summaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch82
-rw-r--r--main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch392
-rw-r--r--main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch701
-rw-r--r--main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch33
-rw-r--r--main/openssl/APKBUILD12
5 files changed, 1218 insertions, 2 deletions
diff --git a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
new file mode 100644
index 000000000..514ed0d83
--- /dev/null
+++ b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -0,0 +1,82 @@
+From 16a40910dd3ae5ab702ee1274f9e2f08362e4474 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 4 Jun 2010 09:48:39 +0300
+Subject: [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly
+
+Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT
+is set before final update. This is because some crypto accelerators cannot
+perform non-finalizing transform of the digest.
+
+The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly
+differently here. It is set before the final EVP_DigestUpdate call, not
+necessarily before EVP_DigestInit call. This will not cause any problems
+though.
+---
+ crypto/hmac/hmac.c | 14 +++++++++++---
+ 1 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
+index 45015fe..7ce2a50 100644
+--- a/crypto/hmac/hmac.c
++++ b/crypto/hmac/hmac.c
+@@ -66,6 +66,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ {
+ int i,j,reset=0;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
++ unsigned long flags;
+
+ if (md != NULL)
+ {
+@@ -82,6 +83,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ OPENSSL_assert(j <= (int)sizeof(ctx->key));
+ if (j < len)
+ {
++ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
+ goto err;
+ if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
+@@ -105,17 +107,22 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ {
+ for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+ pad[i]=0x36^ctx->key[i];
++ flags = EVP_MD_CTX_test_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
++ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
+ goto err;
+ if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
+ goto err;
++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+
+ for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+ pad[i]=0x5c^ctx->key[i];
++ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl))
+ goto err;
+ if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
+ goto err;
++ EVP_MD_CTX_set_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ }
+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
+ goto err;
+@@ -197,7 +204,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+
+ if (md == NULL) md=m;
+ HMAC_CTX_init(&c);
+- if (!HMAC_Init(&c,key,key_len,evp_md))
++ HMAC_CTX_set_flags(&c, EVP_MD_CTX_FLAG_ONESHOT);
++ if (!HMAC_Init_ex(&c,key,key_len,evp_md,NULL))
+ goto err;
+ if (!HMAC_Update(&c,d,n))
+ goto err;
+@@ -212,6 +220,6 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+ {
+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
++ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
+ }
+--
+1.7.0.4
+
diff --git a/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch b/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
new file mode 100644
index 000000000..8859f4060
--- /dev/null
+++ b/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
@@ -0,0 +1,392 @@
+From de61d5881a12b359dfb1b4fbbb53412460196553 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 3 Jun 2010 09:02:13 +0300
+Subject: [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test
+
+Merge the common code of testing digest speed, and make it reuse
+existing context. Context creation can be heavy operation, and it's
+speed depends on if engine is used or not. As we are measuring the
+digest speed, the context creation overhead should not be included
+like hmac tests do.
+
+This also adds test for hmac-sha1 speed.
+---
+ apps/speed.c | 243 +++++++++++++++++++++-------------------------------------
+ 1 files changed, 86 insertions(+), 157 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index 539bfff..f64289e 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -214,7 +214,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
+ static int do_multi(int multi);
+ #endif
+
+-#define ALGOR_NUM 29
++#define ALGOR_NUM 30
+ #define SIZE_NUM 5
+ #define RSA_NUM 4
+ #define DSA_NUM 3
+@@ -229,9 +229,11 @@ static const char *names[ALGOR_NUM]={
+ "aes-128 cbc","aes-192 cbc","aes-256 cbc",
+ "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
+ "evp","sha256","sha512","whirlpool",
+- "aes-128 ige","aes-192 ige","aes-256 ige"};
++ "aes-128 ige","aes-192 ige","aes-256 ige","hmac(sha1)"};
+ static double results[ALGOR_NUM][SIZE_NUM];
+ static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
++static unsigned char *buf=NULL,*buf2=NULL;
++static long c[ALGOR_NUM][SIZE_NUM];
+ #ifndef OPENSSL_NO_RSA
+ static double rsa_results[RSA_NUM][2];
+ #endif
+@@ -329,6 +331,66 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+ }
+ #endif /* OPENSSL_NO_ECDH */
+
++#ifndef SIGALRM
++#define COND(d) (count < (d))
++#else
++#define COND(c) (run)
++#endif /* SIGALRM */
++
++static void Test_Digest(int digest, const EVP_MD *type)
++{
++ unsigned char md[EVP_MAX_MD_SIZE];
++ int j, count;
++ double d=0.0;
++ EVP_MD_CTX ctx;
++
++ EVP_MD_CTX_init(&ctx);
++ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
++
++ for (j=0; j<SIZE_NUM; j++)
++ {
++ print_message(names[digest],c[digest][j],lengths[j]);
++ Time_F(START);
++ for (count=0,run=1; COND(c[digest][j]); count++)
++ {
++ EVP_DigestInit_ex(&ctx, type, NULL);
++ EVP_DigestUpdate(&ctx, buf, (unsigned long)lengths[j]);
++ EVP_DigestFinal_ex(&ctx, md, NULL);
++ }
++ d=Time_F(STOP);
++ print_result(digest,j,count,d);
++ }
++
++ EVP_MD_CTX_cleanup(&ctx);
++}
++
++static void Test_HMAC(int digest, const EVP_MD *type)
++{
++ unsigned char md[EVP_MAX_MD_SIZE];
++ HMAC_CTX hctx;
++ int j, count;
++ double d=0.0;
++
++ HMAC_CTX_init(&hctx);
++ HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_ONESHOT);
++ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
++ 16,type, NULL);
++
++ for (j=0; j<SIZE_NUM; j++)
++ {
++ print_message(names[digest],c[digest][j],lengths[j]);
++ Time_F(START);
++ for (count=0,run=1; COND(c[digest][j]); count++)
++ {
++ HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
++ HMAC_Update(&hctx,buf,lengths[j]);
++ HMAC_Final(&hctx,md,NULL);
++ }
++ d=Time_F(STOP);
++ print_result(digest,j,count,d);
++ }
++ HMAC_CTX_cleanup(&hctx);
++}
+
+ int MAIN(int, char **);
+
+@@ -337,7 +399,6 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_ENGINE
+ ENGINE *e = NULL;
+ #endif
+- unsigned char *buf=NULL,*buf2=NULL;
+ int mret=1;
+ long count=0,save_count=0;
+ int i,j,k;
+@@ -348,34 +409,6 @@ int MAIN(int argc, char **argv)
+ unsigned rsa_num;
+ #endif
+ unsigned char md[EVP_MAX_MD_SIZE];
+-#ifndef OPENSSL_NO_MD2
+- unsigned char md2[MD2_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_MDC2
+- unsigned char mdc2[MDC2_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_MD4
+- unsigned char md4[MD4_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_MD5
+- unsigned char md5[MD5_DIGEST_LENGTH];
+- unsigned char hmac[MD5_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_SHA
+- unsigned char sha[SHA_DIGEST_LENGTH];
+-#ifndef OPENSSL_NO_SHA256
+- unsigned char sha256[SHA256_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_SHA512
+- unsigned char sha512[SHA512_DIGEST_LENGTH];
+-#endif
+-#endif
+-#ifndef OPENSSL_NO_WHIRLPOOL
+- unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+-#endif
+-#ifndef OPENSSL_NO_RIPEMD
+- unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+-#endif
+ #ifndef OPENSSL_NO_RC4
+ RC4_KEY rc4_ks;
+ #endif
+@@ -473,8 +506,8 @@ int MAIN(int argc, char **argv)
+ #define D_IGE_128_AES 26
+ #define D_IGE_192_AES 27
+ #define D_IGE_256_AES 28
++#define D_HMAC_SHA1 29
+ double d=0.0;
+- long c[ALGOR_NUM][SIZE_NUM];
+ #define R_DSA_512 0
+ #define R_DSA_1024 1
+ #define R_DSA_2048 2
+@@ -783,6 +816,8 @@ int MAIN(int argc, char **argv)
+ doit[D_SHA256]=1,
+ doit[D_SHA512]=1;
+ else
++ if (strcmp(*argv,"hmac-sha1") == 0) doit[D_HMAC_SHA1]=1;
++ else
+ #ifndef OPENSSL_NO_SHA256
+ if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
+ else
+@@ -1000,6 +1035,9 @@ int MAIN(int argc, char **argv)
+ #endif
+ #ifndef OPENSSL_NO_SHA1
+ BIO_printf(bio_err,"sha1 ");
++#ifndef OPENSSL_NO_HMAC
++ BIO_printf(bio_err,"hmac-sha1 ");
++#endif
+ #endif
+ #ifndef OPENSSL_NO_SHA256
+ BIO_printf(bio_err,"sha256 ");
+@@ -1270,6 +1308,7 @@ int MAIN(int argc, char **argv)
+ c[D_IGE_128_AES][0]=count;
+ c[D_IGE_192_AES][0]=count;
+ c[D_IGE_256_AES][0]=count;
++ c[D_HMAC_SHA1][0]=count;
+
+ for (i=1; i<SIZE_NUM; i++)
+ {
+@@ -1283,6 +1322,7 @@ int MAIN(int argc, char **argv)
+ c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
+ c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
+ c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i];
++ c[D_HMAC_SHA1][i]=c[D_HMAC_SHA1][0]*4*lengths[0]/lengths[i];
+ }
+ for (i=1; i<SIZE_NUM; i++)
+ {
+@@ -1457,15 +1497,11 @@ int MAIN(int argc, char **argv)
+ }
+ #endif
+
+-#define COND(d) (count < (d))
+-#define COUNT(d) (d)
+ #else
+ /* not worth fixing */
+ # error "You cannot disable DES on systems without SIGALRM."
+ #endif /* OPENSSL_NO_DES */
+ #else
+-#define COND(c) (run)
+-#define COUNT(d) (count)
+ #ifndef _WIN32
+ signal(SIGALRM,sig_done);
+ #endif
+@@ -1473,161 +1509,54 @@ int MAIN(int argc, char **argv)
+
+ #ifndef OPENSSL_NO_MD2
+ if (doit[D_MD2])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_MD2][j]); count++)
+- EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
+- d=Time_F(STOP);
+- print_result(D_MD2,j,count,d);
+- }
+- }
++ Test_Digest(D_MD2, EVP_md2());
+ #endif
+ #ifndef OPENSSL_NO_MDC2
+ if (doit[D_MDC2])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_MDC2][j]); count++)
+- EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
+- d=Time_F(STOP);
+- print_result(D_MDC2,j,count,d);
+- }
+- }
++ Test_Digest(D_MDC2, EVP_mdc2());
+ #endif
+
+ #ifndef OPENSSL_NO_MD4
+ if (doit[D_MD4])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_MD4][j]); count++)
+- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
+- d=Time_F(STOP);
+- print_result(D_MD4,j,count,d);
+- }
+- }
++ Test_Digest(D_MD4, EVP_md4());
+ #endif
+
+ #ifndef OPENSSL_NO_MD5
+ if (doit[D_MD5])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_MD5][j]); count++)
+- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
+- d=Time_F(STOP);
+- print_result(D_MD5,j,count,d);
+- }
+- }
++ Test_Digest(D_MD5, EVP_md5());
+ #endif
+
+ #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+ if (doit[D_HMAC])
+- {
+- HMAC_CTX hctx;
+-
+- HMAC_CTX_init(&hctx);
+- HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+- 16,EVP_md5(), NULL);
+-
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_HMAC][j]); count++)
+- {
+- HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+- HMAC_Update(&hctx,buf,lengths[j]);
+- HMAC_Final(&hctx,&(hmac[0]),NULL);
+- }
+- d=Time_F(STOP);
+- print_result(D_HMAC,j,count,d);
+- }
+- HMAC_CTX_cleanup(&hctx);
+- }
++ Test_HMAC(D_HMAC, EVP_md5());
++#endif
++#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_HMAC)
++ if (doit[D_HMAC_SHA1])
++ Test_HMAC(D_HMAC_SHA1, EVP_sha1());
+ #endif
+ #ifndef OPENSSL_NO_SHA
+ if (doit[D_SHA1])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_SHA1][j]); count++)
+- EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
+- d=Time_F(STOP);
+- print_result(D_SHA1,j,count,d);
+- }
+- }
++ Test_Digest(D_SHA1, EVP_sha1());
+
+ #ifndef OPENSSL_NO_SHA256
+ if (doit[D_SHA256])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_SHA256][j]); count++)
+- SHA256(buf,lengths[j],sha256);
+- d=Time_F(STOP);
+- print_result(D_SHA256,j,count,d);
+- }
+- }
++ Test_Digest(D_SHA256, EVP_sha256());
+ #endif
+
+ #ifndef OPENSSL_NO_SHA512
+ if (doit[D_SHA512])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_SHA512][j]); count++)
+- SHA512(buf,lengths[j],sha512);
+- d=Time_F(STOP);
+- print_result(D_SHA512,j,count,d);
+- }
+- }
++ Test_Digest(D_SHA512, EVP_sha512());
+ #endif
+ #endif
+
+ #ifndef OPENSSL_NO_WHIRLPOOL
+ if (doit[D_WHIRLPOOL])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++)
+- WHIRLPOOL(buf,lengths[j],whirlpool);
+- d=Time_F(STOP);
+- print_result(D_WHIRLPOOL,j,count,d);
+- }
+- }
++ Test_Digest(D_WHIRLPOOL, EVP_whirlpool());
+ #endif
+
+ #ifndef OPENSSL_NO_RIPEMD
+ if (doit[D_RMD160])
+- {
+- for (j=0; j<SIZE_NUM; j++)
+- {
+- print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
+- Time_F(START);
+- for (count=0,run=1; COND(c[D_RMD160][j]); count++)
+- EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
+- d=Time_F(STOP);
+- print_result(D_RMD160,j,count,d);
+- }
+- }
++ Test_Digest(D_RMD160, EVP_ripemd160());
+ #endif
+ #ifndef OPENSSL_NO_RC4
+ if (doit[D_RC4])
+--
+1.7.0.4
+
diff --git a/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch b/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch
new file mode 100644
index 000000000..b25de7c16
--- /dev/null
+++ b/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch
@@ -0,0 +1,701 @@
+From 11e9d19d7c6c3461cbab5e5670d66974cd7cf819 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 4 Jun 2010 15:48:16 +0300
+Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 acceleration
+
+Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT
+is used appropriately (as done by EVP_Digest, and my previous HMAC patch).
+
+Full support for VIA Nano including partial transformation.
+
+Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and
+apps/speed patches done. From single run, error margin of about 100-200k.
+
+No padlock
+
+type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k
+sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k
+hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k
+
+With the patch
+
+sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k
+sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k
+hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k
+---
+ engines/e_padlock.c | 596 +++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 files changed, 553 insertions(+), 43 deletions(-)
+
+diff --git a/engines/e_padlock.c b/engines/e_padlock.c
+index 381a746..2f8c72a 100644
+--- a/engines/e_padlock.c
++++ b/engines/e_padlock.c
+@@ -3,6 +3,9 @@
+ * Written by Michal Ludvig <michal@logix.cz>
+ * http://www.logix.cz/michal
+ *
++ * SHA support by Timo Teras <timo.teras@iki.fi>. Portions based on
++ * code originally written by Michal Ludvig.
++ *
+ * Big thanks to Andy Polyakov for a help with optimization,
+ * assembler fixes, port to MS Windows and a lot of other
+ * valuable work on this engine!
+@@ -74,12 +77,23 @@
+ #ifndef OPENSSL_NO_AES
+ #include <openssl/aes.h>
+ #endif
++#ifndef OPENSSL_NO_SHA
++#include <openssl/sha.h>
++#endif
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+
+ #ifndef OPENSSL_NO_HW
+ #ifndef OPENSSL_NO_HW_PADLOCK
+
++/* PadLock RNG is disabled by default */
++#define PADLOCK_NO_RNG 1
++
++/* No ASM routines for SHA in MSC yet */
++#ifdef _MSC_VER
++#define OPENSSL_NO_SHA
++#endif
++
+ /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+ #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+ # ifndef OPENSSL_NO_DYNAMIC_ENGINE
+@@ -140,58 +154,40 @@ static int padlock_available(void);
+ static int padlock_init(ENGINE *e);
+
+ /* RNG Stuff */
++#ifndef PADLOCK_NO_RNG
+ static RAND_METHOD padlock_rand;
+-
+-/* Cipher Stuff */
+-#ifndef OPENSSL_NO_AES
+-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ #endif
+
+ /* Engine names */
+ static const char *padlock_id = "padlock";
+ static char padlock_name[100];
+
+-/* Available features */
+-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+-static int padlock_use_rng = 0; /* Random Number Generator */
+-#ifndef OPENSSL_NO_AES
+-static int padlock_aes_align_required = 1;
+-#endif
++static int padlock_bind_helper(ENGINE *e);
+
+-/* ===== Engine "management" functions ===== */
+-
+-/* Prepare the ENGINE structure for registration */
+-static int
+-padlock_bind_helper(ENGINE *e)
+-{
+- /* Check available features */
+- padlock_available();
+-
+-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */
+- padlock_use_rng=0;
+-#endif
+-
+- /* Generate a nice engine name with available features */
+- BIO_snprintf(padlock_name, sizeof(padlock_name),
+- "VIA PadLock (%s, %s)",
+- padlock_use_rng ? "RNG" : "no-RNG",
+- padlock_use_ace ? "ACE" : "no-ACE");
++ /* Available features */
++enum padlock_flags {
++ PADLOCK_RNG = 0x01,
++ PADLOCK_ACE = 0x02,
++ PADLOCK_ACE2 = 0x04,
++ PADLOCK_PHE = 0x08,
++ PADLOCK_PMM = 0x10,
++ PADLOCK_NANO = 0x20,
++};
++enum padlock_flags padlock_flags;
+
+- /* Register everything or return with an error */
+- if (!ENGINE_set_id(e, padlock_id) ||
+- !ENGINE_set_name(e, padlock_name) ||
++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG)
++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2))
++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE)
++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2)
++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE)
++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM)
++#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO)
+
+- !ENGINE_set_init_function(e, padlock_init) ||
+ #ifndef OPENSSL_NO_AES
+- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
++static int padlock_aes_align_required = 1;
+ #endif
+- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
+- return 0;
+- }
+
+- /* Everything looks good */
+- return 1;
+-}
++/* ===== Engine "management" functions ===== */
+
+ /* Constructor */
+ static ENGINE *
+@@ -215,7 +211,7 @@ ENGINE_padlock(void)
+ static int
+ padlock_init(ENGINE *e)
+ {
+- return (padlock_use_rng || padlock_use_ace);
++ return padlock_flags;
+ }
+
+ /* This stuff is needed if this ENGINE is being compiled into a self-contained
+@@ -367,10 +363,20 @@ padlock_available(void)
+ : "+a"(eax), "=d"(edx) : : "ecx");
+
+ /* Fill up some flags */
+- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
+- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0);
++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0);
++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
++
++ /* Check for VIA Nano CPU */
++ eax = 0x00000001;
++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
++ : "+a"(eax) : : "ecx", "edx");
++ if ((eax | 0x000F) == 0x06FF)
++ padlock_flags |= PADLOCK_NANO;
+
+- return padlock_use_ace + padlock_use_rng;
++ return padlock_flags;
+ }
+
+ #ifndef OPENSSL_NO_AES
+@@ -1159,6 +1165,454 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+
+ #endif /* OPENSSL_NO_AES */
+
++#ifndef OPENSSL_NO_SHA
++
++static inline void
++padlock_copy_bswap(void *dst, void *src, size_t count)
++{
++ uint32_t *udst = dst, *usrc = src;
++ unsigned int reg;
++ int i = 0;
++
++ for (i = 0; i < count; i++) {
++ reg = usrc[i];
++ asm volatile("bswapl %0" : "+&r"(reg));
++ udst[i] = reg;
++ }
++}
++
++#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
++#define PADLOCK_SHA_HWCTX (128+16)
++
++static void
++padlock_sha1(void *hwctx, const void *buf, uint32_t total, uint32_t now)
++{
++ uint32_t pos = total - now;
++
++ asm volatile ("xsha1"
++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total)
++ : : "memory");
++}
++
++static void
++padlock_sha1_partial(void *hwctx, const void *buf, uint32_t blocks)
++{
++ asm volatile ("xsha1"
++ : "+S"(buf), "+D"(hwctx), "+c"(blocks)
++ : "a"(-1) : "memory");
++}
++
++static int padlock_sha1_init(EVP_MD_CTX *ctx)
++{
++ return SHA1_Init(ctx->md_data);
++}
++
++static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ const unsigned char *p = data;
++ unsigned int l = 0;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= 0xfffffffe)) {
++ if (c->num != 0) {
++ l = (len < SHA_CBLOCK) ? len : SHA_CBLOCK;
++ if (!SHA1_Update(c, data, l))
++ return 0;
++ p += l;
++ if (c->num != 0) {
++ p = (unsigned char *) c->data;
++ len = c->num;
++ l = 0;
++ }
++ }
++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG));
++ padlock_sha1(aligned, p, total, len - l);
++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG));
++ c->num = -1;
++ return 1;
++ }
++
++ return SHA1_Update(c, data, len);
++}
++
++static int padlock_nano_sha1_update(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ unsigned char *p;
++ unsigned int n;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++ c->Nh = total >> 29;
++ c->Nl = (total << 3) & 0xffffffffUL;
++
++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG));
++
++ /* Check partial data */
++ n = c->num;
++ if (n) {
++ p = (unsigned char *) c->data;
++ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) {
++ memcpy(p+n, data, SHA_CBLOCK-n);
++ padlock_sha1_partial(aligned, p, 1);
++ n = SHA_CBLOCK - n;
++ data += n;
++ len -= n;
++ c->num = 0;
++ memset(p, 0, SHA_CBLOCK);
++ } else {
++ memcpy(p+n, data, len);
++ c->num += (unsigned int)len;
++ return 1;
++ }
++ }
++
++ /* Can we finalize straight away? */
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= 0xfffffffe)) {
++ padlock_sha1(aligned, data, total, len);
++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG));
++ c->num = -1;
++ return 1;
++ }
++
++ /* Use nonfinalizing update */
++ n = len / SHA_CBLOCK;
++ if (n != 0) {
++ padlock_sha1_partial(aligned, data, n);
++ data += n * SHA_CBLOCK;
++ len -= n * SHA_CBLOCK;
++ }
++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG));
++
++ /* Buffer remaining bytes */
++ if (len) {
++ memcpy(c->data, data, len);
++ c->num = len;
++ }
++
++ return 1;
++}
++
++static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++ SHA_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++
++ if (c->num == -1) {
++ padlock_copy_bswap(md, &c->h0, 5);
++ c->num = 0;
++ return 1;
++ }
++
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ if (total <= 0xfffffffe) {
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++
++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG));
++ padlock_sha1(aligned, c->data, total, c->num);
++ padlock_copy_bswap(md, aligned, 5);
++ c->num = 0;
++ return 1;
++ }
++
++ return SHA1_Final(md, c);
++}
++
++static EVP_MD padlock_sha1_md = {
++ NID_sha1,
++ NID_sha1WithRSAEncryption,
++ SHA_DIGEST_LENGTH,
++ 0,
++ padlock_sha1_init,
++ padlock_sha1_update,
++ padlock_sha1_final,
++ NULL,
++ NULL,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA_CTX),
++};
++
++static EVP_MD padlock_dss1_md = {
++ NID_dsa,
++ NID_dsaWithSHA1,
++ SHA_DIGEST_LENGTH,
++ 0,
++ padlock_sha1_init,
++ padlock_sha1_update,
++ padlock_sha1_final,
++ NULL,
++ NULL,
++ EVP_PKEY_DSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA_CTX),
++};
++
++
++#if !defined(OPENSSL_NO_SHA256)
++
++static void
++padlock_sha256(void *hwctx, const void *buf, uint32_t total, uint32_t now)
++{
++ uint32_t pos = total - now;
++
++ asm volatile ("xsha256"
++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total)
++ : : "memory");
++}
++
++static void
++padlock_sha256_partial(void *hwctx, const void *buf, uint32_t blocks)
++{
++ asm volatile ("xsha256"
++ : "+S"(buf), "+D"(hwctx), "+c"(blocks)
++ : "a"(-1) : "memory");
++}
++
++static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA256_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ const unsigned char *p = data;
++ unsigned int l = 0;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= 0xfffffffe)) {
++ if (c->num != 0) {
++ l = (len < SHA256_CBLOCK) ? len : SHA256_CBLOCK;
++ if (!SHA256_Update(c, data, l))
++ return 0;
++ p += l;
++ if (c->num != 0) {
++ p = (unsigned char *) c->data;
++ len = c->num;
++ l = 0;
++ }
++ }
++ memcpy(aligned, c->h, sizeof(c->h));
++ padlock_sha256(aligned, p, total, len - l);
++ memcpy(c->h, aligned, sizeof(c->h));
++ c->num = -1;
++ return 1;
++ }
++
++ return SHA256_Update(c, data, len);
++}
++
++static int padlock_nano_sha256_update(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA256_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ unsigned char *p;
++ unsigned int n;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++ c->Nh = total >> 29;
++ c->Nl = (total << 3) & 0xffffffffUL;
++
++ memcpy(aligned, c->h, sizeof(c->h));
++
++ /* Check partial data */
++ n = c->num;
++ if (n) {
++ p = (unsigned char *) c->data;
++ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) {
++ memcpy(p+n, data, SHA256_CBLOCK-n);
++ padlock_sha256_partial(aligned, p, 1);
++ n = SHA256_CBLOCK - n;
++ data += n;
++ len -= n;
++ c->num = 0;
++ memset(p, 0, SHA256_CBLOCK);
++ } else {
++ memcpy(p+n, data, len);
++ c->num += (unsigned int)len;
++ return 1;
++ }
++ }
++
++ /* Can we finalize straight away? */
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= 0xfffffffe)) {
++ padlock_sha256(aligned, data, total, len);
++ memcpy(c->h, aligned, sizeof(c->h));
++ c->num = -1;
++ return 1;
++ }
++
++ /* Use nonfinalizing update */
++ n = len / SHA256_CBLOCK;
++ if (n != 0) {
++ padlock_sha256_partial(aligned, data, n);
++ data += n * SHA256_CBLOCK;
++ len -= n * SHA256_CBLOCK;
++ }
++ memcpy(c->h, aligned, sizeof(c->h));
++
++ /* Buffer remaining bytes */
++ if (len) {
++ memcpy(c->data, data, len);
++ c->num = len;
++ }
++
++ return 1;
++}
++
++static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++ SHA256_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++
++ if (c->num == -1) {
++ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0]));
++ c->num = 0;
++ return 1;
++ }
++
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ if (total <= 0xfffffffe) {
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++
++ memcpy(aligned, c->h, sizeof(c->h));
++ padlock_sha256(aligned, c->data, total, c->num);
++ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0]));
++ c->num = 0;
++ return 1;
++ }
++
++ return SHA256_Final(md, c);
++}
++
++#if !defined(OPENSSL_NO_SHA224)
++
++static int padlock_sha224_init(EVP_MD_CTX *ctx)
++{
++ return SHA224_Init(ctx->md_data);
++}
++
++static EVP_MD padlock_sha224_md = {
++ NID_sha224,
++ NID_sha224WithRSAEncryption,
++ SHA224_DIGEST_LENGTH,
++ 0,
++ padlock_sha224_init,
++ padlock_sha256_update,
++ padlock_sha256_final,
++ NULL,
++ NULL,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA256_CTX),
++};
++#endif /* !OPENSSL_NO_SHA224 */
++
++static int padlock_sha256_init(EVP_MD_CTX *ctx)
++{
++ return SHA256_Init(ctx->md_data);
++}
++
++static EVP_MD padlock_sha256_md = {
++ NID_sha256,
++ NID_sha256WithRSAEncryption,
++ SHA256_DIGEST_LENGTH,
++ 0,
++ padlock_sha256_init,
++ padlock_sha256_update,
++ padlock_sha256_final,
++ NULL,
++ NULL,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA256_CTX),
++};
++#endif /* !OPENSSL_NO_SHA256 */
++
++static int padlock_digest_nids[] = {
++#if !defined(OPENSSL_NO_SHA)
++ NID_sha1,
++ NID_dsa,
++#endif
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++ NID_sha224,
++#endif
++ NID_sha256,
++#endif
++};
++
++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]);
++
++static int
++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
++{
++ /* No specific digest => return a list of supported nids ... */
++ if (!digest) {
++ *nids = padlock_digest_nids;
++ return padlock_digest_nids_num;
++ }
++
++ /* ... or the requested "digest" otherwise */
++ switch (nid) {
++#if !defined(OPENSSL_NO_SHA)
++ case NID_sha1:
++ *digest = &padlock_sha1_md;
++ break;
++ case NID_dsa:
++ *digest = &padlock_dss1_md;
++ break;
++#endif
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++ case NID_sha224:
++ *digest = &padlock_sha224_md;
++ break;
++#endif /* OPENSSL_NO_SHA224 */
++ case NID_sha256:
++ *digest = &padlock_sha256_md;
++ break;
++#endif /* OPENSSL_NO_SHA256 */
++ default:
++ /* Sorry, we don't support this NID */
++ *digest = NULL;
++ return 0;
++ }
++
++ return 1;
++}
++
++#endif /* OPENSSL_NO_SHA */
++
++#ifndef PADLOCK_NO_RNG
++
+ /* ===== Random Number Generator ===== */
+ /*
+ * This code is not engaged. The reason is that it does not comply
+@@ -1215,6 +1669,62 @@ static RAND_METHOD padlock_rand = {
+ padlock_rand_status, /* rand status */
+ };
+
++#endif /* PADLOCK_NO_RNG */
++
++/* Prepare the ENGINE structure for registration */
++static int
++padlock_bind_helper(ENGINE *e)
++{
++ /* Check available features */
++ padlock_available();
++
++ /* Generate a nice engine name with available features */
++ BIO_snprintf(padlock_name, sizeof(padlock_name),
++ "VIA PadLock: %s%s%s%s%s%s",
++ padlock_flags ? "" : "not supported",
++ PADLOCK_HAVE_RNG ? "RNG " : "",
++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "",
++ PADLOCK_HAVE_PHE ? "PHE " : "",
++ PADLOCK_HAVE_PMM ? "PMM " : "",
++ PADLOCK_HAVE_NANO ? "NANO " : ""
++ );
++
++#ifndef OPENSSL_NO_SHA
++ /* Use Nano SHA acceleration? */
++ if (PADLOCK_HAVE_NANO) {
++ padlock_sha1_md.update = padlock_nano_sha1_update;
++ padlock_dss1_md.update = padlock_nano_sha1_update;
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++ padlock_sha224_md.update = padlock_nano_sha256_update;
++#endif
++ padlock_sha256_md.update = padlock_nano_sha256_update;
++#endif
++ }
++#endif
++
++ /* Register everything or return with an error */
++ if (!ENGINE_set_id(e, padlock_id) ||
++ !ENGINE_set_name(e, padlock_name) ||
++
++ !ENGINE_set_init_function(e, padlock_init)
++#ifndef OPENSSL_NO_AES
++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
++#endif
++#ifndef OPENSSL_NO_SHA
++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
++#endif
++#ifndef PADLOCK_NO_RNG
++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
++#endif
++ ) {
++ return 0;
++ }
++
++ /* Everything looks good */
++ return 1;
++}
++
+ #else /* !COMPILE_HW_PADLOCK */
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE
+ OPENSSL_EXPORT
+--
+1.7.0.4
+
diff --git a/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch
new file mode 100644
index 000000000..c41d860ea
--- /dev/null
+++ b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch
@@ -0,0 +1,33 @@
+From f6a5204b8dc94d73521f962183ee302533b2a196 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 4 Jun 2010 18:02:39 +0300
+Subject: [PATCH 4/4] crypto/engine: autoload padlock dynamic engine
+
+---
+ crypto/engine/eng_all.c | 10 ++++++++++
+ 1 files changed, 10 insertions(+), 0 deletions(-)
+
+diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
+index 22c1204..827e447 100644
+--- a/crypto/engine/eng_all.c
++++ b/crypto/engine/eng_all.c
+@@ -112,6 +112,16 @@ void ENGINE_load_builtin_engines(void)
+ ENGINE_load_capi();
+ #endif
+ #endif
++#ifdef OPENSSL_NO_STATIC_ENGINE
++ {
++ ENGINE *e;
++ e = ENGINE_by_id("padlock");
++ if (e != NULL) {
++ ENGINE_add(e);
++ ENGINE_free(e);
++ }
++ }
++#endif
+ }
+
+ #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+--
+1.7.0.4
+
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 7116a1669..eb23f31fc 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssl
pkgver=1.0.0a
-pkgrel=0
+pkgrel=1
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
@@ -13,6 +13,10 @@ subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl"
source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
fix-manpages.patch
openssl-bb-basename.patch
+ 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+ 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
+ 0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch
+ 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
"
# openssl-0.9.8k-padlock-sha.patch
@@ -64,4 +68,8 @@ libssl() {
md5sums="e3873edfffc783624cfbdb65e2249cbd openssl-1.0.0a.tar.gz
115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch
-c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch"
+c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
+ceae7d6166a455ecc41adc8f44f1a07e 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+383c0c0305532f471bf583d6e05cbea9 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
+f687ab90b23587dc445eb0803a6eb1fb 0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch
+f197ac9a2748e64b1cb15a12ddca3d61 0004-crypto-engine-autoload-padlock-dynamic-engine.patch"