main/openssl: fix padlock patch

there was a bug sha context copying, that caused all hmac users (and possibly others) to crash. also implemented a third intermediate hashing mode with small buffer: it'll speed up hashing in most cases considerably (packets / certificates to be hashed are not usually too long).
author: Timo Teras <timo.teras@iki.fi> 2009-07-27 16:20:51 +0300
committer: Timo Teras <timo.teras@iki.fi> 2009-07-27 16:20:51 +0300
commit: 31ee725d6273df8189ba96d55aa0e30d1a813398 (patch)
tree: 8bbc66e9ecebdb17aa4d9eb67c3da6e640b21f5c /main/openssl
parent: 4cbb938980019bb24322e4d8497e20aa7d862639 (diff)
download: aports-31ee725d6273df8189ba96d55aa0e30d1a813398.tar.bz2
aports-31ee725d6273df8189ba96d55aa0e30d1a813398.tar.xz
2 files changed, 159 insertions, 238 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 46d1e064b..4bf078a04 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=openssl
 pkgver=0.9.8k
-pkgrel=3
+pkgrel=4
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url=http://openssl.org
 depends=
diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch
index 63b27cea3..7a89f434c 100644
--- a/main/openssl/openssl-0.9.8k-padlock-sha.patch
+++ b/main/openssl/openssl-0.9.8k-padlock-sha.patch
@@ -6,8 +6,8 @@
 #
 Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 ===================================================================
---- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c	2009-07-12 19:24:42.000000000 +0300
-+++ openssl-0.9.8k/crypto/engine/eng_padlock.c	2009-07-13 13:07:26.000000000 +0300
+--- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c	2009-07-27 16:18:20.000000000 +0300
++++ openssl-0.9.8k/crypto/engine/eng_padlock.c	2009-07-27 16:18:50.000000000 +0300
 @@ -1,10 +1,13 @@
 -/* 
 +/*
@@ -287,31 +287,35 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
     encryption function itself. This function is not AES-specific. */
  static int
  padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-@@ -1157,6 +1214,470 @@
+@@ -1157,6 +1214,511 @@
  
  #endif /* OPENSSL_NO_AES */
  
 +#ifndef OPENSSL_NO_SHA
 +
++#define DIGEST_DATA(ctx)	((struct padlock_digest_data *)(ctx->md_data))
++#define PADLOCK_SHA_ALIGN(dd)	(uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
++#define PADLOCK_SHA_PAGES	14
++#define PADLOCK_SHA_BUFFER	(1024 - sizeof(size_t) - 4*sizeof(void*))
++#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t))
++
 +struct padlock_digest_data {
-+	unsigned char		output[128+16];
-+	uint64_t		total;
-+
-+	unsigned char		*buffer;
-+	size_t			used;
-+	size_t			size;
-+
-+	void			(*hash)(struct padlock_digest_data *data,
-+				        const void *buf, size_t len);
-+	int			(*update)(EVP_MD_CTX *ctx,
-+					  const void *buffer, size_t len);
-+	int			(*final)(EVP_MD_CTX *ctx, unsigned char *buffer);
++	union {
++		unsigned char		smallbuffer[PADLOCK_SHA_BUFFER];
++		struct {
++			unsigned char	padlockctx[128+16];
++			unsigned char	*buffer;
++			size_t		mmap_size;
++			uint64_t	total;
++		};
++	};
++	void	*initvector;
++	size_t	used;
++	void	(*hash)(void *padlockctx, const void *buf, size_t len);
++	int	(*update)(EVP_MD_CTX *ctx, const void *buffer, size_t len);
++	int	(*final)(EVP_MD_CTX *ctx, unsigned char *buffer);
 +};
 +
-+#define DIGEST_DATA(ctx)	((struct padlock_digest_data *)(ctx->md_data))
-+#define DIGEST_DATA_OUTPUT(dd)	(uint32_t*)(((uintptr_t)(dd->output) + 15) & ~15)
-+#define PADLOCK_BUFFER_PAGES	14
-+
 +static inline void *
 +padlock_atomic_xchg(volatile void **mem, void *fixed)
 +{
@@ -327,22 +331,20 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +}
 +
 +static void
-+padlock_do_sha1(struct padlock_digest_data *data, const void *buf, size_t len)
++padlock_do_sha1(void *padlockctx, const void *buf, size_t len)
 +{
-+	uint32_t *output = DIGEST_DATA_OUTPUT(data);
 +	asm volatile (
 +		"xsha1"
-+		: "+S"(buf), "+D"(output)
++		: "+S"(buf), "+D"(padlockctx)
 +		: "c"(len), "a"(0));
 +}
 +
 +static void
-+padlock_do_sha256(struct padlock_digest_data *data, const void *buf, size_t len)
++padlock_do_sha256(void *padlockctx, const void *buf, size_t len)
 +{
-+	uint32_t *output = DIGEST_DATA_OUTPUT(data);
 +	asm volatile (
 +		"xsha256"
-+		: "+S"(buf), "+D"(output)
++		: "+S"(buf), "+D"(padlockctx)
 +		: "c"(len), "a"(0));
 +}
 +
@@ -350,7 +352,6 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +handle_sigsegv(int sig, siginfo_t *info, void *uctxp)
 +{
 +	ucontext_t *uctx = uctxp;
-+
 +	uctx->uc_mcontext.gregs[14] += 4;
 +}
 +
@@ -360,8 +361,8 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	struct sigaction act, oldact;
 +	size_t bofs = 0;
 +
-+	if (data->used != data->size) {
-+		bofs = data->size - data->used;
++	if (data->used != data->mmap_size) {
++		bofs = data->mmap_size - data->used;
 +		memmove(&data->buffer[bofs], data->buffer, data->used);
 +	}
 +
@@ -369,7 +370,8 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	act.sa_sigaction = handle_sigsegv;
 +	act.sa_flags = SA_SIGINFO;
 +	sigaction(SIGSEGV, &act, &oldact);
-+	data->hash(data, &data->buffer[bofs], data->used + 64);
++	data->hash(PADLOCK_SHA_ALIGN(data->padlockctx),
++		   &data->buffer[bofs], data->used + 64);
 +	sigaction(SIGSEGV, &oldact, NULL);
 +}
 +
@@ -377,8 +379,9 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +padlock_free_buffer(void *buf)
 +{
 +	buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, buf);
-+	if (buf != NULL)
-+		munmap(buf, (PADLOCK_BUFFER_PAGES + 1) * getpagesize());
++	if (buf != NULL) {
++		munmap(buf, (PADLOCK_SHA_PAGES + 1) * getpagesize());
++	}
 +}
 +
 +static void *
@@ -392,7 +395,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	if (buf != NULL)
 +		goto ret;
 +
-+	size = (PADLOCK_BUFFER_PAGES + 1) * page;
++	size = (PADLOCK_SHA_PAGES + 1) * page;
 +	buf = mmap(0, size, PROT_READ | PROT_WRITE,
 +		   MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
 +	if (buf == NULL)
@@ -402,13 +405,13 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	 * we are over quota. */
 +	mlock(buf, size);
 +
-+	if (mprotect(buf + PADLOCK_BUFFER_PAGES * page, page, PROT_NONE) < 0) {
++	if (mprotect(buf + PADLOCK_SHA_PAGES * page, page, PROT_NONE) < 0) {
 +		munmap(buf, size);
 +		return NULL;
 +	}
 +
 +ret:
-+	*maxsize = PADLOCK_BUFFER_PAGES * page - 64;
++	*maxsize = PADLOCK_SHA_PAGES * page - 64;
 +
 +	return buf;
 +}
@@ -419,24 +422,23 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
 +	size_t chunk_size;
 +
-+	if (ddata->buffer == NULL) {
-+		ddata->buffer = padlock_allocate_buffer(&ddata->size);
-+	}
++	if (ddata->buffer == NULL)
++		ddata->buffer = padlock_allocate_buffer(&ddata->mmap_size);
 +
 +	while (len) {
-+		if (ddata->used + len < ddata->size) {
++		if (ddata->used + len < ddata->mmap_size) {
 +			memcpy(&ddata->buffer[ddata->used], data, len);
 +			ddata->used += len;
 +			ddata->total += len;
 +			return 1;
 +		}
 +
-+		chunk_size = ddata->size - ddata->used;
++		chunk_size = ddata->mmap_size - ddata->used;
 +		memcpy(&ddata->buffer[ddata->used], data, chunk_size);
 +
 +		data += chunk_size;
 +		len -= chunk_size;
-+		ddata->used = ddata->size;
++		ddata->used = ddata->mmap_size;
 +		ddata->total += chunk_size;
 +		padlock_sha_nonfinalizing(ddata);
 +		ddata->used = 0;
@@ -450,10 +452,23 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +{
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
 +	size_t size = EVP_MD_CTX_size(ctx);
-+	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
 +
-+	padlock_htonl_block(output, size / sizeof(uint32_t));
-+	memcpy(md, output, size);
++	memcpy(md, PADLOCK_SHA_ALIGN(ddata->padlockctx), size);
++	return 1;
++}
++
++static int
++padlock_copy_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	char padlockctx[128+16];
++	void *aligned = PADLOCK_SHA_ALIGN(padlockctx);
++	size_t size = EVP_MD_CTX_size(ctx);
++
++	memcpy(aligned, ddata->initvector, PADLOCK_SHA_INITVECTOR_SIZE);
++	ddata->hash(aligned, ddata->smallbuffer, ddata->used);
++	padlock_htonl_block(aligned, size / sizeof(uint32_t));
++	memcpy(md, aligned, size);
 +
 +	return 1;
 +}
@@ -463,10 +478,12 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +{
 +	static const char padding[64] = { 0x80, };
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	size_t mdsize = EVP_MD_CTX_size(ctx);
++	void *aligned = PADLOCK_SHA_ALIGN(ddata->padlockctx);
 +
 +	if (ddata->used == ddata->total) {
 +		/* Sweet, everything fits in one buffer. */
-+		ddata->hash(ddata, ddata->buffer, ddata->used);
++		ddata->hash(aligned, ddata->buffer, ddata->used);
 +	} else {
 +		/* Hardware already hashed some buffers.
 +		 * Do finalizing manually */
@@ -492,95 +509,119 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +		/* And finally calculate it */
 +		padlock_sha_nonfinalizing(ddata);
 +	}
++	padlock_htonl_block(aligned, mdsize / sizeof(uint32_t));
++	memcpy(md, aligned, mdsize);
 +
-+	return padlock_oneshot_final(ctx, md);
++	return 1;
 +}
 +
 +static int
-+padlock_oneshot_update(EVP_MD_CTX *ctx, const void *data, size_t length)
++padlock_copy_update(EVP_MD_CTX *ctx, const void *data, size_t len)
 +{
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
 +
-+	/* Oneshot update is only possible if context flags indicate so */
-+	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
++	if (ddata->used + len > sizeof(ddata->smallbuffer)) {
 +		ddata->update = padlock_multi_update;
 +		ddata->final  = padlock_multi_final;
-+		return padlock_multi_update(ctx, data, length);
++
++		if (ddata->used != 0) {
++			void *buffer;
++			size_t mmap_size;
++
++			buffer = padlock_allocate_buffer(&mmap_size);
++			memcpy(buffer, ddata->smallbuffer, ddata->used);
++			ddata->buffer = buffer;
++			ddata->total = ddata->used;
++			ddata->mmap_size = mmap_size;
++		} else {
++			ddata->buffer = NULL;
++			ddata->total = 0;
++		}
++
++		memcpy(PADLOCK_SHA_ALIGN(ddata->padlockctx), ddata->initvector,
++		       PADLOCK_SHA_INITVECTOR_SIZE);
++
++		return padlock_multi_update(ctx, data, len);
 +	}
 +
-+	ddata->hash(ddata, data, length);
++	memcpy(&ddata->smallbuffer[ddata->used], data, len);
++	ddata->used += len;
++
 +	return 1;
 +}
 +
-+static void
++static int
++padlock_oneshot_update(EVP_MD_CTX *ctx, const void *data, size_t len)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	void *aligned = PADLOCK_SHA_ALIGN(ddata->padlockctx);
++	size_t mdsize = EVP_MD_CTX_size(ctx);
++
++	/* Oneshot update is only possible if context flags indicate so */
++	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
++		ddata->update = padlock_copy_update;
++		ddata->final  = padlock_copy_final;
++		return padlock_copy_update(ctx, data, len);
++	}
++
++	memcpy(aligned, ddata->initvector, PADLOCK_SHA_INITVECTOR_SIZE);
++	ddata->hash(aligned, data, len);
++	padlock_htonl_block(aligned, mdsize / sizeof(uint32_t));
++	ddata->used += len;
++
++	return 1;
++}
++
++static int
 +padlock_sha_init(struct padlock_digest_data *ddata)
 +{
-+	ddata->total  = 0;
-+	ddata->buffer = NULL;
-+	ddata->used   = 0;
-+	ddata->size   = 0;
-+	ddata->update = padlock_oneshot_update;
-+	ddata->final  = padlock_oneshot_final;
++	ddata->used      = 0;
++	ddata->update    = padlock_oneshot_update;
++	ddata->final     = padlock_oneshot_final;
++
++	return 1;
 +}
 +
 +static int
 +padlock_sha1_init(EVP_MD_CTX *ctx)
 +{
++	static uint32_t sha1_initvector[8] = {
++		0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476,
++		0xC3D2E1F0
++	};
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
-+
-+	output[0] = 0x67452301;
-+	output[1] = 0xEFCDAB89;
-+	output[2] = 0x98BADCFE;
-+	output[3] = 0x10325476;
-+	output[4] = 0xC3D2E1F0;
 +
-+	padlock_sha_init(ddata);
 +	ddata->hash = padlock_do_sha1;
-+
-+	return 1;
++	ddata->initvector = sha1_initvector;
++	return padlock_sha_init(ddata);
 +}
 +
 +static int
 +padlock_sha224_init(EVP_MD_CTX *ctx)
 +{
++	static uint32_t sha224_initvector[] = {
++		0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939,
++		0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4,
++	};
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
-+
-+	output[0] = 0xC1059ED8UL;
-+	output[1] = 0x367CD507UL;
-+	output[2] = 0x3070DD17UL;
-+	output[3] = 0xF70E5939UL;
-+	output[4] = 0xFFC00B31UL;
-+	output[5] = 0x68581511UL;
-+	output[6] = 0x64F98FA7UL;
-+	output[7] = 0xBEFA4FA4UL;
-+
-+	padlock_sha_init(ddata);
-+	ddata->hash = padlock_do_sha256;
 +
-+	return 1;
++	ddata->hash = padlock_do_sha256;
++	ddata->initvector = sha224_initvector;
++	return padlock_sha_init(ddata);
 +}
 +
 +static int
 +padlock_sha256_init(EVP_MD_CTX *ctx)
 +{
++	static uint32_t sha256_initvector[] = {
++		0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
++		0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19
++	};
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
-+
-+	output[0] = 0x6A09E667;
-+	output[1] = 0xBB67AE85;
-+	output[2] = 0x3C6EF372;
-+	output[3] = 0xA54FF53A;
-+	output[4] = 0x510E527F;
-+	output[5] = 0x9B05688C;
-+	output[6] = 0x1F83D9AB;
-+	output[7] = 0x5BE0CD19;
-+
-+	padlock_sha_init(ddata);
-+	ddata->hash = padlock_do_sha256;
 +
-+	return 1;
++	ddata->hash = padlock_do_sha256;
++	ddata->initvector = sha256_initvector;
++	return padlock_sha_init(ddata);
 +}
 +
 +static int
@@ -601,26 +642,27 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	struct padlock_digest_data *dfrom = DIGEST_DATA(from);
 +	struct padlock_digest_data *dto = DIGEST_DATA(to);
 +
-+	/* Copy the internal state */
-+	memcpy(DIGEST_DATA_OUTPUT(dto), DIGEST_DATA_OUTPUT(dfrom), 128);
-+	dto->total = dfrom->total - dfrom->used;
-+	dto->hash  = dfrom->hash;
-+	dto->used  = 0;
-+
-+	/* Try using oneshot update if possible */
-+	if (dfrom->used == dfrom->total) {
-+		dto->update = padlock_oneshot_update;
-+		dto->final  = padlock_oneshot_final;
-+	} else {
-+		dto->update = padlock_multi_update;
-+		dto->final  = padlock_multi_final;
++	/* When we get here, dto is already a memcpied from dfrom,
++	 * it's ok for all other cases except when data is on a separate
++	 * mmapped area. It would be nice if we had a flag, if this is
++	 * a "finalization copy", so we could do finalizing SHA here and
++	 * store the result to *to precalculated. But there's no such
++	 * flag as to is reset on copy. */
++	if (dfrom->update == padlock_multi_update) {
++		/* Recopy the context, as they might have different alignment */
++		memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx),
++		       PADLOCK_SHA_ALIGN(dfrom->padlockctx),
++		       PADLOCK_SHA_INITVECTOR_SIZE);
++
++		/* Update total, and copy the buffer */
++		dto->total     = dfrom->total - dfrom->used;
++		dto->buffer    = NULL;
++		dto->used      = 0;
++		dto->mmap_size = 0;
++		if (dfrom->used != 0)
++			padlock_sha_update(to, dfrom->buffer, dfrom->used);
 +	}
 +
-+	/* Copy pending data - one oneshot destination, this means finalizing
-+	 * the contents if we are still on the first iteration. */
-+	if (dfrom->buffer != NULL)
-+		padlock_sha_update(to, dfrom->buffer, dfrom->used);
-+
 +	return 1;
 +}
 +
@@ -629,9 +671,8 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +{
 +	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
 +
-+	if (ddata->buffer != NULL)
++	if (ddata->update == padlock_multi_update && ddata->buffer != NULL)
 +		padlock_free_buffer(ddata->buffer);
-+	ddata->buffer = NULL;
 +
 +	return 1;
 +}
@@ -758,7 +799,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
  /* ===== Random Number Generator ===== */
  /*
   * This code is not engaged. The reason is that it does not comply
-@@ -1164,7 +1685,7 @@
+@@ -1164,7 +1726,7 @@
   * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
   * provide meaningful error control...
   */
@@ -767,7 +808,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
     the raw PadLock RNG */
  static int
  padlock_rand_bytes(unsigned char *output, int count)
-@@ -1212,6 +1733,7 @@
+@@ -1212,6 +1774,7 @@
  	padlock_rand_bytes,	/* pseudorand */
  	padlock_rand_status,	/* rand status */
  };
@@ -775,123 +816,3 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
  
  #endif /* COMPILE_HW_PADLOCK */
  
-Index: openssl-0.9.8k/crypto/evp/p_sign.c
-===================================================================
---- openssl-0.9.8k.orig/crypto/evp/p_sign.c	2009-07-13 11:01:02.000000000 +0300
-+++ openssl-0.9.8k/crypto/evp/p_sign.c	2009-07-13 11:01:45.000000000 +0300
-@@ -5,21 +5,21 @@
-  * This package is an SSL implementation written
-  * by Eric Young (eay@cryptsoft.com).
-  * The implementation was written so as to conform with Netscapes SSL.
-- * 
-+ *
-  * This library is free for commercial and non-commercial use as long as
-  * the following conditions are aheared to.  The following conditions
-  * apply to all code found in this distribution, be it the RC4, RSA,
-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-  * included with this distribution is covered by the same copyright terms
-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-- * 
-+ *
-  * Copyright remains Eric Young's, and as such any Copyright notices in
-  * the code are not to be removed.
-  * If this package is used in a product, Eric Young should be given attribution
-  * as the author of the parts of the library used.
-  * This can be in the form of a textual message at program startup or
-  * in documentation (online or textual) provided with the package.
-- * 
-+ *
-  * Redistribution and use in source and binary forms, with or without
-  * modification, are permitted provided that the following conditions
-  * are met:
-@@ -34,10 +34,10 @@
-  *     Eric Young (eay@cryptsoft.com)"
-  *    The word 'cryptographic' can be left out if the rouines from the library
-  *    being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from 
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-  *    the apps directory (application code) you must include an acknowledgement:
-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-- * 
-+ *
-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-@@ -49,7 +49,7 @@
-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-  * SUCH DAMAGE.
-- * 
-+ *
-  * The licence and distribution terms for any publically available version or
-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
-  * copied and put under another distribution licence
-@@ -105,6 +105,7 @@
- 		return(0);
- 		}
- 	EVP_MD_CTX_init(&tmp_ctx);
-+	M_EVP_MD_CTX_set_flags(&tmp_ctx,EVP_MD_CTX_FLAG_ONESHOT);
- 	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- 	if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
- 		{
-Index: openssl-0.9.8k/crypto/evp/p_verify.c
-===================================================================
---- openssl-0.9.8k.orig/crypto/evp/p_verify.c	2009-07-13 11:01:06.000000000 +0300
-+++ openssl-0.9.8k/crypto/evp/p_verify.c	2009-07-13 11:02:11.000000000 +0300
-@@ -5,21 +5,21 @@
-  * This package is an SSL implementation written
-  * by Eric Young (eay@cryptsoft.com).
-  * The implementation was written so as to conform with Netscapes SSL.
-- * 
-+ *
-  * This library is free for commercial and non-commercial use as long as
-  * the following conditions are aheared to.  The following conditions
-  * apply to all code found in this distribution, be it the RC4, RSA,
-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-  * included with this distribution is covered by the same copyright terms
-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-- * 
-+ *
-  * Copyright remains Eric Young's, and as such any Copyright notices in
-  * the code are not to be removed.
-  * If this package is used in a product, Eric Young should be given attribution
-  * as the author of the parts of the library used.
-  * This can be in the form of a textual message at program startup or
-  * in documentation (online or textual) provided with the package.
-- * 
-+ *
-  * Redistribution and use in source and binary forms, with or without
-  * modification, are permitted provided that the following conditions
-  * are met:
-@@ -34,10 +34,10 @@
-  *     Eric Young (eay@cryptsoft.com)"
-  *    The word 'cryptographic' can be left out if the rouines from the library
-  *    being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from 
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-  *    the apps directory (application code) you must include an acknowledgement:
-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-- * 
-+ *
-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-@@ -49,7 +49,7 @@
-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-  * SUCH DAMAGE.
-- * 
-+ *
-  * The licence and distribution terms for any publically available version or
-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
-  * copied and put under another distribution licence
-@@ -92,7 +92,8 @@
- 		}
- 
- 	EVP_MD_CTX_init(&tmp_ctx);
--	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
-+	M_EVP_MD_CTX_set_flags(&tmp_ctx,EVP_MD_CTX_FLAG_ONESHOT);
-+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- 	if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
- 		{
- 		EVP_MD_SVCTX sctmp;
author	Timo Teras <timo.teras@iki.fi>	2009-07-27 16:20:51 +0300
committer	Timo Teras <timo.teras@iki.fi>	2009-07-27 16:20:51 +0300
commit	31ee725d6273df8189ba96d55aa0e30d1a813398 (patch)
tree	8bbc66e9ecebdb17aa4d9eb67c3da6e640b21f5c /main/openssl
parent	4cbb938980019bb24322e4d8497e20aa7d862639 (diff)
download	aports-31ee725d6273df8189ba96d55aa0e30d1a813398.tar.bz2 aports-31ee725d6273df8189ba96d55aa0e30d1a813398.tar.xz