fips.c: x86[_64] capability masking.

author Andy Polyakov <appro@openssl.org>

Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)

committer Andy Polyakov <appro@openssl.org>

Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)
author Andy Polyakov <appro@openssl.org>
Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)
committer Andy Polyakov <appro@openssl.org>
Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)
diff --git a/fips/fips.c b/fips/fips.c

index 5cb4bfd48e4fd690636854634f3ea3f9462368cd..4f0f64cb838f3ba395e6fbca2bce9524f3c877de 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -160,6 +160,9 @@ unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
      const unsigned char *p4 = FIPS_rodata_end;
      HMAC_CTX c;
  
+#if defined(_MSC_VER)
+#endif
+
      HMAC_CTX_init(&c);
      HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
  
@@ -312,13 +315,18 @@ int FIPS_module_mode_set(int onoff, const char *auth)
             }
  
  #ifdef OPENSSL_IA32_SSE2
-       if ((OPENSSL_ia32cap & (1<<25|1<<26)) != (1<<25|1<<26))
+       {
+       unsigned int OPENSSL_ia32cap_P[];
+       if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
             {
             FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
             }
+       OPENSSL_ia32cap_P[0] |= (1<<28);        /* set "shared cache"   */
+       OPENSSL_ia32cap_P[1] &= ~(1<<60);       /* clear AVX            */
+       }
  #endif
  
         if(fips_signature_witness() != FIPS_signature)
author	Andy Polyakov <appro@openssl.org>
	Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)