diff options
| author | Timo Teras <timo.teras@iki.fi> | 2009-07-13 13:39:33 +0300 |
|---|---|---|
| committer | Timo Teras <timo.teras@iki.fi> | 2009-07-13 13:40:17 +0300 |
| commit | 656e8c615885329ffbafc41f9e4be85314f520da (patch) | |
| tree | 86de02246fadba4cf12e9fa968e38cd766f538f3 | |
| parent | c79cb2c008414b615bcd31a9b122108eca3696e1 (diff) | |
core/openssl: full padlock sha1 support
| -rw-r--r-- | core/openssl/APKBUILD | 6 | ||||
| -rw-r--r-- | core/openssl/openssl-0.9.8k-padlock-oneshot-sha.patch | 605 | ||||
| -rw-r--r-- | core/openssl/openssl-0.9.8k-padlock-sha.patch | 897 |
3 files changed, 900 insertions, 608 deletions
diff --git a/core/openssl/APKBUILD b/core/openssl/APKBUILD index a8a3d9151a7..aa2f5b6311d 100644 --- a/core/openssl/APKBUILD +++ b/core/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssl pkgver=0.9.8k -pkgrel=1 +pkgrel=2 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url=http://openssl.org depends= @@ -14,7 +14,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.8g-fix_manpages-1.patch openssl-bb-basename.patch openssl-0.9.8k-quote-cc.patch - openssl-0.9.8k-padlock-oneshot-sha.patch + openssl-0.9.8k-padlock-sha.patch " build() { @@ -34,4 +34,4 @@ md5sums="e555c6d58d276aec7fdc53363e338ab3 openssl-0.9.8k.tar.gz 04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch c838eb8488896cfeb7de957a0cbe04ae openssl-0.9.8k-quote-cc.patch -384560a86542afa6a805add96560f0c7 openssl-0.9.8k-padlock-oneshot-sha.patch" +4c4f8c1482fb61aed5bd0fdec344d721 openssl-0.9.8k-padlock-sha.patch" diff --git a/core/openssl/openssl-0.9.8k-padlock-oneshot-sha.patch b/core/openssl/openssl-0.9.8k-padlock-oneshot-sha.patch deleted file mode 100644 index d673cdaba89..00000000000 --- a/core/openssl/openssl-0.9.8k-padlock-oneshot-sha.patch +++ /dev/null @@ -1,605 +0,0 @@ -# -# OpenSSL patch to support VIA C7 hash engine in oneshot mode -# Based on patch by: Michal Ludvig <michal@logix.cz> -# http://www.logix.cz/michal/devel/padlock -# Modified for oneshot mode by: Timo Teras <timo.teras@iki.fi> -# -Index: openssl-0.9.8k/crypto/engine/eng_padlock.c -=================================================================== ---- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c 2009-07-12 12:01:36.000000000 +0300 -+++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-12 13:02:30.000000000 +0300 -@@ -1,10 +1,11 @@ --/* -+/* - * Support for VIA PadLock Advanced Cryptography Engine (ACE) - * Written by Michal Ludvig <michal@logix.cz> - * http://www.logix.cz/michal -+ * Oneshot SHA mode by Timo Teras <timo.teras@iki.fi> - * -- * Big thanks to Andy Polyakov for a help with optimization, -- * assembler fixes, port to MS Windows and a lot of other -+ * Big thanks to Andy Polyakov for a help with optimization, -+ * assembler fixes, port to MS Windows and a lot of other - * valuable work on this engine! - */ - -@@ -74,12 +75,23 @@ - #ifndef OPENSSL_NO_AES - #include <openssl/aes.h> - #endif -+#ifndef OPENSSL_NO_SHA -+#include <openssl/sha.h> -+#endif - #include <openssl/rand.h> - #include <openssl/err.h> - - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_PADLOCK - -+/* PadLock RNG is disabled by default */ -+#define PADLOCK_NO_RNG 1 -+ -+/* No ASM routines for SHA in MSC yet */ -+#ifdef _MSC_VER -+#define OPENSSL_NO_SHA -+#endif -+ - /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ - #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) - # ifndef OPENSSL_NO_DYNAMIC_ENGINE -@@ -96,7 +108,7 @@ - /* VIA PadLock AES is available *ONLY* on some x86 CPUs. - Not only that it doesn't exist elsewhere, but it - even can't be compiled on other platforms! -- -+ - In addition, because of the heavy use of inline assembler, - compiler choice is limited to GCC and Microsoft C. */ - #undef COMPILE_HW_PADLOCK -@@ -138,20 +150,41 @@ - static int padlock_init(ENGINE *e); - - /* RNG Stuff */ -+#ifndef PADLOCK_NO_RNG - static RAND_METHOD padlock_rand; -+#endif - - /* Cipher Stuff */ - #ifndef OPENSSL_NO_AES - static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - #endif - -+/* Digest Stuff */ -+#ifndef OPENSSL_NO_SHA -+static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -+#endif -+ - /* Engine names */ - static const char *padlock_id = "padlock"; - static char padlock_name[100]; - - /* Available features */ --static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ --static int padlock_use_rng = 0; /* Random Number Generator */ -+enum padlock_flags { -+ PADLOCK_RNG = 0x01, -+ PADLOCK_ACE = 0x02, -+ PADLOCK_ACE2 = 0x04, -+ PADLOCK_PHE = 0x08, -+ PADLOCK_PMM = 0x10 -+}; -+enum padlock_flags padlock_flags; -+ -+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) -+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) -+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) -+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) -+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) -+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) -+ - #ifndef OPENSSL_NO_AES - static int padlock_aes_align_required = 1; - #endif -@@ -165,25 +198,30 @@ - /* Check available features */ - padlock_available(); - --#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ -- padlock_use_rng=0; --#endif -- - /* Generate a nice engine name with available features */ - BIO_snprintf(padlock_name, sizeof(padlock_name), -- "VIA PadLock (%s, %s)", -- padlock_use_rng ? "RNG" : "no-RNG", -- padlock_use_ace ? "ACE" : "no-ACE"); -+ "VIA PadLock: %s%s%s%s%s", -+ padlock_flags ? "" : "not supported", -+ PADLOCK_HAVE_RNG ? "RNG " : "", -+ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", -+ PADLOCK_HAVE_PHE ? "PHE " : "", -+ PADLOCK_HAVE_PMM ? "PMM " : ""); - -- /* Register everything or return with an error */ -+ /* Register everything or return with an error */ - if (!ENGINE_set_id(e, padlock_id) || - !ENGINE_set_name(e, padlock_name) || - -- !ENGINE_set_init_function(e, padlock_init) || -+ !ENGINE_set_init_function(e, padlock_init) - #ifndef OPENSSL_NO_AES -- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || -+ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) -+#endif -+#ifndef OPENSSL_NO_SHA -+ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) -+#endif -+#ifndef PADLOCK_NO_RNG -+ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) - #endif -- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { -+ ) { - return 0; - } - -@@ -213,7 +251,7 @@ - static int - padlock_init(ENGINE *e) - { -- return (padlock_use_rng || padlock_use_ace); -+ return (padlock_flags); - } - - /* This stuff is needed if this ENGINE is being compiled into a self-contained -@@ -240,6 +278,14 @@ - - /* ===== Here comes the "real" engine ===== */ - -+#ifdef __GNUC__ -+#define likely(x) __builtin_expect(!!(x), 1) -+#define unlikely(x) __builtin_expect(!!(x), 0) -+#else -+#define likely(x) (x) -+#define unlikely(x) (x) -+#endif -+ - #ifndef OPENSSL_NO_AES - /* Some AES-related constants */ - #define AES_BLOCK_SIZE 16 -@@ -247,7 +293,7 @@ - #define AES_KEY_SIZE_192 24 - #define AES_KEY_SIZE_256 32 - --/* Here we store the status information relevant to the -+/* Here we store the status information relevant to the - current context. */ - /* BIG FAT WARNING: - * Inline assembler in PADLOCK_XCRYPT_ASM() -@@ -306,7 +352,7 @@ - { - int result = -1; - -- /* We're checking if the bit #21 of EFLAGS -+ /* We're checking if the bit #21 of EFLAGS - can be toggled. If yes = CPUID is available. */ - asm volatile ( - "pushf\n" -@@ -322,7 +368,7 @@ - "xorl %%eax, %%ecx\n" - "movl %%ecx, %0\n" - : "=r" (result) : : "eax", "ecx"); -- -+ - return (result == 0); - } - -@@ -365,10 +411,22 @@ - : "+a"(eax), "=d"(edx) : : "ecx"); - - /* Fill up some flags */ -- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); -+ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); -+ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); -+ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); -+ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); - -- return padlock_use_ace + padlock_use_rng; -+ return padlock_flags; -+} -+ -+static inline void -+padlock_htonl_block(uint32_t *data, size_t count) -+{ -+ while (count--) { -+ asm volatile ("bswapl %0" : "+r"(*data)); -+ data++; -+ } - } - - #ifndef OPENSSL_NO_AES -@@ -377,17 +435,14 @@ - padlock_bswapl(AES_KEY *ks) - { - size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -+ uint32_t *key = (uint32_t*) ks->rd_key; - -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } -+ padlock_htonl_block(key, i); - } - #endif - - /* Force key reload from memory to the CPU microcode. -- Loading EFLAGS from the stack clears EFLAGS[30] -+ Loading EFLAGS from the stack clears EFLAGS[30] - which does the trick. */ - static inline void - padlock_reload_key(void) -@@ -423,7 +478,7 @@ - } - - /* Template for padlock_xcrypt_* modes */ --/* BIG FAT WARNING: -+/* BIG FAT WARNING: - * The offsets used with 'leal' instructions - * describe items of the 'padlock_cipher_data' - * structure. -@@ -475,7 +530,7 @@ - * In case you wonder 'rep xcrypt*' instructions above are *not* - * affected by the Direction Flag and pointers advance toward - * larger addresses unconditionally. -- */ -+ */ - static inline unsigned char * - padlock_memcpy(void *dst,const void *src,size_t n) - { -@@ -501,7 +556,7 @@ - _asm _emit 0x0f _asm _emit 0xa7 \ - _asm _emit code - --/* BIG FAT WARNING: -+/* BIG FAT WARNING: - * The offsets used with 'lea' instructions - * describe items of the 'padlock_cipher_data' - * structure. -@@ -840,7 +895,7 @@ - return 1; - } - --/* -+/* - * Simplified version of padlock_aes_cipher() used when - * 1) both input and output buffers are at aligned addresses. - * or when -@@ -895,7 +950,7 @@ - # error "insane PADLOCK_CHUNK..." - #endif - --/* Re-align the arguments to 16-Bytes boundaries and run the -+/* Re-align the arguments to 16-Bytes boundaries and run the - encryption function itself. This function is not AES-specific. */ - static int - padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, -@@ -1157,6 +1212,300 @@ - - #endif /* OPENSSL_NO_AES */ - -+#ifndef OPENSSL_NO_SHA -+ -+union sha_all_ctx { -+ SHA_CTX sha_ctx; -+ SHA256_CTX sha256_ctx; /* shared with SHA224 */ -+ char sha_final[EVP_MAX_MD_SIZE]; -+}; -+ -+typedef int (*f_sha_update)(void *c, const void *_data, size_t len); -+typedef int (*f_sha_final)(unsigned char *md, void *c); -+ -+struct padlock_digest_data { -+ union sha_all_ctx ctx; -+ unsigned int size; -+ f_sha_update update; -+ f_sha_final final; -+}; -+ -+#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) -+ -+static void -+padlock_do_sha1(char *out, const char *in, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0x67452301; -+ ((uint32_t*)output)[1] = 0xEFCDAB89; -+ ((uint32_t*)output)[2] = 0x98BADCFE; -+ ((uint32_t*)output)[3] = 0x10325476; -+ ((uint32_t*)output)[4] = 0xC3D2E1F0; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 5 * sizeof(uint32_t)); -+ padlock_htonl_block((uint32_t*)out, 5); -+} -+ -+static void -+padlock_do_sha224(char *out, const char *in, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0xC1059ED8UL; -+ ((uint32_t*)output)[1] = 0x367CD507UL; -+ ((uint32_t*)output)[2] = 0x3070DD17UL; -+ ((uint32_t*)output)[3] = 0xF70E5939UL; -+ ((uint32_t*)output)[4] = 0xFFC00B31UL; -+ ((uint32_t*)output)[5] = 0x68581511UL; -+ ((uint32_t*)output)[6] = 0x64F98FA7UL; -+ ((uint32_t*)output)[7] = 0xBEFA4FA4UL; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 7 * sizeof(uint32_t)); -+ padlock_htonl_block((uint32_t*)out, 7); -+} -+ -+static void -+padlock_do_sha256(char *out, const char *in, int count) -+{ -+ /* We can't store directly to *out as it -+ * doesn't have to be aligned. But who cares, -+ * it's only a few bytes... */ -+ char buf[128+16]; -+ unsigned char *output = NEAREST_ALIGNED(buf); -+ -+ ((uint32_t*)output)[0] = 0x6A09E667; -+ ((uint32_t*)output)[1] = 0xBB67AE85; -+ ((uint32_t*)output)[2] = 0x3C6EF372; -+ ((uint32_t*)output)[3] = 0xA54FF53A; -+ ((uint32_t*)output)[4] = 0x510E527F; -+ ((uint32_t*)output)[5] = 0x9B05688C; -+ ((uint32_t*)output)[6] = 0x1F83D9AB; -+ ((uint32_t*)output)[7] = 0x5BE0CD19; -+ -+ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ -+ : "+S"(in), "+D"(output) -+ : "c"(count), "a"(0)); -+ -+ memcpy(out, output, 8 * sizeof(uint32_t)); -+ padlock_htonl_block((uint32_t*)out, 8); -+} -+ -+static int -+padlock_do_final(unsigned char *md, void *ctx) -+{ -+ struct padlock_digest_data *ddata = (struct padlock_digest_data *) ctx; -+ memcpy(md, ddata->ctx.sha_final, ddata->size); -+ return 1; -+} -+ -+static int -+padlock_sha1_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { -+ ddata->update = (f_sha_update) padlock_do_sha1; -+ ddata->final = (f_sha_final) padlock_do_final; -+ } else { -+ SHA1_Init(&ddata->ctx.sha_ctx); -+ ddata->update = (f_sha_update) SHA1_Update; -+ ddata->final = (f_sha_final) SHA1_Final; -+ } -+ ddata->size = EVP_MD_CTX_size(ctx); -+ -+ return 1; -+} -+ -+static int -+padlock_sha224_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { -+ ddata->update = (f_sha_update) padlock_do_sha224; -+ ddata->final = (f_sha_final) padlock_do_final; -+ } else { -+ SHA224_Init(&ddata->ctx.sha256_ctx); -+ ddata->update = (f_sha_update) SHA224_Update; -+ ddata->final = (f_sha_final) SHA224_Final; -+ } -+ ddata->size = EVP_MD_CTX_size(ctx); -+ -+ return 1; -+} -+ -+static int -+padlock_sha256_init(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ if(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { -+ ddata->update = (f_sha_update) padlock_do_sha256; -+ ddata->final = (f_sha_final) padlock_do_final; -+ } else { -+ SHA256_Init(&ddata->ctx.sha256_ctx); -+ ddata->update = (f_sha_update) SHA256_Update; -+ ddata->final = (f_sha_final) SHA256_Final; -+ } -+ ddata->size = EVP_MD_CTX_size(ctx); -+ -+ return 1; -+} -+ -+static int -+padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ return ddata->update(&ddata->ctx, data, length); -+} -+ -+static int -+padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ return ddata->final(md, &ddata->ctx); -+} -+ -+static int -+padlock_sha_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) -+{ -+ struct padlock_digest_data *ddata_from = DIGEST_DATA(from); -+ struct padlock_digest_data *ddata_to = DIGEST_DATA(to); -+ -+ memcpy(ddata_to, ddata_from, sizeof(struct padlock_digest_data)); -+ -+ return 1; -+} -+ -+static int -+padlock_sha_cleanup(EVP_MD_CTX *ctx) -+{ -+ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); -+ -+ memset(ddata, 0, sizeof(struct padlock_digest_data)); -+ -+ return 1; -+} -+ -+static const EVP_MD padlock_sha1_md = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_ONESHOT, -+ padlock_sha1_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static const EVP_MD padlock_sha224_md = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+ EVP_MD_FLAG_ONESHOT, -+ padlock_sha224_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static const EVP_MD padlock_sha256_md = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ EVP_MD_FLAG_ONESHOT, -+ padlock_sha256_init, -+ padlock_sha_update, -+ padlock_sha_final, -+ padlock_sha_copy, -+ padlock_sha_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(struct padlock_digest_data), -+}; -+ -+static int padlock_digest_nids[] = { -+#if !defined(OPENSSL_NO_SHA) -+ NID_sha1, -+#endif -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ NID_sha224, -+#endif -+ NID_sha256, -+#endif -+}; -+ -+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); -+ -+static int -+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) -+{ -+ /* No specific digest => return a list of supported nids ... */ -+ if (!digest) { -+ *nids = padlock_digest_nids; -+ return padlock_digest_nids_num; -+ } -+ -+ /* ... or the requested "digest" otherwise */ -+ switch (nid) { -+#if !defined(OPENSSL_NO_SHA) -+ case NID_sha1: -+ *digest = &padlock_sha1_md; -+ break; -+#endif -+ -+#if !defined(OPENSSL_NO_SHA256) -+#if !defined(OPENSSL_NO_SHA224) -+ case NID_sha224: -+ *digest = &padlock_sha224_md; -+ break; -+#endif /* OPENSSL_NO_SHA224 */ -+ -+ case NID_sha256: -+ *digest = &padlock_sha256_md; -+ break; -+#endif /* OPENSSL_NO_SHA256 */ -+ -+ default: -+ /* Sorry, we don't support this NID */ -+ *digest = NULL; -+ return 0; -+ } -+ -+ return 1; -+} -+ -+#endif /* OPENSSL_NO_SHA */ -+ -+#ifndef PADLOCK_NO_RNG - /* ===== Random Number Generator ===== */ - /* - * This code is not engaged. The reason is that it does not comply -@@ -1164,7 +1513,7 @@ - * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it - * provide meaningful error control... - */ --/* Wrapper that provides an interface between the API and -+/* Wrapper that provides an interface between the API and - the raw PadLock RNG */ - static int - padlock_rand_bytes(unsigned char *output, int count) -@@ -1212,6 +1561,7 @@ - padlock_rand_bytes, /* pseudorand */ - padlock_rand_status, /* rand status */ - }; -+#endif /* PADLOCK_NO_RNG */ - - #endif /* COMPILE_HW_PADLOCK */ - diff --git a/core/openssl/openssl-0.9.8k-padlock-sha.patch b/core/openssl/openssl-0.9.8k-padlock-sha.patch new file mode 100644 index 00000000000..63b27cea36e --- /dev/null +++ b/core/openssl/openssl-0.9.8k-padlock-sha.patch @@ -0,0 +1,897 @@ +# +# OpenSSL patch to support VIA C7 hash engine +# Written by: Timo Teras <timo.teras@iki.fi> +# based on patch by: Michal Ludvig <michal@logix.cz> +# http://www.logix.cz/michal/devel/padlock +# +Index: openssl-0.9.8k/crypto/engine/eng_padlock.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c 2009-07-12 19:24:42.000000000 +0300 ++++ openssl-0.9.8k/crypto/engine/eng_padlock.c 2009-07-13 13:07:26.000000000 +0300 +@@ -1,10 +1,13 @@ +-/* ++/* + * Support for VIA PadLock Advanced Cryptography Engine (ACE) + * Written by Michal Ludvig <michal@logix.cz> + * http://www.logix.cz/michal + * +- * Big thanks to Andy Polyakov for a help with optimization, +- * assembler fixes, port to MS Windows and a lot of other ++ * SHA support by Timo Teras <timo.teras@iki.fi> based on code ++ * originally by Michal Ludvig. ++ * ++ * Big thanks to Andy Polyakov for a help with optimization, ++ * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! + */ + +@@ -66,6 +69,13 @@ + #include <stdio.h> + #include <string.h> + ++#include <signal.h> ++#include <stdint.h> ++#include <unistd.h> ++#include <sys/mman.h> ++#include <sys/ucontext.h> ++#include <arpa/inet.h> ++ + #include <openssl/opensslconf.h> + #include <openssl/crypto.h> + #include <openssl/dso.h> +@@ -74,12 +84,23 @@ + #ifndef OPENSSL_NO_AES + #include <openssl/aes.h> + #endif ++#ifndef OPENSSL_NO_SHA ++#include <openssl/sha.h> ++#endif + #include <openssl/rand.h> + #include <openssl/err.h> + + #ifndef OPENSSL_NO_HW + #ifndef OPENSSL_NO_HW_PADLOCK + ++/* PadLock RNG is disabled by default */ ++#define PADLOCK_NO_RNG 1 ++ ++/* No ASM routines for SHA in MSC yet */ ++#ifdef _MSC_VER ++#define OPENSSL_NO_SHA ++#endif ++ + /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ + #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) + # ifndef OPENSSL_NO_DYNAMIC_ENGINE +@@ -96,7 +117,7 @@ + /* VIA PadLock AES is available *ONLY* on some x86 CPUs. + Not only that it doesn't exist elsewhere, but it + even can't be compiled on other platforms! +- ++ + In addition, because of the heavy use of inline assembler, + compiler choice is limited to GCC and Microsoft C. */ + #undef COMPILE_HW_PADLOCK +@@ -138,20 +159,42 @@ + static int padlock_init(ENGINE *e); + + /* RNG Stuff */ ++#ifndef PADLOCK_NO_RNG + static RAND_METHOD padlock_rand; ++#endif + + /* Cipher Stuff */ + #ifndef OPENSSL_NO_AES + static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + #endif + ++/* Digest Stuff */ ++#ifndef OPENSSL_NO_SHA ++static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); ++static volatile void *padlock_cached_sha_buffer = NULL; ++#endif ++ + /* Engine names */ + static const char *padlock_id = "padlock"; + static char padlock_name[100]; + + /* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ ++enum padlock_flags { ++ PADLOCK_RNG = 0x01, ++ PADLOCK_ACE = 0x02, ++ PADLOCK_ACE2 = 0x04, ++ PADLOCK_PHE = 0x08, ++ PADLOCK_PMM = 0x10 ++}; ++enum padlock_flags padlock_flags; ++ ++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) ++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) ++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) ++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) ++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) ++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) ++ + #ifndef OPENSSL_NO_AES + static int padlock_aes_align_required = 1; + #endif +@@ -165,25 +208,30 @@ + /* Check available features */ + padlock_available(); + +-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ +- padlock_use_rng=0; +-#endif +- + /* Generate a nice engine name with available features */ + BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); ++ "VIA PadLock: %s%s%s%s%s", ++ padlock_flags ? "" : "not supported", ++ PADLOCK_HAVE_RNG ? "RNG " : "", ++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", ++ PADLOCK_HAVE_PHE ? "PHE " : "", ++ PADLOCK_HAVE_PMM ? "PMM " : ""); + +- /* Register everything or return with an error */ ++ /* Register everything or return with an error */ + if (!ENGINE_set_id(e, padlock_id) || + !ENGINE_set_name(e, padlock_name) || + +- !ENGINE_set_init_function(e, padlock_init) || ++ !ENGINE_set_init_function(e, padlock_init) + #ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || ++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) ++#endif ++#ifndef OPENSSL_NO_SHA ++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) ++#endif ++#ifndef PADLOCK_NO_RNG ++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) + #endif +- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { ++ ) { + return 0; + } + +@@ -213,7 +261,7 @@ + static int + padlock_init(ENGINE *e) + { +- return (padlock_use_rng || padlock_use_ace); ++ return (padlock_flags); + } + + /* This stuff is needed if this ENGINE is being compiled into a self-contained +@@ -247,7 +295,7 @@ + #define AES_KEY_SIZE_192 24 + #define AES_KEY_SIZE_256 32 + +-/* Here we store the status information relevant to the ++/* Here we store the status information relevant to the + current context. */ + /* BIG FAT WARNING: + * Inline assembler in PADLOCK_XCRYPT_ASM() +@@ -306,7 +354,7 @@ + { + int result = -1; + +- /* We're checking if the bit #21 of EFLAGS ++ /* We're checking if the bit #21 of EFLAGS + can be toggled. If yes = CPUID is available. */ + asm volatile ( + "pushf\n" +@@ -322,7 +370,7 @@ + "xorl %%eax, %%ecx\n" + "movl %%ecx, %0\n" + : "=r" (result) : : "eax", "ecx"); +- ++ + return (result == 0); + } + +@@ -365,10 +413,22 @@ + : "+a"(eax), "=d"(edx) : : "ecx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); +- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); ++ ++ return padlock_flags; ++} + +- return padlock_use_ace + padlock_use_rng; ++static inline void ++padlock_htonl_block(uint32_t *data, size_t count) ++{ ++ while (count--) { ++ asm volatile ("bswapl %0" : "+r"(*data)); ++ data++; ++ } + } + + #ifndef OPENSSL_NO_AES +@@ -377,17 +437,14 @@ + padlock_bswapl(AES_KEY *ks) + { + size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); +- unsigned int *key = ks->rd_key; ++ uint32_t *key = (uint32_t*) ks->rd_key; + +- while (i--) { +- asm volatile ("bswapl %0" : "+r"(*key)); +- key++; +- } ++ padlock_htonl_block(key, i); + } + #endif + + /* Force key reload from memory to the CPU microcode. +- Loading EFLAGS from the stack clears EFLAGS[30] ++ Loading EFLAGS from the stack clears EFLAGS[30] + which does the trick. */ + static inline void + padlock_reload_key(void) +@@ -423,7 +480,7 @@ + } + + /* Template for padlock_xcrypt_* modes */ +-/* BIG FAT WARNING: ++/* BIG FAT WARNING: + * The offsets used with 'leal' instructions + * describe items of the 'padlock_cipher_data' + * structure. +@@ -475,7 +532,7 @@ + * In case you wonder 'rep xcrypt*' instructions above are *not* + * affected by the Direction Flag and pointers advance toward + * larger addresses unconditionally. +- */ ++ */ + static inline unsigned char * + padlock_memcpy(void *dst,const void *src,size_t n) + { +@@ -501,7 +558,7 @@ + _asm _emit 0x0f _asm _emit 0xa7 \ + _asm _emit code + +-/* BIG FAT WARNING: ++/* BIG FAT WARNING: + * The offsets used with 'lea' instructions + * describe items of the 'padlock_cipher_data' + * structure. +@@ -840,7 +897,7 @@ + return 1; + } + +-/* ++/* + * Simplified version of padlock_aes_cipher() used when + * 1) both input and output buffers are at aligned addresses. + * or when +@@ -895,7 +952,7 @@ + # error "insane PADLOCK_CHUNK..." + #endif + +-/* Re-align the arguments to 16-Bytes boundaries and run the ++/* Re-align the arguments to 16-Bytes boundaries and run the + encryption function itself. This function is not AES-specific. */ + static int + padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +@@ -1157,6 +1214,470 @@ + + #endif /* OPENSSL_NO_AES */ + ++#ifndef OPENSSL_NO_SHA ++ ++struct padlock_digest_data { ++ unsigned char output[128+16]; ++ uint64_t total; ++ ++ unsigned char *buffer; ++ size_t used; ++ size_t size; ++ ++ void (*hash)(struct padlock_digest_data *data, ++ const void *buf, size_t len); ++ int (*update)(EVP_MD_CTX *ctx, ++ const void *buffer, size_t len); ++ int (*final)(EVP_MD_CTX *ctx, unsigned char *buffer); ++}; ++ ++#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) ++#define DIGEST_DATA_OUTPUT(dd) (uint32_t*)(((uintptr_t)(dd->output) + 15) & ~15) ++#define PADLOCK_BUFFER_PAGES 14 ++ ++static inline void * ++padlock_atomic_xchg(volatile void **mem, void *fixed) ++{ ++ /* No lock prefix due the xchg asserts it anyway, and the ++ * funny unsigned long* cast is required to workaround some gcc ++ * problems if compiling in PIC mode */ ++ asm volatile ( ++ "xchg %0, %1" ++ : "=r"(fixed) ++ : "m"(*(unsigned long*)mem), "0"(fixed) ++ : "memory"); ++ return fixed; ++} ++ ++static void ++padlock_do_sha1(struct padlock_digest_data *data, const void *buf, size_t len) ++{ ++ uint32_t *output = DIGEST_DATA_OUTPUT(data); ++ asm volatile ( ++ "xsha1" ++ : "+S"(buf), "+D"(output) ++ : "c"(len), "a"(0)); ++} ++ ++static void ++padlock_do_sha256(struct padlock_digest_data *data, const void *buf, size_t len) ++{ ++ uint32_t *output = DIGEST_DATA_OUTPUT(data); ++ asm volatile ( ++ "xsha256" ++ : "+S"(buf), "+D"(output) ++ : "c"(len), "a"(0)); ++} ++ ++static void ++handle_sigsegv(int sig, siginfo_t *info, void *uctxp) ++{ ++ ucontext_t *uctx = uctxp; ++ ++ uctx->uc_mcontext.gregs[14] += 4; ++} ++ ++static void ++padlock_sha_nonfinalizing(struct padlock_digest_data *data) ++{ ++ struct sigaction act, oldact; ++ size_t bofs = 0; ++ ++ if (data->used != data->size) { ++ bofs = data->size - data->used; ++ memmove(&data->buffer[bofs], data->buffer, data->used); ++ } ++ ++ memset(&act, 0, sizeof(act)); ++ act.sa_sigaction = handle_sigsegv; ++ act.sa_flags = SA_SIGINFO; ++ sigaction(SIGSEGV, &act, &oldact); ++ data->hash(data, &data->buffer[bofs], data->used + 64); ++ sigaction(SIGSEGV, &oldact, NULL); ++} ++ ++static void ++padlock_free_buffer(void *buf) ++{ ++ buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, buf); ++ if (buf != NULL) ++ munmap(buf, (PADLOCK_BUFFER_PAGES + 1) * getpagesize()); ++} ++ ++static void * ++padlock_allocate_buffer(size_t *maxsize) ++{ ++ void *buf; ++ size_t size, page; ++ ++ page = getpagesize(); ++ buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, NULL); ++ if (buf != NULL) ++ goto ret; ++ ++ size = (PADLOCK_BUFFER_PAGES + 1) * page; ++ buf = mmap(0, size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANONYMOUS, 0, 0); ++ if (buf == NULL) ++ return NULL; ++ ++ /* Try locking the pages to avoid swapping, but don't fail if ++ * we are over quota. */ ++ mlock(buf, size); ++ ++ if (mprotect(buf + PADLOCK_BUFFER_PAGES * page, page, PROT_NONE) < 0) { ++ munmap(buf, size); ++ return NULL; ++ } ++ ++ret: ++ *maxsize = PADLOCK_BUFFER_PAGES * page - 64; ++ ++ return buf; ++} ++ ++static int ++padlock_multi_update(EVP_MD_CTX *ctx, const void *data, size_t len) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ size_t chunk_size; ++ ++ if (ddata->buffer == NULL) { ++ ddata->buffer = padlock_allocate_buffer(&ddata->size); ++ } ++ ++ while (len) { ++ if (ddata->used + len < ddata->size) { ++ memcpy(&ddata->buffer[ddata->used], data, len); ++ ddata->used += len; ++ ddata->total += len; ++ return 1; ++ } ++ ++ chunk_size = ddata->size - ddata->used; ++ memcpy(&ddata->buffer[ddata->used], data, chunk_size); ++ ++ data += chunk_size; ++ len -= chunk_size; ++ ddata->used = ddata->size; ++ ddata->total += chunk_size; ++ padlock_sha_nonfinalizing(ddata); ++ ddata->used = 0; ++ } ++ ++ return 1; ++} ++ ++static int ++padlock_oneshot_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ size_t size = EVP_MD_CTX_size(ctx); ++ uint32_t *output = DIGEST_DATA_OUTPUT(ddata); ++ ++ padlock_htonl_block(output, size / sizeof(uint32_t)); ++ memcpy(md, output, size); ++ ++ return 1; ++} ++ ++static int ++padlock_multi_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ static const char padding[64] = { 0x80, }; ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ if (ddata->used == ddata->total) { ++ /* Sweet, everything fits in one buffer. */ ++ ddata->hash(ddata, ddata->buffer, ddata->used); ++ } else { ++ /* Hardware already hashed some buffers. ++ * Do finalizing manually */ ++ union { ++ uint64_t u64; ++ uint32_t u32[2]; ++ } bits_le, bits; ++ size_t lastblocklen, padlen; ++ ++ /* BigEndianise the length. */ ++ bits_le.u64 = ddata->total * 8; ++ bits.u32[1] = htonl(bits_le.u32[0]); ++ bits.u32[0] = htonl(bits_le.u32[1]); ++ ++ /* Append padding, leave space for length. */ ++ lastblocklen = ddata->total & 63; ++ padlen = (lastblocklen < 56) ? (56 - lastblocklen) : ((64+56) - lastblocklen); ++ padlock_multi_update(ctx, padding, padlen); ++ ++ /* Length in BigEndian64 */ ++ padlock_multi_update(ctx, (const char *) &bits, sizeof(bits)); ++ ++ /* And finally calculate it */ ++ padlock_sha_nonfinalizing(ddata); ++ } ++ ++ return padlock_oneshot_final(ctx, md); ++} ++ ++static int ++padlock_oneshot_update(EVP_MD_CTX *ctx, const void *data, size_t length) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ /* Oneshot update is only possible if context flags indicate so */ ++ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { ++ ddata->update = padlock_multi_update; ++ ddata->final = padlock_multi_final; ++ return padlock_multi_update(ctx, data, length); ++ } ++ ++ ddata->hash(ddata, data, length); ++ return 1; ++} ++ ++static void ++padlock_sha_init(struct padlock_digest_data *ddata) ++{ ++ ddata->total = 0; ++ ddata->buffer = NULL; ++ ddata->used = 0; ++ ddata->size = 0; ++ ddata->update = padlock_oneshot_update; ++ ddata->final = padlock_oneshot_final; ++} ++ ++static int ++padlock_sha1_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ uint32_t *output = DIGEST_DATA_OUTPUT(ddata); ++ ++ output[0] = 0x67452301; ++ output[1] = 0xEFCDAB89; ++ output[2] = 0x98BADCFE; ++ output[3] = 0x10325476; ++ output[4] = 0xC3D2E1F0; ++ ++ padlock_sha_init(ddata); ++ ddata->hash = padlock_do_sha1; ++ ++ return 1; ++} ++ ++static int ++padlock_sha224_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ uint32_t *output = DIGEST_DATA_OUTPUT(ddata); ++ ++ output[0] = 0xC1059ED8UL; ++ output[1] = 0x367CD507UL; ++ output[2] = 0x3070DD17UL; ++ output[3] = 0xF70E5939UL; ++ output[4] = 0xFFC00B31UL; ++ output[5] = 0x68581511UL; ++ output[6] = 0x64F98FA7UL; ++ output[7] = 0xBEFA4FA4UL; ++ ++ padlock_sha_init(ddata); ++ ddata->hash = padlock_do_sha256; ++ ++ return 1; ++} ++ ++static int ++padlock_sha256_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ uint32_t *output = DIGEST_DATA_OUTPUT(ddata); ++ ++ output[0] = 0x6A09E667; ++ output[1] = 0xBB67AE85; ++ output[2] = 0x3C6EF372; ++ output[3] = 0xA54FF53A; ++ output[4] = 0x510E527F; ++ output[5] = 0x9B05688C; ++ output[6] = 0x1F83D9AB; ++ output[7] = 0x5BE0CD19; ++ ++ padlock_sha_init(ddata); ++ ddata->hash = padlock_do_sha256; ++ ++ return 1; ++} ++ ++static int ++padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length) ++{ ++ return DIGEST_DATA(ctx)->update(ctx, data, length); ++} ++ ++static int ++padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return DIGEST_DATA(ctx)->final(ctx, md); ++} ++ ++static int ++padlock_sha_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) ++{ ++ struct padlock_digest_data *dfrom = DIGEST_DATA(from); ++ struct padlock_digest_data *dto = DIGEST_DATA(to); ++ ++ /* Copy the internal state */ ++ memcpy(DIGEST_DATA_OUTPUT(dto), DIGEST_DATA_OUTPUT(dfrom), 128); ++ dto->total = dfrom->total - dfrom->used; ++ dto->hash = dfrom->hash; ++ dto->used = 0; ++ ++ /* Try using oneshot update if possible */ ++ if (dfrom->used == dfrom->total) { ++ dto->update = padlock_oneshot_update; ++ dto->final = padlock_oneshot_final; ++ } else { ++ dto->update = padlock_multi_update; ++ dto->final = padlock_multi_final; ++ } ++ ++ /* Copy pending data - one oneshot destination, this means finalizing ++ * the contents if we are still on the first iteration. */ ++ if (dfrom->buffer != NULL) ++ padlock_sha_update(to, dfrom->buffer, dfrom->used); ++ ++ return 1; ++} ++ ++static int ++padlock_sha_cleanup(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ if (ddata->buffer != NULL) ++ padlock_free_buffer(ddata->buffer); ++ ddata->buffer = NULL; ++ ++ return 1; ++} ++ ++static const EVP_MD padlock_sha1_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static const EVP_MD padlock_dss1_md = { ++ NID_dsa, ++ NID_dsaWithSHA1, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static const EVP_MD padlock_sha224_md = { ++ NID_sha224, ++ NID_sha224WithRSAEncryption, ++ SHA224_DIGEST_LENGTH, ++ 0, ++ padlock_sha224_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static const EVP_MD padlock_sha256_md = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ 0, ++ padlock_sha256_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static int padlock_digest_nids[] = { ++#if !defined(OPENSSL_NO_SHA) ++ NID_sha1, ++ NID_dsa, ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ NID_sha224, ++#endif ++ NID_sha256, ++#endif ++}; ++ ++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); ++ ++static int ++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) ++{ ++ /* No specific digest => return a list of supported nids ... */ ++ if (!digest) { ++ *nids = padlock_digest_nids; ++ return padlock_digest_nids_num; ++ } ++ ++ /* ... or the requested "digest" otherwise */ ++ switch (nid) { ++#if !defined(OPENSSL_NO_SHA) ++ case NID_sha1: ++ *digest = &padlock_sha1_md; ++ break; ++ case NID_dsa: ++ *digest = &padlock_dss1_md; ++ break; ++#endif ++ ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ case NID_sha224: ++ *digest = &padlock_sha224_md; ++ break; ++#endif /* OPENSSL_NO_SHA224 */ ++ ++ case NID_sha256: ++ *digest = &padlock_sha256_md; ++ break; ++#endif /* OPENSSL_NO_SHA256 */ ++ ++ default: ++ /* Sorry, we don't support this NID */ ++ *digest = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_NO_SHA */ ++ ++#ifndef PADLOCK_NO_RNG + /* ===== Random Number Generator ===== */ + /* + * This code is not engaged. The reason is that it does not comply +@@ -1164,7 +1685,7 @@ + * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it + * provide meaningful error control... + */ +-/* Wrapper that provides an interface between the API and ++/* Wrapper that provides an interface between the API and + the raw PadLock RNG */ + static int + padlock_rand_bytes(unsigned char *output, int count) +@@ -1212,6 +1733,7 @@ + padlock_rand_bytes, /* pseudorand */ + padlock_rand_status, /* rand status */ + }; ++#endif /* PADLOCK_NO_RNG */ + + #endif /* COMPILE_HW_PADLOCK */ + +Index: openssl-0.9.8k/crypto/evp/p_sign.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/evp/p_sign.c 2009-07-13 11:01:02.000000000 +0300 ++++ openssl-0.9.8k/crypto/evp/p_sign.c 2009-07-13 11:01:45.000000000 +0300 +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -105,6 +105,7 @@ + return(0); + } + EVP_MD_CTX_init(&tmp_ctx); ++ M_EVP_MD_CTX_set_flags(&tmp_ctx,EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) + { +Index: openssl-0.9.8k/crypto/evp/p_verify.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/evp/p_verify.c 2009-07-13 11:01:06.000000000 +0300 ++++ openssl-0.9.8k/crypto/evp/p_verify.c 2009-07-13 11:02:11.000000000 +0300 +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -92,7 +92,8 @@ + } + + EVP_MD_CTX_init(&tmp_ctx); +- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); ++ M_EVP_MD_CTX_set_flags(&tmp_ctx,EVP_MD_CTX_FLAG_ONESHOT); ++ EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) + { + EVP_MD_SVCTX sctmp; |