From 4d4d77e68cfc767d26158200115d7f5d08379b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Thu, 20 Jul 2006 12:58:48 +0000 Subject: [PATCH] - add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) - add patches for BN threadsafety, AES cache collision attack hazard fix and pkcs7 code memleak fix from upstream CVS --- openssl-0.9.8b-aes-cachecol.patch | 777 +++++++++++++++++++++++++++ openssl-0.9.8b-bn-threadsafety.patch | 447 +++++++++++++++ openssl-0.9.8b-ipv6-apps.patch | 508 +++++++++++++++++ openssl-0.9.8b-pkcs7-leak.patch | 20 + openssl.spec | 19 +- 5 files changed, 1768 insertions(+), 3 deletions(-) create mode 100644 openssl-0.9.8b-aes-cachecol.patch create mode 100644 openssl-0.9.8b-bn-threadsafety.patch create mode 100644 openssl-0.9.8b-ipv6-apps.patch create mode 100644 openssl-0.9.8b-pkcs7-leak.patch diff --git a/openssl-0.9.8b-aes-cachecol.patch b/openssl-0.9.8b-aes-cachecol.patch new file mode 100644 index 0000000..b798e87 --- /dev/null +++ b/openssl-0.9.8b-aes-cachecol.patch @@ -0,0 +1,777 @@ +openssl/crypto/aes/aes_core.c 1.7 -> 1.7.2.1 + +--- openssl/crypto/aes/aes_core.c 2005/01/24 14:22:05 1.7 ++++ openssl/crypto/aes/aes_core.c 2006/06/28 08:58:15 1.7.2.1 +@@ -44,22 +44,14 @@ + Te1[x] = S [x].[03, 02, 01, 01]; + Te2[x] = S [x].[01, 03, 02, 01]; + Te3[x] = S [x].[01, 01, 03, 02]; +-Te4[x] = S [x].[01, 01, 01, 01]; + + Td0[x] = Si[x].[0e, 09, 0d, 0b]; + Td1[x] = Si[x].[0b, 0e, 09, 0d]; + Td2[x] = Si[x].[0d, 0b, 0e, 09]; + Td3[x] = Si[x].[09, 0d, 0b, 0e]; +-Td4[x] = Si[x].[01, 01, 01, 01]; ++Td4[x] = Si[x].[01]; + */ + +-#ifdef AES_ASM +-extern const u32 AES_Te[5][256]; +-#define Te0 AES_Te[0] +-#define Te1 AES_Te[1] +-#define Te2 AES_Te[2] +-#define Te3 AES_Te[3] +-#else + static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, +@@ -324,81 +316,7 @@ + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, + }; +-#endif +-static const u32 Te4[256] = { +- 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, +- 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, +- 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, +- 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, +- 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, +- 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, +- 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, +- 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, +- 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, +- 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, +- 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, +- 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, +- 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, +- 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, +- 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, +- 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, +- 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, +- 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, +- 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, +- 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, +- 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, +- 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, +- 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, +- 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, +- 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, +- 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, +- 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, +- 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, +- 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, +- 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, +- 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, +- 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, +- 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, +- 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, +- 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, +- 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, +- 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, +- 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, +- 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, +- 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, +- 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, +- 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, +- 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, +- 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, +- 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, +- 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, +- 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, +- 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, +- 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, +- 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, +- 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, +- 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, +- 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, +- 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, +- 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, +- 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, +- 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, +- 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, +- 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, +- 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, +- 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, +- 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, +- 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, +- 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +-}; + +-#ifdef AES_ASM +-extern const u32 AES_Td[5][256]; +-#define Td0 AES_Td[0] +-#define Td1 AES_Td[1] +-#define Td2 AES_Td[2] +-#define Td3 AES_Td[3] +-#else + static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, +@@ -663,72 +581,39 @@ + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, + }; +-#endif +-static const u32 Td4[256] = { +- 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, +- 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, +- 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, +- 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, +- 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, +- 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, +- 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, +- 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, +- 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, +- 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, +- 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, +- 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, +- 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, +- 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, +- 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, +- 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, +- 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, +- 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, +- 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, +- 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, +- 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, +- 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, +- 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, +- 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, +- 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, +- 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, +- 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, +- 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, +- 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, +- 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, +- 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, +- 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, +- 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, +- 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, +- 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, +- 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, +- 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, +- 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, +- 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, +- 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, +- 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, +- 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, +- 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, +- 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, +- 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, +- 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, +- 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, +- 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, +- 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, +- 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, +- 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, +- 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, +- 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, +- 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, +- 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, +- 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, +- 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, +- 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, +- 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, +- 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, +- 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, +- 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, +- 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, +- 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, ++static const u8 Td4[256] = { ++ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, ++ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, ++ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, ++ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, ++ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, ++ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, ++ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, ++ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, ++ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, ++ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, ++ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, ++ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, ++ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, ++ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, ++ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, ++ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, ++ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, ++ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, ++ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, ++ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, ++ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, ++ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, ++ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, ++ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, ++ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, ++ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, ++ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, ++ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, ++ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, ++ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, ++ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, ++ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, + }; + static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, +@@ -768,10 +653,10 @@ + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ +- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ +- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ +- (Te4[(temp ) & 0xff] & 0x0000ff00) ^ +- (Te4[(temp >> 24) ] & 0x000000ff) ^ ++ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ ++ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; +@@ -788,10 +673,10 @@ + while (1) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ +- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ +- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ +- (Te4[(temp ) & 0xff] & 0x0000ff00) ^ +- (Te4[(temp >> 24) ] & 0x000000ff) ^ ++ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ ++ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; +@@ -810,10 +695,10 @@ + while (1) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ +- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ +- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ +- (Te4[(temp ) & 0xff] & 0x0000ff00) ^ +- (Te4[(temp >> 24) ] & 0x000000ff) ^ ++ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ ++ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; +@@ -823,10 +708,10 @@ + } + temp = rk[11]; + rk[12] = rk[ 4] ^ +- (Te4[(temp >> 24) ] & 0xff000000) ^ +- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ +- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ +- (Te4[(temp ) & 0xff] & 0x000000ff); ++ (Te2[(temp >> 24) ] & 0xff000000) ^ ++ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; +@@ -865,25 +750,25 @@ + for (i = 1; i < (key->rounds); i++) { + rk += 4; + rk[0] = +- Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ +- Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ +- Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ +- Td3[Te4[(rk[0] ) & 0xff] & 0xff]; ++ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[0] ) & 0xff] & 0xff]; + rk[1] = +- Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ +- Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ +- Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ +- Td3[Te4[(rk[1] ) & 0xff] & 0xff]; ++ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[1] ) & 0xff] & 0xff]; + rk[2] = +- Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ +- Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ +- Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ +- Td3[Te4[(rk[2] ) & 0xff] & 0xff]; ++ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[2] ) & 0xff] & 0xff]; + rk[3] = +- Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ +- Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ +- Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ +- Td3[Te4[(rk[3] ) & 0xff] & 0xff]; ++ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[3] ) & 0xff] & 0xff]; + } + return 0; + } +@@ -1051,31 +936,31 @@ + * map cipher state to byte array block: + */ + s0 = +- (Te4[(t0 >> 24) ] & 0xff000000) ^ +- (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te4[(t3 ) & 0xff] & 0x000000ff) ^ ++ (Te2[(t0 >> 24) ] & 0xff000000) ^ ++ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(out , s0); + s1 = +- (Te4[(t1 >> 24) ] & 0xff000000) ^ +- (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te4[(t0 ) & 0xff] & 0x000000ff) ^ ++ (Te2[(t1 >> 24) ] & 0xff000000) ^ ++ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = +- (Te4[(t2 >> 24) ] & 0xff000000) ^ +- (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te4[(t1 ) & 0xff] & 0x000000ff) ^ ++ (Te2[(t2 >> 24) ] & 0xff000000) ^ ++ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = +- (Te4[(t3 >> 24) ] & 0xff000000) ^ +- (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te4[(t2 ) & 0xff] & 0x000000ff) ^ ++ (Te2[(t3 >> 24) ] & 0xff000000) ^ ++ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(out + 12, s3); + } +@@ -1242,31 +1127,31 @@ + * map cipher state to byte array block: + */ + s0 = +- (Td4[(t0 >> 24) ] & 0xff000000) ^ +- (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ +- (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ +- (Td4[(t1 ) & 0xff] & 0x000000ff) ^ ++ (Td4[(t0 >> 24) ] << 24) ^ ++ (Td4[(t3 >> 16) & 0xff] << 16) ^ ++ (Td4[(t2 >> 8) & 0xff] << 8) ^ ++ (Td4[(t1 ) & 0xff]) ^ + rk[0]; + PUTU32(out , s0); + s1 = +- (Td4[(t1 >> 24) ] & 0xff000000) ^ +- (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ +- (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ +- (Td4[(t2 ) & 0xff] & 0x000000ff) ^ ++ (Td4[(t1 >> 24) ] << 24) ^ ++ (Td4[(t0 >> 16) & 0xff] << 16) ^ ++ (Td4[(t3 >> 8) & 0xff] << 8) ^ ++ (Td4[(t2 ) & 0xff]) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = +- (Td4[(t2 >> 24) ] & 0xff000000) ^ +- (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ +- (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ +- (Td4[(t3 ) & 0xff] & 0x000000ff) ^ ++ (Td4[(t2 >> 24) ] << 24) ^ ++ (Td4[(t1 >> 16) & 0xff] << 16) ^ ++ (Td4[(t0 >> 8) & 0xff] << 8) ^ ++ (Td4[(t3 ) & 0xff]) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = +- (Td4[(t3 >> 24) ] & 0xff000000) ^ +- (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ +- (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ +- (Td4[(t0 ) & 0xff] & 0x000000ff) ^ ++ (Td4[(t3 >> 24) ] << 24) ^ ++ (Td4[(t2 >> 16) & 0xff] << 16) ^ ++ (Td4[(t1 >> 8) & 0xff] << 8) ^ ++ (Td4[(t0 ) & 0xff]) ^ + rk[3]; + PUTU32(out + 12, s3); + } +openssl/crypto/aes/asm/aes-586.pl 1.11 -> 1.11.2.1 + +--- openssl/crypto/aes/asm/aes-586.pl 2005/05/09 21:48:00 1.11 ++++ openssl/crypto/aes/asm/aes-586.pl 2006/06/28 09:01:40 1.11.2.1 +@@ -6,7 +6,7 @@ + # forms are granted according to the OpenSSL license. + # ==================================================================== + # +-# Version 3.4. ++# Version 3.6. + # + # You might fail to appreciate this module performance from the first + # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered +@@ -66,6 +66,13 @@ + # stack. This unfortunately has rather strong impact on small block CBC + # performance, ~2x deterioration on 16-byte block if compared to 3.3. + # ++# Version 3.5 checks if there is L1 cache aliasing between user-supplied ++# key schedule and S-boxes and abstains from copying the former if ++# there is no. This allows end-user to consciously retain small block ++# performance by aligning key schedule in specific manner. ++# ++# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. ++# + # Current ECB performance numbers for 128-bit key in CPU cycles per + # processed byte [measure commonly used by AES benchmarkers] are: + # +@@ -505,28 +512,27 @@ + if($i==3) { &mov ($key,&DWP(12,"esp")); } + else { &mov ($out,$s[0]); } + &and ($out,0xFF); +- &mov ($out,&DWP(2048,$td,$out,4)); +- &and ($out,0x000000ff); ++ &movz ($out,&DWP(2048,$td,$out,1)); + + if ($i==3) { $tmp=$s[1]; } + &movz ($tmp,&HB($s[1])); +- &mov ($tmp,&DWP(2048,$td,$tmp,4)); +- &and ($tmp,0x0000ff00); ++ &movz ($tmp,&DWP(2048,$td,$tmp,1)); ++ &shl ($tmp,8); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } + else { mov ($tmp,$s[2]); } + &shr ($tmp,16); + &and ($tmp,0xFF); +- &mov ($tmp,&DWP(2048,$td,$tmp,4)); +- &and ($tmp,0x00ff0000); ++ &movz ($tmp,&DWP(2048,$td,$tmp,1)); ++ &shl ($tmp,16); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } + else { &mov ($tmp,$s[3]); } + &shr ($tmp,24); +- &mov ($tmp,&DWP(2048,$td,$tmp,4)); +- &and ($tmp,0xff000000); ++ &movz ($tmp,&DWP(2048,$td,$tmp,1)); ++ &shl ($tmp,24); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } +@@ -687,70 +693,38 @@ + &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); + &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); + #Td4: +- &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5); +- &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838); +- &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e); +- &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb); +- &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282); +- &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787); +- &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444); +- &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb); +- &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232); +- &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d); +- &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b); +- &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e); +- &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666); +- &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2); +- &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949); +- &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525); +- &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464); +- &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616); +- &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc); +- &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292); +- &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050); +- &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada); +- &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757); +- &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484); +- &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000); +- &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a); +- &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505); +- &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606); +- &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f); +- &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202); +- &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303); +- &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b); +- &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141); +- &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea); +- &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece); +- &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373); +- &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222); +- &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585); +- &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8); +- &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e); +- &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171); +- &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989); +- &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e); +- &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b); +- &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b); +- &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020); +- &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe); +- &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4); +- &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333); +- &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131); +- &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959); +- &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f); +- &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9); +- &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d); +- &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f); +- &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef); +- &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d); +- &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0); +- &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c); +- &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161); +- &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e); +- &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626); +- &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363); +- &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d); ++ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); ++ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); ++ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); ++ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); ++ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); ++ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); ++ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); ++ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); ++ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); ++ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); ++ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); ++ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); ++ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); ++ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); ++ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); ++ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); ++ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); ++ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); ++ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); ++ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); ++ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); ++ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); ++ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); ++ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); ++ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); ++ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); ++ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); ++ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); ++ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); ++ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); ++ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); ++ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); + &function_end_B("_x86_AES_decrypt"); + + # void AES_decrypt (const void *inp,void *out,const AES_KEY *key); +@@ -770,6 +744,18 @@ + &blindpop("ebp"); + &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); + ++ # prefetch Td4 ++ &lea ("ebp",&DWP(2048+128,"ebp")); ++ &mov ($s0,&DWP(0-128,"ebp")); ++ &mov ($s1,&DWP(32-128,"ebp")); ++ &mov ($s2,&DWP(64-128,"ebp")); ++ &mov ($s3,&DWP(96-128,"ebp")); ++ &mov ($s0,&DWP(128-128,"ebp")); ++ &mov ($s1,&DWP(160-128,"ebp")); ++ &mov ($s2,&DWP(192-128,"ebp")); ++ &mov ($s3,&DWP(224-128,"ebp")); ++ &lea ("ebp",&DWP(-2048-128,"ebp")); ++ + &mov ($s0,&DWP(0,$acc)); # load input data + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); +@@ -805,6 +791,7 @@ + my $_tmp=&DWP(40,"esp"); #volatile variable + my $ivec=&DWP(44,"esp"); #ivec[16] + my $aes_key=&DWP(60,"esp"); #copy of aes_key ++my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds + + &public_label("AES_Te"); + &public_label("AES_Td"); +@@ -865,18 +852,27 @@ + &mov ($_key,$s3); # save copy of key + &mov ($_ivp,$acc); # save copy of ivp + ++ &mov ($mark,0); # copy of aes_key->rounds = 0; + if ($compromise) { + &cmp ($s2,$compromise); + &jb (&label("skip_ecopy")); + } +- # copy key schedule to stack +- &mov ("ecx",244/4); ++ # do we copy key schedule to stack? ++ &mov ($s1 eq "ebx" ? $s1 : "",$s3); ++ &mov ($s2 eq "ecx" ? $s2 : "",244/4); ++ &sub ($s1,"ebp"); + &mov ("esi",$s3); ++ &and ($s1,0xfff); + &lea ("edi",$aes_key); +- &mov ($_key,"edi"); ++ &cmp ($s1,2048); ++ &jb (&label("do_ecopy")); ++ &cmp ($s1,4096-244); ++ &jb (&label("skip_ecopy")); + &align (4); +- &data_word(0xF689A5F3); # rep movsd +- &set_label("skip_ecopy") if ($compromise); ++ &set_label("do_ecopy"); ++ &mov ($_key,"edi"); ++ &data_word(0xA5F3F689); # rep movsd ++ &set_label("skip_ecopy"); + + &mov ($acc,$s0); + &mov ($key,16); +@@ -942,18 +938,16 @@ + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + ++ &cmp ($mark,0); # was the key schedule copied? + &mov ("edi",$_key); + &mov ("esp",$_esp); +- if ($compromise) { +- &cmp (&wparam(2),$compromise); +- &jb (&label("skip_ezero")); +- } ++ &je (&label("skip_ezero")); + # zero copy of key schedule + &mov ("ecx",240/4); + &xor ("eax","eax"); + &align (4); +- &data_word(0xF689ABF3); # rep stosd +- &set_label("skip_ezero") if ($compromise); ++ &data_word(0xABF3F689); # rep stosd ++ &set_label("skip_ezero") + &popf (); + &set_label("enc_out"); + &function_end_A(); +@@ -968,7 +962,7 @@ + &cmp ($key,$acc); # compare with inp + &je (&label("enc_in_place")); + &align (4); +- &data_word(0xF689A4F3); # rep movsb # copy input ++ &data_word(0xA4F3F689); # rep movsb # copy input + &jmp (&label("enc_skip_in_place")); + &set_label("enc_in_place"); + &lea ($key,&DWP(0,$key,$s2)); +@@ -976,7 +970,7 @@ + &mov ($s2,$s1); + &xor ($s0,$s0); + &align (4); +- &data_word(0xF689AAF3); # rep stosb # zero tail ++ &data_word(0xAAF3F689); # rep stosb # zero tail + &pop ($key); # pop ivp + + &mov ($acc,$_out); # output as input +@@ -996,10 +990,10 @@ + + # ... and make sure it doesn't alias with AES_Td modulo 4096 + &mov ($s0,"ebp"); +- &lea ($s1,&DWP(3072,"ebp")); ++ &lea ($s1,&DWP(2048+256,"ebp")); + &mov ($s3,$key); + &and ($s0,0xfff); # s = %ebp&0xfff +- &and ($s1,0xfff); # e = (%ebp+3072)&0xfff ++ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff + &and ($s3,0xfff); # p = %esp&0xfff + + &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); +@@ -1030,21 +1024,30 @@ + &mov ($_key,$s3); # save copy of key + &mov ($_ivp,$acc); # save copy of ivp + ++ &mov ($mark,0); # copy of aes_key->rounds = 0; + if ($compromise) { + &cmp ($s2,$compromise); + &jb (&label("skip_dcopy")); + } +- # copy key schedule to stack +- &mov ("ecx",244/4); ++ # do we copy key schedule to stack? ++ &mov ($s1 eq "ebx" ? $s1 : "",$s3); ++ &mov ($s2 eq "ecx" ? $s2 : "",244/4); ++ &sub ($s1,"ebp"); + &mov ("esi",$s3); ++ &and ($s1,0xfff); + &lea ("edi",$aes_key); +- &mov ($_key,"edi"); ++ &cmp ($s1,2048+256); ++ &jb (&label("do_dcopy")); ++ &cmp ($s1,4096-244); ++ &jb (&label("skip_dcopy")); + &align (4); +- &data_word(0xF689A5F3); # rep movsd +- &set_label("skip_dcopy") if ($compromise); ++ &set_label("do_dcopy"); ++ &mov ($_key,"edi"); ++ &data_word(0xA5F3F689); # rep movsd ++ &set_label("skip_dcopy"); + + &mov ($acc,$s0); +- &mov ($key,24); ++ &mov ($key,18); + &align (4); + &set_label("prefetch_td"); + &mov ($s0,&DWP(0,"ebp")); +@@ -1054,7 +1057,7 @@ + &lea ("ebp",&DWP(128,"ebp")); + &dec ($key); + &jnz (&label("prefetch_td")); +- &sub ("ebp",3072); ++ &sub ("ebp",2048+256); + + &cmp ($acc,$_out); + &je (&label("dec_in_place")); # in-place processing... +@@ -1121,7 +1124,7 @@ + &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc)); + &mov ($acc eq "esi" ? $acc : "",$key); + &mov ($key eq "edi" ? $key : "",$_out); # load out +- &data_word(0xF689A4F3); # rep movsb # copy output ++ &data_word(0xA4F3F689); # rep movsb # copy output + &mov ($key,$_inp); # use inp as temp ivp + &jmp (&label("dec_end")); + +@@ -1188,22 +1191,20 @@ + &lea ($key,&DWP(0,$key,$s2)); + &lea ($acc,&DWP(16,$acc,$s2)); + &neg ($s2 eq "ecx" ? $s2 : ""); +- &data_word(0xF689A4F3); # rep movsb # restore tail ++ &data_word(0xA4F3F689); # rep movsb # restore tail + + &align (4); + &set_label("dec_out"); ++ &cmp ($mark,0); # was the key schedule copied? + &mov ("edi",$_key); + &mov ("esp",$_esp); +- if ($compromise) { +- &cmp (&wparam(2),$compromise); +- &jb (&label("skip_dzero")); +- } ++ &je (&label("skip_dzero")); + # zero copy of key schedule + &mov ("ecx",240/4); + &xor ("eax","eax"); + &align (4); +- &data_word(0xF689ABF3); # rep stosd +- &set_label("skip_dzero") if ($compromise); ++ &data_word(0xABF3F689); # rep stosd ++ &set_label("skip_dzero") + &popf (); + &function_end("AES_cbc_encrypt"); + } diff --git a/openssl-0.9.8b-bn-threadsafety.patch b/openssl-0.9.8b-bn-threadsafety.patch new file mode 100644 index 0000000..acf3e49 --- /dev/null +++ b/openssl-0.9.8b-bn-threadsafety.patch @@ -0,0 +1,447 @@ +--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.bn-threadsafe 2005-09-23 01:32:49.000000000 +0200 ++++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2006-07-20 13:41:44.000000000 +0200 +@@ -56,7 +56,7 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== +- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -238,40 +238,63 @@ + return(r); + } + +-static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx) ++static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) + { + BN_BLINDING *ret; ++ int got_write_lock = 0; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_RSA); + + if (rsa->blinding == NULL) + { ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ got_write_lock = 1; ++ + if (rsa->blinding == NULL) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_RSA); +- if (rsa->blinding == NULL) +- rsa->blinding = RSA_setup_blinding(rsa, ctx); +- CRYPTO_w_unlock(CRYPTO_LOCK_RSA); +- } ++ rsa->blinding = RSA_setup_blinding(rsa, ctx); + } + + ret = rsa->blinding; + if (ret == NULL) +- return NULL; ++ goto err; + +- if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id()) ++ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) + { +- *local = 0; ++ /* rsa->blinding is ours! */ ++ ++ *local = 1; ++ } ++ else ++ { ++ /* resort to rsa->mt_blinding instead */ ++ ++ *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() ++ * that the BN_BLINDING is shared, meaning that accesses ++ * require locks, and that the blinding factor must be ++ * stored outside the BN_BLINDING ++ */ ++ + if (rsa->mt_blinding == NULL) + { +- CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ if (!got_write_lock) ++ { ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ got_write_lock = 1; ++ } ++ + if (rsa->mt_blinding == NULL) + rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); +- CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + ret = rsa->mt_blinding; + } +- else +- *local = 1; + ++ err: ++ if (got_write_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); ++ else ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + return ret; + } + +@@ -358,7 +381,7 @@ + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) + { +- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); ++ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); +@@ -479,7 +502,7 @@ + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) + { +- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); ++ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); +--- openssl-0.9.8b/crypto/bn/bn_mont.c.bn-threadsafe 2005-11-11 13:59:39.000000000 +0100 ++++ openssl-0.9.8b/crypto/bn/bn_mont.c 2006-07-20 13:42:07.000000000 +0200 +@@ -55,6 +55,59 @@ + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ + + /* + * Details about Montgomery multiplication algorithms can be found at +@@ -353,18 +406,32 @@ + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { +- if (*pmont) +- return *pmont; +- CRYPTO_w_lock(lock); ++ int got_write_lock = 0; ++ BN_MONT_CTX *ret; ++ ++ CRYPTO_r_lock(lock); + if (!*pmont) + { +- BN_MONT_CTX *mtmp; +- mtmp = BN_MONT_CTX_new(); +- if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx)) +- BN_MONT_CTX_free(mtmp); +- else +- *pmont = mtmp; ++ CRYPTO_r_unlock(lock); ++ CRYPTO_w_lock(lock); ++ got_write_lock = 1; ++ ++ if (!*pmont) ++ { ++ ret = BN_MONT_CTX_new(); ++ if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) ++ BN_MONT_CTX_free(ret); ++ else ++ *pmont = ret; ++ } + } +- CRYPTO_w_unlock(lock); +- return *pmont; ++ ++ ret = *pmont; ++ ++ if (got_write_lock) ++ CRYPTO_w_unlock(lock); ++ else ++ CRYPTO_r_unlock(lock); ++ ++ return ret; + } +--- openssl-0.9.8b/crypto/err/err.c.bn-threadsafe 2006-02-08 20:16:16.000000000 +0100 ++++ openssl-0.9.8b/crypto/err/err.c 2006-07-20 13:41:44.000000000 +0200 +@@ -548,9 +548,20 @@ + int i; + static int init = 1; + +- if (!init) return; +- ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ if (!init) ++ { ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } ++ ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!init) ++ { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } + + for (i = 1; i <= NUM_SYS_STR_REASONS; i++) + { +--- openssl-0.9.8b/ssl/ssl_ciph.c.bn-threadsafe 2006-04-15 02:22:34.000000000 +0200 ++++ openssl-0.9.8b/ssl/ssl_ciph.c 2006-07-20 13:41:44.000000000 +0200 +@@ -56,6 +56,59 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. +@@ -203,36 +256,46 @@ + + static void load_builtin_compressions(void) + { +- if (ssl_comp_methods != NULL) +- return; ++ int got_write_lock = 0; + +- CRYPTO_w_lock(CRYPTO_LOCK_SSL); ++ CRYPTO_r_lock(CRYPTO_LOCK_SSL); + if (ssl_comp_methods == NULL) + { +- SSL_COMP *comp = NULL; +- +- MemCheck_off(); +- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); +- if (ssl_comp_methods != NULL) ++ CRYPTO_r_unlock(CRYPTO_LOCK_SSL); ++ CRYPTO_w_lock(CRYPTO_LOCK_SSL); ++ got_write_lock = 1; ++ ++ if (ssl_comp_methods == NULL) + { +- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); +- if (comp != NULL) ++ SSL_COMP *comp = NULL; ++ ++ MemCheck_off(); ++ ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); ++ if (ssl_comp_methods != NULL) + { +- comp->method=COMP_zlib(); +- if (comp->method +- && comp->method->type == NID_undef) +- OPENSSL_free(comp); +- else ++ comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); ++ if (comp != NULL) + { +- comp->id=SSL_COMP_ZLIB_IDX; +- comp->name=comp->method->name; +- sk_SSL_COMP_push(ssl_comp_methods,comp); ++ comp->method=COMP_zlib(); ++ if (comp->method ++ && comp->method->type == NID_undef) ++ OPENSSL_free(comp); ++ else ++ { ++ comp->id=SSL_COMP_ZLIB_IDX; ++ comp->name=comp->method->name; ++ sk_SSL_COMP_push(ssl_comp_methods,comp); ++ } + } + } ++ MemCheck_on(); + } +- MemCheck_on(); + } +- CRYPTO_w_unlock(CRYPTO_LOCK_SSL); ++ ++ if (got_write_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_SSL); ++ else ++ CRYPTO_r_unlock(CRYPTO_LOCK_SSL); + } + #endif + +--- openssl-0.9.8b/ssl/ssl_cert.c.bn-threadsafe 2006-02-24 18:58:35.000000000 +0100 ++++ openssl-0.9.8b/ssl/ssl_cert.c 2006-07-20 13:41:44.000000000 +0200 +@@ -56,7 +56,7 @@ + * [including the GNU Public Licence.] + */ + /* ==================================================================== +- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -73,12 +73,12 @@ + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact +- * openssl-core@OpenSSL.org. ++ * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written +@@ -87,7 +87,7 @@ + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +@@ -102,6 +102,11 @@ + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +@@ -130,21 +135,28 @@ + int SSL_get_ex_data_X509_STORE_CTX_idx(void) + { + static volatile int ssl_x509_store_ctx_idx= -1; ++ int got_write_lock = 0; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); + + if (ssl_x509_store_ctx_idx < 0) + { +- /* any write lock will do; usually this branch +- * will only be taken once anyway */ ++ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ++ got_write_lock = 1; + + if (ssl_x509_store_ctx_idx < 0) + { + ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( + 0,"SSL for verify callback",NULL,NULL,NULL); + } +- +- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + } ++ ++ if (got_write_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); ++ else ++ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); ++ + return ssl_x509_store_ctx_idx; + } + diff --git a/openssl-0.9.8b-ipv6-apps.patch b/openssl-0.9.8b-ipv6-apps.patch new file mode 100644 index 0000000..6c51509 --- /dev/null +++ b/openssl-0.9.8b-ipv6-apps.patch @@ -0,0 +1,508 @@ +diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_apps.h openssl-0.9.8b/apps/s_apps.h +--- openssl-0.9.8b.orig/apps/s_apps.h 2006-07-11 16:14:29.000000000 +0200 ++++ openssl-0.9.8b/apps/s_apps.h 2006-07-13 08:44:29.000000000 +0200 +@@ -148,7 +148,7 @@ + #define PORT_STR "4433" + #define PROTOCOL "tcp" + +-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); ++int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); + #ifdef HEADER_X509_H + int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); + #endif +@@ -156,10 +156,9 @@ + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); + int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); + #endif +-int init_client(int *sock, char *server, int port, int type); ++int init_client(int *sock, char *server, char *port, int type); + int should_retry(int i); +-int extract_port(char *str, short *port_ptr); +-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); ++int extract_host_port(char *str,char **host_ptr,char **port_ptr); + + long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret); +diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_client.c openssl-0.9.8b/apps/s_client.c +--- openssl-0.9.8b.orig/apps/s_client.c 2005-11-25 14:46:41.000000000 +0100 ++++ openssl-0.9.8b/apps/s_client.c 2006-07-13 08:44:29.000000000 +0200 +@@ -246,7 +246,7 @@ + int cbuf_len,cbuf_off; + int sbuf_len,sbuf_off; + fd_set readfds,writefds; +- short port=PORT; ++ char *port_str = PORT_STR; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; +@@ -330,13 +330,12 @@ + else if (strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; +- port=atoi(*(++argv)); +- if (port == 0) goto bad; ++ port_str= *(++argv); + } + else if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; +- if (!extract_host_port(*(++argv),&host,NULL,&port)) ++ if (!extract_host_port(*(++argv),&host,&port_str)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) +@@ -619,7 +618,7 @@ + + re_start: + +- if (init_client(&s,host,port,sock_type) == 0) ++ if (init_client(&s,host,port_str,sock_type) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); +diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_server.c openssl-0.9.8b/apps/s_server.c +--- openssl-0.9.8b.orig/apps/s_server.c 2005-09-02 14:27:02.000000000 +0200 ++++ openssl-0.9.8b/apps/s_server.c 2006-07-13 08:44:29.000000000 +0200 +@@ -532,7 +532,7 @@ + { + X509_STORE *store = NULL; + int vflags = 0; +- short port=PORT; ++ char *port_str = PORT_STR; + char *CApath=NULL,*CAfile=NULL; + unsigned char *context = NULL; + char *dhfile = NULL; +@@ -597,8 +597,7 @@ + (strcmp(*argv,"-accept") == 0)) + { + if (--argc < 1) goto bad; +- if (!extract_port(*(++argv),&port)) +- goto bad; ++ port_str= *(++argv); + } + else if (strcmp(*argv,"-verify") == 0) + { +@@ -1086,9 +1085,9 @@ + + BIO_printf(bio_s_out,"ACCEPT\n"); + if (www) +- do_server(port,sock_type,&accept_socket,www_body, context); ++ do_server(port_str,sock_type,&accept_socket,www_body, context); + else +- do_server(port,sock_type,&accept_socket,sv_body, context); ++ do_server(port_str,sock_type,&accept_socket,sv_body, context); + print_stats(bio_s_out,ctx); + ret=0; + end: +diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_socket.c openssl-0.9.8b/apps/s_socket.c +--- openssl-0.9.8b.orig/apps/s_socket.c 2005-06-13 05:21:00.000000000 +0200 ++++ openssl-0.9.8b/apps/s_socket.c 2006-07-13 08:44:29.000000000 +0200 +@@ -96,9 +96,7 @@ + static void ssl_sock_cleanup(void); + #endif + static int ssl_sock_init(void); +-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); +-static int init_server(int *sock, int port, int type); +-static int init_server_long(int *sock, int port,char *ip, int type); ++static int init_server(int *sock, char *port, int type); + static int do_accept(int acc_sock, int *sock, char **host); + static int host_ip(char *str, unsigned char ip[4]); + +@@ -228,60 +226,69 @@ + return(1); + } + +-int init_client(int *sock, char *host, int port, int type) ++int init_client(int *sock, char *host, char *port, int type) + { +- unsigned char ip[4]; +- short p=0; +- +- if (!host_ip(host,&(ip[0]))) +- { +- return(0); +- } +- if (p != 0) port=p; +- return(init_client_ip(sock,ip,port,type)); +- } +- +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) +- { +- unsigned long addr; +- struct sockaddr_in them; +- int s,i; ++ struct addrinfo *res, *res0, hints; ++ char * failed_call = NULL; ++ int s; ++ int e; + + if (!ssl_sock_init()) return(0); + +- memset((char *)&them,0,sizeof(them)); +- them.sin_family=AF_INET; +- them.sin_port=htons((unsigned short)port); +- addr=(unsigned long) +- ((unsigned long)ip[0]<<24L)| +- ((unsigned long)ip[1]<<16L)| +- ((unsigned long)ip[2]<< 8L)| +- ((unsigned long)ip[3]); +- them.sin_addr.s_addr=htonl(addr); +- +- if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); +- else /* ( type == SOCK_DGRAM) */ +- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); +- +- if (s == INVALID_SOCKET) { perror("socket"); return(0); } ++ memset(&hints, '\0', sizeof(hints)); ++ hints.ai_socktype = type; ++ hints.ai_flags = AI_ADDRCONFIG; ++ ++ e = getaddrinfo(host, port, &hints, &res); ++ if (e) ++ { ++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); ++ if (e == EAI_SYSTEM) ++ perror("getaddrinfo"); ++ return (0); ++ } + ++ res0 = res; ++ while (res) ++ { ++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); ++ if (s == INVALID_SOCKET) ++ { ++ failed_call = "socket"; ++ goto nextres; ++ } + #ifndef OPENSSL_SYS_MPE + if (type == SOCK_STREAM) + { +- i=0; +- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); +- if (i < 0) { perror("keepalive"); return(0); } ++ int i=0; ++ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE, ++ (char *)&i,sizeof(i)); ++ if (i < 0) { ++ failed_call = "keepalive"; ++ goto nextres; ++ } + } + #endif +- +- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) +- { close(s); perror("connect"); return(0); } ++ if (connect(s,(struct sockaddr *)res->ai_addr, ++ res->ai_addrlen) == 0) ++ { ++ freeaddrinfo(res0); + *sock=s; + return(1); + } ++ failed_call = "socket"; ++nextres: ++ if (s != INVALID_SOCKET) ++ close(s); ++ res = res->ai_next; ++ } ++ freeaddrinfo(res0); ++ ++ perror(failed_call); ++ return(0); ++ } + +-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) ++int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) + { + int sock; + char *name = NULL; +@@ -319,33 +326,38 @@ + } + } + +-static int init_server_long(int *sock, int port, char *ip, int type) ++static int init_server(int *sock, char *port, int type) + { +- int ret=0; +- struct sockaddr_in server; +- int s= -1,i; ++ struct addrinfo *res, *res0, hints; ++ char * failed_call = NULL; ++ char port_name[8]; ++ int s; ++ int e; + + if (!ssl_sock_init()) return(0); + +- memset((char *)&server,0,sizeof(server)); +- server.sin_family=AF_INET; +- server.sin_port=htons((unsigned short)port); +- if (ip == NULL) +- server.sin_addr.s_addr=INADDR_ANY; +- else +-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +-#ifndef BIT_FIELD_LIMITS +- memcpy(&server.sin_addr.s_addr,ip,4); +-#else +- memcpy(&server.sin_addr,ip,4); +-#endif +- +- if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); +- else /* type == SOCK_DGRAM */ +- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); ++ memset(&hints, '\0', sizeof(hints)); ++ hints.ai_socktype = type; ++ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; ++ ++ e = getaddrinfo(NULL, port, &hints, &res); ++ if (e) ++ { ++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); ++ if (e == EAI_SYSTEM) ++ perror("getaddrinfo"); ++ return (0); ++ } + +- if (s == INVALID_SOCKET) goto err; ++ res0 = res; ++ while (res) ++ { ++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); ++ if (s == INVALID_SOCKET) ++ { ++ failed_call = "socket"; ++ goto nextres; ++ } + #if defined SOL_SOCKET && defined SO_REUSEADDR + { + int j = 1; +@@ -353,36 +365,39 @@ + (void *) &j, sizeof j); + } + #endif +- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) ++ ++ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) + { +-#ifndef OPENSSL_SYS_WINDOWS +- perror("bind"); +-#endif +- goto err; ++ failed_call = "bind"; ++ goto nextres; + } +- /* Make it 128 for linux */ +- if (type==SOCK_STREAM && listen(s,128) == -1) goto err; +- i=0; +- *sock=s; +- ret=1; +-err: +- if ((ret == 0) && (s != -1)) ++ if (type==SOCK_STREAM && listen(s,128) == -1) + { +- SHUTDOWN(s); ++ failed_call = "listen"; ++ goto nextres; + } +- return(ret); ++ ++ *sock=s; ++ return(1); ++ ++nextres: ++ if (s != INVALID_SOCKET) ++ close(s); ++ res = res->ai_next; + } ++ freeaddrinfo(res0); + +-static int init_server(int *sock, int port, int type) +- { +- return(init_server_long(sock, port, NULL, type)); ++ if (s == INVALID_SOCKET) { perror("socket"); return(0); } ++ ++ perror(failed_call); ++ return(0); + } + + static int do_accept(int acc_sock, int *sock, char **host) + { +- int ret,i; +- struct hostent *h1,*h2; +- static struct sockaddr_in from; ++ static struct sockaddr_storage from; ++ char buffer[NI_MAXHOST]; ++ int ret; + int len; + /* struct linger ling; */ + +@@ -427,137 +442,62 @@ + if (i < 0) { perror("keepalive"); return(0); } + */ + +- if (host == NULL) goto end; +-#ifndef BIT_FIELD_LIMITS +- /* I should use WSAAsyncGetHostByName() under windows */ +- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, +- sizeof(from.sin_addr.s_addr),AF_INET); +-#else +- h1=gethostbyaddr((char *)&from.sin_addr, +- sizeof(struct in_addr),AF_INET); +-#endif +- if (h1 == NULL) ++ if (host == NULL) + { +- BIO_printf(bio_err,"bad gethostbyaddr\n"); +- *host=NULL; +- /* return(0); */ +- } +- else +- { +- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) +- { +- perror("OPENSSL_malloc"); ++ *sock=ret; + return(0); + } +- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); + +- h2=GetHostByName(*host); +- if (h2 == NULL) ++ if (getnameinfo((struct sockaddr *)&from, sizeof(from), ++ buffer, sizeof(buffer), ++ NULL, 0, 0)) + { +- BIO_printf(bio_err,"gethostbyname failure\n"); ++ BIO_printf(bio_err,"getnameinfo failed\n"); ++ *host=NULL; + return(0); + } +- i=0; +- if (h2->h_addrtype != AF_INET) ++ else + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) ++ { ++ perror("OPENSSL_malloc"); + return(0); + } +- } +-end: ++ strcpy(*host, buffer); + *sock=ret; + return(1); + } ++ } + +-int extract_host_port(char *str, char **host_ptr, unsigned char *ip, +- short *port_ptr) ++int extract_host_port(char *str, char **host_ptr, ++ char **port_ptr) + { +- char *h,*p; ++ char *h,*p,*x; + +- h=str; +- p=strchr(str,':'); ++ x=h=str; ++ if (*h == '[') ++ { ++ h++; ++ p=strchr(h,']'); + if (p == NULL) + { +- BIO_printf(bio_err,"no port defined\n"); ++ BIO_printf(bio_err,"no ending bracket for IPv6 address\n"); + return(0); + } + *(p++)='\0'; +- +- if ((ip != NULL) && !host_ip(str,ip)) +- goto err; +- if (host_ptr != NULL) *host_ptr=h; +- +- if (!extract_port(p,port_ptr)) +- goto err; +- return(1); +-err: +- return(0); ++ x = p; + } +- +-static int host_ip(char *str, unsigned char ip[4]) +- { +- unsigned int in[4]; +- int i; +- +- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) +- { +- for (i=0; i<4; i++) +- if (in[i] > 255) +- { +- BIO_printf(bio_err,"invalid IP address\n"); +- goto err; +- } +- ip[0]=in[0]; +- ip[1]=in[1]; +- ip[2]=in[2]; +- ip[3]=in[3]; +- } +- else +- { /* do a gethostbyname */ +- struct hostent *he; +- +- if (!ssl_sock_init()) return(0); +- +- he=GetHostByName(str); +- if (he == NULL) +- { +- BIO_printf(bio_err,"gethostbyname failure\n"); +- goto err; +- } +- /* cast to short because of win16 winsock definition */ +- if ((short)he->h_addrtype != AF_INET) ++ p=strchr(x,':'); ++ if (p == NULL) + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); +- return(0); +- } +- ip[0]=he->h_addr_list[0][0]; +- ip[1]=he->h_addr_list[0][1]; +- ip[2]=he->h_addr_list[0][2]; +- ip[3]=he->h_addr_list[0][3]; +- } +- return(1); +-err: ++ BIO_printf(bio_err,"no port defined\n"); + return(0); + } ++ *(p++)='\0'; + +-int extract_port(char *str, short *port_ptr) +- { +- int i; +- struct servent *s; ++ if (host_ptr != NULL) *host_ptr=h; ++ if (port_ptr != NULL) *port_ptr=p; + +- i=atoi(str); +- if (i != 0) +- *port_ptr=(unsigned short)i; +- else +- { +- s=getservbyname(str,"tcp"); +- if (s == NULL) +- { +- BIO_printf(bio_err,"getservbyname failure for %s\n",str); +- return(0); +- } +- *port_ptr=ntohs((unsigned short)s->s_port); +- } + return(1); + } + diff --git a/openssl-0.9.8b-pkcs7-leak.patch b/openssl-0.9.8b-pkcs7-leak.patch new file mode 100644 index 0000000..b6f7b2c --- /dev/null +++ b/openssl-0.9.8b-pkcs7-leak.patch @@ -0,0 +1,20 @@ +--- openssl-0.9.8b/crypto/pkcs7/pk7_smime.c.pk7-leak 2005-08-05 00:10:05.000000000 +0200 ++++ openssl-0.9.8b/crypto/pkcs7/pk7_smime.c 2006-07-20 13:53:16.000000000 +0200 +@@ -127,6 +127,8 @@ + } + } + ++ if(flags & PKCS7_DETACHED) PKCS7_set_detached(p7, 1); ++ + if (flags & PKCS7_STREAM) + return p7; + +@@ -138,8 +140,6 @@ + + SMIME_crlf_copy(data, p7bio, flags); + +- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); +- + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + PKCS7_free(p7); diff --git a/openssl.spec b/openssl.spec index b14a972..2b0f366 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: The OpenSSL toolkit Name: openssl Version: 0.9.8b -Release: 3.1 +Release: 4 Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -47,9 +47,13 @@ Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.7-beta5-version-add-engines.patch Patch36: openssl-0.9.8a-use-poll.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch +Patch39: openssl-0.9.8b-ipv6-apps.patch # Backported fixes including security fixes Patch51: openssl-0.9.8b-block-padding.patch Patch52: openssl-0.9.8b-pkcs12-fix.patch +Patch53: openssl-0.9.8b-bn-threadsafety.patch +Patch54: openssl-0.9.8b-aes-cachecol.patch +Patch55: openssl-0.9.8b-pkcs7-leak.patch License: BSDish Group: System Environment/Libraries @@ -106,9 +110,13 @@ from other formats to the formats used by the OpenSSL toolkit. %patch35 -p1 -b .version-add-engines %patch36 -p1 -b .use-poll %patch38 -p1 -b .cipher-change +%patch39 -p1 -b .ipv6-apps %patch51 -p1 -b .block-padding %patch52 -p1 -b .pkcs12-fix +%patch53 -p1 -b .bn-threadsafety +%patch54 -p1 -b .cachecol +%patch55 -p1 -b .pkcs7-leak # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -264,11 +272,11 @@ basearch=i386 # Do an opensslconf.h switcheroo to avoid file conflicts on systems where you # can have both a 32- and 64-bit version of the library, and they each need # their own correct-but-different versions of opensslconf.h to be usable. -install -m644 $RPM_SOURCE_DIR/opensslconf-new-warning.h \ +install -m644 %{SOURCE10} \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h -install -m644 $RPM_SOURCE_DIR/opensslconf-new.h \ +install -m644 %{SOURCE9} \ $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h %endif @@ -342,6 +350,11 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint %postun -p /sbin/ldconfig %changelog +* Thu Jul 20 2006 Tomas Mraz - 0.9.8b-4 +- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737) +- add patches for BN threadsafety, AES cache collision attack hazard fix and + pkcs7 code memleak fix from upstream CVS + * Wed Jul 12 2006 Jesse Keating - 0.9.8b-3.1 - rebuild