diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2012-08-02 15:21:58 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2012-08-02 15:21:58 +0300 |
| commit | 3c010f8db1d3cd2efea33e0804f5bf40b7d7891b (patch) | |
| tree | 5db1e9fd329f46b67e0e0019f985769209ae0b93 /main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch | |
| parent | e20dfcebe0901e987c0da30c063548c3d74b8851 (diff) | |
| download | aports-1.10-stable.tar.bz2 aports-1.10-stable.tar.xz | |
main/openssl: security upgrade to 0.9.8x and backport padlock fixes1.10-stable
* fix padlock sha1/256 to fallback to software with very large streams
* fix padlock sha1/256 oneshot finalizing update
Diffstat (limited to 'main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch')
| -rw-r--r-- | main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch b/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch index 993c9b1780..ad2a349626 100644 --- a/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch +++ b/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch @@ -1,7 +1,8 @@ -From 9fe6001d9b7a35a12a6a282677c79fd56eeaf99c Mon Sep 17 00:00:00 2001 +From c0a6d4b6d7b2a9c835efa4c05af610a148eb12cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Fri, 4 Jun 2010 10:00:15 +0300 -Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 acceleration +Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 + acceleration Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT is used appropriately (as done by EVP_Digest, and my previous HMAC patch). @@ -24,11 +25,11 @@ sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k --- - crypto/engine/eng_padlock.c | 597 +++++++++++++++++++++++++++++++++++++++--- - 1 files changed, 554 insertions(+), 43 deletions(-) + crypto/engine/eng_padlock.c | 599 ++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 556 insertions(+), 43 deletions(-) diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c -index 743558a..28ec0f7 100644 +index 743558a..c82d0f3 100644 --- a/crypto/engine/eng_padlock.c +++ b/crypto/engine/eng_padlock.c @@ -3,6 +3,9 @@ @@ -41,7 +42,7 @@ index 743558a..28ec0f7 100644 * Big thanks to Andy Polyakov for a help with optimization, * assembler fixes, port to MS Windows and a lot of other * valuable work on this engine! -@@ -74,12 +77,23 @@ +@@ -74,12 +77,25 @@ #ifndef OPENSSL_NO_AES #include <openssl/aes.h> #endif @@ -62,10 +63,12 @@ index 743558a..28ec0f7 100644 +#define OPENSSL_NO_SHA +#endif + ++#define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE ++ /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) # ifndef OPENSSL_NO_DYNAMIC_ENGINE -@@ -138,58 +152,40 @@ static int padlock_available(void); +@@ -138,58 +154,40 @@ static int padlock_available(void); static int padlock_init(ENGINE *e); /* RNG Stuff */ @@ -87,10 +90,10 @@ index 743558a..28ec0f7 100644 -#ifndef OPENSSL_NO_AES -static int padlock_aes_align_required = 1; -#endif -- --/* ===== Engine "management" functions ===== */ +static int padlock_bind_helper(ENGINE *e); +-/* ===== Engine "management" functions ===== */ +- -/* Prepare the ENGINE structure for registration */ -static int -padlock_bind_helper(ENGINE *e) @@ -145,7 +148,7 @@ index 743558a..28ec0f7 100644 /* Constructor */ static ENGINE * -@@ -213,7 +209,7 @@ ENGINE_padlock(void) +@@ -213,7 +211,7 @@ ENGINE_padlock(void) static int padlock_init(ENGINE *e) { @@ -154,7 +157,7 @@ index 743558a..28ec0f7 100644 } /* This stuff is needed if this ENGINE is being compiled into a self-contained -@@ -365,10 +361,20 @@ padlock_available(void) +@@ -365,10 +363,20 @@ padlock_available(void) : "+a"(eax), "=d"(edx) : : "ecx"); /* Fill up some flags */ @@ -178,7 +181,7 @@ index 743558a..28ec0f7 100644 } #ifndef OPENSSL_NO_AES -@@ -1157,6 +1163,454 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +@@ -1157,6 +1165,454 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, #endif /* OPENSSL_NO_AES */ @@ -239,9 +242,9 @@ index 743558a..28ec0f7 100644 + total += len; + + if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= 0xfffffffe)) { ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { + if (c->num != 0) { -+ l = (len < SHA_CBLOCK) ? len : SHA_CBLOCK; ++ l = (len < SHA_CBLOCK - c->num) ? len : SHA_CBLOCK - c->num; + if (!SHA1_Update(c, data, l)) + return 0; + p += l; @@ -417,9 +420,9 @@ index 743558a..28ec0f7 100644 + total += len; + + if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= 0xfffffffe)) { ++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { + if (c->num != 0) { -+ l = (len < SHA256_CBLOCK) ? len : SHA256_CBLOCK; ++ l = (len < SHA256_CBLOCK - c->num) ? len : SHA256_CBLOCK - c->num; + if (!SHA256_Update(c, data, l)) + return 0; + p += l; @@ -633,7 +636,7 @@ index 743558a..28ec0f7 100644 /* ===== Random Number Generator ===== */ /* * This code is not engaged. The reason is that it does not comply -@@ -1213,7 +1667,64 @@ static RAND_METHOD padlock_rand = { +@@ -1213,7 +1669,64 @@ static RAND_METHOD padlock_rand = { padlock_rand_status, /* rand status */ }; @@ -699,5 +702,5 @@ index 743558a..28ec0f7 100644 #endif /* !OPENSSL_NO_HW_PADLOCK */ #endif /* !OPENSSL_NO_HW */ -- -1.7.0.4 +1.7.11.3 |