Commit 3c010f8d authored by Timo Teräs's avatar Timo Teräs

main/openssl: security upgrade to 0.9.8x and backport padlock fixes

 * fix padlock sha1/256 to fallback to software with very large streams
 * fix padlock sha1/256 oneshot finalizing update
parent e20dfceb
From 8290b2ced17ee3d0e52345180ef4fc6d79bc0751 Mon Sep 17 00:00:00 2001 From ba6e7dcf33277954cb3adc7767555a346906f33c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 4 Jun 2010 09:48:39 +0300 Date: Fri, 4 Jun 2010 09:48:39 +0300
Subject: [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly Subject: [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it
properly
Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT
is set before final update. This is because some crypto accelerators cannot is set before final update. This is because some crypto accelerators cannot
...@@ -12,11 +13,11 @@ differently here. It is set before the final EVP_DigestUpdate call, not ...@@ -12,11 +13,11 @@ differently here. It is set before the final EVP_DigestUpdate call, not
necessarily before EVP_DigestInit call. This will not cause any problems necessarily before EVP_DigestInit call. This will not cause any problems
though. though.
--- ---
crypto/hmac/hmac.c | 14 +++++++++++--- crypto/hmac/hmac.c | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-) 1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index cbc1c76..a75a35d 100644 index 6899be6..b157c32 100644
--- a/crypto/hmac/hmac.c --- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c
@@ -68,6 +68,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, @@ -68,6 +68,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
...@@ -54,7 +55,7 @@ index cbc1c76..a75a35d 100644 ...@@ -54,7 +55,7 @@ index cbc1c76..a75a35d 100644
} }
EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
} }
@@ -166,7 +173,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, @@ -163,7 +170,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
if (md == NULL) md=m; if (md == NULL) md=m;
HMAC_CTX_init(&c); HMAC_CTX_init(&c);
...@@ -64,7 +65,7 @@ index cbc1c76..a75a35d 100644 ...@@ -64,7 +65,7 @@ index cbc1c76..a75a35d 100644
HMAC_Update(&c,d,n); HMAC_Update(&c,d,n);
HMAC_Final(&c,md,md_len); HMAC_Final(&c,md,md_len);
HMAC_CTX_cleanup(&c); HMAC_CTX_cleanup(&c);
@@ -176,8 +184,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, @@ -173,8 +181,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
{ {
EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
...@@ -76,5 +77,5 @@ index cbc1c76..a75a35d 100644 ...@@ -76,5 +77,5 @@ index cbc1c76..a75a35d 100644
#endif #endif
-- --
1.7.0.4 1.7.11.3
From 711ae63d2c715a34b15262b4dd4a48b09f02a400 Mon Sep 17 00:00:00 2001 From 942f1af93b1cafbb4439aec0018da099af09a934 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Thu, 3 Jun 2010 09:02:13 +0300 Date: Thu, 3 Jun 2010 09:02:13 +0300
Subject: [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test Subject: [PATCH 2/3] apps/speed: fix digest speed measurement and add
hmac-sha1 test
Merge the common code of testing digest speed, and make it reuse Merge the common code of testing digest speed, and make it reuse
existing context. Context creation can be heavy operation, and it's existing context. Context creation can be heavy operation, and it's
...@@ -11,11 +12,11 @@ like hmac tests do. ...@@ -11,11 +12,11 @@ like hmac tests do.
This also adds test for hmac-sha1 speed. This also adds test for hmac-sha1 speed.
--- ---
apps/speed.c | 232 ++++++++++++++++++++++------------------------------------ apps/speed.c | 232 ++++++++++++++++++++++-------------------------------------
1 files changed, 87 insertions(+), 145 deletions(-) 1 file changed, 87 insertions(+), 145 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c diff --git a/apps/speed.c b/apps/speed.c
index 393a7ba..6e375c6 100644 index 84ce35d..116cf82 100644
--- a/apps/speed.c --- a/apps/speed.c
+++ b/apps/speed.c +++ b/apps/speed.c
@@ -285,7 +285,7 @@ static void print_result(int alg,int run_no,int count,double time_used); @@ -285,7 +285,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
...@@ -107,7 +108,7 @@ index 393a7ba..6e375c6 100644 ...@@ -107,7 +108,7 @@ index 393a7ba..6e375c6 100644
#ifndef OPENSSL_NO_ECDH #ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20; static const int KDF1_SHA1_len = 20;
@@ -503,7 +565,6 @@ int MAIN(int argc, char **argv) @@ -500,7 +562,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
...@@ -115,7 +116,7 @@ index 393a7ba..6e375c6 100644 ...@@ -115,7 +116,7 @@ index 393a7ba..6e375c6 100644
int mret=1; int mret=1;
long count=0,save_count=0; long count=0,save_count=0;
int i,j,k; int i,j,k;
@@ -514,31 +575,6 @@ int MAIN(int argc, char **argv) @@ -511,31 +572,6 @@ int MAIN(int argc, char **argv)
unsigned rsa_num; unsigned rsa_num;
#endif #endif
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
...@@ -147,7 +148,7 @@ index 393a7ba..6e375c6 100644 ...@@ -147,7 +148,7 @@ index 393a7ba..6e375c6 100644
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
RC4_KEY rc4_ks; RC4_KEY rc4_ks;
#endif #endif
@@ -635,8 +671,8 @@ int MAIN(int argc, char **argv) @@ -631,8 +667,8 @@ int MAIN(int argc, char **argv)
#define D_IGE_128_AES 25 #define D_IGE_128_AES 25
#define D_IGE_192_AES 26 #define D_IGE_192_AES 26
#define D_IGE_256_AES 27 #define D_IGE_256_AES 27
...@@ -157,7 +158,7 @@ index 393a7ba..6e375c6 100644 ...@@ -157,7 +158,7 @@ index 393a7ba..6e375c6 100644
#define R_DSA_512 0 #define R_DSA_512 0
#define R_DSA_1024 1 #define R_DSA_1024 1
#define R_DSA_2048 2 #define R_DSA_2048 2
@@ -945,6 +981,8 @@ int MAIN(int argc, char **argv) @@ -938,6 +974,8 @@ int MAIN(int argc, char **argv)
doit[D_SHA256]=1, doit[D_SHA256]=1,
doit[D_SHA512]=1; doit[D_SHA512]=1;
else else
...@@ -166,7 +167,7 @@ index 393a7ba..6e375c6 100644 ...@@ -166,7 +167,7 @@ index 393a7ba..6e375c6 100644
#ifndef OPENSSL_NO_SHA256 #ifndef OPENSSL_NO_SHA256
if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
else else
@@ -1158,6 +1196,9 @@ int MAIN(int argc, char **argv) @@ -1151,6 +1189,9 @@ int MAIN(int argc, char **argv)
#endif #endif
#ifndef OPENSSL_NO_SHA1 #ifndef OPENSSL_NO_SHA1
BIO_printf(bio_err,"sha1 "); BIO_printf(bio_err,"sha1 ");
...@@ -176,7 +177,7 @@ index 393a7ba..6e375c6 100644 ...@@ -176,7 +177,7 @@ index 393a7ba..6e375c6 100644
#endif #endif
#ifndef OPENSSL_NO_SHA256 #ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err,"sha256 "); BIO_printf(bio_err,"sha256 ");
@@ -1420,6 +1461,7 @@ int MAIN(int argc, char **argv) @@ -1414,6 +1455,7 @@ int MAIN(int argc, char **argv)
c[D_IGE_128_AES][0]=count; c[D_IGE_128_AES][0]=count;
c[D_IGE_192_AES][0]=count; c[D_IGE_192_AES][0]=count;
c[D_IGE_256_AES][0]=count; c[D_IGE_256_AES][0]=count;
...@@ -184,7 +185,7 @@ index 393a7ba..6e375c6 100644 ...@@ -184,7 +185,7 @@ index 393a7ba..6e375c6 100644
for (i=1; i<SIZE_NUM; i++) for (i=1; i<SIZE_NUM; i++)
{ {
@@ -1432,6 +1474,7 @@ int MAIN(int argc, char **argv) @@ -1426,6 +1468,7 @@ int MAIN(int argc, char **argv)
c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i]; c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i]; c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
...@@ -192,7 +193,7 @@ index 393a7ba..6e375c6 100644 ...@@ -192,7 +193,7 @@ index 393a7ba..6e375c6 100644
} }
for (i=1; i<SIZE_NUM; i++) for (i=1; i<SIZE_NUM; i++)
{ {
@@ -1606,160 +1649,59 @@ int MAIN(int argc, char **argv) @@ -1600,160 +1643,59 @@ int MAIN(int argc, char **argv)
} }
#endif #endif
...@@ -369,5 +370,5 @@ index 393a7ba..6e375c6 100644 ...@@ -369,5 +370,5 @@ index 393a7ba..6e375c6 100644
#ifndef OPENSSL_NO_RC4 #ifndef OPENSSL_NO_RC4
if (doit[D_RC4]) if (doit[D_RC4])
-- --
1.7.0.4 1.7.11.3
From 9fe6001d9b7a35a12a6a282677c79fd56eeaf99c Mon Sep 17 00:00:00 2001 From c0a6d4b6d7b2a9c835efa4c05af610a148eb12cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 4 Jun 2010 10:00:15 +0300 Date: Fri, 4 Jun 2010 10:00:15 +0300
Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 acceleration Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256
acceleration
Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT
is used appropriately (as done by EVP_Digest, and my previous HMAC patch). is used appropriately (as done by EVP_Digest, and my previous HMAC patch).
...@@ -24,11 +25,11 @@ sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k ...@@ -24,11 +25,11 @@ sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k
sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k
hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k
--- ---
crypto/engine/eng_padlock.c | 597 +++++++++++++++++++++++++++++++++++++++--- crypto/engine/eng_padlock.c | 599 ++++++++++++++++++++++++++++++++++++++++----
1 files changed, 554 insertions(+), 43 deletions(-) 1 file changed, 556 insertions(+), 43 deletions(-)
diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c
index 743558a..28ec0f7 100644 index 743558a..c82d0f3 100644
--- a/crypto/engine/eng_padlock.c --- a/crypto/engine/eng_padlock.c
+++ b/crypto/engine/eng_padlock.c +++ b/crypto/engine/eng_padlock.c
@@ -3,6 +3,9 @@ @@ -3,6 +3,9 @@
...@@ -41,7 +42,7 @@ index 743558a..28ec0f7 100644 ...@@ -41,7 +42,7 @@ index 743558a..28ec0f7 100644
* Big thanks to Andy Polyakov for a help with optimization, * Big thanks to Andy Polyakov for a help with optimization,
* assembler fixes, port to MS Windows and a lot of other * assembler fixes, port to MS Windows and a lot of other
* valuable work on this engine! * valuable work on this engine!
@@ -74,12 +77,23 @@ @@ -74,12 +77,25 @@
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
#include <openssl/aes.h> #include <openssl/aes.h>
#endif #endif
...@@ -61,11 +62,13 @@ index 743558a..28ec0f7 100644 ...@@ -61,11 +62,13 @@ index 743558a..28ec0f7 100644
+#ifdef _MSC_VER +#ifdef _MSC_VER
+#define OPENSSL_NO_SHA +#define OPENSSL_NO_SHA
+#endif +#endif
+
+#define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE
+ +
/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
# ifndef OPENSSL_NO_DYNAMIC_ENGINE # ifndef OPENSSL_NO_DYNAMIC_ENGINE
@@ -138,58 +152,40 @@ static int padlock_available(void); @@ -138,58 +154,40 @@ static int padlock_available(void);
static int padlock_init(ENGINE *e); static int padlock_init(ENGINE *e);
/* RNG Stuff */ /* RNG Stuff */
...@@ -87,10 +90,10 @@ index 743558a..28ec0f7 100644 ...@@ -87,10 +90,10 @@ index 743558a..28ec0f7 100644
-#ifndef OPENSSL_NO_AES -#ifndef OPENSSL_NO_AES
-static int padlock_aes_align_required = 1; -static int padlock_aes_align_required = 1;
-#endif -#endif
-
-/* ===== Engine "management" functions ===== */
+static int padlock_bind_helper(ENGINE *e); +static int padlock_bind_helper(ENGINE *e);
-/* ===== Engine "management" functions ===== */
-
-/* Prepare the ENGINE structure for registration */ -/* Prepare the ENGINE structure for registration */
-static int -static int
-padlock_bind_helper(ENGINE *e) -padlock_bind_helper(ENGINE *e)
...@@ -145,7 +148,7 @@ index 743558a..28ec0f7 100644 ...@@ -145,7 +148,7 @@ index 743558a..28ec0f7 100644
/* Constructor */ /* Constructor */
static ENGINE * static ENGINE *
@@ -213,7 +209,7 @@ ENGINE_padlock(void) @@ -213,7 +211,7 @@ ENGINE_padlock(void)
static int static int
padlock_init(ENGINE *e) padlock_init(ENGINE *e)
{ {
...@@ -154,7 +157,7 @@ index 743558a..28ec0f7 100644 ...@@ -154,7 +157,7 @@ index 743558a..28ec0f7 100644
} }
/* This stuff is needed if this ENGINE is being compiled into a self-contained /* This stuff is needed if this ENGINE is being compiled into a self-contained
@@ -365,10 +361,20 @@ padlock_available(void) @@ -365,10 +363,20 @@ padlock_available(void)
: "+a"(eax), "=d"(edx) : : "ecx"); : "+a"(eax), "=d"(edx) : : "ecx");
/* Fill up some flags */ /* Fill up some flags */
...@@ -178,7 +181,7 @@ index 743558a..28ec0f7 100644 ...@@ -178,7 +181,7 @@ index 743558a..28ec0f7 100644
} }
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
@@ -1157,6 +1163,454 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, @@ -1157,6 +1165,454 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
#endif /* OPENSSL_NO_AES */ #endif /* OPENSSL_NO_AES */
...@@ -239,9 +242,9 @@ index 743558a..28ec0f7 100644 ...@@ -239,9 +242,9 @@ index 743558a..28ec0f7 100644
+ total += len; + total += len;
+ +
+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && + if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
+ (total <= 0xfffffffe)) { + (total <= PADLOCK_MAX_FINALIZING_LENGTH)) {
+ if (c->num != 0) { + if (c->num != 0) {
+ l = (len < SHA_CBLOCK) ? len : SHA_CBLOCK; + l = (len < SHA_CBLOCK - c->num) ? len : SHA_CBLOCK - c->num;
+ if (!SHA1_Update(c, data, l)) + if (!SHA1_Update(c, data, l))
+ return 0; + return 0;
+ p += l; + p += l;
...@@ -417,9 +420,9 @@ index 743558a..28ec0f7 100644 ...@@ -417,9 +420,9 @@ index 743558a..28ec0f7 100644
+ total += len; + total += len;
+ +
+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && + if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
+ (total <= 0xfffffffe)) { + (total <= PADLOCK_MAX_FINALIZING_LENGTH)) {
+ if (c->num != 0) { + if (c->num != 0) {
+ l = (len < SHA256_CBLOCK) ? len : SHA256_CBLOCK; + l = (len < SHA256_CBLOCK - c->num) ? len : SHA256_CBLOCK - c->num;
+ if (!SHA256_Update(c, data, l)) + if (!SHA256_Update(c, data, l))
+ return 0; + return 0;
+ p += l; + p += l;
...@@ -633,7 +636,7 @@ index 743558a..28ec0f7 100644 ...@@ -633,7 +636,7 @@ index 743558a..28ec0f7 100644
/* ===== Random Number Generator ===== */ /* ===== Random Number Generator ===== */
/* /*
* This code is not engaged. The reason is that it does not comply * This code is not engaged. The reason is that it does not comply
@@ -1213,7 +1667,64 @@ static RAND_METHOD padlock_rand = { @@ -1213,7 +1669,64 @@ static RAND_METHOD padlock_rand = {
padlock_rand_status, /* rand status */ padlock_rand_status, /* rand status */
}; };
...@@ -699,5 +702,5 @@ index 743558a..28ec0f7 100644 ...@@ -699,5 +702,5 @@ index 743558a..28ec0f7 100644
#endif /* !OPENSSL_NO_HW_PADLOCK */ #endif /* !OPENSSL_NO_HW_PADLOCK */
#endif /* !OPENSSL_NO_HW */ #endif /* !OPENSSL_NO_HW */
-- --
1.7.0.4 1.7.11.3
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssl pkgname=openssl
pkgver=0.9.8r pkgver=0.9.8x
pkgrel=0 pkgrel=0
pkgdesc="Toolkit for SSL v2/v3 and TLS v1" pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url=http://openssl.org url=http://openssl.org
...@@ -50,9 +50,9 @@ libcrypto() { ...@@ -50,9 +50,9 @@ libcrypto() {
mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/
} }
md5sums="0352932ea863bc02b056cda7c9ac5b79 openssl-0.9.8r.tar.gz md5sums="ee17e9bc805c8cc7d0afac3b0ef78eda openssl-0.9.8x.tar.gz
19615785a671129bae790478f073da2c openssl-0.9.8o-fix-manpages.patch 19615785a671129bae790478f073da2c openssl-0.9.8o-fix-manpages.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
2f370b846d8f27ac45dd6e5341366e16 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch 5e5366fbc7c60c110dbcc603d2fb3a94 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
9ba0ecf53f8b60ff8703a1ffe5b3e701 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch d193bee38f342b1eeb24bd0f444d15fa 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch
e262418b20a05c2af12d464ac194ea21 0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch" f920a35ac705a9ce0f44547f96441d77 0003-engine-padlock-implement-sha1-sha224-sha256-accelera.patch"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment