ++$code .= <<___; ++.align 16 ++.globl ccs_mode_encrypt ++.type ccs_mode_encrypt,\@function ++ccs_mode_encrypt: ++ push %rbx # save rbx ++ ++ mov %rdx,%rbx ++ mov %r8,%rdx ++ mov %r9,%rax ++ ++ ++ .byte 0xf3,0x0f,0xa7,0xf0 ++ ++ pop %rbx #restore rbx ++ ret ++ ++.size ccs_mode_encrypt,.-ccs_mode_encrypt ++___ ++} ++ ++ ++print $code; ++close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/sm4/build.info b/crypto/sm4/build.info +index 73ffe5ea..bb4d0975 100644 +--- a/crypto/sm4/build.info ++++ b/crypto/sm4/build.info +@@ -4,6 +4,12 @@ IF[{- !$disabled{asm} -}] + $SM4DEF_aarch64=SM4_ASM VPSM4_ASM + $SM4ASM_aarch64=sm4-armv8.S vpsm4-armv8.S vpsm4_ex-armv8.S + ++ $SM4DEF_x86_64=SM4_ASM ++ $SM4ASM_x86_64=sm4-x86_64-ccs.s ++ ++ $SM4DEF_x86=SM4_ASM ++ $SM4ASM_x86=sm4-x86-ccs.s ++ + # Now that we have defined all the arch specific variables, use the + # appropriate one, and define the appropriate macros + IF[$SM4ASM_{- $target{asm_arch} -}] +@@ -34,3 +40,5 @@ GENERATE[vpsm4_ex-armv8.S]=asm/vpsm4_ex-armv8.pl + INCLUDE[sm4-armv8.o]=.. + INCLUDE[vpsm4-armv8.o]=.. + INCLUDE[vpsm4_ex-armv8.o]=.. ++GENERATE[sm4-x86_64-ccs.s]=asm/sm4-x86_64-ccs.pl ++GENERATE[sm4-x86-ccs.s]=asm/sm4-x86-ccs.pl +\ No newline at end of file +diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h +index 8b9cd10f..dad08d41 100644 +--- a/include/crypto/sm4_platform.h ++++ b/include/crypto/sm4_platform.h +@@ -41,6 +41,13 @@ static inline int vpsm4_ex_capable(void) + # define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks + # endif + # endif ++# if !defined(I386_ONLY) && (\ ++ defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) ) ++# define CCS_CAPABLE ((OPENSSL_ia32cap_P[4] & 0x20) && (OPENSSL_ia32cap_P[4] & 0x30)) ++void ccs_mode_encrypt(unsigned char *out, const unsigned char *in, ++ const SM4_KEY *key, size_t len, unsigned char *ivec, const int ctl); ++#endif /* CCS */ + # endif /* OPENSSL_CPUID_OBJ */ + + # if defined(HWSM4_CAPABLE) +diff --git a/providers/implementations/ciphers/cipher_sm4_hw.c b/providers/implementations/ciphers/cipher_sm4_hw.c +index 8cabd782..a9b6ee6a 100644 +--- a/providers/implementations/ciphers/cipher_sm4_hw.c ++++ b/providers/implementations/ciphers/cipher_sm4_hw.c +@@ -127,11 +127,21 @@ static const PROV_CIPHER_HW sm4_##mode = { \ + ossl_cipher_hw_generic_##mode, \ + cipher_hw_sm4_copyctx \ + }; \ ++PROV_CIPHER_HW_declare(mode) \ + const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_##mode(size_t keybits) \ + { \ ++ PROV_CIPHER_HW_select(mode) \ + return &sm4_##mode; \ + } + ++#if defined(CCS_CAPABLE) ++# include "cipher_sm4_hw_ccs.inc" ++#else ++/* The generic case */ ++# define PROV_CIPHER_HW_declare(mode) ++# define PROV_CIPHER_HW_select(mode) ++#endif ++ + PROV_CIPHER_HW_sm4_mode(cbc) + PROV_CIPHER_HW_sm4_mode(ecb) + PROV_CIPHER_HW_sm4_mode(ofb128) +diff --git a/providers/implementations/ciphers/cipher_sm4_hw_ccs.inc b/providers/implementations/ciphers/cipher_sm4_hw_ccs.inc +new file mode 100644 +index 00000000..88993e86 +--- /dev/null ++++ b/providers/implementations/ciphers/cipher_sm4_hw_ccs.inc +@@ -0,0 +1,235 @@ ++/* ++ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++/*- ++ * Zhaoxin SM4 instruction support for ecb, cbc, ofb, cfb, ctr modes. ++ * This file is included by cipher_sm4_hw.c ++ */ ++ ++static int cipher_hw_x86_ccs_sm4_initkey(PROV_CIPHER_CTX *dat, const uint8_t *key, size_t keylen) ++{ ++ PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)dat; ++ SM4_KEY *ks = &ctx->ks.ks; ++ memcpy(ks->rk, key, 16); ++ dat->ks = ks; ++ return 1; ++} ++ ++static int cipher_hw_x86_ccs_sm4_ecb(PROV_CIPHER_CTX *dat, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ uint32_t ctl = dat->enc ? 0x60 : 0x61; ++ ccs_mode_encrypt(out, in, dat->ks, len / 16, 0, ctl); ++ return 1; ++} ++ ++static int cipher_hw_x86_ccs_sm4_cbc(PROV_CIPHER_CTX *dat, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ uint32_t ctl = dat->enc ? 0xa0 : 0xa1; ++ ccs_mode_encrypt(out, in, dat->ks, len / 16, dat->iv, ctl); ++ return 1; ++} ++ ++static void ctr128_inc(unsigned char *counter) ++{ ++ uint32_t n = 16, c = 1; ++ do { ++ --n; ++ c += counter[n]; ++ counter[n] = (u8)c; ++ c >>= 8; ++ } while (n); ++} ++ ++static void ctr16_dec(unsigned char *counter) ++{ ++ uint32_t n = 2, c = 1; ++ do { ++ --n; ++ if (counter[n] >= c) { ++ counter[n] -= (u8)c; ++ break; ++ } else { ++ counter[n] = 0xff; ++ c = 1; ++ } ++ } while (n); ++} ++ ++static int cipher_hw_x86_ccs_sm4_ctr(PROV_CIPHER_CTX *dat, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ uint32_t ctl = dat->enc ? 0x420 : 0x421; ++ uint32_t number; ++ uint32_t n = dat->num; ++ unsigned char *ecount_buf = dat->buf; ++ ++ while (n && len) { ++ *(out++) = *(in++) ^ ecount_buf[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++ ++ while (len >= 16) { ++ uint16_t counter = ((uint16_t)dat->iv[14] << 8) | (uint16_t) dat->iv[15]; ++ uint32_t sum = (uint32_t) counter + len / 16; ++ ++ if (sum > UINT16_MAX) { ++ number = UINT16_MAX - counter + 1; ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ ctr16_dec(dat->iv + 14); ++ ctr128_inc(dat->iv); ++ len -= number * 16; ++ out += number * 16; ++ in += number * 16; ++ ++ number = sum - UINT16_MAX - 1; ++ if (!number) ++ break; ++ ++ if (number <= UINT16_MAX) { ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ } else { ++ number = UINT16_MAX; ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ } ++ } else { ++ number = len / 16; ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ } ++ len -= number * 16; ++ out += number * 16; ++ in += number * 16; ++ n = 0; ++ } ++ ++ if (len) { ++ ccs_mode_encrypt(ecount_buf, dat->iv, dat->ks, 1, 0, 0x60); ++ ctr128_inc(dat->iv); ++ while (len--) { ++ out[n] = in[n] ^ ecount_buf[n]; ++ n++; ++ } ++ } ++ ++ dat->num = n; ++ ++ return 1; ++} ++ ++static int cipher_hw_x86_ccs_sm4_cfb128(PROV_CIPHER_CTX *dat, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ uint32_t ctl = dat->enc ? 0x120 : 0x121; ++ uint32_t number; ++ uint32_t n = dat->num; ++ ++ if (dat->enc) { ++ while (n && len) { ++ *(out++) = dat->iv[n] ^= *(in++); ++ --len; ++ n = (n + 1) % 16; ++ } ++ ++ if (len >= 16) { ++ number = len / 16; ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ len -= number * 16; ++ out += number * 16; ++ in += number * 16; ++ n = 0; ++ } ++ ++ if (len) { ++ ccs_mode_encrypt(dat->iv, dat->iv, dat->ks, 1, 0, 0x60); ++ while (len--) { ++ out[n] = dat->iv[n] ^= in[n]; ++ n++; ++ } ++ } ++ } else { ++ while (n && len) { ++ unsigned char c; ++ *(out++) = dat->iv[n] ^ (c = *(in++)); ++ dat->iv[n] = c; ++ --len; ++ n = (n + 1) % 16; ++ } ++ ++ if (len >= 16) { ++ number = len / 16; ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ len -= number * 16; ++ out += number * 16; ++ in += number * 16; ++ n = 0; ++ } ++ ++ if (len) { ++ ccs_mode_encrypt(dat->iv, dat->iv, dat->ks, 1, 0, 0x60); ++ while (len--) { ++ unsigned char c; ++ out[n] = dat->iv[n] ^ (c = in[n]); ++ dat->iv[n] = c; ++ ++n; ++ } ++ } ++ } ++ ++ dat->num = n; ++ ++ return 1; ++} ++ ++static int cipher_hw_x86_ccs_sm4_ofb128(PROV_CIPHER_CTX *dat, unsigned char *out, ++ const unsigned char *in, size_t len) ++{ ++ uint32_t ctl = dat->enc ? 0x220 : 0x221; ++ uint32_t number; ++ uint32_t n = dat->num; ++ ++ while (n && len) { ++ *(out++) = *(in++) ^ dat->iv[n]; ++ --len; ++ n = (n + 1) % 16; ++ } ++ ++ if (len >= 16) { ++ number = len / 16; ++ ccs_mode_encrypt(out, in, dat->ks, number, dat->iv, ctl); ++ len -= number * 16; ++ out += number * 16; ++ in += number * 16; ++ n = 0; ++ } ++ ++ ++ if (len) { ++ ccs_mode_encrypt(dat->iv, dat->iv, dat->ks, 1, 0, 0x60); ++ while (len--) { ++ out[n] = in[n] ^ dat->iv[n]; ++ n++; ++ } ++ } ++ ++ dat->num = n; ++ ++ return 1; ++} ++ ++#define PROV_CIPHER_HW_declare(mode) \ ++static const PROV_CIPHER_HW x86_ccs_sm4_##mode = { \ ++ cipher_hw_x86_ccs_sm4_initkey, \ ++ cipher_hw_x86_ccs_sm4_##mode, \ ++ cipher_hw_sm4_copyctx \ ++}; ++#define PROV_CIPHER_HW_select(mode) \ ++if (CCS_CAPABLE) \ ++ return &x86_ccs_sm4_##mode; +-- +2.34.1 + diff --git a/Extension-of-OPENSSL_ia32cap-to-accommodate-Padlock-.patch b/Extension-of-OPENSSL_ia32cap-to-accommodate-Padlock-.patch new file mode 100644 index 0000000000000000000000000000000000000000..9cc8f79c010770b4d2f7b946f2c9b7edb9552c07 --- /dev/null +++ b/Extension-of-OPENSSL_ia32cap-to-accommodate-Padlock-.patch @@ -0,0 +1,248 @@ +From 79b4fd3ddb5cc2587cf7fa84a3b50c07f0c6ef93 Mon Sep 17 00:00:00 2001 +From: AlanSong +Date: Wed, 11 Jun 2025 11:03:34 +0800 +Subject: [PATCH 1/4] Extension of OPENSSL_ia32cap to accommodate Padlock/GMI + CPUID bits + +bit 128 - 160 CPUID.(EAX=C0000001H).EDX + +Signed-off-by: AlanSong +--- + crypto/cpuid.c | 4 ++-- + crypto/info.c | 5 +++-- + crypto/perlasm/x86gas.pl | 2 +- + crypto/perlasm/x86masm.pl | 2 +- + crypto/perlasm/x86nasm.pl | 2 +- + crypto/x86_64cpuid.pl | 34 +++++++++++++++++++++++++++++++++- + crypto/x86cpuid.pl | 33 +++++++++++++++++++++++++++++++++ + doc/man3/OPENSSL_ia32cap.pod | 24 ++++++++++++++++++++++++ + 8 files changed, 98 insertions(+), 8 deletions(-) + +diff --git a/crypto/cpuid.c b/crypto/cpuid.c +index 090f6fe0..c4a5fe10 100644 +--- a/crypto/cpuid.c ++++ b/crypto/cpuid.c +@@ -14,7 +14,7 @@ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) + +-extern unsigned int OPENSSL_ia32cap_P[4]; ++extern unsigned int OPENSSL_ia32cap_P[5]; + + # if defined(OPENSSL_CPUID_OBJ) + +@@ -156,7 +156,7 @@ void OPENSSL_cpuid_setup(void) + OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32); + } + # else +-unsigned int OPENSSL_ia32cap_P[4]; ++unsigned int OPENSSL_ia32cap_P[5]; + # endif + #endif + +diff --git a/crypto/info.c b/crypto/info.c +index a0dc2e80..1d944026 100644 +--- a/crypto/info.c ++++ b/crypto/info.c +@@ -44,11 +44,12 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), +- CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx", ++ CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx:0x%lx", + (unsigned long long)OPENSSL_ia32cap_P[0] | + (unsigned long long)OPENSSL_ia32cap_P[1] << 32, + (unsigned long long)OPENSSL_ia32cap_P[2] | +- (unsigned long long)OPENSSL_ia32cap_P[3] << 32); ++ (unsigned long long)OPENSSL_ia32cap_P[3] << 32, ++ (unsigned long)OPENSSL_ia32cap_P[4]); + if ((env = getenv("OPENSSL_ia32cap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), +diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl +index 1b2b27c0..817ac197 100644 +--- a/crypto/perlasm/x86gas.pl ++++ b/crypto/perlasm/x86gas.pl +@@ -167,7 +167,7 @@ sub ::file_end + } + } + if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { +- my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,16"; ++ my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,20"; + if ($::macosx) { push (@out,"$tmp,2\n"); } + elsif ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } +diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl +index 2dcd3f79..a28ed80b 100644 +--- a/crypto/perlasm/x86masm.pl ++++ b/crypto/perlasm/x86masm.pl +@@ -141,7 +141,7 @@ ___ + if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) + { my $comm=<<___; + .bss SEGMENT 'BSS' +-COMM ${nmdecor}OPENSSL_ia32cap_P:DWORD:4 ++COMM ${nmdecor}OPENSSL_ia32cap_P:DWORD:5 + .bss ENDS + ___ + # comment out OPENSSL_ia32cap_P declarations +diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl +index 7017b88e..cdcbe5e2 100644 +--- a/crypto/perlasm/x86nasm.pl ++++ b/crypto/perlasm/x86nasm.pl +@@ -126,7 +126,7 @@ sub ::file_end + { if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) + { my $comm=<<___; + ${drdecor}segment .bss +-${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 16 ++${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 20 + ___ + # comment out OPENSSL_ia32cap_P declarations + grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; +diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl +index 53685ec2..957ae93e 100644 +--- a/crypto/x86_64cpuid.pl ++++ b/crypto/x86_64cpuid.pl +@@ -33,7 +33,7 @@ print<<___; + call OPENSSL_cpuid_setup + + .hidden OPENSSL_ia32cap_P +-.comm OPENSSL_ia32cap_P,16,4 ++.comm OPENSSL_ia32cap_P,20,4 + + .text + +@@ -93,6 +93,28 @@ OPENSSL_ia32_cpuid: + or %eax,%r9d # 0 indicates Intel CPU + jz .Lintel + ++ cmp \$0x746E6543,%ebx # "Cent" ++ setne %al ++ mov %eax,%esi ++ cmp \$0x48727561,%edx # "aurH" ++ setne %al ++ or %eax,%esi ++ cmp \$0x736C7561,%ecx # "auls" ++ setne %al ++ or %eax,%esi # 0 indicates Zhaoxin CPU ++ jz .Lzhaoxin ++ ++ cmp \$0x68532020,%ebx # " Sh" ++ setne %al ++ mov %eax,%esi ++ cmp \$0x68676E61,%edx # "angh" ++ setne %al ++ or %eax,%esi ++ cmp \$0x20206961,%ecx # "ai " ++ setne %al ++ or %eax,%esi # 0 indicates Zhaoxin CPU ++ jz .Lzhaoxin ++ + cmp \$0x68747541,%ebx # "Auth" + setne %al + mov %eax,%r10d +@@ -133,6 +155,16 @@ OPENSSL_ia32_cpuid: + and \$0xefffffff,%edx # ~(1<<28) + jmp .Lgeneric + ++.Lzhaoxin: ++ mov \$0xC0000000,%eax ++ cpuid ++ cmp \$0xC0000001,%eax ++ jb .Lintel ++ mov \$0xC0000001,%eax ++ cpuid ++ or \$0x10,%edx ++ mov %edx,16(%rdi) ++ + .Lintel: + cmp \$4,%r11d + mov \$-1,%r10d +diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl +index a7bcb27e..f5506fef 100644 +--- a/crypto/x86cpuid.pl ++++ b/crypto/x86cpuid.pl +@@ -47,6 +47,28 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &or ("ebp","eax"); # 0 indicates Intel CPU + &jz (&label("intel")); + ++ &cmp ("ebx",0x746E6543); # "Cent" ++ &setne (&LB("eax")); ++ &mov ("esi","eax"); ++ &cmp ("edx",0x48727561); # "aurH" ++ &setne (&LB("eax")); ++ &or ("esi","eax"); ++ &cmp ("ecx",0x736C7561); # "auls" ++ &setne (&LB("eax")); ++ &or ("esi","eax"); # 0 indicates Zhaoxin CPU ++ &jz (&label("zhaoxin")); ++ ++ &cmp ("ebx",0x68532020); # " Sh" ++ &setne (&LB("eax")); ++ &mov ("esi","eax"); ++ &cmp ("edx",0x68676E61); # "angh" ++ &setne (&LB("eax")); ++ &or ("esi","eax"); ++ &cmp ("ecx",0x20206961); # "ai " ++ &setne (&LB("eax")); ++ &or ("esi","eax"); # 0 indicates Zhaoxin CPU ++ &jz (&label("zhaoxin")); ++ + &cmp ("ebx",0x68747541); # "Auth" + &setne (&LB("eax")); + &mov ("esi","eax"); +@@ -88,6 +110,17 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &and ("edx",0xefffffff); # clear hyper-threading bit + &jmp (&label("generic")); + ++&set_label("zhaoxin"); ++ &mov ("eax",0xC0000000); ++ &cpuid (); ++ &cmp ("eax",0xC0000001); ++ &jb (&label("intel")); ++ &mov ("eax",0xC0000001); ++ &cpuid (); ++ &or ("edx",1<<4); ++ &mov ("esi",&wparam(0)); ++ &mov (&DWP(16,"esi"),"edx"); ++ + &set_label("intel"); + &cmp ("edi",4); + &mov ("esi",-1); +diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod +index c6c1c018..58edd393 100644 +--- a/doc/man3/OPENSSL_ia32cap.pod ++++ b/doc/man3/OPENSSL_ia32cap.pod +@@ -118,6 +118,30 @@ aka AVX512IFMA extension; + + =back + ++=over 4 ++ ++=item bit #128 denoting present of SM2 instruction; ++ ++=item bit #128+1 denoting enabled of SM2 instruction; ++ ++=item bit #128+4 denoting present of CCS extension; ++ ++=item bit #128+5 denoting enabled of CCS extension; ++ ++=item bit #128+6 denoting present of ACE extension; ++ ++=item bit #128+7 denoting enabled of ACE extension; ++ ++=item bit #128+10 denoting present of PHE extension; ++ ++=item bit #128+11 denoting enabled of PHE extension; ++ ++=item bit #128+25 denoting present of PHE2 extension; ++ ++=item bit #128+26 denoting enabled of PHE2 extension; ++ ++=back ++ + To control this extended capability word use C<:> as delimiter when + setting up B environment variable. For example assigning + C<:~0x20> would disable AVX2 code paths, and C<:0> - all post-AVX +-- +2.34.1 + diff --git a/openssl.spec b/openssl.spec index eda938be0bb5f31937ea1d985122d0182cd173a5..8a25dd96ef5706280b507e09b53b155289ba64e2 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 3.0.12 -Release: 17 +Release: 18 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -81,6 +81,10 @@ Patch9000: add-FIPS_mode_set-support.patch Patch9001: backport-CVE-2024-9143-Harden-BN_GF2m_poly2arr-against-misuse.patch Patch9002: Fix-build-error-for-ppc64le.patch Patch9003: add-sw_64-support.patch +Patch9004: Extension-of-OPENSSL_ia32cap-to-accommodate-Padlock-.patch +Patch9005: Enable-x86-64-SM3-optimizations-with-CCS-ISA-extensi.patch +Patch9006: Enable-x86-64-SM4-optimizations-with-CCS-ISA-extensi.patch +Patch9007: Enable-x86-64-SM2-optimizations-with-SM2-ISA-extensi.patch BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -281,6 +285,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Jun 13 2025 AlanSong-oc - 1:3.0.12-18 +- add support for Zhaoxin SM2/3/4 instruction + * Mon Mar 10 2025 mahailiang - 1:3.0.12-17 - add sw_64 support