From f1f19751c5b18da2657cbd7b70df40a942cd3e02 Mon Sep 17 00:00:00 2001 From: James Antill Date: Thu, 26 May 2022 07:51:32 -0400 Subject: [PATCH] Auto sync2gitlab import of gnutls-3.6.16-4.el8.src.rpm --- .gitignore | 3 + EMPTY | 1 - gnutls-3.2.7-rpath.patch | 12 + gnutls-3.6.13-enable-intel-cet.patch | 7849 ++++++++++++++++++++++++ gnutls-3.6.14-fips-dh-selftests.patch | 204 + gnutls-3.6.14-fips-kdf-selftests.patch | 713 +++ gnutls-3.6.16-doc-p11tool-ckaid.patch | 14 + gnutls-3.6.16-tls12-cert-type.patch | 125 + gnutls-3.6.16-trust-ca-sha1.patch | 283 + gnutls-3.6.4-no-now-guile.patch | 13 + gnutls.spec | 1062 ++++ sources | 3 + 12 files changed, 10281 insertions(+), 1 deletion(-) create mode 100644 .gitignore delete mode 100644 EMPTY create mode 100644 gnutls-3.2.7-rpath.patch create mode 100644 gnutls-3.6.13-enable-intel-cet.patch create mode 100644 gnutls-3.6.14-fips-dh-selftests.patch create mode 100644 gnutls-3.6.14-fips-kdf-selftests.patch create mode 100644 gnutls-3.6.16-doc-p11tool-ckaid.patch create mode 100644 gnutls-3.6.16-tls12-cert-type.patch create mode 100644 gnutls-3.6.16-trust-ca-sha1.patch create mode 100644 gnutls-3.6.4-no-now-guile.patch create mode 100644 gnutls.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..eb0b92d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/gnutls-3.6.16.tar.xz +/gnutls-3.6.16.tar.xz.sig +/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/gnutls-3.2.7-rpath.patch b/gnutls-3.2.7-rpath.patch new file mode 100644 index 0000000..4e6aed3 --- /dev/null +++ b/gnutls-3.2.7-rpath.patch @@ -0,0 +1,12 @@ +diff -ur gnutls-3.2.7.orig/configure gnutls-3.2.7/configure +--- gnutls-3.2.7.orig/configure 2013-11-23 11:09:49.000000000 +0100 ++++ gnutls-3.2.7/configure 2013-11-25 16:53:05.559440656 +0100 +@@ -39652,7 +39652,7 @@ + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + diff --git a/gnutls-3.6.13-enable-intel-cet.patch b/gnutls-3.6.13-enable-intel-cet.patch new file mode 100644 index 0000000..ca16882 --- /dev/null +++ b/gnutls-3.6.13-enable-intel-cet.patch @@ -0,0 +1,7849 @@ +From 7d969e296f4a8c39a8bdc642a3234b0957531201 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Wed, 20 May 2020 10:51:37 +0200 +Subject: [PATCH] accelerated: Enable Intel CET + +Signed-off-by: Anderson Toshiyuki Sasaki +--- + lib/accelerated/x86/coff/aes-ssse3-x86.s | 13 + + lib/accelerated/x86/coff/aes-ssse3-x86_64.s | 5 + + lib/accelerated/x86/coff/aesni-gcm-x86_64.s | 8 + + lib/accelerated/x86/coff/aesni-x86.s | 22 ++ + lib/accelerated/x86/coff/aesni-x86_64.s | 29 +- + lib/accelerated/x86/coff/e_padlock-x86.s | 276 +++++++++------- + lib/accelerated/x86/coff/e_padlock-x86_64.s | 218 ++++++++----- + lib/accelerated/x86/coff/ghash-x86_64.s | 6 + + lib/accelerated/x86/coff/sha1-ssse3-x86.s | 1 + + lib/accelerated/x86/coff/sha1-ssse3-x86_64.s | 2 +- + lib/accelerated/x86/coff/sha256-ssse3-x86.s | 1 + + .../x86/coff/sha256-ssse3-x86_64.s | 18 +- + lib/accelerated/x86/coff/sha512-ssse3-x86.s | 1 + + .../x86/coff/sha512-ssse3-x86_64.s | 20 +- + lib/accelerated/x86/elf/aes-ssse3-x86.s | 30 ++ + lib/accelerated/x86/elf/aes-ssse3-x86_64.s | 26 ++ + lib/accelerated/x86/elf/aesni-gcm-x86_64.s | 29 ++ + lib/accelerated/x86/elf/aesni-x86.s | 39 +++ + lib/accelerated/x86/elf/aesni-x86_64.s | 50 ++- + lib/accelerated/x86/elf/e_padlock-x86.s | 306 ++++++++++-------- + lib/accelerated/x86/elf/e_padlock-x86_64.s | 242 +++++++++----- + lib/accelerated/x86/elf/ghash-x86_64.s | 27 ++ + lib/accelerated/x86/elf/sha1-ssse3-x86.s | 18 ++ + lib/accelerated/x86/elf/sha1-ssse3-x86_64.s | 23 +- + lib/accelerated/x86/elf/sha256-ssse3-x86.s | 18 ++ + lib/accelerated/x86/elf/sha256-ssse3-x86_64.s | 51 ++- + lib/accelerated/x86/elf/sha512-ssse3-x86.s | 18 ++ + lib/accelerated/x86/elf/sha512-ssse3-x86_64.s | 49 ++- + lib/accelerated/x86/macosx/aes-ssse3-x86.s | 13 + + lib/accelerated/x86/macosx/aes-ssse3-x86_64.s | 5 + + lib/accelerated/x86/macosx/aesni-gcm-x86_64.s | 8 + + lib/accelerated/x86/macosx/aesni-x86.s | 22 ++ + lib/accelerated/x86/macosx/aesni-x86_64.s | 29 +- + lib/accelerated/x86/macosx/e_padlock-x86.s | 288 +++++++++-------- + lib/accelerated/x86/macosx/e_padlock-x86_64.s | 218 ++++++++----- + lib/accelerated/x86/macosx/ghash-x86_64.s | 6 + + lib/accelerated/x86/macosx/sha1-ssse3-x86.s | 1 + + .../x86/macosx/sha1-ssse3-x86_64.s | 2 +- + lib/accelerated/x86/macosx/sha256-ssse3-x86.s | 1 + + .../x86/macosx/sha256-ssse3-x86_64.s | 30 +- + lib/accelerated/x86/macosx/sha512-ssse3-x86.s | 1 + + .../x86/macosx/sha512-ssse3-x86_64.s | 28 +- + 42 files changed, 1541 insertions(+), 657 deletions(-) + +diff --git a/lib/accelerated/x86/coff/aes-ssse3-x86.s b/lib/accelerated/x86/coff/aes-ssse3-x86.s +index c58ea2359..1dced3b2a 100644 +--- a/lib/accelerated/x86/coff/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/aes-ssse3-x86.s +@@ -71,6 +71,7 @@ + .def __vpaes_preheat; .scl 3; .type 32; .endef + .align 16 + __vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 +@@ -78,6 +79,7 @@ __vpaes_preheat: + .def __vpaes_encrypt_core; .scl 3; .type 32; .endef + .align 16 + __vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -154,6 +156,7 @@ __vpaes_encrypt_core: + .def __vpaes_decrypt_core; .scl 3; .type 32; .endef + .align 16 + __vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -241,6 +244,7 @@ __vpaes_decrypt_core: + .def __vpaes_schedule_core; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -334,6 +338,7 @@ __vpaes_schedule_core: + .def __vpaes_schedule_192_smear; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -345,6 +350,7 @@ __vpaes_schedule_192_smear: + .def __vpaes_schedule_round; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -393,6 +399,7 @@ __vpaes_schedule_round: + .def __vpaes_schedule_transform; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -407,6 +414,7 @@ __vpaes_schedule_transform: + .def __vpaes_schedule_mangle; .scl 3; .type 32; .endef + .align 16 + __vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -467,6 +475,7 @@ __vpaes_schedule_mangle: + .align 16 + _vpaes_set_encrypt_key: + .L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -499,6 +508,7 @@ _vpaes_set_encrypt_key: + .align 16 + _vpaes_set_decrypt_key: + .L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -536,6 +546,7 @@ _vpaes_set_decrypt_key: + .align 16 + _vpaes_encrypt: + .L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -564,6 +575,7 @@ _vpaes_encrypt: + .align 16 + _vpaes_decrypt: + .L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -592,6 +604,7 @@ _vpaes_decrypt: + .align 16 + _vpaes_cbc_encrypt: + .L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/aes-ssse3-x86_64.s b/lib/accelerated/x86/coff/aes-ssse3-x86_64.s +index 150c9921d..f3fee5629 100644 +--- a/lib/accelerated/x86/coff/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/aes-ssse3-x86_64.s +@@ -643,6 +643,7 @@ vpaes_set_encrypt_key: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -695,6 +696,7 @@ vpaes_set_decrypt_key: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -752,6 +754,7 @@ vpaes_encrypt: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -799,6 +802,7 @@ vpaes_decrypt: + movq %r8,%rdx + + ++.byte 243,15,30,250 + leaq -184(%rsp),%rsp + movaps %xmm6,16(%rsp) + movaps %xmm7,32(%rsp) +@@ -848,6 +852,7 @@ vpaes_cbc_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc .Lcbc_abort +diff --git a/lib/accelerated/x86/coff/aesni-gcm-x86_64.s b/lib/accelerated/x86/coff/aesni-gcm-x86_64.s +index 7988004cb..5784e4bcf 100644 +--- a/lib/accelerated/x86/coff/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/coff/aesni-gcm-x86_64.s +@@ -42,6 +42,8 @@ + .def _aesni_ctr32_ghash_6x; .scl 3; .type 32; .endef + .p2align 5 + _aesni_ctr32_ghash_6x: ++ ++.byte 243,15,30,250 + vmovdqu 32(%r11),%xmm2 + subq $6,%rdx + vpxor %xmm4,%xmm4,%xmm4 +@@ -350,6 +352,7 @@ _aesni_ctr32_ghash_6x: + + .byte 0xf3,0xc3 + ++ + .globl aesni_gcm_decrypt + .def aesni_gcm_decrypt; .scl 2; .type 32; .endef + .p2align 5 +@@ -366,6 +369,7 @@ aesni_gcm_decrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $0x60,%rdx + jb .Lgcm_dec_abort +@@ -490,6 +494,8 @@ aesni_gcm_decrypt: + .def _aesni_ctr32_6x; .scl 3; .type 32; .endef + .p2align 5 + _aesni_ctr32_6x: ++ ++.byte 243,15,30,250 + vmovdqu 0-128(%rcx),%xmm4 + vmovdqu 32(%r11),%xmm2 + leaq -1(%rbp),%r13 +@@ -578,6 +584,7 @@ _aesni_ctr32_6x: + jmp .Loop_ctr32 + + ++ + .globl aesni_gcm_encrypt + .def aesni_gcm_encrypt; .scl 2; .type 32; .endef + .p2align 5 +@@ -594,6 +601,7 @@ aesni_gcm_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $288,%rdx + jb .Lgcm_enc_abort +diff --git a/lib/accelerated/x86/coff/aesni-x86.s b/lib/accelerated/x86/coff/aesni-x86.s +index c6aa1a1e2..577dc4af2 100644 +--- a/lib/accelerated/x86/coff/aesni-x86.s ++++ b/lib/accelerated/x86/coff/aesni-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _aesni_encrypt: + .L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -69,6 +70,7 @@ _aesni_encrypt: + .align 16 + _aesni_decrypt: + .L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -93,6 +95,7 @@ _aesni_decrypt: + .def __aesni_encrypt2; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -119,6 +122,7 @@ __aesni_encrypt2: + .def __aesni_decrypt2; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -145,6 +149,7 @@ __aesni_decrypt2: + .def __aesni_encrypt3; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -176,6 +181,7 @@ __aesni_encrypt3: + .def __aesni_decrypt3; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -207,6 +213,7 @@ __aesni_decrypt3: + .def __aesni_encrypt4; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -244,6 +251,7 @@ __aesni_encrypt4: + .def __aesni_decrypt4; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -281,6 +289,7 @@ __aesni_decrypt4: + .def __aesni_encrypt6; .scl 3; .type 32; .endef + .align 16 + __aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -334,6 +343,7 @@ __aesni_encrypt6: + .def __aesni_decrypt6; .scl 3; .type 32; .endef + .align 16 + __aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -389,6 +399,7 @@ __aesni_decrypt6: + .align 16 + _aesni_ecb_encrypt: + .L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -623,6 +634,7 @@ _aesni_ecb_encrypt: + .align 16 + _aesni_ccm64_encrypt_blocks: + .L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -710,6 +722,7 @@ _aesni_ccm64_encrypt_blocks: + .align 16 + _aesni_ccm64_decrypt_blocks: + .L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -832,6 +845,7 @@ _aesni_ccm64_decrypt_blocks: + .align 16 + _aesni_ctr32_encrypt_blocks: + .L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1069,6 +1083,7 @@ _aesni_ctr32_encrypt_blocks: + .align 16 + _aesni_xts_encrypt: + .L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1428,6 +1443,7 @@ _aesni_xts_encrypt: + .align 16 + _aesni_xts_decrypt: + .L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1817,6 +1833,7 @@ _aesni_xts_decrypt: + .align 16 + _aesni_ocb_encrypt: + .L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2211,6 +2228,7 @@ _aesni_ocb_encrypt: + .align 16 + _aesni_ocb_decrypt: + .L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2605,6 +2623,7 @@ _aesni_ocb_decrypt: + .align 16 + _aesni_cbc_encrypt: + .L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2863,6 +2882,7 @@ _aesni_cbc_encrypt: + .def __aesni_set_encrypt_key; .scl 3; .type 32; .endef + .align 16 + __aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3197,6 +3217,7 @@ __aesni_set_encrypt_key: + .align 16 + _aesni_set_encrypt_key: + .L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3207,6 +3228,7 @@ _aesni_set_encrypt_key: + .align 16 + _aesni_set_decrypt_key: + .L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +diff --git a/lib/accelerated/x86/coff/aesni-x86_64.s b/lib/accelerated/x86/coff/aesni-x86_64.s +index 4e8de065f..ba2992903 100644 +--- a/lib/accelerated/x86/coff/aesni-x86_64.s ++++ b/lib/accelerated/x86/coff/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .p2align 4 + aesni_encrypt: + ++.byte 243,15,30,250 + movups (%rcx),%xmm2 + movl 240(%r8),%eax + movups (%r8),%xmm0 +@@ -70,6 +71,7 @@ aesni_encrypt: + .p2align 4 + aesni_decrypt: + ++.byte 243,15,30,250 + movups (%rcx),%xmm2 + movl 240(%r8),%eax + movups (%r8),%xmm0 +@@ -567,6 +569,7 @@ aesni_ecb_encrypt: + movq 40(%rsp),%r8 + + ++.byte 243,15,30,250 + leaq -88(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,16(%rsp) +@@ -939,6 +942,8 @@ aesni_ccm64_encrypt_blocks: + movq 40(%rsp),%r8 + movq 48(%rsp),%r9 + ++ ++.byte 243,15,30,250 + leaq -88(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,16(%rsp) +@@ -1015,6 +1020,7 @@ aesni_ccm64_encrypt_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_aesni_ccm64_encrypt_blocks: + .globl aesni_ccm64_decrypt_blocks + .def aesni_ccm64_decrypt_blocks; .scl 2; .type 32; .endef +@@ -1031,6 +1037,8 @@ aesni_ccm64_decrypt_blocks: + movq 40(%rsp),%r8 + movq 48(%rsp),%r9 + ++ ++.byte 243,15,30,250 + leaq -88(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,16(%rsp) +@@ -1141,6 +1149,7 @@ aesni_ccm64_decrypt_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_aesni_ccm64_decrypt_blocks: + .globl aesni_ctr32_encrypt_blocks + .def aesni_ctr32_encrypt_blocks; .scl 2; .type 32; .endef +@@ -1157,6 +1166,7 @@ aesni_ctr32_encrypt_blocks: + movq 40(%rsp),%r8 + + ++.byte 243,15,30,250 + cmpq $1,%rdx + jne .Lctr32_bulk + +@@ -1769,6 +1779,7 @@ aesni_xts_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2273,6 +2284,7 @@ aesni_xts_decrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2814,6 +2826,7 @@ aesni_ocb_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -3046,6 +3059,7 @@ aesni_ocb_encrypt: + .def __ocb_encrypt6; .scl 3; .type 32; .endef + .p2align 5 + __ocb_encrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3145,9 +3159,11 @@ __ocb_encrypt6: + .byte 0xf3,0xc3 + + ++ + .def __ocb_encrypt4; .scl 3; .type 32; .endef + .p2align 5 + __ocb_encrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3214,9 +3230,11 @@ __ocb_encrypt4: + .byte 0xf3,0xc3 + + ++ + .def __ocb_encrypt1; .scl 3; .type 32; .endef + .p2align 5 + __ocb_encrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm2,%xmm8 +@@ -3249,6 +3267,7 @@ __ocb_encrypt1: + .byte 0xf3,0xc3 + + ++ + .globl aesni_ocb_decrypt + .def aesni_ocb_decrypt; .scl 2; .type 32; .endef + .p2align 5 +@@ -3265,6 +3284,7 @@ aesni_ocb_decrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -3519,6 +3539,7 @@ aesni_ocb_decrypt: + .def __ocb_decrypt6; .scl 3; .type 32; .endef + .p2align 5 + __ocb_decrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3612,9 +3633,11 @@ __ocb_decrypt6: + .byte 0xf3,0xc3 + + ++ + .def __ocb_decrypt4; .scl 3; .type 32; .endef + .p2align 5 + __ocb_decrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3677,9 +3700,11 @@ __ocb_decrypt4: + .byte 0xf3,0xc3 + + ++ + .def __ocb_decrypt1; .scl 3; .type 32; .endef + .p2align 5 + __ocb_decrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm7,%xmm2 +@@ -3710,6 +3735,7 @@ __ocb_decrypt1: + .byte 102,15,56,223,215 + .byte 0xf3,0xc3 + ++ + .globl aesni_cbc_encrypt + .def aesni_cbc_encrypt; .scl 2; .type 32; .endef + .p2align 4 +@@ -3726,6 +3752,7 @@ aesni_cbc_encrypt: + movq 48(%rsp),%r9 + + ++.byte 243,15,30,250 + testq %rdx,%rdx + jz .Lcbc_ret + +@@ -4687,7 +4714,6 @@ __aesni_set_encrypt_key: + addq $8,%rsp + + .byte 0xf3,0xc3 +- + .LSEH_end_set_encrypt_key: + + .p2align 4 +@@ -4760,6 +4786,7 @@ __aesni_set_encrypt_key: + .byte 0xf3,0xc3 + + ++ + .p2align 6 + .Lbswap_mask: + .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +diff --git a/lib/accelerated/x86/coff/e_padlock-x86.s b/lib/accelerated/x86/coff/e_padlock-x86.s +index 41f87b117..9e27b9324 100644 +--- a/lib/accelerated/x86/coff/e_padlock-x86.s ++++ b/lib/accelerated/x86/coff/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,13 +37,13 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl _padlock_capability + .def _padlock_capability; .scl 2; .type 32; .endef + .align 16 + _padlock_capability: + .L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -60,11 +60,20 @@ _padlock_capability: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne .L000noluck ++ jne .L001zhaoxin + cmpl $0x48727561,%edx + jne .L000noluck + cmpl $0x736c7561,%ecx + jne .L000noluck ++ jmp .L002zhaoxinEnd ++.L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne .L000noluck ++ cmpl $0x68676e61,%edx ++ jne .L000noluck ++ cmpl $0x20206961,%ecx ++ jne .L000noluck ++.L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -94,38 +103,41 @@ _padlock_capability: + .align 16 + _padlock_key_bswap: + .L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-.L001bswap_loop: ++.L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz .L001bswap_loop ++ jnz .L003bswap_loop + ret + .globl _padlock_verify_context + .def _padlock_verify_context; .scl 2; .type 32; .endef + .align 16 + _padlock_verify_context: + .L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + leal .Lpadlock_saved_context,%eax + pushfl + call __padlock_verify_ctx +-.L002verify_pic_point: ++.L004verify_pic_point: + leal 4(%esp),%esp + ret + .def __padlock_verify_ctx; .scl 3; .type 32; .endef + .align 16 + __padlock_verify_ctx: ++.byte 243,15,30,251 + btl $30,4(%esp) +- jnc .L003verified ++ jnc .L005verified + cmpl (%eax),%edx +- je .L003verified ++ je .L005verified + pushfl + popfl +-.L003verified: ++.L005verified: + movl %edx,(%eax) + ret + .globl _padlock_reload_key +@@ -133,6 +145,7 @@ __padlock_verify_ctx: + .align 16 + _padlock_reload_key: + .L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -141,6 +154,7 @@ _padlock_reload_key: + .align 16 + _padlock_aes_block: + .L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -160,6 +174,7 @@ _padlock_aes_block: + .align 16 + _padlock_ecb_encrypt: + .L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -169,25 +184,25 @@ _padlock_ecb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + testl $15,%ecx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L005ecb_pic_point: ++.L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -206,7 +221,7 @@ _padlock_ecb_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L007ecb_loop ++ ja .L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -217,10 +232,10 @@ _padlock_ecb_encrypt: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L008ecb_unaligned_tail +- jmp .L007ecb_loop ++ jz .L010ecb_unaligned_tail ++ jmp .L009ecb_loop + .align 16 +-.L007ecb_loop: ++.L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -229,13 +244,13 @@ _padlock_ecb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L009ecb_inp_aligned ++ jz .L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L009ecb_inp_aligned: ++.L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -243,23 +258,23 @@ _padlock_ecb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L010ecb_out_aligned ++ jz .L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L010ecb_out_aligned: ++.L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L011ecb_break ++ jz .L013ecb_break + cmpl %ebx,%ecx +- jae .L007ecb_loop +-.L008ecb_unaligned_tail: ++ jae .L009ecb_loop ++.L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -272,24 +287,24 @@ _padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop ++ jmp .L009ecb_loop + .align 16 +-.L011ecb_break: ++.L013ecb_break: + cmpl %ebp,%esp +- je .L012ecb_done ++ je .L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L013ecb_bzero: ++.L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L013ecb_bzero +-.L012ecb_done: ++ ja .L015ecb_bzero ++.L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L014ecb_exit ++ jmp .L016ecb_exit + .align 16 +-.L006ecb_aligned: ++.L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -299,14 +314,14 @@ _padlock_ecb_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L015ecb_aligned_tail ++ jz .L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz .L014ecb_exit +-.L015ecb_aligned_tail: ++ jz .L016ecb_exit ++.L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -323,11 +338,11 @@ _padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop +-.L014ecb_exit: ++ jmp .L009ecb_loop ++.L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L004ecb_abort: ++.L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -338,6 +353,7 @@ _padlock_ecb_encrypt: + .align 16 + _padlock_cbc_encrypt: + .L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -347,25 +363,25 @@ _padlock_cbc_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + testl $15,%ecx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L017cbc_pic_point: ++.L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -384,7 +400,7 @@ _padlock_cbc_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L019cbc_loop ++ ja .L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -395,10 +411,10 @@ _padlock_cbc_encrypt: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L020cbc_unaligned_tail +- jmp .L019cbc_loop ++ jz .L022cbc_unaligned_tail ++ jmp .L021cbc_loop + .align 16 +-.L019cbc_loop: ++.L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -407,13 +423,13 @@ _padlock_cbc_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L021cbc_inp_aligned ++ jz .L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L021cbc_inp_aligned: ++.L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -423,23 +439,23 @@ _padlock_cbc_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L022cbc_out_aligned ++ jz .L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L022cbc_out_aligned: ++.L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L023cbc_break ++ jz .L025cbc_break + cmpl %ebx,%ecx +- jae .L019cbc_loop +-.L020cbc_unaligned_tail: ++ jae .L021cbc_loop ++.L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -452,24 +468,24 @@ _padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop ++ jmp .L021cbc_loop + .align 16 +-.L023cbc_break: ++.L025cbc_break: + cmpl %ebp,%esp +- je .L024cbc_done ++ je .L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L025cbc_bzero: ++.L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L025cbc_bzero +-.L024cbc_done: ++ ja .L027cbc_bzero ++.L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L026cbc_exit ++ jmp .L028cbc_exit + .align 16 +-.L018cbc_aligned: ++.L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -479,7 +495,7 @@ _padlock_cbc_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L027cbc_aligned_tail ++ jz .L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -487,8 +503,8 @@ _padlock_cbc_encrypt: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz .L026cbc_exit +-.L027cbc_aligned_tail: ++ jz .L028cbc_exit ++.L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -505,11 +521,11 @@ _padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop +-.L026cbc_exit: ++ jmp .L021cbc_loop ++.L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L016cbc_abort: ++.L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -520,6 +536,7 @@ _padlock_cbc_encrypt: + .align 16 + _padlock_cfb_encrypt: + .L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -529,25 +546,25 @@ _padlock_cfb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + testl $15,%ecx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L029cfb_pic_point: ++.L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -565,9 +582,9 @@ _padlock_cfb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L031cfb_loop ++ jmp .L033cfb_loop + .align 16 +-.L031cfb_loop: ++.L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -576,13 +593,13 @@ _padlock_cfb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L032cfb_inp_aligned ++ jz .L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L032cfb_inp_aligned: ++.L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -592,45 +609,45 @@ _padlock_cfb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L033cfb_out_aligned ++ jz .L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L033cfb_out_aligned: ++.L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L031cfb_loop ++ jnz .L033cfb_loop + cmpl %ebp,%esp +- je .L034cfb_done ++ je .L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L035cfb_bzero: ++.L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L035cfb_bzero +-.L034cfb_done: ++ ja .L037cfb_bzero ++.L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L036cfb_exit ++ jmp .L038cfb_exit + .align 16 +-.L030cfb_aligned: ++.L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L036cfb_exit: ++.L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L028cfb_abort: ++.L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -641,6 +658,7 @@ _padlock_cfb_encrypt: + .align 16 + _padlock_ofb_encrypt: + .L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -650,25 +668,25 @@ _padlock_ofb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + testl $15,%ecx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L038ofb_pic_point: ++.L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -686,9 +704,9 @@ _padlock_ofb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L040ofb_loop ++ jmp .L042ofb_loop + .align 16 +-.L040ofb_loop: ++.L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -697,13 +715,13 @@ _padlock_ofb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L041ofb_inp_aligned ++ jz .L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L041ofb_inp_aligned: ++.L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -713,45 +731,45 @@ _padlock_ofb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L042ofb_out_aligned ++ jz .L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L042ofb_out_aligned: ++.L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L040ofb_loop ++ jnz .L042ofb_loop + cmpl %ebp,%esp +- je .L043ofb_done ++ je .L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L044ofb_bzero: ++.L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L044ofb_bzero +-.L043ofb_done: ++ ja .L046ofb_bzero ++.L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L045ofb_exit ++ jmp .L047ofb_exit + .align 16 +-.L039ofb_aligned: ++.L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L045ofb_exit: ++.L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L037ofb_abort: ++.L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -762,6 +780,7 @@ _padlock_ofb_encrypt: + .align 16 + _padlock_ctr32_encrypt: + .L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -771,14 +790,14 @@ _padlock_ctr32_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + testl $15,%ecx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + leal .Lpadlock_saved_context,%eax + pushfl + cld + call __padlock_verify_ctx +-.L047ctr32_pic_point: ++.L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -798,9 +817,9 @@ _padlock_ctr32_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L048ctr32_loop ++ jmp .L050ctr32_loop + .align 16 +-.L048ctr32_loop: ++.L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -809,7 +828,7 @@ _padlock_ctr32_encrypt: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-.L049ctr32_prepare: ++.L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -818,7 +837,7 @@ _padlock_ctr32_encrypt: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb .L049ctr32_prepare ++ jb .L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -831,33 +850,33 @@ _padlock_ctr32_encrypt: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-.L050ctr32_xor: ++.L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb .L050ctr32_xor ++ jb .L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L048ctr32_loop ++ jnz .L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L051ctr32_bzero: ++.L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L051ctr32_bzero +-.L052ctr32_done: ++ ja .L053ctr32_bzero ++.L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-.L046ctr32_abort: ++.L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -868,6 +887,7 @@ _padlock_ctr32_encrypt: + .align 16 + _padlock_xstore: + .L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -877,20 +897,22 @@ _padlock_xstore: + .def __win32_segv_handler; .scl 3; .type 32; .endef + .align 16 + __win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne .L053ret ++ jne .L055ret + addl $4,184(%ecx) + movl $0,%eax +-.L053ret: ++.L055ret: + ret + .globl _padlock_sha1_oneshot + .def _padlock_sha1_oneshot; .scl 2; .type 32; .endef + .align 16 + _padlock_sha1_oneshot: + .L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -926,6 +948,7 @@ _padlock_sha1_oneshot: + .align 16 + _padlock_sha1_blocks: + .L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -955,6 +978,7 @@ _padlock_sha1_blocks: + .align 16 + _padlock_sha256_oneshot: + .L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -990,6 +1014,7 @@ _padlock_sha256_oneshot: + .align 16 + _padlock_sha256_blocks: + .L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1019,6 +1044,7 @@ _padlock_sha256_blocks: + .align 16 + _padlock_sha512_blocks: + .L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +diff --git a/lib/accelerated/x86/coff/e_padlock-x86_64.s b/lib/accelerated/x86/coff/e_padlock-x86_64.s +index 7edee19f5..71c9e1aea 100644 +--- a/lib/accelerated/x86/coff/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/coff/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + .def padlock_capability; .scl 2; .type 32; .endef + .p2align 4 + padlock_capability: ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne .Lzhaoxin ++ cmpl $0x48727561,%edx ++ jne .Lnoluck ++ cmpl $0x736c7561,%ecx ++ jne .Lnoluck ++ jmp .LzhaoxinEnd ++.Lzhaoxin: ++ cmpl $0x68532020,%ebx + jne .Lnoluck +- cmpl $1215460705,%edx ++ cmpl $0x68676e61,%edx + jne .Lnoluck +- cmpl $1936487777,%ecx ++ cmpl $0x20206961,%ecx + jne .Lnoluck +- movl $3221225472,%eax ++.LzhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb .Lnoluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + .Lnoluck: + movq %r8,%rbx + .byte 0xf3,0xc3 + + ++ + .globl padlock_key_bswap + .def padlock_key_bswap; .scl 2; .type 32; .endef + .p2align 4 + padlock_key_bswap: ++ ++.byte 243,15,30,250 + movl 240(%rcx),%edx + .Lbswap_loop: + movl (%rcx),%eax +@@ -83,10 +97,13 @@ padlock_key_bswap: + .byte 0xf3,0xc3 + + ++ + .globl padlock_verify_context + .def padlock_verify_context; .scl 2; .type 32; .endef + .p2align 4 + padlock_verify_context: ++ ++.byte 243,15,30,250 + movq %rcx,%rdx + pushf + leaq .Lpadlock_saved_context(%rip),%rax +@@ -95,9 +112,12 @@ padlock_verify_context: + .byte 0xf3,0xc3 + + ++ + .def _padlock_verify_ctx; .scl 3; .type 32; .endef + .p2align 4 + _padlock_verify_ctx: ++ ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc .Lverified +@@ -110,15 +130,19 @@ _padlock_verify_ctx: + .byte 0xf3,0xc3 + + ++ + .globl padlock_reload_key + .def padlock_reload_key; .scl 2; .type 32; .endef + .p2align 4 + padlock_reload_key: ++ ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 + + ++ + .globl padlock_aes_block + .def padlock_aes_block; .scl 2; .type 32; .endef + .p2align 4 +@@ -131,15 +155,18 @@ padlock_aes_block: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_aes_block: + + .globl padlock_xstore +@@ -153,11 +180,14 @@ padlock_xstore: + movq %rcx,%rdi + movq %rdx,%rsi + ++ ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_xstore: + + .globl padlock_sha1_oneshot +@@ -172,6 +202,8 @@ padlock_sha1_oneshot: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -181,7 +213,7 @@ padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -190,6 +222,7 @@ padlock_sha1_oneshot: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha1_oneshot: + + .globl padlock_sha1_blocks +@@ -204,6 +237,8 @@ padlock_sha1_blocks: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -213,7 +248,7 @@ padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -222,6 +257,7 @@ padlock_sha1_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha1_blocks: + + .globl padlock_sha256_oneshot +@@ -236,6 +272,8 @@ padlock_sha256_oneshot: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +283,7 @@ padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -254,6 +292,7 @@ padlock_sha256_oneshot: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha256_oneshot: + + .globl padlock_sha256_blocks +@@ -268,6 +307,8 @@ padlock_sha256_blocks: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -277,7 +318,7 @@ padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -286,6 +327,7 @@ padlock_sha256_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha256_blocks: + + .globl padlock_sha512_blocks +@@ -300,6 +342,8 @@ padlock_sha512_blocks: + movq %rdx,%rsi + movq %r8,%rdx + ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -312,7 +356,7 @@ padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -325,6 +369,7 @@ padlock_sha512_blocks: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_sha512_blocks: + .globl padlock_ecb_encrypt + .def padlock_ecb_encrypt; .scl 2; .type 32; .endef +@@ -339,6 +384,8 @@ padlock_ecb_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -356,9 +403,9 @@ padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lecb_aligned +@@ -382,7 +429,7 @@ padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -398,12 +445,12 @@ padlock_ecb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -411,15 +458,15 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lecb_out_aligned: + movq %r9,%rsi +@@ -440,7 +487,7 @@ padlock_ecb_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -466,7 +513,7 @@ padlock_ecb_encrypt: + .Lecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -477,7 +524,7 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz .Lecb_exit + +@@ -489,7 +536,7 @@ padlock_ecb_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -503,6 +550,7 @@ padlock_ecb_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_ecb_encrypt: + .globl padlock_cbc_encrypt + .def padlock_cbc_encrypt; .scl 2; .type 32; .endef +@@ -517,6 +565,8 @@ padlock_cbc_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -534,9 +584,9 @@ padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcbc_aligned +@@ -560,7 +610,7 @@ padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -576,12 +626,12 @@ padlock_cbc_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -589,17 +639,17 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcbc_out_aligned: + movq %r9,%rsi +@@ -620,7 +670,7 @@ padlock_cbc_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -646,7 +696,7 @@ padlock_cbc_encrypt: + .Lcbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -657,7 +707,7 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -671,7 +721,7 @@ padlock_cbc_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -685,6 +735,7 @@ padlock_cbc_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_cbc_encrypt: + .globl padlock_cfb_encrypt + .def padlock_cfb_encrypt; .scl 2; .type 32; .endef +@@ -699,6 +750,8 @@ padlock_cfb_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -716,9 +769,9 @@ padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcfb_aligned +@@ -745,12 +798,12 @@ padlock_cfb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -758,17 +811,17 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcfb_out_aligned: + movq %r9,%rsi +@@ -798,7 +851,7 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lcfb_exit: +@@ -810,6 +863,7 @@ padlock_cfb_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_cfb_encrypt: + .globl padlock_ofb_encrypt + .def padlock_ofb_encrypt; .scl 2; .type 32; .endef +@@ -824,6 +878,8 @@ padlock_ofb_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -841,9 +897,9 @@ padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lofb_aligned +@@ -870,12 +926,12 @@ padlock_ofb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -883,17 +939,17 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lofb_out_aligned: + movq %r9,%rsi +@@ -923,7 +979,7 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lofb_exit: +@@ -935,6 +991,7 @@ padlock_ofb_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_ofb_encrypt: + .globl padlock_ctr32_encrypt + .def padlock_ctr32_encrypt; .scl 2; .type 32; .endef +@@ -949,6 +1006,8 @@ padlock_ctr32_encrypt: + movq %r8,%rdx + movq %r9,%rcx + ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -966,9 +1025,9 @@ padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lctr32_aligned +@@ -1003,7 +1062,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -1019,12 +1078,12 @@ padlock_ctr32_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -1032,23 +1091,23 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz .Lctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + .Lctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lctr32_out_aligned: + movq %r9,%rsi +@@ -1066,7 +1125,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -1081,7 +1140,7 @@ padlock_ctr32_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -1108,7 +1167,7 @@ padlock_ctr32_encrypt: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1125,11 +1184,11 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1143,7 +1202,7 @@ padlock_ctr32_encrypt: + .Lctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1154,7 +1213,7 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz .Lctr32_exit + +@@ -1166,7 +1225,7 @@ padlock_ctr32_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1180,6 +1239,7 @@ padlock_ctr32_encrypt: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_padlock_ctr32_encrypt: + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .p2align 4 +diff --git a/lib/accelerated/x86/coff/ghash-x86_64.s b/lib/accelerated/x86/coff/ghash-x86_64.s +index de207e400..cfe24252f 100644 +--- a/lib/accelerated/x86/coff/ghash-x86_64.s ++++ b/lib/accelerated/x86/coff/ghash-x86_64.s +@@ -52,6 +52,7 @@ gcm_gmult_4bit: + movq %rdx,%rsi + + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -168,6 +169,7 @@ gcm_ghash_4bit: + movq %r9,%rcx + + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -918,6 +920,7 @@ gcm_init_clmul: + .p2align 4 + gcm_gmult_clmul: + ++.byte 243,15,30,250 + .L_gmult_clmul: + movdqu (%rcx),%xmm0 + movdqa .Lbswap_mask(%rip),%xmm5 +@@ -971,6 +974,7 @@ gcm_gmult_clmul: + .p2align 5 + gcm_ghash_clmul: + ++.byte 243,15,30,250 + .L_ghash_clmul: + leaq -136(%rsp),%rax + .LSEH_begin_gcm_ghash_clmul: +@@ -1498,6 +1502,7 @@ gcm_init_avx: + .p2align 5 + gcm_gmult_avx: + ++.byte 243,15,30,250 + jmp .L_gmult_clmul + + +@@ -1506,6 +1511,7 @@ gcm_gmult_avx: + .p2align 5 + gcm_ghash_avx: + ++.byte 243,15,30,250 + leaq -136(%rsp),%rax + .LSEH_begin_gcm_ghash_avx: + +diff --git a/lib/accelerated/x86/coff/sha1-ssse3-x86.s b/lib/accelerated/x86/coff/sha1-ssse3-x86.s +index 30f9ded21..34b33601e 100644 +--- a/lib/accelerated/x86/coff/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/sha1-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _sha1_block_data_order: + .L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s b/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s +index cdfc88254..79f841f1a 100644 +--- a/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/sha1-ssse3-x86_64.s +@@ -1490,10 +1490,10 @@ _shaext_shortcut: + movaps -8-16(%rax),%xmm9 + movq %rax,%rsp + .Lepilogue_shaext: +- + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_sha1_block_data_order_shaext: + .def sha1_block_data_order_ssse3; .scl 3; .type 32; .endef + .p2align 4 +diff --git a/lib/accelerated/x86/coff/sha256-ssse3-x86.s b/lib/accelerated/x86/coff/sha256-ssse3-x86.s +index 05cd61d1b..8109c6b51 100644 +--- a/lib/accelerated/x86/coff/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/sha256-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _sha256_block_data_order: + .L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s b/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s +index d2fc1957e..78fae2a62 100644 +--- a/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/sha256-ssse3-x86_64.s +@@ -1832,6 +1832,7 @@ sha256_block_data_order_shaext: + movq %r8,%rdx + + _shaext_shortcut: ++ + leaq -88(%rsp),%rsp + movaps %xmm6,-8-80(%rax) + movaps %xmm7,-8-64(%rax) +@@ -2050,6 +2051,7 @@ _shaext_shortcut: + movq 8(%rsp),%rdi + movq 16(%rsp),%rsi + .byte 0xf3,0xc3 ++ + .LSEH_end_sha256_block_data_order_shaext: + .def sha256_block_data_order_ssse3; .scl 3; .type 32; .endef + .p2align 6 +@@ -5501,6 +5503,8 @@ sha256_block_data_order_avx2: + + leaq 448(%rsp),%rsp + ++ ++ + addl 0(%rdi),%eax + addl 4(%rdi),%ebx + addl 8(%rdi),%ecx +@@ -5526,15 +5530,17 @@ sha256_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 88(%rsp),%rsi ++ movq 88(%rbp),%rsi + + vzeroupper +- movaps 64+32(%rsp),%xmm6 +- movaps 64+48(%rsp),%xmm7 +- movaps 64+64(%rsp),%xmm8 +- movaps 64+80(%rsp),%xmm9 ++ movaps 64+32(%rbp),%xmm6 ++ movaps 64+48(%rbp),%xmm7 ++ movaps 64+64(%rbp),%xmm8 ++ movaps 64+80(%rbp),%xmm9 + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 +diff --git a/lib/accelerated/x86/coff/sha512-ssse3-x86.s b/lib/accelerated/x86/coff/sha512-ssse3-x86.s +index 72a7f73d7..321a18541 100644 +--- a/lib/accelerated/x86/coff/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/coff/sha512-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + _sha512_block_data_order: + .L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s b/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s +index 419fa2a98..836e0cf66 100644 +--- a/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/coff/sha512-ssse3-x86_64.s +@@ -5494,6 +5494,8 @@ sha512_block_data_order_avx2: + + leaq 1152(%rsp),%rsp + ++ ++ + addq 0(%rdi),%rax + addq 8(%rdi),%rbx + addq 16(%rdi),%rcx +@@ -5519,17 +5521,19 @@ sha512_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 152(%rsp),%rsi ++ movq 152(%rbp),%rsi + + vzeroupper +- movaps 128+32(%rsp),%xmm6 +- movaps 128+48(%rsp),%xmm7 +- movaps 128+64(%rsp),%xmm8 +- movaps 128+80(%rsp),%xmm9 +- movaps 128+96(%rsp),%xmm10 +- movaps 128+112(%rsp),%xmm11 ++ movaps 128+32(%rbp),%xmm6 ++ movaps 128+48(%rbp),%xmm7 ++ movaps 128+64(%rbp),%xmm8 ++ movaps 128+80(%rbp),%xmm9 ++ movaps 128+96(%rbp),%xmm10 ++ movaps 128+112(%rbp),%xmm11 + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 +diff --git a/lib/accelerated/x86/elf/aes-ssse3-x86.s b/lib/accelerated/x86/elf/aes-ssse3-x86.s +index 265e28a7e..7be53059f 100644 +--- a/lib/accelerated/x86/elf/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/aes-ssse3-x86.s +@@ -71,6 +71,7 @@ + .type _vpaes_preheat,@function + .align 16 + _vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 +@@ -79,6 +80,7 @@ _vpaes_preheat: + .type _vpaes_encrypt_core,@function + .align 16 + _vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -156,6 +158,7 @@ _vpaes_encrypt_core: + .type _vpaes_decrypt_core,@function + .align 16 + _vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -244,6 +247,7 @@ _vpaes_decrypt_core: + .type _vpaes_schedule_core,@function + .align 16 + _vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -338,6 +342,7 @@ _vpaes_schedule_core: + .type _vpaes_schedule_192_smear,@function + .align 16 + _vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -350,6 +355,7 @@ _vpaes_schedule_192_smear: + .type _vpaes_schedule_round,@function + .align 16 + _vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -399,6 +405,7 @@ _vpaes_schedule_round: + .type _vpaes_schedule_transform,@function + .align 16 + _vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -414,6 +421,7 @@ _vpaes_schedule_transform: + .type _vpaes_schedule_mangle,@function + .align 16 + _vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -475,6 +483,7 @@ _vpaes_schedule_mangle: + .align 16 + vpaes_set_encrypt_key: + .L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -508,6 +517,7 @@ vpaes_set_encrypt_key: + .align 16 + vpaes_set_decrypt_key: + .L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -546,6 +556,7 @@ vpaes_set_decrypt_key: + .align 16 + vpaes_encrypt: + .L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -575,6 +586,7 @@ vpaes_encrypt: + .align 16 + vpaes_decrypt: + .L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -604,6 +616,7 @@ vpaes_decrypt: + .align 16 + vpaes_cbc_encrypt: + .L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -671,4 +684,21 @@ vpaes_cbc_encrypt: + ret + .size vpaes_cbc_encrypt,.-.L_vpaes_cbc_encrypt_begin + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aes-ssse3-x86_64.s b/lib/accelerated/x86/elf/aes-ssse3-x86_64.s +index ea1216baf..5a3f336f2 100644 +--- a/lib/accelerated/x86/elf/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/aes-ssse3-x86_64.s +@@ -635,6 +635,7 @@ _vpaes_schedule_mangle: + .align 16 + vpaes_set_encrypt_key: + .cfi_startproc ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -653,6 +654,7 @@ vpaes_set_encrypt_key: + .align 16 + vpaes_set_decrypt_key: + .cfi_startproc ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -676,6 +678,7 @@ vpaes_set_decrypt_key: + .align 16 + vpaes_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_encrypt_core +@@ -689,6 +692,7 @@ vpaes_encrypt: + .align 16 + vpaes_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_decrypt_core +@@ -701,6 +705,7 @@ vpaes_decrypt: + .align 16 + vpaes_cbc_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc .Lcbc_abort +@@ -863,5 +868,26 @@ _vpaes_consts: + .byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 + .align 64 + .size _vpaes_consts,.-_vpaes_consts ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-gcm-x86_64.s b/lib/accelerated/x86/elf/aesni-gcm-x86_64.s +index e26d18d69..1a11222e7 100644 +--- a/lib/accelerated/x86/elf/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/elf/aesni-gcm-x86_64.s +@@ -42,6 +42,8 @@ + .type _aesni_ctr32_ghash_6x,@function + .align 32 + _aesni_ctr32_ghash_6x: ++.cfi_startproc ++.byte 243,15,30,250 + vmovdqu 32(%r11),%xmm2 + subq $6,%rdx + vpxor %xmm4,%xmm4,%xmm4 +@@ -349,12 +351,14 @@ _aesni_ctr32_ghash_6x: + vpxor %xmm4,%xmm8,%xmm8 + + .byte 0xf3,0xc3 ++.cfi_endproc + .size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x + .globl aesni_gcm_decrypt + .type aesni_gcm_decrypt,@function + .align 32 + aesni_gcm_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $0x60,%rdx + jb .Lgcm_dec_abort +@@ -455,6 +459,8 @@ aesni_gcm_decrypt: + .type _aesni_ctr32_6x,@function + .align 32 + _aesni_ctr32_6x: ++.cfi_startproc ++.byte 243,15,30,250 + vmovdqu 0-128(%rcx),%xmm4 + vmovdqu 32(%r11),%xmm2 + leaq -1(%rbp),%r13 +@@ -541,6 +547,7 @@ _aesni_ctr32_6x: + vpshufb %xmm0,%xmm1,%xmm1 + vpxor %xmm4,%xmm14,%xmm14 + jmp .Loop_ctr32 ++.cfi_endproc + .size _aesni_ctr32_6x,.-_aesni_ctr32_6x + + .globl aesni_gcm_encrypt +@@ -548,6 +555,7 @@ _aesni_ctr32_6x: + .align 32 + aesni_gcm_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $288,%rdx + jb .Lgcm_enc_abort +@@ -822,5 +830,26 @@ aesni_gcm_encrypt: + .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + .byte 65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-x86.s b/lib/accelerated/x86/elf/aesni-x86.s +index 6e4860209..f41d5f9ef 100644 +--- a/lib/accelerated/x86/elf/aesni-x86.s ++++ b/lib/accelerated/x86/elf/aesni-x86.s +@@ -43,6 +43,7 @@ + .align 16 + aesni_encrypt: + .L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -70,6 +71,7 @@ aesni_encrypt: + .align 16 + aesni_decrypt: + .L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -95,6 +97,7 @@ aesni_decrypt: + .type _aesni_encrypt2,@function + .align 16 + _aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -122,6 +125,7 @@ _aesni_encrypt2: + .type _aesni_decrypt2,@function + .align 16 + _aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -149,6 +153,7 @@ _aesni_decrypt2: + .type _aesni_encrypt3,@function + .align 16 + _aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -181,6 +186,7 @@ _aesni_encrypt3: + .type _aesni_decrypt3,@function + .align 16 + _aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -213,6 +219,7 @@ _aesni_decrypt3: + .type _aesni_encrypt4,@function + .align 16 + _aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -251,6 +258,7 @@ _aesni_encrypt4: + .type _aesni_decrypt4,@function + .align 16 + _aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -289,6 +297,7 @@ _aesni_decrypt4: + .type _aesni_encrypt6,@function + .align 16 + _aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -343,6 +352,7 @@ _aesni_encrypt6: + .type _aesni_decrypt6,@function + .align 16 + _aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -399,6 +409,7 @@ _aesni_decrypt6: + .align 16 + aesni_ecb_encrypt: + .L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -634,6 +645,7 @@ aesni_ecb_encrypt: + .align 16 + aesni_ccm64_encrypt_blocks: + .L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -722,6 +734,7 @@ aesni_ccm64_encrypt_blocks: + .align 16 + aesni_ccm64_decrypt_blocks: + .L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -845,6 +858,7 @@ aesni_ccm64_decrypt_blocks: + .align 16 + aesni_ctr32_encrypt_blocks: + .L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1083,6 +1097,7 @@ aesni_ctr32_encrypt_blocks: + .align 16 + aesni_xts_encrypt: + .L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1443,6 +1458,7 @@ aesni_xts_encrypt: + .align 16 + aesni_xts_decrypt: + .L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1833,6 +1849,7 @@ aesni_xts_decrypt: + .align 16 + aesni_ocb_encrypt: + .L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2228,6 +2245,7 @@ aesni_ocb_encrypt: + .align 16 + aesni_ocb_decrypt: + .L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2623,6 +2641,7 @@ aesni_ocb_decrypt: + .align 16 + aesni_cbc_encrypt: + .L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2882,6 +2901,7 @@ aesni_cbc_encrypt: + .type _aesni_set_encrypt_key,@function + .align 16 + _aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3217,6 +3237,7 @@ _aesni_set_encrypt_key: + .align 16 + aesni_set_encrypt_key: + .L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3228,6 +3249,7 @@ aesni_set_encrypt_key: + .align 16 + aesni_set_decrypt_key: + .L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3275,4 +3297,21 @@ aesni_set_decrypt_key: + .byte 115,108,46,111,114,103,62,0 + .comm _gnutls_x86_cpuid_s,16,4 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/aesni-x86_64.s b/lib/accelerated/x86/elf/aesni-x86_64.s +index 43cf4e68d..e3f9d5a99 100644 +--- a/lib/accelerated/x86/elf/aesni-x86_64.s ++++ b/lib/accelerated/x86/elf/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .align 16 + aesni_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -70,6 +71,7 @@ aesni_encrypt: + .align 16 + aesni_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -557,6 +559,7 @@ _aesni_decrypt8: + .align 16 + aesni_ecb_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + andq $-16,%rdx + jz .Lecb_ret + +@@ -900,6 +903,8 @@ aesni_ecb_encrypt: + .type aesni_ccm64_encrypt_blocks,@function + .align 16 + aesni_ccm64_encrypt_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movdqu (%r8),%xmm6 + movdqa .Lincrement64(%rip),%xmm9 +@@ -958,11 +963,14 @@ aesni_ccm64_encrypt_blocks: + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 ++.cfi_endproc + .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks + .globl aesni_ccm64_decrypt_blocks + .type aesni_ccm64_decrypt_blocks,@function + .align 16 + aesni_ccm64_decrypt_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movups (%r8),%xmm6 + movdqu (%r9),%xmm3 +@@ -1055,12 +1063,14 @@ aesni_ccm64_decrypt_blocks: + pxor %xmm8,%xmm8 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 ++.cfi_endproc + .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks + .globl aesni_ctr32_encrypt_blocks + .type aesni_ctr32_encrypt_blocks,@function + .align 16 + aesni_ctr32_encrypt_blocks: + .cfi_startproc ++.byte 243,15,30,250 + cmpq $1,%rdx + jne .Lctr32_bulk + +@@ -1639,6 +1649,7 @@ aesni_ctr32_encrypt_blocks: + .align 16 + aesni_xts_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%r11 + .cfi_def_cfa_register %r11 + pushq %rbp +@@ -2109,6 +2120,7 @@ aesni_xts_encrypt: + .align 16 + aesni_xts_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%r11 + .cfi_def_cfa_register %r11 + pushq %rbp +@@ -2616,6 +2628,7 @@ aesni_xts_decrypt: + .align 32 + aesni_ocb_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + .cfi_adjust_cfa_offset 8 +@@ -2829,6 +2842,7 @@ aesni_ocb_encrypt: + .type __ocb_encrypt6,@function + .align 32 + __ocb_encrypt6: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2926,11 +2940,13 @@ __ocb_encrypt6: + .byte 102,65,15,56,221,246 + .byte 102,65,15,56,221,255 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_encrypt6,.-__ocb_encrypt6 + + .type __ocb_encrypt4,@function + .align 32 + __ocb_encrypt4: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2995,11 +3011,13 @@ __ocb_encrypt4: + .byte 102,65,15,56,221,228 + .byte 102,65,15,56,221,237 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_encrypt4,.-__ocb_encrypt4 + + .type __ocb_encrypt1,@function + .align 32 + __ocb_encrypt1: ++.cfi_startproc + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm2,%xmm8 +@@ -3030,6 +3048,7 @@ __ocb_encrypt1: + + .byte 102,15,56,221,215 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_encrypt1,.-__ocb_encrypt1 + + .globl aesni_ocb_decrypt +@@ -3037,6 +3056,7 @@ __ocb_encrypt1: + .align 32 + aesni_ocb_decrypt: + .cfi_startproc ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + .cfi_adjust_cfa_offset 8 +@@ -3272,6 +3292,7 @@ aesni_ocb_decrypt: + .type __ocb_decrypt6,@function + .align 32 + __ocb_decrypt6: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3363,11 +3384,13 @@ __ocb_decrypt6: + .byte 102,65,15,56,223,246 + .byte 102,65,15,56,223,255 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_decrypt6,.-__ocb_decrypt6 + + .type __ocb_decrypt4,@function + .align 32 + __ocb_decrypt4: ++.cfi_startproc + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3428,11 +3451,13 @@ __ocb_decrypt4: + .byte 102,65,15,56,223,228 + .byte 102,65,15,56,223,237 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_decrypt4,.-__ocb_decrypt4 + + .type __ocb_decrypt1,@function + .align 32 + __ocb_decrypt1: ++.cfi_startproc + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm7,%xmm2 +@@ -3462,12 +3487,14 @@ __ocb_decrypt1: + + .byte 102,15,56,223,215 + .byte 0xf3,0xc3 ++.cfi_endproc + .size __ocb_decrypt1,.-__ocb_decrypt1 + .globl aesni_cbc_encrypt + .type aesni_cbc_encrypt,@function + .align 16 + aesni_cbc_encrypt: + .cfi_startproc ++.byte 243,15,30,250 + testq %rdx,%rdx + jz .Lcbc_ret + +@@ -4400,7 +4427,6 @@ __aesni_set_encrypt_key: + addq $8,%rsp + .cfi_adjust_cfa_offset -8 + .byte 0xf3,0xc3 +-.cfi_endproc + .LSEH_end_set_encrypt_key: + + .align 16 +@@ -4471,6 +4497,7 @@ __aesni_set_encrypt_key: + shufps $170,%xmm1,%xmm1 + xorps %xmm1,%xmm2 + .byte 0xf3,0xc3 ++.cfi_endproc + .size aesni_set_encrypt_key,.-aesni_set_encrypt_key + .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key + .align 64 +@@ -4495,5 +4522,26 @@ __aesni_set_encrypt_key: + + .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/e_padlock-x86.s b/lib/accelerated/x86/elf/e_padlock-x86.s +index ed8681ee4..dd56518f6 100644 +--- a/lib/accelerated/x86/elf/e_padlock-x86.s ++++ b/lib/accelerated/x86/elf/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,13 +37,13 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl padlock_capability + .type padlock_capability,@function + .align 16 + padlock_capability: + .L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -60,11 +60,20 @@ padlock_capability: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne .L000noluck ++ jne .L001zhaoxin + cmpl $0x48727561,%edx + jne .L000noluck + cmpl $0x736c7561,%ecx + jne .L000noluck ++ jmp .L002zhaoxinEnd ++.L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne .L000noluck ++ cmpl $0x68676e61,%edx ++ jne .L000noluck ++ cmpl $0x20206961,%ecx ++ jne .L000noluck ++.L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -95,15 +104,16 @@ padlock_capability: + .align 16 + padlock_key_bswap: + .L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-.L001bswap_loop: ++.L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz .L001bswap_loop ++ jnz .L003bswap_loop + ret + .size padlock_key_bswap,.-.L_padlock_key_bswap_begin + .globl padlock_verify_context +@@ -111,25 +121,27 @@ padlock_key_bswap: + .align 16 + padlock_verify_context: + .L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx +- leal .Lpadlock_saved_context-.L002verify_pic_point,%eax ++ leal .Lpadlock_saved_context-.L004verify_pic_point,%eax + pushfl + call _padlock_verify_ctx +-.L002verify_pic_point: ++.L004verify_pic_point: + leal 4(%esp),%esp + ret + .size padlock_verify_context,.-.L_padlock_verify_context_begin + .type _padlock_verify_ctx,@function + .align 16 + _padlock_verify_ctx: ++.byte 243,15,30,251 + addl (%esp),%eax + btl $30,4(%esp) +- jnc .L003verified ++ jnc .L005verified + cmpl (%eax),%edx +- je .L003verified ++ je .L005verified + pushfl + popfl +-.L003verified: ++.L005verified: + movl %edx,(%eax) + ret + .size _padlock_verify_ctx,.-_padlock_verify_ctx +@@ -138,6 +150,7 @@ _padlock_verify_ctx: + .align 16 + padlock_reload_key: + .L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -147,6 +160,7 @@ padlock_reload_key: + .align 16 + padlock_aes_block: + .L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -167,6 +181,7 @@ padlock_aes_block: + .align 16 + padlock_ecb_encrypt: + .L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -176,25 +191,25 @@ padlock_ecb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L004ecb_abort ++ jnz .L006ecb_abort + testl $15,%ecx +- jnz .L004ecb_abort +- leal .Lpadlock_saved_context-.L005ecb_pic_point,%eax ++ jnz .L006ecb_abort ++ leal .Lpadlock_saved_context-.L007ecb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L005ecb_pic_point: ++.L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L006ecb_aligned ++ jnz .L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -213,7 +228,7 @@ padlock_ecb_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L007ecb_loop ++ ja .L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -224,10 +239,10 @@ padlock_ecb_encrypt: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L008ecb_unaligned_tail +- jmp .L007ecb_loop ++ jz .L010ecb_unaligned_tail ++ jmp .L009ecb_loop + .align 16 +-.L007ecb_loop: ++.L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -236,13 +251,13 @@ padlock_ecb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L009ecb_inp_aligned ++ jz .L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L009ecb_inp_aligned: ++.L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -250,23 +265,23 @@ padlock_ecb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L010ecb_out_aligned ++ jz .L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L010ecb_out_aligned: ++.L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L011ecb_break ++ jz .L013ecb_break + cmpl %ebx,%ecx +- jae .L007ecb_loop +-.L008ecb_unaligned_tail: ++ jae .L009ecb_loop ++.L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -279,24 +294,24 @@ padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop ++ jmp .L009ecb_loop + .align 16 +-.L011ecb_break: ++.L013ecb_break: + cmpl %ebp,%esp +- je .L012ecb_done ++ je .L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L013ecb_bzero: ++.L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L013ecb_bzero +-.L012ecb_done: ++ ja .L015ecb_bzero ++.L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L014ecb_exit ++ jmp .L016ecb_exit + .align 16 +-.L006ecb_aligned: ++.L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -306,14 +321,14 @@ padlock_ecb_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L015ecb_aligned_tail ++ jz .L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz .L014ecb_exit +-.L015ecb_aligned_tail: ++ jz .L016ecb_exit ++.L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -330,11 +345,11 @@ padlock_ecb_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L007ecb_loop +-.L014ecb_exit: ++ jmp .L009ecb_loop ++.L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L004ecb_abort: ++.L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -346,6 +361,7 @@ padlock_ecb_encrypt: + .align 16 + padlock_cbc_encrypt: + .L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -355,25 +371,25 @@ padlock_cbc_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L016cbc_abort ++ jnz .L018cbc_abort + testl $15,%ecx +- jnz .L016cbc_abort +- leal .Lpadlock_saved_context-.L017cbc_pic_point,%eax ++ jnz .L018cbc_abort ++ leal .Lpadlock_saved_context-.L019cbc_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L017cbc_pic_point: ++.L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L018cbc_aligned ++ jnz .L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -392,7 +408,7 @@ padlock_cbc_encrypt: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja .L019cbc_loop ++ ja .L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -403,10 +419,10 @@ padlock_cbc_encrypt: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz .L020cbc_unaligned_tail +- jmp .L019cbc_loop ++ jz .L022cbc_unaligned_tail ++ jmp .L021cbc_loop + .align 16 +-.L019cbc_loop: ++.L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -415,13 +431,13 @@ padlock_cbc_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L021cbc_inp_aligned ++ jz .L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L021cbc_inp_aligned: ++.L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -431,23 +447,23 @@ padlock_cbc_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L022cbc_out_aligned ++ jz .L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L022cbc_out_aligned: ++.L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz .L023cbc_break ++ jz .L025cbc_break + cmpl %ebx,%ecx +- jae .L019cbc_loop +-.L020cbc_unaligned_tail: ++ jae .L021cbc_loop ++.L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -460,24 +476,24 @@ padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop ++ jmp .L021cbc_loop + .align 16 +-.L023cbc_break: ++.L025cbc_break: + cmpl %ebp,%esp +- je .L024cbc_done ++ je .L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L025cbc_bzero: ++.L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L025cbc_bzero +-.L024cbc_done: ++ ja .L027cbc_bzero ++.L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L026cbc_exit ++ jmp .L028cbc_exit + .align 16 +-.L018cbc_aligned: ++.L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -487,7 +503,7 @@ padlock_cbc_encrypt: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz .L027cbc_aligned_tail ++ jz .L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -495,8 +511,8 @@ padlock_cbc_encrypt: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz .L026cbc_exit +-.L027cbc_aligned_tail: ++ jz .L028cbc_exit ++.L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -513,11 +529,11 @@ padlock_cbc_encrypt: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp .L019cbc_loop +-.L026cbc_exit: ++ jmp .L021cbc_loop ++.L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L016cbc_abort: ++.L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -529,6 +545,7 @@ padlock_cbc_encrypt: + .align 16 + padlock_cfb_encrypt: + .L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -538,25 +555,25 @@ padlock_cfb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L028cfb_abort ++ jnz .L030cfb_abort + testl $15,%ecx +- jnz .L028cfb_abort +- leal .Lpadlock_saved_context-.L029cfb_pic_point,%eax ++ jnz .L030cfb_abort ++ leal .Lpadlock_saved_context-.L031cfb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L029cfb_pic_point: ++.L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L030cfb_aligned ++ jnz .L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -574,9 +591,9 @@ padlock_cfb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L031cfb_loop ++ jmp .L033cfb_loop + .align 16 +-.L031cfb_loop: ++.L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -585,13 +602,13 @@ padlock_cfb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L032cfb_inp_aligned ++ jz .L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L032cfb_inp_aligned: ++.L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -601,45 +618,45 @@ padlock_cfb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L033cfb_out_aligned ++ jz .L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L033cfb_out_aligned: ++.L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L031cfb_loop ++ jnz .L033cfb_loop + cmpl %ebp,%esp +- je .L034cfb_done ++ je .L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L035cfb_bzero: ++.L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L035cfb_bzero +-.L034cfb_done: ++ ja .L037cfb_bzero ++.L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L036cfb_exit ++ jmp .L038cfb_exit + .align 16 +-.L030cfb_aligned: ++.L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L036cfb_exit: ++.L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L028cfb_abort: ++.L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -651,6 +668,7 @@ padlock_cfb_encrypt: + .align 16 + padlock_ofb_encrypt: + .L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -660,25 +678,25 @@ padlock_ofb_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L037ofb_abort ++ jnz .L039ofb_abort + testl $15,%ecx +- jnz .L037ofb_abort +- leal .Lpadlock_saved_context-.L038ofb_pic_point,%eax ++ jnz .L039ofb_abort ++ leal .Lpadlock_saved_context-.L040ofb_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L038ofb_pic_point: ++.L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz .L039ofb_aligned ++ jnz .L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -696,9 +714,9 @@ padlock_ofb_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L040ofb_loop ++ jmp .L042ofb_loop + .align 16 +-.L040ofb_loop: ++.L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -707,13 +725,13 @@ padlock_ofb_encrypt: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz .L041ofb_inp_aligned ++ jz .L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-.L041ofb_inp_aligned: ++.L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -723,45 +741,45 @@ padlock_ofb_encrypt: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz .L042ofb_out_aligned ++ jz .L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-.L042ofb_out_aligned: ++.L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L040ofb_loop ++ jnz .L042ofb_loop + cmpl %ebp,%esp +- je .L043ofb_done ++ je .L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L044ofb_bzero: ++.L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L044ofb_bzero +-.L043ofb_done: ++ ja .L046ofb_bzero ++.L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp .L045ofb_exit ++ jmp .L047ofb_exit + .align 16 +-.L039ofb_aligned: ++.L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-.L045ofb_exit: ++.L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-.L037ofb_abort: ++.L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -773,6 +791,7 @@ padlock_ofb_encrypt: + .align 16 + padlock_ctr32_encrypt: + .L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -782,14 +801,14 @@ padlock_ctr32_encrypt: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz .L046ctr32_abort ++ jnz .L048ctr32_abort + testl $15,%ecx +- jnz .L046ctr32_abort +- leal .Lpadlock_saved_context-.L047ctr32_pic_point,%eax ++ jnz .L048ctr32_abort ++ leal .Lpadlock_saved_context-.L049ctr32_pic_point,%eax + pushfl + cld + call _padlock_verify_ctx +-.L047ctr32_pic_point: ++.L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -809,9 +828,9 @@ padlock_ctr32_encrypt: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp .L048ctr32_loop ++ jmp .L050ctr32_loop + .align 16 +-.L048ctr32_loop: ++.L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -820,7 +839,7 @@ padlock_ctr32_encrypt: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-.L049ctr32_prepare: ++.L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -829,7 +848,7 @@ padlock_ctr32_encrypt: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb .L049ctr32_prepare ++ jb .L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -842,33 +861,33 @@ padlock_ctr32_encrypt: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-.L050ctr32_xor: ++.L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb .L050ctr32_xor ++ jb .L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz .L048ctr32_loop ++ jnz .L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-.L051ctr32_bzero: ++.L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja .L051ctr32_bzero +-.L052ctr32_done: ++ ja .L053ctr32_bzero ++.L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-.L046ctr32_abort: ++.L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -880,6 +899,7 @@ padlock_ctr32_encrypt: + .align 16 + padlock_xstore: + .L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -890,14 +910,15 @@ padlock_xstore: + .type _win32_segv_handler,@function + .align 16 + _win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne .L053ret ++ jne .L055ret + addl $4,184(%ecx) + movl $0,%eax +-.L053ret: ++.L055ret: + ret + .size _win32_segv_handler,.-_win32_segv_handler + .globl padlock_sha1_oneshot +@@ -905,6 +926,7 @@ _win32_segv_handler: + .align 16 + padlock_sha1_oneshot: + .L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -936,6 +958,7 @@ padlock_sha1_oneshot: + .align 16 + padlock_sha1_blocks: + .L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -966,6 +989,7 @@ padlock_sha1_blocks: + .align 16 + padlock_sha256_oneshot: + .L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -997,6 +1021,7 @@ padlock_sha256_oneshot: + .align 16 + padlock_sha256_blocks: + .L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1027,6 +1052,7 @@ padlock_sha256_blocks: + .align 16 + padlock_sha512_blocks: + .L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -1069,7 +1095,21 @@ padlock_sha512_blocks: + .Lpadlock_saved_context: + .long 0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: + + .section .note.GNU-stack,"",%progbits +- +- +diff --git a/lib/accelerated/x86/elf/e_padlock-x86_64.s b/lib/accelerated/x86/elf/e_padlock-x86_64.s +index c161f0a73..f92da756c 100644 +--- a/lib/accelerated/x86/elf/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/elf/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + .type padlock_capability,@function + .align 16 + padlock_capability: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne .Lzhaoxin ++ cmpl $0x48727561,%edx + jne .Lnoluck +- cmpl $1215460705,%edx ++ cmpl $0x736c7561,%ecx + jne .Lnoluck +- cmpl $1936487777,%ecx ++ jmp .LzhaoxinEnd ++.Lzhaoxin: ++ cmpl $0x68532020,%ebx + jne .Lnoluck +- movl $3221225472,%eax ++ cmpl $0x68676e61,%edx ++ jne .Lnoluck ++ cmpl $0x20206961,%ecx ++ jne .Lnoluck ++.LzhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb .Lnoluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + .Lnoluck: + movq %r8,%rbx + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_capability,.-padlock_capability + + .globl padlock_key_bswap + .type padlock_key_bswap,@function + .align 16 + padlock_key_bswap: ++.cfi_startproc ++.byte 243,15,30,250 + movl 240(%rdi),%edx + .Lbswap_loop: + movl (%rdi),%eax +@@ -81,23 +95,29 @@ padlock_key_bswap: + subl $1,%edx + jnz .Lbswap_loop + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_key_bswap,.-padlock_key_bswap + + .globl padlock_verify_context + .type padlock_verify_context,@function + .align 16 + padlock_verify_context: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdi,%rdx + pushf + leaq .Lpadlock_saved_context(%rip),%rax + call _padlock_verify_ctx + leaq 8(%rsp),%rsp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_verify_context,.-padlock_verify_context + + .type _padlock_verify_ctx,@function + .align 16 + _padlock_verify_ctx: ++.cfi_startproc ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc .Lverified +@@ -108,43 +128,55 @@ _padlock_verify_ctx: + .Lverified: + movq %rdx,(%rax) + .byte 0xf3,0xc3 ++.cfi_endproc + .size _padlock_verify_ctx,.-_padlock_verify_ctx + + .globl padlock_reload_key + .type padlock_reload_key,@function + .align 16 + padlock_reload_key: ++.cfi_startproc ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_reload_key,.-padlock_reload_key + + .globl padlock_aes_block + .type padlock_aes_block,@function + .align 16 + padlock_aes_block: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_aes_block,.-padlock_aes_block + + .globl padlock_xstore + .type padlock_xstore,@function + .align 16 + padlock_xstore: ++.cfi_startproc ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_xstore,.-padlock_xstore + + .globl padlock_sha1_oneshot + .type padlock_sha1_oneshot,@function + .align 16 + padlock_sha1_oneshot: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -154,19 +186,22 @@ padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp + movups %xmm0,(%rdx) + movl %eax,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha1_oneshot,.-padlock_sha1_oneshot + + .globl padlock_sha1_blocks + .type padlock_sha1_blocks,@function + .align 16 + padlock_sha1_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -176,19 +211,22 @@ padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp + movups %xmm0,(%rdx) + movl %eax,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha1_blocks,.-padlock_sha1_blocks + + .globl padlock_sha256_oneshot + .type padlock_sha256_oneshot,@function + .align 16 + padlock_sha256_oneshot: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -198,19 +236,22 @@ padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp + movups %xmm0,(%rdx) + movups %xmm1,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha256_oneshot,.-padlock_sha256_oneshot + + .globl padlock_sha256_blocks + .type padlock_sha256_blocks,@function + .align 16 + padlock_sha256_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -220,19 +261,22 @@ padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp + movups %xmm0,(%rdx) + movups %xmm1,16(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha256_blocks,.-padlock_sha256_blocks + + .globl padlock_sha512_blocks + .type padlock_sha512_blocks,@function + .align 16 + padlock_sha512_blocks: ++.cfi_startproc ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +289,7 @@ padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -256,11 +300,14 @@ padlock_sha512_blocks: + movups %xmm2,32(%rdx) + movups %xmm3,48(%rdx) + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_sha512_blocks,.-padlock_sha512_blocks + .globl padlock_ecb_encrypt + .type padlock_ecb_encrypt,@function + .align 16 + padlock_ecb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -278,9 +325,9 @@ padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lecb_aligned +@@ -304,7 +351,7 @@ padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -320,12 +367,12 @@ padlock_ecb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -333,15 +380,15 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lecb_out_aligned: + movq %r9,%rsi +@@ -362,7 +409,7 @@ padlock_ecb_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -388,7 +435,7 @@ padlock_ecb_encrypt: + .Lecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -399,7 +446,7 @@ padlock_ecb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz .Lecb_exit + +@@ -411,7 +458,7 @@ padlock_ecb_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -423,11 +470,14 @@ padlock_ecb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ecb_encrypt,.-padlock_ecb_encrypt + .globl padlock_cbc_encrypt + .type padlock_cbc_encrypt,@function + .align 16 + padlock_cbc_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -445,9 +495,9 @@ padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcbc_aligned +@@ -471,7 +521,7 @@ padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -487,12 +537,12 @@ padlock_cbc_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -500,17 +550,17 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcbc_out_aligned: + movq %r9,%rsi +@@ -531,7 +581,7 @@ padlock_cbc_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -557,7 +607,7 @@ padlock_cbc_encrypt: + .Lcbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -568,7 +618,7 @@ padlock_cbc_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -582,7 +632,7 @@ padlock_cbc_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -594,11 +644,14 @@ padlock_cbc_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_cbc_encrypt,.-padlock_cbc_encrypt + .globl padlock_cfb_encrypt + .type padlock_cfb_encrypt,@function + .align 16 + padlock_cfb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -616,9 +669,9 @@ padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lcfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lcfb_aligned +@@ -645,12 +698,12 @@ padlock_cfb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lcfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -658,17 +711,17 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lcfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lcfb_out_aligned: + movq %r9,%rsi +@@ -698,7 +751,7 @@ padlock_cfb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lcfb_exit: +@@ -708,11 +761,14 @@ padlock_cfb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_cfb_encrypt,.-padlock_cfb_encrypt + .globl padlock_ofb_encrypt + .type padlock_ofb_encrypt,@function + .align 16 + padlock_ofb_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -730,9 +786,9 @@ padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lofb_aligned +@@ -759,12 +815,12 @@ padlock_ofb_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -772,17 +828,17 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lofb_out_aligned: + movq %r9,%rsi +@@ -812,7 +868,7 @@ padlock_ofb_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + .Lofb_exit: +@@ -822,11 +878,14 @@ padlock_ofb_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ofb_encrypt,.-padlock_ofb_encrypt + .globl padlock_ctr32_encrypt + .type padlock_ctr32_encrypt,@function + .align 16 + padlock_ctr32_encrypt: ++.cfi_startproc ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -844,9 +903,9 @@ padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz .Lctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz .Lctr32_aligned +@@ -881,7 +940,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -897,12 +956,12 @@ padlock_ctr32_encrypt: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz .Lctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -910,23 +969,23 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz .Lctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + .Lctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz .Lctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + .Lctr32_out_aligned: + movq %r9,%rsi +@@ -944,7 +1003,7 @@ padlock_ctr32_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -959,7 +1018,7 @@ padlock_ctr32_encrypt: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -986,7 +1045,7 @@ padlock_ctr32_encrypt: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1003,11 +1062,11 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1021,7 +1080,7 @@ padlock_ctr32_encrypt: + .Lctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1032,7 +1091,7 @@ padlock_ctr32_encrypt: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz .Lctr32_exit + +@@ -1044,7 +1103,7 @@ padlock_ctr32_encrypt: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1056,6 +1115,7 @@ padlock_ctr32_encrypt: + popq %rbx + popq %rbp + .byte 0xf3,0xc3 ++.cfi_endproc + .size padlock_ctr32_encrypt,.-padlock_ctr32_encrypt + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 16 +@@ -1063,8 +1123,26 @@ padlock_ctr32_encrypt: + .align 8 + .Lpadlock_saved_context: + .quad 0 +- ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +- +- +diff --git a/lib/accelerated/x86/elf/ghash-x86_64.s b/lib/accelerated/x86/elf/ghash-x86_64.s +index 1e4d18b34..8da3f294c 100644 +--- a/lib/accelerated/x86/elf/ghash-x86_64.s ++++ b/lib/accelerated/x86/elf/ghash-x86_64.s +@@ -45,6 +45,7 @@ + .align 16 + gcm_gmult_4bit: + .cfi_startproc ++.byte 243,15,30,250 + pushq %rbx + .cfi_adjust_cfa_offset 8 + .cfi_offset %rbx,-16 +@@ -156,6 +157,7 @@ gcm_gmult_4bit: + .align 16 + gcm_ghash_4bit: + .cfi_startproc ++.byte 243,15,30,250 + pushq %rbx + .cfi_adjust_cfa_offset 8 + .cfi_offset %rbx,-16 +@@ -903,6 +905,7 @@ gcm_init_clmul: + .align 16 + gcm_gmult_clmul: + .cfi_startproc ++.byte 243,15,30,250 + .L_gmult_clmul: + movdqu (%rdi),%xmm0 + movdqa .Lbswap_mask(%rip),%xmm5 +@@ -956,6 +959,7 @@ gcm_gmult_clmul: + .align 32 + gcm_ghash_clmul: + .cfi_startproc ++.byte 243,15,30,250 + .L_ghash_clmul: + movdqa .Lbswap_mask(%rip),%xmm10 + +@@ -1450,6 +1454,7 @@ gcm_init_avx: + .align 32 + gcm_gmult_avx: + .cfi_startproc ++.byte 243,15,30,250 + jmp .L_gmult_clmul + .cfi_endproc + .size gcm_gmult_avx,.-gcm_gmult_avx +@@ -1458,6 +1463,7 @@ gcm_gmult_avx: + .align 32 + gcm_ghash_avx: + .cfi_startproc ++.byte 243,15,30,250 + vzeroupper + + vmovdqu (%rdi),%xmm10 +@@ -1884,5 +1890,26 @@ gcm_ghash_avx: + + .byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha1-ssse3-x86.s b/lib/accelerated/x86/elf/sha1-ssse3-x86.s +index 8bfbcb6b3..57b6ba58f 100644 +--- a/lib/accelerated/x86/elf/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha1-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha1_block_data_order: + .L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1417,4 +1418,21 @@ sha1_block_data_order: + .byte 89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112 + .byte 114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s +index 1e6546e11..54095050c 100644 +--- a/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha1-ssse3-x86_64.s +@@ -1460,8 +1460,8 @@ _shaext_shortcut: + pshufd $27,%xmm1,%xmm1 + movdqu %xmm0,(%rdi) + movd %xmm1,16(%rdi) +-.cfi_endproc + .byte 0xf3,0xc3 ++.cfi_endproc + .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext + .type sha1_block_data_order_ssse3,@function + .align 16 +@@ -5487,5 +5487,26 @@ K_XX_XX: + .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 + .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .align 64 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha256-ssse3-x86.s b/lib/accelerated/x86/elf/sha256-ssse3-x86.s +index 8d9aaa4a8..6d16b9140 100644 +--- a/lib/accelerated/x86/elf/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha256-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha256_block_data_order: + .L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -3384,4 +3385,21 @@ sha256_block_data_order: + ret + .size sha256_block_data_order,.-.L_sha256_block_data_order_begin + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s +index 4b08e0c85..1514ee45c 100644 +--- a/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha256-ssse3-x86_64.s +@@ -1814,6 +1814,7 @@ K256: + .align 64 + sha256_block_data_order_shaext: + _shaext_shortcut: ++.cfi_startproc + leaq K256+128(%rip),%rcx + movdqu (%rdi),%xmm1 + movdqu 16(%rdi),%xmm2 +@@ -2016,6 +2017,7 @@ _shaext_shortcut: + movdqu %xmm1,(%rdi) + movdqu %xmm2,16(%rdi) + .byte 0xf3,0xc3 ++.cfi_endproc + .size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext + .type sha256_block_data_order_ssse3,@function + .align 64 +@@ -4277,7 +4279,15 @@ sha256_block_data_order_avx2: + vmovdqa %ymm4,0(%rsp) + xorl %r14d,%r14d + vmovdqa %ymm5,32(%rsp) ++ ++ movq 88(%rsp),%rdi ++.cfi_def_cfa %rdi,8 + leaq -64(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + movl %ebx,%edi + vmovdqa %ymm6,0(%rsp) + xorl %ecx,%edi +@@ -4289,6 +4299,12 @@ sha256_block_data_order_avx2: + .align 16 + .Lavx2_00_47: + leaq -64(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x38,0x06,0x23,0x08 ++ ++ pushq 64-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $4,%ymm0,%ymm1,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -4544,6 +4560,12 @@ sha256_block_data_order_avx2: + movl %r9d,%r12d + vmovdqa %ymm6,32(%rsp) + leaq -64(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x38,0x06,0x23,0x08 ++ ++ pushq 64-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $4,%ymm2,%ymm3,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -5419,6 +5441,8 @@ sha256_block_data_order_avx2: + + leaq 448(%rsp),%rsp + ++.cfi_escape 0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08 ++ + addl 0(%rdi),%eax + addl 4(%rdi),%ebx + addl 8(%rdi),%ecx +@@ -5444,9 +5468,11 @@ sha256_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++.cfi_escape 0x0f,0x06,0x76,0xd8,0x00,0x06,0x23,0x08 ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 88(%rsp),%rsi ++ movq 88(%rbp),%rsi + .cfi_def_cfa %rsi,8 + vzeroupper + movq -48(%rsi),%r15 +@@ -5467,5 +5493,26 @@ sha256_block_data_order_avx2: + .byte 0xf3,0xc3 + .cfi_endproc + .size sha256_block_data_order_avx2,.-sha256_block_data_order_avx2 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha512-ssse3-x86.s b/lib/accelerated/x86/elf/sha512-ssse3-x86.s +index 481c77715..afca4eae7 100644 +--- a/lib/accelerated/x86/elf/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/elf/sha512-ssse3-x86.s +@@ -43,6 +43,7 @@ + .align 16 + sha512_block_data_order: + .L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -602,4 +603,21 @@ sha512_block_data_order: + .byte 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 + .byte 62,0 + ++ .section ".note.gnu.property", "a" ++ .p2align 2 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ .asciz "GNU" ++1: ++ .p2align 2 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 2 ++4: ++ + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s b/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s +index e384d7e9e..a7be2cd44 100644 +--- a/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/elf/sha512-ssse3-x86_64.s +@@ -4204,7 +4204,15 @@ sha512_block_data_order_avx2: + vmovdqa %ymm10,64(%rsp) + vpaddq 64(%rbp),%ymm6,%ymm10 + vmovdqa %ymm11,96(%rsp) ++ ++ movq 152(%rsp),%rdi ++.cfi_def_cfa %rdi,8 + leaq -128(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpaddq 96(%rbp),%ymm7,%ymm11 + vmovdqa %ymm8,0(%rsp) + xorq %r14,%r14 +@@ -4220,6 +4228,12 @@ sha512_block_data_order_avx2: + .align 16 + .Lavx2_00_47: + leaq -128(%rsp),%rsp ++.cfi_escape 0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08 ++ ++ pushq 128-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $8,%ymm0,%ymm1,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -4513,6 +4527,12 @@ sha512_block_data_order_avx2: + movq %r9,%r12 + vmovdqa %ymm10,96(%rsp) + leaq -128(%rsp),%rsp ++.cfi_escape 0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08 ++ ++ pushq 128-8(%rsp) ++.cfi_escape 0x0f,0x05,0x77,0x00,0x06,0x23,0x08 ++ leaq 8(%rsp),%rsp ++.cfi_escape 0x0f,0x05,0x77,0x78,0x06,0x23,0x08 + vpalignr $8,%ymm4,%ymm5,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -5426,6 +5446,8 @@ sha512_block_data_order_avx2: + + leaq 1152(%rsp),%rsp + ++.cfi_escape 0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08 ++ + addq 0(%rdi),%rax + addq 8(%rdi),%rbx + addq 16(%rdi),%rcx +@@ -5451,9 +5473,11 @@ sha512_block_data_order_avx2: + jbe .Loop_avx2 + leaq (%rsp),%rbp + ++ ++.cfi_escape 0x0f,0x06,0x76,0x98,0x01,0x06,0x23,0x08 ++ + .Ldone_avx2: +- leaq (%rbp),%rsp +- movq 152(%rsp),%rsi ++ movq 152(%rbp),%rsi + .cfi_def_cfa %rsi,8 + vzeroupper + movq -48(%rsi),%r15 +@@ -5474,5 +5498,26 @@ sha512_block_data_order_avx2: + .byte 0xf3,0xc3 + .cfi_endproc + .size sha512_block_data_order_avx2,.-sha512_block_data_order_avx2 ++ .section ".note.gnu.property", "a" ++ .p2align 3 ++ .long 1f - 0f ++ .long 4f - 1f ++ .long 5 ++0: ++ # "GNU" encoded with .byte, since .asciz isn't supported ++ # on Solaris. ++ .byte 0x47 ++ .byte 0x4e ++ .byte 0x55 ++ .byte 0 ++1: ++ .p2align 3 ++ .long 0xc0000002 ++ .long 3f - 2f ++2: ++ .long 3 ++3: ++ .p2align 3 ++4: + + .section .note.GNU-stack,"",%progbits +diff --git a/lib/accelerated/x86/macosx/aes-ssse3-x86.s b/lib/accelerated/x86/macosx/aes-ssse3-x86.s +index 4be899281..6cc2b0390 100644 +--- a/lib/accelerated/x86/macosx/aes-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/aes-ssse3-x86.s +@@ -70,12 +70,14 @@ L_vpaes_consts: + .align 6,0x90 + .align 4 + __vpaes_preheat: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqa -48(%ebp),%xmm7 + movdqa -16(%ebp),%xmm6 + ret + .align 4 + __vpaes_encrypt_core: ++.byte 243,15,30,251 + movl $16,%ecx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -151,6 +153,7 @@ L000enc_entry: + ret + .align 4 + __vpaes_decrypt_core: ++.byte 243,15,30,251 + leal 608(%ebp),%ebx + movl 240(%edx),%eax + movdqa %xmm6,%xmm1 +@@ -237,6 +240,7 @@ L002dec_entry: + ret + .align 4 + __vpaes_schedule_core: ++.byte 243,15,30,251 + addl (%esp),%ebp + movdqu (%esi),%xmm0 + movdqa 320(%ebp),%xmm2 +@@ -329,6 +333,7 @@ L013schedule_mangle_last_dec: + ret + .align 4 + __vpaes_schedule_192_smear: ++.byte 243,15,30,251 + pshufd $128,%xmm6,%xmm1 + pshufd $254,%xmm7,%xmm0 + pxor %xmm1,%xmm6 +@@ -339,6 +344,7 @@ __vpaes_schedule_192_smear: + ret + .align 4 + __vpaes_schedule_round: ++.byte 243,15,30,251 + movdqa 8(%esp),%xmm2 + pxor %xmm1,%xmm1 + .byte 102,15,58,15,202,15 +@@ -386,6 +392,7 @@ L_vpaes_schedule_low_round: + ret + .align 4 + __vpaes_schedule_transform: ++.byte 243,15,30,251 + movdqa -16(%ebp),%xmm2 + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 +@@ -399,6 +406,7 @@ __vpaes_schedule_transform: + ret + .align 4 + __vpaes_schedule_mangle: ++.byte 243,15,30,251 + movdqa %xmm0,%xmm4 + movdqa 128(%ebp),%xmm5 + testl %edi,%edi +@@ -458,6 +466,7 @@ L015schedule_mangle_both: + .align 4 + _vpaes_set_encrypt_key: + L_vpaes_set_encrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -489,6 +498,7 @@ L016pic_point: + .align 4 + _vpaes_set_decrypt_key: + L_vpaes_set_decrypt_key_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -525,6 +535,7 @@ L017pic_point: + .align 4 + _vpaes_encrypt: + L_vpaes_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -552,6 +563,7 @@ L018pic_point: + .align 4 + _vpaes_decrypt: + L_vpaes_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -579,6 +591,7 @@ L019pic_point: + .align 4 + _vpaes_cbc_encrypt: + L_vpaes_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s b/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s +index 3d5c65226..c2e2f2e02 100644 +--- a/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/aes-ssse3-x86_64.s +@@ -635,6 +635,7 @@ L$schedule_mangle_both: + .p2align 4 + _vpaes_set_encrypt_key: + ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -653,6 +654,7 @@ _vpaes_set_encrypt_key: + .p2align 4 + _vpaes_set_decrypt_key: + ++.byte 243,15,30,250 + movl %esi,%eax + shrl $5,%eax + addl $5,%eax +@@ -676,6 +678,7 @@ _vpaes_set_decrypt_key: + .p2align 4 + _vpaes_encrypt: + ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_encrypt_core +@@ -689,6 +692,7 @@ _vpaes_encrypt: + .p2align 4 + _vpaes_decrypt: + ++.byte 243,15,30,250 + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_decrypt_core +@@ -701,6 +705,7 @@ _vpaes_decrypt: + .p2align 4 + _vpaes_cbc_encrypt: + ++.byte 243,15,30,250 + xchgq %rcx,%rdx + subq $16,%rcx + jc L$cbc_abort +diff --git a/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s b/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s +index d540930b5..be6d885d8 100644 +--- a/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s ++++ b/lib/accelerated/x86/macosx/aesni-gcm-x86_64.s +@@ -42,6 +42,8 @@ + + .p2align 5 + _aesni_ctr32_ghash_6x: ++ ++.byte 243,15,30,250 + vmovdqu 32(%r11),%xmm2 + subq $6,%rdx + vpxor %xmm4,%xmm4,%xmm4 +@@ -350,11 +352,13 @@ L$6x_done: + + .byte 0xf3,0xc3 + ++ + .globl _aesni_gcm_decrypt + + .p2align 5 + _aesni_gcm_decrypt: + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $0x60,%rdx + jb L$gcm_dec_abort +@@ -455,6 +459,8 @@ L$gcm_dec_abort: + + .p2align 5 + _aesni_ctr32_6x: ++ ++.byte 243,15,30,250 + vmovdqu 0-128(%rcx),%xmm4 + vmovdqu 32(%r11),%xmm2 + leaq -1(%rbp),%r13 +@@ -543,11 +549,13 @@ L$handle_ctr32_2: + jmp L$oop_ctr32 + + ++ + .globl _aesni_gcm_encrypt + + .p2align 5 + _aesni_gcm_encrypt: + ++.byte 243,15,30,250 + xorq %r10,%r10 + cmpq $288,%rdx + jb L$gcm_enc_abort +diff --git a/lib/accelerated/x86/macosx/aesni-x86.s b/lib/accelerated/x86/macosx/aesni-x86.s +index ee5008914..64e4e52fc 100644 +--- a/lib/accelerated/x86/macosx/aesni-x86.s ++++ b/lib/accelerated/x86/macosx/aesni-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _aesni_encrypt: + L_aesni_encrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -67,6 +68,7 @@ L000enc1_loop_1: + .align 4 + _aesni_decrypt: + L_aesni_decrypt_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 12(%esp),%edx + movups (%eax),%xmm2 +@@ -90,6 +92,7 @@ L001dec1_loop_2: + ret + .align 4 + __aesni_encrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -115,6 +118,7 @@ L002enc2_loop: + ret + .align 4 + __aesni_decrypt2: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -140,6 +144,7 @@ L003dec2_loop: + ret + .align 4 + __aesni_encrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -170,6 +175,7 @@ L004enc3_loop: + ret + .align 4 + __aesni_decrypt3: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -200,6 +206,7 @@ L005dec3_loop: + ret + .align 4 + __aesni_encrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -236,6 +243,7 @@ L006enc4_loop: + ret + .align 4 + __aesni_decrypt4: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + movups 16(%edx),%xmm1 + shll $4,%ecx +@@ -272,6 +280,7 @@ L007dec4_loop: + ret + .align 4 + __aesni_encrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -324,6 +333,7 @@ L_aesni_encrypt6_enter: + ret + .align 4 + __aesni_decrypt6: ++.byte 243,15,30,251 + movups (%edx),%xmm0 + shll $4,%ecx + movups 16(%edx),%xmm1 +@@ -378,6 +388,7 @@ L_aesni_decrypt6_enter: + .align 4 + _aesni_ecb_encrypt: + L_aesni_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -611,6 +622,7 @@ L012ecb_ret: + .align 4 + _aesni_ccm64_encrypt_blocks: + L_aesni_ccm64_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -697,6 +709,7 @@ L031ccm64_enc2_loop: + .align 4 + _aesni_ccm64_decrypt_blocks: + L_aesni_ccm64_decrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -818,6 +831,7 @@ L036enc1_loop_6: + .align 4 + _aesni_ctr32_encrypt_blocks: + L_aesni_ctr32_encrypt_blocks_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1054,6 +1068,7 @@ L040ctr32_ret: + .align 4 + _aesni_xts_encrypt: + L_aesni_xts_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1412,6 +1427,7 @@ L056xts_enc_ret: + .align 4 + _aesni_xts_decrypt: + L_aesni_xts_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -1800,6 +1816,7 @@ L069xts_dec_ret: + .align 4 + _aesni_ocb_encrypt: + L_aesni_ocb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2193,6 +2210,7 @@ L078done: + .align 4 + _aesni_ocb_decrypt: + L_aesni_ocb_decrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2586,6 +2604,7 @@ L088done: + .align 4 + _aesni_cbc_encrypt: + L_aesni_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -2843,6 +2862,7 @@ L094cbc_abort: + ret + .align 4 + __aesni_set_encrypt_key: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + testl %eax,%eax +@@ -3176,6 +3196,7 @@ L115bad_keybits: + .align 4 + _aesni_set_encrypt_key: + L_aesni_set_encrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +@@ -3185,6 +3206,7 @@ L_aesni_set_encrypt_key_begin: + .align 4 + _aesni_set_decrypt_key: + L_aesni_set_decrypt_key_begin: ++.byte 243,15,30,251 + movl 4(%esp),%eax + movl 8(%esp),%ecx + movl 12(%esp),%edx +diff --git a/lib/accelerated/x86/macosx/aesni-x86_64.s b/lib/accelerated/x86/macosx/aesni-x86_64.s +index f6145f166..484122c5e 100644 +--- a/lib/accelerated/x86/macosx/aesni-x86_64.s ++++ b/lib/accelerated/x86/macosx/aesni-x86_64.s +@@ -44,6 +44,7 @@ + .p2align 4 + _aesni_encrypt: + ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -70,6 +71,7 @@ L$oop_enc1_1: + .p2align 4 + _aesni_decrypt: + ++.byte 243,15,30,250 + movups (%rdi),%xmm2 + movl 240(%rdx),%eax + movups (%rdx),%xmm0 +@@ -557,6 +559,7 @@ L$dec_loop8_enter: + .p2align 4 + _aesni_ecb_encrypt: + ++.byte 243,15,30,250 + andq $-16,%rdx + jz L$ecb_ret + +@@ -900,6 +903,8 @@ L$ecb_ret: + + .p2align 4 + _aesni_ccm64_encrypt_blocks: ++ ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movdqu (%r8),%xmm6 + movdqa L$increment64(%rip),%xmm9 +@@ -959,10 +964,13 @@ L$ccm64_enc2_loop: + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 + ++ + .globl _aesni_ccm64_decrypt_blocks + + .p2align 4 + _aesni_ccm64_decrypt_blocks: ++ ++.byte 243,15,30,250 + movl 240(%rcx),%eax + movups (%r8),%xmm6 + movdqu (%r9),%xmm3 +@@ -1056,11 +1064,13 @@ L$oop_enc1_6: + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 + ++ + .globl _aesni_ctr32_encrypt_blocks + + .p2align 4 + _aesni_ctr32_encrypt_blocks: + ++.byte 243,15,30,250 + cmpq $1,%rdx + jne L$ctr32_bulk + +@@ -1639,6 +1649,7 @@ L$ctr32_epilogue: + .p2align 4 + _aesni_xts_encrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2109,6 +2120,7 @@ L$xts_enc_epilogue: + .p2align 4 + _aesni_xts_decrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%r11 + + pushq %rbp +@@ -2616,6 +2628,7 @@ L$xts_dec_epilogue: + .p2align 5 + _aesni_ocb_encrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -2824,6 +2837,7 @@ L$ocb_enc_epilogue: + + .p2align 5 + __ocb_encrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2924,8 +2938,10 @@ L$ocb_enc_loop6: + + + ++ + .p2align 5 + __ocb_encrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -2993,8 +3009,10 @@ L$ocb_enc_loop4: + + + ++ + .p2align 5 + __ocb_encrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm2,%xmm8 +@@ -3027,11 +3045,13 @@ L$ocb_enc_loop1: + .byte 0xf3,0xc3 + + ++ + .globl _aesni_ocb_decrypt + + .p2align 5 + _aesni_ocb_decrypt: + ++.byte 243,15,30,250 + leaq (%rsp),%rax + pushq %rbx + +@@ -3262,6 +3282,7 @@ L$ocb_dec_epilogue: + + .p2align 5 + __ocb_decrypt6: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3356,8 +3377,10 @@ L$ocb_dec_loop6: + + + ++ + .p2align 5 + __ocb_decrypt4: ++ + pxor %xmm9,%xmm15 + movdqu (%rbx,%r12,1),%xmm11 + movdqa %xmm10,%xmm12 +@@ -3421,8 +3444,10 @@ L$ocb_dec_loop4: + + + ++ + .p2align 5 + __ocb_decrypt1: ++ + pxor %xmm15,%xmm7 + pxor %xmm9,%xmm7 + pxor %xmm7,%xmm2 +@@ -3453,11 +3478,13 @@ L$ocb_dec_loop1: + .byte 102,15,56,223,215 + .byte 0xf3,0xc3 + ++ + .globl _aesni_cbc_encrypt + + .p2align 4 + _aesni_cbc_encrypt: + ++.byte 243,15,30,250 + testq %rdx,%rdx + jz L$cbc_ret + +@@ -4390,7 +4417,6 @@ L$enc_key_ret: + addq $8,%rsp + + .byte 0xf3,0xc3 +- + L$SEH_end_set_encrypt_key: + + .p2align 4 +@@ -4463,6 +4489,7 @@ L$key_expansion_256b: + .byte 0xf3,0xc3 + + ++ + .p2align 6 + L$bswap_mask: + .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +diff --git a/lib/accelerated/x86/macosx/e_padlock-x86.s b/lib/accelerated/x86/macosx/e_padlock-x86.s +index 367962c7c..9a72938fe 100644 +--- a/lib/accelerated/x86/macosx/e_padlock-x86.s ++++ b/lib/accelerated/x86/macosx/e_padlock-x86.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -37,12 +37,12 @@ + # + # *** This file is auto-generated *** + # +-.file "devel/perlasm/e_padlock-x86.s" + .text + .globl _padlock_capability + .align 4 + _padlock_capability: + L_padlock_capability_begin: ++.byte 243,15,30,251 + pushl %ebx + pushfl + popl %eax +@@ -59,11 +59,20 @@ L_padlock_capability_begin: + .byte 0x0f,0xa2 + xorl %eax,%eax + cmpl $0x746e6543,%ebx +- jne L000noluck ++ jne L001zhaoxin + cmpl $0x48727561,%edx + jne L000noluck + cmpl $0x736c7561,%ecx + jne L000noluck ++ jmp L002zhaoxinEnd ++L001zhaoxin: ++ cmpl $0x68532020,%ebx ++ jne L000noluck ++ cmpl $0x68676e61,%edx ++ jne L000noluck ++ cmpl $0x20206961,%ecx ++ jne L000noluck ++L002zhaoxinEnd: + movl $3221225472,%eax + .byte 0x0f,0xa2 + movl %eax,%edx +@@ -92,43 +101,47 @@ L000noluck: + .align 4 + _padlock_key_bswap: + L_padlock_key_bswap_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx + movl 240(%edx),%ecx +-L001bswap_loop: ++L003bswap_loop: + movl (%edx),%eax + bswap %eax + movl %eax,(%edx) + leal 4(%edx),%edx + subl $1,%ecx +- jnz L001bswap_loop ++ jnz L003bswap_loop + ret + .globl _padlock_verify_context + .align 4 + _padlock_verify_context: + L_padlock_verify_context_begin: ++.byte 243,15,30,251 + movl 4(%esp),%edx +- leal Lpadlock_saved_context-L002verify_pic_point,%eax ++ leal Lpadlock_saved_context-L004verify_pic_point,%eax + pushfl + call __padlock_verify_ctx +-L002verify_pic_point: ++L004verify_pic_point: + leal 4(%esp),%esp + ret + .align 4 + __padlock_verify_ctx: ++.byte 243,15,30,251 + addl (%esp),%eax + btl $30,4(%esp) +- jnc L003verified ++ jnc L005verified + cmpl (%eax),%edx +- je L003verified ++ je L005verified + pushfl + popfl +-L003verified: ++L005verified: + movl %edx,(%eax) + ret + .globl _padlock_reload_key + .align 4 + _padlock_reload_key: + L_padlock_reload_key_begin: ++.byte 243,15,30,251 + pushfl + popfl + ret +@@ -136,6 +149,7 @@ L_padlock_reload_key_begin: + .align 4 + _padlock_aes_block: + L_padlock_aes_block_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + pushl %ebx +@@ -154,6 +168,7 @@ L_padlock_aes_block_begin: + .align 4 + _padlock_ecb_encrypt: + L_padlock_ecb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -163,25 +178,25 @@ L_padlock_ecb_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L004ecb_abort ++ jnz L006ecb_abort + testl $15,%ecx +- jnz L004ecb_abort +- leal Lpadlock_saved_context-L005ecb_pic_point,%eax ++ jnz L006ecb_abort ++ leal Lpadlock_saved_context-L007ecb_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L005ecb_pic_point: ++L007ecb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L006ecb_aligned ++ jnz L008ecb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L006ecb_aligned ++ jnz L008ecb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -200,7 +215,7 @@ L005ecb_pic_point: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja L007ecb_loop ++ ja L009ecb_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -211,10 +226,10 @@ L005ecb_pic_point: + movl $-128,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz L008ecb_unaligned_tail +- jmp L007ecb_loop ++ jz L010ecb_unaligned_tail ++ jmp L009ecb_loop + .align 4,0x90 +-L007ecb_loop: ++L009ecb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -223,13 +238,13 @@ L007ecb_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L009ecb_inp_aligned ++ jz L011ecb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L009ecb_inp_aligned: ++L011ecb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -237,23 +252,23 @@ L009ecb_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L010ecb_out_aligned ++ jz L012ecb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L010ecb_out_aligned: ++L012ecb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz L011ecb_break ++ jz L013ecb_break + cmpl %ebx,%ecx +- jae L007ecb_loop +-L008ecb_unaligned_tail: ++ jae L009ecb_loop ++L010ecb_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -266,24 +281,24 @@ L008ecb_unaligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L007ecb_loop ++ jmp L009ecb_loop + .align 4,0x90 +-L011ecb_break: ++L013ecb_break: + cmpl %ebp,%esp +- je L012ecb_done ++ je L014ecb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L013ecb_bzero: ++L015ecb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L013ecb_bzero +-L012ecb_done: ++ ja L015ecb_bzero ++L014ecb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L014ecb_exit ++ jmp L016ecb_exit + .align 4,0x90 +-L006ecb_aligned: ++L008ecb_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -293,14 +308,14 @@ L006ecb_aligned: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz L015ecb_aligned_tail ++ jz L017ecb_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,200 + testl %ebp,%ebp +- jz L014ecb_exit +-L015ecb_aligned_tail: ++ jz L016ecb_exit ++L017ecb_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -317,11 +332,11 @@ L015ecb_aligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L007ecb_loop +-L014ecb_exit: ++ jmp L009ecb_loop ++L016ecb_exit: + movl $1,%eax + leal 4(%esp),%esp +-L004ecb_abort: ++L006ecb_abort: + popl %edi + popl %esi + popl %ebx +@@ -331,6 +346,7 @@ L004ecb_abort: + .align 4 + _padlock_cbc_encrypt: + L_padlock_cbc_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -340,25 +356,25 @@ L_padlock_cbc_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L016cbc_abort ++ jnz L018cbc_abort + testl $15,%ecx +- jnz L016cbc_abort +- leal Lpadlock_saved_context-L017cbc_pic_point,%eax ++ jnz L018cbc_abort ++ leal Lpadlock_saved_context-L019cbc_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L017cbc_pic_point: ++L019cbc_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L018cbc_aligned ++ jnz L020cbc_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L018cbc_aligned ++ jnz L020cbc_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -377,7 +393,7 @@ L017cbc_pic_point: + andl $-16,%esp + movl %eax,16(%ebp) + cmpl %ebx,%ecx +- ja L019cbc_loop ++ ja L021cbc_loop + movl %esi,%eax + cmpl %esp,%ebp + cmovel %edi,%eax +@@ -388,10 +404,10 @@ L017cbc_pic_point: + movl $-64,%eax + cmovael %ebx,%eax + andl %eax,%ebx +- jz L020cbc_unaligned_tail +- jmp L019cbc_loop ++ jz L022cbc_unaligned_tail ++ jmp L021cbc_loop + .align 4,0x90 +-L019cbc_loop: ++L021cbc_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -400,13 +416,13 @@ L019cbc_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L021cbc_inp_aligned ++ jz L023cbc_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L021cbc_inp_aligned: ++L023cbc_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -416,23 +432,23 @@ L021cbc_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L022cbc_out_aligned ++ jz L024cbc_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L022cbc_out_aligned: ++L024cbc_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jz L023cbc_break ++ jz L025cbc_break + cmpl %ebx,%ecx +- jae L019cbc_loop +-L020cbc_unaligned_tail: ++ jae L021cbc_loop ++L022cbc_unaligned_tail: + xorl %eax,%eax + cmpl %ebp,%esp + cmovel %ecx,%eax +@@ -445,24 +461,24 @@ L020cbc_unaligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L019cbc_loop ++ jmp L021cbc_loop + .align 4,0x90 +-L023cbc_break: ++L025cbc_break: + cmpl %ebp,%esp +- je L024cbc_done ++ je L026cbc_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L025cbc_bzero: ++L027cbc_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L025cbc_bzero +-L024cbc_done: ++ ja L027cbc_bzero ++L026cbc_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L026cbc_exit ++ jmp L028cbc_exit + .align 4,0x90 +-L018cbc_aligned: ++L020cbc_aligned: + leal (%esi,%ecx,1),%ebp + negl %ebp + andl $4095,%ebp +@@ -472,7 +488,7 @@ L018cbc_aligned: + cmovael %eax,%ebp + andl %ecx,%ebp + subl %ebp,%ecx +- jz L027cbc_aligned_tail ++ jz L029cbc_aligned_tail + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -480,8 +496,8 @@ L018cbc_aligned: + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) + testl %ebp,%ebp +- jz L026cbc_exit +-L027cbc_aligned_tail: ++ jz L028cbc_exit ++L029cbc_aligned_tail: + movl %ebp,%ecx + leal -24(%esp),%ebp + movl %ebp,%esp +@@ -498,11 +514,11 @@ L027cbc_aligned_tail: + movl %esp,%esi + movl %eax,%edi + movl %ebx,%ecx +- jmp L019cbc_loop +-L026cbc_exit: ++ jmp L021cbc_loop ++L028cbc_exit: + movl $1,%eax + leal 4(%esp),%esp +-L016cbc_abort: ++L018cbc_abort: + popl %edi + popl %esi + popl %ebx +@@ -512,6 +528,7 @@ L016cbc_abort: + .align 4 + _padlock_cfb_encrypt: + L_padlock_cfb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -521,25 +538,25 @@ L_padlock_cfb_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L028cfb_abort ++ jnz L030cfb_abort + testl $15,%ecx +- jnz L028cfb_abort +- leal Lpadlock_saved_context-L029cfb_pic_point,%eax ++ jnz L030cfb_abort ++ leal Lpadlock_saved_context-L031cfb_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L029cfb_pic_point: ++L031cfb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L030cfb_aligned ++ jnz L032cfb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L030cfb_aligned ++ jnz L032cfb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -557,9 +574,9 @@ L029cfb_pic_point: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp L031cfb_loop ++ jmp L033cfb_loop + .align 4,0x90 +-L031cfb_loop: ++L033cfb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -568,13 +585,13 @@ L031cfb_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L032cfb_inp_aligned ++ jz L034cfb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L032cfb_inp_aligned: ++L034cfb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -584,45 +601,45 @@ L032cfb_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L033cfb_out_aligned ++ jz L035cfb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L033cfb_out_aligned: ++L035cfb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz L031cfb_loop ++ jnz L033cfb_loop + cmpl %ebp,%esp +- je L034cfb_done ++ je L036cfb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L035cfb_bzero: ++L037cfb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L035cfb_bzero +-L034cfb_done: ++ ja L037cfb_bzero ++L036cfb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L036cfb_exit ++ jmp L038cfb_exit + .align 4,0x90 +-L030cfb_aligned: ++L032cfb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,224 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-L036cfb_exit: ++L038cfb_exit: + movl $1,%eax + leal 4(%esp),%esp +-L028cfb_abort: ++L030cfb_abort: + popl %edi + popl %esi + popl %ebx +@@ -632,6 +649,7 @@ L028cfb_abort: + .align 4 + _padlock_ofb_encrypt: + L_padlock_ofb_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -641,25 +659,25 @@ L_padlock_ofb_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L037ofb_abort ++ jnz L039ofb_abort + testl $15,%ecx +- jnz L037ofb_abort +- leal Lpadlock_saved_context-L038ofb_pic_point,%eax ++ jnz L039ofb_abort ++ leal Lpadlock_saved_context-L040ofb_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L038ofb_pic_point: ++L040ofb_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + xorl %ebx,%ebx + testl $32,(%edx) +- jnz L039ofb_aligned ++ jnz L041ofb_aligned + testl $15,%edi + setz %al + testl $15,%esi + setz %bl + testl %ebx,%eax +- jnz L039ofb_aligned ++ jnz L041ofb_aligned + negl %eax + movl $512,%ebx + notl %eax +@@ -677,9 +695,9 @@ L038ofb_pic_point: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp L040ofb_loop ++ jmp L042ofb_loop + .align 4,0x90 +-L040ofb_loop: ++L042ofb_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -688,13 +706,13 @@ L040ofb_loop: + testl $15,%edi + cmovnzl %esp,%edi + testl $15,%esi +- jz L041ofb_inp_aligned ++ jz L043ofb_inp_aligned + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi + movl %ebx,%ecx + movl %edi,%esi +-L041ofb_inp_aligned: ++L043ofb_inp_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx +@@ -704,45 +722,45 @@ L041ofb_inp_aligned: + movl (%ebp),%edi + movl 12(%ebp),%ebx + testl $15,%edi +- jz L042ofb_out_aligned ++ jz L044ofb_out_aligned + movl %ebx,%ecx + leal (%esp),%esi + shrl $2,%ecx + .byte 243,165 + subl %ebx,%edi +-L042ofb_out_aligned: ++L044ofb_out_aligned: + movl 4(%ebp),%esi + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz L040ofb_loop ++ jnz L042ofb_loop + cmpl %ebp,%esp +- je L043ofb_done ++ je L045ofb_done + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L044ofb_bzero: ++L046ofb_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L044ofb_bzero +-L043ofb_done: ++ ja L046ofb_bzero ++L045ofb_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp +- jmp L045ofb_exit ++ jmp L047ofb_exit + .align 4,0x90 +-L039ofb_aligned: ++L041ofb_aligned: + leal -16(%edx),%eax + leal 16(%edx),%ebx + shrl $4,%ecx + .byte 243,15,167,232 + movaps (%eax),%xmm0 + movaps %xmm0,-16(%edx) +-L045ofb_exit: ++L047ofb_exit: + movl $1,%eax + leal 4(%esp),%esp +-L037ofb_abort: ++L039ofb_abort: + popl %edi + popl %esi + popl %ebx +@@ -752,6 +770,7 @@ L037ofb_abort: + .align 4 + _padlock_ctr32_encrypt: + L_padlock_ctr32_encrypt_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +@@ -761,14 +780,14 @@ L_padlock_ctr32_encrypt_begin: + movl 28(%esp),%edx + movl 32(%esp),%ecx + testl $15,%edx +- jnz L046ctr32_abort ++ jnz L048ctr32_abort + testl $15,%ecx +- jnz L046ctr32_abort +- leal Lpadlock_saved_context-L047ctr32_pic_point,%eax ++ jnz L048ctr32_abort ++ leal Lpadlock_saved_context-L049ctr32_pic_point,%eax + pushfl + cld + call __padlock_verify_ctx +-L047ctr32_pic_point: ++L049ctr32_pic_point: + leal 16(%edx),%edx + xorl %eax,%eax + movq -16(%edx),%mm0 +@@ -788,9 +807,9 @@ L047ctr32_pic_point: + andl $-16,%ebp + andl $-16,%esp + movl %eax,16(%ebp) +- jmp L048ctr32_loop ++ jmp L050ctr32_loop + .align 4,0x90 +-L048ctr32_loop: ++L050ctr32_loop: + movl %edi,(%ebp) + movl %esi,4(%ebp) + movl %ecx,8(%ebp) +@@ -799,7 +818,7 @@ L048ctr32_loop: + movl -4(%edx),%ecx + xorl %edi,%edi + movl -8(%edx),%eax +-L049ctr32_prepare: ++L051ctr32_prepare: + movl %ecx,12(%esp,%edi,1) + bswap %ecx + movq %mm0,(%esp,%edi,1) +@@ -808,7 +827,7 @@ L049ctr32_prepare: + bswap %ecx + leal 16(%edi),%edi + cmpl %ebx,%edi +- jb L049ctr32_prepare ++ jb L051ctr32_prepare + movl %ecx,-4(%edx) + leal (%esp),%esi + leal (%esp),%edi +@@ -821,33 +840,33 @@ L049ctr32_prepare: + movl 12(%ebp),%ebx + movl 4(%ebp),%esi + xorl %ecx,%ecx +-L050ctr32_xor: ++L052ctr32_xor: + movups (%esi,%ecx,1),%xmm1 + leal 16(%ecx),%ecx + pxor -16(%esp,%ecx,1),%xmm1 + movups %xmm1,-16(%edi,%ecx,1) + cmpl %ebx,%ecx +- jb L050ctr32_xor ++ jb L052ctr32_xor + movl 8(%ebp),%ecx + addl %ebx,%edi + addl %ebx,%esi + subl %ebx,%ecx + movl $512,%ebx +- jnz L048ctr32_loop ++ jnz L050ctr32_loop + pxor %xmm0,%xmm0 + leal (%esp),%eax +-L051ctr32_bzero: ++L053ctr32_bzero: + movaps %xmm0,(%eax) + leal 16(%eax),%eax + cmpl %eax,%ebp +- ja L051ctr32_bzero +-L052ctr32_done: ++ ja L053ctr32_bzero ++L054ctr32_done: + movl 16(%ebp),%ebp + leal 24(%ebp),%esp + movl $1,%eax + leal 4(%esp),%esp + emms +-L046ctr32_abort: ++L048ctr32_abort: + popl %edi + popl %esi + popl %ebx +@@ -857,6 +876,7 @@ L046ctr32_abort: + .align 4 + _padlock_xstore: + L_padlock_xstore_begin: ++.byte 243,15,30,251 + pushl %edi + movl 8(%esp),%edi + movl 12(%esp),%edx +@@ -865,19 +885,21 @@ L_padlock_xstore_begin: + ret + .align 4 + __win32_segv_handler: ++.byte 243,15,30,251 + movl $1,%eax + movl 4(%esp),%edx + movl 12(%esp),%ecx + cmpl $3221225477,(%edx) +- jne L053ret ++ jne L055ret + addl $4,184(%ecx) + movl $0,%eax +-L053ret: ++L055ret: + ret + .globl _padlock_sha1_oneshot + .align 4 + _padlock_sha1_oneshot: + L_padlock_sha1_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -907,6 +929,7 @@ L_padlock_sha1_oneshot_begin: + .align 4 + _padlock_sha1_blocks: + L_padlock_sha1_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -935,6 +958,7 @@ L_padlock_sha1_blocks_begin: + .align 4 + _padlock_sha256_oneshot: + L_padlock_sha256_oneshot_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + xorl %eax,%eax +@@ -964,6 +988,7 @@ L_padlock_sha256_oneshot_begin: + .align 4 + _padlock_sha256_blocks: + L_padlock_sha256_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +@@ -992,6 +1017,7 @@ L_padlock_sha256_blocks_begin: + .align 4 + _padlock_sha512_blocks: + L_padlock_sha512_blocks_begin: ++.byte 243,15,30,251 + pushl %edi + pushl %esi + movl 12(%esp),%edi +diff --git a/lib/accelerated/x86/macosx/e_padlock-x86_64.s b/lib/accelerated/x86/macosx/e_padlock-x86_64.s +index a73d7a6c1..64aff29fe 100644 +--- a/lib/accelerated/x86/macosx/e_padlock-x86_64.s ++++ b/lib/accelerated/x86/macosx/e_padlock-x86_64.s +@@ -1,4 +1,4 @@ +-# Copyright (c) 2011-2013, Andy Polyakov ++# Copyright (c) 2011-2016, Andy Polyakov + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without +@@ -42,36 +42,50 @@ + + .p2align 4 + _padlock_capability: ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + xorl %eax,%eax + cpuid + xorl %eax,%eax +- cmpl $1953391939,%ebx ++ cmpl $0x746e6543,%ebx ++ jne L$zhaoxin ++ cmpl $0x48727561,%edx ++ jne L$noluck ++ cmpl $0x736c7561,%ecx ++ jne L$noluck ++ jmp L$zhaoxinEnd ++L$zhaoxin: ++ cmpl $0x68532020,%ebx + jne L$noluck +- cmpl $1215460705,%edx ++ cmpl $0x68676e61,%edx + jne L$noluck +- cmpl $1936487777,%ecx ++ cmpl $0x20206961,%ecx + jne L$noluck +- movl $3221225472,%eax ++L$zhaoxinEnd: ++ movl $0xC0000000,%eax + cpuid + movl %eax,%edx + xorl %eax,%eax +- cmpl $3221225473,%edx ++ cmpl $0xC0000001,%edx + jb L$noluck +- movl $3221225473,%eax ++ movl $0xC0000001,%eax + cpuid + movl %edx,%eax +- andl $4294967279,%eax +- orl $16,%eax ++ andl $0xffffffef,%eax ++ orl $0x10,%eax + L$noluck: + movq %r8,%rbx + .byte 0xf3,0xc3 + + ++ + .globl _padlock_key_bswap + + .p2align 4 + _padlock_key_bswap: ++ ++.byte 243,15,30,250 + movl 240(%rdi),%edx + L$bswap_loop: + movl (%rdi),%eax +@@ -83,10 +97,13 @@ L$bswap_loop: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_verify_context + + .p2align 4 + _padlock_verify_context: ++ ++.byte 243,15,30,250 + movq %rdi,%rdx + pushf + leaq L$padlock_saved_context(%rip),%rax +@@ -96,8 +113,11 @@ _padlock_verify_context: + + + ++ + .p2align 4 + _padlock_verify_ctx: ++ ++.byte 243,15,30,250 + movq 8(%rsp),%r8 + btq $30,%r8 + jnc L$verified +@@ -110,41 +130,53 @@ L$verified: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_reload_key + + .p2align 4 + _padlock_reload_key: ++ ++.byte 243,15,30,250 + pushf + popf + .byte 0xf3,0xc3 + + ++ + .globl _padlock_aes_block + + .p2align 4 + _padlock_aes_block: ++ ++.byte 243,15,30,250 + movq %rbx,%r8 + movq $1,%rcx + leaq 32(%rdx),%rbx + leaq 16(%rdx),%rdx +-.byte 0xf3,0x0f,0xa7,0xc8 ++.byte 0xf3,0x0f,0xa7,0xc8 + movq %r8,%rbx + .byte 0xf3,0xc3 + + ++ + .globl _padlock_xstore + + .p2align 4 + _padlock_xstore: ++ ++.byte 243,15,30,250 + movl %esi,%edx +-.byte 0x0f,0xa7,0xc0 ++.byte 0x0f,0xa7,0xc0 + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha1_oneshot + + .p2align 4 + _padlock_sha1_oneshot: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -154,7 +186,7 @@ _padlock_sha1_oneshot: + movq %rsp,%rdi + movl %eax,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -163,10 +195,13 @@ _padlock_sha1_oneshot: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha1_blocks + + .p2align 4 + _padlock_sha1_blocks: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -176,7 +211,7 @@ _padlock_sha1_blocks: + movq %rsp,%rdi + movl %eax,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xc8 ++.byte 0xf3,0x0f,0xa6,0xc8 + movaps (%rsp),%xmm0 + movl 16(%rsp),%eax + addq $128+8,%rsp +@@ -185,10 +220,13 @@ _padlock_sha1_blocks: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha256_oneshot + + .p2align 4 + _padlock_sha256_oneshot: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -198,7 +236,7 @@ _padlock_sha256_oneshot: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + xorq %rax,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -207,10 +245,13 @@ _padlock_sha256_oneshot: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha256_blocks + + .p2align 4 + _padlock_sha256_blocks: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -220,7 +261,7 @@ _padlock_sha256_blocks: + movq %rsp,%rdi + movaps %xmm1,16(%rsp) + movq $-1,%rax +-.byte 0xf3,0x0f,0xa6,0xd0 ++.byte 0xf3,0x0f,0xa6,0xd0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + addq $128+8,%rsp +@@ -229,10 +270,13 @@ _padlock_sha256_blocks: + .byte 0xf3,0xc3 + + ++ + .globl _padlock_sha512_blocks + + .p2align 4 + _padlock_sha512_blocks: ++ ++.byte 243,15,30,250 + movq %rdx,%rcx + movq %rdi,%rdx + movups (%rdi),%xmm0 +@@ -245,7 +289,7 @@ _padlock_sha512_blocks: + movaps %xmm1,16(%rsp) + movaps %xmm2,32(%rsp) + movaps %xmm3,48(%rsp) +-.byte 0xf3,0x0f,0xa6,0xe0 ++.byte 0xf3,0x0f,0xa6,0xe0 + movaps (%rsp),%xmm0 + movaps 16(%rsp),%xmm1 + movaps 32(%rsp),%xmm2 +@@ -257,10 +301,13 @@ _padlock_sha512_blocks: + movups %xmm3,48(%rdx) + .byte 0xf3,0xc3 + ++ + .globl _padlock_ecb_encrypt + + .p2align 4 + _padlock_ecb_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -278,9 +325,9 @@ _padlock_ecb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$ecb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$ecb_aligned +@@ -304,7 +351,7 @@ _padlock_ecb_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $128,%rax + movq $-128,%rax + cmovaeq %rbx,%rax +@@ -320,12 +367,12 @@ L$ecb_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$ecb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -333,15 +380,15 @@ L$ecb_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$ecb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$ecb_out_aligned: + movq %r9,%rsi +@@ -362,7 +409,7 @@ L$ecb_unaligned_tail: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -388,7 +435,7 @@ L$ecb_done: + L$ecb_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $128,%rbp + movq $128-1,%rbp +@@ -399,7 +446,7 @@ L$ecb_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,200 ++.byte 0xf3,0x0f,0xa7,200 + testq %rbp,%rbp + jz L$ecb_exit + +@@ -411,7 +458,7 @@ L$ecb_aligned_tail: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -424,10 +471,13 @@ L$ecb_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_cbc_encrypt + + .p2align 4 + _padlock_cbc_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -445,9 +495,9 @@ _padlock_cbc_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$cbc_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$cbc_aligned +@@ -471,7 +521,7 @@ _padlock_cbc_encrypt: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $64,%rax + movq $-64,%rax + cmovaeq %rbx,%rax +@@ -487,12 +537,12 @@ L$cbc_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$cbc_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -500,17 +550,17 @@ L$cbc_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$cbc_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$cbc_out_aligned: + movq %r9,%rsi +@@ -531,7 +581,7 @@ L$cbc_unaligned_tail: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -557,7 +607,7 @@ L$cbc_done: + L$cbc_aligned: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $64,%rbp + movq $64-1,%rbp +@@ -568,7 +618,7 @@ L$cbc_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,208 ++.byte 0xf3,0x0f,0xa7,208 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + testq %rbp,%rbp +@@ -582,7 +632,7 @@ L$cbc_aligned_tail: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -595,10 +645,13 @@ L$cbc_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_cfb_encrypt + + .p2align 4 + _padlock_cfb_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -616,9 +669,9 @@ _padlock_cfb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$cfb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$cfb_aligned +@@ -645,12 +698,12 @@ L$cfb_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$cfb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -658,17 +711,17 @@ L$cfb_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$cfb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$cfb_out_aligned: + movq %r9,%rsi +@@ -698,7 +751,7 @@ L$cfb_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,224 ++.byte 0xf3,0x0f,0xa7,224 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + L$cfb_exit: +@@ -709,10 +762,13 @@ L$cfb_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_ofb_encrypt + + .p2align 4 + _padlock_ofb_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -730,9 +786,9 @@ _padlock_ofb_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$ofb_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$ofb_aligned +@@ -759,12 +815,12 @@ L$ofb_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$ofb_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -772,17 +828,17 @@ L$ofb_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$ofb_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$ofb_out_aligned: + movq %r9,%rsi +@@ -812,7 +868,7 @@ L$ofb_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,232 ++.byte 0xf3,0x0f,0xa7,232 + movdqa (%rax),%xmm0 + movdqa %xmm0,-16(%rdx) + L$ofb_exit: +@@ -823,10 +879,13 @@ L$ofb_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .globl _padlock_ctr32_encrypt + + .p2align 4 + _padlock_ctr32_encrypt: ++ ++.byte 243,15,30,250 + pushq %rbp + pushq %rbx + +@@ -844,9 +903,9 @@ _padlock_ctr32_encrypt: + xorl %ebx,%ebx + testl $32,(%rdx) + jnz L$ctr32_aligned +- testq $15,%rdi ++ testq $0x0f,%rdi + setz %al +- testq $15,%rsi ++ testq $0x0f,%rsi + setz %bl + testl %ebx,%eax + jnz L$ctr32_aligned +@@ -881,7 +940,7 @@ L$ctr32_reenter: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -897,12 +956,12 @@ L$ctr32_loop: + movq %rcx,%r10 + movq %rbx,%rcx + movq %rbx,%r11 +- testq $15,%rdi ++ testq $0x0f,%rdi + cmovnzq %rsp,%rdi +- testq $15,%rsi ++ testq $0x0f,%rsi + jz L$ctr32_inp_aligned + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + movq %rbx,%rcx + movq %rdi,%rsi +@@ -910,23 +969,23 @@ L$ctr32_inp_aligned: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + movl -4(%rdx),%eax +- testl $4294901760,%eax ++ testl $0xffff0000,%eax + jnz L$ctr32_no_carry + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + L$ctr32_no_carry: + movq %r8,%rdi + movq %r11,%rbx +- testq $15,%rdi ++ testq $0x0f,%rdi + jz L$ctr32_out_aligned + movq %rbx,%rcx + leaq (%rsp),%rsi + shrq $3,%rcx +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + subq %rbx,%rdi + L$ctr32_out_aligned: + movq %r9,%rsi +@@ -944,7 +1003,7 @@ L$ctr32_out_aligned: + cmoveq %rdi,%rax + addq %rcx,%rax + negq %rax +- andq $4095,%rax ++ andq $0xfff,%rax + cmpq $32,%rax + movq $-32,%rax + cmovaeq %rbx,%rax +@@ -959,7 +1018,7 @@ L$ctr32_unaligned_tail: + subq %rax,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + movq %rsp,%rsi + movq %r8,%rdi + movq %rbx,%rcx +@@ -986,7 +1045,7 @@ L$ctr32_aligned: + movl -4(%rdx),%eax + bswapl %eax + negl %eax +- andl $65535,%eax ++ andl $0xffff,%eax + movq $1048576,%rbx + shll $4,%eax + cmovzq %rbx,%rax +@@ -1003,11 +1062,11 @@ L$ctr32_aligned_loop: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + + movl -4(%rdx),%eax + bswapl %eax +- addl $65536,%eax ++ addl $0x10000,%eax + bswapl %eax + movl %eax,-4(%rdx) + +@@ -1021,7 +1080,7 @@ L$ctr32_aligned_loop: + L$ctr32_aligned_skip: + leaq (%rsi,%rcx,1),%rbp + negq %rbp +- andq $4095,%rbp ++ andq $0xfff,%rbp + xorl %eax,%eax + cmpq $32,%rbp + movq $32-1,%rbp +@@ -1032,7 +1091,7 @@ L$ctr32_aligned_skip: + leaq -16(%rdx),%rax + leaq 16(%rdx),%rbx + shrq $4,%rcx +-.byte 0xf3,0x0f,0xa7,216 ++.byte 0xf3,0x0f,0xa7,216 + testq %rbp,%rbp + jz L$ctr32_exit + +@@ -1044,7 +1103,7 @@ L$ctr32_aligned_tail: + subq %rcx,%rsp + shrq $3,%rcx + leaq (%rsp),%rdi +-.byte 0xf3,0x48,0xa5 ++.byte 0xf3,0x48,0xa5 + leaq (%r8),%rdi + leaq (%rsp),%rsi + movq %rbx,%rcx +@@ -1057,6 +1116,7 @@ L$ctr32_abort: + popq %rbp + .byte 0xf3,0xc3 + ++ + .byte 86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 + .p2align 4 + .data +diff --git a/lib/accelerated/x86/macosx/ghash-x86_64.s b/lib/accelerated/x86/macosx/ghash-x86_64.s +index 5fd321675..974d34dc7 100644 +--- a/lib/accelerated/x86/macosx/ghash-x86_64.s ++++ b/lib/accelerated/x86/macosx/ghash-x86_64.s +@@ -45,6 +45,7 @@ + .p2align 4 + _gcm_gmult_4bit: + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -150,6 +151,7 @@ L$gmult_epilogue: + .p2align 4 + _gcm_ghash_4bit: + ++.byte 243,15,30,250 + pushq %rbx + + pushq %rbp +@@ -891,6 +893,7 @@ L$_init_clmul: + .p2align 4 + _gcm_gmult_clmul: + ++.byte 243,15,30,250 + L$_gmult_clmul: + movdqu (%rdi),%xmm0 + movdqa L$bswap_mask(%rip),%xmm5 +@@ -944,6 +947,7 @@ L$_gmult_clmul: + .p2align 5 + _gcm_ghash_clmul: + ++.byte 243,15,30,250 + L$_ghash_clmul: + movdqa L$bswap_mask(%rip),%xmm10 + +@@ -1438,6 +1442,7 @@ L$init_start_avx: + .p2align 5 + _gcm_gmult_avx: + ++.byte 243,15,30,250 + jmp L$_gmult_clmul + + +@@ -1446,6 +1451,7 @@ _gcm_gmult_avx: + .p2align 5 + _gcm_ghash_avx: + ++.byte 243,15,30,250 + vzeroupper + + vmovdqu (%rdi),%xmm10 +diff --git a/lib/accelerated/x86/macosx/sha1-ssse3-x86.s b/lib/accelerated/x86/macosx/sha1-ssse3-x86.s +index 985d4af8d..f51c5a318 100644 +--- a/lib/accelerated/x86/macosx/sha1-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/sha1-ssse3-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _sha1_block_data_order: + L_sha1_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s b/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s +index a576acc25..7b5d9dfc9 100644 +--- a/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s +@@ -1460,10 +1460,10 @@ L$oop_shaext: + pshufd $27,%xmm1,%xmm1 + movdqu %xmm0,(%rdi) + movd %xmm1,16(%rdi) +- + .byte 0xf3,0xc3 + + ++ + .p2align 4 + sha1_block_data_order_ssse3: + _ssse3_shortcut: +diff --git a/lib/accelerated/x86/macosx/sha256-ssse3-x86.s b/lib/accelerated/x86/macosx/sha256-ssse3-x86.s +index 8d257109c..36781d480 100644 +--- a/lib/accelerated/x86/macosx/sha256-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/sha256-ssse3-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _sha256_block_data_order: + L_sha256_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s b/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s +index fd0c24735..9fed36b9c 100644 +--- a/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/sha256-ssse3-x86_64.s +@@ -1814,6 +1814,7 @@ K256: + .p2align 6 + sha256_block_data_order_shaext: + _shaext_shortcut: ++ + leaq K256+128(%rip),%rcx + movdqu (%rdi),%xmm1 + movdqu 16(%rdi),%xmm2 +@@ -2018,6 +2019,7 @@ L$oop_shaext: + .byte 0xf3,0xc3 + + ++ + .p2align 6 + sha256_block_data_order_ssse3: + +@@ -4277,7 +4279,15 @@ L$oop_avx2: + vmovdqa %ymm4,0(%rsp) + xorl %r14d,%r14d + vmovdqa %ymm5,32(%rsp) ++ ++ movq 88(%rsp),%rdi ++ + leaq -64(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++ + movl %ebx,%edi + vmovdqa %ymm6,0(%rsp) + xorl %ecx,%edi +@@ -4289,6 +4299,12 @@ L$oop_avx2: + .p2align 4 + L$avx2_00_47: + leaq -64(%rsp),%rsp ++ ++ ++ pushq 64-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $4,%ymm0,%ymm1,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -4544,6 +4560,12 @@ L$avx2_00_47: + movl %r9d,%r12d + vmovdqa %ymm6,32(%rsp) + leaq -64(%rsp),%rsp ++ ++ ++ pushq 64-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $4,%ymm2,%ymm3,%ymm4 + addl 0+128(%rsp),%r11d + andl %r8d,%r12d +@@ -5419,6 +5441,8 @@ L$ower_avx2: + + leaq 448(%rsp),%rsp + ++ ++ + addl 0(%rdi),%eax + addl 4(%rdi),%ebx + addl 8(%rdi),%ecx +@@ -5444,9 +5468,11 @@ L$ower_avx2: + jbe L$oop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + L$done_avx2: +- leaq (%rbp),%rsp +- movq 88(%rsp),%rsi ++ movq 88(%rbp),%rsi + + vzeroupper + movq -48(%rsi),%r15 +diff --git a/lib/accelerated/x86/macosx/sha512-ssse3-x86.s b/lib/accelerated/x86/macosx/sha512-ssse3-x86.s +index 4e60bb45f..248a35ee1 100644 +--- a/lib/accelerated/x86/macosx/sha512-ssse3-x86.s ++++ b/lib/accelerated/x86/macosx/sha512-ssse3-x86.s +@@ -42,6 +42,7 @@ + .align 4 + _sha512_block_data_order: + L_sha512_block_data_order_begin: ++.byte 243,15,30,251 + pushl %ebp + pushl %ebx + pushl %esi +diff --git a/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s b/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s +index 8bf161601..e78d90f2d 100644 +--- a/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s ++++ b/lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s +@@ -4204,7 +4204,15 @@ L$oop_avx2: + vmovdqa %ymm10,64(%rsp) + vpaddq 64(%rbp),%ymm6,%ymm10 + vmovdqa %ymm11,96(%rsp) ++ ++ movq 152(%rsp),%rdi ++ + leaq -128(%rsp),%rsp ++ ++ ++ ++ movq %rdi,-8(%rsp) ++ + vpaddq 96(%rbp),%ymm7,%ymm11 + vmovdqa %ymm8,0(%rsp) + xorq %r14,%r14 +@@ -4220,6 +4228,12 @@ L$oop_avx2: + .p2align 4 + L$avx2_00_47: + leaq -128(%rsp),%rsp ++ ++ ++ pushq 128-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $8,%ymm0,%ymm1,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -4513,6 +4527,12 @@ L$avx2_00_47: + movq %r9,%r12 + vmovdqa %ymm10,96(%rsp) + leaq -128(%rsp),%rsp ++ ++ ++ pushq 128-8(%rsp) ++ ++ leaq 8(%rsp),%rsp ++ + vpalignr $8,%ymm4,%ymm5,%ymm8 + addq 0+256(%rsp),%r11 + andq %r8,%r12 +@@ -5426,6 +5446,8 @@ L$ower_avx2: + + leaq 1152(%rsp),%rsp + ++ ++ + addq 0(%rdi),%rax + addq 8(%rdi),%rbx + addq 16(%rdi),%rcx +@@ -5451,9 +5473,11 @@ L$ower_avx2: + jbe L$oop_avx2 + leaq (%rsp),%rbp + ++ ++ ++ + L$done_avx2: +- leaq (%rbp),%rsp +- movq 152(%rsp),%rsi ++ movq 152(%rbp),%rsi + + vzeroupper + movq -48(%rsi),%r15 +-- +2.25.4 + diff --git a/gnutls-3.6.14-fips-dh-selftests.patch b/gnutls-3.6.14-fips-dh-selftests.patch new file mode 100644 index 0000000..adcb83c --- /dev/null +++ b/gnutls-3.6.14-fips-dh-selftests.patch @@ -0,0 +1,204 @@ +From f09b7627a63defb1c55e9965fb05e0bbddb90247 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 6 Oct 2020 11:54:21 +0200 +Subject: [PATCH] fips: use larger prime for DH self-tests + +According to FIPS140-2 IG 7.5, the minimum key size of FFC through +2030 is defined as 2048 bits. This updates the relevant self-test +using ffdhe3072 defined in RFC 7919. + +Signed-off-by: Daiki Ueno +--- + lib/crypto-selftests-pk.c | 142 ++++++++++++++++++++++++++++++++++---- + lib/dh-primes.c | 4 -- + 2 files changed, 130 insertions(+), 16 deletions(-) + +diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c +index 70b0f618f..9b7c692a8 100644 +--- a/lib/crypto-selftests-pk.c ++++ b/lib/crypto-selftests-pk.c +@@ -620,32 +620,150 @@ static int test_dh(void) + gnutls_pk_params_st priv; + gnutls_pk_params_st pub; + gnutls_datum_t out = {NULL, 0}; ++ ++ /* FFDHE 3072 test vector provided by Stephan Mueller in: ++ * https://gitlab.com/gnutls/gnutls/-/merge_requests/1342#note_424430996 ++ */ + static const uint8_t known_dh_k[] = { +- 0x10, 0x25, 0x04, 0xb5, 0xc6, 0xc2, 0xcb, +- 0x0c, 0xe9, 0xc5, 0x58, 0x0d, 0x22, 0x62}; +- static const uint8_t test_p[] = { +- 0x24, 0x85, 0xdd, 0x3a, 0x74, 0x42, 0xe4, +- 0xb3, 0xf1, 0x0b, 0x13, 0xf9, 0x17, 0x4d }; +- static const uint8_t test_g[] = { 0x02 }; ++ 0xec, 0xb3, 0x85, 0x0c, 0x72, 0x55, 0x55, 0xc2, 0x98, 0x36, ++ 0xbe, 0x75, 0x9e, 0xc9, 0x9d, 0x8b, 0x16, 0xa6, 0xe6, 0x84, ++ 0x33, 0x12, 0x80, 0x1d, 0xac, 0xde, 0x6a, 0xd7, 0x3b, 0x1e, ++ 0x15, 0xca, 0x5d, 0x26, 0xb3, 0x0a, 0x35, 0xf4, 0xbb, 0xad, ++ 0x71, 0xcb, 0x03, 0x1a, 0xcb, 0xfb, 0x83, 0xf0, 0xa8, 0xde, ++ 0xed, 0x5e, 0x3d, 0x98, 0xd2, 0xb0, 0xef, 0xad, 0xdf, 0x32, ++ 0xa0, 0x16, 0x7d, 0x0e, 0x29, 0xd8, 0x85, 0xca, 0x12, 0x97, ++ 0x56, 0xab, 0x6a, 0x26, 0xa4, 0x46, 0x3d, 0x87, 0xd7, 0xe0, ++ 0xb4, 0x3e, 0x28, 0x75, 0xac, 0x59, 0xc5, 0x71, 0x3a, 0x24, ++ 0x15, 0x76, 0x98, 0x72, 0x94, 0x2d, 0xd0, 0x0e, 0xbc, 0x9a, ++ 0x77, 0xd4, 0xe2, 0xb2, 0x76, 0x54, 0x4a, 0x56, 0xbe, 0x0b, ++ 0x43, 0xf8, 0x21, 0x6f, 0x54, 0x32, 0xde, 0xb7, 0xd5, 0xb7, ++ 0x08, 0x00, 0xd2, 0x57, 0x8c, 0x0b, 0x8b, 0x02, 0x3e, 0xdb, ++ 0x72, 0x54, 0x3a, 0xc0, 0x50, 0x66, 0xbc, 0xc9, 0x67, 0xf5, ++ 0x22, 0x28, 0xf2, 0x3c, 0x51, 0x94, 0x61, 0x26, 0x9a, 0xc6, ++ 0x42, 0x0e, 0x8b, 0x42, 0xad, 0x79, 0x40, 0xa9, 0x0b, 0xdc, ++ 0x84, 0xd5, 0x71, 0x83, 0x94, 0xd9, 0x83, 0x2f, 0x08, 0x74, ++ 0xbc, 0x37, 0x6a, 0x3e, 0x1e, 0xbc, 0xcc, 0x09, 0x23, 0x30, ++ 0x79, 0x01, 0x39, 0xf6, 0xe3, 0xa8, 0xc0, 0xfa, 0x7e, 0xdb, ++ 0x0b, 0x71, 0x3e, 0x4f, 0x1f, 0x69, 0x84, 0xa6, 0x58, 0x6c, ++ 0x36, 0x2c, 0xcc, 0xb4, 0x7c, 0x94, 0xec, 0x06, 0x0b, 0x11, ++ 0x53, 0x95, 0xe6, 0x05, 0x43, 0xa4, 0xe4, 0xea, 0x1d, 0x4f, ++ 0xdc, 0xd0, 0x38, 0x0e, 0x32, 0xa1, 0xde, 0xd9, 0x8d, 0xd8, ++ 0x20, 0xac, 0x04, 0x83, 0xf8, 0x1b, 0x55, 0x52, 0x16, 0x20, ++ 0xe3, 0x2e, 0x6d, 0x11, 0x15, 0x29, 0x2f, 0x3a, 0x7c, 0x80, ++ 0x0a, 0x71, 0x3d, 0x31, 0x9c, 0x1b, 0x73, 0x59, 0xe1, 0x0d, ++ 0x27, 0xc5, 0xc0, 0x6a, 0x72, 0x3a, 0x5b, 0xd6, 0xf6, 0x50, ++ 0xe6, 0x69, 0x48, 0x1e, 0xfd, 0xeb, 0x4a, 0x47, 0x73, 0xfb, ++ 0x88, 0x14, 0xea, 0x6d, 0x36, 0xe1, 0x4c, 0x2c, 0xf9, 0x04, ++ 0xc1, 0xb7, 0x29, 0xfc, 0x5d, 0x02, 0x5d, 0x1c, 0x4d, 0x31, ++ 0x4a, 0x51, 0x3f, 0xa4, 0x45, 0x19, 0x29, 0xc4, 0x32, 0xa6, ++ 0x45, 0xdb, 0x94, 0x3a, 0xbd, 0x76, 0x2c, 0xd6, 0x1a, 0xb1, ++ 0xff, 0xe7, 0x62, 0x75, 0x16, 0xe5, 0x0b, 0xa3, 0x3a, 0x93, ++ 0x84, 0xd6, 0xad, 0xc2, 0x24, 0x68, 0x3d, 0xd6, 0x07, 0xe4, ++ 0xbe, 0x5a, 0x49, 0x31, 0x06, 0xad, 0x3f, 0x31, 0x4a, 0x1c, ++ 0xf7, 0x58, 0xdf, 0x34, 0xcb, 0xc8, 0xa9, 0x07, 0x24, 0x42, ++ 0x63, 0xa5, 0x8e, 0xdd, 0x37, 0x78, 0x92, 0x68, 0x3f, 0xd8, ++ 0x2f, 0xea, 0x8c, 0xf1, 0x8e, 0xd4, 0x8b, 0xa7, 0x3f, 0xa0, ++ 0xfa, 0xaf, 0xf0, 0x35, ++ }; + static const uint8_t test_x[] = { +- 0x06, 0x2c, 0x96, 0xae, 0x0e, 0x9e, 0x9b, +- 0xbb, 0x41, 0x51, 0x7a, 0xa7, 0xc5, 0xfe }; ++ 0x16, 0x5c, 0xa6, 0xe0, 0x9b, 0x87, 0xfa, 0x2d, 0xbc, 0x13, ++ 0x20, 0xcd, 0xac, 0x4e, 0xcc, 0x60, 0x1e, 0x48, 0xec, 0xbe, ++ 0x73, 0x0c, 0xa8, 0x6b, 0x6e, 0x2a, 0xee, 0xdd, 0xd8, 0xf3, ++ 0x2d, 0x5f, 0x75, 0xf3, 0x07, 0x94, 0x88, 0x3d, 0xb1, 0x38, ++ 0xcf, 0xae, 0x4a, 0xcc, 0xcb, 0x6a, 0x80, 0xbc, 0xeb, 0x3b, ++ 0xaa, 0x0b, 0x18, 0x74, 0x58, 0x7c, 0x3e, 0x74, 0xef, 0xb6, ++ 0xd3, 0x15, 0xee, 0x73, 0x29, 0x88, 0x7b, 0x65, 0x02, 0x39, ++ 0x33, 0xec, 0x22, 0x06, 0x8c, 0x5b, 0xd6, 0x2f, 0x4c, 0xf7, ++ 0xe0, 0x97, 0x6d, 0x2a, 0x90, 0x36, 0xfe, 0x1a, 0x44, 0x4d, ++ 0x9d, 0x41, 0x4b, 0xcb, 0xec, 0x25, 0xf4, 0xc3, 0xa5, 0x91, ++ 0xd0, 0x90, 0xc9, 0x34, 0x7b, 0xba, 0x27, 0x30, 0x5a, 0xa2, ++ 0x21, 0x58, 0xce, 0x88, 0x25, 0x39, 0xaf, 0xf1, 0x17, 0x02, ++ 0x12, 0xf8, 0x55, 0xdc, 0xd2, 0x08, 0x5b, 0xd3, 0xc7, 0x8e, ++ 0xcf, 0x29, 0x85, 0x85, 0xdb, 0x5c, 0x08, 0xc2, 0xd7, 0xb0, ++ 0x33, 0x0e, 0xe3, 0xb9, 0x2c, 0x1a, 0x1d, 0x4b, 0xe5, 0x76, ++ 0x8f, 0xd3, 0x14, 0xb6, 0x8c, 0xdc, 0x9a, 0xe8, 0x15, 0x60, ++ 0x60, 0x5e, 0xaa, 0xf9, 0xfa, 0xa6, 0xb2, 0x4f, 0xff, 0x46, ++ 0xc1, 0x5e, 0x93, 0x50, 0x90, 0x7e, 0x4c, 0x26, 0xd7, 0xbb, ++ 0x21, 0x05, 0x3d, 0x27, 0xc5, 0x9b, 0x0d, 0x46, 0x69, 0xe4, ++ 0x74, 0x87, 0x74, 0x55, 0xee, 0x5f, 0xe5, 0x72, 0x04, 0x46, ++ 0x1f, 0x2e, 0x55, 0xc7, 0xcc, 0x2b, 0x2b, 0x39, 0x6d, 0x90, ++ 0x60, 0x31, 0x37, 0x5b, 0x44, 0xde, 0xfd, 0xf2, 0xd1, 0xc6, ++ 0x9c, 0x12, 0x82, 0xcc, 0x7c, 0xb1, 0x0e, 0xa9, 0x95, 0x9d, ++ 0xe0, 0xa8, 0x3e, 0xc1, 0xa3, 0x4a, 0x6a, 0x37, 0x59, 0x17, ++ 0x93, 0x63, 0x1e, 0xbf, 0x04, 0xa3, 0xaa, 0xc0, 0x1d, 0xc4, ++ 0x6d, 0x7a, 0xdc, 0x69, 0x9c, 0xb0, 0x22, 0x56, 0xd9, 0x76, ++ 0x92, 0x2d, 0x1e, 0x62, 0xae, 0xfd, 0xd6, 0x9b, 0xfd, 0x08, ++ 0x2c, 0x95, 0xec, 0xe7, 0x02, 0x43, 0x62, 0x68, 0x1a, 0xaf, ++ 0x46, 0x59, 0xb7, 0xce, 0x8e, 0x42, 0x24, 0xae, 0xf7, 0x0e, ++ 0x9a, 0x3b, 0xf8, 0x77, 0xdf, 0x26, 0x85, 0x9f, 0x45, 0xad, ++ 0x8c, 0xa9, 0x54, 0x9c, 0x46, 0x44, 0xd5, 0x8a, 0xe9, 0xcc, ++ 0x34, 0x5e, 0xc5, 0xd1, 0x42, 0x6f, 0x44, 0xf3, 0x0f, 0x90, ++ 0x3a, 0x32, 0x1a, 0x9c, 0x2a, 0x63, 0xec, 0x21, 0xb4, 0xfc, ++ 0xfa, 0xa5, 0xcf, 0xe7, 0x9e, 0x43, 0xc7, 0x49, 0x56, 0xbc, ++ 0x50, 0xc5, 0x84, 0xf0, 0x42, 0xc8, 0x6a, 0xf1, 0x78, 0xe4, ++ 0xaa, 0x06, 0x37, 0xe1, 0x30, 0xf7, 0x65, 0x97, 0xca, 0xfd, ++ 0x35, 0xfa, 0xeb, 0x48, 0x6d, 0xaa, 0x45, 0x46, 0x9d, 0xbc, ++ 0x1d, 0x98, 0x17, 0x45, 0xa3, 0xee, 0x21, 0xa0, 0x97, 0x38, ++ 0x80, 0xc5, 0x28, 0x1f, ++ }; + static const uint8_t test_y[] = { /* y=g^x mod p */ +- 0x1e, 0xca, 0x23, 0x2a, 0xfd, 0x34, 0xe1, +- 0x10, 0x7a, 0xff, 0xaf, 0x2d, 0xaa, 0x53 }; ++ 0x93, 0xeb, 0x5c, 0x37, 0x1d, 0x3c, 0x06, 0x6f, 0xbf, 0xbe, ++ 0x96, 0x51, 0x26, 0x58, 0x81, 0x36, 0xc6, 0x4f, 0x9a, 0x34, ++ 0xc4, 0xc5, 0xa8, 0xa3, 0x2c, 0x41, 0x76, 0xa8, 0xc6, 0xc0, ++ 0xa0, 0xc8, 0x51, 0x36, 0xc4, 0x40, 0x4e, 0x2c, 0x69, 0xf7, ++ 0x51, 0xbb, 0xb0, 0xd6, 0xf5, 0xdb, 0x40, 0x29, 0x50, 0x3b, ++ 0x8a, 0xf9, 0xf3, 0x53, 0x78, 0xfc, 0x86, 0xe9, 0xf1, 0xe9, ++ 0xac, 0x85, 0x13, 0x65, 0x62, 0x22, 0x04, 0x1b, 0x14, 0x2a, ++ 0xf4, 0x8f, 0x2f, 0xf1, 0x2f, 0x81, 0xd6, 0x18, 0x0e, 0x76, ++ 0x91, 0x43, 0xb2, 0xfc, 0x7c, 0x6f, 0x0c, 0x45, 0x37, 0x31, ++ 0x31, 0x58, 0x5c, 0xdf, 0x42, 0x24, 0x7a, 0xba, 0x8b, 0x7f, ++ 0x79, 0x06, 0x07, 0xef, 0xd6, 0x06, 0xeb, 0xcb, 0x3c, 0xbd, ++ 0xbc, 0xe5, 0xff, 0xfd, 0x62, 0x15, 0x0c, 0x40, 0x46, 0x37, ++ 0xef, 0xd0, 0xa1, 0xde, 0x63, 0x4f, 0x20, 0x0b, 0x45, 0x7d, ++ 0x06, 0x77, 0xfd, 0x23, 0xc1, 0x32, 0x8a, 0x89, 0x65, 0x16, ++ 0xe8, 0x48, 0x12, 0x1c, 0x25, 0x33, 0x2d, 0xbd, 0xd8, 0x9f, ++ 0x1c, 0x9d, 0xbc, 0xe3, 0x08, 0x60, 0x87, 0x1a, 0xc6, 0x06, ++ 0x36, 0xd2, 0xac, 0x09, 0x6d, 0x99, 0x02, 0x89, 0xc6, 0x12, ++ 0x93, 0x8c, 0x4b, 0xd0, 0x7e, 0x36, 0x8a, 0xd6, 0xa0, 0x97, ++ 0x4f, 0x97, 0x3f, 0x97, 0x0b, 0xfe, 0x05, 0xfc, 0xc8, 0xef, ++ 0x21, 0x4d, 0x4a, 0x06, 0x6e, 0xb4, 0xa6, 0x4f, 0xe1, 0xdd, ++ 0x44, 0x06, 0xfa, 0xd5, 0x0e, 0x54, 0xf5, 0x54, 0x3e, 0x8c, ++ 0xb9, 0x85, 0x86, 0x00, 0x40, 0x98, 0xe7, 0x01, 0xdd, 0x93, ++ 0x9d, 0x95, 0xea, 0xf0, 0xd3, 0x99, 0x4b, 0xeb, 0xd5, 0x79, ++ 0x47, 0xa4, 0xad, 0x2a, 0xe0, 0x4d, 0x36, 0x3b, 0x46, 0x10, ++ 0x96, 0xbb, 0x48, 0xe9, 0xa1, 0x78, 0x01, 0x35, 0x0a, 0x5c, ++ 0x7b, 0x3f, 0xf5, 0xf7, 0xb1, 0xe3, 0x97, 0x17, 0x4d, 0x76, ++ 0x10, 0x8d, 0x68, 0x4c, 0x94, 0x7d, 0xee, 0x0e, 0x20, 0x8b, ++ 0xce, 0x7d, 0x0a, 0xa3, 0x51, 0xfb, 0xe6, 0xcf, 0xf0, 0x0e, ++ 0x7f, 0x3c, 0xd4, 0xef, 0x56, 0x31, 0xb2, 0x95, 0xf0, 0x5f, ++ 0x4b, 0x9c, 0x03, 0x9e, 0xae, 0xb1, 0xc1, 0x46, 0xd7, 0xc0, ++ 0x4f, 0xb0, 0xf6, 0x6c, 0xe1, 0xe9, 0x2a, 0x97, 0xe0, 0x3f, ++ 0x3a, 0x93, 0x04, 0xcd, 0x41, 0x7d, 0x45, 0x03, 0xb3, 0x40, ++ 0x20, 0xe6, 0xad, 0x2d, 0xd3, 0xf7, 0x32, 0x7b, 0xcc, 0x4f, ++ 0x81, 0x18, 0x4c, 0x50, 0x77, 0xc4, 0xb7, 0x6a, 0x4d, 0x05, ++ 0xd8, 0x6d, 0xbf, 0x6f, 0xba, 0x1d, 0x38, 0x78, 0x87, 0xd2, ++ 0x8e, 0xc2, 0x6d, 0xb6, 0xed, 0x66, 0x61, 0xa8, 0xb9, 0x19, ++ 0x0e, 0x93, 0xd1, 0xcd, 0x5b, 0xbe, 0x19, 0x05, 0x52, 0x43, ++ 0xd6, 0xc1, 0x07, 0x3c, 0x6a, 0x62, 0xbd, 0x33, 0x9b, 0x1b, ++ 0x02, 0x42, 0x61, 0x14, ++ }; + + gnutls_pk_params_init(&priv); + gnutls_pk_params_init(&pub); + + priv.algo = pub.algo = GNUTLS_PK_DH; + +- ret = _gnutls_mpi_init_scan(&priv.params[DH_P], test_p, sizeof(test_p)); ++ ret = _gnutls_mpi_init_scan(&priv.params[DH_P], ++ gnutls_ffdhe_3072_group_prime.data, ++ gnutls_ffdhe_3072_group_prime.size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + +- ret = _gnutls_mpi_init_scan(&priv.params[DH_G], test_g, sizeof(test_g)); ++ ret = _gnutls_mpi_init_scan(&priv.params[DH_G], ++ gnutls_ffdhe_3072_group_generator.data, ++ gnutls_ffdhe_3072_group_generator.size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; +diff --git a/lib/dh-primes.c b/lib/dh-primes.c +index a440b5b98..94b69e345 100644 +--- a/lib/dh-primes.c ++++ b/lib/dh-primes.c +@@ -23,8 +23,6 @@ + #include "gnutls_int.h" + #include + +-#if defined(ENABLE_DHE) || defined(ENABLE_ANON) +- + #include "dh.h" + + static const unsigned char ffdhe_generator = 0x02; +@@ -1934,5 +1932,3 @@ _gnutls_dh_prime_match_fips_approved(const uint8_t *prime, + + return 0; + } +- +-#endif +-- +2.26.2 + diff --git a/gnutls-3.6.14-fips-kdf-selftests.patch b/gnutls-3.6.14-fips-kdf-selftests.patch new file mode 100644 index 0000000..e6fdbb2 --- /dev/null +++ b/gnutls-3.6.14-fips-kdf-selftests.patch @@ -0,0 +1,713 @@ +From 93c0e3ba4d2cfee86b32f28f33303a2193c4133c Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 5 Oct 2020 16:12:46 +0200 +Subject: [PATCH 1/4] fips: add self-tests for HKDF + +FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As +the guidance only requires running a single instance of each KDF +mechanism, this only exercises HKDF-Extract and HKDF-Expand operations +with HMAC-SHA-256 as the underlying MAC. + +Although HKDF is non-approved, it would be sensible to do that as it +will be approved in FIPS140-3. + +Signed-off-by: Daiki Ueno +--- + devel/libgnutls-latest-x86_64.abi | 1 + + lib/crypto-selftests.c | 159 ++++++++++++++++++++++++++++++ + lib/fips.c | 7 ++ + lib/includes/gnutls/self-test.h | 1 + + lib/libgnutls.map | 1 + + 5 files changed, 169 insertions(+) + +diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c +index 7a1c7729c..bd148b6af 100644 +--- a/lib/crypto-selftests.c ++++ b/lib/crypto-selftests.c +@@ -2917,3 +2917,162 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest) + + return 0; + } ++ ++struct hkdf_vectors_st { ++ const uint8_t *ikm; ++ unsigned int ikm_size; ++ const uint8_t *salt; ++ unsigned int salt_size; ++ const uint8_t *prk; ++ unsigned int prk_size; ++ const uint8_t *info; ++ unsigned int info_size; ++ const uint8_t *okm; ++ unsigned int okm_size; ++}; ++ ++const struct hkdf_vectors_st hkdf_sha256_vectors[] = { ++ /* RFC 5869: A.1. Test Case 1: Basic test case with SHA-256 */ ++ { ++ STR(ikm, ikm_size, ++ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" ++ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"), ++ STR(salt, salt_size, ++ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"), ++ STR(prk, prk_size, ++ "\x07\x77\x09\x36\x2c\x2e\x32\xdf\x0d\xdc\x3f\x0d\xc4\x7b" ++ "\xba\x63\x90\xb6\xc7\x3b\xb5\x0f\x9c\x31\x22\xec\x84\x4a" ++ "\xd7\xc2\xb3\xe5"), ++ STR(info, info_size, ++ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9"), ++ STR(okm, okm_size, ++ "\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36" ++ "\x2f\x2a\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56" ++ "\xec\xc4\xc5\xbf\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65"), ++ }, ++ /* RFC 5869: A.2. Test Case 2: Test with SHA-256 and longer inputs/outputs */ ++ { ++ STR(ikm, ikm_size, ++ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d" ++ "\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b" ++ "\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29" ++ "\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37" ++ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45" ++ "\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"), ++ STR(salt, salt_size, ++ "\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d" ++ "\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b" ++ "\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89" ++ "\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97" ++ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5" ++ "\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"), ++ STR(prk, prk_size, ++ "\x06\xa6\xb8\x8c\x58\x53\x36\x1a\x06\x10\x4c\x9c\xeb\x35" ++ "\xb4\x5c\xef\x76\x00\x14\x90\x46\x71\x01\x4a\x19\x3f\x40" ++ "\xc1\x5f\xc2\x44"), ++ STR(info, info_size, ++ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd" ++ "\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb" ++ "\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9" ++ "\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" ++ "\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5" ++ "\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"), ++ STR(okm, okm_size, ++ "\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a" ++ "\x49\x34\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c" ++ "\x19\xaf\xa9\x7c\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb" ++ "\x41\xc6\x5e\x59\x0e\x09\xda\x32\x75\x60\x0c\x2f\x09\xb8" ++ "\x36\x77\x93\xa9\xac\xa3\xdb\x71\xcc\x30\xc5\x81\x79\xec" ++ "\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f\x1d\x87"), ++ }, ++}; ++ ++static int test_hkdf(gnutls_mac_algorithm_t mac, ++ const struct hkdf_vectors_st *vectors, ++ size_t vectors_size, unsigned flags) ++{ ++ unsigned int i; ++ ++ for (i = 0; i < vectors_size; i++) { ++ gnutls_datum_t ikm, prk, salt, info; ++ uint8_t output[4096]; ++ int ret; ++ ++ ikm.data = (void *) vectors[i].ikm; ++ ikm.size = vectors[i].ikm_size; ++ salt.data = (void *) vectors[i].salt; ++ salt.size = vectors[i].salt_size; ++ ++ ret = gnutls_hkdf_extract(mac, &ikm, &salt, output); ++ if (ret < 0) { ++ _gnutls_debug_log("error extracting HKDF: MAC-%s\n", ++ gnutls_mac_get_name(mac)); ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ ++ if (memcmp(output, vectors[i].prk, vectors[i].prk_size) != 0) { ++ _gnutls_debug_log ++ ("HKDF extract: MAC-%s test vector failed!\n", ++ gnutls_mac_get_name(mac)); ++ ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ ++ prk.data = (void *) vectors[i].prk; ++ prk.size = vectors[i].prk_size; ++ info.data = (void *) vectors[i].info; ++ info.size = vectors[i].info_size; ++ ++ ret = gnutls_hkdf_expand(mac, &prk, &info, ++ output, vectors[i].okm_size); ++ if (ret < 0) { ++ _gnutls_debug_log("error extracting HKDF: MAC-%s\n", ++ gnutls_mac_get_name(mac)); ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ ++ if (memcmp(output, vectors[i].okm, vectors[i].okm_size) != 0) { ++ _gnutls_debug_log ++ ("HKDF expand: MAC-%s test vector failed!\n", ++ gnutls_mac_get_name(mac)); ++ ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ } ++ ++ _gnutls_debug_log ++ ("HKDF: MAC-%s self check succeeded\n", ++ gnutls_mac_get_name(mac)); ++ ++ return 0; ++} ++ ++/*- ++ * gnutls_hkdf_self_test: ++ * @flags: GNUTLS_SELF_TEST_FLAG flags ++ * @mac: the message authentication algorithm to use ++ * ++ * This function will run self tests on HKDF with the provided mac. ++ * ++ * Returns: Zero or a negative error code on error. ++ * ++ * Since: 3.3.0-FIPS140 ++ -*/ ++int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac) ++{ ++ int ret; ++ ++ if (flags & GNUTLS_SELF_TEST_FLAG_ALL) ++ mac = GNUTLS_MAC_UNKNOWN; ++ ++ switch (mac) { ++ case GNUTLS_MAC_UNKNOWN: ++ CASE(GNUTLS_MAC_SHA256, test_hkdf, hkdf_sha256_vectors); ++ ++ break; ++ default: ++ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST); ++ } ++ ++ return 0; ++} +diff --git a/lib/fips.c b/lib/fips.c +index f8b10f750..48891ed57 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -423,6 +423,13 @@ int _gnutls_fips_perform_self_checks2(void) + goto error; + } + ++ /* HKDF */ ++ ret = gnutls_hkdf_self_test(0, GNUTLS_MAC_SHA256); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto error; ++ } ++ + if (_gnutls_rnd_ops.self_test == NULL) { + gnutls_assert(); + goto error; +diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h +index aacbe94ca..9b7be8159 100644 +--- a/lib/includes/gnutls/self-test.h ++++ b/lib/includes/gnutls/self-test.h +@@ -34,5 +34,6 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher); + int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac); + int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest); + int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk); ++int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac); + + #endif +diff --git a/lib/libgnutls.map b/lib/libgnutls.map +index 61276e534..386b66f83 100644 +--- a/lib/libgnutls.map ++++ b/lib/libgnutls.map +@@ -1347,6 +1347,7 @@ GNUTLS_FIPS140_3_4 { + gnutls_pk_self_test; + gnutls_mac_self_test; + gnutls_digest_self_test; ++ gnutls_hkdf_self_test; + #for FIPS140-2 validation + drbg_aes_reseed; + drbg_aes_init; +-- +2.26.2 + + +From 31cc94275cd267f4e0db60999cc932fd76d43d5a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 5 Oct 2020 16:59:50 +0200 +Subject: [PATCH 2/4] fips: add self-tests for PBKDF2 + +FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As +the guidance only requires running a single instance of each KDF +mechanism, this only exercises PBKDF2 with HMAC-SHA-256 as the +underlying MAC algorithm. + +Signed-off-by: Daiki Ueno +--- + devel/libgnutls-latest-x86_64.abi | 1 + + lib/crypto-selftests.c | 107 ++++++++++++++++++++++++++++++ + lib/fips.c | 7 ++ + lib/includes/gnutls/self-test.h | 1 + + lib/libgnutls.map | 1 + + 5 files changed, 117 insertions(+) + +diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c +index bd148b6af..c4b0bd207 100644 +--- a/lib/crypto-selftests.c ++++ b/lib/crypto-selftests.c +@@ -3076,3 +3076,110 @@ int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac) + + return 0; + } ++ ++struct pbkdf2_vectors_st { ++ const uint8_t *key; ++ size_t key_size; ++ const uint8_t *salt; ++ size_t salt_size; ++ unsigned iter_count; ++ const uint8_t *output; ++ size_t output_size; ++}; ++ ++const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = { ++ /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */ ++ { ++ STR(key, key_size, "passwd"), ++ STR(salt, salt_size, "salt"), ++ .iter_count = 1, ++ STR(output, output_size, ++ "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44" ++ "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57" ++ "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16" ++ "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5" ++ "\x09\x11\x20\x41\xd3\xa1\x97\x83"), ++ }, ++ /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */ ++ { ++ STR(key, key_size, "Password"), ++ STR(salt, salt_size, "NaCl"), ++ .iter_count = 80000, ++ STR(output, output_size, ++ "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27" ++ "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87" ++ "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb" ++ "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78" ++ "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"), ++ }, ++}; ++ ++static int test_pbkdf2(gnutls_mac_algorithm_t mac, ++ const struct pbkdf2_vectors_st *vectors, ++ size_t vectors_size, unsigned flags) ++{ ++ unsigned int i; ++ ++ for (i = 0; i < vectors_size; i++) { ++ gnutls_datum_t key, salt; ++ uint8_t output[4096]; ++ int ret; ++ ++ key.data = (void *) vectors[i].key; ++ key.size = vectors[i].key_size; ++ salt.data = (void *) vectors[i].salt; ++ salt.size = vectors[i].salt_size; ++ ++ ret = gnutls_pbkdf2(mac, &key, &salt, vectors[i].iter_count, ++ output, vectors[i].output_size); ++ if (ret < 0) { ++ _gnutls_debug_log("error calculating PBKDF2: MAC-%s\n", ++ gnutls_mac_get_name(mac)); ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ ++ if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) { ++ _gnutls_debug_log ++ ("PBKDF2: MAC-%s test vector failed!\n", ++ gnutls_mac_get_name(mac)); ++ ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ } ++ ++ _gnutls_debug_log ++ ("PBKDF2: MAC-%s self check succeeded\n", ++ gnutls_mac_get_name(mac)); ++ ++ return 0; ++} ++ ++/*- ++ * gnutls_pbkdf2_self_test: ++ * @flags: GNUTLS_SELF_TEST_FLAG flags ++ * @mac: the message authentication algorithm to use ++ * ++ * This function will run self tests on PBKDF2 with the provided mac. ++ * ++ * Returns: Zero or a negative error code on error. ++ * ++ * Since: 3.3.0-FIPS140 ++ -*/ ++int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac) ++{ ++ int ret; ++ ++ if (flags & GNUTLS_SELF_TEST_FLAG_ALL) ++ mac = GNUTLS_MAC_UNKNOWN; ++ ++ switch (mac) { ++ case GNUTLS_MAC_UNKNOWN: ++ CASE(GNUTLS_MAC_SHA256, test_pbkdf2, pbkdf2_sha256_vectors); ++ ++ break; ++ default: ++ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST); ++ } ++ ++ return 0; ++} +diff --git a/lib/fips.c b/lib/fips.c +index 48891ed57..7cfab1049 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -430,6 +430,13 @@ int _gnutls_fips_perform_self_checks2(void) + goto error; + } + ++ /* PBKDF2 */ ++ ret = gnutls_pbkdf2_self_test(0, GNUTLS_MAC_SHA256); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto error; ++ } ++ + if (_gnutls_rnd_ops.self_test == NULL) { + gnutls_assert(); + goto error; +diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h +index 9b7be8159..958c0da8f 100644 +--- a/lib/includes/gnutls/self-test.h ++++ b/lib/includes/gnutls/self-test.h +@@ -35,5 +35,6 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac); + int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest); + int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk); + int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac); ++int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac); + + #endif +diff --git a/lib/libgnutls.map b/lib/libgnutls.map +index 386b66f83..f5537a386 100644 +--- a/lib/libgnutls.map ++++ b/lib/libgnutls.map +@@ -1348,6 +1348,7 @@ GNUTLS_FIPS140_3_4 { + gnutls_mac_self_test; + gnutls_digest_self_test; + gnutls_hkdf_self_test; ++ gnutls_pbkdf2_self_test; + #for FIPS140-2 validation + drbg_aes_reseed; + drbg_aes_init; +-- +2.26.2 + + +From d1a3235e8c829855969d00364d8b5456fce2c78c Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 5 Oct 2020 17:44:30 +0200 +Subject: [PATCH 3/4] fips: add self-tests for TLS-PRF + +FIPS140-2 IG D.8 mandates self-tests on approved KDF algorithms. As +the guidance only requires to run a single instance of each KDF +mechanism, this only exercises TLS1.2 PRF with HMAC-SHA-256 as the +underlying MAC algorithm. + +Signed-off-by: Daiki Ueno +--- + devel/libgnutls-latest-x86_64.abi | 1 + + lib/crypto-selftests.c | 196 ++++++++++++++++++++++++++++++ + lib/fips.c | 7 ++ + lib/includes/gnutls/self-test.h | 1 + + lib/libgnutls.map | 1 + + 5 files changed, 206 insertions(+) + +diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c +index c4b0bd207..b740936d6 100644 +--- a/lib/crypto-selftests.c ++++ b/lib/crypto-selftests.c +@@ -3183,3 +3183,199 @@ int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac) + + return 0; + } ++ ++struct tlsprf_vectors_st { ++ const uint8_t *key; ++ size_t key_size; ++ const uint8_t *label; ++ size_t label_size; ++ const uint8_t *seed; ++ size_t seed_size; ++ const uint8_t *output; ++ size_t output_size; ++}; ++ ++const struct tlsprf_vectors_st tls10prf_vectors[] = { ++ /* tests/tls10-prf.c: test1 */ ++ { ++ STR(key, key_size, ++ "\x26\x3b\xdb\xbb\x6f\x6d\x4c\x66\x4e\x05\x8d\x0a\xa9\xd3" ++ "\x21\xbe"), ++ STR(label, label_size, ++ "test label"), ++ STR(seed, seed_size, ++ "\xb9\x20\x57\x3b\x19\x96\x01\x02\x4f\x04\xd6\xdc\x61\x96" ++ "\x6e\x65"), ++ STR(output, output_size, ++ "\x66\x17\x99\x37\x65\xfa\x6c\xa7\x03\xd1\x9e\xc7\x0d\xd5" ++ "\xdd\x16\x0f\xfc\xc0\x77\x25\xfa\xfb\x71\x4a\x9f\x81\x5a" ++ "\x2a\x30\xbf\xb7\xe3\xbb\xfb\x7e\xee\x57\x4b\x3b\x61\x3e" ++ "\xb7\xfe\x80\xee\xc9\x69\x1d\x8c\x1b\x0e\x2d\x9b\x3c\x8b" ++ "\x4b\x02\xb6\xb6\xd6\xdb\x88\xe2\x09\x46\x23\xef\x62\x40" ++ "\x60\x7e\xda\x7a\xbe\x3c\x84\x6e\x82\xa3"), ++ }, ++}; ++ ++const struct tlsprf_vectors_st tls12prf_sha256_vectors[] = { ++ /* tests/tls12-prf.c: sha256_test1 */ ++ { ++ STR(key, key_size, ++ "\x04\x50\xb0\xea\x9e\xcd\x36\x02\xee\x0d\x76\xc5\xc3\xc8" ++ "\x6f\x4a"), ++ STR(label, label_size, ++ "test label"), ++ STR(seed, seed_size, ++ "\x20\x7a\xcc\x02\x54\xb8\x67\xf5\xb9\x25\xb4\x5a\x33\x60" ++ "\x1d\x8b"), ++ STR(output, output_size, ++ "\xae\x67\x9e\x0e\x71\x4f\x59\x75\x76\x37\x68\xb1\x66\x97" ++ "\x9e\x1d"), ++ }, ++ /* tests/tls12-prf.c: sha256_test2 */ ++ { ++ STR(key, key_size, ++ "\x34\x20\x4a\x9d\xf0\xbe\x6e\xb4\xe9\x25\xa8\x02\x7c\xf6" ++ "\xc6\x02"), ++ STR(label, label_size, ++ "test label"), ++ STR(seed, seed_size, ++ "\x98\xb2\xc4\x0b\xcd\x66\x4c\x83\xbb\x92\x0c\x18\x20\x1a" ++ "\x63\x95"), ++ STR(output, output_size, ++ "\xaf\xa9\x31\x24\x53\xc2\x2f\xa8\x3d\x2b\x51\x1b\x37\x2d" ++ "\x73\xa4\x02\xa2\xa6\x28\x73\x23\x9a\x51\xfa\xde\x45\x08" ++ "\x2f\xaf\x3f\xd2\xbb\x7f\xfb\x3e\x9b\xf3\x6e\x28\xb3\x14" ++ "\x1a\xab\xa4\x84\x00\x53\x32\xa9\xf9\xe3\x88\xa4\xd3\x29" ++ "\xf1\x58\x7a\x4b\x31\x7d\xa0\x77\x08\xea\x1b\xa9\x5a\x53" ++ "\xf8\x78\x67\x24\xbd\x83\xce\x4b\x03\xaf"), ++ }, ++ /* tests/tls12-prf.c: sha256_test3 */ ++ { ++ STR(key, key_size, ++ "\xa3\x69\x1a\xa1\xf6\x81\x4b\x80\x59\x2b\xf1\xcf\x2a\xcf" ++ "\x16\x97"), ++ STR(label, label_size, ++ "test label"), ++ STR(seed, seed_size, ++ "\x55\x23\xd4\x1e\x32\x0e\x69\x4d\x0c\x1f\xf5\x73\x4d\x83" ++ "\x0b\x93\x3e\x46\x92\x70\x71\xc9\x26\x21"), ++ STR(output, output_size, ++ "\x6a\xd0\x98\x4f\xa0\x6f\x78\xfe\x16\x1b\xd4\x6d\x7c\x26" ++ "\x1d\xe4\x33\x40\xd7\x28\xdd\xdc\x3d\x0f\xf0\xdd\x7e\x0d"), ++ }, ++ /* tests/tls12-prf.c: sha256_test4 */ ++ { ++ STR(key, key_size, ++ "\x21\x0e\xc9\x37\x06\x97\x07\xe5\x46\x5b\xc4\x6b\xf7\x79" ++ "\xe1\x04\x10\x8b\x18\xfd\xb7\x93\xbe\x7b\x21\x8d\xbf\x14" ++ "\x5c\x86\x41\xf3"), ++ STR(label, label_size, ++ "test label"), ++ STR(seed, seed_size, ++ "\x1e\x35\x1a\x0b\xaf\x35\xc7\x99\x45\x92\x43\x94\xb8\x81" ++ "\xcf\xe3\x1d\xae\x8f\x1c\x1e\xd5\x4d\x3b"), ++ STR(output, output_size, ++ "\x76\x53\xfa\x80\x9c\xde\x3b\x55\x3c\x4a\x17\xe2\xcd\xbc" ++ "\xc9\x18\xf3\x65\x27\xf2\x22\x19\xa7\xd7\xf9\x5d\x97\x24" ++ "\x3f\xf2\xd5\xde\xe8\x26\x5e\xf0\xaf\x03"), ++ }, ++}; ++ ++const struct tlsprf_vectors_st tls12prf_sha384_vectors[] = { ++ /* tests/tls12-prf.c: sha384_test1 ++ * https://www.ietf.org/mail-archive/web/tls/current/msg03416.html ++ */ ++ { ++ STR(key, key_size, ++ "\xb8\x0b\x73\x3d\x6c\xee\xfc\xdc\x71\x56\x6e\xa4\x8e\x55" ++ "\x67\xdf"), ++ STR(label, label_size, ++ "test label"), ++ STR(seed, seed_size, ++ "\xcd\x66\x5c\xf6\xa8\x44\x7d\xd6\xff\x8b\x27\x55\x5e\xdb" ++ "\x74\x65"), ++ STR(output, output_size, ++ "\x7b\x0c\x18\xe9\xce\xd4\x10\xed\x18\x04\xf2\xcf\xa3\x4a" ++ "\x33\x6a\x1c\x14\xdf\xfb\x49\x00\xbb\x5f\xd7\x94\x21\x07" ++ "\xe8\x1c\x83\xcd\xe9\xca\x0f\xaa\x60\xbe\x9f\xe3\x4f\x82" ++ "\xb1\x23\x3c\x91\x46\xa0\xe5\x34\xcb\x40\x0f\xed\x27\x00" ++ "\x88\x4f\x9d\xc2\x36\xf8\x0e\xdd\x8b\xfa\x96\x11\x44\xc9" ++ "\xe8\xd7\x92\xec\xa7\x22\xa7\xb3\x2f\xc3\xd4\x16\xd4\x73" ++ "\xeb\xc2\xc5\xfd\x4a\xbf\xda\xd0\x5d\x91\x84\x25\x9b\x5b" ++ "\xf8\xcd\x4d\x90\xfa\x0d\x31\xe2\xde\xc4\x79\xe4\xf1\xa2" ++ "\x60\x66\xf2\xee\xa9\xa6\x92\x36\xa3\xe5\x26\x55\xc9\xe9" ++ "\xae\xe6\x91\xc8\xf3\xa2\x68\x54\x30\x8d\x5e\xaa\x3b\xe8" ++ "\x5e\x09\x90\x70\x3d\x73\xe5\x6f"), ++ }, ++}; ++ ++static int test_tlsprf(gnutls_mac_algorithm_t mac, ++ const struct tlsprf_vectors_st *vectors, ++ size_t vectors_size, unsigned flags) ++{ ++ unsigned int i; ++ ++ for (i = 0; i < vectors_size; i++) { ++ char output[4096]; ++ int ret; ++ ++ ret = _gnutls_prf_raw(mac, ++ vectors[i].key_size, vectors[i].key, ++ vectors[i].label_size, (const char *)vectors[i].label, ++ vectors[i].seed_size, vectors[i].seed, ++ vectors[i].output_size, output); ++ if (ret < 0) { ++ _gnutls_debug_log("error calculating TLS-PRF: MAC-%s\n", ++ gnutls_mac_get_name(mac)); ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ ++ if (memcmp(output, vectors[i].output, vectors[i].output_size) != 0) { ++ _gnutls_debug_log ++ ("TLS-PRF: MAC-%s test vector failed!\n", ++ gnutls_mac_get_name(mac)); ++ ++ return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); ++ } ++ } ++ ++ _gnutls_debug_log ++ ("TLS-PRF: MAC-%s self check succeeded\n", ++ gnutls_mac_get_name(mac)); ++ ++ return 0; ++} ++ ++/*- ++ * gnutls_tlsprf_self_test: ++ * @flags: GNUTLS_SELF_TEST_FLAG flags ++ * @mac: the message authentication algorithm to use ++ * ++ * This function will run self tests on TLS-PRF with the provided mac. ++ * ++ * Returns: Zero or a negative error code on error. ++ * ++ * Since: 3.3.0-FIPS140 ++ -*/ ++int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac) ++{ ++ int ret; ++ ++ if (flags & GNUTLS_SELF_TEST_FLAG_ALL) ++ mac = GNUTLS_MAC_UNKNOWN; ++ ++ switch (mac) { ++ case GNUTLS_MAC_UNKNOWN: ++ NON_FIPS_CASE(GNUTLS_MAC_MD5_SHA1, test_tlsprf, tls10prf_vectors); ++ FALLTHROUGH; ++ CASE(GNUTLS_MAC_SHA256, test_tlsprf, tls12prf_sha256_vectors); ++ FALLTHROUGH; ++ CASE(GNUTLS_MAC_SHA384, test_tlsprf, tls12prf_sha384_vectors); ++ ++ break; ++ default: ++ return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST); ++ } ++ ++ return 0; ++} +diff --git a/lib/fips.c b/lib/fips.c +index 7cfab1049..30d396b2c 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -437,6 +437,13 @@ int _gnutls_fips_perform_self_checks2(void) + goto error; + } + ++ /* TLS-PRF */ ++ ret = gnutls_tlsprf_self_test(0, GNUTLS_MAC_SHA256); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto error; ++ } ++ + if (_gnutls_rnd_ops.self_test == NULL) { + gnutls_assert(); + goto error; +diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h +index 958c0da8f..88b5a8dbf 100644 +--- a/lib/includes/gnutls/self-test.h ++++ b/lib/includes/gnutls/self-test.h +@@ -36,5 +36,6 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest); + int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk); + int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac); + int gnutls_pbkdf2_self_test(unsigned flags, gnutls_mac_algorithm_t mac); ++int gnutls_tlsprf_self_test(unsigned flags, gnutls_mac_algorithm_t mac); + + #endif +diff --git a/lib/libgnutls.map b/lib/libgnutls.map +index f5537a386..643d400a1 100644 +--- a/lib/libgnutls.map ++++ b/lib/libgnutls.map +@@ -1349,6 +1349,7 @@ GNUTLS_FIPS140_3_4 { + gnutls_digest_self_test; + gnutls_hkdf_self_test; + gnutls_pbkdf2_self_test; ++ gnutls_tlsprf_self_test; + #for FIPS140-2 validation + drbg_aes_reseed; + drbg_aes_init; +-- +2.26.2 + + +From af3df0102fc377591a6de3112b034d4a492fc92c Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 5 Oct 2020 17:59:46 +0200 +Subject: [PATCH 4/4] fips: run CMAC self-tests + +FIPS140-2 IG D.8 mandates self-tests on CMAC. + +Signed-off-by: Daiki Ueno +--- + lib/fips.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/fips.c b/lib/fips.c +index 30d396b2c..51567953d 100644 +--- a/lib/fips.c ++++ b/lib/fips.c +@@ -398,6 +398,12 @@ int _gnutls_fips_perform_self_checks2(void) + goto error; + } + ++ ret = gnutls_mac_self_test(0, GNUTLS_MAC_AES_CMAC_256); ++ if (ret < 0) { ++ gnutls_assert(); ++ goto error; ++ } ++ + /* PK */ + ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA); + if (ret < 0) { +-- +2.26.2 + diff --git a/gnutls-3.6.16-doc-p11tool-ckaid.patch b/gnutls-3.6.16-doc-p11tool-ckaid.patch new file mode 100644 index 0000000..a5f1c0f --- /dev/null +++ b/gnutls-3.6.16-doc-p11tool-ckaid.patch @@ -0,0 +1,14 @@ +--- gnutls-3.7.2/doc/manpages/p11tool.1 2021-05-29 10:15:22.000000000 +0200 ++++ gnutls-3.7.2-bootstrapped/doc/manpages/p11tool.1 2021-06-28 09:35:23.000000000 +0200 +@@ -230,8 +230,9 @@ + .NOP \f\*[B-Font]\-\-write\f[] + Writes the loaded objects to a PKCS #11 token. + .sp +-It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with +- one of \--load-privkey, \--load-pubkey, \--load-certificate option. ++It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of \--load-privkey, \--load-pubkey, \--load-certificate option. ++.sp ++When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand. + .TP + .NOP \f\*[B-Font]\-\-delete\f[] + Deletes the objects matching the given PKCS #11 URL. diff --git a/gnutls-3.6.16-tls12-cert-type.patch b/gnutls-3.6.16-tls12-cert-type.patch new file mode 100644 index 0000000..b5ba1a5 --- /dev/null +++ b/gnutls-3.6.16-tls12-cert-type.patch @@ -0,0 +1,125 @@ +From 339bef12f478b3a12c59571c53645e31280baf7e Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 14 May 2021 15:59:37 +0200 +Subject: [PATCH] cert auth: filter out unsupported cert types from TLS 1.2 CR + +When the server is advertising signature algorithms in TLS 1.2 +CertificateRequest, it shouldn't send certificate_types not backed by +any of those algorithms. + +Signed-off-by: Daiki Ueno +--- + lib/auth/cert.c | 76 +++++++++++++++++++++++-- + tests/suite/tls-fuzzer/gnutls-cert.json | 19 +++++++ + 2 files changed, 89 insertions(+), 6 deletions(-) + +diff --git a/lib/auth/cert.c b/lib/auth/cert.c +index 3073a33d3..0b0f04b2b 100644 +--- a/lib/auth/cert.c ++++ b/lib/auth/cert.c +@@ -64,6 +64,16 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64, + #endif + } CertificateSigType; + ++enum CertificateSigTypeFlags { ++ RSA_SIGN_FLAG = 1, ++ DSA_SIGN_FLAG = 1 << 1, ++ ECDSA_SIGN_FLAG = 1 << 2, ++#ifdef ENABLE_GOST ++ GOSTR34102012_256_SIGN_FLAG = 1 << 3, ++ GOSTR34102012_512_SIGN_FLAG = 1 << 4 ++#endif ++}; ++ + /* Moves data from an internal certificate struct (gnutls_pcert_st) to + * another internal certificate struct (cert_auth_info_t), and deinitializes + * the former. +@@ -1281,6 +1291,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, + uint8_t tmp_data[CERTTYPE_SIZE]; + const version_entry_st *ver = get_version(session); + unsigned init_pos = data->length; ++ enum CertificateSigTypeFlags flags; + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); +@@ -1297,18 +1308,71 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } + +- i = 1; ++ if (_gnutls_version_has_selectable_sighash(ver)) { ++ size_t j; ++ ++ flags = 0; ++ for (j = 0; j < session->internals.priorities->sigalg.size; j++) { ++ const gnutls_sign_entry_st *se = ++ session->internals.priorities->sigalg.entry[j]; ++ switch (se->pk) { ++ case GNUTLS_PK_RSA: ++ case GNUTLS_PK_RSA_PSS: ++ flags |= RSA_SIGN_FLAG; ++ break; ++ case GNUTLS_PK_DSA: ++ flags |= DSA_SIGN_FLAG; ++ break; ++ case GNUTLS_PK_ECDSA: ++ flags |= ECDSA_SIGN_FLAG; ++ break; + #ifdef ENABLE_GOST +- if (_gnutls_kx_is_vko_gost(session->security_parameters.cs->kx_algorithm)) { +- tmp_data[i++] = GOSTR34102012_256_SIGN; +- tmp_data[i++] = GOSTR34102012_512_SIGN; +- } else ++ case GNUTLS_PK_GOST_12_256: ++ flags |= GOSTR34102012_256_SIGN_FLAG; ++ break; ++ case GNUTLS_PK_GOST_12_512: ++ flags |= GOSTR34102012_512_SIGN_FLAG; ++ break; ++#endif ++ default: ++ gnutls_assert(); ++ _gnutls_debug_log( ++ "%s is unsupported for cert request\n", ++ gnutls_pk_get_name(se->pk)); ++ } ++ } ++ ++ } else { ++#ifdef ENABLE_GOST ++ if (_gnutls_kx_is_vko_gost(session->security_parameters. ++ cs->kx_algorithm)) { ++ flags = GOSTR34102012_256_SIGN_FLAG | ++ GOSTR34102012_512_SIGN_FLAG; ++ } else + #endif +- { ++ { ++ flags = RSA_SIGN_FLAG | DSA_SIGN_FLAG | ECDSA_SIGN_FLAG; ++ } ++ } ++ ++ i = 1; ++ if (flags & RSA_SIGN_FLAG) { + tmp_data[i++] = RSA_SIGN; ++ } ++ if (flags & DSA_SIGN_FLAG) { + tmp_data[i++] = DSA_SIGN; ++ } ++ if (flags & ECDSA_SIGN_FLAG) { + tmp_data[i++] = ECDSA_SIGN; + } ++#ifdef ENABLE_GOST ++ if (flags & GOSTR34102012_256_SIGN_FLAG) { ++ tmp_data[i++] = GOSTR34102012_256_SIGN; ++ } ++ if (flags & GOSTR34102012_512_SIGN_FLAG) { ++ tmp_data[i++] = GOSTR34102012_512_SIGN; ++ } ++#endif + tmp_data[0] = i - 1; + + ret = _gnutls_buffer_append_data(data, tmp_data, i); +-- +2.31.1 + diff --git a/gnutls-3.6.16-trust-ca-sha1.patch b/gnutls-3.6.16-trust-ca-sha1.patch new file mode 100644 index 0000000..515f2f1 --- /dev/null +++ b/gnutls-3.6.16-trust-ca-sha1.patch @@ -0,0 +1,283 @@ +From c2409e479df41620bceac314c76cabb1d35a4075 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 3 May 2021 16:35:43 +0200 +Subject: [PATCH] x509/verify: treat SHA-1 signed CA in the trusted set + differently +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Suppose there is a certificate chain ending with an intermediate CA: +EE → ICA1 → ICA2. If the system trust store contains a root CA +generated with the same key as ICA2 but signed with a prohibited +algorithm, such as SHA-1, the library previously reported a +verification failure, though the situation is not uncommon during a +transition period of root CA. + +This changes the library behavior such that the check on signature +algorithm will be skipped when examining the trusted root CA. + +Signed-off-by: Daiki Ueno +--- + lib/x509/verify.c | 26 ++++--- + tests/test-chains.h | 165 ++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 182 insertions(+), 9 deletions(-) + +diff --git a/lib/x509/verify.c b/lib/x509/verify.c +index fd7c6a164..a50b5ea44 100644 +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -415,14 +415,19 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned + #define CASE_SEC_PARAM(profile, level) \ + case profile: \ + sym_bits = gnutls_sec_param_to_symmetric_bits(level); \ +- hash = gnutls_sign_get_hash_algorithm(sigalg); \ +- entry = mac_to_entry(hash); \ +- if (hash <= 0 || entry == NULL) { \ ++ se = _gnutls_sign_to_entry(sigalg); \ ++ if (unlikely(se == NULL)) { \ ++ _gnutls_cert_log("cert", crt); \ ++ _gnutls_debug_log(#level": certificate's signature algorithm is unknown\n"); \ ++ return gnutls_assert_val(0); \ ++ } \ ++ if (unlikely(se->hash == GNUTLS_DIG_UNKNOWN)) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \ + return gnutls_assert_val(0); \ + } \ +- if (_gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \ ++ if (!trusted && \ ++ _gnutls_sign_get_hash_strength(sigalg) < sym_bits) { \ + _gnutls_cert_log("cert", crt); \ + _gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", _gnutls_sign_get_hash_strength(sigalg), sym_bits); \ + return gnutls_assert_val(0); \ +@@ -449,19 +454,22 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned + * @crt: a certificate + * @issuer: the certificates issuer (allowed to be NULL) + * @sigalg: the signature algorithm used ++ * @trusted: whether @crt is treated as trusted (e.g., present in the system ++ * trust list); if it is true, the check on signature algorithm will ++ * be skipped + * @flags: the specified verification flags + */ + static unsigned is_level_acceptable( + gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, +- gnutls_sign_algorithm_t sigalg, unsigned flags) ++ gnutls_sign_algorithm_t sigalg, bool trusted, ++ unsigned flags) + { + gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags); +- const mac_entry_st *entry; + int issuer_pkalg = 0, pkalg, ret; + unsigned bits = 0, issuer_bits = 0, sym_bits = 0; + gnutls_pk_params_st params; + gnutls_sec_param_t sp; +- int hash; ++ const gnutls_sign_entry_st *se; + gnutls_certificate_verification_profiles_t min_profile; + + min_profile = _gnutls_get_system_wide_verification_profile(); +@@ -798,7 +806,7 @@ verify_crt(gnutls_x509_crt_t cert, + } + + if (sigalg >= 0 && se) { +- if (is_level_acceptable(cert, issuer, sigalg, flags) == 0) { ++ if (is_level_acceptable(cert, issuer, sigalg, false, flags) == 0) { + MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM); + } + +@@ -893,7 +901,7 @@ unsigned check_ca_sanity(const gnutls_x509_crt_t issuer, + + /* we explicitly allow CAs which we do not support their self-algorithms + * to pass. */ +- if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, flags)) { ++ if (ret >= 0 && !is_level_acceptable(issuer, NULL, sigalg, true, flags)) { + status |= GNUTLS_CERT_INSECURE_ALGORITHM|GNUTLS_CERT_INVALID; + } + +diff --git a/tests/test-chains.h b/tests/test-chains.h +index 9b06b85f5..64f50fabf 100644 +--- a/tests/test-chains.h ++++ b/tests/test-chains.h +@@ -4106,6 +4106,163 @@ static const char *superseding_ca[] = { + NULL + }; + ++static const char *rsa_sha1_in_trusted[] = { ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n" ++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n" ++ "MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n" ++ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n" ++ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n" ++ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n" ++ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n" ++ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n" ++ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n" ++ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n" ++ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n" ++ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n" ++ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n" ++ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n" ++ "AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n" ++ "eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n" ++ "flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n" ++ "x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n" ++ "PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n" ++ "CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n" ++ "W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n" ++ "-----END CERTIFICATE-----\n", ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n" ++ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n" ++ "MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n" ++ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n" ++ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n" ++ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n" ++ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n" ++ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n" ++ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n" ++ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n" ++ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n" ++ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n" ++ "GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n" ++ "EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n" ++ "arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n" ++ "AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n" ++ "3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n" ++ "zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n" ++ "b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n" ++ "vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n" ++ "sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *rsa_sha1_in_trusted_ca[] = { ++ /* This CA is generated with the same key as rsa_sha1_in_trusted[1], but ++ * self-signed using SHA-1. ++ */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n" ++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n" ++ "MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n" ++ "KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n" ++ "Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n" ++ "b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n" ++ "rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n" ++ "fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n" ++ "4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n" ++ "UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n" ++ "MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n" ++ "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n" ++ "S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n" ++ "Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n" ++ "gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n" ++ "Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n" ++ "9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n" ++ "wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n" ++ "w3SV1ZRcNg==\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *rsa_sha1_not_in_trusted[] = { ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n" ++ "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n" ++ "MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n" ++ "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n" ++ "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n" ++ "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n" ++ "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n" ++ "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n" ++ "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n" ++ "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n" ++ "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n" ++ "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n" ++ "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n" ++ "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n" ++ "AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n" ++ "+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n" ++ "/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n" ++ "3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n" ++ "X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n" ++ "7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n" ++ "4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n" ++ "-----END CERTIFICATE-----\n", ++ /* ICA with SHA1 signature */ ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n" ++ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n" ++ "NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n" ++ "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n" ++ "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n" ++ "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n" ++ "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n" ++ "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n" ++ "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n" ++ "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n" ++ "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n" ++ "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n" ++ "GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n" ++ "muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n" ++ "2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n" ++ "cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n" ++ "dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n" ++ "qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n" ++ "VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n" ++ "5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n" ++ "PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ ++static const char *rsa_sha1_not_in_trusted_ca[] = { ++ "-----BEGIN CERTIFICATE-----\n" ++ "MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n" ++ "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n" ++ "MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n" ++ "Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n" ++ "OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n" ++ "K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n" ++ "lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n" ++ "fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n" ++ "pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n" ++ "1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n" ++ "aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n" ++ "kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n" ++ "VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n" ++ "S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n" ++ "WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n" ++ "C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n" ++ "o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n" ++ "7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n" ++ "Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n" ++ "nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n" ++ "6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n" ++ "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n" ++ "-----END CERTIFICATE-----\n", ++ NULL ++}; ++ + #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) + # pragma GCC diagnostic push + # pragma GCC diagnostic ignored "-Wunused-variable" +@@ -4275,6 +4432,14 @@ static struct + { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), + 0, NULL, 1584352960, 1}, + { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 }, ++ { "rsa-sha1 in trusted - ok", ++ rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca, ++ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), ++ 0, NULL, 1620052390, 1}, ++ { "rsa-sha1 not in trusted - not ok", ++ rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca, ++ GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), ++ GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1}, + { NULL, NULL, NULL, 0, 0} + }; + +-- +2.31.1 + diff --git a/gnutls-3.6.4-no-now-guile.patch b/gnutls-3.6.4-no-now-guile.patch new file mode 100644 index 0000000..1da536b --- /dev/null +++ b/gnutls-3.6.4-no-now-guile.patch @@ -0,0 +1,13 @@ +diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in +index 95e1e9c..1dfc88e 100644 +--- a/guile/src/Makefile.in ++++ b/guile/src/Makefile.in +@@ -1483,7 +1483,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la + # Use '-module' to build a "dlopenable module", in Libtool terms. + # Use '-undefined' to placate Libtool on Windows; see + # . +-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined ++guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy + + # Linking against GnuTLS. + GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la diff --git a/gnutls.spec b/gnutls.spec new file mode 100644 index 0000000..0bcbaba --- /dev/null +++ b/gnutls.spec @@ -0,0 +1,1062 @@ +Version: 3.6.16 +Release: 4%{?dist} +Patch1: gnutls-3.2.7-rpath.patch +Patch2: gnutls-3.6.4-no-now-guile.patch +Patch3: gnutls-3.6.13-enable-intel-cet.patch +Patch10: gnutls-3.6.14-fips-dh-selftests.patch +Patch11: gnutls-3.6.14-fips-kdf-selftests.patch +Patch12: gnutls-3.6.16-tls12-cert-type.patch +Patch13: gnutls-3.6.16-trust-ca-sha1.patch +Patch14: gnutls-3.6.16-doc-p11tool-ckaid.patch +%bcond_without dane +%if 0%{?rhel} +%bcond_with guile +%bcond_without fips +%else +%bcond_without guile +%bcond_without fips +%endif + +Summary: A TLS protocol implementation +Name: gnutls +# The libraries are LGPLv2.1+, utilities are GPLv3+ +License: GPLv3+ and LGPLv2+ +Group: System Environment/Libraries +BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel +BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3 +BuildRequires: libtool, automake, autoconf, texinfo +BuildRequires: autogen-libopts-devel >= 5.18 autogen +BuildRequires: nettle-devel >= 3.4.1 +BuildRequires: trousers-devel >= 0.3.11.2 +BuildRequires: libidn2-devel +BuildRequires: libunistring-devel +BuildRequires: gperf, net-tools, datefudge, softhsm, gcc, gcc-c++ +BuildRequires: gnupg2 +%if %{with fips} +BuildRequires: fipscheck +%endif + +# for a sanity check on cert loading +BuildRequires: p11-kit-trust, ca-certificates +Requires: crypto-policies +Requires: p11-kit-trust +Requires: libtasn1 >= 4.3 +Requires: nettle >= 3.4.1 +Recommends: trousers >= 0.3.11.2 + +%if %{with dane} +BuildRequires: unbound-devel unbound-libs +%endif +%if %{with guile} +BuildRequires: guile-devel +%endif +URL: http://www.gnutls.org/ +Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz +Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig +Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg + +# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) = 20130424 + +%package c++ +Summary: The C++ interface to GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} + +%package devel +Summary: Development files for the %{name} package +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-c++%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif +Requires: pkgconfig +Requires(post): /sbin/install-info +Requires(preun): /sbin/install-info + +%package utils +License: GPLv3+ +Summary: Command line tools for TLS protocol +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif + +%if %{with dane} +%package dane +Summary: A DANE protocol implementation for GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif + +%if %{with guile} +%package guile +Summary: Guile bindings for the GNUTLS library +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: guile +%endif + +%description +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description c++ +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. + +%description devel +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains files needed for developing applications with +the GnuTLS library. + +%description utils +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains command line TLS client and server and certificate +manipulation tools. + +%if %{with dane} +%description dane +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains library that implements the DANE protocol for verifying +TLS certificates through DNSSEC. +%endif + +%if %{with guile} +%description guile +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. +This package contains Guile bindings for the library. +%endif + +%prep +gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} + +%autosetup -p1 + +sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure +rm -f lib/minitasn1/*.c lib/minitasn1/*.h +rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h + +echo "SYSTEM=NORMAL" >> tests/system.prio + +# Note that we explicitly enable SHA1, as SHA1 deprecation is handled +# via the crypto policies + +%build +CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes" +export CCASFLAGS +%configure --with-libtasn1-prefix=%{_prefix} \ +%if %{with fips} + --enable-fips140-mode \ +%endif + --enable-tls13-support \ + --enable-sha1-support \ + --disable-static \ + --disable-openssl-compatibility \ + --disable-non-suiteb-curves \ + --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \ + --with-default-trust-store-pkcs11="pkcs11:" \ + --with-trousers-lib=%{_libdir}/libtspi.so.1 \ + --htmldir=%{_docdir}/manual \ +%if %{with guile} + --enable-guile \ +%else + --disable-guile \ +%endif +%if %{with dane} + --with-unbound-root-key-file=/var/lib/unbound/root.key \ + --enable-dane \ +%else + --disable-dane \ +%endif + --disable-rpath \ + --with-default-priority-string="@SYSTEM" + +make %{?_smp_mflags} V=1 + +%if %{with fips} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \ + file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \ +%{nil} +%endif + +%install +make install DESTDIR=$RPM_BUILD_ROOT +make -C doc install-html DESTDIR=$RPM_BUILD_ROOT +rm -f $RPM_BUILD_ROOT%{_infodir}/dir +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.* +%if %{without dane} +rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc +%endif + +%find_lang gnutls + +%check +make check %{?_smp_mflags} + +%post devel +if [ -f %{_infodir}/gnutls.info.gz ]; then + /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || : +fi + +%preun devel +if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then + /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || : +fi + +%files -f gnutls.lang +%defattr(-,root,root,-) +%{_libdir}/libgnutls.so.30* +%if %{with fips} +%{_libdir}/.libgnutls.so.30*.hmac +%endif +%doc README.md AUTHORS NEWS THANKS +%license LICENSE doc/COPYING doc/COPYING.LESSER + +%files c++ +%{_libdir}/libgnutlsxx.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +%{_libdir}/libgnutls*.so +%if %{with fips} +%{_libdir}/.libgnutls.so.*.hmac +%endif + +%{_libdir}/pkgconfig/*.pc +%{_mandir}/man3/* +%{_infodir}/gnutls* +%{_infodir}/pkcs11-vision* +%{_docdir}/manual/* + +%files utils +%defattr(-,root,root,-) +%{_bindir}/certtool +%{_bindir}/tpmtool +%{_bindir}/ocsptool +%{_bindir}/psktool +%{_bindir}/p11tool +%{_bindir}/srptool +%if %{with dane} +%{_bindir}/danetool +%endif +%{_bindir}/gnutls* +%{_mandir}/man1/* +%doc doc/certtool.cfg + +%if %{with dane} +%files dane +%defattr(-,root,root,-) +%{_libdir}/libgnutls-dane.so.* +%endif + +%if %{with guile} +%files guile +%defattr(-,root,root,-) +%{_libdir}/guile/2.0/guile-gnutls*.so* +%{_libdir}/guile/2.0/site-ccache/gnutls.go +%{_libdir}/guile/2.0/site-ccache/gnutls/extra.go +%{_datadir}/guile/site/2.0/gnutls.scm +%{_datadir}/guile/site/2.0/gnutls/extra.scm +%endif + +%changelog +* Mon Jun 28 2021 Daiki Ueno - 3.6.16-4 +- p11tool: Document ID reuse behavior when importing certs (#1776250) + +* Mon Jun 7 2021 Daiki Ueno - 3.6.16-3 +- Treat SHA-1 signed CA in the trusted set differently (#1965445) + +* Wed May 26 2021 Daiki Ueno - 3.6.16-2 +- Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216) + +* Mon May 24 2021 Daiki Ueno - 3.6.16-1 +- Update to upstream 3.6.16 release (#1956783) +- Fix potential use-after-free in key_share handling (#1927597) +- Fix potential use-after-free in pre_shared_key handling (#1927593) +- Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334) +- Fix cert expiration issue in tests (#1908110) + +* Thu Apr 1 2021 Daiki Ueno - 3.6.14-10 +- Port fixes for potential miscalculation in ecdsa_verify (#1942931) + +* Tue Nov 24 2020 Daiki Ueno - 3.6.14-9 +- Revert the previous change + +* Wed Nov 11 2020 Daiki Ueno - 3.6.14-8 +- Depend on specific NVR of gmp and nettle (#1812933) + +* Tue Nov 3 2020 Daiki Ueno - 3.6.14-7 +- Increase DH key bits to >= 2048 in self-tests (#1879506) +- Implement self-tests for KDF and CMAC (#1890870) +- Fix CVE-2020-24659: heap buffer-overflow when "no_renegotiation" alert is received (#1873959) + +* Mon Aug 24 2020 Daiki Ueno - 3.6.14-6 +- Fix memory leak when serializing iovec_t (#1844112) + +* Sat Jul 18 2020 Daiki Ueno - 3.6.14-5 +- Perform validation checks on (EC)DH public keys and share secrets (#1855803) + +* Mon Jun 29 2020 Daiki Ueno - 3.6.14-4 +- Tighten FIPS DH primes check according to SP800-56A (rev 3) (#1849079) + +* Fri Jun 5 2020 Daiki Ueno - 3.6.14-3 +- Update gnutls-3.6.14-fips-mode-check.patch + +* Thu Jun 4 2020 Daiki Ueno - 3.6.14-2 +- Return false from gnutls_fips140_mode_enabled() if selftests failed (#1827687) + +* Thu Jun 4 2020 Daiki Ueno - 3.6.14-1 +- Update to upstream 3.6.14 release + +* Mon May 25 2020 Anderson Sasaki - 3.6.13-3 +- Add an option to gnutls-cli to wait for resumption under TLS 1.3 (#1677754) + +* Wed May 20 2020 Anderson Sasaki - 3.6.13-2 +- Enable Intel CET (#1838476) + +* Tue May 5 2020 Daiki Ueno - 3.6.13-1 +- Update to upstream 3.6.13 release + +* Tue Apr 21 2020 Daiki Ueno - 3.6.8-10 +- Fix CVE-2020-11501 (#1822005) + +* Wed Nov 6 2019 Daiki Ueno - 3.6.8-9 +- Fix CFB8 decryption when repeatedly called (#1757848) +- Fix gnutls_aead_cipher_{en,de}cryptv2 with input not multiple of block size (#1757856) + +* Fri Aug 16 2019 Daiki Ueno - 3.6.8-8 +- Use fallback random function for RSA blinding in FIPS selftests + +* Fri Aug 16 2019 Daiki Ueno - 3.6.8-7 +- Fix deterministic signature creation in selftests + +* Fri Aug 16 2019 Daiki Ueno - 3.6.8-6 +- Treat login error more gracefully when enumerating PKCS#11 tokens (#1705478) +- Use deterministic ECDSA/DSA in FIPS selftests (#1716560) +- Add gnutls_aead_cipher_{encrypt,decrypt}v2 functions (#1684461) + +* Fri Aug 9 2019 Daiki Ueno - 3.6.8-5 +- Avoid UB when encrypting session tickets + +* Tue Jul 2 2019 Daiki Ueno - 3.6.8-4 +- Add RNG continuous test under FIPS + +* Fri Jun 14 2019 Daiki Ueno - 3.6.8-3 +- Follow-up fix on multiple key updates handling (#1673975) + +* Thu Jun 13 2019 Daiki Ueno - 3.6.8-2 +- Run FIPS AES self-tests over overridden algorithms + +* Wed May 29 2019 Daiki Ueno - 3.6.8-1 +- Update to upstream 3.6.8 release + +* Fri May 24 2019 Anderson Sasaki - 3.6.5-4 +- Fixed FIPS signatures self tests (#1680509) + +* Wed Mar 27 2019 Anderson Sasaki - 3.6.5-3 +- Fixed CVE-2019-3829 (#1693285) +- Fixed CVE-2019-3836 (#1693288) +- Added explicit BuildRequires for nettle-devel >= 3.4.1 + +* Fri Jan 11 2019 Anderson Sasaki - 3.6.5-2 +- Fixed FIPS integrity self tests (#1665061) + +* Mon Dec 17 2018 Anderson Sasaki - 3.6.5-1 +- Update to upstream 3.6.5 release +- Fixes CVE-2018-16868 (#1655395) +- Removed ldconfig scriptlet +- Added explicit Requires for nettle >= 3.4.1 + +* Mon Nov 26 2018 Anderson Sasaki - 3.6.4-7 +- Fix incorrect certificate type returned in TLS1.3 resumption (#1649786) + +* Mon Nov 12 2018 Anderson Sasaki - 3.6.4-6 +- Add support for record_size_limit extension in TLS1.2 (#1644850) + +* Tue Oct 30 2018 Nikos Mavrogiannopoulos - 3.6.4-5 +- Fix issue with GOST ciphers (#1644193) +- Made gnutls-serv use the default priorities if none is specified (#1644243) + +* Wed Oct 24 2018 Nikos Mavrogiannopoulos - 3.6.4-3 +- Fix issue with rehandshake affecting glib-networking (#1641072) + +* Tue Oct 16 2018 Tomáš Mráz - 3.6.4-2 +- Add missing annobin notes for assembler sources + +* Tue Sep 25 2018 Nikos Mavrogiannopoulos - 3.6.4-1 +- Updated to upstream 3.6.4 release +- Added support for the latest version of the TLS1.3 protocol + +* Thu Aug 16 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Fixed support for ECDSA public keys (backported from Fedora) +- Ensure that we do not cause issues with version rollback detection + and TLS1.3. + +* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-4 +- Updated to upstream 3.6.3 release + +* Wed Jun 06 2018 Nikos Mavrogiannopoulos - 3.6.2-3 +- Include FIPS mode +- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep + +* Fri Feb 16 2018 Nikos Mavrogiannopoulos - 3.6.2-1 +- Updated to upstream 3.6.2 release + +* Wed Feb 07 2018 Fedora Release Engineering - 3.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 2 2018 Nikos Mavrogiannopoulos - 3.6.1-4 +- Rebuilt to address incompatibility with new nettle + +* Thu Nov 30 2017 Nikos Mavrogiannopoulos - 3.6.1-3 +- Corrected regression from 3.6.1-2 which prevented the loading of + arbitrary p11-kit modules (#1507402) + +* Mon Nov 6 2017 Nikos Mavrogiannopoulos - 3.6.1-2 +- Prevent the loading of all PKCS#11 modules on certificate verification + but only restrict to p11-kit trust module (#1507402) + +* Sat Oct 21 2017 Nikos Mavrogiannopoulos - 3.6.1-1 +- Update to upstream 3.6.1 release + +* Mon Aug 21 2017 Nikos Mavrogiannopoulos - 3.6.0-1 +- Update to upstream 3.6.0 release + +* Wed Aug 02 2017 Fedora Release Engineering - 3.5.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.5.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 04 2017 Nikos Mavrogiannopoulos - 3.5.14-1 +- Update to upstream 3.5.14 release + +* Wed Jun 07 2017 Nikos Mavrogiannopoulos - 3.5.13-1 +- Update to upstream 3.5.13 release + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-2 +- Fix issue with p11-kit-trust arch dependency + +* Thu May 11 2017 Nikos Mavrogiannopoulos - 3.5.12-1 +- Update to upstream 3.5.12 release + +* Fri Apr 07 2017 Nikos Mavrogiannopoulos - 3.5.11-1 +- Update to upstream 3.5.11 release + +* Mon Mar 06 2017 Nikos Mavrogiannopoulos - 3.5.10-1 +- Update to upstream 3.5.10 release + +* Wed Feb 15 2017 Nikos Mavrogiannopoulos - 3.5.9-2 +- Work around missing pkg-config file (#1422256) + +* Tue Feb 14 2017 Nikos Mavrogiannopoulos - 3.5.9-1 +- Update to upstream 3.5.9 release + +* Fri Feb 10 2017 Fedora Release Engineering - 3.5.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Feb 4 2017 Nikos Mavrogiannopoulos 3.5.8-2 +- Added patch fix initialization issue in gnutls_pkcs11_obj_list_import_url4 + +* Mon Jan 9 2017 Nikos Mavrogiannopoulos 3.5.8-1 +- New upstream release + +* Tue Dec 13 2016 Nikos Mavrogiannopoulos 3.5.7-3 +- Fix PKCS#8 file loading (#1404084) + +* Thu Dec 8 2016 Nikos Mavrogiannopoulos 3.5.7-1 +- New upstream release + +* Fri Nov 4 2016 Nikos Mavrogiannopoulos 3.5.6-1 +- New upstream release + +* Tue Oct 11 2016 walters@redhat.com - 3.5.5-2 +- Apply patch to fix compatibility with ostree (#1383708) + +* Mon Oct 10 2016 Nikos Mavrogiannopoulos 3.5.5-1 +- New upstream release + +* Thu Sep 8 2016 Nikos Mavrogiannopoulos 3.5.4-1 +- New upstream release + +* Mon Aug 29 2016 Nikos Mavrogiannopoulos 3.5.3-2 +- Work around #1371082 for x86 +- Fixed issue with DTLS sliding window implementation (#1370881) + +* Tue Aug 9 2016 Nikos Mavrogiannopoulos 3.5.3-1 +- New upstream release + +* Wed Jul 6 2016 Nikos Mavrogiannopoulos 3.5.2-1 +- New upstream release + +* Wed Jun 15 2016 Nikos Mavrogiannopoulos 3.5.1-1 +- New upstream release + +* Tue Jun 7 2016 Nikos Mavrogiannopoulos 3.4.13-1 +- New upstream release (#1343258) +- Addresses issue with setuid programs introduced in 3.4.12 (#1343342) + +* Fri May 20 2016 Nikos Mavrogiannopoulos 3.4.12-1 +- New upstream release + +* Mon Apr 11 2016 Nikos Mavrogiannopoulos 3.4.11-1 +- New upstream release + +* Fri Mar 4 2016 Nikos Mavrogiannopoulos 3.4.10-1 +- New upstream release (#1314576) + +* Wed Feb 3 2016 Nikos Mavrogiannopoulos 3.4.9-1 +- Fix broken key usage flags introduced in 3.4.8 (#1303355) + +* Mon Jan 11 2016 Nikos Mavrogiannopoulos 3.4.8-1 +- New upstream release (#1297079) + +* Mon Nov 23 2015 Nikos Mavrogiannopoulos 3.4.7-1 +- New upstream release (#1284300) +- Documentation updates (#1282864) +- Adds interface to set unique IDs in certificates (#1281343) +- Allow arbitrary key sizes with ARCFOUR (#1284401) + +* Wed Oct 21 2015 Nikos Mavrogiannopoulos 3.4.6-1 +- New upstream release (#1273672) +- Enhances p11tool to write CKA_ISSUER and CKA_SERIAL_NUMBER (#1272178) + +* Tue Oct 20 2015 Adam Williamson - 3.4.5-2 +- fix interaction with Chrome 45+ (master secret extension) (#1273102) + +* Mon Sep 14 2015 Nikos Mavrogiannopoulos 3.4.5-1 +- New upstream release (#1252192) +- Eliminates hard limits on CRL parsing of certtool. + +* Mon Aug 10 2015 Nikos Mavrogiannopoulos 3.4.4-1 +- new upstream release +- no longer requires trousers patch +- fixes issue in gnutls_x509_privkey_import (#1250020) + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-2 +- Don't link against trousers but rather dlopen() it when available. + That avoids a dependency on openssl by the main library. + +* Mon Jul 13 2015 Nikos Mavrogiannopoulos 3.4.3-1 +- new upstream release + +* Thu Jul 02 2015 Adam Jackson 3.4.2-3 +- Only disable -z now for the guile modules + +* Thu Jun 18 2015 Nikos Mavrogiannopoulos 3.4.2-2 +- rename the symbol version for internal symbols to avoid clashes + with 3.3.x. + +* Wed Jun 17 2015 Nikos Mavrogiannopoulos 3.4.2-1 +- new upstream release + +* Tue May 5 2015 Nikos Mavrogiannopoulos 3.4.1-2 +- Provide missing GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA definition + +* Mon May 4 2015 Nikos Mavrogiannopoulos 3.4.1-1 +- new upstream release + +* Sat May 02 2015 Kalev Lember - 3.3.14-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Mon Mar 30 2015 Nikos Mavrogiannopoulos 3.3.14-1 +- new upstream release +- improved BER decoding of PKCS #12 structures (#1131461) + +* Fri Mar 6 2015 Nikos Mavrogiannopoulos 3.3.13-3 +- Build with hardened flags +- Removed -Wl,--no-add-needed linker flag + +* Fri Feb 27 2015 Till Maas - 3.3.13-2 +- Do not build with hardened flags + +* Thu Feb 26 2015 Nikos Mavrogiannopoulos 3.3.13-1 +- new upstream release + +* Sat Feb 21 2015 Till Maas - 3.3.12-3 +- Make build verbose +- Use %%license + +* Sat Feb 21 2015 Till Maas - 3.3.12-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Mon Jan 19 2015 Nikos Mavrogiannopoulos 3.3.12-1 +- new upstream release + +* Mon Jan 5 2015 Nikos Mavrogiannopoulos 3.3.11-2 +- enabled guile bindings (#1177847) + +* Thu Dec 11 2014 Nikos Mavrogiannopoulos 3.3.11-1 +- new upstream release + +* Mon Nov 10 2014 Nikos Mavrogiannopoulos 3.3.10-1 +- new upstream release + +* Thu Oct 23 2014 Nikos Mavrogiannopoulos 3.3.9-2 +- applied fix for issue in get-issuer (#1155901) + +* Mon Oct 13 2014 Nikos Mavrogiannopoulos 3.3.9-1 +- new upstream release + +* Fri Sep 19 2014 Nikos Mavrogiannopoulos 3.3.8-2 +- strip rpath from library + +* Thu Sep 18 2014 Nikos Mavrogiannopoulos 3.3.8-1 +- new upstream release + +* Mon Aug 25 2014 Nikos Mavrogiannopoulos 3.3.7-1 +- new upstream release + +* Sat Aug 16 2014 Fedora Release Engineering - 3.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 23 2014 Nikos Mavrogiannopoulos 3.3.6-1 +- new upstream release + +* Tue Jul 01 2014 Nikos Mavrogiannopoulos 3.3.5-2 +- Added work-around for s390 builds with gcc 4.9 (#1102324) + +* Mon Jun 30 2014 Nikos Mavrogiannopoulos 3.3.5-1 +- new upstream release + +* Tue Jun 17 2014 Nikos Mavrogiannopoulos 3.3.4-3 +- explicitly depend on p11-kit-trust + +* Sat Jun 07 2014 Fedora Release Engineering - 3.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jun 02 2014 Nikos Mavrogiannopoulos 3.3.4-1 +- new upstream release + +* Fri May 30 2014 Nikos Mavrogiannopoulos 3.3.3-1 +- new upstream release + +* Wed May 21 2014 Nikos Mavrogiannopoulos 3.3.2-2 +- Require crypto-policies + +* Fri May 09 2014 Nikos Mavrogiannopoulos 3.3.2-1 +- new upstream release + +* Mon May 05 2014 Nikos Mavrogiannopoulos 3.3.1-4 +- Replaced /etc/crypto-profiles/apps with /etc/crypto-policies/back-ends. +- Added support for "very weak" profile. + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-2 +- gnutls_global_deinit() will not do anything if the previous + initialization has failed (#1091053) + +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-1 +- new upstream release + +* Mon Apr 14 2014 Nikos Mavrogiannopoulos 3.3.0-1 +- new upstream release + +* Tue Apr 08 2014 Nikos Mavrogiannopoulos 3.2.13-1 +- new upstream release + +* Wed Mar 05 2014 Nikos Mavrogiannopoulos 3.2.12.1-1 +- new upstream release + +* Mon Mar 03 2014 Nikos Mavrogiannopoulos 3.2.12-1 +- new upstream release + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-2 +- use p11-kit trust store for certificate verification + +* Mon Feb 03 2014 Nikos Mavrogiannopoulos 3.2.10-1 +- new upstream release + +* Tue Jan 14 2014 Tomáš Mráz 3.2.8-2 +- build the crywrap tool + +* Mon Dec 23 2013 Nikos Mavrogiannopoulos 3.2.8-1 +- new upstream release + +* Wed Dec 4 2013 Nikos Mavrogiannopoulos 3.2.7-2 +- Use the correct root key for unbound /var/lib/unbound/root.key (#1012494) +- Pull asm fixes from upstream (#973210) + +* Mon Nov 25 2013 Nikos Mavrogiannopoulos 3.2.7-1 +- new upstream release +- added dependency to autogen-libopts-devel to use the system's + libopts library +- added dependency to trousers-devel to enable TPM support + +* Mon Nov 4 2013 Tomáš Mráz 3.1.16-1 +- new upstream release +- fixes CVE-2013-4466 off-by-one in dane_query_tlsa() + +* Fri Oct 25 2013 Tomáš Mráz 3.1.15-1 +- new upstream release +- fixes CVE-2013-4466 buffer overflow in handling DANE entries + +* Wed Oct 16 2013 Tomáš Mráz 3.1.13-3 +- enable ECC NIST Suite B curves + +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Tomáš Mráz 3.1.13-1 +- new upstream release + +* Mon May 13 2013 Tomáš Mráz 3.1.11-1 +- new upstream release + +* Mon Mar 25 2013 Tomas Mraz 3.1.10-1 +- new upstream release +- license of the library is back to LGPLv2.1+ + +* Fri Mar 15 2013 Tomas Mraz 3.1.9-1 +- new upstream release + +* Thu Mar 7 2013 Tomas Mraz 3.1.8-3 +- drop the temporary old library + +* Tue Feb 26 2013 Tomas Mraz 3.1.8-2 +- don't send ECC algos as supported (#913797) + +* Thu Feb 21 2013 Tomas Mraz 3.1.8-1 +- new upstream version + +* Wed Feb 6 2013 Tomas Mraz 3.1.7-1 +- new upstream version, requires rebuild of dependencies +- this release temporarily includes old compatibility .so + +* Tue Feb 5 2013 Tomas Mraz 2.12.22-2 +- rebuilt with new libtasn1 +- make guile bindings optional - breaks i686 build and there is + no dependent package + +* Tue Jan 8 2013 Tomas Mraz 2.12.22-1 +- new upstream version + +* Wed Nov 28 2012 Tomas Mraz 2.12.21-2 +- use RSA bit sizes supported by libgcrypt in FIPS mode for security + levels (#879643) + +* Fri Nov 9 2012 Tomas Mraz 2.12.21-1 +- new upstream version + +* Thu Nov 1 2012 Tomas Mraz 2.12.20-4 +- negotiate only FIPS approved algorithms in the FIPS mode (#871826) + +* Wed Aug 8 2012 Tomas Mraz 2.12.20-3 +- fix the gnutls-cli-debug manpage - patch by Peter Schiffer + +* Thu Jul 19 2012 Fedora Release Engineering - 2.12.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 18 2012 Tomas Mraz 2.12.20-1 +- new upstream version + +* Fri May 18 2012 Tomas Mraz 2.12.19-1 +- new upstream version + +* Thu Mar 29 2012 Tomas Mraz 2.12.18-1 +- new upstream version + +* Thu Mar 8 2012 Tomas Mraz 2.12.17-1 +- new upstream version +- fix leaks in key generation (#796302) + +* Fri Feb 03 2012 Kevin Fenzi - 2.12.14-3 +- Disable largefile on arm arch. (#787287) + +* Fri Jan 13 2012 Fedora Release Engineering - 2.12.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 8 2011 Tomas Mraz 2.12.14-1 +- new upstream version + +* Mon Oct 24 2011 Tomas Mraz 2.12.12-1 +- new upstream version + +* Thu Sep 29 2011 Tomas Mraz 2.12.11-1 +- new upstream version + +* Fri Aug 26 2011 Tomas Mraz 2.12.9-1 +- new upstream version + +* Tue Aug 16 2011 Tomas Mraz 2.12.8-1 +- new upstream version + +* Mon Jul 25 2011 Tomas Mraz 2.12.7-2 +- fix problem when using new libgcrypt +- split libgnutlsxx to a subpackage (#455146) +- drop libgnutls-openssl (#460310) + +* Tue Jun 21 2011 Tomas Mraz 2.12.7-1 +- new upstream version + +* Mon May 9 2011 Tomas Mraz 2.12.4-1 +- new upstream version + +* Tue Apr 26 2011 Tomas Mraz 2.12.3-1 +- new upstream version + +* Mon Apr 18 2011 Tomas Mraz 2.12.2-1 +- new upstream version + +* Thu Mar 3 2011 Tomas Mraz 2.10.5-1 +- new upstream version + +* Tue Feb 08 2011 Fedora Release Engineering - 2.10.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 8 2010 Tomas Mraz 2.10.4-1 +- new upstream version + +* Thu Dec 2 2010 Tomas Mraz 2.10.3-2 +- fix buffer overflow in gnutls-serv (#659259) + +* Fri Nov 19 2010 Tomas Mraz 2.10.3-1 +- new upstream version + +* Thu Sep 30 2010 Tomas Mraz 2.10.2-1 +- new upstream version + +* Wed Sep 29 2010 jkeating - 2.10.1-4 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Tomas Mraz 2.10.1-3 +- more patching for internal errors regression (#629858) + patch by Vivek Dasmohapatra + +* Tue Sep 21 2010 Tomas Mraz 2.10.1-2 +- backported patch from upstream git hopefully fixing internal errors + (#629858) + +* Wed Aug 4 2010 Tomas Mraz 2.10.1-1 +- new upstream version + +* Wed Jun 2 2010 Tomas Mraz 2.8.6-2 +- add support for safe renegotiation CVE-2009-3555 (#533125) + +* Wed May 12 2010 Tomas Mraz 2.8.6-1 +- upgrade to a new upstream version + +* Mon Feb 15 2010 Rex Dieter 2.8.5-4 +- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624) + +* Thu Jan 28 2010 Tomas Mraz 2.8.5-3 +- drop superfluous rpath from binaries +- do not call autoreconf during build +- specify the license on utils subpackage + +* Mon Jan 18 2010 Tomas Mraz 2.8.5-2 +- do not create static libraries (#556052) + +* Mon Nov 2 2009 Tomas Mraz 2.8.5-1 +- upgrade to a new upstream version + +* Wed Sep 23 2009 Tomas Mraz 2.8.4-1 +- upgrade to a new upstream version + +* Fri Aug 14 2009 Tomas Mraz 2.8.3-1 +- upgrade to a new upstream version + +* Fri Jul 24 2009 Fedora Release Engineering - 2.8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 10 2009 Tomas Mraz 2.8.1-1 +- upgrade to a new upstream version + +* Wed Jun 3 2009 Tomas Mraz 2.8.0-1 +- upgrade to a new upstream version + +* Mon May 4 2009 Tomas Mraz 2.6.6-1 +- upgrade to a new upstream version - security fixes + +* Tue Apr 14 2009 Tomas Mraz 2.6.5-1 +- upgrade to a new upstream version, minor bugfixes only + +* Fri Mar 6 2009 Tomas Mraz 2.6.4-1 +- upgrade to a new upstream version + +* Tue Feb 24 2009 Fedora Release Engineering - 2.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 15 2008 Tomas Mraz 2.6.3-1 +- upgrade to a new upstream version + +* Thu Dec 4 2008 Tomas Mraz 2.6.2-1 +- upgrade to a new upstream version + +* Tue Nov 11 2008 Tomas Mraz 2.4.2-3 +- fix chain verification issue CVE-2008-4989 (#470079) + +* Thu Sep 25 2008 Tomas Mraz 2.4.2-2 +- add guile subpackage (#463735) +- force new libtool through autoreconf to drop unnecessary rpaths + +* Tue Sep 23 2008 Tomas Mraz 2.4.2-1 +- new upstream version + +* Tue Jul 1 2008 Tomas Mraz 2.4.1-1 +- new upstream version +- correct the license tag +- explicit --with-included-opencdk not needed +- use external lzo library, internal not included anymore + +* Tue Jun 24 2008 Tomas Mraz 2.4.0-1 +- upgrade to latest upstream + +* Tue May 20 2008 Tomas Mraz 2.0.4-3 +- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 + (#447461, #447462, #447463) + +* Mon Feb 4 2008 Joe Orton 2.0.4-2 +- use system libtasn1 + +* Tue Dec 4 2007 Tomas Mraz 2.0.4-1 +- upgrade to latest upstream + +* Tue Aug 21 2007 Tomas Mraz 1.6.3-2 +- license tag fix + +* Wed Jun 6 2007 Tomas Mraz 1.6.3-1 +- upgrade to latest upstream (#232445) + +* Tue Apr 10 2007 Tomas Mraz 1.4.5-2 +- properly require install-info (patch by Ville Skyttä) +- standard buildroot and use dist tag +- add COPYING and README to doc + +* Wed Feb 7 2007 Tomas Mraz 1.4.5-1 +- new upstream version +- drop libtermcap-devel from buildrequires + +* Thu Sep 14 2006 Tomas Mraz 1.4.1-2 +- detect forged signatures - CVE-2006-4790 (#206411), patch + from upstream + +* Tue Jul 18 2006 Tomas Mraz - 1.4.1-1 +- upgrade to new upstream version, only minor changes + +* Wed Jul 12 2006 Jesse Keating - 1.4.0-1.1 +- rebuild + +* Wed Jun 14 2006 Tomas Mraz - 1.4.0-1 +- upgrade to new upstream version (#192070), rebuild + of dependent packages required + +* Tue May 16 2006 Tomas Mraz - 1.2.10-2 +- added missing buildrequires + +* Mon Feb 13 2006 Tomas Mraz - 1.2.10-1 +- updated to new version (fixes CVE-2006-0645) + +* Fri Feb 10 2006 Jesse Keating - 1.2.9-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.2.9-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 3 2006 Jesse Keating 1.2.9-3 +- rebuilt + +* Fri Dec 9 2005 Tomas Mraz 1.2.9-2 +- replaced *-config scripts with calls to pkg-config to + solve multilib conflicts + +* Wed Nov 23 2005 Tomas Mraz 1.2.9-1 +- upgrade to newest upstream +- removed .la files (#172635) + +* Sun Aug 7 2005 Tomas Mraz 1.2.6-1 +- upgrade to newest upstream (rebuild of dependencies necessary) + +* Mon Jul 4 2005 Tomas Mraz 1.0.25-2 +- split the command line tools to utils subpackage + +* Sat Apr 30 2005 Tomas Mraz 1.0.25-1 +- new upstream version fixes potential DOS attack + +* Sat Apr 23 2005 Tomas Mraz 1.0.24-2 +- readd the version script dropped by upstream + +* Fri Apr 22 2005 Tomas Mraz 1.0.24-1 +- update to the latest upstream version on the 1.0 branch + +* Wed Mar 2 2005 Warren Togami 1.0.20-6 +- gcc4 rebuild + +* Tue Jan 4 2005 Ivana Varekova 1.0.20-5 +- add gnutls Requires zlib-devel (#144069) + +* Mon Nov 08 2004 Colin Walters 1.0.20-4 +- Make gnutls-devel Require libgcrypt-devel + +* Tue Sep 21 2004 Jeff Johnson 1.0.20-3 +- rebuild with release++, otherwise unchanged. + +* Tue Sep 7 2004 Jeff Johnson 1.0.20-2 +- patent tainted SRP code removed. + +* Sun Sep 5 2004 Jeff Johnson 1.0.20-1 +- update to 1.0.20. +- add --with-included-opencdk --with-included-libtasn1 +- add --with-included-libcfg --with-included-lzo +- add --disable-srp-authentication. +- do "make check" after build. + +* Fri Mar 21 2003 Jeff Johnson 0.9.2-1 +- upgrade to 0.9.2 + +* Tue Jun 25 2002 Jeff Johnson 0.4.4-1 +- update to 0.4.4. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sat May 25 2002 Jeff Johnson 0.4.3-1 +- update to 0.4.3. + +* Tue May 21 2002 Jeff Johnson 0.4.2-1 +- update to 0.4.2. +- change license to LGPL. +- include splint annotations patch. + +* Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1 +- update to 0.4.0 + +* Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1 +- update to 0.3.2 + +* Thu Jan 10 2002 Nalin Dahyabhai 0.3.0-1 +- add a URL + +* Thu Dec 20 2001 Nalin Dahyabhai +- initial package diff --git a/sources b/sources new file mode 100644 index 0000000..cdfd08d --- /dev/null +++ b/sources @@ -0,0 +1,3 @@ +SHA512 (gnutls-3.6.16.tar.xz) = 72c78d7fcb024393c1d15f2a1856608ae4460ba43cc5bbbb4c29b80508cae6cb822df4638029de2363437d110187e0a3cc19a7288c3b2f44b2f648399a028438 +SHA512 (gnutls-3.6.16.tar.xz.sig) = 1345c94efd8cbcc5df334ba685d0e5f9b87287888f392d14698c8eadbc07a57cc2f34f82e9298e9539636dde6f2cb25fca414972e5f5090e553808ba4d7c9c23 +SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173