From 37907999d18ebba37db13bfa7415401922eb6141 Mon Sep 17 00:00:00 2001 From: Timo Teras Date: Thu, 30 Jul 2009 22:07:39 +0300 Subject: main/openssl: fix random padlock sha1 breakage fix copying of oneshot sha1 context. also decrease the size of "small buffer", to make context smaller (and context copy faster in most cases); it should be still enough to catch most hmac operations. --- main/openssl/openssl-0.9.8k-padlock-sha.patch | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'main/openssl/openssl-0.9.8k-padlock-sha.patch') diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch index 7a89f434cf..b2e7e954d6 100644 --- a/main/openssl/openssl-0.9.8k-padlock-sha.patch +++ b/main/openssl/openssl-0.9.8k-padlock-sha.patch @@ -7,7 +7,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c =================================================================== --- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c 2009-07-27 16:18:20.000000000 +0300 -+++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-27 16:18:50.000000000 +0300 ++++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-30 22:02:54.000000000 +0300 @@ -1,10 +1,13 @@ -/* +/* @@ -147,14 +147,14 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c #ifndef OPENSSL_NO_AES - (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || + || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif + #endif +- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { +#ifndef OPENSSL_NO_SHA + || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) +#endif +#ifndef PADLOCK_NO_RNG + || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) - #endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { ++#endif + ) { return 0; } @@ -206,11 +206,11 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c + padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); + padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); + padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ -+ return padlock_flags; -+} - return padlock_use_ace + padlock_use_rng; ++ return padlock_flags; ++} ++ +static inline void +padlock_htonl_block(uint32_t *data, size_t count) +{ @@ -287,7 +287,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c encryption function itself. This function is not AES-specific. */ static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, -@@ -1157,6 +1214,511 @@ +@@ -1157,6 +1214,514 @@ #endif /* OPENSSL_NO_AES */ @@ -296,7 +296,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c +#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) +#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) +#define PADLOCK_SHA_PAGES 14 -+#define PADLOCK_SHA_BUFFER (1024 - sizeof(size_t) - 4*sizeof(void*)) ++#define PADLOCK_SHA_BUFFER (512 - sizeof(size_t) - 4*sizeof(void*)) +#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t)) + +struct padlock_digest_data { @@ -648,12 +648,15 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c + * a "finalization copy", so we could do finalizing SHA here and + * store the result to *to precalculated. But there's no such + * flag as to is reset on copy. */ -+ if (dfrom->update == padlock_multi_update) { ++ ++ if (dfrom->update != padlock_copy_update) { + /* Recopy the context, as they might have different alignment */ + memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx), + PADLOCK_SHA_ALIGN(dfrom->padlockctx), + PADLOCK_SHA_INITVECTOR_SIZE); ++ } + ++ if (dfrom->update == padlock_multi_update) { + /* Update total, and copy the buffer */ + dto->total = dfrom->total - dfrom->used; + dto->buffer = NULL; @@ -799,7 +802,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c /* ===== Random Number Generator ===== */ /* * This code is not engaged. The reason is that it does not comply -@@ -1164,7 +1726,7 @@ +@@ -1164,7 +1729,7 @@ * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it * provide meaningful error control... */ @@ -808,7 +811,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c the raw PadLock RNG */ static int padlock_rand_bytes(unsigned char *output, int count) -@@ -1212,6 +1774,7 @@ +@@ -1212,6 +1777,7 @@ padlock_rand_bytes, /* pseudorand */ padlock_rand_status, /* rand status */ }; -- cgit v1.2.3