summaryrefslogtreecommitdiffstats
path: root/main/openssl
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2009-07-30 22:07:39 +0300
committerTimo Teras <timo.teras@iki.fi>2009-07-30 22:09:49 +0300
commit37907999d18ebba37db13bfa7415401922eb6141 (patch)
treeecf916299301c346cec4f6c7647abb10b460cb5d /main/openssl
parent8c68e1670143622b46b887787b81c61a32955baf (diff)
downloadaports-37907999d18ebba37db13bfa7415401922eb6141.tar.bz2
aports-37907999d18ebba37db13bfa7415401922eb6141.tar.xz
main/openssl: fix random padlock sha1 breakage
fix copying of oneshot sha1 context. also decrease the size of "small buffer", to make context smaller (and context copy faster in most cases); it should be still enough to catch most hmac operations.
Diffstat (limited to 'main/openssl')
-rw-r--r--main/openssl/APKBUILD4
-rw-r--r--main/openssl/openssl-0.9.8k-padlock-sha.patch27
2 files changed, 17 insertions, 14 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 383b80ee7..d394f1039 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssl
pkgver=0.9.8k
-pkgrel=4
+pkgrel=5
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url=http://openssl.org
depends=
@@ -44,4 +44,4 @@ md5sums="e555c6d58d276aec7fdc53363e338ab3 openssl-0.9.8k.tar.gz
04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch
-1f506efd30e97b9a0f3fe16c53222b21 openssl-0.9.8k-padlock-sha.patch"
+86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch"
diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch
index 7a89f434c..b2e7e954d 100644
--- a/main/openssl/openssl-0.9.8k-padlock-sha.patch
+++ b/main/openssl/openssl-0.9.8k-padlock-sha.patch
@@ -7,7 +7,7 @@
Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
===================================================================
--- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c 2009-07-27 16:18:20.000000000 +0300
-+++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-27 16:18:50.000000000 +0300
++++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-30 22:02:54.000000000 +0300
@@ -1,10 +1,13 @@
-/*
+/*
@@ -147,14 +147,14 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
#ifndef OPENSSL_NO_AES
- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
-+#endif
+ #endif
+- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
+#ifndef OPENSSL_NO_SHA
+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
+#endif
+#ifndef PADLOCK_NO_RNG
+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
- #endif
-- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
++#endif
+ ) {
return 0;
}
@@ -206,11 +206,11 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
-+
-+ return padlock_flags;
-+}
- return padlock_use_ace + padlock_use_rng;
++ return padlock_flags;
++}
++
+static inline void
+padlock_htonl_block(uint32_t *data, size_t count)
+{
@@ -287,7 +287,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
encryption function itself. This function is not AES-specific. */
static int
padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-@@ -1157,6 +1214,511 @@
+@@ -1157,6 +1214,514 @@
#endif /* OPENSSL_NO_AES */
@@ -296,7 +296,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data))
+#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
+#define PADLOCK_SHA_PAGES 14
-+#define PADLOCK_SHA_BUFFER (1024 - sizeof(size_t) - 4*sizeof(void*))
++#define PADLOCK_SHA_BUFFER (512 - sizeof(size_t) - 4*sizeof(void*))
+#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t))
+
+struct padlock_digest_data {
@@ -648,12 +648,15 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+ * a "finalization copy", so we could do finalizing SHA here and
+ * store the result to *to precalculated. But there's no such
+ * flag as to is reset on copy. */
-+ if (dfrom->update == padlock_multi_update) {
++
++ if (dfrom->update != padlock_copy_update) {
+ /* Recopy the context, as they might have different alignment */
+ memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx),
+ PADLOCK_SHA_ALIGN(dfrom->padlockctx),
+ PADLOCK_SHA_INITVECTOR_SIZE);
++ }
+
++ if (dfrom->update == padlock_multi_update) {
+ /* Update total, and copy the buffer */
+ dto->total = dfrom->total - dfrom->used;
+ dto->buffer = NULL;
@@ -799,7 +802,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
/* ===== Random Number Generator ===== */
/*
* This code is not engaged. The reason is that it does not comply
-@@ -1164,7 +1726,7 @@
+@@ -1164,7 +1729,7 @@
* (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
* provide meaningful error control...
*/
@@ -808,7 +811,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
the raw PadLock RNG */
static int
padlock_rand_bytes(unsigned char *output, int count)
-@@ -1212,6 +1774,7 @@
+@@ -1212,6 +1777,7 @@
padlock_rand_bytes, /* pseudorand */
padlock_rand_status, /* rand status */
};