aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-08-02 17:20:47 +0300
committerTimo Teräs <timo.teras@iki.fi>2012-08-02 17:23:40 +0300
commitcdbddc83dc90972ef93e2cbf8bd706d0e0ab129f (patch)
tree23d27eff2ee7aebf1a6297a41217d1b39fa1c28c /main
parentffb1c7b4dc64a49a5c873e9a119e3da57f1a5e86 (diff)
downloadaports-cdbddc83dc90972ef93e2cbf8bd706d0e0ab129f.tar.bz2
aports-cdbddc83dc90972ef93e2cbf8bd706d0e0ab129f.tar.xz
main/openssl: refresh hmac/oneshot and padlock patches
* fixed hmac oneshot flag to work as expected * renamed the patch series, and rebased against 1.0.1c
Diffstat (limited to 'main')
-rw-r--r--main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch67
-rw-r--r--main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch (renamed from main/openssl/0003-engines-e_padlock-backport-cvs-head-changes.patch)22
-rw-r--r--main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch (renamed from main/openssl/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch)29
-rw-r--r--main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch (renamed from main/openssl/0005-crypto-engine-autoload-padlock-dynamic-engine.patch)16
-rw-r--r--main/openssl/APKBUILD16
5 files changed, 83 insertions, 67 deletions
diff --git a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
index 1c837bccb8..7d8092607b 100644
--- a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+++ b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -1,7 +1,8 @@
-From 74e428937523858363f26f89d86db24932447ca1 Mon Sep 17 00:00:00 2001
+From ca3e27975dce1d969eeb41f5d882b34cb3eb1efb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 4 Jun 2010 09:48:39 +0300
-Subject: [PATCH 1/5] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly
+Subject: [PATCH 1/4] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it
+ properly
Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT
is set before final update. This is because some crypto accelerators cannot
@@ -12,22 +13,14 @@ differently here. It is set before the final EVP_DigestUpdate call, not
necessarily before EVP_DigestInit call. This will not cause any problems
though.
---
- crypto/hmac/hmac.c | 14 +++++++++++---
- 1 files changed, 11 insertions(+), 3 deletions(-)
+ crypto/hmac/hmac.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
-index 45015fe..55ad15c 100644
+index ba27cbf..cffa0ba 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
-@@ -66,6 +66,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- {
- int i,j,reset=0;
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
-+ unsigned long flags;
-
- if (md != NULL)
- {
-@@ -82,6 +83,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+@@ -104,6 +104,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
OPENSSL_assert(j <= (int)sizeof(ctx->key));
if (j < len)
{
@@ -35,17 +28,15 @@ index 45015fe..55ad15c 100644
if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
goto err;
if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
-@@ -105,17 +107,22 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+@@ -127,6 +128,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
{
for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
pad[i]=0x36^ctx->key[i];
-+ flags = EVP_MD_CTX_test_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
goto err;
if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
- goto err;
-+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+@@ -134,14 +136,18 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
pad[i]=0x5c^ctx->key[i];
@@ -54,29 +45,53 @@ index 45015fe..55ad15c 100644
goto err;
if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
goto err;
-+ EVP_MD_CTX_set_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
}
++
if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
goto err;
-@@ -197,7 +204,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
++ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ return 1;
++
+ err:
+ return 0;
+ }
+@@ -166,6 +172,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ {
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
++
+ #ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !ctx->i_ctx.engine)
+ return FIPS_hmac_final(ctx, md, len);
+@@ -175,6 +182,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
+ goto err;
++ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
+ goto err;
+ if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
+@@ -231,8 +239,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
if (md == NULL) md=m;
HMAC_CTX_init(&c);
- if (!HMAC_Init(&c,key,key_len,evp_md))
-+ HMAC_CTX_set_flags(&c, EVP_MD_CTX_FLAG_ONESHOT);
+ if (!HMAC_Init_ex(&c,key,key_len,evp_md,NULL))
goto err;
++ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT);
if (!HMAC_Update(&c,d,n))
goto err;
-@@ -212,6 +220,6 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ if (!HMAC_Final(&c,md,md_len))
+@@ -245,7 +254,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
{
- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
-+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
}
--
-1.7.0.4
+1.7.11.3
diff --git a/main/openssl/0003-engines-e_padlock-backport-cvs-head-changes.patch b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch
index a590269b99..c508c9c5a2 100644
--- a/main/openssl/0003-engines-e_padlock-backport-cvs-head-changes.patch
+++ b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch
@@ -1,7 +1,7 @@
-From 1d27eeb41fbc2e8f36f156d4d66d04486afee742 Mon Sep 17 00:00:00 2001
+From 6e182155643a6aeb07cbba1e7f79ac1adfcddad2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 28 Jul 2010 08:29:09 +0300
-Subject: [PATCH 3/5] engines/e_padlock: backport cvs head changes
+Subject: [PATCH 2/4] engines/e_padlock: backport cvs head changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -10,11 +10,11 @@ Includes support for VIA Nano 64-bit mode.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
- engines/e_padlock.c | 140 ++++++++++++++++++++++++++++++++++++++++++++-------
- 1 files changed, 122 insertions(+), 18 deletions(-)
+ engines/e_padlock.c | 140 +++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 122 insertions(+), 18 deletions(-)
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index 381a746..4300f35 100644
+index 9f7a85a..6ab42d2 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -101,7 +101,10 @@
@@ -28,8 +28,8 @@ index 381a746..4300f35 100644
+ ) || \
(defined(_MSC_VER) && defined(_M_IX86))
# define COMPILE_HW_PADLOCK
- static ENGINE *ENGINE_padlock (void);
-@@ -294,6 +297,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
+ # endif
+@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
* =======================================================
*/
#if defined(__GNUC__) && __GNUC__>=2
@@ -37,7 +37,7 @@ index 381a746..4300f35 100644
/*
* As for excessive "push %ebx"/"pop %ebx" found all over.
* When generating position-independent code GCC won't let
-@@ -373,21 +377,6 @@ padlock_available(void)
+@@ -383,21 +387,6 @@ padlock_available(void)
return padlock_use_ace + padlock_use_rng;
}
@@ -59,7 +59,7 @@ index 381a746..4300f35 100644
/* Force key reload from memory to the CPU microcode.
Loading EFLAGS from the stack clears EFLAGS[30]
which does the trick. */
-@@ -445,12 +434,127 @@ static inline void *name(size_t cnt, \
+@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \
: "edx", "cc", "memory"); \
return iv; \
}
@@ -187,7 +187,7 @@ index 381a746..4300f35 100644
#endif
/* The RNG call itself */
-@@ -481,8 +585,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
+@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
static inline unsigned char *
padlock_memcpy(void *dst,const void *src,size_t n)
{
@@ -199,5 +199,5 @@ index 381a746..4300f35 100644
n /= sizeof(*d);
do { *d++ = *s++; } while (--n);
--
-1.7.0.4
+1.7.11.3
diff --git a/main/openssl/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
index 1ace35936f..6b21985797 100644
--- a/main/openssl/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
+++ b/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
@@ -1,7 +1,8 @@
-From b235a1c0686e5f4f32703c0eb0a75ee9902a7e89 Mon Sep 17 00:00:00 2001
+From 77b32d0906eaac4d9adf3e6b7c3b52d927e10b41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 28 Jul 2010 08:37:58 +0300
-Subject: [PATCH 4/5] engines/e_padlock: implement sha1/sha224/sha256 acceleration
+Subject: [PATCH 3/4] engines/e_padlock: implement sha1/sha224/sha256
+ acceleration
Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT
is used appropriately (as done by EVP_Digest, and my previous HMAC patch).
@@ -24,11 +25,11 @@ sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k
sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k
hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k
---
- engines/e_padlock.c | 660 +++++++++++++++++++++++++++++++++++++++++++++++----
- 1 files changed, 613 insertions(+), 47 deletions(-)
+ engines/e_padlock.c | 660 ++++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 613 insertions(+), 47 deletions(-)
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index 4300f35..3591c59 100644
+index 6ab42d2..e107d3c 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -3,6 +3,9 @@
@@ -85,7 +86,7 @@ index 4300f35..3591c59 100644
/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
-@@ -143,58 +169,40 @@ static int padlock_available(void);
+@@ -149,58 +175,40 @@ static int padlock_available(void);
static int padlock_init(ENGINE *e);
/* RNG Stuff */
@@ -163,9 +164,9 @@ index 4300f35..3591c59 100644
-}
+/* ===== Engine "management" functions ===== */
- /* Constructor */
- static ENGINE *
-@@ -218,7 +226,7 @@ ENGINE_padlock(void)
+ #ifdef OPENSSL_NO_DYNAMIC_ENGINE
+
+@@ -228,7 +236,7 @@ ENGINE_padlock(void)
static int
padlock_init(ENGINE *e)
{
@@ -174,7 +175,7 @@ index 4300f35..3591c59 100644
}
/* This stuff is needed if this ENGINE is being compiled into a self-contained
-@@ -371,10 +379,20 @@ padlock_available(void)
+@@ -381,10 +389,20 @@ padlock_available(void)
: "+a"(eax), "=d"(edx) : : "ecx");
/* Fill up some flags */
@@ -198,7 +199,7 @@ index 4300f35..3591c59 100644
}
/* Force key reload from memory to the CPU microcode.
-@@ -471,10 +489,14 @@ padlock_available(void)
+@@ -481,10 +499,14 @@ padlock_available(void)
: "+a"(eax), "=d"(edx) : : "rbx", "rcx");
/* Fill up some flags */
@@ -217,7 +218,7 @@ index 4300f35..3591c59 100644
}
/* Force key reload from memory to the CPU microcode.
-@@ -1263,6 +1285,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+@@ -1273,6 +1295,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
#endif /* OPENSSL_NO_AES */
@@ -714,7 +715,7 @@ index 4300f35..3591c59 100644
/* ===== Random Number Generator ===== */
/*
* This code is not engaged. The reason is that it does not comply
-@@ -1319,6 +1831,60 @@ static RAND_METHOD padlock_rand = {
+@@ -1329,6 +1841,60 @@ static RAND_METHOD padlock_rand = {
padlock_rand_status, /* rand status */
};
@@ -776,5 +777,5 @@ index 4300f35..3591c59 100644
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
--
-1.7.0.4
+1.7.11.3
diff --git a/main/openssl/0005-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch
index 770160ec02..f83fc965e0 100644
--- a/main/openssl/0005-crypto-engine-autoload-padlock-dynamic-engine.patch
+++ b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch
@@ -1,17 +1,17 @@
-From b96276c8f11e656e4296955bf1a8d0ac2b6094fe Mon Sep 17 00:00:00 2001
+From 21668119c0f83f309b423b8a443dbef5206ab778 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 4 Jun 2010 18:02:39 +0300
-Subject: [PATCH 5/5] crypto/engine: autoload padlock dynamic engine
+Subject: [PATCH 4/4] crypto/engine: autoload padlock dynamic engine
---
- crypto/engine/eng_all.c | 10 ++++++++++
- 1 files changed, 10 insertions(+), 0 deletions(-)
+ crypto/engine/eng_all.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 22c1204..827e447 100644
+index 6093376..210b2d7 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
-@@ -112,6 +112,16 @@ void ENGINE_load_builtin_engines(void)
+@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void)
ENGINE_load_capi();
#endif
#endif
@@ -25,9 +25,9 @@ index 22c1204..827e447 100644
+ }
+ }
+#endif
- ENGINE_register_all_complete();
+ ENGINE_register_all_complete();
}
--
-1.7.0.4
+1.7.11.3
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 04664654f5..5655fb4b09 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1c
-pkgrel=1
+pkgrel=2
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
@@ -16,9 +16,9 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
fix-manpages.patch
openssl-bb-basename.patch
0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
- 0003-engines-e_padlock-backport-cvs-head-changes.patch
- 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
- 0005-crypto-engine-autoload-padlock-dynamic-engine.patch
+ 0002-engines-e_padlock-backport-cvs-head-changes.patch
+ 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
+ 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -71,7 +71,7 @@ libssl() {
md5sums="ae412727c8c15b67880aef7bd2999b2e openssl-1.0.1c.tar.gz
115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
-1f607b8e11347e56a0906756f3d6928a 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
-53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch
-c0dae72e29e8fdfb753906411b1722bc 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
-7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch"
+ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch
+d95bbaa38889836afd3c52f3962f3b54 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
+c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch"