diff options
author | Timo Teräs <timo.teras@iki.fi> | 2012-08-02 17:20:47 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2012-08-02 17:23:40 +0300 |
commit | cdbddc83dc90972ef93e2cbf8bd706d0e0ab129f (patch) | |
tree | 23d27eff2ee7aebf1a6297a41217d1b39fa1c28c /main | |
parent | ffb1c7b4dc64a49a5c873e9a119e3da57f1a5e86 (diff) | |
download | aports-cdbddc83dc90972ef93e2cbf8bd706d0e0ab129f.tar.bz2 aports-cdbddc83dc90972ef93e2cbf8bd706d0e0ab129f.tar.xz |
main/openssl: refresh hmac/oneshot and padlock patches
* fixed hmac oneshot flag to work as expected
* renamed the patch series, and rebased against 1.0.1c
Diffstat (limited to 'main')
-rw-r--r-- | main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch | 67 | ||||
-rw-r--r-- | main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch (renamed from main/openssl/0003-engines-e_padlock-backport-cvs-head-changes.patch) | 22 | ||||
-rw-r--r-- | main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch (renamed from main/openssl/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) | 29 | ||||
-rw-r--r-- | main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch (renamed from main/openssl/0005-crypto-engine-autoload-padlock-dynamic-engine.patch) | 16 | ||||
-rw-r--r-- | main/openssl/APKBUILD | 16 |
5 files changed, 83 insertions, 67 deletions
diff --git a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch index 1c837bccb8..7d8092607b 100644 --- a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +++ b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -1,7 +1,8 @@ -From 74e428937523858363f26f89d86db24932447ca1 Mon Sep 17 00:00:00 2001 +From ca3e27975dce1d969eeb41f5d882b34cb3eb1efb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Fri, 4 Jun 2010 09:48:39 +0300 -Subject: [PATCH 1/5] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly +Subject: [PATCH 1/4] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it + properly Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT is set before final update. This is because some crypto accelerators cannot @@ -12,22 +13,14 @@ differently here. It is set before the final EVP_DigestUpdate call, not necessarily before EVP_DigestInit call. This will not cause any problems though. --- - crypto/hmac/hmac.c | 14 +++++++++++--- - 1 files changed, 11 insertions(+), 3 deletions(-) + crypto/hmac/hmac.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c -index 45015fe..55ad15c 100644 +index ba27cbf..cffa0ba 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c -@@ -66,6 +66,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - { - int i,j,reset=0; - unsigned char pad[HMAC_MAX_MD_CBLOCK]; -+ unsigned long flags; - - if (md != NULL) - { -@@ -82,6 +83,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +@@ -104,6 +104,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { @@ -35,17 +28,15 @@ index 45015fe..55ad15c 100644 if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl)) goto err; if (!EVP_DigestUpdate(&ctx->md_ctx,key,len)) -@@ -105,17 +107,22 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +@@ -127,6 +128,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) pad[i]=0x36^ctx->key[i]; -+ flags = EVP_MD_CTX_test_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl)) goto err; if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md))) - goto err; -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); +@@ -134,14 +136,18 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) pad[i]=0x5c^ctx->key[i]; @@ -54,29 +45,53 @@ index 45015fe..55ad15c 100644 goto err; if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md))) goto err; -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); } ++ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx)) goto err; -@@ -197,7 +204,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, ++ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); + return 1; ++ + err: + return 0; + } +@@ -166,6 +172,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + { + unsigned int i; + unsigned char buf[EVP_MAX_MD_SIZE]; ++ + #ifdef OPENSSL_FIPS + if (FIPS_mode() && !ctx->i_ctx.engine) + return FIPS_hmac_final(ctx, md, len); +@@ -175,6 +182,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) + goto err; ++ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i)) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len)) +@@ -231,8 +239,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, if (md == NULL) md=m; HMAC_CTX_init(&c); - if (!HMAC_Init(&c,key,key_len,evp_md)) -+ HMAC_CTX_set_flags(&c, EVP_MD_CTX_FLAG_ONESHOT); + if (!HMAC_Init_ex(&c,key,key_len,evp_md,NULL)) goto err; ++ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT); if (!HMAC_Update(&c,d,n)) goto err; -@@ -212,6 +220,6 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + if (!HMAC_Final(&c,md,md_len)) +@@ -245,7 +254,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) { - EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); - EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); } -- -1.7.0.4 +1.7.11.3 diff --git a/main/openssl/0003-engines-e_padlock-backport-cvs-head-changes.patch b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch index a590269b99..c508c9c5a2 100644 --- a/main/openssl/0003-engines-e_padlock-backport-cvs-head-changes.patch +++ b/main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch @@ -1,7 +1,7 @@ -From 1d27eeb41fbc2e8f36f156d4d66d04486afee742 Mon Sep 17 00:00:00 2001 +From 6e182155643a6aeb07cbba1e7f79ac1adfcddad2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Wed, 28 Jul 2010 08:29:09 +0300 -Subject: [PATCH 3/5] engines/e_padlock: backport cvs head changes +Subject: [PATCH 2/4] engines/e_padlock: backport cvs head changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -10,11 +10,11 @@ Includes support for VIA Nano 64-bit mode. Signed-off-by: Timo Teräs <timo.teras@iki.fi> --- - engines/e_padlock.c | 140 ++++++++++++++++++++++++++++++++++++++++++++------- - 1 files changed, 122 insertions(+), 18 deletions(-) + engines/e_padlock.c | 140 +++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 122 insertions(+), 18 deletions(-) diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 381a746..4300f35 100644 +index 9f7a85a..6ab42d2 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -101,7 +101,10 @@ @@ -28,8 +28,8 @@ index 381a746..4300f35 100644 + ) || \ (defined(_MSC_VER) && defined(_M_IX86)) # define COMPILE_HW_PADLOCK - static ENGINE *ENGINE_padlock (void); -@@ -294,6 +297,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; + # endif +@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; * ======================================================= */ #if defined(__GNUC__) && __GNUC__>=2 @@ -37,7 +37,7 @@ index 381a746..4300f35 100644 /* * As for excessive "push %ebx"/"pop %ebx" found all over. * When generating position-independent code GCC won't let -@@ -373,21 +377,6 @@ padlock_available(void) +@@ -383,21 +387,6 @@ padlock_available(void) return padlock_use_ace + padlock_use_rng; } @@ -59,7 +59,7 @@ index 381a746..4300f35 100644 /* Force key reload from memory to the CPU microcode. Loading EFLAGS from the stack clears EFLAGS[30] which does the trick. */ -@@ -445,12 +434,127 @@ static inline void *name(size_t cnt, \ +@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \ : "edx", "cc", "memory"); \ return iv; \ } @@ -187,7 +187,7 @@ index 381a746..4300f35 100644 #endif /* The RNG call itself */ -@@ -481,8 +585,8 @@ padlock_xstore(void *addr, unsigned int edx_in) +@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int edx_in) static inline unsigned char * padlock_memcpy(void *dst,const void *src,size_t n) { @@ -199,5 +199,5 @@ index 381a746..4300f35 100644 n /= sizeof(*d); do { *d++ = *s++; } while (--n); -- -1.7.0.4 +1.7.11.3 diff --git a/main/openssl/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch index 1ace35936f..6b21985797 100644 --- a/main/openssl/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +++ b/main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch @@ -1,7 +1,8 @@ -From b235a1c0686e5f4f32703c0eb0a75ee9902a7e89 Mon Sep 17 00:00:00 2001 +From 77b32d0906eaac4d9adf3e6b7c3b52d927e10b41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Wed, 28 Jul 2010 08:37:58 +0300 -Subject: [PATCH 4/5] engines/e_padlock: implement sha1/sha224/sha256 acceleration +Subject: [PATCH 3/4] engines/e_padlock: implement sha1/sha224/sha256 + acceleration Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT is used appropriately (as done by EVP_Digest, and my previous HMAC patch). @@ -24,11 +25,11 @@ sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k --- - engines/e_padlock.c | 660 +++++++++++++++++++++++++++++++++++++++++++++++---- - 1 files changed, 613 insertions(+), 47 deletions(-) + engines/e_padlock.c | 660 ++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 613 insertions(+), 47 deletions(-) diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 4300f35..3591c59 100644 +index 6ab42d2..e107d3c 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -3,6 +3,9 @@ @@ -85,7 +86,7 @@ index 4300f35..3591c59 100644 /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) # ifndef OPENSSL_NO_DYNAMIC_ENGINE -@@ -143,58 +169,40 @@ static int padlock_available(void); +@@ -149,58 +175,40 @@ static int padlock_available(void); static int padlock_init(ENGINE *e); /* RNG Stuff */ @@ -163,9 +164,9 @@ index 4300f35..3591c59 100644 -} +/* ===== Engine "management" functions ===== */ - /* Constructor */ - static ENGINE * -@@ -218,7 +226,7 @@ ENGINE_padlock(void) + #ifdef OPENSSL_NO_DYNAMIC_ENGINE + +@@ -228,7 +236,7 @@ ENGINE_padlock(void) static int padlock_init(ENGINE *e) { @@ -174,7 +175,7 @@ index 4300f35..3591c59 100644 } /* This stuff is needed if this ENGINE is being compiled into a self-contained -@@ -371,10 +379,20 @@ padlock_available(void) +@@ -381,10 +389,20 @@ padlock_available(void) : "+a"(eax), "=d"(edx) : : "ecx"); /* Fill up some flags */ @@ -198,7 +199,7 @@ index 4300f35..3591c59 100644 } /* Force key reload from memory to the CPU microcode. -@@ -471,10 +489,14 @@ padlock_available(void) +@@ -481,10 +499,14 @@ padlock_available(void) : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); /* Fill up some flags */ @@ -217,7 +218,7 @@ index 4300f35..3591c59 100644 } /* Force key reload from memory to the CPU microcode. -@@ -1263,6 +1285,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +@@ -1273,6 +1295,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, #endif /* OPENSSL_NO_AES */ @@ -714,7 +715,7 @@ index 4300f35..3591c59 100644 /* ===== Random Number Generator ===== */ /* * This code is not engaged. The reason is that it does not comply -@@ -1319,6 +1831,60 @@ static RAND_METHOD padlock_rand = { +@@ -1329,6 +1841,60 @@ static RAND_METHOD padlock_rand = { padlock_rand_status, /* rand status */ }; @@ -776,5 +777,5 @@ index 4300f35..3591c59 100644 #ifndef OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_EXPORT -- -1.7.0.4 +1.7.11.3 diff --git a/main/openssl/0005-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch index 770160ec02..f83fc965e0 100644 --- a/main/openssl/0005-crypto-engine-autoload-padlock-dynamic-engine.patch +++ b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch @@ -1,17 +1,17 @@ -From b96276c8f11e656e4296955bf1a8d0ac2b6094fe Mon Sep 17 00:00:00 2001 +From 21668119c0f83f309b423b8a443dbef5206ab778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Fri, 4 Jun 2010 18:02:39 +0300 -Subject: [PATCH 5/5] crypto/engine: autoload padlock dynamic engine +Subject: [PATCH 4/4] crypto/engine: autoload padlock dynamic engine --- - crypto/engine/eng_all.c | 10 ++++++++++ - 1 files changed, 10 insertions(+), 0 deletions(-) + crypto/engine/eng_all.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c -index 22c1204..827e447 100644 +index 6093376..210b2d7 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c -@@ -112,6 +112,16 @@ void ENGINE_load_builtin_engines(void) +@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_capi(); #endif #endif @@ -25,9 +25,9 @@ index 22c1204..827e447 100644 + } + } +#endif - ENGINE_register_all_complete(); + ENGINE_register_all_complete(); } -- -1.7.0.4 +1.7.11.3 diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 04664654f5..5655fb4b09 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl pkgver=1.0.1c -pkgrel=1 +pkgrel=2 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -16,9 +16,9 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz fix-manpages.patch openssl-bb-basename.patch 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch - 0003-engines-e_padlock-backport-cvs-head-changes.patch - 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch - 0005-crypto-engine-autoload-padlock-dynamic-engine.patch + 0002-engines-e_padlock-backport-cvs-head-changes.patch + 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch + 0004-crypto-engine-autoload-padlock-dynamic-engine.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -71,7 +71,7 @@ libssl() { md5sums="ae412727c8c15b67880aef7bd2999b2e openssl-1.0.1c.tar.gz 115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch -1f607b8e11347e56a0906756f3d6928a 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch -53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch -c0dae72e29e8fdfb753906411b1722bc 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch -7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch" +ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch +d95bbaa38889836afd3c52f3962f3b54 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch" |