diff options
15 files changed, 0 insertions, 1891 deletions
diff --git a/testing/openssl/0001-Use-secure_getenv-3-when-available.patch b/main/openssl/0001-Use-secure_getenv-3-when-available.patch index 778a09278f..778a09278f 100644 --- a/testing/openssl/0001-Use-secure_getenv-3-when-available.patch +++ b/main/openssl/0001-Use-secure_getenv-3-when-available.patch diff --git a/testing/openssl/APKBUILD b/main/openssl/APKBUILD index 93b48c8792..93b48c8792 100644 --- a/testing/openssl/APKBUILD +++ b/main/openssl/APKBUILD diff --git a/main/openssl1.0/0002-busybox-basename.patch b/main/openssl1.0/0002-busybox-basename.patch deleted file mode 100644 index 9bbc284f31..0000000000 --- a/main/openssl1.0/0002-busybox-basename.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c276ddc394dd402327603959271eac63a2e1ec1c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 08:40:00 +0200 -Subject: [PATCH] busybox basename - ---- - Makefile.org | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.org b/Makefile.org -index b7a3f96..035fa83 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -649,7 +649,7 @@ install_docs: - filecase=-i; \ - esac; \ - set -e; for i in doc/apps/*.pod; do \ -- fn=`basename $$i .pod`; \ -+ fn=`basename $$i .pod || true`; \ - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ -@@ -666,7 +666,7 @@ install_docs: - done); \ - done; \ - set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ -- fn=`basename $$i .pod`; \ -+ fn=`basename $$i .pod || true`; \ - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ --- -2.2.2 - diff --git a/main/openssl1.0/0003-use-termios.patch b/main/openssl1.0/0003-use-termios.patch deleted file mode 100644 index 3312d18567..0000000000 --- a/main/openssl1.0/0003-use-termios.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5caf1bdcdb56358c0ce38ef404fedbe323e66cb9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 08:40:32 +0200 -Subject: [PATCH] use termios - ---- - crypto/ui/ui_openssl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c -index 8bda83c..a89b5f2 100644 ---- a/crypto/ui/ui_openssl.c -+++ b/crypto/ui/ui_openssl.c -@@ -224,6 +224,9 @@ - # undef SGTTY - #endif - -+#define TERMIOS -+#undef TERMIO -+ - #ifdef TERMIOS - # include <termios.h> - # define TTY_STRUCT struct termios --- -2.2.2 - diff --git a/main/openssl1.0/0004-fix-default-ca-path-for-apps.patch b/main/openssl1.0/0004-fix-default-ca-path-for-apps.patch deleted file mode 100644 index c2c53184a6..0000000000 --- a/main/openssl1.0/0004-fix-default-ca-path-for-apps.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 08:52:05 +0200 -Subject: [PATCH] fix default ca path for apps - ---- - apps/s_server.c | 22 ++++++++++++++-------- - apps/s_time.c | 13 ++++++------- - 3 files changed, 26 insertions(+), 22 deletions(-) - -diff --git a/apps/s_server.c b/apps/s_server.c -index baa2455..2d5dc97 100644 ---- a/apps/s_server.c -+++ b/apps/s_server.c -@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[]) - } - #endif - -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) { -- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx)) -+ ERR_print_errors(bio_err); -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) -+ ERR_print_errors(bio_err); - } -+ - if (vpm) - SSL_CTX_set1_param(ctx, vpm); - -@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[]) - else - SSL_CTX_sess_set_cache_size(ctx2, 128); - -- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx2))) { -- ERR_print_errors(bio_err); -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx2)) -+ ERR_print_errors(bio_err); -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) -+ ERR_print_errors(bio_err); - } -+ - if (vpm) - SSL_CTX_set1_param(ctx2, vpm); - -diff --git a/apps/s_time.c b/apps/s_time.c -index 5846f3a..c8f371a 100644 ---- a/apps/s_time.c -+++ b/apps/s_time.c -@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv) - - SSL_load_error_strings(); - -- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(tm_ctx))) { -- /* -- * BIO_printf(bio_err,"error setting default verify locations\n"); -- */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) -+ ERR_print_errors(bio_err); -+ } else { -+ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) -+ ERR_print_errors(bio_err); - } - - if (tm_cipher == NULL) --- -2.2.2 - diff --git a/main/openssl1.0/0005-fix-parallel-build.patch b/main/openssl1.0/0005-fix-parallel-build.patch deleted file mode 100644 index 70073fd195..0000000000 --- a/main/openssl1.0/0005-fix-parallel-build.patch +++ /dev/null @@ -1,349 +0,0 @@ -diff -ru openssl-1.0.2a.orig/Makefile.org openssl-1.0.2a/Makefile.org ---- openssl-1.0.2d.orig/Makefile.org 2015-07-09 16:30:50.201986573 -0300 -+++ openssl-1.0.2d/Makefile.org 2015-07-09 16:30:50.201986573 -0300 -@@ -278,17 +278,17 @@ - build_libssl: build_ssl libssl.pc - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -536,9 +536,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -547,12 +547,19 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -636,12 +643,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ -diff -ru openssl-1.0.2a.orig/Makefile.shared openssl-1.0.2a/Makefile.shared ---- openssl-1.0.2a.orig/Makefile.shared 2015-01-20 12:33:36.000000000 +0000 -+++ openssl-1.0.2a/Makefile.shared 2015-03-19 14:53:31.246908039 +0000 -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ -diff -ru openssl-1.0.2a.orig/crypto/Makefile openssl-1.0.2a/crypto/Makefile ---- openssl-1.0.2a.orig/crypto/Makefile 2015-03-19 13:31:02.000000000 +0000 -+++ openssl-1.0.2a/crypto/Makefile 2015-03-19 14:53:31.246908039 +0000 -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) -diff -ru openssl-1.0.2a.orig/engines/Makefile openssl-1.0.2a/engines/Makefile ---- openssl-1.0.2a.orig/engines/Makefile 2015-03-19 13:31:14.000000000 +0000 -+++ openssl-1.0.2a/engines/Makefile 2015-03-19 14:53:31.246908039 +0000 -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) -diff -ru openssl-1.0.2a.orig/test/Makefile openssl-1.0.2a/test/Makefile ---- openssl-1.0.2a.orig/test/Makefile 2015-03-19 13:31:16.000000000 +0000 -+++ openssl-1.0.2a/test/Makefile 2015-03-19 14:55:44.146017128 +0000 -@@ -133,7 +133,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -402,121 +402,121 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) -- @target=$(EVPEXTRATEST); $(BUILD_CMD) -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) -- @target=$(V3NAMETEST); $(BUILD_CMD) -+ +@target=$(V3NAMETEST); $(BUILD_CMD) - - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) - - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -- @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -529,7 +529,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/main/openssl1.0/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch b/main/openssl1.0/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch deleted file mode 100644 index daa6df02f8..0000000000 --- a/main/openssl1.0/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 4785c095dbfb3630ddf6685f23e3a19c7c804cbc Mon Sep 17 00:00:00 2001 -From: William Pitcock <nenolod@dereferenced.org> -Date: Thu, 5 Feb 2015 09:02:00 +0200 -Subject: [PATCH] add ircv3 tls-3.1 extension support to s_client - ---- - apps/s_client.c | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/apps/s_client.c b/apps/s_client.c -index 8aee02a..0a28b89 100644 ---- a/apps/s_client.c -+++ b/apps/s_client.c -@@ -401,7 +401,7 @@ static void sc_usage(void) - BIO_printf(bio_err, - " 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err, -- " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); -+ " only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"ircv3\"\n"); - BIO_printf(bio_err, " are supported.\n"); - #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, -@@ -640,7 +640,8 @@ enum { - PROTO_POP3, - PROTO_IMAP, - PROTO_FTP, -- PROTO_XMPP -+ PROTO_XMPP, -+ PROTO_IRCV3, - }; - - int MAIN(int, char **); -@@ -1062,6 +1063,8 @@ int MAIN(int argc, char **argv) - starttls_proto = PROTO_FTP; - else if (strcmp(*argv, "xmpp") == 0) - starttls_proto = PROTO_XMPP; -+ else if (strcmp(*argv, "ircv3") == 0) -+ starttls_proto = PROTO_IRCV3; - else - goto bad; - } -@@ -1646,6 +1649,23 @@ int MAIN(int argc, char **argv) - goto shut; - mbuf[0] = 0; - } -+ if (starttls_proto == PROTO_IRCV3) { -+ int seen = 0; -+ BIO_printf(sbio,"CAP REQ :tls\r\n"); -+ -+ while (!strstr(mbuf,"CAP")) { -+ seen = BIO_read(sbio,mbuf,BUFSIZZ); -+ mbuf[seen] = 0; -+ } -+ if (!strstr(mbuf,"ACK")) -+ goto shut; -+ BIO_printf(sbio,"CAP END\r\nSTARTTLS\r\n"); -+ while (!strstr(sbuf, "670")) { -+ seen = BIO_read(sbio,sbuf,BUFSIZZ); -+ sbuf[seen] = 0; -+ } -+ mbuf[0] = 0; -+ } - - for (;;) { - FD_ZERO(&readfds); --- -2.2.2 - diff --git a/main/openssl1.0/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch b/main/openssl1.0/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch deleted file mode 100644 index ff3d25eff0..0000000000 --- a/main/openssl1.0/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7457e26d3a78c7cd923242d87d04febadddea086 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 10:06:31 +0200 -Subject: [PATCH] maintain abi compat with no-freelist and regular build - ---- - ssl/ssl.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/ssl/ssl.h b/ssl/ssl.h -index 2b0f662..636cb5d 100644 ---- a/ssl/ssl.h -+++ b/ssl/ssl.h -@@ -1113,6 +1113,10 @@ struct ssl_ctx_st { - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -+# else -+ unsigned int freelist_dummy0; -+ void *freelist_dummy1; -+ void *freelist_dummy2; - # endif - # ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ --- -2.2.2 - diff --git a/main/openssl1.0/0009-no-rpath.patch b/main/openssl1.0/0009-no-rpath.patch deleted file mode 100644 index 56df75b791..0000000000 --- a/main/openssl1.0/0009-no-rpath.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.shared 2005-06-23 22:47:54.000000000 +0200 -+++ b/Makefile.shared 2005-11-16 22:35:37.000000000 +0100 -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/main/openssl1.0/0010-ssl-env-zlib.patch b/main/openssl1.0/0010-ssl-env-zlib.patch deleted file mode 100644 index 9eae15d727..0000000000 --- a/main/openssl1.0/0010-ssl-env-zlib.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200 -+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200 -@@ -47,6 +47,13 @@ - been standardized, the compression API will most likely be changed. Using - it in the current state is not recommended. - -+It is also not recommended to use compression if data transfered contain -+untrusted parts that can be manipulated by an attacker as he could then -+get information about the encrypted data. See the CRIME attack. For -+that reason the default loading of the zlib compression method is -+disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB> -+is present during the library initialization. -+ - =head1 RETURN VALUES - - SSL_COMP_add_compression_method() may return the following values: -diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c ---- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200 -@@ -141,6 +141,8 @@ - */ - - #include <stdio.h> -+#include <stdlib.h> -+#include <sys/auxv.h> - #include <openssl/objects.h> - #ifndef OPENSSL_NO_COMP - # include <openssl/comp.h> -@@ -481,7 +483,7 @@ - - MemCheck_off(); - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); -- if (ssl_comp_methods != NULL) { -+ if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { - comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) { - comp->method = COMP_zlib(); diff --git a/main/openssl1.0/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl1.0/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch deleted file mode 100644 index ef46faa848..0000000000 --- a/main/openssl1.0/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 83c96cbc76604daccbc31cea9411555aea96fd6d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 09:16:51 +0200 -Subject: [PATCH] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it - properly - -Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT -is set before final update. This is because some crypto accelerators cannot -perform non-finalizing transform of the digest. - -The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly -differently here. It is set before the final EVP_DigestUpdate call, not -necessarily before EVP_DigestInit call. This will not cause any problems -though. ---- - crypto/hmac/hmac.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c -index 1fc9e2c..6f16578 100644 ---- a/crypto/hmac/hmac.c -+++ b/crypto/hmac/hmac.c -@@ -109,7 +109,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); - if (j < len) { -- if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); -+ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) - goto err; -@@ -129,6 +130,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - if (reset) { - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) - pad[i] = 0x36 ^ ctx->key[i]; -+ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) -@@ -136,6 +138,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) - pad[i] = 0x5c ^ ctx->key[i]; -+ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) -@@ -143,6 +146,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - } - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) - goto err; -+ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); - return 1; - err: - return 0; -@@ -177,6 +181,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - goto err; - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) - goto err; -+ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) - goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) -@@ -233,8 +238,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - if (md == NULL) - md = m; - HMAC_CTX_init(&c); -- if (!HMAC_Init(&c, key, key_len, evp_md)) -+ if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) - goto err; -+ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT); - if (!HMAC_Update(&c, d, n)) - goto err; - if (!HMAC_Final(&c, md, md_len)) -@@ -247,7 +253,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) - { -- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); - EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); - } --- -2.2.2 - diff --git a/main/openssl1.0/1002-backport-changes-from-upstream-padlock-module.patch b/main/openssl1.0/1002-backport-changes-from-upstream-padlock-module.patch deleted file mode 100644 index f63bbcd1ce..0000000000 --- a/main/openssl1.0/1002-backport-changes-from-upstream-padlock-module.patch +++ /dev/null @@ -1,200 +0,0 @@ -From ba17588a940ee712c3ef6d458adb1087f0c84521 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 09:28:10 +0200 -Subject: [PATCH] backport changes from upstream padlock module. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Includes support for VIA Nano 64-bit mode. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - engines/e_padlock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 125 insertions(+), 17 deletions(-) - -diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 2898e4c..94406cb 100644 ---- a/engines/e_padlock.c -+++ b/engines/e_padlock.c -@@ -101,7 +101,10 @@ - */ - # undef COMPILE_HW_PADLOCK - # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) --# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ -+# if (defined(__GNUC__) && __GNUC__>=2 && \ -+ (defined(__i386__) || defined(__i386) || \ -+ defined(__x86_64__) || defined(__x86_64)) \ -+ ) || \ - (defined(_MSC_VER) && defined(_M_IX86)) - # define COMPILE_HW_PADLOCK - # endif -@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; - * ======================================================= - */ - # if defined(__GNUC__) && __GNUC__>=2 -+# if defined(__i386__) || defined(__i386) - /* - * As for excessive "push %ebx"/"pop %ebx" found all over. - * When generating position-independent code GCC won't let -@@ -379,22 +383,6 @@ static int padlock_available(void) - return padlock_use_ace + padlock_use_rng; - } - --# ifndef OPENSSL_NO_AES --# ifndef AES_ASM --/* Our own htonl()/ntohl() */ --static inline void padlock_bswapl(AES_KEY *ks) --{ -- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -- -- while (i--) { -- asm volatile ("bswapl %0":"+r" (*key)); -- key++; -- } --} --# endif --# endif -- - /* - * Force key reload from memory to the CPU microcode. Loading EFLAGS from the - * stack clears EFLAGS[30] which does the trick. -@@ -448,6 +436,110 @@ static inline void *name(size_t cnt, \ - : "edx", "cc", "memory"); \ - return iv; \ - } -+#endif -+ -+#elif defined(__x86_64__) || defined(__x86_64) -+ -+/* Load supported features of the CPU to see if -+ the PadLock is available. */ -+static int -+padlock_available(void) -+{ -+ char vendor_string[16]; -+ unsigned int eax, edx; -+ -+ /* Are we running on the Centaur (VIA) CPU? */ -+ eax = 0x00000000; -+ vendor_string[12] = 0; -+ asm volatile ( -+ "cpuid\n" -+ "movl %%ebx,(%1)\n" -+ "movl %%edx,4(%1)\n" -+ "movl %%ecx,8(%1)\n" -+ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); -+ if (strcmp(vendor_string, "CentaurHauls") != 0) -+ return 0; -+ -+ /* Check for Centaur Extended Feature Flags presence */ -+ eax = 0xC0000000; -+ asm volatile ("cpuid" -+ : "+a"(eax) : : "rbx", "rcx", "rdx"); -+ if (eax < 0xC0000001) -+ return 0; -+ -+ /* Read the Centaur Extended Feature Flags */ -+ eax = 0xC0000001; -+ asm volatile ("cpuid" -+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); -+ -+ /* Fill up some flags */ -+ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -+ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ -+ return padlock_use_ace + padlock_use_rng; -+} -+ -+/* Force key reload from memory to the CPU microcode. -+ Loading EFLAGS from the stack clears EFLAGS[30] -+ which does the trick. */ -+static inline void -+padlock_reload_key(void) -+{ -+ asm volatile ("pushfq; popfq"); -+} -+ -+#ifndef OPENSSL_NO_AES -+/* -+ * This is heuristic key context tracing. At first one -+ * believes that one should use atomic swap instructions, -+ * but it's not actually necessary. Point is that if -+ * padlock_saved_context was changed by another thread -+ * after we've read it and before we compare it with cdata, -+ * our key *shall* be reloaded upon thread context switch -+ * and we are therefore set in either case... -+ */ -+static inline void -+padlock_verify_context(struct padlock_cipher_data *cdata) -+{ -+ asm volatile ( -+ "pushfq\n" -+" btl $30,(%%rsp)\n" -+" jnc 1f\n" -+" cmpq %2,%1\n" -+" je 1f\n" -+" popfq\n" -+" subq $8,%%rsp\n" -+"1: addq $8,%%rsp\n" -+" movq %2,%0" -+ :"+m"(padlock_saved_context) -+ : "r"(padlock_saved_context), "r"(cdata) : "cc"); -+} -+ -+/* Template for padlock_xcrypt_* modes */ -+/* BIG FAT WARNING: -+ * The offsets used with 'leal' instructions -+ * describe items of the 'padlock_cipher_data' -+ * structure. -+ */ -+#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ -+static inline void *name(size_t cnt, \ -+ struct padlock_cipher_data *cdata, \ -+ void *out, const void *inp) \ -+{ void *iv; \ -+ asm volatile ( "leaq 16(%0),%%rdx\n" \ -+ " leaq 32(%0),%%rbx\n" \ -+ rep_xcrypt "\n" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "rbx", "rdx", "cc", "memory"); \ -+ return iv; \ -+} -+#endif -+ -+#endif /* cpu */ -+ -+ -+# ifndef OPENSSL_NO_AES - - /* Generate all functions with appropriate opcodes */ - /* rep xcryptecb */ -@@ -458,7 +550,23 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") - /* rep xcryptofb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") -+ -+# ifndef AES_ASM -+/* Our own htonl()/ntohl() */ -+static inline void padlock_bswapl(AES_KEY *ks) -+{ -+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -+ unsigned int *key = ks->rd_key; -+ -+ while (i--) { -+ asm volatile ("bswapl %0":"+r" (*key)); -+ key++; -+ } -+} -+# endif -+ - # endif -+ - /* The RNG call itself */ - static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) - { --- -2.2.2 - diff --git a/main/openssl1.0/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/main/openssl1.0/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch deleted file mode 100644 index 5a2cdd633a..0000000000 --- a/main/openssl1.0/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +++ /dev/null @@ -1,782 +0,0 @@ -From 728af0306505f1ff91364ac2175fb6bf5da90ec3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 5 Feb 2015 09:41:12 +0200 -Subject: [PATCH] engines/e_padlock: implement sha1/sha224/sha256 acceleration - -Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT -is used appropriately (as done by EVP_Digest, and my previous HMAC patch). - -Full support for VIA Nano including partial transformation and 64-bit mode. - -Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and -apps/speed patches done. From single run, error margin of about 100-200k. - -No padlock - -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k -sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k -hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k - -With the patch - -sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k -sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k -hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k ---- - engines/e_padlock.c | 663 ++++++++++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 614 insertions(+), 49 deletions(-) - -diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 94406cb..5e99114 100644 ---- a/engines/e_padlock.c -+++ b/engines/e_padlock.c -@@ -3,6 +3,9 @@ - * Written by Michal Ludvig <michal@logix.cz> - * http://www.logix.cz/michal - * -+ * SHA support by Timo Teras <timo.teras@iki.fi>. Portions based on -+ * code originally written by Michal Ludvig. -+ * - * Big thanks to Andy Polyakov for a help with optimization, - * assembler fixes, port to MS Windows and a lot of other - * valuable work on this engine! -@@ -63,7 +66,9 @@ - */ - - #include <stdio.h> -+#include <stdint.h> - #include <string.h> -+#include <netinet/in.h> - - #include <openssl/opensslconf.h> - #include <openssl/crypto.h> -@@ -73,11 +78,32 @@ - #ifndef OPENSSL_NO_AES - # include <openssl/aes.h> - #endif -+#ifndef OPENSSL_NO_SHA -+# include <openssl/sha.h> -+#endif - #include <openssl/rand.h> - #include <openssl/err.h> - - #ifndef OPENSSL_NO_HW --# ifndef OPENSSL_NO_HW_PADLOCK -+# ifndef OPENSSL_NO_HW_PADLOCK -+ -+/* PadLock RNG is disabled by default */ -+# define PADLOCK_NO_RNG 1 -+ -+/* No ASM routines for SHA in MSC yet */ -+# ifdef _MSC_VER -+# define OPENSSL_NO_SHA -+# endif -+ -+/* 64-bit mode does not need software SHA1 as fallback, we can -+ * do all operations with padlock */ -+# if defined(__x86_64__) || defined(__x86_64) -+# define PADLOCK_NEED_FALLBACK_SHA 0 -+# else -+# define PADLOCK_NEED_FALLBACK_SHA 1 -+# endif -+ -+# define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE - - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ - # if (OPENSSL_VERSION_NUMBER >= 0x00908000L) -@@ -151,60 +177,42 @@ void ENGINE_load_padlock(void) - static int padlock_available(void); - static int padlock_init(ENGINE *e); - -+# ifndef PADLOCK_NO_RNG - /* RNG Stuff */ - static RAND_METHOD padlock_rand; -- --/* Cipher Stuff */ --# ifndef OPENSSL_NO_AES --static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid); - # endif - - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - -+static int padlock_bind_helper(ENGINE *e); -+ - /* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ -+enum padlock_flags { -+ PADLOCK_RNG = 0x01, -+ PADLOCK_ACE = 0x02, -+ PADLOCK_ACE2 = 0x04, -+ PADLOCK_PHE = 0x08, -+ PADLOCK_PMM = 0x10, -+ PADLOCK_NANO = 0x20, -+}; -+enum padlock_flags padlock_flags; -+ -+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) -+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) -+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) -+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) -+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) -+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) -+#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO) -+ - # ifndef OPENSSL_NO_AES - static int padlock_aes_align_required = 1; - # endif - - /* ===== Engine "management" functions ===== */ - --/* Prepare the ENGINE structure for registration */ --static int padlock_bind_helper(ENGINE *e) --{ -- /* Check available features */ -- padlock_available(); -- --# if 1 /* disable RNG for now, see commentary in -- * vicinity of RNG code */ -- padlock_use_rng = 0; --# endif -- -- /* Generate a nice engine name with available features */ -- BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -- -- /* Register everything or return with an error */ -- if (!ENGINE_set_id(e, padlock_id) || -- !ENGINE_set_name(e, padlock_name) || -- !ENGINE_set_init_function(e, padlock_init) || --# ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || --# endif -- (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { -- return 0; -- } -- -- /* Everything looks good */ -- return 1; --} -- - # ifdef OPENSSL_NO_DYNAMIC_ENGINE - - /* Constructor */ -@@ -229,7 +237,7 @@ static ENGINE *ENGINE_padlock(void) - /* Check availability of the engine */ - static int padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return padlock_flags; - } - - /* -@@ -377,10 +385,20 @@ static int padlock_available(void) - "=d"(edx)::"ecx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); -- padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); -- -- return padlock_use_ace + padlock_use_rng; -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ -+ /* Check for VIA Nano CPU */ -+ eax = 0x00000001; -+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx" -+ : "+a"(eax) : : "ecx", "edx"); -+ if ((eax | 0x000F) == 0x06FF) -+ padlock_flags |= PADLOCK_NANO; -+ -+ return padlock_flags; - } - - /* -@@ -473,10 +491,14 @@ padlock_available(void) - : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -- -- return padlock_use_ace + padlock_use_rng; -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ padlock_flags |= PADLOCK_NANO; -+ -+ return padlock_flags; - } - - /* Force key reload from memory to the CPU microcode. -@@ -1293,6 +1315,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - - # endif /* OPENSSL_NO_AES */ - -+#ifndef OPENSSL_NO_SHA -+ -+static inline void -+padlock_copy_bswap(void *dst, void *src, size_t count) -+{ -+ uint32_t *udst = dst, *usrc = src; -+ int i = 0; -+ -+ for (i = 0; i < count; i++) -+ udst[i] = htonl(usrc[i]); -+} -+ -+static unsigned long padlock_sha_prepare_padding( -+ EVP_MD_CTX *ctx, -+ unsigned char *padding, -+ unsigned char *data, size_t data_len, -+ uint64_t total) -+{ -+ unsigned int padding_len; -+ -+ padding_len = data_len < 56 ? SHA_CBLOCK : 2 * SHA_CBLOCK; -+ if (data_len) -+ memcpy(padding, data, data_len); -+ -+ memset(padding + data_len, 0, padding_len - data_len); -+ padding[data_len] = 0x80; -+ *(uint32_t *)(padding + padding_len - 8) = htonl(total >> 32); -+ *(uint32_t *)(padding + padding_len - 4) = htonl(total & 0xffffffff); -+ -+ return data_len < 56 ? 1 : 2; -+} -+ -+#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) -+#define PADLOCK_SHA_HWCTX (128+16) -+ -+static void -+padlock_sha1(void *hwctx, const void *buf, unsigned long total, unsigned long now) -+{ -+ unsigned long pos = total - now; -+ -+ asm volatile ("xsha1" -+ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) -+ : : "memory"); -+} -+ -+static void -+padlock_sha1_partial(void *hwctx, const void *buf, unsigned long blocks) -+{ -+ asm volatile ("xsha1" -+ : "+S"(buf), "+D"(hwctx), "+c"(blocks) -+ : "a"(-1L) : "memory"); -+} -+ -+static int padlock_sha1_init(EVP_MD_CTX *ctx) -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+#if PADLOCK_NEED_FALLBACK_SHA -+ -+static int padlock_sha1_update_eden(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ const unsigned char *p = data; -+ unsigned long l = 0; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ if (c->num != 0) { -+ l = (len < SHA_CBLOCK - c->num) ? len : (SHA_CBLOCK - c->num); -+ if (!SHA1_Update(c, data, l)) -+ return 0; -+ p += l; -+ if (c->num != 0) { -+ p = (unsigned char *) c->data; -+ len = c->num; -+ l = 0; -+ } -+ } -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ padlock_sha1(aligned, p, total, len - l); -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ c->num = -1; -+ return 1; -+ } -+ -+ return SHA1_Update(c, data, len); -+} -+#endif -+ -+static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ unsigned char *p; -+ unsigned long n; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ c->Nh = total >> 29; -+ c->Nl = (total << 3) & 0xffffffffUL; -+ -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ -+ /* Check partial data */ -+ n = c->num; -+ if (n) { -+ p = (unsigned char *) c->data; -+ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) { -+ memcpy(p+n, data, SHA_CBLOCK-n); -+ padlock_sha1_partial(aligned, p, 1); -+ n = SHA_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ memset(p, 0, SHA_CBLOCK); -+ } else { -+ memcpy(p+n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ /* Can we finalize straight away? */ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ padlock_sha1(aligned, data, total, len); -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ c->num = -1; -+ return 1; -+ } -+ -+ /* Use nonfinalizing update */ -+ n = len / SHA_CBLOCK; -+ if (n != 0) { -+ padlock_sha1_partial(aligned, data, n); -+ data += n * SHA_CBLOCK; -+ len -= n * SHA_CBLOCK; -+ } -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ -+ /* Buffer remaining bytes */ -+ if (len) { -+ memcpy(c->data, data, len); -+ c->num = len; -+ } -+ -+ return 1; -+} -+ -+static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ uint64_t total; -+ SHA_CTX *c = ctx->md_data; -+ -+ if (c->num == -1) { -+ padlock_copy_bswap(md, &c->h0, 5); -+ c->num = 0; -+ return 1; -+ } -+ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+#if PADLOCK_NEED_FALLBACK_SHA -+ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) -+ return SHA1_Final(md, c); -+#endif -+ -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { -+ unsigned char padding[2 * SHA_CBLOCK]; -+ unsigned long n; -+ -+ n = padlock_sha_prepare_padding(ctx, padding, -+ (unsigned char *) c->data, c->num, total << 3); -+ padlock_sha1_partial(aligned, padding, n); -+ } else { -+ padlock_sha1(aligned, c->data, total, c->num); -+ } -+ padlock_copy_bswap(md, aligned, 5); -+ c->num = 0; -+ -+ return 1; -+} -+ -+static EVP_MD padlock_sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, -+ padlock_sha1_init, -+ padlock_sha1_update, -+ padlock_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA_CTX), -+}; -+ -+static EVP_MD padlock_dss1_md = { -+ NID_dsa, -+ NID_dsaWithSHA1, -+ SHA_DIGEST_LENGTH, -+ 0, -+ padlock_sha1_init, -+ padlock_sha1_update, -+ padlock_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA_CTX), -+}; -+ -+ -+#if !defined(OPENSSL_NO_SHA256) -+ -+static void -+padlock_sha256(void *hwctx, const void *buf, unsigned long total, unsigned long now) -+{ -+ unsigned long pos = total - now; -+ -+ asm volatile ("xsha256" -+ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) -+ : : "memory"); -+} -+ -+static void -+padlock_sha256_partial(void *hwctx, const void *buf, unsigned long blocks) -+{ -+ asm volatile ("xsha256" -+ : "+S"(buf), "+D"(hwctx), "+c"(blocks) -+ : "a"(-1L) : "memory"); -+} -+ -+#if PADLOCK_NEED_FALLBACK_SHA -+ -+static int padlock_sha256_update_eden(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA256_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ const unsigned char *p = data; -+ unsigned int l = 0; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ if (c->num != 0) { -+ l = (len < SHA256_CBLOCK - c->num) ? len : (SHA256_CBLOCK - c->num); -+ if (!SHA256_Update(c, data, l)) -+ return 0; -+ p += l; -+ if (c->num != 0) { -+ p = (unsigned char *) c->data; -+ len = c->num; -+ l = 0; -+ } -+ } -+ memcpy(aligned, c->h, sizeof(c->h)); -+ padlock_sha256(aligned, p, total, len - l); -+ memcpy(c->h, aligned, sizeof(c->h)); -+ c->num = -1; -+ return 1; -+ } -+ -+ return SHA256_Update(c, data, len); -+} -+ -+#endif -+ -+static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA256_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ unsigned char *p; -+ unsigned long n; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ c->Nh = total >> 29; -+ c->Nl = (total << 3) & 0xffffffffUL; -+ -+ memcpy(aligned, c->h, sizeof(c->h)); -+ -+ /* Check partial data */ -+ n = c->num; -+ if (n) { -+ p = (unsigned char *) c->data; -+ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) { -+ memcpy(p+n, data, SHA256_CBLOCK-n); -+ padlock_sha256_partial(aligned, p, 1); -+ n = SHA256_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ memset(p, 0, SHA256_CBLOCK); -+ } else { -+ memcpy(p+n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ /* Can we finalize straight away? */ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ padlock_sha256(aligned, data, total, len); -+ memcpy(c->h, aligned, sizeof(c->h)); -+ c->num = -1; -+ return 1; -+ } -+ -+ /* Use nonfinalizing update */ -+ n = len / SHA256_CBLOCK; -+ if (n != 0) { -+ padlock_sha256_partial(aligned, data, n); -+ data += n * SHA256_CBLOCK; -+ len -= n * SHA256_CBLOCK; -+ } -+ memcpy(c->h, aligned, sizeof(c->h)); -+ -+ /* Buffer remaining bytes */ -+ if (len) { -+ memcpy(c->data, data, len); -+ c->num = len; -+ } -+ -+ return 1; -+} -+ -+static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ uint64_t total; -+ SHA256_CTX *c = ctx->md_data; -+ -+ if (c->num == -1) { -+ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0])); -+ c->num = 0; -+ return 1; -+ } -+ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+#if PADLOCK_NEED_FALLBACK_SHA -+ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) -+ return SHA256_Final(md, c); -+#endif -+ -+ memcpy(aligned, c->h, sizeof(c->h)); -+ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { -+ unsigned char padding[2 * SHA_CBLOCK]; -+ unsigned long n; -+ -+ n = padlock_sha_prepare_padding(ctx, padding, -+ (unsigned char *) c->data, c->num, total << 3); -+ padlock_sha256_partial(aligned, padding, n); -+ } else { -+ padlock_sha256(aligned, c->data, total, c->num); -+ } -+ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0])); -+ c->num = 0; -+ return 1; -+} -+ -+#if !defined(OPENSSL_NO_SHA224) -+ -+static int padlock_sha224_init(EVP_MD_CTX *ctx) -+{ -+ return SHA224_Init(ctx->md_data); -+} -+ -+static EVP_MD padlock_sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ 0, -+ padlock_sha224_init, -+ padlock_sha256_update, -+ padlock_sha256_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA256_CTX), -+}; -+#endif /* !OPENSSL_NO_SHA224 */ -+ -+static int padlock_sha256_init(EVP_MD_CTX *ctx) -+{ -+ return SHA256_Init(ctx->md_data); -+} -+ -+static EVP_MD padlock_sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ 0, -+ padlock_sha256_init, -+ padlock_sha256_update, -+ padlock_sha256_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA256_CTX), -+}; -+#endif /* !OPENSSL_NO_SHA256 */ -+ -+static int padlock_digest_nids[] = { -+#if !defined(OPENSSL_NO_SHA) -+ NID_sha1, -+ NID_dsa, -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ NID_sha224, -+#endif -+ NID_sha256, -+#endif -+}; -+ -+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); -+ -+static int -+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ /* No specific digest => return a list of supported nids ... */ -+ if (!digest) { -+ *nids = padlock_digest_nids; -+ return padlock_digest_nids_num; -+ } -+ -+ /* ... or the requested "digest" otherwise */ -+ switch (nid) { -+#if !defined(OPENSSL_NO_SHA) -+ case NID_sha1: -+ *digest = &padlock_sha1_md; -+ break; -+ case NID_dsa: -+ *digest = &padlock_dss1_md; -+ break; -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ case NID_sha224: -+ *digest = &padlock_sha224_md; -+ break; -+#endif /* OPENSSL_NO_SHA224 */ -+ case NID_sha256: -+ *digest = &padlock_sha256_md; -+ break; -+#endif /* OPENSSL_NO_SHA256 */ -+ default: -+ /* Sorry, we don't support this NID */ -+ *digest = NULL; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif /* OPENSSL_NO_SHA */ -+ -+#ifndef PADLOCK_NO_RNG -+ - /* ===== Random Number Generator ===== */ - /* - * This code is not engaged. The reason is that it does not comply -@@ -1356,6 +1868,59 @@ static RAND_METHOD padlock_rand = { - padlock_rand_bytes, /* pseudorand */ - padlock_rand_status, /* rand status */ - }; -+#endif /* PADLOCK_NO_RNG */ -+ -+/* Prepare the ENGINE structure for registration */ -+static int -+padlock_bind_helper(ENGINE *e) -+{ -+ /* Check available features */ -+ padlock_available(); -+ -+ /* Generate a nice engine name with available features */ -+ BIO_snprintf(padlock_name, sizeof(padlock_name), -+ "VIA PadLock: %s%s%s%s%s%s", -+ padlock_flags ? "" : "not supported", -+ PADLOCK_HAVE_RNG ? "RNG " : "", -+ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", -+ PADLOCK_HAVE_PHE ? "PHE " : "", -+ PADLOCK_HAVE_PMM ? "PMM " : "", -+ PADLOCK_HAVE_NANO ? "NANO " : "" -+ ); -+ -+#if PADLOCK_NEED_FALLBACK_SHA && !defined(OPENSSL_NO_SHA) -+ if (!PADLOCK_HAVE_NANO) { -+ padlock_sha1_md.update = padlock_sha1_update_eden; -+ padlock_dss1_md.update = padlock_sha1_update_eden; -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ padlock_sha224_md.update = padlock_sha256_update_eden; -+#endif -+ padlock_sha256_md.update = padlock_sha256_update_eden; -+#endif -+ } -+#endif -+ -+ /* Register everything or return with an error */ -+ if (!ENGINE_set_id(e, padlock_id) || -+ !ENGINE_set_name(e, padlock_name) || -+ !ENGINE_set_init_function(e, padlock_init) -+#ifndef OPENSSL_NO_AES -+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif -+#ifndef OPENSSL_NO_SHA -+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) -+#endif -+#ifndef PADLOCK_NO_RNG -+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) -+#endif -+ ) { -+ return 0; -+ } -+ -+ /* Everything looks good */ -+ return 1; -+} - - # else /* !COMPILE_HW_PADLOCK */ - # ifndef OPENSSL_NO_DYNAMIC_ENGINE --- -2.2.2 - diff --git a/main/openssl1.0/1004-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl1.0/1004-crypto-engine-autoload-padlock-dynamic-engine.patch deleted file mode 100644 index 66f37451e5..0000000000 --- a/main/openssl1.0/1004-crypto-engine-autoload-padlock-dynamic-engine.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a58658f191e83f4c6417d2cc879fa572f7978537 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 4 Feb 2016 16:28:15 +0100 -Subject: [PATCH] crypto/engine: autoload padlock dynamic engine - ---- - crypto/engine/eng_all.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c -index 48ad0d2..822aa23 100644 ---- a/crypto/engine/eng_all.c -+++ b/crypto/engine/eng_all.c -@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void) - ENGINE_load_capi(); - # endif - #endif -+#ifdef OPENSSL_NO_STATIC_ENGINE -+ { -+ ENGINE *e = ENGINE_by_id("padlock"); -+ if (e != NULL) { -+ ENGINE_add(e); -+ ENGINE_free(e); -+ ERR_clear_error(); -+ } -+ } -+#endif - ENGINE_register_all_complete(); - } - --- -2.7.0 - diff --git a/main/openssl1.0/APKBUILD b/main/openssl1.0/APKBUILD deleted file mode 100644 index 72f3030401..0000000000 --- a/main/openssl1.0/APKBUILD +++ /dev/null @@ -1,156 +0,0 @@ -# Maintainer: Timo Teras <timo.teras@iki.fi> -pkgname=openssl1.0 -_pkgname=openssl -pkgver=1.0.2p -pkgrel=0 -pkgdesc="Toolkit for SSL v2/v3 and TLS v1" -url="https://www.openssl.org" -arch="all" -license="OpenSSL" -depends_dev="zlib-dev" -makedepends_build="perl" -makedepends_host="zlib-dev" -makedepends="$makedepends_host $makedepends_build" -provides="openssl" # for backward compatibility -replaces="openssl" # for backward compatibility -subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" -source="http://www.openssl.org/source/$_pkgname-$pkgver.tar.gz - 0002-busybox-basename.patch - 0003-use-termios.patch - 0004-fix-default-ca-path-for-apps.patch - 0005-fix-parallel-build.patch - 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch - 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch - 0009-no-rpath.patch - 0010-ssl-env-zlib.patch - 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch - 1002-backport-changes-from-upstream-padlock-module.patch - 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch - " -builddir="$srcdir/$_pkgname-$pkgver" - -# secfixes: -# 1.0.2h-r0: -# - CVE-2016-2107 -# - CVE-2016-2105 -# - CVE-2016-2106 -# - CVE-2016-2109 -# - CVE-2016-2176 -# 1.0.2h-r1: -# - CVE-2016-2177 -# - CVE-2016-2178 -# 1.0.2h-r2: -# - CVE-2016-2180 -# 1.0.2h-r3: -# - CVE-2016-2179 -# - CVE-2016-2182 -# - CVE-2016-6302 -# - CVE-2016-6303 -# 1.0.2h-r4: -# - CVE-2016-2181 -# 1.0.2i-r0: -# - CVE-2016-2183 -# - CVE-2016-6304 -# - CVE-2016-6306 -# 1.0.2m-r0: -# - CVE-2017-3735 -# - CVE-2017-3736 -# 1.0.2n-r0: -# - CVE-2017-3737 -# - CVE-2017-3738 -# 1.0.2o-r0: -# - CVE-2017-3738 -# - CVE-2018-0733 -# - CVE-2018-0739 -# 1.0.2o-r1: -# - CVE-2018-0732 -# 1.0.2o-r3: -# - CVE-2018-0737 - -build() { - local _target _optflags - cd "$builddir" - - # openssl will prepend crosscompile always core CC et al - CC=${CC#${CROSS_COMPILE}} - CXX=${CXX#${CROSS_COMPILE}} - CPP=${CPP#${CROSS_COMPILE}} - - # determine target OS for openssl - case "$CARCH" in - aarch64*) _target="linux-aarch64" ;; - arm*) _target="linux-armv4" ;; - ppc64le) _target="linux-ppc64le" ;; - x86) _target="linux-elf" ;; - x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; - s390x) _target="linux64-s390x";; - *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; - esac - - # Configure assumes --options are for it, so can't use - # gcc's --sysroot fake this by overriding CC - [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}" - - perl ./Configure $_target --prefix=/usr \ - --libdir=lib \ - --openssldir=/etc/ssl \ - shared zlib enable-montasm enable-md2 $_optflags \ - -DOPENSSL_NO_BUF_FREELISTS \ - $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \ - enable-ssl2 - - make && make build-shared -} - -check() { - cd "$builddir" - make -j1 test -} - -package() { - cd "$builddir" - make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install - # remove the script c_rehash - rm "$pkgdir"/usr/bin/c_rehash -} - -dev() { - provides="openssl-dev" # for backward compatibility - replaces="openssl-dev" # for backward compatibility - - default_dev -} - -libcrypto() { - pkgdesc="Crypto library from openssl" - - mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib - for i in "$pkgdir"/usr/lib/libcrypto*; do - mv $i "$subpkgdir"/lib/ - ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} - done - mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ -} - -libssl() { - pkgdesc="SSL shared libraries" - - mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib - for i in "$pkgdir"/usr/lib/libssl*; do - mv $i "$subpkgdir"/lib/ - ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} - done -} - -sha512sums="958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16 openssl-1.0.2p.tar.gz -2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch -58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch -c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae 0004-fix-default-ca-path-for-apps.patch -5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb 0005-fix-parallel-build.patch -820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch -17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch -5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1 0009-no-rpath.patch -5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420 0010-ssl-env-zlib.patch -8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch -a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch -6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch" |