diff options
| author | Andrew Manison <amanison@anselsystems.com> | 2010-06-19 09:02:05 +0000 |
|---|---|---|
| committer | Andrew Manison <amanison@anselsystems.com> | 2010-06-19 09:02:05 +0000 |
| commit | 85fd77589be2f6c970ca6895afa1520e0a2fda04 (patch) | |
| tree | 6b9d172b005b2657e541424da71009dcd2a1f3c4 /main/openssl | |
| parent | 8fdcdf953f865c691b01d546a0baea1a1143deeb (diff) | |
| parent | 253afa4a86bcb0959ca8b7fb269f482058847a9b (diff) | |
| download | aports-85fd77589be2f6c970ca6895afa1520e0a2fda04.tar.bz2 aports-85fd77589be2f6c970ca6895afa1520e0a2fda04.tar.xz | |
Merge remote branch 'alpine/master'
Conflicts:
main/openssl/APKBUILD
Diffstat (limited to 'main/openssl')
5 files changed, 1220 insertions, 11 deletions
diff --git a/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch new file mode 100644 index 000000000..514ed0d83 --- /dev/null +++ b/main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -0,0 +1,82 @@ +From 16a40910dd3ae5ab702ee1274f9e2f08362e4474 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Fri, 4 Jun 2010 09:48:39 +0300 +Subject: [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly + +Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT +is set before final update. This is because some crypto accelerators cannot +perform non-finalizing transform of the digest. + +The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly +differently here. It is set before the final EVP_DigestUpdate call, not +necessarily before EVP_DigestInit call. This will not cause any problems +though. +--- + crypto/hmac/hmac.c | 14 +++++++++++--- + 1 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c +index 45015fe..7ce2a50 100644 +--- a/crypto/hmac/hmac.c ++++ b/crypto/hmac/hmac.c +@@ -66,6 +66,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + { + int i,j,reset=0; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; ++ unsigned long flags; + + if (md != NULL) + { +@@ -82,6 +83,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (j < len) + { ++ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx,key,len)) +@@ -105,17 +107,22 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + { + for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) + pad[i]=0x36^ctx->key[i]; ++ flags = EVP_MD_CTX_test_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); ++ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md))) + goto err; ++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + + for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) + pad[i]=0x5c^ctx->key[i]; ++ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); + if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md))) + goto err; ++ EVP_MD_CTX_set_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); + } + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx)) + goto err; +@@ -197,7 +204,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + + if (md == NULL) md=m; + HMAC_CTX_init(&c); +- if (!HMAC_Init(&c,key,key_len,evp_md)) ++ HMAC_CTX_set_flags(&c, EVP_MD_CTX_FLAG_ONESHOT); ++ if (!HMAC_Init_ex(&c,key,key_len,evp_md,NULL)) + goto err; + if (!HMAC_Update(&c,d,n)) + goto err; +@@ -212,6 +220,6 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { + EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); ++ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); + } +-- +1.7.0.4 + diff --git a/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch b/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch new file mode 100644 index 000000000..8859f4060 --- /dev/null +++ b/main/openssl/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch @@ -0,0 +1,392 @@ +From de61d5881a12b359dfb1b4fbbb53412460196553 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 3 Jun 2010 09:02:13 +0300 +Subject: [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test + +Merge the common code of testing digest speed, and make it reuse +existing context. Context creation can be heavy operation, and it's +speed depends on if engine is used or not. As we are measuring the +digest speed, the context creation overhead should not be included +like hmac tests do. + +This also adds test for hmac-sha1 speed. +--- + apps/speed.c | 243 +++++++++++++++++++++------------------------------------- + 1 files changed, 86 insertions(+), 157 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 539bfff..f64289e 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -214,7 +214,7 @@ static void print_result(int alg,int run_no,int count,double time_used); + static int do_multi(int multi); + #endif + +-#define ALGOR_NUM 29 ++#define ALGOR_NUM 30 + #define SIZE_NUM 5 + #define RSA_NUM 4 + #define DSA_NUM 3 +@@ -229,9 +229,11 @@ static const char *names[ALGOR_NUM]={ + "aes-128 cbc","aes-192 cbc","aes-256 cbc", + "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", + "evp","sha256","sha512","whirlpool", +- "aes-128 ige","aes-192 ige","aes-256 ige"}; ++ "aes-128 ige","aes-192 ige","aes-256 ige","hmac(sha1)"}; + static double results[ALGOR_NUM][SIZE_NUM]; + static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; ++static unsigned char *buf=NULL,*buf2=NULL; ++static long c[ALGOR_NUM][SIZE_NUM]; + #ifndef OPENSSL_NO_RSA + static double rsa_results[RSA_NUM][2]; + #endif +@@ -329,6 +331,66 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) + } + #endif /* OPENSSL_NO_ECDH */ + ++#ifndef SIGALRM ++#define COND(d) (count < (d)) ++#else ++#define COND(c) (run) ++#endif /* SIGALRM */ ++ ++static void Test_Digest(int digest, const EVP_MD *type) ++{ ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ int j, count; ++ double d=0.0; ++ EVP_MD_CTX ctx; ++ ++ EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); ++ ++ for (j=0; j<SIZE_NUM; j++) ++ { ++ print_message(names[digest],c[digest][j],lengths[j]); ++ Time_F(START); ++ for (count=0,run=1; COND(c[digest][j]); count++) ++ { ++ EVP_DigestInit_ex(&ctx, type, NULL); ++ EVP_DigestUpdate(&ctx, buf, (unsigned long)lengths[j]); ++ EVP_DigestFinal_ex(&ctx, md, NULL); ++ } ++ d=Time_F(STOP); ++ print_result(digest,j,count,d); ++ } ++ ++ EVP_MD_CTX_cleanup(&ctx); ++} ++ ++static void Test_HMAC(int digest, const EVP_MD *type) ++{ ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ HMAC_CTX hctx; ++ int j, count; ++ double d=0.0; ++ ++ HMAC_CTX_init(&hctx); ++ HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_ONESHOT); ++ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", ++ 16,type, NULL); ++ ++ for (j=0; j<SIZE_NUM; j++) ++ { ++ print_message(names[digest],c[digest][j],lengths[j]); ++ Time_F(START); ++ for (count=0,run=1; COND(c[digest][j]); count++) ++ { ++ HMAC_Init_ex(&hctx,NULL,0,NULL,NULL); ++ HMAC_Update(&hctx,buf,lengths[j]); ++ HMAC_Final(&hctx,md,NULL); ++ } ++ d=Time_F(STOP); ++ print_result(digest,j,count,d); ++ } ++ HMAC_CTX_cleanup(&hctx); ++} + + int MAIN(int, char **); + +@@ -337,7 +399,6 @@ int MAIN(int argc, char **argv) + #ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; + #endif +- unsigned char *buf=NULL,*buf2=NULL; + int mret=1; + long count=0,save_count=0; + int i,j,k; +@@ -348,34 +409,6 @@ int MAIN(int argc, char **argv) + unsigned rsa_num; + #endif + unsigned char md[EVP_MAX_MD_SIZE]; +-#ifndef OPENSSL_NO_MD2 +- unsigned char md2[MD2_DIGEST_LENGTH]; +-#endif +-#ifndef OPENSSL_NO_MDC2 +- unsigned char mdc2[MDC2_DIGEST_LENGTH]; +-#endif +-#ifndef OPENSSL_NO_MD4 +- unsigned char md4[MD4_DIGEST_LENGTH]; +-#endif +-#ifndef OPENSSL_NO_MD5 +- unsigned char md5[MD5_DIGEST_LENGTH]; +- unsigned char hmac[MD5_DIGEST_LENGTH]; +-#endif +-#ifndef OPENSSL_NO_SHA +- unsigned char sha[SHA_DIGEST_LENGTH]; +-#ifndef OPENSSL_NO_SHA256 +- unsigned char sha256[SHA256_DIGEST_LENGTH]; +-#endif +-#ifndef OPENSSL_NO_SHA512 +- unsigned char sha512[SHA512_DIGEST_LENGTH]; +-#endif +-#endif +-#ifndef OPENSSL_NO_WHIRLPOOL +- unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; +-#endif +-#ifndef OPENSSL_NO_RIPEMD +- unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; +-#endif + #ifndef OPENSSL_NO_RC4 + RC4_KEY rc4_ks; + #endif +@@ -473,8 +506,8 @@ int MAIN(int argc, char **argv) + #define D_IGE_128_AES 26 + #define D_IGE_192_AES 27 + #define D_IGE_256_AES 28 ++#define D_HMAC_SHA1 29 + double d=0.0; +- long c[ALGOR_NUM][SIZE_NUM]; + #define R_DSA_512 0 + #define R_DSA_1024 1 + #define R_DSA_2048 2 +@@ -783,6 +816,8 @@ int MAIN(int argc, char **argv) + doit[D_SHA256]=1, + doit[D_SHA512]=1; + else ++ if (strcmp(*argv,"hmac-sha1") == 0) doit[D_HMAC_SHA1]=1; ++ else + #ifndef OPENSSL_NO_SHA256 + if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; + else +@@ -1000,6 +1035,9 @@ int MAIN(int argc, char **argv) + #endif + #ifndef OPENSSL_NO_SHA1 + BIO_printf(bio_err,"sha1 "); ++#ifndef OPENSSL_NO_HMAC ++ BIO_printf(bio_err,"hmac-sha1 "); ++#endif + #endif + #ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"sha256 "); +@@ -1270,6 +1308,7 @@ int MAIN(int argc, char **argv) + c[D_IGE_128_AES][0]=count; + c[D_IGE_192_AES][0]=count; + c[D_IGE_256_AES][0]=count; ++ c[D_HMAC_SHA1][0]=count; + + for (i=1; i<SIZE_NUM; i++) + { +@@ -1283,6 +1322,7 @@ int MAIN(int argc, char **argv) + c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i]; + c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i]; + c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i]; ++ c[D_HMAC_SHA1][i]=c[D_HMAC_SHA1][0]*4*lengths[0]/lengths[i]; + } + for (i=1; i<SIZE_NUM; i++) + { +@@ -1457,15 +1497,11 @@ int MAIN(int argc, char **argv) + } + #endif + +-#define COND(d) (count < (d)) +-#define COUNT(d) (d) + #else + /* not worth fixing */ + # error "You cannot disable DES on systems without SIGALRM." + #endif /* OPENSSL_NO_DES */ + #else +-#define COND(c) (run) +-#define COUNT(d) (count) + #ifndef _WIN32 + signal(SIGALRM,sig_done); + #endif +@@ -1473,161 +1509,54 @@ int MAIN(int argc, char **argv) + + #ifndef OPENSSL_NO_MD2 + if (doit[D_MD2]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_MD2],c[D_MD2][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_MD2][j]); count++) +- EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL); +- d=Time_F(STOP); +- print_result(D_MD2,j,count,d); +- } +- } ++ Test_Digest(D_MD2, EVP_md2()); + #endif + #ifndef OPENSSL_NO_MDC2 + if (doit[D_MDC2]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_MDC2][j]); count++) +- EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL); +- d=Time_F(STOP); +- print_result(D_MDC2,j,count,d); +- } +- } ++ Test_Digest(D_MDC2, EVP_mdc2()); + #endif + + #ifndef OPENSSL_NO_MD4 + if (doit[D_MD4]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_MD4],c[D_MD4][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_MD4][j]); count++) +- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL); +- d=Time_F(STOP); +- print_result(D_MD4,j,count,d); +- } +- } ++ Test_Digest(D_MD4, EVP_md4()); + #endif + + #ifndef OPENSSL_NO_MD5 + if (doit[D_MD5]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_MD5],c[D_MD5][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_MD5][j]); count++) +- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL); +- d=Time_F(STOP); +- print_result(D_MD5,j,count,d); +- } +- } ++ Test_Digest(D_MD5, EVP_md5()); + #endif + + #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) + if (doit[D_HMAC]) +- { +- HMAC_CTX hctx; +- +- HMAC_CTX_init(&hctx); +- HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", +- 16,EVP_md5(), NULL); +- +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_HMAC][j]); count++) +- { +- HMAC_Init_ex(&hctx,NULL,0,NULL,NULL); +- HMAC_Update(&hctx,buf,lengths[j]); +- HMAC_Final(&hctx,&(hmac[0]),NULL); +- } +- d=Time_F(STOP); +- print_result(D_HMAC,j,count,d); +- } +- HMAC_CTX_cleanup(&hctx); +- } ++ Test_HMAC(D_HMAC, EVP_md5()); ++#endif ++#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_HMAC) ++ if (doit[D_HMAC_SHA1]) ++ Test_HMAC(D_HMAC_SHA1, EVP_sha1()); + #endif + #ifndef OPENSSL_NO_SHA + if (doit[D_SHA1]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_SHA1][j]); count++) +- EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL); +- d=Time_F(STOP); +- print_result(D_SHA1,j,count,d); +- } +- } ++ Test_Digest(D_SHA1, EVP_sha1()); + + #ifndef OPENSSL_NO_SHA256 + if (doit[D_SHA256]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_SHA256][j]); count++) +- SHA256(buf,lengths[j],sha256); +- d=Time_F(STOP); +- print_result(D_SHA256,j,count,d); +- } +- } ++ Test_Digest(D_SHA256, EVP_sha256()); + #endif + + #ifndef OPENSSL_NO_SHA512 + if (doit[D_SHA512]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_SHA512][j]); count++) +- SHA512(buf,lengths[j],sha512); +- d=Time_F(STOP); +- print_result(D_SHA512,j,count,d); +- } +- } ++ Test_Digest(D_SHA512, EVP_sha512()); + #endif + #endif + + #ifndef OPENSSL_NO_WHIRLPOOL + if (doit[D_WHIRLPOOL]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++) +- WHIRLPOOL(buf,lengths[j],whirlpool); +- d=Time_F(STOP); +- print_result(D_WHIRLPOOL,j,count,d); +- } +- } ++ Test_Digest(D_WHIRLPOOL, EVP_whirlpool()); + #endif + + #ifndef OPENSSL_NO_RIPEMD + if (doit[D_RMD160]) +- { +- for (j=0; j<SIZE_NUM; j++) +- { +- print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); +- Time_F(START); +- for (count=0,run=1; COND(c[D_RMD160][j]); count++) +- EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL); +- d=Time_F(STOP); +- print_result(D_RMD160,j,count,d); +- } +- } ++ Test_Digest(D_RMD160, EVP_ripemd160()); + #endif + #ifndef OPENSSL_NO_RC4 + if (doit[D_RC4]) +-- +1.7.0.4 + diff --git a/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch b/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch new file mode 100644 index 000000000..b25de7c16 --- /dev/null +++ b/main/openssl/0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch @@ -0,0 +1,701 @@ +From 11e9d19d7c6c3461cbab5e5670d66974cd7cf819 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Fri, 4 Jun 2010 15:48:16 +0300 +Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 acceleration + +Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT +is used appropriately (as done by EVP_Digest, and my previous HMAC patch). + +Full support for VIA Nano including partial transformation. + +Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and +apps/speed patches done. From single run, error margin of about 100-200k. + +No padlock + +type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k +sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k +hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k + +With the patch + +sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k +sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k +hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k +--- + engines/e_padlock.c | 596 +++++++++++++++++++++++++++++++++++++++++++++++---- + 1 files changed, 553 insertions(+), 43 deletions(-) + +diff --git a/engines/e_padlock.c b/engines/e_padlock.c +index 381a746..2f8c72a 100644 +--- a/engines/e_padlock.c ++++ b/engines/e_padlock.c +@@ -3,6 +3,9 @@ + * Written by Michal Ludvig <michal@logix.cz> + * http://www.logix.cz/michal + * ++ * SHA support by Timo Teras <timo.teras@iki.fi>. Portions based on ++ * code originally written by Michal Ludvig. ++ * + * Big thanks to Andy Polyakov for a help with optimization, + * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! +@@ -74,12 +77,23 @@ + #ifndef OPENSSL_NO_AES + #include <openssl/aes.h> + #endif ++#ifndef OPENSSL_NO_SHA ++#include <openssl/sha.h> ++#endif + #include <openssl/rand.h> + #include <openssl/err.h> + + #ifndef OPENSSL_NO_HW + #ifndef OPENSSL_NO_HW_PADLOCK + ++/* PadLock RNG is disabled by default */ ++#define PADLOCK_NO_RNG 1 ++ ++/* No ASM routines for SHA in MSC yet */ ++#ifdef _MSC_VER ++#define OPENSSL_NO_SHA ++#endif ++ + /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ + #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) + # ifndef OPENSSL_NO_DYNAMIC_ENGINE +@@ -140,58 +154,40 @@ static int padlock_available(void); + static int padlock_init(ENGINE *e); + + /* RNG Stuff */ ++#ifndef PADLOCK_NO_RNG + static RAND_METHOD padlock_rand; +- +-/* Cipher Stuff */ +-#ifndef OPENSSL_NO_AES +-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + #endif + + /* Engine names */ + static const char *padlock_id = "padlock"; + static char padlock_name[100]; + +-/* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ +-#ifndef OPENSSL_NO_AES +-static int padlock_aes_align_required = 1; +-#endif ++static int padlock_bind_helper(ENGINE *e); + +-/* ===== Engine "management" functions ===== */ +- +-/* Prepare the ENGINE structure for registration */ +-static int +-padlock_bind_helper(ENGINE *e) +-{ +- /* Check available features */ +- padlock_available(); +- +-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ +- padlock_use_rng=0; +-#endif +- +- /* Generate a nice engine name with available features */ +- BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); ++ /* Available features */ ++enum padlock_flags { ++ PADLOCK_RNG = 0x01, ++ PADLOCK_ACE = 0x02, ++ PADLOCK_ACE2 = 0x04, ++ PADLOCK_PHE = 0x08, ++ PADLOCK_PMM = 0x10, ++ PADLOCK_NANO = 0x20, ++}; ++enum padlock_flags padlock_flags; + +- /* Register everything or return with an error */ +- if (!ENGINE_set_id(e, padlock_id) || +- !ENGINE_set_name(e, padlock_name) || ++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) ++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) ++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) ++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) ++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) ++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) ++#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO) + +- !ENGINE_set_init_function(e, padlock_init) || + #ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || ++static int padlock_aes_align_required = 1; + #endif +- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { +- return 0; +- } + +- /* Everything looks good */ +- return 1; +-} ++/* ===== Engine "management" functions ===== */ + + /* Constructor */ + static ENGINE * +@@ -215,7 +211,7 @@ ENGINE_padlock(void) + static int + padlock_init(ENGINE *e) + { +- return (padlock_use_rng || padlock_use_ace); ++ return padlock_flags; + } + + /* This stuff is needed if this ENGINE is being compiled into a self-contained +@@ -367,10 +363,20 @@ padlock_available(void) + : "+a"(eax), "=d"(edx) : : "ecx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); +- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); ++ ++ /* Check for VIA Nano CPU */ ++ eax = 0x00000001; ++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx" ++ : "+a"(eax) : : "ecx", "edx"); ++ if ((eax | 0x000F) == 0x06FF) ++ padlock_flags |= PADLOCK_NANO; + +- return padlock_use_ace + padlock_use_rng; ++ return padlock_flags; + } + + #ifndef OPENSSL_NO_AES +@@ -1159,6 +1165,454 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + + #endif /* OPENSSL_NO_AES */ + ++#ifndef OPENSSL_NO_SHA ++ ++static inline void ++padlock_copy_bswap(void *dst, void *src, size_t count) ++{ ++ uint32_t *udst = dst, *usrc = src; ++ unsigned int reg; ++ int i = 0; ++ ++ for (i = 0; i < count; i++) { ++ reg = usrc[i]; ++ asm volatile("bswapl %0" : "+&r"(reg)); ++ udst[i] = reg; ++ } ++} ++ ++#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) ++#define PADLOCK_SHA_HWCTX (128+16) ++ ++static void ++padlock_sha1(void *hwctx, const void *buf, uint32_t total, uint32_t now) ++{ ++ uint32_t pos = total - now; ++ ++ asm volatile ("xsha1" ++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) ++ : : "memory"); ++} ++ ++static void ++padlock_sha1_partial(void *hwctx, const void *buf, uint32_t blocks) ++{ ++ asm volatile ("xsha1" ++ : "+S"(buf), "+D"(hwctx), "+c"(blocks) ++ : "a"(-1) : "memory"); ++} ++ ++static int padlock_sha1_init(EVP_MD_CTX *ctx) ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ const unsigned char *p = data; ++ unsigned int l = 0; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= 0xfffffffe)) { ++ if (c->num != 0) { ++ l = (len < SHA_CBLOCK) ? len : SHA_CBLOCK; ++ if (!SHA1_Update(c, data, l)) ++ return 0; ++ p += l; ++ if (c->num != 0) { ++ p = (unsigned char *) c->data; ++ len = c->num; ++ l = 0; ++ } ++ } ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ padlock_sha1(aligned, p, total, len - l); ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ c->num = -1; ++ return 1; ++ } ++ ++ return SHA1_Update(c, data, len); ++} ++ ++static int padlock_nano_sha1_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ unsigned char *p; ++ unsigned int n; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ c->Nh = total >> 29; ++ c->Nl = (total << 3) & 0xffffffffUL; ++ ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ ++ /* Check partial data */ ++ n = c->num; ++ if (n) { ++ p = (unsigned char *) c->data; ++ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) { ++ memcpy(p+n, data, SHA_CBLOCK-n); ++ padlock_sha1_partial(aligned, p, 1); ++ n = SHA_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, SHA_CBLOCK); ++ } else { ++ memcpy(p+n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ /* Can we finalize straight away? */ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= 0xfffffffe)) { ++ padlock_sha1(aligned, data, total, len); ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ c->num = -1; ++ return 1; ++ } ++ ++ /* Use nonfinalizing update */ ++ n = len / SHA_CBLOCK; ++ if (n != 0) { ++ padlock_sha1_partial(aligned, data, n); ++ data += n * SHA_CBLOCK; ++ len -= n * SHA_CBLOCK; ++ } ++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); ++ ++ /* Buffer remaining bytes */ ++ if (len) { ++ memcpy(c->data, data, len); ++ c->num = len; ++ } ++ ++ return 1; ++} ++ ++static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ SHA_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ ++ if (c->num == -1) { ++ padlock_copy_bswap(md, &c->h0, 5); ++ c->num = 0; ++ return 1; ++ } ++ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ if (total <= 0xfffffffe) { ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ ++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); ++ padlock_sha1(aligned, c->data, total, c->num); ++ padlock_copy_bswap(md, aligned, 5); ++ c->num = 0; ++ return 1; ++ } ++ ++ return SHA1_Final(md, c); ++} ++ ++static EVP_MD padlock_sha1_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha1_update, ++ padlock_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA_CTX), ++}; ++ ++static EVP_MD padlock_dss1_md = { ++ NID_dsa, ++ NID_dsaWithSHA1, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha1_update, ++ padlock_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA_CTX), ++}; ++ ++ ++#if !defined(OPENSSL_NO_SHA256) ++ ++static void ++padlock_sha256(void *hwctx, const void *buf, uint32_t total, uint32_t now) ++{ ++ uint32_t pos = total - now; ++ ++ asm volatile ("xsha256" ++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) ++ : : "memory"); ++} ++ ++static void ++padlock_sha256_partial(void *hwctx, const void *buf, uint32_t blocks) ++{ ++ asm volatile ("xsha256" ++ : "+S"(buf), "+D"(hwctx), "+c"(blocks) ++ : "a"(-1) : "memory"); ++} ++ ++static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ const unsigned char *p = data; ++ unsigned int l = 0; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= 0xfffffffe)) { ++ if (c->num != 0) { ++ l = (len < SHA256_CBLOCK) ? len : SHA256_CBLOCK; ++ if (!SHA256_Update(c, data, l)) ++ return 0; ++ p += l; ++ if (c->num != 0) { ++ p = (unsigned char *) c->data; ++ len = c->num; ++ l = 0; ++ } ++ } ++ memcpy(aligned, c->h, sizeof(c->h)); ++ padlock_sha256(aligned, p, total, len - l); ++ memcpy(c->h, aligned, sizeof(c->h)); ++ c->num = -1; ++ return 1; ++ } ++ ++ return SHA256_Update(c, data, len); ++} ++ ++static int padlock_nano_sha256_update(EVP_MD_CTX *ctx, const void *data, ++ size_t len) ++{ ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ unsigned char *p; ++ unsigned int n; ++ ++ /* Calculate total length (Nl,Nh) is length in bits */ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ total += len; ++ c->Nh = total >> 29; ++ c->Nl = (total << 3) & 0xffffffffUL; ++ ++ memcpy(aligned, c->h, sizeof(c->h)); ++ ++ /* Check partial data */ ++ n = c->num; ++ if (n) { ++ p = (unsigned char *) c->data; ++ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) { ++ memcpy(p+n, data, SHA256_CBLOCK-n); ++ padlock_sha256_partial(aligned, p, 1); ++ n = SHA256_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ memset(p, 0, SHA256_CBLOCK); ++ } else { ++ memcpy(p+n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ /* Can we finalize straight away? */ ++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && ++ (total <= 0xfffffffe)) { ++ padlock_sha256(aligned, data, total, len); ++ memcpy(c->h, aligned, sizeof(c->h)); ++ c->num = -1; ++ return 1; ++ } ++ ++ /* Use nonfinalizing update */ ++ n = len / SHA256_CBLOCK; ++ if (n != 0) { ++ padlock_sha256_partial(aligned, data, n); ++ data += n * SHA256_CBLOCK; ++ len -= n * SHA256_CBLOCK; ++ } ++ memcpy(c->h, aligned, sizeof(c->h)); ++ ++ /* Buffer remaining bytes */ ++ if (len) { ++ memcpy(c->data, data, len); ++ c->num = len; ++ } ++ ++ return 1; ++} ++ ++static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ SHA256_CTX *c = ctx->md_data; ++ uint_fast64_t total; ++ ++ if (c->num == -1) { ++ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0])); ++ c->num = 0; ++ return 1; ++ } ++ ++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); ++ if (total <= 0xfffffffe) { ++ unsigned char hwctx[PADLOCK_SHA_HWCTX]; ++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); ++ ++ memcpy(aligned, c->h, sizeof(c->h)); ++ padlock_sha256(aligned, c->data, total, c->num); ++ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0])); ++ c->num = 0; ++ return 1; ++ } ++ ++ return SHA256_Final(md, c); ++} ++ ++#if !defined(OPENSSL_NO_SHA224) ++ ++static int padlock_sha224_init(EVP_MD_CTX *ctx) ++{ ++ return SHA224_Init(ctx->md_data); ++} ++ ++static EVP_MD padlock_sha224_md = { ++ NID_sha224, ++ NID_sha224WithRSAEncryption, ++ SHA224_DIGEST_LENGTH, ++ 0, ++ padlock_sha224_init, ++ padlock_sha256_update, ++ padlock_sha256_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA256_CTX), ++}; ++#endif /* !OPENSSL_NO_SHA224 */ ++ ++static int padlock_sha256_init(EVP_MD_CTX *ctx) ++{ ++ return SHA256_Init(ctx->md_data); ++} ++ ++static EVP_MD padlock_sha256_md = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ 0, ++ padlock_sha256_init, ++ padlock_sha256_update, ++ padlock_sha256_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(SHA256_CTX), ++}; ++#endif /* !OPENSSL_NO_SHA256 */ ++ ++static int padlock_digest_nids[] = { ++#if !defined(OPENSSL_NO_SHA) ++ NID_sha1, ++ NID_dsa, ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ NID_sha224, ++#endif ++ NID_sha256, ++#endif ++}; ++ ++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); ++ ++static int ++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) ++{ ++ /* No specific digest => return a list of supported nids ... */ ++ if (!digest) { ++ *nids = padlock_digest_nids; ++ return padlock_digest_nids_num; ++ } ++ ++ /* ... or the requested "digest" otherwise */ ++ switch (nid) { ++#if !defined(OPENSSL_NO_SHA) ++ case NID_sha1: ++ *digest = &padlock_sha1_md; ++ break; ++ case NID_dsa: ++ *digest = &padlock_dss1_md; ++ break; ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ case NID_sha224: ++ *digest = &padlock_sha224_md; ++ break; ++#endif /* OPENSSL_NO_SHA224 */ ++ case NID_sha256: ++ *digest = &padlock_sha256_md; ++ break; ++#endif /* OPENSSL_NO_SHA256 */ ++ default: ++ /* Sorry, we don't support this NID */ ++ *digest = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_NO_SHA */ ++ ++#ifndef PADLOCK_NO_RNG ++ + /* ===== Random Number Generator ===== */ + /* + * This code is not engaged. The reason is that it does not comply +@@ -1215,6 +1669,62 @@ static RAND_METHOD padlock_rand = { + padlock_rand_status, /* rand status */ + }; + ++#endif /* PADLOCK_NO_RNG */ ++ ++/* Prepare the ENGINE structure for registration */ ++static int ++padlock_bind_helper(ENGINE *e) ++{ ++ /* Check available features */ ++ padlock_available(); ++ ++ /* Generate a nice engine name with available features */ ++ BIO_snprintf(padlock_name, sizeof(padlock_name), ++ "VIA PadLock: %s%s%s%s%s%s", ++ padlock_flags ? "" : "not supported", ++ PADLOCK_HAVE_RNG ? "RNG " : "", ++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", ++ PADLOCK_HAVE_PHE ? "PHE " : "", ++ PADLOCK_HAVE_PMM ? "PMM " : "", ++ PADLOCK_HAVE_NANO ? "NANO " : "" ++ ); ++ ++#ifndef OPENSSL_NO_SHA ++ /* Use Nano SHA acceleration? */ ++ if (PADLOCK_HAVE_NANO) { ++ padlock_sha1_md.update = padlock_nano_sha1_update; ++ padlock_dss1_md.update = padlock_nano_sha1_update; ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ padlock_sha224_md.update = padlock_nano_sha256_update; ++#endif ++ padlock_sha256_md.update = padlock_nano_sha256_update; ++#endif ++ } ++#endif ++ ++ /* Register everything or return with an error */ ++ if (!ENGINE_set_id(e, padlock_id) || ++ !ENGINE_set_name(e, padlock_name) || ++ ++ !ENGINE_set_init_function(e, padlock_init) ++#ifndef OPENSSL_NO_AES ++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) ++#endif ++#ifndef OPENSSL_NO_SHA ++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) ++#endif ++#ifndef PADLOCK_NO_RNG ++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) ++#endif ++ ) { ++ return 0; ++ } ++ ++ /* Everything looks good */ ++ return 1; ++} ++ + #else /* !COMPILE_HW_PADLOCK */ + #ifndef OPENSSL_NO_DYNAMIC_ENGINE + OPENSSL_EXPORT +-- +1.7.0.4 + diff --git a/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch new file mode 100644 index 000000000..c41d860ea --- /dev/null +++ b/main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch @@ -0,0 +1,33 @@ +From f6a5204b8dc94d73521f962183ee302533b2a196 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Fri, 4 Jun 2010 18:02:39 +0300 +Subject: [PATCH 4/4] crypto/engine: autoload padlock dynamic engine + +--- + crypto/engine/eng_all.c | 10 ++++++++++ + 1 files changed, 10 insertions(+), 0 deletions(-) + +diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c +index 22c1204..827e447 100644 +--- a/crypto/engine/eng_all.c ++++ b/crypto/engine/eng_all.c +@@ -112,6 +112,16 @@ void ENGINE_load_builtin_engines(void) + ENGINE_load_capi(); + #endif + #endif ++#ifdef OPENSSL_NO_STATIC_ENGINE ++ { ++ ENGINE *e; ++ e = ENGINE_by_id("padlock"); ++ if (e != NULL) { ++ ENGINE_add(e); ++ ENGINE_free(e); ++ } ++ } ++#endif + } + + #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +-- +1.7.0.4 + diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 4a0f45f1a..eb23f31fc 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssl -pkgver=1.0.0 -pkgrel=0 +pkgver=1.0.0a +pkgrel=1 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -13,6 +13,10 @@ subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz fix-manpages.patch openssl-bb-basename.patch + 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch + 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch + 0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch + 0004-crypto-engine-autoload-padlock-dynamic-engine.patch " # openssl-0.9.8k-padlock-sha.patch @@ -41,13 +45,6 @@ package() { make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install } -dev() { - replaces="libcrypto openssl" - default_dev - # move symlinks - #mv "$pkgdir"/usr/lib/*.so "$subpkgdir"/usr/lib/ -} - libcrypto() { pkgdesc="Crypto library from openssl" replaces="openssl libcrypto" @@ -69,6 +66,10 @@ libssl() { done } -md5sums="89eaa86e25b2845f920ec00ae4c864ed openssl-1.0.0.tar.gz +md5sums="e3873edfffc783624cfbdb65e2249cbd openssl-1.0.0a.tar.gz 115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch -c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch" +c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch +ceae7d6166a455ecc41adc8f44f1a07e 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +383c0c0305532f471bf583d6e05cbea9 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch +f687ab90b23587dc445eb0803a6eb1fb 0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch +f197ac9a2748e64b1cb15a12ddca3d61 0004-crypto-engine-autoload-padlock-dynamic-engine.patch" |