forked from rpms/openssl
- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)
- add patches for BN threadsafety, AES cache collision attack hazard fix and pkcs7 code memleak fix from upstream CVS
This commit is contained in:
parent
a362beea0e
commit
4d4d77e68c
777
openssl-0.9.8b-aes-cachecol.patch
Normal file
777
openssl-0.9.8b-aes-cachecol.patch
Normal file
@ -0,0 +1,777 @@
|
||||
openssl/crypto/aes/aes_core.c 1.7 -> 1.7.2.1
|
||||
|
||||
--- openssl/crypto/aes/aes_core.c 2005/01/24 14:22:05 1.7
|
||||
+++ openssl/crypto/aes/aes_core.c 2006/06/28 08:58:15 1.7.2.1
|
||||
@@ -44,22 +44,14 @@
|
||||
Te1[x] = S [x].[03, 02, 01, 01];
|
||||
Te2[x] = S [x].[01, 03, 02, 01];
|
||||
Te3[x] = S [x].[01, 01, 03, 02];
|
||||
-Te4[x] = S [x].[01, 01, 01, 01];
|
||||
|
||||
Td0[x] = Si[x].[0e, 09, 0d, 0b];
|
||||
Td1[x] = Si[x].[0b, 0e, 09, 0d];
|
||||
Td2[x] = Si[x].[0d, 0b, 0e, 09];
|
||||
Td3[x] = Si[x].[09, 0d, 0b, 0e];
|
||||
-Td4[x] = Si[x].[01, 01, 01, 01];
|
||||
+Td4[x] = Si[x].[01];
|
||||
*/
|
||||
|
||||
-#ifdef AES_ASM
|
||||
-extern const u32 AES_Te[5][256];
|
||||
-#define Te0 AES_Te[0]
|
||||
-#define Te1 AES_Te[1]
|
||||
-#define Te2 AES_Te[2]
|
||||
-#define Te3 AES_Te[3]
|
||||
-#else
|
||||
static const u32 Te0[256] = {
|
||||
0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
|
||||
0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
|
||||
@@ -324,81 +316,7 @@
|
||||
0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
|
||||
0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
|
||||
};
|
||||
-#endif
|
||||
-static const u32 Te4[256] = {
|
||||
- 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
|
||||
- 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
|
||||
- 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
|
||||
- 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
|
||||
- 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
|
||||
- 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
|
||||
- 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
|
||||
- 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
|
||||
- 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
|
||||
- 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
|
||||
- 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
|
||||
- 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
|
||||
- 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
|
||||
- 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
|
||||
- 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
|
||||
- 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
|
||||
- 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
|
||||
- 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
|
||||
- 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
|
||||
- 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
|
||||
- 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
|
||||
- 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
|
||||
- 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
|
||||
- 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
|
||||
- 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
|
||||
- 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
|
||||
- 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
|
||||
- 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
|
||||
- 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
|
||||
- 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
|
||||
- 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
|
||||
- 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
|
||||
- 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
|
||||
- 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
|
||||
- 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
|
||||
- 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
|
||||
- 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
|
||||
- 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
|
||||
- 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
|
||||
- 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
|
||||
- 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
|
||||
- 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
|
||||
- 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
|
||||
- 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
|
||||
- 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
|
||||
- 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
|
||||
- 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
|
||||
- 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
|
||||
- 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
|
||||
- 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
|
||||
- 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
|
||||
- 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
|
||||
- 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
|
||||
- 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
|
||||
- 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
|
||||
- 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
|
||||
- 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
|
||||
- 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
|
||||
- 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
|
||||
- 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
|
||||
- 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
|
||||
- 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
|
||||
- 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
|
||||
- 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
|
||||
-};
|
||||
|
||||
-#ifdef AES_ASM
|
||||
-extern const u32 AES_Td[5][256];
|
||||
-#define Td0 AES_Td[0]
|
||||
-#define Td1 AES_Td[1]
|
||||
-#define Td2 AES_Td[2]
|
||||
-#define Td3 AES_Td[3]
|
||||
-#else
|
||||
static const u32 Td0[256] = {
|
||||
0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
|
||||
0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
|
||||
@@ -663,72 +581,39 @@
|
||||
0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
|
||||
0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
|
||||
};
|
||||
-#endif
|
||||
-static const u32 Td4[256] = {
|
||||
- 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
|
||||
- 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
|
||||
- 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
|
||||
- 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
|
||||
- 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
|
||||
- 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
|
||||
- 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
|
||||
- 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
|
||||
- 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
|
||||
- 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
|
||||
- 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
|
||||
- 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
|
||||
- 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
|
||||
- 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
|
||||
- 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
|
||||
- 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
|
||||
- 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
|
||||
- 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
|
||||
- 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
|
||||
- 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
|
||||
- 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
|
||||
- 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
|
||||
- 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
|
||||
- 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
|
||||
- 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
|
||||
- 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
|
||||
- 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
|
||||
- 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
|
||||
- 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
|
||||
- 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
|
||||
- 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
|
||||
- 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
|
||||
- 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
|
||||
- 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
|
||||
- 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
|
||||
- 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
|
||||
- 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
|
||||
- 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
|
||||
- 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
|
||||
- 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
|
||||
- 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
|
||||
- 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
|
||||
- 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
|
||||
- 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
|
||||
- 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
|
||||
- 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
|
||||
- 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
|
||||
- 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
|
||||
- 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
|
||||
- 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
|
||||
- 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
|
||||
- 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
|
||||
- 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
|
||||
- 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
|
||||
- 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
|
||||
- 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
|
||||
- 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
|
||||
- 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
|
||||
- 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
|
||||
- 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
|
||||
- 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
|
||||
- 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
|
||||
- 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
|
||||
- 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
|
||||
+static const u8 Td4[256] = {
|
||||
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
|
||||
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
|
||||
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
|
||||
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
|
||||
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
|
||||
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
|
||||
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
|
||||
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
|
||||
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
|
||||
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
|
||||
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
|
||||
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
|
||||
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
|
||||
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
|
||||
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
|
||||
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
|
||||
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
|
||||
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
|
||||
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
|
||||
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
|
||||
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
|
||||
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
|
||||
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
|
||||
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
|
||||
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
|
||||
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
|
||||
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
|
||||
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
|
||||
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
|
||||
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
|
||||
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
|
||||
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
|
||||
};
|
||||
static const u32 rcon[] = {
|
||||
0x01000000, 0x02000000, 0x04000000, 0x08000000,
|
||||
@@ -768,10 +653,10 @@
|
||||
while (1) {
|
||||
temp = rk[3];
|
||||
rk[4] = rk[0] ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[5] = rk[1] ^ rk[4];
|
||||
rk[6] = rk[2] ^ rk[5];
|
||||
@@ -788,10 +673,10 @@
|
||||
while (1) {
|
||||
temp = rk[ 5];
|
||||
rk[ 6] = rk[ 0] ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[ 7] = rk[ 1] ^ rk[ 6];
|
||||
rk[ 8] = rk[ 2] ^ rk[ 7];
|
||||
@@ -810,10 +695,10 @@
|
||||
while (1) {
|
||||
temp = rk[ 7];
|
||||
rk[ 8] = rk[ 0] ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[ 9] = rk[ 1] ^ rk[ 8];
|
||||
rk[10] = rk[ 2] ^ rk[ 9];
|
||||
@@ -823,10 +708,10 @@
|
||||
}
|
||||
temp = rk[11];
|
||||
rk[12] = rk[ 4] ^
|
||||
- (Te4[(temp >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x000000ff);
|
||||
+ (Te2[(temp >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp ) & 0xff] & 0x000000ff);
|
||||
rk[13] = rk[ 5] ^ rk[12];
|
||||
rk[14] = rk[ 6] ^ rk[13];
|
||||
rk[15] = rk[ 7] ^ rk[14];
|
||||
@@ -865,25 +750,25 @@
|
||||
for (i = 1; i < (key->rounds); i++) {
|
||||
rk += 4;
|
||||
rk[0] =
|
||||
- Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[0] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[0] ) & 0xff] & 0xff];
|
||||
rk[1] =
|
||||
- Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[1] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[1] ) & 0xff] & 0xff];
|
||||
rk[2] =
|
||||
- Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[2] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[2] ) & 0xff] & 0xff];
|
||||
rk[3] =
|
||||
- Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[3] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[3] ) & 0xff] & 0xff];
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -1051,31 +936,31 @@
|
||||
* map cipher state to byte array block:
|
||||
*/
|
||||
s0 =
|
||||
- (Te4[(t0 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t3 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t0 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^
|
||||
rk[0];
|
||||
PUTU32(out , s0);
|
||||
s1 =
|
||||
- (Te4[(t1 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t0 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t1 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^
|
||||
rk[1];
|
||||
PUTU32(out + 4, s1);
|
||||
s2 =
|
||||
- (Te4[(t2 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t1 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t2 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^
|
||||
rk[2];
|
||||
PUTU32(out + 8, s2);
|
||||
s3 =
|
||||
- (Te4[(t3 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t2 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t3 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^
|
||||
rk[3];
|
||||
PUTU32(out + 12, s3);
|
||||
}
|
||||
@@ -1242,31 +1127,31 @@
|
||||
* map cipher state to byte array block:
|
||||
*/
|
||||
s0 =
|
||||
- (Td4[(t0 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t1 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t0 >> 24) ] << 24) ^
|
||||
+ (Td4[(t3 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t2 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t1 ) & 0xff]) ^
|
||||
rk[0];
|
||||
PUTU32(out , s0);
|
||||
s1 =
|
||||
- (Td4[(t1 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t2 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t1 >> 24) ] << 24) ^
|
||||
+ (Td4[(t0 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t3 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t2 ) & 0xff]) ^
|
||||
rk[1];
|
||||
PUTU32(out + 4, s1);
|
||||
s2 =
|
||||
- (Td4[(t2 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t3 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t2 >> 24) ] << 24) ^
|
||||
+ (Td4[(t1 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t0 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t3 ) & 0xff]) ^
|
||||
rk[2];
|
||||
PUTU32(out + 8, s2);
|
||||
s3 =
|
||||
- (Td4[(t3 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t0 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t3 >> 24) ] << 24) ^
|
||||
+ (Td4[(t2 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t1 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t0 ) & 0xff]) ^
|
||||
rk[3];
|
||||
PUTU32(out + 12, s3);
|
||||
}
|
||||
openssl/crypto/aes/asm/aes-586.pl 1.11 -> 1.11.2.1
|
||||
|
||||
--- openssl/crypto/aes/asm/aes-586.pl 2005/05/09 21:48:00 1.11
|
||||
+++ openssl/crypto/aes/asm/aes-586.pl 2006/06/28 09:01:40 1.11.2.1
|
||||
@@ -6,7 +6,7 @@
|
||||
# forms are granted according to the OpenSSL license.
|
||||
# ====================================================================
|
||||
#
|
||||
-# Version 3.4.
|
||||
+# Version 3.6.
|
||||
#
|
||||
# You might fail to appreciate this module performance from the first
|
||||
# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
|
||||
@@ -66,6 +66,13 @@
|
||||
# stack. This unfortunately has rather strong impact on small block CBC
|
||||
# performance, ~2x deterioration on 16-byte block if compared to 3.3.
|
||||
#
|
||||
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
|
||||
+# key schedule and S-boxes and abstains from copying the former if
|
||||
+# there is no. This allows end-user to consciously retain small block
|
||||
+# performance by aligning key schedule in specific manner.
|
||||
+#
|
||||
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
|
||||
+#
|
||||
# Current ECB performance numbers for 128-bit key in CPU cycles per
|
||||
# processed byte [measure commonly used by AES benchmarkers] are:
|
||||
#
|
||||
@@ -505,28 +512,27 @@
|
||||
if($i==3) { &mov ($key,&DWP(12,"esp")); }
|
||||
else { &mov ($out,$s[0]); }
|
||||
&and ($out,0xFF);
|
||||
- &mov ($out,&DWP(2048,$td,$out,4));
|
||||
- &and ($out,0x000000ff);
|
||||
+ &movz ($out,&DWP(2048,$td,$out,1));
|
||||
|
||||
if ($i==3) { $tmp=$s[1]; }
|
||||
&movz ($tmp,&HB($s[1]));
|
||||
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
|
||||
- &and ($tmp,0x0000ff00);
|
||||
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
|
||||
+ &shl ($tmp,8);
|
||||
&xor ($out,$tmp);
|
||||
|
||||
if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
|
||||
else { mov ($tmp,$s[2]); }
|
||||
&shr ($tmp,16);
|
||||
&and ($tmp,0xFF);
|
||||
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
|
||||
- &and ($tmp,0x00ff0000);
|
||||
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
|
||||
+ &shl ($tmp,16);
|
||||
&xor ($out,$tmp);
|
||||
|
||||
if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
|
||||
else { &mov ($tmp,$s[3]); }
|
||||
&shr ($tmp,24);
|
||||
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
|
||||
- &and ($tmp,0xff000000);
|
||||
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
|
||||
+ &shl ($tmp,24);
|
||||
&xor ($out,$tmp);
|
||||
if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
|
||||
if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
|
||||
@@ -687,70 +693,38 @@
|
||||
&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
|
||||
&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
|
||||
#Td4:
|
||||
- &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
|
||||
- &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
|
||||
- &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
|
||||
- &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
|
||||
- &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
|
||||
- &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
|
||||
- &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
|
||||
- &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
|
||||
- &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
|
||||
- &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
|
||||
- &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
|
||||
- &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
|
||||
- &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
|
||||
- &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
|
||||
- &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
|
||||
- &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
|
||||
- &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
|
||||
- &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
|
||||
- &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
|
||||
- &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
|
||||
- &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
|
||||
- &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
|
||||
- &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
|
||||
- &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
|
||||
- &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
|
||||
- &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
|
||||
- &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
|
||||
- &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
|
||||
- &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
|
||||
- &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
|
||||
- &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
|
||||
- &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
|
||||
- &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
|
||||
- &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
|
||||
- &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
|
||||
- &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
|
||||
- &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
|
||||
- &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
|
||||
- &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
|
||||
- &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
|
||||
- &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
|
||||
- &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
|
||||
- &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
|
||||
- &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
|
||||
- &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
|
||||
- &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
|
||||
- &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
|
||||
- &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
|
||||
- &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
|
||||
- &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
|
||||
- &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
|
||||
- &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
|
||||
- &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
|
||||
- &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
|
||||
- &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
|
||||
- &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
|
||||
- &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
|
||||
- &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
|
||||
- &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
|
||||
- &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
|
||||
- &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
|
||||
- &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
|
||||
- &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
|
||||
- &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
|
||||
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
|
||||
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
|
||||
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
|
||||
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
|
||||
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
|
||||
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
|
||||
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
|
||||
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
|
||||
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
|
||||
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
|
||||
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
|
||||
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
|
||||
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
|
||||
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
|
||||
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
|
||||
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
|
||||
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
|
||||
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
|
||||
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
|
||||
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
|
||||
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
|
||||
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
|
||||
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
|
||||
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
|
||||
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
|
||||
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
|
||||
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
|
||||
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
|
||||
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
|
||||
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
|
||||
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
|
||||
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
|
||||
&function_end_B("_x86_AES_decrypt");
|
||||
|
||||
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
|
||||
@@ -770,6 +744,18 @@
|
||||
&blindpop("ebp");
|
||||
&lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
|
||||
|
||||
+ # prefetch Td4
|
||||
+ &lea ("ebp",&DWP(2048+128,"ebp"));
|
||||
+ &mov ($s0,&DWP(0-128,"ebp"));
|
||||
+ &mov ($s1,&DWP(32-128,"ebp"));
|
||||
+ &mov ($s2,&DWP(64-128,"ebp"));
|
||||
+ &mov ($s3,&DWP(96-128,"ebp"));
|
||||
+ &mov ($s0,&DWP(128-128,"ebp"));
|
||||
+ &mov ($s1,&DWP(160-128,"ebp"));
|
||||
+ &mov ($s2,&DWP(192-128,"ebp"));
|
||||
+ &mov ($s3,&DWP(224-128,"ebp"));
|
||||
+ &lea ("ebp",&DWP(-2048-128,"ebp"));
|
||||
+
|
||||
&mov ($s0,&DWP(0,$acc)); # load input data
|
||||
&mov ($s1,&DWP(4,$acc));
|
||||
&mov ($s2,&DWP(8,$acc));
|
||||
@@ -805,6 +791,7 @@
|
||||
my $_tmp=&DWP(40,"esp"); #volatile variable
|
||||
my $ivec=&DWP(44,"esp"); #ivec[16]
|
||||
my $aes_key=&DWP(60,"esp"); #copy of aes_key
|
||||
+my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
|
||||
|
||||
&public_label("AES_Te");
|
||||
&public_label("AES_Td");
|
||||
@@ -865,18 +852,27 @@
|
||||
&mov ($_key,$s3); # save copy of key
|
||||
&mov ($_ivp,$acc); # save copy of ivp
|
||||
|
||||
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
|
||||
if ($compromise) {
|
||||
&cmp ($s2,$compromise);
|
||||
&jb (&label("skip_ecopy"));
|
||||
}
|
||||
- # copy key schedule to stack
|
||||
- &mov ("ecx",244/4);
|
||||
+ # do we copy key schedule to stack?
|
||||
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
|
||||
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
|
||||
+ &sub ($s1,"ebp");
|
||||
&mov ("esi",$s3);
|
||||
+ &and ($s1,0xfff);
|
||||
&lea ("edi",$aes_key);
|
||||
- &mov ($_key,"edi");
|
||||
+ &cmp ($s1,2048);
|
||||
+ &jb (&label("do_ecopy"));
|
||||
+ &cmp ($s1,4096-244);
|
||||
+ &jb (&label("skip_ecopy"));
|
||||
&align (4);
|
||||
- &data_word(0xF689A5F3); # rep movsd
|
||||
- &set_label("skip_ecopy") if ($compromise);
|
||||
+ &set_label("do_ecopy");
|
||||
+ &mov ($_key,"edi");
|
||||
+ &data_word(0xA5F3F689); # rep movsd
|
||||
+ &set_label("skip_ecopy");
|
||||
|
||||
&mov ($acc,$s0);
|
||||
&mov ($key,16);
|
||||
@@ -942,18 +938,16 @@
|
||||
&mov (&DWP(8,$acc),$s2);
|
||||
&mov (&DWP(12,$acc),$s3);
|
||||
|
||||
+ &cmp ($mark,0); # was the key schedule copied?
|
||||
&mov ("edi",$_key);
|
||||
&mov ("esp",$_esp);
|
||||
- if ($compromise) {
|
||||
- &cmp (&wparam(2),$compromise);
|
||||
- &jb (&label("skip_ezero"));
|
||||
- }
|
||||
+ &je (&label("skip_ezero"));
|
||||
# zero copy of key schedule
|
||||
&mov ("ecx",240/4);
|
||||
&xor ("eax","eax");
|
||||
&align (4);
|
||||
- &data_word(0xF689ABF3); # rep stosd
|
||||
- &set_label("skip_ezero") if ($compromise);
|
||||
+ &data_word(0xABF3F689); # rep stosd
|
||||
+ &set_label("skip_ezero")
|
||||
&popf ();
|
||||
&set_label("enc_out");
|
||||
&function_end_A();
|
||||
@@ -968,7 +962,7 @@
|
||||
&cmp ($key,$acc); # compare with inp
|
||||
&je (&label("enc_in_place"));
|
||||
&align (4);
|
||||
- &data_word(0xF689A4F3); # rep movsb # copy input
|
||||
+ &data_word(0xA4F3F689); # rep movsb # copy input
|
||||
&jmp (&label("enc_skip_in_place"));
|
||||
&set_label("enc_in_place");
|
||||
&lea ($key,&DWP(0,$key,$s2));
|
||||
@@ -976,7 +970,7 @@
|
||||
&mov ($s2,$s1);
|
||||
&xor ($s0,$s0);
|
||||
&align (4);
|
||||
- &data_word(0xF689AAF3); # rep stosb # zero tail
|
||||
+ &data_word(0xAAF3F689); # rep stosb # zero tail
|
||||
&pop ($key); # pop ivp
|
||||
|
||||
&mov ($acc,$_out); # output as input
|
||||
@@ -996,10 +990,10 @@
|
||||
|
||||
# ... and make sure it doesn't alias with AES_Td modulo 4096
|
||||
&mov ($s0,"ebp");
|
||||
- &lea ($s1,&DWP(3072,"ebp"));
|
||||
+ &lea ($s1,&DWP(2048+256,"ebp"));
|
||||
&mov ($s3,$key);
|
||||
&and ($s0,0xfff); # s = %ebp&0xfff
|
||||
- &and ($s1,0xfff); # e = (%ebp+3072)&0xfff
|
||||
+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
|
||||
&and ($s3,0xfff); # p = %esp&0xfff
|
||||
|
||||
&cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
|
||||
@@ -1030,21 +1024,30 @@
|
||||
&mov ($_key,$s3); # save copy of key
|
||||
&mov ($_ivp,$acc); # save copy of ivp
|
||||
|
||||
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
|
||||
if ($compromise) {
|
||||
&cmp ($s2,$compromise);
|
||||
&jb (&label("skip_dcopy"));
|
||||
}
|
||||
- # copy key schedule to stack
|
||||
- &mov ("ecx",244/4);
|
||||
+ # do we copy key schedule to stack?
|
||||
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
|
||||
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
|
||||
+ &sub ($s1,"ebp");
|
||||
&mov ("esi",$s3);
|
||||
+ &and ($s1,0xfff);
|
||||
&lea ("edi",$aes_key);
|
||||
- &mov ($_key,"edi");
|
||||
+ &cmp ($s1,2048+256);
|
||||
+ &jb (&label("do_dcopy"));
|
||||
+ &cmp ($s1,4096-244);
|
||||
+ &jb (&label("skip_dcopy"));
|
||||
&align (4);
|
||||
- &data_word(0xF689A5F3); # rep movsd
|
||||
- &set_label("skip_dcopy") if ($compromise);
|
||||
+ &set_label("do_dcopy");
|
||||
+ &mov ($_key,"edi");
|
||||
+ &data_word(0xA5F3F689); # rep movsd
|
||||
+ &set_label("skip_dcopy");
|
||||
|
||||
&mov ($acc,$s0);
|
||||
- &mov ($key,24);
|
||||
+ &mov ($key,18);
|
||||
&align (4);
|
||||
&set_label("prefetch_td");
|
||||
&mov ($s0,&DWP(0,"ebp"));
|
||||
@@ -1054,7 +1057,7 @@
|
||||
&lea ("ebp",&DWP(128,"ebp"));
|
||||
&dec ($key);
|
||||
&jnz (&label("prefetch_td"));
|
||||
- &sub ("ebp",3072);
|
||||
+ &sub ("ebp",2048+256);
|
||||
|
||||
&cmp ($acc,$_out);
|
||||
&je (&label("dec_in_place")); # in-place processing...
|
||||
@@ -1121,7 +1124,7 @@
|
||||
&lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
|
||||
&mov ($acc eq "esi" ? $acc : "",$key);
|
||||
&mov ($key eq "edi" ? $key : "",$_out); # load out
|
||||
- &data_word(0xF689A4F3); # rep movsb # copy output
|
||||
+ &data_word(0xA4F3F689); # rep movsb # copy output
|
||||
&mov ($key,$_inp); # use inp as temp ivp
|
||||
&jmp (&label("dec_end"));
|
||||
|
||||
@@ -1188,22 +1191,20 @@
|
||||
&lea ($key,&DWP(0,$key,$s2));
|
||||
&lea ($acc,&DWP(16,$acc,$s2));
|
||||
&neg ($s2 eq "ecx" ? $s2 : "");
|
||||
- &data_word(0xF689A4F3); # rep movsb # restore tail
|
||||
+ &data_word(0xA4F3F689); # rep movsb # restore tail
|
||||
|
||||
&align (4);
|
||||
&set_label("dec_out");
|
||||
+ &cmp ($mark,0); # was the key schedule copied?
|
||||
&mov ("edi",$_key);
|
||||
&mov ("esp",$_esp);
|
||||
- if ($compromise) {
|
||||
- &cmp (&wparam(2),$compromise);
|
||||
- &jb (&label("skip_dzero"));
|
||||
- }
|
||||
+ &je (&label("skip_dzero"));
|
||||
# zero copy of key schedule
|
||||
&mov ("ecx",240/4);
|
||||
&xor ("eax","eax");
|
||||
&align (4);
|
||||
- &data_word(0xF689ABF3); # rep stosd
|
||||
- &set_label("skip_dzero") if ($compromise);
|
||||
+ &data_word(0xABF3F689); # rep stosd
|
||||
+ &set_label("skip_dzero")
|
||||
&popf ();
|
||||
&function_end("AES_cbc_encrypt");
|
||||
}
|
447
openssl-0.9.8b-bn-threadsafety.patch
Normal file
447
openssl-0.9.8b-bn-threadsafety.patch
Normal file
@ -0,0 +1,447 @@
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.bn-threadsafe 2005-09-23 01:32:49.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -238,40 +238,63 @@
|
||||
return(r);
|
||||
}
|
||||
|
||||
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx)
|
||||
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
|
||||
{
|
||||
BN_BLINDING *ret;
|
||||
+ int got_write_lock = 0;
|
||||
+
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
|
||||
|
||||
if (rsa->blinding == NULL)
|
||||
{
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
+ got_write_lock = 1;
|
||||
+
|
||||
if (rsa->blinding == NULL)
|
||||
- {
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
- if (rsa->blinding == NULL)
|
||||
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
- }
|
||||
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
|
||||
}
|
||||
|
||||
ret = rsa->blinding;
|
||||
if (ret == NULL)
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
|
||||
- if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id())
|
||||
+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
|
||||
{
|
||||
- *local = 0;
|
||||
+ /* rsa->blinding is ours! */
|
||||
+
|
||||
+ *local = 1;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /* resort to rsa->mt_blinding instead */
|
||||
+
|
||||
+ *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
|
||||
+ * that the BN_BLINDING is shared, meaning that accesses
|
||||
+ * require locks, and that the blinding factor must be
|
||||
+ * stored outside the BN_BLINDING
|
||||
+ */
|
||||
+
|
||||
if (rsa->mt_blinding == NULL)
|
||||
{
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
+ if (!got_write_lock)
|
||||
+ {
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
+ got_write_lock = 1;
|
||||
+ }
|
||||
+
|
||||
if (rsa->mt_blinding == NULL)
|
||||
rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
ret = rsa->mt_blinding;
|
||||
}
|
||||
- else
|
||||
- *local = 1;
|
||||
|
||||
+ err:
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -358,7 +381,7 @@
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
|
||||
{
|
||||
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
|
||||
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
|
||||
@@ -479,7 +502,7 @@
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
|
||||
{
|
||||
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
|
||||
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
|
||||
--- openssl-0.9.8b/crypto/bn/bn_mont.c.bn-threadsafe 2005-11-11 13:59:39.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2006-07-20 13:42:07.000000000 +0200
|
||||
@@ -55,6 +55,59 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
+/* ====================================================================
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * 1. Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in
|
||||
+ * the documentation and/or other materials provided with the
|
||||
+ * distribution.
|
||||
+ *
|
||||
+ * 3. All advertising materials mentioning features or use of this
|
||||
+ * software must display the following acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
+ * endorse or promote products derived from this software without
|
||||
+ * prior written permission. For written permission, please contact
|
||||
+ * openssl-core@openssl.org.
|
||||
+ *
|
||||
+ * 5. Products derived from this software may not be called "OpenSSL"
|
||||
+ * nor may "OpenSSL" appear in their names without prior written
|
||||
+ * permission of the OpenSSL Project.
|
||||
+ *
|
||||
+ * 6. Redistributions of any form whatsoever must retain the following
|
||||
+ * acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ * ====================================================================
|
||||
+ *
|
||||
+ * This product includes cryptographic software written by Eric Young
|
||||
+ * (eay@cryptsoft.com). This product includes software written by Tim
|
||||
+ * Hudson (tjh@cryptsoft.com).
|
||||
+ *
|
||||
+ */
|
||||
|
||||
/*
|
||||
* Details about Montgomery multiplication algorithms can be found at
|
||||
@@ -353,18 +406,32 @@
|
||||
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
|
||||
const BIGNUM *mod, BN_CTX *ctx)
|
||||
{
|
||||
- if (*pmont)
|
||||
- return *pmont;
|
||||
- CRYPTO_w_lock(lock);
|
||||
+ int got_write_lock = 0;
|
||||
+ BN_MONT_CTX *ret;
|
||||
+
|
||||
+ CRYPTO_r_lock(lock);
|
||||
if (!*pmont)
|
||||
{
|
||||
- BN_MONT_CTX *mtmp;
|
||||
- mtmp = BN_MONT_CTX_new();
|
||||
- if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx))
|
||||
- BN_MONT_CTX_free(mtmp);
|
||||
- else
|
||||
- *pmont = mtmp;
|
||||
+ CRYPTO_r_unlock(lock);
|
||||
+ CRYPTO_w_lock(lock);
|
||||
+ got_write_lock = 1;
|
||||
+
|
||||
+ if (!*pmont)
|
||||
+ {
|
||||
+ ret = BN_MONT_CTX_new();
|
||||
+ if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
|
||||
+ BN_MONT_CTX_free(ret);
|
||||
+ else
|
||||
+ *pmont = ret;
|
||||
+ }
|
||||
}
|
||||
- CRYPTO_w_unlock(lock);
|
||||
- return *pmont;
|
||||
+
|
||||
+ ret = *pmont;
|
||||
+
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(lock);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(lock);
|
||||
+
|
||||
+ return ret;
|
||||
}
|
||||
--- openssl-0.9.8b/crypto/err/err.c.bn-threadsafe 2006-02-08 20:16:16.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/err/err.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -548,9 +548,20 @@
|
||||
int i;
|
||||
static int init = 1;
|
||||
|
||||
- if (!init) return;
|
||||
-
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_ERR);
|
||||
+ if (!init)
|
||||
+ {
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
|
||||
+ if (!init)
|
||||
+ {
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
|
||||
{
|
||||
--- openssl-0.9.8b/ssl/ssl_ciph.c.bn-threadsafe 2006-04-15 02:22:34.000000000 +0200
|
||||
+++ openssl-0.9.8b/ssl/ssl_ciph.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -56,6 +56,59 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * 1. Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in
|
||||
+ * the documentation and/or other materials provided with the
|
||||
+ * distribution.
|
||||
+ *
|
||||
+ * 3. All advertising materials mentioning features or use of this
|
||||
+ * software must display the following acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
+ * endorse or promote products derived from this software without
|
||||
+ * prior written permission. For written permission, please contact
|
||||
+ * openssl-core@openssl.org.
|
||||
+ *
|
||||
+ * 5. Products derived from this software may not be called "OpenSSL"
|
||||
+ * nor may "OpenSSL" appear in their names without prior written
|
||||
+ * permission of the OpenSSL Project.
|
||||
+ *
|
||||
+ * 6. Redistributions of any form whatsoever must retain the following
|
||||
+ * acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ * ====================================================================
|
||||
+ *
|
||||
+ * This product includes cryptographic software written by Eric Young
|
||||
+ * (eay@cryptsoft.com). This product includes software written by Tim
|
||||
+ * Hudson (tjh@cryptsoft.com).
|
||||
+ *
|
||||
+ */
|
||||
+/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
* ECC cipher suite support in OpenSSL originally developed by
|
||||
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
||||
@@ -203,36 +256,46 @@
|
||||
|
||||
static void load_builtin_compressions(void)
|
||||
{
|
||||
- if (ssl_comp_methods != NULL)
|
||||
- return;
|
||||
+ int got_write_lock = 0;
|
||||
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL);
|
||||
if (ssl_comp_methods == NULL)
|
||||
{
|
||||
- SSL_COMP *comp = NULL;
|
||||
-
|
||||
- MemCheck_off();
|
||||
- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
|
||||
- if (ssl_comp_methods != NULL)
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
|
||||
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
|
||||
+ got_write_lock = 1;
|
||||
+
|
||||
+ if (ssl_comp_methods == NULL)
|
||||
{
|
||||
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
- if (comp != NULL)
|
||||
+ SSL_COMP *comp = NULL;
|
||||
+
|
||||
+ MemCheck_off();
|
||||
+ ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
|
||||
+ if (ssl_comp_methods != NULL)
|
||||
{
|
||||
- comp->method=COMP_zlib();
|
||||
- if (comp->method
|
||||
- && comp->method->type == NID_undef)
|
||||
- OPENSSL_free(comp);
|
||||
- else
|
||||
+ comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
+ if (comp != NULL)
|
||||
{
|
||||
- comp->id=SSL_COMP_ZLIB_IDX;
|
||||
- comp->name=comp->method->name;
|
||||
- sk_SSL_COMP_push(ssl_comp_methods,comp);
|
||||
+ comp->method=COMP_zlib();
|
||||
+ if (comp->method
|
||||
+ && comp->method->type == NID_undef)
|
||||
+ OPENSSL_free(comp);
|
||||
+ else
|
||||
+ {
|
||||
+ comp->id=SSL_COMP_ZLIB_IDX;
|
||||
+ comp->name=comp->method->name;
|
||||
+ sk_SSL_COMP_push(ssl_comp_methods,comp);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
+ MemCheck_on();
|
||||
}
|
||||
- MemCheck_on();
|
||||
}
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
|
||||
+
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
|
||||
}
|
||||
#endif
|
||||
|
||||
--- openssl-0.9.8b/ssl/ssl_cert.c.bn-threadsafe 2006-02-24 18:58:35.000000000 +0100
|
||||
+++ openssl-0.9.8b/ssl/ssl_cert.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -73,12 +73,12 @@
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
- * openssl-core@OpenSSL.org.
|
||||
+ * openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
@@ -87,7 +87,7 @@
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
@@ -102,6 +102,11 @@
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
+ *
|
||||
+ * This product includes cryptographic software written by Eric Young
|
||||
+ * (eay@cryptsoft.com). This product includes software written by Tim
|
||||
+ * Hudson (tjh@cryptsoft.com).
|
||||
+ *
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
@@ -130,21 +135,28 @@
|
||||
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
|
||||
{
|
||||
static volatile int ssl_x509_store_ctx_idx= -1;
|
||||
+ int got_write_lock = 0;
|
||||
+
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
|
||||
if (ssl_x509_store_ctx_idx < 0)
|
||||
{
|
||||
- /* any write lock will do; usually this branch
|
||||
- * will only be taken once anyway */
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
+ got_write_lock = 1;
|
||||
|
||||
if (ssl_x509_store_ctx_idx < 0)
|
||||
{
|
||||
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
|
||||
0,"SSL for verify callback",NULL,NULL,NULL);
|
||||
}
|
||||
-
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
}
|
||||
+
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
+
|
||||
return ssl_x509_store_ctx_idx;
|
||||
}
|
||||
|
508
openssl-0.9.8b-ipv6-apps.patch
Normal file
508
openssl-0.9.8b-ipv6-apps.patch
Normal file
@ -0,0 +1,508 @@
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_apps.h openssl-0.9.8b/apps/s_apps.h
|
||||
--- openssl-0.9.8b.orig/apps/s_apps.h 2006-07-11 16:14:29.000000000 +0200
|
||||
+++ openssl-0.9.8b/apps/s_apps.h 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -148,7 +148,7 @@
|
||||
#define PORT_STR "4433"
|
||||
#define PROTOCOL "tcp"
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
#ifdef HEADER_X509_H
|
||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#endif
|
||||
@@ -156,10 +156,9 @@
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
||||
#endif
|
||||
-int init_client(int *sock, char *server, int port, int type);
|
||||
+int init_client(int *sock, char *server, char *port, int type);
|
||||
int should_retry(int i);
|
||||
-int extract_port(char *str, short *port_ptr);
|
||||
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
|
||||
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
||||
|
||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_client.c openssl-0.9.8b/apps/s_client.c
|
||||
--- openssl-0.9.8b.orig/apps/s_client.c 2005-11-25 14:46:41.000000000 +0100
|
||||
+++ openssl-0.9.8b/apps/s_client.c 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -246,7 +246,7 @@
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
fd_set readfds,writefds;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
int full_log=1;
|
||||
char *host=SSL_HOST_NAME;
|
||||
char *cert_file=NULL,*key_file=NULL;
|
||||
@@ -330,13 +330,12 @@
|
||||
else if (strcmp(*argv,"-port") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- port=atoi(*(++argv));
|
||||
- if (port == 0) goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-connect") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_host_port(*(++argv),&host,NULL,&port))
|
||||
+ if (!extract_host_port(*(++argv),&host,&port_str))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
@@ -619,7 +618,7 @@
|
||||
|
||||
re_start:
|
||||
|
||||
- if (init_client(&s,host,port,sock_type) == 0)
|
||||
+ if (init_client(&s,host,port_str,sock_type) == 0)
|
||||
{
|
||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||
SHUTDOWN(s);
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_server.c openssl-0.9.8b/apps/s_server.c
|
||||
--- openssl-0.9.8b.orig/apps/s_server.c 2005-09-02 14:27:02.000000000 +0200
|
||||
+++ openssl-0.9.8b/apps/s_server.c 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -532,7 +532,7 @@
|
||||
{
|
||||
X509_STORE *store = NULL;
|
||||
int vflags = 0;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
unsigned char *context = NULL;
|
||||
char *dhfile = NULL;
|
||||
@@ -597,8 +597,7 @@
|
||||
(strcmp(*argv,"-accept") == 0))
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_port(*(++argv),&port))
|
||||
- goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
{
|
||||
@@ -1086,9 +1085,9 @@
|
||||
|
||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||
if (www)
|
||||
- do_server(port,sock_type,&accept_socket,www_body, context);
|
||||
+ do_server(port_str,sock_type,&accept_socket,www_body, context);
|
||||
else
|
||||
- do_server(port,sock_type,&accept_socket,sv_body, context);
|
||||
+ do_server(port_str,sock_type,&accept_socket,sv_body, context);
|
||||
print_stats(bio_s_out,ctx);
|
||||
ret=0;
|
||||
end:
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_socket.c openssl-0.9.8b/apps/s_socket.c
|
||||
--- openssl-0.9.8b.orig/apps/s_socket.c 2005-06-13 05:21:00.000000000 +0200
|
||||
+++ openssl-0.9.8b/apps/s_socket.c 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -96,9 +96,7 @@
|
||||
static void ssl_sock_cleanup(void);
|
||||
#endif
|
||||
static int ssl_sock_init(void);
|
||||
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
|
||||
-static int init_server(int *sock, int port, int type);
|
||||
-static int init_server_long(int *sock, int port,char *ip, int type);
|
||||
+static int init_server(int *sock, char *port, int type);
|
||||
static int do_accept(int acc_sock, int *sock, char **host);
|
||||
static int host_ip(char *str, unsigned char ip[4]);
|
||||
|
||||
@@ -228,60 +226,69 @@
|
||||
return(1);
|
||||
}
|
||||
|
||||
-int init_client(int *sock, char *host, int port, int type)
|
||||
+int init_client(int *sock, char *host, char *port, int type)
|
||||
{
|
||||
- unsigned char ip[4];
|
||||
- short p=0;
|
||||
-
|
||||
- if (!host_ip(host,&(ip[0])))
|
||||
- {
|
||||
- return(0);
|
||||
- }
|
||||
- if (p != 0) port=p;
|
||||
- return(init_client_ip(sock,ip,port,type));
|
||||
- }
|
||||
-
|
||||
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
|
||||
- {
|
||||
- unsigned long addr;
|
||||
- struct sockaddr_in them;
|
||||
- int s,i;
|
||||
+ struct addrinfo *res, *res0, hints;
|
||||
+ char * failed_call = NULL;
|
||||
+ int s;
|
||||
+ int e;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
- memset((char *)&them,0,sizeof(them));
|
||||
- them.sin_family=AF_INET;
|
||||
- them.sin_port=htons((unsigned short)port);
|
||||
- addr=(unsigned long)
|
||||
- ((unsigned long)ip[0]<<24L)|
|
||||
- ((unsigned long)ip[1]<<16L)|
|
||||
- ((unsigned long)ip[2]<< 8L)|
|
||||
- ((unsigned long)ip[3]);
|
||||
- them.sin_addr.s_addr=htonl(addr);
|
||||
-
|
||||
- if (type == SOCK_STREAM)
|
||||
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
- else /* ( type == SOCK_DGRAM) */
|
||||
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
|
||||
-
|
||||
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||
+ memset(&hints, '\0', sizeof(hints));
|
||||
+ hints.ai_socktype = type;
|
||||
+ hints.ai_flags = AI_ADDRCONFIG;
|
||||
+
|
||||
+ e = getaddrinfo(host, port, &hints, &res);
|
||||
+ if (e)
|
||||
+ {
|
||||
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
|
||||
+ if (e == EAI_SYSTEM)
|
||||
+ perror("getaddrinfo");
|
||||
+ return (0);
|
||||
+ }
|
||||
|
||||
+ res0 = res;
|
||||
+ while (res)
|
||||
+ {
|
||||
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
|
||||
+ if (s == INVALID_SOCKET)
|
||||
+ {
|
||||
+ failed_call = "socket";
|
||||
+ goto nextres;
|
||||
+ }
|
||||
#ifndef OPENSSL_SYS_MPE
|
||||
if (type == SOCK_STREAM)
|
||||
{
|
||||
- i=0;
|
||||
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||
- if (i < 0) { perror("keepalive"); return(0); }
|
||||
+ int i=0;
|
||||
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
|
||||
+ (char *)&i,sizeof(i));
|
||||
+ if (i < 0) {
|
||||
+ failed_call = "keepalive";
|
||||
+ goto nextres;
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
-
|
||||
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
|
||||
- { close(s); perror("connect"); return(0); }
|
||||
+ if (connect(s,(struct sockaddr *)res->ai_addr,
|
||||
+ res->ai_addrlen) == 0)
|
||||
+ {
|
||||
+ freeaddrinfo(res0);
|
||||
*sock=s;
|
||||
return(1);
|
||||
}
|
||||
+ failed_call = "socket";
|
||||
+nextres:
|
||||
+ if (s != INVALID_SOCKET)
|
||||
+ close(s);
|
||||
+ res = res->ai_next;
|
||||
+ }
|
||||
+ freeaddrinfo(res0);
|
||||
+
|
||||
+ perror(failed_call);
|
||||
+ return(0);
|
||||
+ }
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
{
|
||||
int sock;
|
||||
char *name = NULL;
|
||||
@@ -319,33 +326,38 @@
|
||||
}
|
||||
}
|
||||
|
||||
-static int init_server_long(int *sock, int port, char *ip, int type)
|
||||
+static int init_server(int *sock, char *port, int type)
|
||||
{
|
||||
- int ret=0;
|
||||
- struct sockaddr_in server;
|
||||
- int s= -1,i;
|
||||
+ struct addrinfo *res, *res0, hints;
|
||||
+ char * failed_call = NULL;
|
||||
+ char port_name[8];
|
||||
+ int s;
|
||||
+ int e;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
- memset((char *)&server,0,sizeof(server));
|
||||
- server.sin_family=AF_INET;
|
||||
- server.sin_port=htons((unsigned short)port);
|
||||
- if (ip == NULL)
|
||||
- server.sin_addr.s_addr=INADDR_ANY;
|
||||
- else
|
||||
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
|
||||
-#ifndef BIT_FIELD_LIMITS
|
||||
- memcpy(&server.sin_addr.s_addr,ip,4);
|
||||
-#else
|
||||
- memcpy(&server.sin_addr,ip,4);
|
||||
-#endif
|
||||
-
|
||||
- if (type == SOCK_STREAM)
|
||||
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
- else /* type == SOCK_DGRAM */
|
||||
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
|
||||
+ memset(&hints, '\0', sizeof(hints));
|
||||
+ hints.ai_socktype = type;
|
||||
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
||||
+
|
||||
+ e = getaddrinfo(NULL, port, &hints, &res);
|
||||
+ if (e)
|
||||
+ {
|
||||
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
|
||||
+ if (e == EAI_SYSTEM)
|
||||
+ perror("getaddrinfo");
|
||||
+ return (0);
|
||||
+ }
|
||||
|
||||
- if (s == INVALID_SOCKET) goto err;
|
||||
+ res0 = res;
|
||||
+ while (res)
|
||||
+ {
|
||||
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
|
||||
+ if (s == INVALID_SOCKET)
|
||||
+ {
|
||||
+ failed_call = "socket";
|
||||
+ goto nextres;
|
||||
+ }
|
||||
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||
{
|
||||
int j = 1;
|
||||
@@ -353,36 +365,39 @@
|
||||
(void *) &j, sizeof j);
|
||||
}
|
||||
#endif
|
||||
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
|
||||
+
|
||||
+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
|
||||
{
|
||||
-#ifndef OPENSSL_SYS_WINDOWS
|
||||
- perror("bind");
|
||||
-#endif
|
||||
- goto err;
|
||||
+ failed_call = "bind";
|
||||
+ goto nextres;
|
||||
}
|
||||
- /* Make it 128 for linux */
|
||||
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
|
||||
- i=0;
|
||||
- *sock=s;
|
||||
- ret=1;
|
||||
-err:
|
||||
- if ((ret == 0) && (s != -1))
|
||||
+ if (type==SOCK_STREAM && listen(s,128) == -1)
|
||||
{
|
||||
- SHUTDOWN(s);
|
||||
+ failed_call = "listen";
|
||||
+ goto nextres;
|
||||
}
|
||||
- return(ret);
|
||||
+
|
||||
+ *sock=s;
|
||||
+ return(1);
|
||||
+
|
||||
+nextres:
|
||||
+ if (s != INVALID_SOCKET)
|
||||
+ close(s);
|
||||
+ res = res->ai_next;
|
||||
}
|
||||
+ freeaddrinfo(res0);
|
||||
|
||||
-static int init_server(int *sock, int port, int type)
|
||||
- {
|
||||
- return(init_server_long(sock, port, NULL, type));
|
||||
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||
+
|
||||
+ perror(failed_call);
|
||||
+ return(0);
|
||||
}
|
||||
|
||||
static int do_accept(int acc_sock, int *sock, char **host)
|
||||
{
|
||||
- int ret,i;
|
||||
- struct hostent *h1,*h2;
|
||||
- static struct sockaddr_in from;
|
||||
+ static struct sockaddr_storage from;
|
||||
+ char buffer[NI_MAXHOST];
|
||||
+ int ret;
|
||||
int len;
|
||||
/* struct linger ling; */
|
||||
|
||||
@@ -427,137 +442,62 @@
|
||||
if (i < 0) { perror("keepalive"); return(0); }
|
||||
*/
|
||||
|
||||
- if (host == NULL) goto end;
|
||||
-#ifndef BIT_FIELD_LIMITS
|
||||
- /* I should use WSAAsyncGetHostByName() under windows */
|
||||
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
|
||||
- sizeof(from.sin_addr.s_addr),AF_INET);
|
||||
-#else
|
||||
- h1=gethostbyaddr((char *)&from.sin_addr,
|
||||
- sizeof(struct in_addr),AF_INET);
|
||||
-#endif
|
||||
- if (h1 == NULL)
|
||||
+ if (host == NULL)
|
||||
{
|
||||
- BIO_printf(bio_err,"bad gethostbyaddr\n");
|
||||
- *host=NULL;
|
||||
- /* return(0); */
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
|
||||
- {
|
||||
- perror("OPENSSL_malloc");
|
||||
+ *sock=ret;
|
||||
return(0);
|
||||
}
|
||||
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
|
||||
|
||||
- h2=GetHostByName(*host);
|
||||
- if (h2 == NULL)
|
||||
+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
|
||||
+ buffer, sizeof(buffer),
|
||||
+ NULL, 0, 0))
|
||||
{
|
||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||
+ BIO_printf(bio_err,"getnameinfo failed\n");
|
||||
+ *host=NULL;
|
||||
return(0);
|
||||
}
|
||||
- i=0;
|
||||
- if (h2->h_addrtype != AF_INET)
|
||||
+ else
|
||||
{
|
||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
|
||||
+ {
|
||||
+ perror("OPENSSL_malloc");
|
||||
return(0);
|
||||
}
|
||||
- }
|
||||
-end:
|
||||
+ strcpy(*host, buffer);
|
||||
*sock=ret;
|
||||
return(1);
|
||||
}
|
||||
+ }
|
||||
|
||||
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
|
||||
- short *port_ptr)
|
||||
+int extract_host_port(char *str, char **host_ptr,
|
||||
+ char **port_ptr)
|
||||
{
|
||||
- char *h,*p;
|
||||
+ char *h,*p,*x;
|
||||
|
||||
- h=str;
|
||||
- p=strchr(str,':');
|
||||
+ x=h=str;
|
||||
+ if (*h == '[')
|
||||
+ {
|
||||
+ h++;
|
||||
+ p=strchr(h,']');
|
||||
if (p == NULL)
|
||||
{
|
||||
- BIO_printf(bio_err,"no port defined\n");
|
||||
+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
|
||||
return(0);
|
||||
}
|
||||
*(p++)='\0';
|
||||
-
|
||||
- if ((ip != NULL) && !host_ip(str,ip))
|
||||
- goto err;
|
||||
- if (host_ptr != NULL) *host_ptr=h;
|
||||
-
|
||||
- if (!extract_port(p,port_ptr))
|
||||
- goto err;
|
||||
- return(1);
|
||||
-err:
|
||||
- return(0);
|
||||
+ x = p;
|
||||
}
|
||||
-
|
||||
-static int host_ip(char *str, unsigned char ip[4])
|
||||
- {
|
||||
- unsigned int in[4];
|
||||
- int i;
|
||||
-
|
||||
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
|
||||
- {
|
||||
- for (i=0; i<4; i++)
|
||||
- if (in[i] > 255)
|
||||
- {
|
||||
- BIO_printf(bio_err,"invalid IP address\n");
|
||||
- goto err;
|
||||
- }
|
||||
- ip[0]=in[0];
|
||||
- ip[1]=in[1];
|
||||
- ip[2]=in[2];
|
||||
- ip[3]=in[3];
|
||||
- }
|
||||
- else
|
||||
- { /* do a gethostbyname */
|
||||
- struct hostent *he;
|
||||
-
|
||||
- if (!ssl_sock_init()) return(0);
|
||||
-
|
||||
- he=GetHostByName(str);
|
||||
- if (he == NULL)
|
||||
- {
|
||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||
- goto err;
|
||||
- }
|
||||
- /* cast to short because of win16 winsock definition */
|
||||
- if ((short)he->h_addrtype != AF_INET)
|
||||
+ p=strchr(x,':');
|
||||
+ if (p == NULL)
|
||||
{
|
||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||
- return(0);
|
||||
- }
|
||||
- ip[0]=he->h_addr_list[0][0];
|
||||
- ip[1]=he->h_addr_list[0][1];
|
||||
- ip[2]=he->h_addr_list[0][2];
|
||||
- ip[3]=he->h_addr_list[0][3];
|
||||
- }
|
||||
- return(1);
|
||||
-err:
|
||||
+ BIO_printf(bio_err,"no port defined\n");
|
||||
return(0);
|
||||
}
|
||||
+ *(p++)='\0';
|
||||
|
||||
-int extract_port(char *str, short *port_ptr)
|
||||
- {
|
||||
- int i;
|
||||
- struct servent *s;
|
||||
+ if (host_ptr != NULL) *host_ptr=h;
|
||||
+ if (port_ptr != NULL) *port_ptr=p;
|
||||
|
||||
- i=atoi(str);
|
||||
- if (i != 0)
|
||||
- *port_ptr=(unsigned short)i;
|
||||
- else
|
||||
- {
|
||||
- s=getservbyname(str,"tcp");
|
||||
- if (s == NULL)
|
||||
- {
|
||||
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
|
||||
- return(0);
|
||||
- }
|
||||
- *port_ptr=ntohs((unsigned short)s->s_port);
|
||||
- }
|
||||
return(1);
|
||||
}
|
||||
|
20
openssl-0.9.8b-pkcs7-leak.patch
Normal file
20
openssl-0.9.8b-pkcs7-leak.patch
Normal file
@ -0,0 +1,20 @@
|
||||
--- openssl-0.9.8b/crypto/pkcs7/pk7_smime.c.pk7-leak 2005-08-05 00:10:05.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/pkcs7/pk7_smime.c 2006-07-20 13:53:16.000000000 +0200
|
||||
@@ -127,6 +127,8 @@
|
||||
}
|
||||
}
|
||||
|
||||
+ if(flags & PKCS7_DETACHED) PKCS7_set_detached(p7, 1);
|
||||
+
|
||||
if (flags & PKCS7_STREAM)
|
||||
return p7;
|
||||
|
||||
@@ -138,8 +140,6 @@
|
||||
|
||||
SMIME_crlf_copy(data, p7bio, flags);
|
||||
|
||||
- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
|
||||
-
|
||||
if (!PKCS7_dataFinal(p7,p7bio)) {
|
||||
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
|
||||
PKCS7_free(p7);
|
19
openssl.spec
19
openssl.spec
@ -21,7 +21,7 @@
|
||||
Summary: The OpenSSL toolkit
|
||||
Name: openssl
|
||||
Version: 0.9.8b
|
||||
Release: 3.1
|
||||
Release: 4
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
@ -47,9 +47,13 @@ Patch34: openssl-0.9.6-x509.patch
|
||||
Patch35: openssl-0.9.7-beta5-version-add-engines.patch
|
||||
Patch36: openssl-0.9.8a-use-poll.patch
|
||||
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
|
||||
Patch39: openssl-0.9.8b-ipv6-apps.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch51: openssl-0.9.8b-block-padding.patch
|
||||
Patch52: openssl-0.9.8b-pkcs12-fix.patch
|
||||
Patch53: openssl-0.9.8b-bn-threadsafety.patch
|
||||
Patch54: openssl-0.9.8b-aes-cachecol.patch
|
||||
Patch55: openssl-0.9.8b-pkcs7-leak.patch
|
||||
|
||||
License: BSDish
|
||||
Group: System Environment/Libraries
|
||||
@ -106,9 +110,13 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
%patch35 -p1 -b .version-add-engines
|
||||
%patch36 -p1 -b .use-poll
|
||||
%patch38 -p1 -b .cipher-change
|
||||
%patch39 -p1 -b .ipv6-apps
|
||||
|
||||
%patch51 -p1 -b .block-padding
|
||||
%patch52 -p1 -b .pkcs12-fix
|
||||
%patch53 -p1 -b .bn-threadsafety
|
||||
%patch54 -p1 -b .cachecol
|
||||
%patch55 -p1 -b .pkcs7-leak
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
@ -264,11 +272,11 @@ basearch=i386
|
||||
# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
|
||||
# can have both a 32- and 64-bit version of the library, and they each need
|
||||
# their own correct-but-different versions of opensslconf.h to be usable.
|
||||
install -m644 $RPM_SOURCE_DIR/opensslconf-new-warning.h \
|
||||
install -m644 %{SOURCE10} \
|
||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
|
||||
cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \
|
||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
|
||||
install -m644 $RPM_SOURCE_DIR/opensslconf-new.h \
|
||||
install -m644 %{SOURCE9} \
|
||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
|
||||
%endif
|
||||
|
||||
@ -342,6 +350,11 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-4
|
||||
- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)
|
||||
- add patches for BN threadsafety, AES cache collision attack hazard fix and
|
||||
pkcs7 code memleak fix from upstream CVS
|
||||
|
||||
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8b-3.1
|
||||
- rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user