Commit 37907999 authored by Timo Teräs's avatar Timo Teräs

main/openssl: fix random padlock sha1 breakage

fix copying of oneshot sha1 context. also decrease the size
of "small buffer", to make context smaller (and context copy
faster in most cases); it should be still enough to catch
most hmac operations.
parent 8c68e167
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssl
pkgver=0.9.8k
pkgrel=4
pkgrel=5
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url=http://openssl.org
depends=
......@@ -44,4 +44,4 @@ md5sums="e555c6d58d276aec7fdc53363e338ab3 openssl-0.9.8k.tar.gz
04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch
1f506efd30e97b9a0f3fe16c53222b21 openssl-0.9.8k-padlock-sha.patch"
86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch"
......@@ -7,7 +7,7 @@
Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
===================================================================
--- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c 2009-07-27 16:18:20.000000000 +0300
+++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-27 16:18:50.000000000 +0300
+++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-30 22:02:54.000000000 +0300
@@ -1,10 +1,13 @@
-/*
+/*
......@@ -147,14 +147,14 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
#ifndef OPENSSL_NO_AES
- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
+#endif
#endif
- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
+#ifndef OPENSSL_NO_SHA
+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
+#endif
+#ifndef PADLOCK_NO_RNG
+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
#endif
- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
+#endif
+ ) {
return 0;
}
......@@ -206,11 +206,11 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
+
+ return padlock_flags;
+}
- return padlock_use_ace + padlock_use_rng;
+ return padlock_flags;
+}
+
+static inline void
+padlock_htonl_block(uint32_t *data, size_t count)
+{
......@@ -287,7 +287,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
encryption function itself. This function is not AES-specific. */
static int
padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
@@ -1157,6 +1214,511 @@
@@ -1157,6 +1214,514 @@
#endif /* OPENSSL_NO_AES */
......@@ -296,7 +296,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data))
+#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
+#define PADLOCK_SHA_PAGES 14
+#define PADLOCK_SHA_BUFFER (1024 - sizeof(size_t) - 4*sizeof(void*))
+#define PADLOCK_SHA_BUFFER (512 - sizeof(size_t) - 4*sizeof(void*))
+#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t))
+
+struct padlock_digest_data {
......@@ -648,12 +648,15 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+ * a "finalization copy", so we could do finalizing SHA here and
+ * store the result to *to precalculated. But there's no such
+ * flag as to is reset on copy. */
+ if (dfrom->update == padlock_multi_update) {
+
+ if (dfrom->update != padlock_copy_update) {
+ /* Recopy the context, as they might have different alignment */
+ memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx),
+ PADLOCK_SHA_ALIGN(dfrom->padlockctx),
+ PADLOCK_SHA_INITVECTOR_SIZE);
+ }
+
+ if (dfrom->update == padlock_multi_update) {
+ /* Update total, and copy the buffer */
+ dto->total = dfrom->total - dfrom->used;
+ dto->buffer = NULL;
......@@ -799,7 +802,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
/* ===== Random Number Generator ===== */
/*
* This code is not engaged. The reason is that it does not comply
@@ -1164,7 +1726,7 @@
@@ -1164,7 +1729,7 @@
* (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
* provide meaningful error control...
*/
......@@ -808,7 +811,7 @@ Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
the raw PadLock RNG */
static int
padlock_rand_bytes(unsigned char *output, int count)
@@ -1212,6 +1774,7 @@
@@ -1212,6 +1777,7 @@
padlock_rand_bytes, /* pseudorand */
padlock_rand_status, /* rand status */
};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment