diff options
| author | Timo Teras <timo.teras@iki.fi> | 2009-07-30 22:07:39 +0300 |
|---|---|---|
| committer | Timo Teras <timo.teras@iki.fi> | 2009-07-30 22:09:49 +0300 |
| commit | 37907999d18ebba37db13bfa7415401922eb6141 (patch) | |
| tree | ecf916299301c346cec4f6c7647abb10b460cb5d /main | |
| parent | 8c68e1670143622b46b887787b81c61a32955baf (diff) | |
| download | aports-37907999d18ebba37db13bfa7415401922eb6141.tar.bz2 aports-37907999d18ebba37db13bfa7415401922eb6141.tar.xz | |
main/openssl: fix random padlock sha1 breakage
fix copying of oneshot sha1 context. also decrease the size
of "small buffer", to make context smaller (and context copy
faster in most cases); it should be still enough to catch
most hmac operations.
Diffstat (limited to 'main')
| -rw-r--r-- | main/openssl/APKBUILD | 4 | ||||
| -rw-r--r-- | main/openssl/openssl-0.9.8k-padlock-sha.patch | 27 |
2 files changed, 17 insertions, 14 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 383b80ee7..d394f1039 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssl pkgver=0.9.8k -pkgrel=4 +pkgrel=5 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url=http://openssl.org depends= @@ -44,4 +44,4 @@ md5sums="e555c6d58d276aec7fdc53363e338ab3 openssl-0.9.8k.tar.gz 04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch -1f506efd30e97b9a0f3fe16c53222b21 openssl-0.9.8k-padlock-sha.patch" +86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch" diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch index 7a89f434c..b2e7e954d 100644 --- a/main/openssl/openssl-0.9.8k-padlock-sha.patch +++ b/main/openssl/openssl-0.9.8k-padlock-sha.patch @@ -7,7 +7,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c =================================================================== --- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c 2009-07-27 16:18:20.000000000 +0300 -+++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-27 16:18:50.000000000 +0300 ++++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-30 22:02:54.000000000 +0300 @@ -1,10 +1,13 @@ -/* +/* @@ -147,14 +147,14 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c #ifndef OPENSSL_NO_AES - (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || + || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif + #endif +- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { +#ifndef OPENSSL_NO_SHA + || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) +#endif +#ifndef PADLOCK_NO_RNG + || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) - #endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { ++#endif + ) { return 0; } @@ -206,11 +206,11 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c + padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); + padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); + padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ -+ return padlock_flags; -+} - return padlock_use_ace + padlock_use_rng; ++ return padlock_flags; ++} ++ +static inline void +padlock_htonl_block(uint32_t *data, size_t count) +{ @@ -287,7 +287,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c encryption function itself. This function is not AES-specific. */ static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, -@@ -1157,6 +1214,511 @@ +@@ -1157,6 +1214,514 @@ #endif /* OPENSSL_NO_AES */ @@ -296,7 +296,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c +#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) +#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) +#define PADLOCK_SHA_PAGES 14 -+#define PADLOCK_SHA_BUFFER (1024 - sizeof(size_t) - 4*sizeof(void*)) ++#define PADLOCK_SHA_BUFFER (512 - sizeof(size_t) - 4*sizeof(void*)) +#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t)) + +struct padlock_digest_data { @@ -648,12 +648,15 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c + * a "finalization copy", so we could do finalizing SHA here and + * store the result to *to precalculated. But there's no such + * flag as to is reset on copy. */ -+ if (dfrom->update == padlock_multi_update) { ++ ++ if (dfrom->update != padlock_copy_update) { + /* Recopy the context, as they might have different alignment */ + memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx), + PADLOCK_SHA_ALIGN(dfrom->padlockctx), + PADLOCK_SHA_INITVECTOR_SIZE); ++ } + ++ if (dfrom->update == padlock_multi_update) { + /* Update total, and copy the buffer */ + dto->total = dfrom->total - dfrom->used; + dto->buffer = NULL; @@ -799,7 +802,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c /* ===== Random Number Generator ===== */ /* * This code is not engaged. The reason is that it does not comply -@@ -1164,7 +1726,7 @@ +@@ -1164,7 +1729,7 @@ * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it * provide meaningful error control... */ @@ -808,7 +811,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c the raw PadLock RNG */ static int padlock_rand_bytes(unsigned char *output, int count) -@@ -1212,6 +1774,7 @@ +@@ -1212,6 +1777,7 @@ padlock_rand_bytes, /* pseudorand */ padlock_rand_status, /* rand status */ }; |