From 37907999d18ebba37db13bfa7415401922eb6141 Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Thu, 30 Jul 2009 22:07:39 +0300
Subject: main/openssl: fix random padlock sha1 breakage

fix copying of oneshot sha1 context. also decrease the size
of "small buffer", to make context smaller (and context copy
faster in most cases); it should be still enough to catch
most hmac operations.
---
 main/openssl/APKBUILD                         |  4 ++--
 main/openssl/openssl-0.9.8k-padlock-sha.patch | 27 +++++++++++++++------------
 2 files changed, 17 insertions(+), 14 deletions(-)

(limited to 'main/openssl')

diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 383b80ee7e..d394f10392 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=openssl
 pkgver=0.9.8k
-pkgrel=4
+pkgrel=5
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url=http://openssl.org
 depends=
@@ -44,4 +44,4 @@ md5sums="e555c6d58d276aec7fdc53363e338ab3  openssl-0.9.8k.tar.gz
 04a6a88c2ee4badd4f8649792b73eaf3  openssl-0.9.8g-fix_manpages-1.patch
 c6a9857a5dbd30cead0404aa7dd73977  openssl-bb-basename.patch
 c838eb8488896cfeb7de957a0cbe04ae  openssl-0.9.8k-quote-cc.patch
-1f506efd30e97b9a0f3fe16c53222b21  openssl-0.9.8k-padlock-sha.patch"
+86b7f1bf50e1f3ba407ec62001a51a0d  openssl-0.9.8k-padlock-sha.patch"
diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch
index 7a89f434cf..b2e7e954d6 100644
--- a/main/openssl/openssl-0.9.8k-padlock-sha.patch
+++ b/main/openssl/openssl-0.9.8k-padlock-sha.patch
@@ -7,7 +7,7 @@
 Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 ===================================================================
 --- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c	2009-07-27 16:18:20.000000000 +0300
-+++ openssl-0.9.8k/crypto/engine/eng_padlock.c	2009-07-27 16:18:50.000000000 +0300
++++ openssl-0.9.8k/crypto/engine/eng_padlock.c	2009-07-30 22:02:54.000000000 +0300
 @@ -1,10 +1,13 @@
 -/* 
 +/*
@@ -147,14 +147,14 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
  #ifndef OPENSSL_NO_AES
 -	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
 +	    || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
-+#endif
+ #endif
+-	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
 +#ifndef OPENSSL_NO_SHA
 +	    || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
 +#endif
 +#ifndef PADLOCK_NO_RNG
 +	    || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
- #endif
--	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
++#endif
 +	    ) {
  		return 0;
  	}
@@ -206,11 +206,11 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
 +	padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
 +	padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
-+
-+	return padlock_flags;
-+}
  
 -	return padlock_use_ace + padlock_use_rng;
++	return padlock_flags;
++}
++
 +static inline void
 +padlock_htonl_block(uint32_t *data, size_t count)
 +{
@@ -287,7 +287,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
     encryption function itself. This function is not AES-specific. */
  static int
  padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-@@ -1157,6 +1214,511 @@
+@@ -1157,6 +1214,514 @@
  
  #endif /* OPENSSL_NO_AES */
  
@@ -296,7 +296,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +#define DIGEST_DATA(ctx)	((struct padlock_digest_data *)(ctx->md_data))
 +#define PADLOCK_SHA_ALIGN(dd)	(uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
 +#define PADLOCK_SHA_PAGES	14
-+#define PADLOCK_SHA_BUFFER	(1024 - sizeof(size_t) - 4*sizeof(void*))
++#define PADLOCK_SHA_BUFFER	(512 - sizeof(size_t) - 4*sizeof(void*))
 +#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t))
 +
 +struct padlock_digest_data {
@@ -648,12 +648,15 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
 +	 * a "finalization copy", so we could do finalizing SHA here and
 +	 * store the result to *to precalculated. But there's no such
 +	 * flag as to is reset on copy. */
-+	if (dfrom->update == padlock_multi_update) {
++
++	if (dfrom->update != padlock_copy_update) {
 +		/* Recopy the context, as they might have different alignment */
 +		memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx),
 +		       PADLOCK_SHA_ALIGN(dfrom->padlockctx),
 +		       PADLOCK_SHA_INITVECTOR_SIZE);
++	}
 +
++	if (dfrom->update == padlock_multi_update) {
 +		/* Update total, and copy the buffer */
 +		dto->total     = dfrom->total - dfrom->used;
 +		dto->buffer    = NULL;
@@ -799,7 +802,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
  /* ===== Random Number Generator ===== */
  /*
   * This code is not engaged. The reason is that it does not comply
-@@ -1164,7 +1726,7 @@
+@@ -1164,7 +1729,7 @@
   * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
   * provide meaningful error control...
   */
@@ -808,7 +811,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
     the raw PadLock RNG */
  static int
  padlock_rand_bytes(unsigned char *output, int count)
-@@ -1212,6 +1774,7 @@
+@@ -1212,6 +1777,7 @@
  	padlock_rand_bytes,	/* pseudorand */
  	padlock_rand_status,	/* rand status */
  };
-- 
cgit v1.2.3