From 9e9c63dfc7673456279d0d2772f5c07476b0c113 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Tue, 14 Jan 2020 13:32:21 +0000 Subject: system/openssl: Bump to 1.1.1d --- system/openssl/0003-use-termios.patch | 26 - .../0004-fix-default-ca-path-for-apps.patch | 79 --- system/openssl/0005-fix-parallel-build.patch | 349 --------- ...cv3-tls-3.1-extension-support-to-s_client.patch | 68 -- ...i-compat-with-no-freelist-and-regular-bui.patch | 27 - system/openssl/0009-no-rpath.patch | 11 - system/openssl/0010-ssl-env-zlib.patch | 38 - ...-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch | 88 --- ...port-changes-from-upstream-padlock-module.patch | 200 ------ ...adlock-implement-sha1-sha224-sha256-accel.patch | 782 --------------------- ...to-engine-autoload-padlock-dynamic-engine.patch | 33 - system/openssl/APKBUILD | 63 +- system/openssl/CVE-2019-1551.patch | 757 ++++++++++++++++++++ system/openssl/ppc64.patch | 96 +++ 14 files changed, 874 insertions(+), 1743 deletions(-) delete mode 100644 system/openssl/0003-use-termios.patch delete mode 100644 system/openssl/0004-fix-default-ca-path-for-apps.patch delete mode 100644 system/openssl/0005-fix-parallel-build.patch delete mode 100644 system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch delete mode 100644 system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch delete mode 100644 system/openssl/0009-no-rpath.patch delete mode 100644 system/openssl/0010-ssl-env-zlib.patch delete mode 100644 system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch delete mode 100644 system/openssl/1002-backport-changes-from-upstream-padlock-module.patch delete mode 100644 system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch delete mode 100644 system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch create mode 100644 system/openssl/CVE-2019-1551.patch create mode 100644 system/openssl/ppc64.patch diff --git a/system/openssl/0003-use-termios.patch b/system/openssl/0003-use-termios.patch deleted file mode 100644 index 3312d1856..000000000 --- a/system/openssl/0003-use-termios.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5caf1bdcdb56358c0ce38ef404fedbe323e66cb9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Thu, 5 Feb 2015 08:40:32 +0200 -Subject: [PATCH] use termios - ---- - crypto/ui/ui_openssl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c -index 8bda83c..a89b5f2 100644 ---- a/crypto/ui/ui_openssl.c -+++ b/crypto/ui/ui_openssl.c -@@ -224,6 +224,9 @@ - # undef SGTTY - #endif - -+#define TERMIOS -+#undef TERMIO -+ - #ifdef TERMIOS - # include - # define TTY_STRUCT struct termios --- -2.2.2 - diff --git a/system/openssl/0004-fix-default-ca-path-for-apps.patch b/system/openssl/0004-fix-default-ca-path-for-apps.patch deleted file mode 100644 index c2c53184a..000000000 --- a/system/openssl/0004-fix-default-ca-path-for-apps.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Thu, 5 Feb 2015 08:52:05 +0200 -Subject: [PATCH] fix default ca path for apps - ---- - apps/s_server.c | 22 ++++++++++++++-------- - apps/s_time.c | 13 ++++++------- - 3 files changed, 26 insertions(+), 22 deletions(-) - -diff --git a/apps/s_server.c b/apps/s_server.c -index baa2455..2d5dc97 100644 ---- a/apps/s_server.c -+++ b/apps/s_server.c -@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[]) - } - #endif - -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) { -- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx)) -+ ERR_print_errors(bio_err); -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) -+ ERR_print_errors(bio_err); - } -+ - if (vpm) - SSL_CTX_set1_param(ctx, vpm); - -@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[]) - else - SSL_CTX_sess_set_cache_size(ctx2, 128); - -- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx2))) { -- ERR_print_errors(bio_err); -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx2)) -+ ERR_print_errors(bio_err); -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) -+ ERR_print_errors(bio_err); - } -+ - if (vpm) - SSL_CTX_set1_param(ctx2, vpm); - -diff --git a/apps/s_time.c b/apps/s_time.c -index 5846f3a..c8f371a 100644 ---- a/apps/s_time.c -+++ b/apps/s_time.c -@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv) - - SSL_load_error_strings(); - -- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(tm_ctx))) { -- /* -- * BIO_printf(bio_err,"error setting default verify locations\n"); -- */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) -+ ERR_print_errors(bio_err); -+ } else { -+ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) -+ ERR_print_errors(bio_err); - } - - if (tm_cipher == NULL) --- -2.2.2 - diff --git a/system/openssl/0005-fix-parallel-build.patch b/system/openssl/0005-fix-parallel-build.patch deleted file mode 100644 index 70073fd19..000000000 --- a/system/openssl/0005-fix-parallel-build.patch +++ /dev/null @@ -1,349 +0,0 @@ -diff -ru openssl-1.0.2a.orig/Makefile.org openssl-1.0.2a/Makefile.org ---- openssl-1.0.2d.orig/Makefile.org 2015-07-09 16:30:50.201986573 -0300 -+++ openssl-1.0.2d/Makefile.org 2015-07-09 16:30:50.201986573 -0300 -@@ -278,17 +278,17 @@ - build_libssl: build_ssl libssl.pc - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ +@dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -536,9 +536,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -547,12 +547,19 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -636,12 +643,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ -diff -ru openssl-1.0.2a.orig/Makefile.shared openssl-1.0.2a/Makefile.shared ---- openssl-1.0.2a.orig/Makefile.shared 2015-01-20 12:33:36.000000000 +0000 -+++ openssl-1.0.2a/Makefile.shared 2015-03-19 14:53:31.246908039 +0000 -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ -diff -ru openssl-1.0.2a.orig/crypto/Makefile openssl-1.0.2a/crypto/Makefile ---- openssl-1.0.2a.orig/crypto/Makefile 2015-03-19 13:31:02.000000000 +0000 -+++ openssl-1.0.2a/crypto/Makefile 2015-03-19 14:53:31.246908039 +0000 -@@ -85,11 +85,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) -diff -ru openssl-1.0.2a.orig/engines/Makefile openssl-1.0.2a/engines/Makefile ---- openssl-1.0.2a.orig/engines/Makefile 2015-03-19 13:31:14.000000000 +0000 -+++ openssl-1.0.2a/engines/Makefile 2015-03-19 14:53:31.246908039 +0000 -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) -diff -ru openssl-1.0.2a.orig/test/Makefile openssl-1.0.2a/test/Makefile ---- openssl-1.0.2a.orig/test/Makefile 2015-03-19 13:31:16.000000000 +0000 -+++ openssl-1.0.2a/test/Makefile 2015-03-19 14:55:44.146017128 +0000 -@@ -133,7 +133,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -402,121 +402,121 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) -- @target=$(EVPEXTRATEST); $(BUILD_CMD) -+ +@target=$(EVPEXTRATEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) -- @target=$(V3NAMETEST); $(BUILD_CMD) -+ +@target=$(V3NAMETEST); $(BUILD_CMD) - - $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) -- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) -+ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) - - $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -- @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ +@target=$(CONSTTIMETEST) $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -529,7 +529,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch b/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch deleted file mode 100644 index daa6df02f..000000000 --- a/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 4785c095dbfb3630ddf6685f23e3a19c7c804cbc Mon Sep 17 00:00:00 2001 -From: William Pitcock -Date: Thu, 5 Feb 2015 09:02:00 +0200 -Subject: [PATCH] add ircv3 tls-3.1 extension support to s_client - ---- - apps/s_client.c | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/apps/s_client.c b/apps/s_client.c -index 8aee02a..0a28b89 100644 ---- a/apps/s_client.c -+++ b/apps/s_client.c -@@ -401,7 +401,7 @@ static void sc_usage(void) - BIO_printf(bio_err, - " 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err, -- " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); -+ " only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"ircv3\"\n"); - BIO_printf(bio_err, " are supported.\n"); - #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, -@@ -640,7 +640,8 @@ enum { - PROTO_POP3, - PROTO_IMAP, - PROTO_FTP, -- PROTO_XMPP -+ PROTO_XMPP, -+ PROTO_IRCV3, - }; - - int MAIN(int, char **); -@@ -1062,6 +1063,8 @@ int MAIN(int argc, char **argv) - starttls_proto = PROTO_FTP; - else if (strcmp(*argv, "xmpp") == 0) - starttls_proto = PROTO_XMPP; -+ else if (strcmp(*argv, "ircv3") == 0) -+ starttls_proto = PROTO_IRCV3; - else - goto bad; - } -@@ -1646,6 +1649,23 @@ int MAIN(int argc, char **argv) - goto shut; - mbuf[0] = 0; - } -+ if (starttls_proto == PROTO_IRCV3) { -+ int seen = 0; -+ BIO_printf(sbio,"CAP REQ :tls\r\n"); -+ -+ while (!strstr(mbuf,"CAP")) { -+ seen = BIO_read(sbio,mbuf,BUFSIZZ); -+ mbuf[seen] = 0; -+ } -+ if (!strstr(mbuf,"ACK")) -+ goto shut; -+ BIO_printf(sbio,"CAP END\r\nSTARTTLS\r\n"); -+ while (!strstr(sbuf, "670")) { -+ seen = BIO_read(sbio,sbuf,BUFSIZZ); -+ sbuf[seen] = 0; -+ } -+ mbuf[0] = 0; -+ } - - for (;;) { - FD_ZERO(&readfds); --- -2.2.2 - diff --git a/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch b/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch deleted file mode 100644 index ff3d25eff..000000000 --- a/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7457e26d3a78c7cd923242d87d04febadddea086 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Thu, 5 Feb 2015 10:06:31 +0200 -Subject: [PATCH] maintain abi compat with no-freelist and regular build - ---- - ssl/ssl.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/ssl/ssl.h b/ssl/ssl.h -index 2b0f662..636cb5d 100644 ---- a/ssl/ssl.h -+++ b/ssl/ssl.h -@@ -1113,6 +1113,10 @@ struct ssl_ctx_st { - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -+# else -+ unsigned int freelist_dummy0; -+ void *freelist_dummy1; -+ void *freelist_dummy2; - # endif - # ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ --- -2.2.2 - diff --git a/system/openssl/0009-no-rpath.patch b/system/openssl/0009-no-rpath.patch deleted file mode 100644 index 56df75b79..000000000 --- a/system/openssl/0009-no-rpath.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.shared 2005-06-23 22:47:54.000000000 +0200 -+++ b/Makefile.shared 2005-11-16 22:35:37.000000000 +0100 -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/system/openssl/0010-ssl-env-zlib.patch b/system/openssl/0010-ssl-env-zlib.patch deleted file mode 100644 index 9eae15d72..000000000 --- a/system/openssl/0010-ssl-env-zlib.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200 -+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200 -@@ -47,6 +47,13 @@ - been standardized, the compression API will most likely be changed. Using - it in the current state is not recommended. - -+It is also not recommended to use compression if data transfered contain -+untrusted parts that can be manipulated by an attacker as he could then -+get information about the encrypted data. See the CRIME attack. For -+that reason the default loading of the zlib compression method is -+disabled and enabled only if the environment variable B -+is present during the library initialization. -+ - =head1 RETURN VALUES - - SSL_COMP_add_compression_method() may return the following values: -diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c ---- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200 -@@ -141,6 +141,8 @@ - */ - - #include -+#include -+#include - #include - #ifndef OPENSSL_NO_COMP - # include -@@ -481,7 +483,7 @@ - - MemCheck_off(); - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); -- if (ssl_comp_methods != NULL) { -+ if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { - comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) { - comp->method = COMP_zlib(); diff --git a/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch deleted file mode 100644 index ef46faa84..000000000 --- a/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 83c96cbc76604daccbc31cea9411555aea96fd6d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Thu, 5 Feb 2015 09:16:51 +0200 -Subject: [PATCH] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it - properly - -Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT -is set before final update. This is because some crypto accelerators cannot -perform non-finalizing transform of the digest. - -The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly -differently here. It is set before the final EVP_DigestUpdate call, not -necessarily before EVP_DigestInit call. This will not cause any problems -though. ---- - crypto/hmac/hmac.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c -index 1fc9e2c..6f16578 100644 ---- a/crypto/hmac/hmac.c -+++ b/crypto/hmac/hmac.c -@@ -109,7 +109,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); - if (j < len) { -- if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); -+ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) - goto err; -@@ -129,6 +130,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - if (reset) { - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) - pad[i] = 0x36 ^ ctx->key[i]; -+ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) -@@ -136,6 +138,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) - pad[i] = 0x5c ^ ctx->key[i]; -+ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) -@@ -143,6 +146,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - } - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) - goto err; -+ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT); - return 1; - err: - return 0; -@@ -177,6 +181,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - goto err; - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) - goto err; -+ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT); - if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) - goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) -@@ -233,8 +238,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - if (md == NULL) - md = m; - HMAC_CTX_init(&c); -- if (!HMAC_Init(&c, key, key_len, evp_md)) -+ if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) - goto err; -+ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT); - if (!HMAC_Update(&c, d, n)) - goto err; - if (!HMAC_Final(&c, md, md_len)) -@@ -247,7 +253,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - - void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) - { -- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT); - EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); - } --- -2.2.2 - diff --git a/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch b/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch deleted file mode 100644 index f63bbcd1c..000000000 --- a/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch +++ /dev/null @@ -1,200 +0,0 @@ -From ba17588a940ee712c3ef6d458adb1087f0c84521 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Thu, 5 Feb 2015 09:28:10 +0200 -Subject: [PATCH] backport changes from upstream padlock module. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Includes support for VIA Nano 64-bit mode. - -Signed-off-by: Timo Teräs ---- - engines/e_padlock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 125 insertions(+), 17 deletions(-) - -diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 2898e4c..94406cb 100644 ---- a/engines/e_padlock.c -+++ b/engines/e_padlock.c -@@ -101,7 +101,10 @@ - */ - # undef COMPILE_HW_PADLOCK - # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) --# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ -+# if (defined(__GNUC__) && __GNUC__>=2 && \ -+ (defined(__i386__) || defined(__i386) || \ -+ defined(__x86_64__) || defined(__x86_64)) \ -+ ) || \ - (defined(_MSC_VER) && defined(_M_IX86)) - # define COMPILE_HW_PADLOCK - # endif -@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; - * ======================================================= - */ - # if defined(__GNUC__) && __GNUC__>=2 -+# if defined(__i386__) || defined(__i386) - /* - * As for excessive "push %ebx"/"pop %ebx" found all over. - * When generating position-independent code GCC won't let -@@ -379,22 +383,6 @@ static int padlock_available(void) - return padlock_use_ace + padlock_use_rng; - } - --# ifndef OPENSSL_NO_AES --# ifndef AES_ASM --/* Our own htonl()/ntohl() */ --static inline void padlock_bswapl(AES_KEY *ks) --{ -- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -- -- while (i--) { -- asm volatile ("bswapl %0":"+r" (*key)); -- key++; -- } --} --# endif --# endif -- - /* - * Force key reload from memory to the CPU microcode. Loading EFLAGS from the - * stack clears EFLAGS[30] which does the trick. -@@ -448,6 +436,110 @@ static inline void *name(size_t cnt, \ - : "edx", "cc", "memory"); \ - return iv; \ - } -+#endif -+ -+#elif defined(__x86_64__) || defined(__x86_64) -+ -+/* Load supported features of the CPU to see if -+ the PadLock is available. */ -+static int -+padlock_available(void) -+{ -+ char vendor_string[16]; -+ unsigned int eax, edx; -+ -+ /* Are we running on the Centaur (VIA) CPU? */ -+ eax = 0x00000000; -+ vendor_string[12] = 0; -+ asm volatile ( -+ "cpuid\n" -+ "movl %%ebx,(%1)\n" -+ "movl %%edx,4(%1)\n" -+ "movl %%ecx,8(%1)\n" -+ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); -+ if (strcmp(vendor_string, "CentaurHauls") != 0) -+ return 0; -+ -+ /* Check for Centaur Extended Feature Flags presence */ -+ eax = 0xC0000000; -+ asm volatile ("cpuid" -+ : "+a"(eax) : : "rbx", "rcx", "rdx"); -+ if (eax < 0xC0000001) -+ return 0; -+ -+ /* Read the Centaur Extended Feature Flags */ -+ eax = 0xC0000001; -+ asm volatile ("cpuid" -+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); -+ -+ /* Fill up some flags */ -+ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -+ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ -+ return padlock_use_ace + padlock_use_rng; -+} -+ -+/* Force key reload from memory to the CPU microcode. -+ Loading EFLAGS from the stack clears EFLAGS[30] -+ which does the trick. */ -+static inline void -+padlock_reload_key(void) -+{ -+ asm volatile ("pushfq; popfq"); -+} -+ -+#ifndef OPENSSL_NO_AES -+/* -+ * This is heuristic key context tracing. At first one -+ * believes that one should use atomic swap instructions, -+ * but it's not actually necessary. Point is that if -+ * padlock_saved_context was changed by another thread -+ * after we've read it and before we compare it with cdata, -+ * our key *shall* be reloaded upon thread context switch -+ * and we are therefore set in either case... -+ */ -+static inline void -+padlock_verify_context(struct padlock_cipher_data *cdata) -+{ -+ asm volatile ( -+ "pushfq\n" -+" btl $30,(%%rsp)\n" -+" jnc 1f\n" -+" cmpq %2,%1\n" -+" je 1f\n" -+" popfq\n" -+" subq $8,%%rsp\n" -+"1: addq $8,%%rsp\n" -+" movq %2,%0" -+ :"+m"(padlock_saved_context) -+ : "r"(padlock_saved_context), "r"(cdata) : "cc"); -+} -+ -+/* Template for padlock_xcrypt_* modes */ -+/* BIG FAT WARNING: -+ * The offsets used with 'leal' instructions -+ * describe items of the 'padlock_cipher_data' -+ * structure. -+ */ -+#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ -+static inline void *name(size_t cnt, \ -+ struct padlock_cipher_data *cdata, \ -+ void *out, const void *inp) \ -+{ void *iv; \ -+ asm volatile ( "leaq 16(%0),%%rdx\n" \ -+ " leaq 32(%0),%%rbx\n" \ -+ rep_xcrypt "\n" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "rbx", "rdx", "cc", "memory"); \ -+ return iv; \ -+} -+#endif -+ -+#endif /* cpu */ -+ -+ -+# ifndef OPENSSL_NO_AES - - /* Generate all functions with appropriate opcodes */ - /* rep xcryptecb */ -@@ -458,7 +550,23 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") - /* rep xcryptofb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") -+ -+# ifndef AES_ASM -+/* Our own htonl()/ntohl() */ -+static inline void padlock_bswapl(AES_KEY *ks) -+{ -+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -+ unsigned int *key = ks->rd_key; -+ -+ while (i--) { -+ asm volatile ("bswapl %0":"+r" (*key)); -+ key++; -+ } -+} -+# endif -+ - # endif -+ - /* The RNG call itself */ - static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) - { --- -2.2.2 - diff --git a/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch deleted file mode 100644 index 5a2cdd633..000000000 --- a/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch +++ /dev/null @@ -1,782 +0,0 @@ -From 728af0306505f1ff91364ac2175fb6bf5da90ec3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Thu, 5 Feb 2015 09:41:12 +0200 -Subject: [PATCH] engines/e_padlock: implement sha1/sha224/sha256 acceleration - -Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT -is used appropriately (as done by EVP_Digest, and my previous HMAC patch). - -Full support for VIA Nano including partial transformation and 64-bit mode. - -Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and -apps/speed patches done. From single run, error margin of about 100-200k. - -No padlock - -type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k -sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k -hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k - -With the patch - -sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k -sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k -hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k ---- - engines/e_padlock.c | 663 ++++++++++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 614 insertions(+), 49 deletions(-) - -diff --git a/engines/e_padlock.c b/engines/e_padlock.c -index 94406cb..5e99114 100644 ---- a/engines/e_padlock.c -+++ b/engines/e_padlock.c -@@ -3,6 +3,9 @@ - * Written by Michal Ludvig - * http://www.logix.cz/michal - * -+ * SHA support by Timo Teras . Portions based on -+ * code originally written by Michal Ludvig. -+ * - * Big thanks to Andy Polyakov for a help with optimization, - * assembler fixes, port to MS Windows and a lot of other - * valuable work on this engine! -@@ -63,7 +66,9 @@ - */ - - #include -+#include - #include -+#include - - #include - #include -@@ -73,11 +78,32 @@ - #ifndef OPENSSL_NO_AES - # include - #endif -+#ifndef OPENSSL_NO_SHA -+# include -+#endif - #include - #include - - #ifndef OPENSSL_NO_HW --# ifndef OPENSSL_NO_HW_PADLOCK -+# ifndef OPENSSL_NO_HW_PADLOCK -+ -+/* PadLock RNG is disabled by default */ -+# define PADLOCK_NO_RNG 1 -+ -+/* No ASM routines for SHA in MSC yet */ -+# ifdef _MSC_VER -+# define OPENSSL_NO_SHA -+# endif -+ -+/* 64-bit mode does not need software SHA1 as fallback, we can -+ * do all operations with padlock */ -+# if defined(__x86_64__) || defined(__x86_64) -+# define PADLOCK_NEED_FALLBACK_SHA 0 -+# else -+# define PADLOCK_NEED_FALLBACK_SHA 1 -+# endif -+ -+# define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE - - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ - # if (OPENSSL_VERSION_NUMBER >= 0x00908000L) -@@ -151,60 +177,42 @@ void ENGINE_load_padlock(void) - static int padlock_available(void); - static int padlock_init(ENGINE *e); - -+# ifndef PADLOCK_NO_RNG - /* RNG Stuff */ - static RAND_METHOD padlock_rand; -- --/* Cipher Stuff */ --# ifndef OPENSSL_NO_AES --static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -- const int **nids, int nid); - # endif - - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - -+static int padlock_bind_helper(ENGINE *e); -+ - /* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ -+enum padlock_flags { -+ PADLOCK_RNG = 0x01, -+ PADLOCK_ACE = 0x02, -+ PADLOCK_ACE2 = 0x04, -+ PADLOCK_PHE = 0x08, -+ PADLOCK_PMM = 0x10, -+ PADLOCK_NANO = 0x20, -+}; -+enum padlock_flags padlock_flags; -+ -+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) -+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) -+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) -+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) -+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) -+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) -+#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO) -+ - # ifndef OPENSSL_NO_AES - static int padlock_aes_align_required = 1; - # endif - - /* ===== Engine "management" functions ===== */ - --/* Prepare the ENGINE structure for registration */ --static int padlock_bind_helper(ENGINE *e) --{ -- /* Check available features */ -- padlock_available(); -- --# if 1 /* disable RNG for now, see commentary in -- * vicinity of RNG code */ -- padlock_use_rng = 0; --# endif -- -- /* Generate a nice engine name with available features */ -- BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -- -- /* Register everything or return with an error */ -- if (!ENGINE_set_id(e, padlock_id) || -- !ENGINE_set_name(e, padlock_name) || -- !ENGINE_set_init_function(e, padlock_init) || --# ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || --# endif -- (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { -- return 0; -- } -- -- /* Everything looks good */ -- return 1; --} -- - # ifdef OPENSSL_NO_DYNAMIC_ENGINE - - /* Constructor */ -@@ -229,7 +237,7 @@ static ENGINE *ENGINE_padlock(void) - /* Check availability of the engine */ - static int padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return padlock_flags; - } - - /* -@@ -377,10 +385,20 @@ static int padlock_available(void) - "=d"(edx)::"ecx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); -- padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); -- -- return padlock_use_ace + padlock_use_rng; -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ -+ /* Check for VIA Nano CPU */ -+ eax = 0x00000001; -+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx" -+ : "+a"(eax) : : "ecx", "edx"); -+ if ((eax | 0x000F) == 0x06FF) -+ padlock_flags |= PADLOCK_NANO; -+ -+ return padlock_flags; - } - - /* -@@ -473,10 +491,14 @@ padlock_available(void) - : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -- -- return padlock_use_ace + padlock_use_rng; -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); -+ padlock_flags |= PADLOCK_NANO; -+ -+ return padlock_flags; - } - - /* Force key reload from memory to the CPU microcode. -@@ -1293,6 +1315,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, - - # endif /* OPENSSL_NO_AES */ - -+#ifndef OPENSSL_NO_SHA -+ -+static inline void -+padlock_copy_bswap(void *dst, void *src, size_t count) -+{ -+ uint32_t *udst = dst, *usrc = src; -+ int i = 0; -+ -+ for (i = 0; i < count; i++) -+ udst[i] = htonl(usrc[i]); -+} -+ -+static unsigned long padlock_sha_prepare_padding( -+ EVP_MD_CTX *ctx, -+ unsigned char *padding, -+ unsigned char *data, size_t data_len, -+ uint64_t total) -+{ -+ unsigned int padding_len; -+ -+ padding_len = data_len < 56 ? SHA_CBLOCK : 2 * SHA_CBLOCK; -+ if (data_len) -+ memcpy(padding, data, data_len); -+ -+ memset(padding + data_len, 0, padding_len - data_len); -+ padding[data_len] = 0x80; -+ *(uint32_t *)(padding + padding_len - 8) = htonl(total >> 32); -+ *(uint32_t *)(padding + padding_len - 4) = htonl(total & 0xffffffff); -+ -+ return data_len < 56 ? 1 : 2; -+} -+ -+#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15) -+#define PADLOCK_SHA_HWCTX (128+16) -+ -+static void -+padlock_sha1(void *hwctx, const void *buf, unsigned long total, unsigned long now) -+{ -+ unsigned long pos = total - now; -+ -+ asm volatile ("xsha1" -+ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) -+ : : "memory"); -+} -+ -+static void -+padlock_sha1_partial(void *hwctx, const void *buf, unsigned long blocks) -+{ -+ asm volatile ("xsha1" -+ : "+S"(buf), "+D"(hwctx), "+c"(blocks) -+ : "a"(-1L) : "memory"); -+} -+ -+static int padlock_sha1_init(EVP_MD_CTX *ctx) -+{ -+ return SHA1_Init(ctx->md_data); -+} -+ -+#if PADLOCK_NEED_FALLBACK_SHA -+ -+static int padlock_sha1_update_eden(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ const unsigned char *p = data; -+ unsigned long l = 0; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ if (c->num != 0) { -+ l = (len < SHA_CBLOCK - c->num) ? len : (SHA_CBLOCK - c->num); -+ if (!SHA1_Update(c, data, l)) -+ return 0; -+ p += l; -+ if (c->num != 0) { -+ p = (unsigned char *) c->data; -+ len = c->num; -+ l = 0; -+ } -+ } -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ padlock_sha1(aligned, p, total, len - l); -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ c->num = -1; -+ return 1; -+ } -+ -+ return SHA1_Update(c, data, len); -+} -+#endif -+ -+static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ unsigned char *p; -+ unsigned long n; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ c->Nh = total >> 29; -+ c->Nl = (total << 3) & 0xffffffffUL; -+ -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ -+ /* Check partial data */ -+ n = c->num; -+ if (n) { -+ p = (unsigned char *) c->data; -+ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) { -+ memcpy(p+n, data, SHA_CBLOCK-n); -+ padlock_sha1_partial(aligned, p, 1); -+ n = SHA_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ memset(p, 0, SHA_CBLOCK); -+ } else { -+ memcpy(p+n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ /* Can we finalize straight away? */ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ padlock_sha1(aligned, data, total, len); -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ c->num = -1; -+ return 1; -+ } -+ -+ /* Use nonfinalizing update */ -+ n = len / SHA_CBLOCK; -+ if (n != 0) { -+ padlock_sha1_partial(aligned, data, n); -+ data += n * SHA_CBLOCK; -+ len -= n * SHA_CBLOCK; -+ } -+ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG)); -+ -+ /* Buffer remaining bytes */ -+ if (len) { -+ memcpy(c->data, data, len); -+ c->num = len; -+ } -+ -+ return 1; -+} -+ -+static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ uint64_t total; -+ SHA_CTX *c = ctx->md_data; -+ -+ if (c->num == -1) { -+ padlock_copy_bswap(md, &c->h0, 5); -+ c->num = 0; -+ return 1; -+ } -+ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+#if PADLOCK_NEED_FALLBACK_SHA -+ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) -+ return SHA1_Final(md, c); -+#endif -+ -+ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG)); -+ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { -+ unsigned char padding[2 * SHA_CBLOCK]; -+ unsigned long n; -+ -+ n = padlock_sha_prepare_padding(ctx, padding, -+ (unsigned char *) c->data, c->num, total << 3); -+ padlock_sha1_partial(aligned, padding, n); -+ } else { -+ padlock_sha1(aligned, c->data, total, c->num); -+ } -+ padlock_copy_bswap(md, aligned, 5); -+ c->num = 0; -+ -+ return 1; -+} -+ -+static EVP_MD padlock_sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, -+ padlock_sha1_init, -+ padlock_sha1_update, -+ padlock_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA_CTX), -+}; -+ -+static EVP_MD padlock_dss1_md = { -+ NID_dsa, -+ NID_dsaWithSHA1, -+ SHA_DIGEST_LENGTH, -+ 0, -+ padlock_sha1_init, -+ padlock_sha1_update, -+ padlock_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_DSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA_CTX), -+}; -+ -+ -+#if !defined(OPENSSL_NO_SHA256) -+ -+static void -+padlock_sha256(void *hwctx, const void *buf, unsigned long total, unsigned long now) -+{ -+ unsigned long pos = total - now; -+ -+ asm volatile ("xsha256" -+ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total) -+ : : "memory"); -+} -+ -+static void -+padlock_sha256_partial(void *hwctx, const void *buf, unsigned long blocks) -+{ -+ asm volatile ("xsha256" -+ : "+S"(buf), "+D"(hwctx), "+c"(blocks) -+ : "a"(-1L) : "memory"); -+} -+ -+#if PADLOCK_NEED_FALLBACK_SHA -+ -+static int padlock_sha256_update_eden(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA256_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ const unsigned char *p = data; -+ unsigned int l = 0; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ if (c->num != 0) { -+ l = (len < SHA256_CBLOCK - c->num) ? len : (SHA256_CBLOCK - c->num); -+ if (!SHA256_Update(c, data, l)) -+ return 0; -+ p += l; -+ if (c->num != 0) { -+ p = (unsigned char *) c->data; -+ len = c->num; -+ l = 0; -+ } -+ } -+ memcpy(aligned, c->h, sizeof(c->h)); -+ padlock_sha256(aligned, p, total, len - l); -+ memcpy(c->h, aligned, sizeof(c->h)); -+ c->num = -1; -+ return 1; -+ } -+ -+ return SHA256_Update(c, data, len); -+} -+ -+#endif -+ -+static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data, -+ size_t len) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ SHA256_CTX *c = ctx->md_data; -+ uint_fast64_t total; -+ unsigned char *p; -+ unsigned long n; -+ -+ /* Calculate total length (Nl,Nh) is length in bits */ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+ total += len; -+ c->Nh = total >> 29; -+ c->Nl = (total << 3) & 0xffffffffUL; -+ -+ memcpy(aligned, c->h, sizeof(c->h)); -+ -+ /* Check partial data */ -+ n = c->num; -+ if (n) { -+ p = (unsigned char *) c->data; -+ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) { -+ memcpy(p+n, data, SHA256_CBLOCK-n); -+ padlock_sha256_partial(aligned, p, 1); -+ n = SHA256_CBLOCK - n; -+ data += n; -+ len -= n; -+ c->num = 0; -+ memset(p, 0, SHA256_CBLOCK); -+ } else { -+ memcpy(p+n, data, len); -+ c->num += (unsigned int)len; -+ return 1; -+ } -+ } -+ -+ /* Can we finalize straight away? */ -+ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) && -+ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) { -+ padlock_sha256(aligned, data, total, len); -+ memcpy(c->h, aligned, sizeof(c->h)); -+ c->num = -1; -+ return 1; -+ } -+ -+ /* Use nonfinalizing update */ -+ n = len / SHA256_CBLOCK; -+ if (n != 0) { -+ padlock_sha256_partial(aligned, data, n); -+ data += n * SHA256_CBLOCK; -+ len -= n * SHA256_CBLOCK; -+ } -+ memcpy(c->h, aligned, sizeof(c->h)); -+ -+ /* Buffer remaining bytes */ -+ if (len) { -+ memcpy(c->data, data, len); -+ c->num = len; -+ } -+ -+ return 1; -+} -+ -+static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ unsigned char hwctx[PADLOCK_SHA_HWCTX]; -+ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx); -+ uint64_t total; -+ SHA256_CTX *c = ctx->md_data; -+ -+ if (c->num == -1) { -+ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0])); -+ c->num = 0; -+ return 1; -+ } -+ -+ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3); -+#if PADLOCK_NEED_FALLBACK_SHA -+ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH)) -+ return SHA256_Final(md, c); -+#endif -+ -+ memcpy(aligned, c->h, sizeof(c->h)); -+ if (total > PADLOCK_MAX_FINALIZING_LENGTH) { -+ unsigned char padding[2 * SHA_CBLOCK]; -+ unsigned long n; -+ -+ n = padlock_sha_prepare_padding(ctx, padding, -+ (unsigned char *) c->data, c->num, total << 3); -+ padlock_sha256_partial(aligned, padding, n); -+ } else { -+ padlock_sha256(aligned, c->data, total, c->num); -+ } -+ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0])); -+ c->num = 0; -+ return 1; -+} -+ -+#if !defined(OPENSSL_NO_SHA224) -+ -+static int padlock_sha224_init(EVP_MD_CTX *ctx) -+{ -+ return SHA224_Init(ctx->md_data); -+} -+ -+static EVP_MD padlock_sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ 0, -+ padlock_sha224_init, -+ padlock_sha256_update, -+ padlock_sha256_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA256_CTX), -+}; -+#endif /* !OPENSSL_NO_SHA224 */ -+ -+static int padlock_sha256_init(EVP_MD_CTX *ctx) -+{ -+ return SHA256_Init(ctx->md_data); -+} -+ -+static EVP_MD padlock_sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ 0, -+ padlock_sha256_init, -+ padlock_sha256_update, -+ padlock_sha256_final, -+ NULL, -+ NULL, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(SHA256_CTX), -+}; -+#endif /* !OPENSSL_NO_SHA256 */ -+ -+static int padlock_digest_nids[] = { -+#if !defined(OPENSSL_NO_SHA) -+ NID_sha1, -+ NID_dsa, -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ NID_sha224, -+#endif -+ NID_sha256, -+#endif -+}; -+ -+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); -+ -+static int -+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ /* No specific digest => return a list of supported nids ... */ -+ if (!digest) { -+ *nids = padlock_digest_nids; -+ return padlock_digest_nids_num; -+ } -+ -+ /* ... or the requested "digest" otherwise */ -+ switch (nid) { -+#if !defined(OPENSSL_NO_SHA) -+ case NID_sha1: -+ *digest = &padlock_sha1_md; -+ break; -+ case NID_dsa: -+ *digest = &padlock_dss1_md; -+ break; -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ case NID_sha224: -+ *digest = &padlock_sha224_md; -+ break; -+#endif /* OPENSSL_NO_SHA224 */ -+ case NID_sha256: -+ *digest = &padlock_sha256_md; -+ break; -+#endif /* OPENSSL_NO_SHA256 */ -+ default: -+ /* Sorry, we don't support this NID */ -+ *digest = NULL; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif /* OPENSSL_NO_SHA */ -+ -+#ifndef PADLOCK_NO_RNG -+ - /* ===== Random Number Generator ===== */ - /* - * This code is not engaged. The reason is that it does not comply -@@ -1356,6 +1868,59 @@ static RAND_METHOD padlock_rand = { - padlock_rand_bytes, /* pseudorand */ - padlock_rand_status, /* rand status */ - }; -+#endif /* PADLOCK_NO_RNG */ -+ -+/* Prepare the ENGINE structure for registration */ -+static int -+padlock_bind_helper(ENGINE *e) -+{ -+ /* Check available features */ -+ padlock_available(); -+ -+ /* Generate a nice engine name with available features */ -+ BIO_snprintf(padlock_name, sizeof(padlock_name), -+ "VIA PadLock: %s%s%s%s%s%s", -+ padlock_flags ? "" : "not supported", -+ PADLOCK_HAVE_RNG ? "RNG " : "", -+ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", -+ PADLOCK_HAVE_PHE ? "PHE " : "", -+ PADLOCK_HAVE_PMM ? "PMM " : "", -+ PADLOCK_HAVE_NANO ? "NANO " : "" -+ ); -+ -+#if PADLOCK_NEED_FALLBACK_SHA && !defined(OPENSSL_NO_SHA) -+ if (!PADLOCK_HAVE_NANO) { -+ padlock_sha1_md.update = padlock_sha1_update_eden; -+ padlock_dss1_md.update = padlock_sha1_update_eden; -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ padlock_sha224_md.update = padlock_sha256_update_eden; -+#endif -+ padlock_sha256_md.update = padlock_sha256_update_eden; -+#endif -+ } -+#endif -+ -+ /* Register everything or return with an error */ -+ if (!ENGINE_set_id(e, padlock_id) || -+ !ENGINE_set_name(e, padlock_name) || -+ !ENGINE_set_init_function(e, padlock_init) -+#ifndef OPENSSL_NO_AES -+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif -+#ifndef OPENSSL_NO_SHA -+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) -+#endif -+#ifndef PADLOCK_NO_RNG -+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) -+#endif -+ ) { -+ return 0; -+ } -+ -+ /* Everything looks good */ -+ return 1; -+} - - # else /* !COMPILE_HW_PADLOCK */ - # ifndef OPENSSL_NO_DYNAMIC_ENGINE --- -2.2.2 - diff --git a/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch b/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch deleted file mode 100644 index 66f37451e..000000000 --- a/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a58658f191e83f4c6417d2cc879fa572f7978537 Mon Sep 17 00:00:00 2001 -From: Natanael Copa -Date: Thu, 4 Feb 2016 16:28:15 +0100 -Subject: [PATCH] crypto/engine: autoload padlock dynamic engine - ---- - crypto/engine/eng_all.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c -index 48ad0d2..822aa23 100644 ---- a/crypto/engine/eng_all.c -+++ b/crypto/engine/eng_all.c -@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void) - ENGINE_load_capi(); - # endif - #endif -+#ifdef OPENSSL_NO_STATIC_ENGINE -+ { -+ ENGINE *e = ENGINE_by_id("padlock"); -+ if (e != NULL) { -+ ENGINE_add(e); -+ ENGINE_free(e); -+ ERR_clear_error(); -+ } -+ } -+#endif - ENGINE_register_all_complete(); - } - --- -2.7.0 - diff --git a/system/openssl/APKBUILD b/system/openssl/APKBUILD index 3a777064b..dc4c4aab4 100644 --- a/system/openssl/APKBUILD +++ b/system/openssl/APKBUILD @@ -1,30 +1,19 @@ # Maintainer: A. Wilcox pkgname=openssl -pkgver=1.0.2t +pkgver=1.1.1d pkgrel=0 -pkgdesc="Toolkit for SSL v2/v3 and TLS v1" +pkgdesc="Toolkit for SSL and TLS" url="https://www.openssl.org/" arch="all" license="OpenSSL" depends="" -depends_dev="zlib-dev" checkdepends="perl" makedepends_build="perl" -makedepends_host="zlib-dev" -makedepends="$makedepends_host $makedepends_build" -subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.0:libcrypto - libssl1.0:libssl" +subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.1:libcrypto + libssl1.1:libssl" source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz - 0003-use-termios.patch - 0004-fix-default-ca-path-for-apps.patch - 0005-fix-parallel-build.patch - 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch - 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch - 0009-no-rpath.patch - 0010-ssl-env-zlib.patch - 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch - 1002-backport-changes-from-upstream-padlock-module.patch - 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch + CVE-2019-1551.patch + ppc64.patch " # secfixes: @@ -67,6 +56,8 @@ source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz # 1.0.2t-r0: # - CVE-2019-1547 # - CVE-2019-1563 +# 1.1.1d-r0: +# - CVE-2019-1551 build() { # openssl will prepend crosscompile always core CC et al @@ -79,10 +70,10 @@ build() { aarch64*) _target="linux-aarch64" ;; arm*) _target="linux-armv4" ;; ppc) _target="linux-ppc" ;; - ppc64) _target="linux-ppc64"; _optflags="no-asm" ;; + ppc64) _target="linux-ppc64" ;; ppc64le) _target="linux-ppc64le" ;; i528 | pmmx | x86) _target="linux-elf" ;; - x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;; + x86_64) _target="linux-x86_64" ;; s390x) _target="linux64-s390x";; *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;; esac @@ -94,37 +85,33 @@ build() { perl ./Configure $_target --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ - shared zlib enable-montasm enable-md2 $_optflags \ - -DOPENSSL_NO_BUF_FREELISTS \ - $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \ - enable-ssl2 - - make && make build-shared + shared no-zlib enable-md2 no-weak-ssl-ciphers \ + $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack + make } check() { - make -j1 test + make test } package() { - make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install - # remove the script c_rehash + make DESTDIR="$pkgdir" install rm "$pkgdir"/usr/bin/c_rehash } libcrypto() { - pkgdesc="Crypto library from openssl" + pkgdesc="OpenSSL cryptography library" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libcrypto*; do mv $i "$subpkgdir"/lib/ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} done - mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/engines-1.1 "$subpkgdir"/usr/lib/ } libssl() { - pkgdesc="SSL shared libraries" + pkgdesc="OpenSSL socket library" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libssl*; do @@ -133,14 +120,6 @@ libssl() { done } -sha512sums="0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71 openssl-1.0.2t.tar.gz -58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch -c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae 0004-fix-default-ca-path-for-apps.patch -5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb 0005-fix-parallel-build.patch -820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch -17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch -5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1 0009-no-rpath.patch -5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420 0010-ssl-env-zlib.patch -8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch -a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch -6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch" +sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 openssl-1.1.1d.tar.gz +11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5 CVE-2019-1551.patch +66bbb0ae769643c8a0b1501d9c8466f08f0d8b3b2bc4fcc2c0c054ab1971ced85c07aa0e4b8168a4394d0ae407dfbd26066a7a068602ce5b58e459b12ce6d36a ppc64.patch" diff --git a/system/openssl/CVE-2019-1551.patch b/system/openssl/CVE-2019-1551.patch new file mode 100644 index 000000000..8daf04ebf --- /dev/null +++ b/system/openssl/CVE-2019-1551.patch @@ -0,0 +1,757 @@ +From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Wed, 4 Dec 2019 12:48:21 +0100 +Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr + +There is an overflow bug in the x64_64 Montgomery squaring procedure used in +exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis +suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a +result of this defect would be very difficult to perform and are not believed +likely. Attacks against DH512 are considered just feasible. However, for an +attack the target would have to re-use the DH512 private key, which is not +recommended anyway. Also applications directly using the low level API +BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. + +CVE-2019-1551 + +Reviewed-by: Paul Dale +Reviewed-by: Bernd Edlinger +(Merged from https://github.com/openssl/openssl/pull/10575) +--- + crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++----------------- + 1 file changed, 197 insertions(+), 184 deletions(-) + +diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl +index b1797b649f..7534d5cd03 100755 +--- a/crypto/bn/asm/rsaz-x86_64.pl ++++ b/crypto/bn/asm/rsaz-x86_64.pl +@@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul + subq \$128+24, %rsp + .cfi_adjust_cfa_offset 128+24 + .Lsqr_body: +- movq $mod, %rbp # common argument ++ movq $mod, %xmm1 # common off-load + movq ($inp), %rdx + movq 8($inp), %rax + movq $n0, 128(%rsp) +@@ -134,7 +134,8 @@ $code.=<<___; + .Loop_sqr: + movl $times,128+8(%rsp) + #first iteration +- movq %rdx, %rbx ++ movq %rdx, %rbx # 0($inp) ++ mov %rax, %rbp # 8($inp) + mulq %rdx + movq %rax, %r8 + movq 16($inp), %rax +@@ -173,31 +174,29 @@ $code.=<<___; + mulq %rbx + addq %rax, %r14 + movq %rbx, %rax +- movq %rdx, %r15 +- adcq \$0, %r15 ++ adcq \$0, %rdx + +- addq %r8, %r8 #shlq \$1, %r8 +- movq %r9, %rcx +- adcq %r9, %r9 #shld \$1, %r8, %r9 ++ xorq %rcx,%rcx # rcx:r8 = r8 << 1 ++ addq %r8, %r8 ++ movq %rdx, %r15 ++ adcq \$0, %rcx + + mulq %rax +- movq %rax, (%rsp) +- addq %rdx, %r8 +- adcq \$0, %r9 ++ addq %r8, %rdx ++ adcq \$0, %rcx + +- movq %r8, 8(%rsp) +- shrq \$63, %rcx ++ movq %rax, (%rsp) ++ movq %rdx, 8(%rsp) + + #second iteration +- movq 8($inp), %r8 + movq 16($inp), %rax +- mulq %r8 ++ mulq %rbp + addq %rax, %r10 + movq 24($inp), %rax + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r11 + movq 32($inp), %rax + adcq \$0, %rdx +@@ -205,7 +204,7 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r12 + movq 40($inp), %rax + adcq \$0, %rdx +@@ -213,7 +212,7 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r13 + movq 48($inp), %rax + adcq \$0, %rdx +@@ -221,7 +220,7 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r14 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -229,39 +228,39 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r15 +- movq %r8, %rax ++ movq %rbp, %rax + adcq \$0, %rdx + addq %rbx, %r15 +- movq %rdx, %r8 +- movq %r10, %rdx +- adcq \$0, %r8 ++ adcq \$0, %rdx + +- add %rdx, %rdx +- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 +- movq %r11, %rbx +- adcq %r11, %r11 #shld \$1, %r10, %r11 ++ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 ++ addq %r9, %r9 ++ movq %rdx, %r8 ++ adcq %r10, %r10 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ movq 16($inp), %rbp ++ adcq \$0, %rdx + addq %rax, %r9 ++ movq 24($inp), %rax + adcq %rdx, %r10 +- adcq \$0, %r11 ++ adcq \$0, %rbx + + movq %r9, 16(%rsp) + movq %r10, 24(%rsp) +- shrq \$63, %rbx + + #third iteration +- movq 16($inp), %r9 +- movq 24($inp), %rax +- mulq %r9 ++ mulq %rbp + addq %rax, %r12 + movq 32($inp), %rax + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 ++ mulq %rbp + addq %rax, %r13 + movq 40($inp), %rax + adcq \$0, %rdx +@@ -269,7 +268,7 @@ $code.=<<___; + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 ++ mulq %rbp + addq %rax, %r14 + movq 48($inp), %rax + adcq \$0, %rdx +@@ -277,9 +276,7 @@ $code.=<<___; + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 +- movq %r12, %r10 +- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 ++ mulq %rbp + addq %rax, %r15 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -287,36 +284,40 @@ $code.=<<___; + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 +- shrq \$63, %r10 ++ mulq %rbp + addq %rax, %r8 +- movq %r9, %rax ++ movq %rbp, %rax + adcq \$0, %rdx + addq %rcx, %r8 +- movq %rdx, %r9 +- adcq \$0, %r9 ++ adcq \$0, %rdx + +- movq %r13, %rcx +- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 ++ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 ++ addq %r11, %r11 ++ movq %rdx, %r9 ++ adcq %r12, %r12 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ movq 24($inp), %r10 ++ adcq \$0, %rdx + addq %rax, %r11 ++ movq 32($inp), %rax + adcq %rdx, %r12 +- adcq \$0, %r13 ++ adcq \$0, %rcx + + movq %r11, 32(%rsp) + movq %r12, 40(%rsp) +- shrq \$63, %rcx + + #fourth iteration +- movq 24($inp), %r10 +- movq 32($inp), %rax ++ mov %rax, %r11 # 32($inp) + mulq %r10 + addq %rax, %r14 + movq 40($inp), %rax + movq %rdx, %rbx + adcq \$0, %rbx + ++ mov %rax, %r12 # 40($inp) + mulq %r10 + addq %rax, %r15 + movq 48($inp), %rax +@@ -325,9 +326,8 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + ++ mov %rax, %rbp # 48($inp) + mulq %r10 +- movq %r14, %r12 +- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 + addq %rax, %r8 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -336,32 +336,33 @@ $code.=<<___; + adcq \$0, %rbx + + mulq %r10 +- shrq \$63, %r12 + addq %rax, %r9 + movq %r10, %rax + adcq \$0, %rdx + addq %rbx, %r9 +- movq %rdx, %r10 +- adcq \$0, %r10 ++ adcq \$0, %rdx + +- movq %r15, %rbx +- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 ++ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 ++ addq %r13, %r13 ++ movq %rdx, %r10 ++ adcq %r14, %r14 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ adcq \$0, %rdx + addq %rax, %r13 ++ movq %r12, %rax # 40($inp) + adcq %rdx, %r14 +- adcq \$0, %r15 ++ adcq \$0, %rbx + + movq %r13, 48(%rsp) + movq %r14, 56(%rsp) +- shrq \$63, %rbx + + #fifth iteration +- movq 32($inp), %r11 +- movq 40($inp), %rax + mulq %r11 + addq %rax, %r8 +- movq 48($inp), %rax ++ movq %rbp, %rax # 48($inp) + movq %rdx, %rcx + adcq \$0, %rcx + +@@ -369,97 +370,99 @@ $code.=<<___; + addq %rax, %r9 + movq 56($inp), %rax + adcq \$0, %rdx +- movq %r8, %r12 +- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 + addq %rcx, %r9 + movq %rdx, %rcx + adcq \$0, %rcx + ++ mov %rax, %r14 # 56($inp) + mulq %r11 +- shrq \$63, %r12 + addq %rax, %r10 + movq %r11, %rax + adcq \$0, %rdx + addq %rcx, %r10 +- movq %rdx, %r11 +- adcq \$0, %r11 ++ adcq \$0, %rdx + +- movq %r9, %rcx +- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 ++ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 ++ addq %r15, %r15 ++ movq %rdx, %r11 ++ adcq %r8, %r8 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ adcq \$0, %rdx + addq %rax, %r15 ++ movq %rbp, %rax # 48($inp) + adcq %rdx, %r8 +- adcq \$0, %r9 ++ adcq \$0, %rcx + + movq %r15, 64(%rsp) + movq %r8, 72(%rsp) +- shrq \$63, %rcx + + #sixth iteration +- movq 40($inp), %r12 +- movq 48($inp), %rax + mulq %r12 + addq %rax, %r10 +- movq 56($inp), %rax ++ movq %r14, %rax # 56($inp) + movq %rdx, %rbx + adcq \$0, %rbx + + mulq %r12 + addq %rax, %r11 + movq %r12, %rax +- movq %r10, %r15 +- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 + adcq \$0, %rdx +- shrq \$63, %r15 + addq %rbx, %r11 +- movq %rdx, %r12 +- adcq \$0, %r12 ++ adcq \$0, %rdx + +- movq %r11, %rbx +- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 ++ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 ++ addq %r9, %r9 ++ movq %rdx, %r12 ++ adcq %r10, %r10 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ adcq \$0, %rdx + addq %rax, %r9 ++ movq %r14, %rax # 56($inp) + adcq %rdx, %r10 +- adcq \$0, %r11 ++ adcq \$0, %rbx + + movq %r9, 80(%rsp) + movq %r10, 88(%rsp) + + #seventh iteration +- movq 48($inp), %r13 +- movq 56($inp), %rax +- mulq %r13 ++ mulq %rbp + addq %rax, %r12 +- movq %r13, %rax +- movq %rdx, %r13 +- adcq \$0, %r13 ++ movq %rbp, %rax ++ adcq \$0, %rdx + +- xorq %r14, %r14 +- shlq \$1, %rbx +- adcq %r12, %r12 #shld \$1, %rbx, %r12 +- adcq %r13, %r13 #shld \$1, %r12, %r13 +- adcq %r14, %r14 #shld \$1, %r13, %r14 ++ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 ++ addq %r11, %r11 ++ movq %rdx, %r13 ++ adcq %r12, %r12 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ adcq \$0, %rdx + addq %rax, %r11 ++ movq %r14, %rax # 56($inp) + adcq %rdx, %r12 +- adcq \$0, %r13 ++ adcq \$0, %rcx + + movq %r11, 96(%rsp) + movq %r12, 104(%rsp) + + #eighth iteration +- movq 56($inp), %rax ++ xorq %rbx, %rbx # rbx:r13 = r13 << 1 ++ addq %r13, %r13 ++ adcq \$0, %rbx ++ + mulq %rax +- addq %rax, %r13 ++ addq %rcx, %rax + adcq \$0, %rdx +- +- addq %rdx, %r14 +- +- movq %r13, 112(%rsp) +- movq %r14, 120(%rsp) ++ addq %r13, %rax ++ adcq %rbx, %rdx + + movq (%rsp), %r8 + movq 8(%rsp), %r9 +@@ -469,6 +472,10 @@ $code.=<<___; + movq 40(%rsp), %r13 + movq 48(%rsp), %r14 + movq 56(%rsp), %r15 ++ movq %xmm1, %rbp ++ ++ movq %rax, 112(%rsp) ++ movq %rdx, 120(%rsp) + + call __rsaz_512_reduce + +@@ -500,9 +507,9 @@ $code.=<<___; + .Loop_sqrx: + movl $times,128+8(%rsp) + movq $out, %xmm0 # off-load +- movq %rbp, %xmm1 # off-load + #first iteration + mulx %rax, %r8, %r9 ++ mov %rax, %rbx + + mulx 16($inp), %rcx, %r10 + xor %rbp, %rbp # cf=0, of=0 +@@ -510,40 +517,39 @@ $code.=<<___; + mulx 24($inp), %rax, %r11 + adcx %rcx, %r9 + +- mulx 32($inp), %rcx, %r12 ++ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 + adcx %rax, %r10 + +- mulx 40($inp), %rax, %r13 ++ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 + adcx %rcx, %r11 + +- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 ++ mulx 48($inp), %rcx, %r14 + adcx %rax, %r12 + adcx %rcx, %r13 + +- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 ++ mulx 56($inp), %rax, %r15 + adcx %rax, %r14 + adcx %rbp, %r15 # %rbp is 0 + +- mov %r9, %rcx +- shld \$1, %r8, %r9 +- shl \$1, %r8 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx +- adcx %rdx, %r8 +- mov 8($inp), %rdx +- adcx %rbp, %r9 ++ mulx %rdx, %rax, $out ++ mov %rbx, %rdx # 8($inp) ++ xor %rcx, %rcx ++ adox %r8, %r8 ++ adcx $out, %r8 ++ adox %rbp, %rcx ++ adcx %rbp, %rcx + + mov %rax, (%rsp) + mov %r8, 8(%rsp) + + #second iteration +- mulx 16($inp), %rax, %rbx ++ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx + adox %rax, %r10 + adcx %rbx, %r11 + +- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 ++ mulx 24($inp), $out, %r8 + adox $out, %r11 ++ .byte 0x66 + adcx %r8, %r12 + + mulx 32($inp), %rax, %rbx +@@ -561,24 +567,25 @@ $code.=<<___; + .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 + adox $out, %r15 + adcx %rbp, %r8 ++ mulx %rdx, %rax, $out + adox %rbp, %r8 ++ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx + +- mov %r11, %rbx +- shld \$1, %r10, %r11 +- shld \$1, %rcx, %r10 +- +- xor %ebp,%ebp +- mulx %rdx, %rax, %rcx +- mov 16($inp), %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r9, %r9 ++ adcx %rbp, $out ++ adox %r10, %r10 + adcx %rax, %r9 +- adcx %rcx, %r10 +- adcx %rbp, %r11 ++ adox %rbp, %rbx ++ adcx $out, %r10 ++ adcx %rbp, %rbx + + mov %r9, 16(%rsp) + .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) + + #third iteration +- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 ++ mulx 24($inp), $out, %r9 + adox $out, %r12 + adcx %r9, %r13 + +@@ -586,7 +593,7 @@ $code.=<<___; + adox %rax, %r13 + adcx %rcx, %r14 + +- mulx 40($inp), $out, %r9 ++ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 + adox $out, %r14 + adcx %r9, %r15 + +@@ -594,27 +601,28 @@ $code.=<<___; + adox %rax, %r15 + adcx %rcx, %r8 + +- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 ++ mulx 56($inp), $out, %r9 + adox $out, %r8 + adcx %rbp, %r9 ++ mulx %rdx, %rax, $out + adox %rbp, %r9 ++ mov 24($inp), %rdx + +- mov %r13, %rcx +- shld \$1, %r12, %r13 +- shld \$1, %rbx, %r12 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rcx, %rcx ++ adcx %rbx, %rax ++ adox %r11, %r11 ++ adcx %rbp, $out ++ adox %r12, %r12 + adcx %rax, %r11 +- adcx %rdx, %r12 +- mov 24($inp), %rdx +- adcx %rbp, %r13 ++ adox %rbp, %rcx ++ adcx $out, %r12 ++ adcx %rbp, %rcx + + mov %r11, 32(%rsp) +- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) ++ mov %r12, 40(%rsp) + + #fourth iteration +- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx ++ mulx 32($inp), %rax, %rbx + adox %rax, %r14 + adcx %rbx, %r15 + +@@ -629,25 +637,25 @@ $code.=<<___; + mulx 56($inp), $out, %r10 + adox $out, %r9 + adcx %rbp, %r10 ++ mulx %rdx, %rax, $out + adox %rbp, %r10 ++ mov 32($inp), %rdx + +- .byte 0x66 +- mov %r15, %rbx +- shld \$1, %r14, %r15 +- shld \$1, %rcx, %r14 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r13, %r13 ++ adcx %rbp, $out ++ adox %r14, %r14 + adcx %rax, %r13 +- adcx %rdx, %r14 +- mov 32($inp), %rdx +- adcx %rbp, %r15 ++ adox %rbp, %rbx ++ adcx $out, %r14 ++ adcx %rbp, %rbx + + mov %r13, 48(%rsp) + mov %r14, 56(%rsp) + + #fifth iteration +- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 ++ mulx 40($inp), $out, %r11 + adox $out, %r8 + adcx %r11, %r9 + +@@ -658,18 +666,19 @@ $code.=<<___; + mulx 56($inp), $out, %r11 + adox $out, %r10 + adcx %rbp, %r11 ++ mulx %rdx, %rax, $out ++ mov 40($inp), %rdx + adox %rbp, %r11 + +- mov %r9, %rcx +- shld \$1, %r8, %r9 +- shld \$1, %rbx, %r8 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rcx, %rcx ++ adcx %rbx, %rax ++ adox %r15, %r15 ++ adcx %rbp, $out ++ adox %r8, %r8 + adcx %rax, %r15 +- adcx %rdx, %r8 +- mov 40($inp), %rdx +- adcx %rbp, %r9 ++ adox %rbp, %rcx ++ adcx $out, %r8 ++ adcx %rbp, %rcx + + mov %r15, 64(%rsp) + mov %r8, 72(%rsp) +@@ -682,18 +691,19 @@ $code.=<<___; + .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 + adox $out, %r11 + adcx %rbp, %r12 ++ mulx %rdx, %rax, $out + adox %rbp, %r12 ++ mov 48($inp), %rdx + +- mov %r11, %rbx +- shld \$1, %r10, %r11 +- shld \$1, %rcx, %r10 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r9, %r9 ++ adcx %rbp, $out ++ adox %r10, %r10 + adcx %rax, %r9 +- adcx %rdx, %r10 +- mov 48($inp), %rdx +- adcx %rbp, %r11 ++ adcx $out, %r10 ++ adox %rbp, %rbx ++ adcx %rbp, %rbx + + mov %r9, 80(%rsp) + mov %r10, 88(%rsp) +@@ -703,31 +713,31 @@ $code.=<<___; + adox %rax, %r12 + adox %rbp, %r13 + +- xor %r14, %r14 +- shld \$1, %r13, %r14 +- shld \$1, %r12, %r13 +- shld \$1, %rbx, %r12 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx +- adcx %rax, %r11 +- adcx %rdx, %r12 ++ mulx %rdx, %rax, $out ++ xor %rcx, %rcx + mov 56($inp), %rdx +- adcx %rbp, %r13 ++ adcx %rbx, %rax ++ adox %r11, %r11 ++ adcx %rbp, $out ++ adox %r12, %r12 ++ adcx %rax, %r11 ++ adox %rbp, %rcx ++ adcx $out, %r12 ++ adcx %rbp, %rcx + + .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) + .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) + + #eighth iteration + mulx %rdx, %rax, %rdx +- adox %rax, %r13 +- adox %rbp, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r13, %r13 ++ adcx %rbp, %rdx ++ adox %rbp, %rbx ++ adcx %r13, %rax ++ adcx %rdx, %rbx + +- .byte 0x66 +- add %rdx, %r14 +- +- movq %r13, 112(%rsp) +- movq %r14, 120(%rsp) + movq %xmm0, $out + movq %xmm1, %rbp + +@@ -741,6 +751,9 @@ $code.=<<___; + movq 48(%rsp), %r14 + movq 56(%rsp), %r15 + ++ movq %rax, 112(%rsp) ++ movq %rbx, 120(%rsp) ++ + call __rsaz_512_reducex + + addq 64(%rsp), %r8 +-- +2.17.1 + diff --git a/system/openssl/ppc64.patch b/system/openssl/ppc64.patch new file mode 100644 index 000000000..5f79c4ddc --- /dev/null +++ b/system/openssl/ppc64.patch @@ -0,0 +1,96 @@ +From 34ab13b7d8e3e723adb60be8142e38b7c9cd382a Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Sun, 5 May 2019 18:25:50 +0200 +Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is a big endian ELFv2 configuration. ELFv2 was already being +used for little endian, and big endian was traditionally ELFv1 +but there are practical configurations that use ELFv2 with big +endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.) + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8883) +--- + crypto/perlasm/ppc-xlate.pl | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl +index e52f2f6ea62..5fcd0526dff 100755 +--- a/crypto/perlasm/ppc-xlate.pl ++++ b/crypto/perlasm/ppc-xlate.pl +@@ -49,7 +49,7 @@ + /osx/ && do { $name = "_$name"; + last; + }; +- /linux.*(32|64le)/ ++ /linux.*(32|64(le|v2))/ + && do { $ret .= ".globl $name"; + if (!$$type) { + $ret .= "\n.type $name,\@function"; +@@ -80,7 +80,7 @@ + }; + my $text = sub { + my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text"; +- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/); ++ $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/); + $ret; + }; + my $machine = sub { +@@ -186,7 +186,7 @@ + + # Some ABIs specify vrsave, special-purpose register #256, as reserved + # for system use. +-my $no_vrsave = ($flavour =~ /aix|linux64le/); ++my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/); + my $mtspr = sub { + my ($f,$idx,$ra) = @_; + if ($idx == 256 && $no_vrsave) { +@@ -318,7 +318,7 @@ sub vfour { + if ($label) { + my $xlated = ($GLOBALS{$label} or $label); + print "$xlated:"; +- if ($flavour =~ /linux.*64le/) { ++ if ($flavour =~ /linux.*64(le|v2)/) { + if ($TYPES{$label} =~ /function/) { + printf "\n.localentry %s,0\n",$xlated; + } + +From 098404128383ded87ba390dd74ecd9e2ffa6f530 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Sun, 5 May 2019 18:30:55 +0200 +Subject: [PATCH] Configure: use ELFv2 ABI on some ppc64 big endian systems + +If _CALL_ELF is defined to be 2, it's an ELFv2 system. +Conditionally switch to the v2 perlasm scheme. + +Reviewed-by: Paul Dale +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/8883) +--- + Configure | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/Configure b/Configure +index 22082deb4c7..e303d98deb3 100755 +--- a/Configure ++++ b/Configure +@@ -1411,8 +1410,15 @@ + my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); + my %predefined_CXX = $config{CXX} + ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX}) + : (); + ++unless ($disabled{asm}) { ++ # big endian systems can use ELFv2 ABI ++ if ($target eq "linux-ppc64") { ++ $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2); ++ } ++} ++ + # Check for makedepend capabilities. + if (!$disabled{makedepend}) { + if ($config{target} =~ /^(VC|vms)-/) { -- cgit v1.2.3-60-g2f50