forked from pool/openssl-1_1
- Renamed from openssl-1_1_0 (bsc#1081335)
* All the minor versions of the 1.1.x openssl branch have the same sonum and keep ABI compatibility - Remove bit obsolete syntax - Use %license macro - Don't disable afalgeng on aarch64 - Add support for s390x CPACF enhancements (fate#321518) patches taken from https://github.com/openssl/openssl/pull/2859: * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch - Do not filter pkgconfig() provides/requires. - Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a clean upgrade path as an aid to zypp (boo#1070003). - Update to 1.1.0g OpenSSL Security Advisory [02 Nov 2017] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2
This commit is contained in:
commit
02427a3414
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
956
0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
Normal file
956
0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
Normal file
@ -0,0 +1,956 @@
|
||||
From fd708c2242408187cff392e8b0850275ac99376f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
|
||||
Date: Sun, 4 May 2014 23:36:54 -0400
|
||||
Subject: [PATCH] Axe builtin printf implementation, use glibc instead
|
||||
|
||||
|
||||
Index: openssl-1.1.0g/crypto/bio/b_print.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/bio/b_print.c 2017-11-02 15:29:02.000000000 +0100
|
||||
+++ openssl-1.1.0g/crypto/bio/b_print.c 2017-11-02 20:48:01.240953505 +0100
|
||||
@@ -21,831 +21,6 @@
|
||||
* on all source code distributions.
|
||||
*/
|
||||
|
||||
-#ifdef HAVE_LONG_DOUBLE
|
||||
-# define LDOUBLE long double
|
||||
-#else
|
||||
-# define LDOUBLE double
|
||||
-#endif
|
||||
-
|
||||
-static int fmtstr(char **, char **, size_t *, size_t *,
|
||||
- const char *, int, int, int);
|
||||
-static int fmtint(char **, char **, size_t *, size_t *,
|
||||
- int64_t, int, int, int, int);
|
||||
-static int fmtfp(char **, char **, size_t *, size_t *,
|
||||
- LDOUBLE, int, int, int, int);
|
||||
-static int doapr_outch(char **, char **, size_t *, size_t *, int);
|
||||
-static int _dopr(char **sbuffer, char **buffer,
|
||||
- size_t *maxlen, size_t *retlen, int *truncated,
|
||||
- const char *format, va_list args);
|
||||
-
|
||||
-/* format read states */
|
||||
-#define DP_S_DEFAULT 0
|
||||
-#define DP_S_FLAGS 1
|
||||
-#define DP_S_MIN 2
|
||||
-#define DP_S_DOT 3
|
||||
-#define DP_S_MAX 4
|
||||
-#define DP_S_MOD 5
|
||||
-#define DP_S_CONV 6
|
||||
-#define DP_S_DONE 7
|
||||
-
|
||||
-/* format flags - Bits */
|
||||
-/* left-aligned padding */
|
||||
-#define DP_F_MINUS (1 << 0)
|
||||
-/* print an explicit '+' for a value with positive sign */
|
||||
-#define DP_F_PLUS (1 << 1)
|
||||
-/* print an explicit ' ' for a value with positive sign */
|
||||
-#define DP_F_SPACE (1 << 2)
|
||||
-/* print 0/0x prefix for octal/hex and decimal point for floating point */
|
||||
-#define DP_F_NUM (1 << 3)
|
||||
-/* print leading zeroes */
|
||||
-#define DP_F_ZERO (1 << 4)
|
||||
-/* print HEX in UPPPERcase */
|
||||
-#define DP_F_UP (1 << 5)
|
||||
-/* treat value as unsigned */
|
||||
-#define DP_F_UNSIGNED (1 << 6)
|
||||
-
|
||||
-/* conversion flags */
|
||||
-#define DP_C_SHORT 1
|
||||
-#define DP_C_LONG 2
|
||||
-#define DP_C_LDOUBLE 3
|
||||
-#define DP_C_LLONG 4
|
||||
-
|
||||
-/* Floating point formats */
|
||||
-#define F_FORMAT 0
|
||||
-#define E_FORMAT 1
|
||||
-#define G_FORMAT 2
|
||||
-
|
||||
-/* some handy macros */
|
||||
-#define char_to_int(p) (p - '0')
|
||||
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
|
||||
-
|
||||
-static int
|
||||
-_dopr(char **sbuffer,
|
||||
- char **buffer,
|
||||
- size_t *maxlen,
|
||||
- size_t *retlen, int *truncated, const char *format, va_list args)
|
||||
-{
|
||||
- char ch;
|
||||
- int64_t value;
|
||||
- LDOUBLE fvalue;
|
||||
- char *strvalue;
|
||||
- int min;
|
||||
- int max;
|
||||
- int state;
|
||||
- int flags;
|
||||
- int cflags;
|
||||
- size_t currlen;
|
||||
-
|
||||
- state = DP_S_DEFAULT;
|
||||
- flags = currlen = cflags = min = 0;
|
||||
- max = -1;
|
||||
- ch = *format++;
|
||||
-
|
||||
- while (state != DP_S_DONE) {
|
||||
- if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
|
||||
- state = DP_S_DONE;
|
||||
-
|
||||
- switch (state) {
|
||||
- case DP_S_DEFAULT:
|
||||
- if (ch == '%')
|
||||
- state = DP_S_FLAGS;
|
||||
- else
|
||||
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
|
||||
- return 0;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case DP_S_FLAGS:
|
||||
- switch (ch) {
|
||||
- case '-':
|
||||
- flags |= DP_F_MINUS;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case '+':
|
||||
- flags |= DP_F_PLUS;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case ' ':
|
||||
- flags |= DP_F_SPACE;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case '#':
|
||||
- flags |= DP_F_NUM;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case '0':
|
||||
- flags |= DP_F_ZERO;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- default:
|
||||
- state = DP_S_MIN;
|
||||
- break;
|
||||
- }
|
||||
- break;
|
||||
- case DP_S_MIN:
|
||||
- if (isdigit((unsigned char)ch)) {
|
||||
- min = 10 * min + char_to_int(ch);
|
||||
- ch = *format++;
|
||||
- } else if (ch == '*') {
|
||||
- min = va_arg(args, int);
|
||||
- ch = *format++;
|
||||
- state = DP_S_DOT;
|
||||
- } else
|
||||
- state = DP_S_DOT;
|
||||
- break;
|
||||
- case DP_S_DOT:
|
||||
- if (ch == '.') {
|
||||
- state = DP_S_MAX;
|
||||
- ch = *format++;
|
||||
- } else
|
||||
- state = DP_S_MOD;
|
||||
- break;
|
||||
- case DP_S_MAX:
|
||||
- if (isdigit((unsigned char)ch)) {
|
||||
- if (max < 0)
|
||||
- max = 0;
|
||||
- max = 10 * max + char_to_int(ch);
|
||||
- ch = *format++;
|
||||
- } else if (ch == '*') {
|
||||
- max = va_arg(args, int);
|
||||
- ch = *format++;
|
||||
- state = DP_S_MOD;
|
||||
- } else
|
||||
- state = DP_S_MOD;
|
||||
- break;
|
||||
- case DP_S_MOD:
|
||||
- switch (ch) {
|
||||
- case 'h':
|
||||
- cflags = DP_C_SHORT;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case 'l':
|
||||
- if (*format == 'l') {
|
||||
- cflags = DP_C_LLONG;
|
||||
- format++;
|
||||
- } else
|
||||
- cflags = DP_C_LONG;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case 'q':
|
||||
- cflags = DP_C_LLONG;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- case 'L':
|
||||
- cflags = DP_C_LDOUBLE;
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- default:
|
||||
- break;
|
||||
- }
|
||||
- state = DP_S_CONV;
|
||||
- break;
|
||||
- case DP_S_CONV:
|
||||
- switch (ch) {
|
||||
- case 'd':
|
||||
- case 'i':
|
||||
- switch (cflags) {
|
||||
- case DP_C_SHORT:
|
||||
- value = (short int)va_arg(args, int);
|
||||
- break;
|
||||
- case DP_C_LONG:
|
||||
- value = va_arg(args, long int);
|
||||
- break;
|
||||
- case DP_C_LLONG:
|
||||
- value = va_arg(args, int64_t);
|
||||
- break;
|
||||
- default:
|
||||
- value = va_arg(args, int);
|
||||
- break;
|
||||
- }
|
||||
- if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
|
||||
- max, flags))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'X':
|
||||
- flags |= DP_F_UP;
|
||||
- /* FALLTHROUGH */
|
||||
- case 'x':
|
||||
- case 'o':
|
||||
- case 'u':
|
||||
- flags |= DP_F_UNSIGNED;
|
||||
- switch (cflags) {
|
||||
- case DP_C_SHORT:
|
||||
- value = (unsigned short int)va_arg(args, unsigned int);
|
||||
- break;
|
||||
- case DP_C_LONG:
|
||||
- value = va_arg(args, unsigned long int);
|
||||
- break;
|
||||
- case DP_C_LLONG:
|
||||
- value = va_arg(args, uint64_t);
|
||||
- break;
|
||||
- default:
|
||||
- value = va_arg(args, unsigned int);
|
||||
- break;
|
||||
- }
|
||||
- if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
|
||||
- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
|
||||
- min, max, flags))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'f':
|
||||
- if (cflags == DP_C_LDOUBLE)
|
||||
- fvalue = va_arg(args, LDOUBLE);
|
||||
- else
|
||||
- fvalue = va_arg(args, double);
|
||||
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
|
||||
- flags, F_FORMAT))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'E':
|
||||
- flags |= DP_F_UP;
|
||||
- /* fall thru */
|
||||
- case 'e':
|
||||
- if (cflags == DP_C_LDOUBLE)
|
||||
- fvalue = va_arg(args, LDOUBLE);
|
||||
- else
|
||||
- fvalue = va_arg(args, double);
|
||||
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
|
||||
- flags, E_FORMAT))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'G':
|
||||
- flags |= DP_F_UP;
|
||||
- /* fall thru */
|
||||
- case 'g':
|
||||
- if (cflags == DP_C_LDOUBLE)
|
||||
- fvalue = va_arg(args, LDOUBLE);
|
||||
- else
|
||||
- fvalue = va_arg(args, double);
|
||||
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
|
||||
- flags, G_FORMAT))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'c':
|
||||
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
|
||||
- va_arg(args, int)))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 's':
|
||||
- strvalue = va_arg(args, char *);
|
||||
- if (max < 0) {
|
||||
- if (buffer)
|
||||
- max = INT_MAX;
|
||||
- else
|
||||
- max = *maxlen;
|
||||
- }
|
||||
- if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
|
||||
- flags, min, max))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'p':
|
||||
- value = (size_t)va_arg(args, void *);
|
||||
- if (!fmtint(sbuffer, buffer, &currlen, maxlen,
|
||||
- value, 16, min, max, flags | DP_F_NUM))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'n': /* XXX */
|
||||
- if (cflags == DP_C_SHORT) {
|
||||
- short int *num;
|
||||
- num = va_arg(args, short int *);
|
||||
- *num = currlen;
|
||||
- } else if (cflags == DP_C_LONG) { /* XXX */
|
||||
- long int *num;
|
||||
- num = va_arg(args, long int *);
|
||||
- *num = (long int)currlen;
|
||||
- } else if (cflags == DP_C_LLONG) { /* XXX */
|
||||
- int64_t *num;
|
||||
- num = va_arg(args, int64_t *);
|
||||
- *num = (int64_t)currlen;
|
||||
- } else {
|
||||
- int *num;
|
||||
- num = va_arg(args, int *);
|
||||
- *num = currlen;
|
||||
- }
|
||||
- break;
|
||||
- case '%':
|
||||
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
|
||||
- return 0;
|
||||
- break;
|
||||
- case 'w':
|
||||
- /* not supported yet, treat as next char */
|
||||
- ch = *format++;
|
||||
- break;
|
||||
- default:
|
||||
- /* unknown, skip */
|
||||
- break;
|
||||
- }
|
||||
- ch = *format++;
|
||||
- state = DP_S_DEFAULT;
|
||||
- flags = cflags = min = 0;
|
||||
- max = -1;
|
||||
- break;
|
||||
- case DP_S_DONE:
|
||||
- break;
|
||||
- default:
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- /*
|
||||
- * We have to truncate if there is no dynamic buffer and we have filled the
|
||||
- * static buffer.
|
||||
- */
|
||||
- if (buffer == NULL) {
|
||||
- *truncated = (currlen > *maxlen - 1);
|
||||
- if (*truncated)
|
||||
- currlen = *maxlen - 1;
|
||||
- }
|
||||
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
|
||||
- return 0;
|
||||
- *retlen = currlen - 1;
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-fmtstr(char **sbuffer,
|
||||
- char **buffer,
|
||||
- size_t *currlen,
|
||||
- size_t *maxlen, const char *value, int flags, int min, int max)
|
||||
-{
|
||||
- int padlen;
|
||||
- size_t strln;
|
||||
- int cnt = 0;
|
||||
-
|
||||
- if (value == 0)
|
||||
- value = "<NULL>";
|
||||
-
|
||||
- strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
|
||||
-
|
||||
- padlen = min - strln;
|
||||
- if (min < 0 || padlen < 0)
|
||||
- padlen = 0;
|
||||
- if (max >= 0) {
|
||||
- /*
|
||||
- * Calculate the maximum output including padding.
|
||||
- * Make sure max doesn't overflow into negativity
|
||||
- */
|
||||
- if (max < INT_MAX - padlen)
|
||||
- max += padlen;
|
||||
- else
|
||||
- max = INT_MAX;
|
||||
- }
|
||||
- if (flags & DP_F_MINUS)
|
||||
- padlen = -padlen;
|
||||
-
|
||||
- while ((padlen > 0) && (max < 0 || cnt < max)) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
- return 0;
|
||||
- --padlen;
|
||||
- ++cnt;
|
||||
- }
|
||||
- while (strln > 0 && (max < 0 || cnt < max)) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
|
||||
- return 0;
|
||||
- --strln;
|
||||
- ++cnt;
|
||||
- }
|
||||
- while ((padlen < 0) && (max < 0 || cnt < max)) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
- return 0;
|
||||
- ++padlen;
|
||||
- ++cnt;
|
||||
- }
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-fmtint(char **sbuffer,
|
||||
- char **buffer,
|
||||
- size_t *currlen,
|
||||
- size_t *maxlen, int64_t value, int base, int min, int max, int flags)
|
||||
-{
|
||||
- int signvalue = 0;
|
||||
- const char *prefix = "";
|
||||
- uint64_t uvalue;
|
||||
- char convert[DECIMAL_SIZE(value) + 3];
|
||||
- int place = 0;
|
||||
- int spadlen = 0;
|
||||
- int zpadlen = 0;
|
||||
- int caps = 0;
|
||||
-
|
||||
- if (max < 0)
|
||||
- max = 0;
|
||||
- uvalue = value;
|
||||
- if (!(flags & DP_F_UNSIGNED)) {
|
||||
- if (value < 0) {
|
||||
- signvalue = '-';
|
||||
- uvalue = 0 - (uint64_t)value;
|
||||
- } else if (flags & DP_F_PLUS)
|
||||
- signvalue = '+';
|
||||
- else if (flags & DP_F_SPACE)
|
||||
- signvalue = ' ';
|
||||
- }
|
||||
- if (flags & DP_F_NUM) {
|
||||
- if (base == 8)
|
||||
- prefix = "0";
|
||||
- if (base == 16)
|
||||
- prefix = "0x";
|
||||
- }
|
||||
- if (flags & DP_F_UP)
|
||||
- caps = 1;
|
||||
- do {
|
||||
- convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
|
||||
- [uvalue % (unsigned)base];
|
||||
- uvalue = (uvalue / (unsigned)base);
|
||||
- } while (uvalue && (place < (int)sizeof(convert)));
|
||||
- if (place == sizeof(convert))
|
||||
- place--;
|
||||
- convert[place] = 0;
|
||||
-
|
||||
- zpadlen = max - place;
|
||||
- spadlen =
|
||||
- min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
|
||||
- if (zpadlen < 0)
|
||||
- zpadlen = 0;
|
||||
- if (spadlen < 0)
|
||||
- spadlen = 0;
|
||||
- if (flags & DP_F_ZERO) {
|
||||
- zpadlen = OSSL_MAX(zpadlen, spadlen);
|
||||
- spadlen = 0;
|
||||
- }
|
||||
- if (flags & DP_F_MINUS)
|
||||
- spadlen = -spadlen;
|
||||
-
|
||||
- /* spaces */
|
||||
- while (spadlen > 0) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
- return 0;
|
||||
- --spadlen;
|
||||
- }
|
||||
-
|
||||
- /* sign */
|
||||
- if (signvalue)
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
- return 0;
|
||||
-
|
||||
- /* prefix */
|
||||
- while (*prefix) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
|
||||
- return 0;
|
||||
- prefix++;
|
||||
- }
|
||||
-
|
||||
- /* zeros */
|
||||
- if (zpadlen > 0) {
|
||||
- while (zpadlen > 0) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
- return 0;
|
||||
- --zpadlen;
|
||||
- }
|
||||
- }
|
||||
- /* digits */
|
||||
- while (place > 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- /* left justified spaces */
|
||||
- while (spadlen < 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
- return 0;
|
||||
- ++spadlen;
|
||||
- }
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-static LDOUBLE abs_val(LDOUBLE value)
|
||||
-{
|
||||
- LDOUBLE result = value;
|
||||
- if (value < 0)
|
||||
- result = -value;
|
||||
- return result;
|
||||
-}
|
||||
-
|
||||
-static LDOUBLE pow_10(int in_exp)
|
||||
-{
|
||||
- LDOUBLE result = 1;
|
||||
- while (in_exp) {
|
||||
- result *= 10;
|
||||
- in_exp--;
|
||||
- }
|
||||
- return result;
|
||||
-}
|
||||
-
|
||||
-static long roundv(LDOUBLE value)
|
||||
-{
|
||||
- long intpart;
|
||||
- intpart = (long)value;
|
||||
- value = value - intpart;
|
||||
- if (value >= 0.5)
|
||||
- intpart++;
|
||||
- return intpart;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-fmtfp(char **sbuffer,
|
||||
- char **buffer,
|
||||
- size_t *currlen,
|
||||
- size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
|
||||
-{
|
||||
- int signvalue = 0;
|
||||
- LDOUBLE ufvalue;
|
||||
- LDOUBLE tmpvalue;
|
||||
- char iconvert[20];
|
||||
- char fconvert[20];
|
||||
- char econvert[20];
|
||||
- int iplace = 0;
|
||||
- int fplace = 0;
|
||||
- int eplace = 0;
|
||||
- int padlen = 0;
|
||||
- int zpadlen = 0;
|
||||
- long exp = 0;
|
||||
- unsigned long intpart;
|
||||
- unsigned long fracpart;
|
||||
- unsigned long max10;
|
||||
- int realstyle;
|
||||
-
|
||||
- if (max < 0)
|
||||
- max = 6;
|
||||
-
|
||||
- if (fvalue < 0)
|
||||
- signvalue = '-';
|
||||
- else if (flags & DP_F_PLUS)
|
||||
- signvalue = '+';
|
||||
- else if (flags & DP_F_SPACE)
|
||||
- signvalue = ' ';
|
||||
-
|
||||
- /*
|
||||
- * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
|
||||
- * depending on the number to be printed. Work out which one it is and use
|
||||
- * that from here on.
|
||||
- */
|
||||
- if (style == G_FORMAT) {
|
||||
- if (fvalue == 0.0) {
|
||||
- realstyle = F_FORMAT;
|
||||
- } else if (fvalue < 0.0001) {
|
||||
- realstyle = E_FORMAT;
|
||||
- } else if ((max == 0 && fvalue >= 10)
|
||||
- || (max > 0 && fvalue >= pow_10(max))) {
|
||||
- realstyle = E_FORMAT;
|
||||
- } else {
|
||||
- realstyle = F_FORMAT;
|
||||
- }
|
||||
- } else {
|
||||
- realstyle = style;
|
||||
- }
|
||||
-
|
||||
- if (style != F_FORMAT) {
|
||||
- tmpvalue = fvalue;
|
||||
- /* Calculate the exponent */
|
||||
- if (fvalue != 0.0) {
|
||||
- while (tmpvalue < 1) {
|
||||
- tmpvalue *= 10;
|
||||
- exp--;
|
||||
- }
|
||||
- while (tmpvalue > 10) {
|
||||
- tmpvalue /= 10;
|
||||
- exp++;
|
||||
- }
|
||||
- }
|
||||
- if (style == G_FORMAT) {
|
||||
- /*
|
||||
- * In G_FORMAT the "precision" represents significant digits. We
|
||||
- * always have at least 1 significant digit.
|
||||
- */
|
||||
- if (max == 0)
|
||||
- max = 1;
|
||||
- /* Now convert significant digits to decimal places */
|
||||
- if (realstyle == F_FORMAT) {
|
||||
- max -= (exp + 1);
|
||||
- if (max < 0) {
|
||||
- /*
|
||||
- * Should not happen. If we're in F_FORMAT then exp < max?
|
||||
- */
|
||||
- return 0;
|
||||
- }
|
||||
- } else {
|
||||
- /*
|
||||
- * In E_FORMAT there is always one significant digit in front
|
||||
- * of the decimal point, so:
|
||||
- * significant digits == 1 + decimal places
|
||||
- */
|
||||
- max--;
|
||||
- }
|
||||
- }
|
||||
- if (realstyle == E_FORMAT)
|
||||
- fvalue = tmpvalue;
|
||||
- }
|
||||
- ufvalue = abs_val(fvalue);
|
||||
- if (ufvalue > ULONG_MAX) {
|
||||
- /* Number too big */
|
||||
- return 0;
|
||||
- }
|
||||
- intpart = (unsigned long)ufvalue;
|
||||
-
|
||||
- /*
|
||||
- * sorry, we only support 9 digits past the decimal because of our
|
||||
- * conversion method
|
||||
- */
|
||||
- if (max > 9)
|
||||
- max = 9;
|
||||
-
|
||||
- /*
|
||||
- * we "cheat" by converting the fractional part to integer by multiplying
|
||||
- * by a factor of 10
|
||||
- */
|
||||
- max10 = roundv(pow_10(max));
|
||||
- fracpart = roundv(pow_10(max) * (ufvalue - intpart));
|
||||
-
|
||||
- if (fracpart >= max10) {
|
||||
- intpart++;
|
||||
- fracpart -= max10;
|
||||
- }
|
||||
-
|
||||
- /* convert integer part */
|
||||
- do {
|
||||
- iconvert[iplace++] = "0123456789"[intpart % 10];
|
||||
- intpart = (intpart / 10);
|
||||
- } while (intpart && (iplace < (int)sizeof(iconvert)));
|
||||
- if (iplace == sizeof iconvert)
|
||||
- iplace--;
|
||||
- iconvert[iplace] = 0;
|
||||
-
|
||||
- /* convert fractional part */
|
||||
- while (fplace < max) {
|
||||
- if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
|
||||
- /* We strip trailing zeros in G_FORMAT */
|
||||
- max--;
|
||||
- fracpart = fracpart / 10;
|
||||
- if (fplace < max)
|
||||
- continue;
|
||||
- break;
|
||||
- }
|
||||
- fconvert[fplace++] = "0123456789"[fracpart % 10];
|
||||
- fracpart = (fracpart / 10);
|
||||
- }
|
||||
-
|
||||
- if (fplace == sizeof fconvert)
|
||||
- fplace--;
|
||||
- fconvert[fplace] = 0;
|
||||
-
|
||||
- /* convert exponent part */
|
||||
- if (realstyle == E_FORMAT) {
|
||||
- int tmpexp;
|
||||
- if (exp < 0)
|
||||
- tmpexp = -exp;
|
||||
- else
|
||||
- tmpexp = exp;
|
||||
-
|
||||
- do {
|
||||
- econvert[eplace++] = "0123456789"[tmpexp % 10];
|
||||
- tmpexp = (tmpexp / 10);
|
||||
- } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
|
||||
- /* Exponent is huge!! Too big to print */
|
||||
- if (tmpexp > 0)
|
||||
- return 0;
|
||||
- /* Add a leading 0 for single digit exponents */
|
||||
- if (eplace == 1)
|
||||
- econvert[eplace++] = '0';
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * -1 for decimal point (if we have one, i.e. max > 0),
|
||||
- * another -1 if we are printing a sign
|
||||
- */
|
||||
- padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
|
||||
- /* Take some off for exponent prefix "+e" and exponent */
|
||||
- if (realstyle == E_FORMAT)
|
||||
- padlen -= 2 + eplace;
|
||||
- zpadlen = max - fplace;
|
||||
- if (zpadlen < 0)
|
||||
- zpadlen = 0;
|
||||
- if (padlen < 0)
|
||||
- padlen = 0;
|
||||
- if (flags & DP_F_MINUS)
|
||||
- padlen = -padlen;
|
||||
-
|
||||
- if ((flags & DP_F_ZERO) && (padlen > 0)) {
|
||||
- if (signvalue) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
- return 0;
|
||||
- --padlen;
|
||||
- signvalue = 0;
|
||||
- }
|
||||
- while (padlen > 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
- return 0;
|
||||
- --padlen;
|
||||
- }
|
||||
- }
|
||||
- while (padlen > 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
- return 0;
|
||||
- --padlen;
|
||||
- }
|
||||
- if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
|
||||
- return 0;
|
||||
-
|
||||
- while (iplace > 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * Decimal point. This should probably use locale to find the correct
|
||||
- * char to print out.
|
||||
- */
|
||||
- if (max > 0 || (flags & DP_F_NUM)) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
|
||||
- return 0;
|
||||
-
|
||||
- while (fplace > 0) {
|
||||
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
|
||||
- fconvert[--fplace]))
|
||||
- return 0;
|
||||
- }
|
||||
- }
|
||||
- while (zpadlen > 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
|
||||
- return 0;
|
||||
- --zpadlen;
|
||||
- }
|
||||
- if (realstyle == E_FORMAT) {
|
||||
- char ech;
|
||||
-
|
||||
- if ((flags & DP_F_UP) == 0)
|
||||
- ech = 'e';
|
||||
- else
|
||||
- ech = 'E';
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
|
||||
- return 0;
|
||||
- if (exp < 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
|
||||
- return 0;
|
||||
- } else {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
|
||||
- return 0;
|
||||
- }
|
||||
- while (eplace > 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
|
||||
- econvert[--eplace]))
|
||||
- return 0;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- while (padlen < 0) {
|
||||
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
|
||||
- return 0;
|
||||
- ++padlen;
|
||||
- }
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-#define BUFFER_INC 1024
|
||||
-
|
||||
-static int
|
||||
-doapr_outch(char **sbuffer,
|
||||
- char **buffer, size_t *currlen, size_t *maxlen, int c)
|
||||
-{
|
||||
- /* If we haven't at least one buffer, someone has doe a big booboo */
|
||||
- OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
|
||||
-
|
||||
- /* |currlen| must always be <= |*maxlen| */
|
||||
- OPENSSL_assert(*currlen <= *maxlen);
|
||||
-
|
||||
- if (buffer && *currlen == *maxlen) {
|
||||
- if (*maxlen > INT_MAX - BUFFER_INC)
|
||||
- return 0;
|
||||
-
|
||||
- *maxlen += BUFFER_INC;
|
||||
- if (*buffer == NULL) {
|
||||
- *buffer = OPENSSL_malloc(*maxlen);
|
||||
- if (*buffer == NULL)
|
||||
- return 0;
|
||||
- if (*currlen > 0) {
|
||||
- OPENSSL_assert(*sbuffer != NULL);
|
||||
- memcpy(*buffer, *sbuffer, *currlen);
|
||||
- }
|
||||
- *sbuffer = NULL;
|
||||
- } else {
|
||||
- char *tmpbuf;
|
||||
- tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
|
||||
- if (tmpbuf == NULL)
|
||||
- return 0;
|
||||
- *buffer = tmpbuf;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- if (*currlen < *maxlen) {
|
||||
- if (*sbuffer)
|
||||
- (*sbuffer)[(*currlen)++] = (char)c;
|
||||
- else
|
||||
- (*buffer)[(*currlen)++] = (char)c;
|
||||
- }
|
||||
-
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-/***************************************************************************/
|
||||
-
|
||||
int BIO_printf(BIO *bio, const char *format, ...)
|
||||
{
|
||||
va_list args;
|
||||
@@ -859,30 +34,36 @@ int BIO_printf(BIO *bio, const char *for
|
||||
return (ret);
|
||||
}
|
||||
|
||||
+static ssize_t cookie_BIO_write(void *cookie, const char *buf, size_t size)
|
||||
+{
|
||||
+ int ret;
|
||||
+ ret = BIO_write(cookie, buf, size);
|
||||
+ /* BIO_write may return negative value on error,
|
||||
+ * but we must return 0 on that case
|
||||
+ */
|
||||
+ return (ret < 0) ? 0 : ret;
|
||||
+}
|
||||
+
|
||||
int BIO_vprintf(BIO *bio, const char *format, va_list args)
|
||||
{
|
||||
+ FILE *fp;
|
||||
int ret;
|
||||
- size_t retlen;
|
||||
- char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable
|
||||
- * in small-stack environments, like threads
|
||||
- * or DOS programs. */
|
||||
- char *hugebufp = hugebuf;
|
||||
- size_t hugebufsize = sizeof(hugebuf);
|
||||
- char *dynbuf = NULL;
|
||||
- int ignored;
|
||||
-
|
||||
- dynbuf = NULL;
|
||||
- if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
|
||||
- args)) {
|
||||
- OPENSSL_free(dynbuf);
|
||||
- return -1;
|
||||
- }
|
||||
- if (dynbuf) {
|
||||
- ret = BIO_write(bio, dynbuf, (int)retlen);
|
||||
- OPENSSL_free(dynbuf);
|
||||
- } else {
|
||||
- ret = BIO_write(bio, hugebuf, (int)retlen);
|
||||
- }
|
||||
+
|
||||
+ cookie_io_functions_t bio_funcs = {
|
||||
+ .read = NULL,
|
||||
+ .write = cookie_BIO_write,
|
||||
+ .seek = NULL,
|
||||
+ .close = NULL,
|
||||
+ };
|
||||
+
|
||||
+ fp = fopencookie(bio, "w", bio_funcs);
|
||||
+
|
||||
+ if (fp == NULL)
|
||||
+ return -1;
|
||||
+
|
||||
+ ret = vfprintf(fp, format, args);
|
||||
+
|
||||
+ fclose(fp);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
@@ -898,29 +79,21 @@ int BIO_snprintf(char *buf, size_t n, co
|
||||
int ret;
|
||||
|
||||
va_start(args, format);
|
||||
+ ret = vsnprintf(buf, n, format, args);
|
||||
+ va_end(args);
|
||||
|
||||
- ret = BIO_vsnprintf(buf, n, format, args);
|
||||
+ if (ret >= n || ret == -1) return (-1);
|
||||
|
||||
- va_end(args);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
|
||||
{
|
||||
- size_t retlen;
|
||||
- int truncated;
|
||||
+ int ret;
|
||||
+ ret = vsnprintf(buf, n, format, args);
|
||||
|
||||
- if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
|
||||
- return -1;
|
||||
+ if (ret >= n || ret == -1)
|
||||
+ return (-1);
|
||||
|
||||
- if (truncated)
|
||||
- /*
|
||||
- * In case of truncation, return -1 like traditional snprintf.
|
||||
- * (Current drafts for ISO/IEC 9899 say snprintf should return the
|
||||
- * number of characters that would have been written, had the buffer
|
||||
- * been large enough.)
|
||||
- */
|
||||
- return -1;
|
||||
- else
|
||||
- return (retlen <= INT_MAX) ? (int)retlen : -1;
|
||||
+ return (ret);
|
||||
}
|
||||
Index: openssl-1.1.0g/test/bioprinttest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/test/bioprinttest.c 2017-11-02 15:29:05.000000000 +0100
|
||||
+++ openssl-1.1.0g/test/bioprinttest.c 2017-11-02 20:45:03.446174264 +0100
|
||||
@@ -200,13 +200,6 @@ int main(int argc, char **argv)
|
||||
dofptest(test++, 66666.0 + frac, width, prec, &fail);
|
||||
}
|
||||
|
||||
- /* Test excessively big number. Should fail */
|
||||
- if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) {
|
||||
- printf("Test %d failed. Unexpected success return from "
|
||||
- "BIO_snprintf()\n", test);
|
||||
- fail = 1;
|
||||
- }
|
||||
-
|
||||
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
|
||||
if (CRYPTO_mem_leaks_fp(stderr) <= 0)
|
||||
return 1;
|
@ -0,0 +1,49 @@
|
||||
From c5ac41de1511f898301c298b2b28d05372cba817 Mon Sep 17 00:00:00 2001
|
||||
From: Vitezslav Cizek <vcizek@suse.com>
|
||||
Date: Thu, 8 Dec 2016 13:10:33 +0100
|
||||
Subject: [PATCH] Resume reading from randfile when interrupted by a signal.
|
||||
|
||||
It was regularly observed with openssh:
|
||||
sshd: fatal: cannot read from /dev/urandom, Interrupted system call
|
||||
---
|
||||
crypto/rand/randfile.c | 15 ++++++++++++++-
|
||||
1 file changed, 14 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
|
||||
index c96383a..6e39e86 100644
|
||||
--- a/crypto/rand/randfile.c
|
||||
+++ b/crypto/rand/randfile.c
|
||||
@@ -104,6 +104,12 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
|
||||
|
||||
#define RFILE ".rnd"
|
||||
|
||||
+#ifdef EINTR
|
||||
+# define INTERRUPTED(in) (ferror(in) && errno == EINTR)
|
||||
+#else
|
||||
+# define INTERRUPTED (0)
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Note that these functions are intended for seed files only. Entropy
|
||||
* devices and EGD sockets are handled in rand_unix.c
|
||||
@@ -162,9 +168,16 @@ int RAND_load_file(const char *file, long bytes)
|
||||
n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
|
||||
else
|
||||
n = BUFSIZE;
|
||||
+
|
||||
i = fread(buf, 1, n, in);
|
||||
- if (i <= 0)
|
||||
+ if (i <= 0) {
|
||||
+ if (INTERRUPTED(in)) {
|
||||
+ /* Interrupted by a signal, resume reading */
|
||||
+ clearerr(in);
|
||||
+ continue;
|
||||
+ }
|
||||
break;
|
||||
+ }
|
||||
|
||||
RAND_add(buf, i, (double)i);
|
||||
ret += i;
|
||||
--
|
||||
2.10.2
|
||||
|
@ -0,0 +1,47 @@
|
||||
From 7b46a0ed5938e28d974757db44cc9d299ad5cb4e Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 23 Feb 2017 14:03:39 +0100
|
||||
Subject: [PATCH 02/44] crypto/modes/asm/ghash-s390x.pl: fix gcm_gmult_4bit
|
||||
KIMD code path.
|
||||
|
||||
gcm_gmult_4bit KIMD code path assumed that that Xi is processed.
|
||||
However, with iv lengths not equal to 12, the function is also used to process
|
||||
Yi, resulting in wrong ghash computation.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/modes/asm/ghash-s390x.pl | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
|
||||
index f8b038c708..6dbb8232d6 100644
|
||||
--- a/crypto/modes/asm/ghash-s390x.pl
|
||||
+++ b/crypto/modes/asm/ghash-s390x.pl
|
||||
@@ -95,14 +95,23 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
|
||||
lg %r1,24(%r1) # load second word of kimd capabilities vector
|
||||
tmhh %r1,0x4000 # check for function 65
|
||||
jz .Lsoft_gmult
|
||||
+ lghi %r1,-16
|
||||
stg %r0,16($sp) # arrange 16 bytes of zero input
|
||||
stg %r0,24($sp)
|
||||
+ la $Htbl,0(%r1,$Htbl) # H lies right before Htable
|
||||
+
|
||||
lghi %r0,65 # function 65
|
||||
- la %r1,0($Xi) # H lies right after Xi in gcm128_context
|
||||
+ la %r1,32($sp)
|
||||
+ mvc 32(16,$sp),0($Xi) # copy Xi/Yi
|
||||
+ mvc 48(16,$sp),0($Htbl) # copy H
|
||||
la $inp,16($sp)
|
||||
lghi $len,16
|
||||
.long 0xb93e0004 # kimd %r0,$inp
|
||||
brc 1,.-4 # pay attention to "partial completion"
|
||||
+
|
||||
+ mvc 0(16,$Xi),32($sp)
|
||||
+ xc 32(32,$sp),32($sp) # wipe stack
|
||||
+
|
||||
br %r14
|
||||
.align 32
|
||||
.Lsoft_gmult:
|
||||
--
|
||||
2.13.6
|
||||
|
112
0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
Normal file
112
0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
Normal file
@ -0,0 +1,112 @@
|
||||
From 3e1c11dd482dd4626989bb6d84fc708d9bb95219 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Mon, 30 Jan 2017 17:37:54 +0100
|
||||
Subject: [PATCH 04/44] s390x assembly pack: add OPENSSL_s390xcap environment
|
||||
variable.
|
||||
|
||||
The OPENSSL_s390xcap environment variable is used to set bits in the s390x
|
||||
capability vector to zero. This simplifies testing of different code paths.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/s390x_arch.h | 28 ++++++++++++++++++++++++++++
|
||||
crypto/s390xcap.c | 33 +++++++++++++++++++++++++++++----
|
||||
2 files changed, 57 insertions(+), 4 deletions(-)
|
||||
create mode 100644 crypto/s390x_arch.h
|
||||
|
||||
Index: openssl-1.1.0g/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 15:26:40.291112320 +0100
|
||||
@@ -0,0 +1,28 @@
|
||||
+/*
|
||||
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#ifndef S390X_ARCH_H
|
||||
+# define S390X_ARCH_H
|
||||
+
|
||||
+# include <stdint.h>
|
||||
+
|
||||
+/*
|
||||
+ * The elements of OPENSSL_s390xcap_P are the doublewords returned by the STFLE
|
||||
+ * instruction followed by the doubleword pairs returned by instructions' QUERY
|
||||
+ * functions. If STFLE returns fewer doublewords or an instruction is not
|
||||
+ * supported, the corresponding element is zero. The order is as follows:
|
||||
+ *
|
||||
+ * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
|
||||
+ */
|
||||
+# define S390X_STFLE_DWORDS 2
|
||||
+# define S390X_QUERY_DWORDS 8
|
||||
+# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
|
||||
+extern unsigned long long OPENSSL_s390xcap_P[];
|
||||
+
|
||||
+#endif
|
||||
Index: openssl-1.1.0g/crypto/s390xcap.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390xcap.c 2017-11-02 15:29:03.000000000 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390xcap.c 2018-01-10 15:27:42.988113439 +0100
|
||||
@@ -14,6 +14,7 @@
|
||||
#include <signal.h>
|
||||
|
||||
unsigned long long OPENSSL_s390xcap_P[10];
|
||||
+#include "s390x_arch.h"
|
||||
|
||||
static sigjmp_buf ill_jmp;
|
||||
static void ill_handler(int sig)
|
||||
@@ -21,17 +22,21 @@ static void ill_handler(int sig)
|
||||
siglongjmp(ill_jmp, sig);
|
||||
}
|
||||
|
||||
-unsigned long OPENSSL_s390x_facilities(void);
|
||||
+void OPENSSL_s390x_facilities(void);
|
||||
|
||||
void OPENSSL_cpuid_setup(void)
|
||||
{
|
||||
sigset_t oset;
|
||||
struct sigaction ill_act, oact;
|
||||
+ uint64_t vec;
|
||||
+ char *env;
|
||||
+ int off;
|
||||
+ int i;
|
||||
|
||||
if (OPENSSL_s390xcap_P[0])
|
||||
return;
|
||||
|
||||
- OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1);
|
||||
+ OPENSSL_s390xcap_P[0] = 1ULL << (8 * sizeof(uint64_t) - 1);
|
||||
|
||||
memset(&ill_act, 0, sizeof(ill_act));
|
||||
ill_act.sa_handler = ill_handler;
|
||||
@@ -47,4 +52,26 @@ void OPENSSL_cpuid_setup(void)
|
||||
|
||||
sigaction(SIGILL, &oact, NULL);
|
||||
sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
+
|
||||
+ if ((env = getenv("OPENSSL_s390xcap")) != NULL) {
|
||||
+ for (i = 0; i < S390X_CAP_DWORDS; i++) {
|
||||
+ off = (env[0] == '~') ? 1 : 0;
|
||||
+
|
||||
+ if (sscanf(env + off, "%llx", (unsigned long long *)&vec) == 1)
|
||||
+ OPENSSL_s390xcap_P[i] &= off ? ~vec : vec;
|
||||
+
|
||||
+ if (i == S390X_STFLE_DWORDS - 1)
|
||||
+ env = strchr(env, '.');
|
||||
+ else
|
||||
+ env = strpbrk(env, ":.");
|
||||
+
|
||||
+ if (env == NULL)
|
||||
+ break;
|
||||
+
|
||||
+ if (env[0] == '.')
|
||||
+ i = S390X_STFLE_DWORDS - 1;
|
||||
+
|
||||
+ env++;
|
||||
+ }
|
||||
+ }
|
||||
}
|
114
0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Normal file
114
0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Normal file
@ -0,0 +1,114 @@
|
||||
From 79310b18d90badd58595cf2fff40591ad76c301a Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 31 Jan 2017 12:43:35 +0100
|
||||
Subject: [PATCH 05/44] s390x assembly pack: add OPENSSL_s390xcap man page.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 94 +++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 94 insertions(+)
|
||||
create mode 100644 doc/man3/OPENSSL_s390xcap.pod
|
||||
|
||||
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
|
||||
new file mode 100644
|
||||
index 0000000000..de56c7cf55
|
||||
--- /dev/null
|
||||
+++ b/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -0,0 +1,94 @@
|
||||
+=pod
|
||||
+
|
||||
+=head1 NAME
|
||||
+
|
||||
+OPENSSL_s390xcap - the z processor capabilities vector
|
||||
+
|
||||
+=head1 SYNOPSIS
|
||||
+
|
||||
+ env OPENSSL_s390xcap=... <application>
|
||||
+
|
||||
+=head1 DESCRIPTION
|
||||
+
|
||||
+libcrypto supports z architecture instruction set extensions. These
|
||||
+extensions are denoted by individual bits in the capability vector.
|
||||
+When libcrypto is initialized, the bits returned by the STFLE instruction
|
||||
+and by the QUERY functions are stored in the vector.
|
||||
+
|
||||
+The OPENSSL_s390xcap environment variable can be set before starting an
|
||||
+application to affect capability detection. It is specified by a
|
||||
+colon-separated list of 64-bit values in hexadecimal notation, the 0x
|
||||
+prefix being optional. The ~ prefix means bitwise NOT and a point
|
||||
+indicates the end of the STFLE bits respectively the beginning of the
|
||||
+QUERY bits.
|
||||
+
|
||||
+After initialization, the capability vector is ANDed bitwise with the
|
||||
+corresponding parts of the environment variable.
|
||||
+
|
||||
+The following bits are significant:
|
||||
+
|
||||
+.
|
||||
+
|
||||
+=over
|
||||
+
|
||||
+=item #60 KIMD-SHA-512
|
||||
+
|
||||
+=item #61 KIMD-SHA-256
|
||||
+
|
||||
+=item #62 KIMD-SHA-1
|
||||
+
|
||||
+=back
|
||||
+
|
||||
+:
|
||||
+
|
||||
+=over
|
||||
+
|
||||
+=item #62 KIMD-GHASH
|
||||
+
|
||||
+=back
|
||||
+
|
||||
+:
|
||||
+
|
||||
+=over
|
||||
+
|
||||
+=item #11 KM-XTS-AES-256
|
||||
+
|
||||
+=item #13 KM-XTS-AES-128
|
||||
+
|
||||
+=item #43 KM-AES-256
|
||||
+
|
||||
+=item #44 KM-AES-192
|
||||
+
|
||||
+=item #45 KM-AES-128
|
||||
+
|
||||
+=back
|
||||
+
|
||||
+:
|
||||
+:
|
||||
+
|
||||
+=over
|
||||
+
|
||||
+=item #43 KMC-AES-256
|
||||
+
|
||||
+=item #44 KMC-AES-192
|
||||
+
|
||||
+=item #45 KMC-AES-128
|
||||
+
|
||||
+=back
|
||||
+
|
||||
+=head1 EXAMPLES
|
||||
+
|
||||
+OPENSSL_s390xcap=.0:0 disables KIMD.
|
||||
+
|
||||
+OPENSSL_s390xcap=.::~0x2800 disables KM-XTS-AES.
|
||||
+
|
||||
+=head1 COPYRIGHT
|
||||
+
|
||||
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+
|
||||
+Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+this file except in compliance with the License. You can obtain a copy
|
||||
+in the file LICENSE in the source distribution or at
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
--
|
||||
2.13.6
|
||||
|
220
0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
Normal file
220
0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
Normal file
@ -0,0 +1,220 @@
|
||||
From 9c59438dadc2b8026c058deb0759da78de1bb7ba Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Fri, 10 Feb 2017 19:43:08 +0100
|
||||
Subject: [PATCH 06/44] s390x assembly pack: extended s390x capability vector
|
||||
(STFLE).
|
||||
|
||||
Extended the s390x capability vector to store the longer facility list
|
||||
available from z13 onwards. The bits indicating the vector extensions
|
||||
are set to zero, if the kernel does not enable the vector facility.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/aes/asm/aes-s390x.pl | 10 +++++-----
|
||||
crypto/modes/asm/ghash-s390x.pl | 4 ++--
|
||||
crypto/s390x_arch.h | 9 +++++++--
|
||||
crypto/s390xcap.c | 31 +++++++++++++++++++++++++++++++
|
||||
crypto/s390xcpuid.S | 14 +++++++++-----
|
||||
crypto/sha/asm/sha1-s390x.pl | 4 ++--
|
||||
crypto/sha/asm/sha512-s390x.pl | 4 ++--
|
||||
7 files changed, 58 insertions(+), 18 deletions(-)
|
||||
|
||||
Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl 2018-01-10 17:22:31.466891754 +0100
|
||||
@@ -823,8 +823,8 @@ $code.=<<___ if (!$softonly);
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
llihh %r0,0x8000
|
||||
srlg %r0,%r0,0(%r5)
|
||||
- ng %r0,32(%r1) # check availability of both km...
|
||||
- ng %r0,48(%r1) # ...and kmc support for given key length
|
||||
+ ng %r0,40(%r1) # check availability of both km...
|
||||
+ ng %r0,56(%r1) # ...and kmc support for given key length
|
||||
jz .Lekey_internal
|
||||
|
||||
lmg %r0,%r1,0($inp) # just copy 128 bits...
|
||||
@@ -1442,7 +1442,7 @@ $code.=<<___ if (!$softonly && 0);# kmct
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
llihh %r0,0x8000 # check if kmctr supports the function code
|
||||
srlg %r0,%r0,0($s0)
|
||||
- ng %r0,64(%r1) # check kmctr capability vector
|
||||
+ ng %r0,72(%r1) # check kmctr capability vector
|
||||
lgr %r0,$s0
|
||||
lgr %r1,$s1
|
||||
jz .Lctr32_km_loop
|
||||
@@ -1592,7 +1592,7 @@ $code.=<<___ if(1);
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
llihh %r0,0x8000
|
||||
srlg %r0,%r0,32($s1) # check for 32+function code
|
||||
- ng %r0,32(%r1) # check km capability vector
|
||||
+ ng %r0,40(%r1) # check km capability vector
|
||||
lgr %r0,$s0 # restore the function code
|
||||
la %r1,0($key1) # restore $key1
|
||||
jz .Lxts_km_vanilla
|
||||
Index: openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/modes/asm/ghash-s390x.pl 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl 2018-01-10 17:13:07.430224756 +0100
|
||||
@@ -89,7 +89,7 @@ ___
|
||||
$code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
lghi %r0,0
|
||||
- lg %r1,24(%r1) # load second word of kimd capabilities vector
|
||||
+ lg %r1,32(%r1) # load second word of kimd capabilities vector
|
||||
tmhh %r1,0x4000 # check for function 65
|
||||
jz .Lsoft_gmult
|
||||
lghi %r1,-16
|
||||
@@ -132,7 +132,7 @@ gcm_ghash_4bit:
|
||||
___
|
||||
$code.=<<___ if(!$softonly);
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
- lg %r0,24(%r1) # load second word of kimd capabilities vector
|
||||
+ lg %r0,32(%r1) # load second word of kimd capabilities vector
|
||||
tmhh %r0,0x4000 # check for function 65
|
||||
jz .Lsoft_ghash
|
||||
lghi %r0,65 # function 65
|
||||
Index: openssl-1.1.0g/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 17:13:07.430224756 +0100
|
||||
@@ -18,11 +18,16 @@
|
||||
* functions. If STFLE returns fewer doublewords or an instruction is not
|
||||
* supported, the corresponding element is zero. The order is as follows:
|
||||
*
|
||||
- * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
|
||||
+ * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
|
||||
*/
|
||||
-# define S390X_STFLE_DWORDS 2
|
||||
+# define S390X_STFLE_DWORDS 3
|
||||
# define S390X_QUERY_DWORDS 8
|
||||
# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
|
||||
extern unsigned long long OPENSSL_s390xcap_P[];
|
||||
|
||||
+/* OPENSSL_s390xcap_P[2] flags */
|
||||
+# define S390X_STFLE_VXE (1ULL << 56)
|
||||
+# define S390X_STFLE_VXD (1ULL << 57)
|
||||
+# define S390X_STFLE_VX (1ULL << 62)
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.0g/crypto/s390xcap.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390xcap.c 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390xcap.c 2018-01-10 17:13:07.430224756 +0100
|
||||
@@ -22,6 +22,31 @@ static void ill_handler(int sig)
|
||||
siglongjmp(ill_jmp, sig);
|
||||
}
|
||||
|
||||
+/*-
|
||||
+ * os-specific function to check if "vector enablement control"-bit and
|
||||
+ * "AFP register control"-bit in control register 0 are set.
|
||||
+ */
|
||||
+static int vx_enabled(void)
|
||||
+{
|
||||
+#if defined(OPENSSL_SYS_LINUX)
|
||||
+ FILE *fd;
|
||||
+ char buf[4096];
|
||||
+
|
||||
+ if ((fd = fopen("/proc/cpuinfo", "r")) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ buf[0] = '\0';
|
||||
+
|
||||
+ while ((fgets(buf, sizeof(buf), fd) != NULL)
|
||||
+ && (strstr(buf, "features") != buf));
|
||||
+
|
||||
+ fclose(fd);
|
||||
+ return (strstr(buf, " vx ") != NULL) ? 1 : 0;
|
||||
+#else
|
||||
+ return 0;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
void OPENSSL_s390x_facilities(void);
|
||||
|
||||
void OPENSSL_cpuid_setup(void)
|
||||
@@ -53,6 +78,12 @@ void OPENSSL_cpuid_setup(void)
|
||||
sigaction(SIGILL, &oact, NULL);
|
||||
sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
|
||||
+ /* protection against disabled vector facility */
|
||||
+ if (!vx_enabled()) {
|
||||
+ OPENSSL_s390xcap_P[2] &= ~(S390X_STFLE_VXE | S390X_STFLE_VXD |
|
||||
+ S390X_STFLE_VX);
|
||||
+ }
|
||||
+
|
||||
if ((env = getenv("OPENSSL_s390xcap")) != NULL) {
|
||||
for (i = 0; i < S390X_CAP_DWORDS; i++) {
|
||||
off = (env[0] == '~') ? 1 : 0;
|
||||
Index: openssl-1.1.0g/crypto/s390xcpuid.S
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390xcpuid.S 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390xcpuid.S 2018-01-10 17:13:07.430224756 +0100
|
||||
@@ -21,33 +21,37 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,56(%r4)
|
||||
stg %r0,64(%r4)
|
||||
stg %r0,72(%r4)
|
||||
+ stg %r0,80(%r4)
|
||||
|
||||
.long 0xb2b04000 # stfle 0(%r4)
|
||||
brc 8,.Ldone
|
||||
lghi %r0,1
|
||||
.long 0xb2b04000 # stfle 0(%r4)
|
||||
+ brc 8,.Ldone
|
||||
+ lghi %r0,2
|
||||
+ .long 0xb2b04000 # stfle 0(%r4)
|
||||
.Ldone:
|
||||
lmg %r2,%r3,0(%r4)
|
||||
tmhl %r2,0x4000 # check for message-security-assist
|
||||
jz .Lret
|
||||
|
||||
lghi %r0,0 # query kimd capabilities
|
||||
- la %r1,16(%r4)
|
||||
+ la %r1,24(%r4)
|
||||
.long 0xb93e0002 # kimd %r0,%r2
|
||||
|
||||
lghi %r0,0 # query km capability vector
|
||||
- la %r1,32(%r4)
|
||||
+ la %r1,40(%r4)
|
||||
.long 0xb92e0042 # km %r4,%r2
|
||||
|
||||
lghi %r0,0 # query kmc capability vector
|
||||
- la %r1,48(%r4)
|
||||
+ la %r1,56(%r4)
|
||||
.long 0xb92f0042 # kmc %r4,%r2
|
||||
|
||||
tmhh %r3,0x0004 # check for message-security-assist-4
|
||||
jz .Lret
|
||||
|
||||
lghi %r0,0 # query kmctr capability vector
|
||||
- la %r1,64(%r4)
|
||||
+ la %r1,72(%r4)
|
||||
.long 0xb92d2042 # kmctr %r4,%r2,%r2
|
||||
|
||||
.Lret:
|
||||
Index: openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/sha/asm/sha1-s390x.pl 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl 2018-01-10 17:13:07.430224756 +0100
|
||||
@@ -172,7 +172,7 @@ sha1_block_data_order:
|
||||
___
|
||||
$code.=<<___ if ($kimdfunc);
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
- lg %r0,16(%r1) # check kimd capabilities
|
||||
+ lg %r0,24(%r1) # check kimd capabilities
|
||||
tmhh %r0,`0x8000>>$kimdfunc`
|
||||
jz .Lsoftware
|
||||
lghi %r0,$kimdfunc
|
||||
Index: openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/sha/asm/sha512-s390x.pl 2018-01-10 17:13:05.962202226 +0100
|
||||
+++ openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl 2018-01-10 17:13:07.430224756 +0100
|
||||
@@ -244,7 +244,7 @@ $Func:
|
||||
___
|
||||
$code.=<<___ if ($kimdfunc);
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
- lg %r0,16(%r1) # check kimd capabilities
|
||||
+ lg %r0,24(%r1) # check kimd capabilities
|
||||
tmhh %r0,`0x8000>>$kimdfunc`
|
||||
jz .Lsoftware
|
||||
lghi %r0,$kimdfunc
|
220
0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
Normal file
220
0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
Normal file
@ -0,0 +1,220 @@
|
||||
From 29039576b1512a3508d40929dad605cefe806186 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Thu, 16 Feb 2017 09:05:28 +0100
|
||||
Subject: [PATCH 07/44] crypto/evp/e_aes.c: add foundations for extended s390x
|
||||
support.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/evp/e_aes.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
crypto/s390x_arch.h | 10 +++
|
||||
2 files changed, 185 insertions(+)
|
||||
|
||||
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
|
||||
index 802b1d814d..d5932e1c64 100644
|
||||
--- a/crypto/evp/e_aes.c
|
||||
+++ b/crypto/evp/e_aes.c
|
||||
@@ -950,6 +950,181 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
|
||||
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
|
||||
{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
|
||||
|
||||
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY)
|
||||
+/*
|
||||
+ * IBM S390X support
|
||||
+ */
|
||||
+# include "s390x_arch.h"
|
||||
+
|
||||
+/*-
|
||||
+ * If KM and KMC support the function code, AES_KEY structure holds
|
||||
+ * key/function code (instead of key schedule/number of rounds).
|
||||
+ */
|
||||
+# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
|
||||
+
|
||||
+# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
|
||||
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
|
||||
+# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\
|
||||
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192))
|
||||
+# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
|
||||
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
|
||||
+
|
||||
+# define s390x_aes_init_key aes_init_key
|
||||
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
+ const unsigned char *iv, int enc);
|
||||
+
|
||||
+# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
|
||||
+# define S390X_aes_192_cbc_CAPABLE 1
|
||||
+# define S390X_aes_256_cbc_CAPABLE 1
|
||||
+
|
||||
+# define s390x_aes_cbc_cipher aes_cbc_cipher
|
||||
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_ecb_CAPABLE 0
|
||||
+# define S390X_aes_192_ecb_CAPABLE 0
|
||||
+# define S390X_aes_256_ecb_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_ecb_cipher aes_ecb_cipher
|
||||
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_ofb_CAPABLE 0
|
||||
+# define S390X_aes_192_ofb_CAPABLE 0
|
||||
+# define S390X_aes_256_ofb_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_ofb_cipher aes_ofb_cipher
|
||||
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_cfb_CAPABLE 0
|
||||
+# define S390X_aes_192_cfb_CAPABLE 0
|
||||
+# define S390X_aes_256_cfb_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_cfb_cipher aes_cfb_cipher
|
||||
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_cfb8_CAPABLE 0
|
||||
+# define S390X_aes_192_cfb8_CAPABLE 0
|
||||
+# define S390X_aes_256_cfb8_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_cfb8_cipher aes_cfb8_cipher
|
||||
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_cfb1_CAPABLE 0
|
||||
+# define S390X_aes_192_cfb1_CAPABLE 0
|
||||
+# define S390X_aes_256_cfb1_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
|
||||
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
|
||||
+# define S390X_aes_192_ctr_CAPABLE 1
|
||||
+# define S390X_aes_256_ctr_CAPABLE 1
|
||||
+
|
||||
+# define s390x_aes_ctr_cipher aes_ctr_cipher
|
||||
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_gcm_CAPABLE 0
|
||||
+# define S390X_aes_192_gcm_CAPABLE 0
|
||||
+# define S390X_aes_256_gcm_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_gcm_init_key aes_gcm_init_key
|
||||
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv, int enc);
|
||||
+
|
||||
+# define s390x_aes_gcm_cipher aes_gcm_cipher
|
||||
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
|
||||
+# define S390X_aes_256_xts_CAPABLE 1
|
||||
+
|
||||
+# define s390x_aes_xts_init_key aes_xts_init_key
|
||||
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv, int enc);
|
||||
+
|
||||
+# define s390x_aes_xts_cipher aes_xts_cipher
|
||||
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# define S390X_aes_128_ccm_CAPABLE 0
|
||||
+# define S390X_aes_192_ccm_CAPABLE 0
|
||||
+# define S390X_aes_256_ccm_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_ccm_init_key aes_ccm_init_key
|
||||
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
|
||||
+ const unsigned char *key,
|
||||
+ const unsigned char *iv, int enc);
|
||||
+
|
||||
+# define s390x_aes_ccm_cipher aes_ccm_cipher
|
||||
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+
|
||||
+# ifndef OPENSSL_NO_OCB
|
||||
+# define S390X_aes_128_ocb_CAPABLE 0
|
||||
+# define S390X_aes_192_ocb_CAPABLE 0
|
||||
+# define S390X_aes_256_ocb_CAPABLE 0
|
||||
+
|
||||
+# define s390x_aes_ocb_init_key aes_ocb_init_key
|
||||
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
+ const unsigned char *iv, int enc);
|
||||
+# define s390x_aes_ocb_cipher aes_ocb_cipher
|
||||
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len);
|
||||
+# endif
|
||||
+
|
||||
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
|
||||
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
|
||||
+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
|
||||
+ flags|EVP_CIPH_##MODE##_MODE, \
|
||||
+ s390x_aes_init_key, \
|
||||
+ s390x_aes_##mode##_cipher, \
|
||||
+ NULL, \
|
||||
+ sizeof(EVP_AES_KEY), \
|
||||
+ NULL,NULL,NULL,NULL }; \
|
||||
+static const EVP_CIPHER aes_##keylen##_##mode = { \
|
||||
+ nid##_##keylen##_##nmode,blocksize, \
|
||||
+ keylen/8,ivlen, \
|
||||
+ flags|EVP_CIPH_##MODE##_MODE, \
|
||||
+ aes_init_key, \
|
||||
+ aes_##mode##_cipher, \
|
||||
+ NULL, \
|
||||
+ sizeof(EVP_AES_KEY), \
|
||||
+ NULL,NULL,NULL,NULL }; \
|
||||
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
|
||||
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
|
||||
+ &aes_##keylen##_##mode; }
|
||||
+
|
||||
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
|
||||
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
|
||||
+ nid##_##keylen##_##mode,blocksize, \
|
||||
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
|
||||
+ flags|EVP_CIPH_##MODE##_MODE, \
|
||||
+ s390x_aes_##mode##_init_key, \
|
||||
+ s390x_aes_##mode##_cipher, \
|
||||
+ aes_##mode##_cleanup, \
|
||||
+ sizeof(EVP_AES_##MODE##_CTX), \
|
||||
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
|
||||
+static const EVP_CIPHER aes_##keylen##_##mode = { \
|
||||
+ nid##_##keylen##_##mode,blocksize, \
|
||||
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
|
||||
+ flags|EVP_CIPH_##MODE##_MODE, \
|
||||
+ aes_##mode##_init_key, \
|
||||
+ aes_##mode##_cipher, \
|
||||
+ aes_##mode##_cleanup, \
|
||||
+ sizeof(EVP_AES_##MODE##_CTX), \
|
||||
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
|
||||
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
|
||||
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
|
||||
+ &aes_##keylen##_##mode; }
|
||||
+
|
||||
#else
|
||||
|
||||
# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
|
||||
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
|
||||
index 434f8e3f4e..5bf24930ed 100644
|
||||
--- a/crypto/s390x_arch.h
|
||||
+++ b/crypto/s390x_arch.h
|
||||
@@ -30,4 +30,14 @@ extern uint64_t OPENSSL_s390xcap_P[];
|
||||
# define S390X_STFLE_VXD (1ULL << 57)
|
||||
# define S390X_STFLE_VX (1ULL << 62)
|
||||
|
||||
+/* OPENSSL_s390xcap_P[5] flags */
|
||||
+# define S390X_KM_AES_256 (1ULL << 43)
|
||||
+# define S390X_KM_AES_192 (1ULL << 44)
|
||||
+# define S390X_KM_AES_128 (1ULL << 45)
|
||||
+
|
||||
+/* OPENSSL_s390xcap_P[7] flags */
|
||||
+# define S390X_KMC_AES_256 (1ULL << 43)
|
||||
+# define S390X_KMC_AES_192 (1ULL << 44)
|
||||
+# define S390X_KMC_AES_128 (1ULL << 45)
|
||||
+
|
||||
#endif
|
||||
--
|
||||
2.13.6
|
||||
|
@ -0,0 +1,73 @@
|
||||
From 5534badade984ccad7dbe56e17bcf0b2d00820c0 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Sun, 12 Feb 2017 12:27:00 +0100
|
||||
Subject: [PATCH 08/44] s390x assembly pack: extended s390x capability vector
|
||||
(KMA).
|
||||
|
||||
Extended the s390x capability vector to store the doubleword pair
|
||||
returned by the KMA instruction's QUERY function.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/aes/asm/aes-s390x.pl | 2 +-
|
||||
crypto/s390x_arch.h | 9 +++++++--
|
||||
crypto/s390xcpuid.S | 12 +++++++++++-
|
||||
crypto/sha/asm/sha1-s390x.pl | 2 +-
|
||||
crypto/sha/asm/sha512-s390x.pl | 2 +-
|
||||
5 files changed, 21 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: openssl-1.1.0g/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-10 15:38:21.714301915 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 15:38:28.942417111 +0100
|
||||
@@ -18,10 +18,10 @@
|
||||
* functions. If STFLE returns fewer doublewords or an instruction is not
|
||||
* supported, the corresponding element is zero. The order is as follows:
|
||||
*
|
||||
- * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
|
||||
+ * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR:KMA:KMA
|
||||
*/
|
||||
# define S390X_STFLE_DWORDS 3
|
||||
-# define S390X_QUERY_DWORDS 8
|
||||
+# define S390X_QUERY_DWORDS 10
|
||||
# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
|
||||
extern unsigned long long OPENSSL_s390xcap_P[];
|
||||
|
||||
@@ -40,4 +40,9 @@ extern unsigned long long OPENSSL_s390xc
|
||||
# define S390X_KMC_AES_192 (1ULL << 44)
|
||||
# define S390X_KMC_AES_128 (1ULL << 45)
|
||||
|
||||
+/* OPENSSL_s390xcap_P[11] flags */
|
||||
+# define S390X_KMA_GCM_AES_256 (1ULL << 43)
|
||||
+# define S390X_KMA_GCM_AES_192 (1ULL << 44)
|
||||
+# define S390X_KMA_GCM_AES_128 (1ULL << 45)
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.0g/crypto/s390xcpuid.S
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390xcpuid.S 2018-01-10 15:38:21.706301789 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390xcpuid.S 2018-01-10 15:38:21.722302044 +0100
|
||||
@@ -22,6 +22,8 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,64(%r4)
|
||||
stg %r0,72(%r4)
|
||||
stg %r0,80(%r4)
|
||||
+ stg %r0,88(%r4)
|
||||
+ stg %r0,96(%r4)
|
||||
|
||||
.long 0xb2b04000 # stfle 0(%r4)
|
||||
brc 8,.Ldone
|
||||
@@ -54,6 +56,14 @@ OPENSSL_s390x_facilities:
|
||||
la %r1,72(%r4)
|
||||
.long 0xb92d2042 # kmctr %r4,%r2,%r2
|
||||
|
||||
+ lg %r2,16(%r4)
|
||||
+ tmhl %r2,0x2000 # check for message-security-assist-8
|
||||
+ jz .Lret
|
||||
+
|
||||
+ lghi %r0,0 # query kma capability vector
|
||||
+ la %r1,88(%r4)
|
||||
+ .long 0xb9294022 # kma %r2,%r4,%r2
|
||||
+
|
||||
.Lret:
|
||||
br %r14
|
||||
.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
|
58
0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
Normal file
58
0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From 6d4165cf2b6c19162fdcc98e0f093b12ce765191 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 14 Feb 2017 02:07:37 +0100
|
||||
Subject: [PATCH 09/44] crypto/aes/asm/aes-s390x.pl: add KMA code path.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/aes/asm/aes-s390x.pl | 34 +++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 33 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
|
||||
index b546c16025..750f61e87a 100644
|
||||
--- a/crypto/aes/asm/aes-s390x.pl
|
||||
+++ b/crypto/aes/asm/aes-s390x.pl
|
||||
@@ -1403,7 +1403,39 @@ $code.=<<___ if (!$softonly);
|
||||
clr %r0,%r1
|
||||
jl .Lctr32_software
|
||||
|
||||
- stm${g} %r6,$s3,6*$SIZE_T($sp)
|
||||
+ stm${g} $s2,$s3,10*$SIZE_T($sp)
|
||||
+ llgfr $s2,%r0
|
||||
+ larl %r1,OPENSSL_s390xcap_P
|
||||
+ llihh %r0,0x8000 # check if kma supports the function code
|
||||
+ srlg %r0,%r0,0($s2)
|
||||
+ ng %r0,88(%r1) # check kma capability vector
|
||||
+ lgr %r0,$s2
|
||||
+ jz .Lctr32_nokma
|
||||
+
|
||||
+ aghi $sp,-112
|
||||
+ lhi %r1,0x0600
|
||||
+ sllg $len,$len,4
|
||||
+ or %r0,%r1 # set HS and LAAD flags
|
||||
+ lmg $s2,$s3,0($ivp)
|
||||
+ la %r1,0($sp) # prepare parameter block
|
||||
+ ahi $s3,-1 # decrement counter
|
||||
+ mvc 80(32,$sp),0($key) # copy key
|
||||
+ stmg $s2,$s3,64($sp) # copy iv
|
||||
+ st $s3,12($sp) # copy counter
|
||||
+ lghi $s3,0 # no AAD
|
||||
+
|
||||
+ .long 0xb929a042 # kma $out,$s2,$inp
|
||||
+ brc 1,.-4 # pay attention to "partial completion"
|
||||
+
|
||||
+ xc 80(32,$sp),80($sp) # wipe key copy
|
||||
+ la $sp,112($sp)
|
||||
+ lm${g} $s2,$s3,10*$SIZE_T($sp)
|
||||
+ br $ra
|
||||
+
|
||||
+.align 16
|
||||
+.Lctr32_nokma:
|
||||
+
|
||||
+ stm${g} %r6,$s1,6*$SIZE_T($sp)
|
||||
|
||||
slgr $out,$inp
|
||||
la %r1,0($key) # %r1 is permanent copy of $key
|
||||
--
|
||||
2.13.6
|
||||
|
41
0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
Normal file
41
0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From 98100dfe2659b43c1e80c54e5666e6f5d0330759 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Mon, 13 Feb 2017 16:43:12 +0100
|
||||
Subject: [PATCH 10/44] doc/man3/OPENSSL_s390xcap.pod: update (KMA).
|
||||
|
||||
List KMA-GCM-AES bits as significant.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
doc/man3/OPENSSL_s390xcap.pod | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
|
||||
index de56c7cf55..adf2c02036 100644
|
||||
--- a/doc/man3/OPENSSL_s390xcap.pod
|
||||
+++ b/doc/man3/OPENSSL_s390xcap.pod
|
||||
@@ -76,6 +76,21 @@ The following bits are significant:
|
||||
|
||||
=back
|
||||
|
||||
+:
|
||||
+:
|
||||
+:
|
||||
+:
|
||||
+
|
||||
+=over
|
||||
+
|
||||
+=item #43 KMA-GCM-AES-256
|
||||
+
|
||||
+=item #44 KMA-GCM-AES-192
|
||||
+
|
||||
+=item #45 KMA-GCM-AES-128
|
||||
+
|
||||
+=back
|
||||
+
|
||||
=head1 EXAMPLES
|
||||
|
||||
OPENSSL_s390xcap=.0:0 disables KIMD.
|
||||
--
|
||||
2.13.6
|
||||
|
@ -0,0 +1,62 @@
|
||||
From f34474dd00118128ed574e838895167efddf7359 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Tue, 14 Feb 2017 11:15:51 +0100
|
||||
Subject: [PATCH 11/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations (KMA
|
||||
code path).
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/aes/asm/aes-s390x.pl | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
|
||||
index 750f61e87a..6cabdf5069 100644
|
||||
--- a/crypto/aes/asm/aes-s390x.pl
|
||||
+++ b/crypto/aes/asm/aes-s390x.pl
|
||||
@@ -1392,6 +1392,7 @@ $code.=<<___;
|
||||
.type AES_ctr32_encrypt,\@function
|
||||
.align 16
|
||||
AES_ctr32_encrypt:
|
||||
+.cfi_startproc
|
||||
xgr %r3,%r4 # flip %r3 and %r4, $out and $len
|
||||
xgr %r4,%r3
|
||||
xgr %r3,%r4
|
||||
@@ -1404,6 +1405,8 @@ $code.=<<___ if (!$softonly);
|
||||
jl .Lctr32_software
|
||||
|
||||
stm${g} $s2,$s3,10*$SIZE_T($sp)
|
||||
+ .cfi_rel_offset $s2,10*$SIZE_T
|
||||
+ .cfi_rel_offset $s3,11*$SIZE_T
|
||||
llgfr $s2,%r0
|
||||
larl %r1,OPENSSL_s390xcap_P
|
||||
llihh %r0,0x8000 # check if kma supports the function code
|
||||
@@ -1413,6 +1416,7 @@ $code.=<<___ if (!$softonly);
|
||||
jz .Lctr32_nokma
|
||||
|
||||
aghi $sp,-112
|
||||
+ .cfi_adjust_cfa_offset 112
|
||||
lhi %r1,0x0600
|
||||
sllg $len,$len,4
|
||||
or %r0,%r1 # set HS and LAAD flags
|
||||
@@ -1429,7 +1433,10 @@ $code.=<<___ if (!$softonly);
|
||||
|
||||
xc 80(32,$sp),80($sp) # wipe key copy
|
||||
la $sp,112($sp)
|
||||
+ .cfi_adjust_cfa_offset -112
|
||||
lm${g} $s2,$s3,10*$SIZE_T($sp)
|
||||
+ .cfi_restore $s2
|
||||
+ .cfi_restore $s3
|
||||
br $ra
|
||||
|
||||
.align 16
|
||||
@@ -1594,6 +1601,7 @@ $code.=<<___;
|
||||
|
||||
lm${g} %r6,$ra,6*$SIZE_T($sp)
|
||||
br $ra
|
||||
+.cfi_endproc
|
||||
.size AES_ctr32_encrypt,.-AES_ctr32_encrypt
|
||||
___
|
||||
}
|
||||
--
|
||||
2.13.6
|
||||
|
335
0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
Normal file
335
0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
Normal file
@ -0,0 +1,335 @@
|
||||
From acef148f0aac18d78c3c857065b3a1274279b2df Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Sat, 25 Feb 2017 10:05:12 +0100
|
||||
Subject: [PATCH 12/44] s390x assembly pack: add KMA code path for aes-gcm.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/aes/asm/aes-s390x.pl | 52 ++++++++++++
|
||||
crypto/evp/e_aes.c | 200 ++++++++++++++++++++++++++++++++++++++++++--
|
||||
crypto/modes/gcm128.c | 4 +
|
||||
crypto/s390x_arch.h | 5 ++
|
||||
4 files changed, 253 insertions(+), 8 deletions(-)
|
||||
|
||||
Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl 2018-01-09 17:35:12.231011406 +0100
|
||||
+++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl 2018-01-09 17:35:16.795082242 +0100
|
||||
@@ -2257,6 +2257,58 @@ $code.=<<___;
|
||||
.size AES_xts_decrypt,.-AES_xts_decrypt
|
||||
___
|
||||
}
|
||||
+
|
||||
+################
|
||||
+# void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx,
|
||||
+# const unsigned char *in, size_t len,
|
||||
+# const unsigned char *aad, size_t alen,
|
||||
+# const AES_KEY *key, int enc)
|
||||
+{
|
||||
+my ($out,$ctx,$in,$len,$aad,$alen,$key,$enc) = map("%r$_",(2..9));
|
||||
+$code.=<<___ if (!$softonly);
|
||||
+.globl s390x_aes_gcm_blocks
|
||||
+.type s390x_aes_gcm_blocks,\@function
|
||||
+.align 16
|
||||
+s390x_aes_gcm_blocks:
|
||||
+ stm$g $alen,$enc,7*$SIZE_T($sp)
|
||||
+ lm$g $alen,$enc,$stdframe($sp)
|
||||
+
|
||||
+ aghi $sp,-112
|
||||
+
|
||||
+ lmg %r0,%r1,0($ctx)
|
||||
+ ahi %r1,-1
|
||||
+
|
||||
+ mvc 16(32,$sp),64($ctx) # copy Xi/H
|
||||
+ #mvc 48(16,$sp),48($ctx) # copy len
|
||||
+ mvc 80(32,$sp),0($key) # copy key
|
||||
+ st %r1,12($sp) # copy Yi
|
||||
+ stmg %r0,%r1,64($sp)
|
||||
+
|
||||
+ lhi %r1,128
|
||||
+ l %r0,240($key) # kma capability vector checked by caller
|
||||
+ sll $enc,7
|
||||
+ xr $enc,%r1
|
||||
+ or %r0,$enc
|
||||
+
|
||||
+ la %r1,0($sp)
|
||||
+
|
||||
+ .long 0xb9296024 # kma $out,$aad,$in
|
||||
+ brc 1,.-4 # pay attention to "partial completion"
|
||||
+
|
||||
+ l %r0,12($sp)
|
||||
+ mvc 64(16,$ctx),16($sp) # update Xi
|
||||
+ xc 0(112,$sp),0($sp) # wipe stack
|
||||
+
|
||||
+ la $sp,112($sp)
|
||||
+ ahi %r0,1
|
||||
+ st %r0,12($ctx)
|
||||
+
|
||||
+ lm$g $alen,$enc,7*$SIZE_T($sp)
|
||||
+ br $ra
|
||||
+.size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks
|
||||
+___
|
||||
+}
|
||||
+
|
||||
$code.=<<___;
|
||||
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
|
||||
___
|
||||
Index: openssl-1.1.0g/crypto/evp/e_aes.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/evp/e_aes.c 2018-01-09 17:35:12.199010909 +0100
|
||||
+++ openssl-1.1.0g/crypto/evp/e_aes.c 2018-01-09 17:35:12.239011531 +0100
|
||||
@@ -960,7 +960,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
|
||||
* If KM and KMC support the function code, AES_KEY structure holds
|
||||
* key/function code (instead of key schedule/number of rounds).
|
||||
*/
|
||||
-# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
|
||||
+# define S390X_AES_FC(key) (((AES_KEY *)(key))->rounds)
|
||||
|
||||
# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
|
||||
(OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
|
||||
@@ -969,6 +969,11 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
|
||||
# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
|
||||
(OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
|
||||
|
||||
+void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx,
|
||||
+ const unsigned char *in, size_t len,
|
||||
+ const unsigned char *aad, size_t alen,
|
||||
+ const AES_KEY *key, int enc);
|
||||
+
|
||||
# define s390x_aes_init_key aes_init_key
|
||||
static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc);
|
||||
@@ -1029,18 +1034,197 @@ static int s390x_aes_cfb1_cipher(EVP_CIP
|
||||
static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
const unsigned char *in, size_t len);
|
||||
|
||||
-# define S390X_aes_128_gcm_CAPABLE 0
|
||||
-# define S390X_aes_192_gcm_CAPABLE 0
|
||||
-# define S390X_aes_256_gcm_CAPABLE 0
|
||||
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE&&\
|
||||
+ OPENSSL_s390xcap_P[17]\
|
||||
+ &S390X_KMA_GCM_AES_128)
|
||||
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE&&\
|
||||
+ OPENSSL_s390xcap_P[17]\
|
||||
+ &S390X_KMA_GCM_AES_192)
|
||||
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE&&\
|
||||
+ OPENSSL_s390xcap_P[17]\
|
||||
+ &S390X_KMA_GCM_AES_256)
|
||||
+
|
||||
+static int s390x_aes_gcm(GCM128_CONTEXT *ctx, const unsigned char *in,
|
||||
+ unsigned char *out, size_t len, int enc)
|
||||
+{
|
||||
+ int n;
|
||||
+ size_t rem;
|
||||
+ u64 mlen = ctx->len.u[1];
|
||||
+ unsigned char tmp;
|
||||
+
|
||||
+ mlen += len;
|
||||
+
|
||||
+ if (mlen > ((1ULL << 36) - 32) || (sizeof(len) == 8 && mlen < len))
|
||||
+ return -1;
|
||||
+
|
||||
+ ctx->len.u[1] = mlen;
|
||||
+
|
||||
+ if (ctx->ares) {
|
||||
+ (*ctx->gmult)(ctx->Xi.u, ctx->Htable);
|
||||
+ ctx->ares = 0;
|
||||
+ }
|
||||
+ S390X_AES_FC(ctx->key) |= S390X_KMA_LAAD;
|
||||
+ n = ctx->mres;
|
||||
+
|
||||
+ if (n) {
|
||||
+ while (n && len) {
|
||||
+ tmp = *in;
|
||||
+ *out = tmp ^ ctx->EKi.c[n];
|
||||
+ ctx->Xi.c[n] ^= enc ? *out : tmp;
|
||||
+ n = (n + 1) % AES_BLOCK_SIZE;
|
||||
+ --len;
|
||||
+ ++in;
|
||||
+ ++out;
|
||||
+ }
|
||||
+ if (n == 0) {
|
||||
+ (*ctx->gmult)(ctx->Xi.u, ctx->Htable);
|
||||
+ } else {
|
||||
+ ctx->mres = n;
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+ rem = len % AES_BLOCK_SIZE;
|
||||
+ len -= rem;
|
||||
+
|
||||
+ s390x_aes_gcm_blocks(out, ctx, in, len, NULL, 0, ctx->key, enc);
|
||||
+
|
||||
+ if (rem) {
|
||||
+ in += len;
|
||||
+ out += len;
|
||||
+ (*ctx->block)(ctx->Yi.c, ctx->EKi.c, ctx->key);
|
||||
+ ++ctx->Yi.d[3];
|
||||
+ while (rem--) {
|
||||
+ tmp = in[n];
|
||||
+ out[n] = tmp ^ ctx->EKi.c[n];
|
||||
+ ctx->Xi.c[n] ^= enc ? out[n] : tmp;
|
||||
+ ++n;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ ctx->mres = n;
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
-# define s390x_aes_gcm_init_key aes_gcm_init_key
|
||||
static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
|
||||
const unsigned char *key,
|
||||
- const unsigned char *iv, int enc);
|
||||
+ const unsigned char *iv, int enc)
|
||||
+{
|
||||
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
|
||||
+ const int keybitlen = EVP_CIPHER_CTX_key_length(ctx) * 8;
|
||||
+
|
||||
+ if (!iv && !key)
|
||||
+ return 1;
|
||||
+
|
||||
+ if (key) {
|
||||
+ AES_set_encrypt_key(key, keybitlen, &gctx->ks.ks);
|
||||
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
|
||||
+ S390X_AES_FC(&gctx->ks) |= S390X_KMA_HS;
|
||||
+
|
||||
+ if (iv == NULL && gctx->iv_set)
|
||||
+ iv = gctx->iv;
|
||||
+
|
||||
+ if (iv) {
|
||||
+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
|
||||
+ gctx->iv_set = 1;
|
||||
+ }
|
||||
+ gctx->key_set = 1;
|
||||
+ } else {
|
||||
+ if (gctx->key_set)
|
||||
+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
|
||||
+ else
|
||||
+ memcpy(gctx->iv, iv, gctx->ivlen);
|
||||
+
|
||||
+ gctx->iv_set = 1;
|
||||
+ gctx->iv_gen = 0;
|
||||
+ }
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
+ const unsigned char *in, size_t len)
|
||||
+{
|
||||
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
|
||||
+ unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
|
||||
+ int enc = EVP_CIPHER_CTX_encrypting(ctx);
|
||||
+ int rv = -1;
|
||||
+
|
||||
+ if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
|
||||
+ return -1;
|
||||
+
|
||||
+ if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN :
|
||||
+ EVP_CTRL_GCM_SET_IV_INV,
|
||||
+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (CRYPTO_gcm128_aad(&gctx->gcm, buf, gctx->tls_aad_len))
|
||||
+ goto err;
|
||||
+
|
||||
+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
|
||||
+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
|
||||
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
|
||||
+
|
||||
+ if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc))
|
||||
+ goto err;
|
||||
+
|
||||
+ if (enc) {
|
||||
+ out += len;
|
||||
+ CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
|
||||
+ rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
|
||||
+ } else {
|
||||
+ CRYPTO_gcm128_tag(&gctx->gcm, buf, EVP_GCM_TLS_TAG_LEN);
|
||||
+
|
||||
+ if (CRYPTO_memcmp(buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
||||
+ OPENSSL_cleanse(out, len);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rv = len;
|
||||
+ }
|
||||
+ err:
|
||||
+ gctx->iv_set = 0;
|
||||
+ gctx->tls_aad_len = -1;
|
||||
+ return rv;
|
||||
+}
|
||||
|
||||
-# define s390x_aes_gcm_cipher aes_gcm_cipher
|
||||
static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
- const unsigned char *in, size_t len);
|
||||
+ const unsigned char *in, size_t len)
|
||||
+{
|
||||
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
|
||||
+ unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
|
||||
+ int enc = EVP_CIPHER_CTX_encrypting(ctx);
|
||||
+
|
||||
+ if (!gctx->key_set)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (gctx->tls_aad_len >= 0)
|
||||
+ return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
|
||||
+
|
||||
+ if (!gctx->iv_set)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (in) {
|
||||
+ if (out == NULL) {
|
||||
+ if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
|
||||
+ return -1;
|
||||
+ } else {
|
||||
+ if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc))
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return len;
|
||||
+ } else {
|
||||
+ if (enc) {
|
||||
+ gctx->taglen = 16;
|
||||
+ CRYPTO_gcm128_tag(&gctx->gcm, buf, gctx->taglen);
|
||||
+ } else {
|
||||
+ if (gctx->taglen < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (CRYPTO_gcm128_finish(&gctx->gcm, buf, gctx->taglen))
|
||||
+ return -1;
|
||||
+ }
|
||||
+ gctx->iv_set = 0;
|
||||
+ return 0;
|
||||
+ }
|
||||
+}
|
||||
|
||||
# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
|
||||
# define S390X_aes_256_xts_CAPABLE 1
|
||||
Index: openssl-1.1.0g/crypto/modes/gcm128.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/modes/gcm128.c 2017-11-02 15:29:03.000000000 +0100
|
||||
+++ openssl-1.1.0g/crypto/modes/gcm128.c 2018-01-09 17:35:12.239011531 +0100
|
||||
@@ -817,6 +817,10 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *
|
||||
ctx->gmult = gcm_gmult_4bit;
|
||||
CTX__GHASH(gcm_ghash_4bit);
|
||||
}
|
||||
+# elif defined(GHASH_ASM)
|
||||
+ gcm_init_4bit(ctx->Htable, ctx->H.u);
|
||||
+ ctx->gmult = gcm_gmult_4bit;
|
||||
+ CTX__GHASH(gcm_ghash_4bit);
|
||||
# else
|
||||
gcm_init_4bit(ctx->Htable, ctx->H.u);
|
||||
# endif
|
||||
Index: openssl-1.1.0g/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-09 17:35:12.207011034 +0100
|
||||
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-09 17:35:12.239011531 +0100
|
||||
@@ -45,4 +45,9 @@ extern uint64_t OPENSSL_s390xcap_P[];
|
||||
# define S390X_KMA_GCM_AES_192 (1ULL << 44)
|
||||
# define S390X_KMA_GCM_AES_128 (1ULL << 45)
|
||||
|
||||
+/* %r0 flags */
|
||||
+# define S390X_KMA_LPC (1ULL << 8)
|
||||
+# define S390X_KMA_LAAD (1ULL << 9)
|
||||
+# define S390X_KMA_HS (1ULL << 10)
|
||||
+
|
||||
#endif
|
@ -0,0 +1,51 @@
|
||||
From d137c24cbf25bae932dcfc0b58fa667a9ef63bf0 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Sun, 26 Feb 2017 22:36:39 +0100
|
||||
Subject: [PATCH 13/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations
|
||||
(KMA-gcm code path).
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
crypto/aes/asm/aes-s390x.pl | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
|
||||
index f23b1231c1..dfe79f84a6 100644
|
||||
--- a/crypto/aes/asm/aes-s390x.pl
|
||||
+++ b/crypto/aes/asm/aes-s390x.pl
|
||||
@@ -2270,10 +2270,15 @@ $code.=<<___ if (!$softonly);
|
||||
.type s390x_aes_gcm_blocks,\@function
|
||||
.align 16
|
||||
s390x_aes_gcm_blocks:
|
||||
+.cfi_startproc
|
||||
stm$g $alen,$enc,7*$SIZE_T($sp)
|
||||
+ .cfi_rel_offset $alen,7*$SIZE_T
|
||||
+ .cfi_rel_offset $key,8*$SIZE_T
|
||||
+ .cfi_rel_offset $enc,9*$SIZE_T
|
||||
lm$g $alen,$enc,$stdframe($sp)
|
||||
|
||||
aghi $sp,-112
|
||||
+ .cfi_adjust_cfa_offset 112
|
||||
|
||||
lmg %r0,%r1,0($ctx)
|
||||
ahi %r1,-1
|
||||
@@ -2300,11 +2305,16 @@ s390x_aes_gcm_blocks:
|
||||
xc 0(112,$sp),0($sp) # wipe stack
|
||||
|
||||
la $sp,112($sp)
|
||||
+ .cfi_adjust_cfa_offset -112
|
||||
ahi %r0,1
|
||||
st %r0,12($ctx)
|
||||
|
||||
lm$g $alen,$enc,7*$SIZE_T($sp)
|
||||
+ .cfi_restore $alen
|
||||
+ .cfi_restore $key
|
||||
+ .cfi_restore $enc
|
||||
br $ra
|
||||
+.cfi_endproc
|
||||
.size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks
|
||||
___
|
||||
}
|
||||
--
|
||||
2.13.6
|
||||
|
8
baselibs.conf
Normal file
8
baselibs.conf
Normal file
@ -0,0 +1,8 @@
|
||||
libopenssl1_1_0
|
||||
libopenssl-1_1_0-devel
|
||||
provides "libopenssl-devel-<targettype> = <version>"
|
||||
conflicts "otherproviders(libopenssl-devel-<targettype>)"
|
||||
requires -"openssl-1_1_0-<targettype>"
|
||||
requires "libopenssl1_1_0-<targettype> = <version>"
|
||||
libopenssl1_1_0-hmac
|
||||
requires "libopenssl1_1_0-<targettype> = <version>-%release"
|
36
openssl-1.0.1e-add-suse-default-cipher.patch
Normal file
36
openssl-1.0.1e-add-suse-default-cipher.patch
Normal file
@ -0,0 +1,36 @@
|
||||
Index: openssl-1.1.0f/ssl/ssl_ciph.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0f.orig/ssl/ssl_ciph.c 2017-05-25 14:46:20.000000000 +0200
|
||||
+++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-09-01 11:54:09.848587297 +0200
|
||||
@@ -1461,7 +1461,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*/
|
||||
ok = 1;
|
||||
rule_p = rule_str;
|
||||
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
||||
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
|
||||
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
|
||||
+ &head, &tail, ca_list, c);
|
||||
+ rule_p += 12;
|
||||
+ if (*rule_p == ':')
|
||||
+ rule_p++;
|
||||
+ }
|
||||
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
||||
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
|
||||
&head, &tail, ca_list, c);
|
||||
rule_p += 7;
|
||||
Index: openssl-1.1.0f/include/openssl/ssl.h
|
||||
===================================================================
|
||||
--- openssl-1.1.0f.orig/include/openssl/ssl.h 2017-05-25 14:46:20.000000000 +0200
|
||||
+++ openssl-1.1.0f/include/openssl/ssl.h 2017-09-01 13:16:59.850407734 +0200
|
||||
@@ -195,6 +195,11 @@ extern "C" {
|
||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||
*/
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
||||
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
|
||||
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
|
||||
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
|
||||
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
|
||||
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
|
||||
/*
|
||||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
||||
* starts with a reasonable order, and all we have to do for DEFAULT is
|
27
openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Normal file
27
openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Normal file
@ -0,0 +1,27 @@
|
||||
Index: openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t 2016-12-19 13:59:16.662066548 +0100
|
||||
@@ -0,0 +1,22 @@
|
||||
+#! /usr/bin/env perl
|
||||
+
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+
|
||||
+use OpenSSL::Test qw/:DEFAULT/;
|
||||
+use OpenSSL::Test::Utils;
|
||||
+
|
||||
+
|
||||
+setup("test_default_ciphersuites");
|
||||
+
|
||||
+plan tests => 4;
|
||||
+
|
||||
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
|
||||
+
|
||||
+foreach my $cipherlist (@cipher_suites) {
|
||||
+ ok(run(app(["openssl", "ciphers", $cipherlist])),
|
||||
+ "openssl ciphers works with ciphersuite $cipherlist");
|
||||
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "DEFAULT_SUSE"]), capture => 1)),
|
||||
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
|
||||
+}
|
||||
+
|
12296
openssl-1.1.0-fips.patch
Normal file
12296
openssl-1.1.0-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
12
openssl-1.1.0-no-html.patch
Normal file
12
openssl-1.1.0-no-html.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200
|
||||
+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200
|
||||
@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi
|
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
||||
|
||||
-install_docs: install_man_docs install_html_docs
|
||||
+install_docs: install_man_docs
|
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
||||
$(RM) -r -v $(DESTDIR)$(DOCDIR)
|
3
openssl-1.1.0g.tar.gz
Normal file
3
openssl-1.1.0g.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af
|
||||
size 5404748
|
10
openssl-1.1.0g.tar.gz.asc
Normal file
10
openssl-1.1.0g.tar.gz.asc
Normal file
@ -0,0 +1,10 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABCAAGBQJZ+yu1AAoJENnE0m0OYESRZaAH/RYgVpfSwQA/GzxR7BBTU/kT
|
||||
nhAwrDzCZyZe6UhWJHIvZhWira3+NEMmJRWgxfLRmoO5+8Jo07Ayz6iI9K6j32Hf
|
||||
NshzdUNerBy1xsvb8Z+mFPu8EPbmOrILJx1TQez4oLbFNDYDDaBXL/z+3H8ffKab
|
||||
wfdVeJ3Qj3XKUi8v+FncSYn5jlzIlMVhOLLEJjgWbA+YP7WXbWveRf2oBEwVJ/ej
|
||||
zcgrgJ6iyCXO7xP5t4Y2OzWpJKopflFz9uR7TwA5tanKibnG6GIoHCGf+mtBtU7t
|
||||
zVMQh8+QnJyGy1qe9QnYrFksP9Fcb0qjMZMB6/DLqJ07t27TkXTB9fIAgElcmK8=
|
||||
=i4gh
|
||||
-----END PGP SIGNATURE-----
|
2617
openssl-1_1.changes
Normal file
2617
openssl-1_1.changes
Normal file
File diff suppressed because it is too large
Load Diff
297
openssl-1_1.spec
Normal file
297
openssl-1_1.spec
Normal file
@ -0,0 +1,297 @@
|
||||
#
|
||||
# spec file for package openssl-1_1
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define ssletcdir %{_sysconfdir}/ssl
|
||||
%define maj_min 1.1
|
||||
%define _rname openssl
|
||||
Name: openssl-1_1
|
||||
Version: 1.1.0g
|
||||
Release: 0
|
||||
Summary: Secure Sockets and Transport Layer Security
|
||||
License: OpenSSL
|
||||
Group: Productivity/Networking/Security
|
||||
Url: https://www.openssl.org/
|
||||
Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
|
||||
# to get mtime of file:
|
||||
Source1: %{name}.changes
|
||||
Source2: baselibs.conf
|
||||
Source42: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
|
||||
# https://www.openssl.org/about/
|
||||
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
|
||||
Source43: %{_rname}.keyring
|
||||
Source99: showciphers.c
|
||||
# https://github.com/openssl/openssl/pull/2045
|
||||
Patch0: 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
|
||||
# PATCH-FIX-OPENSUSE: upstream won't use glibc
|
||||
Patch1: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
|
||||
# PATCH-FIX-OPENSUSE: do not install html mans it takes ages
|
||||
Patch2: openssl-1.1.0-no-html.patch
|
||||
# PATCH-FIX-UPSTREAM: patch to allow deps and linking to static libs
|
||||
# needed for fips and taken from upstream
|
||||
Patch3: openssl-static-deps.patch
|
||||
Patch4: openssl-truststore.patch
|
||||
Patch5: openssl-pkgconfig.patch
|
||||
Patch6: openssl-1.0.1e-add-suse-default-cipher.patch
|
||||
Patch7: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
|
||||
Patch8: openssl-ppc64-config.patch
|
||||
Patch9: openssl-no-date.patch
|
||||
# FIPS patches:
|
||||
Patch51: openssl-1.1.0-fips.patch
|
||||
Patch52: openssl-fips-dont_run_FIPS_module_installed.patch
|
||||
Patch53: openssl-fips_disallow_ENGINE_loading.patch
|
||||
Patch54: openssl-rsakeygen-minimum-distance.patch
|
||||
Patch55: openssl-urandom-reseeding.patch
|
||||
Patch56: openssl-fips-rsagen-d-bits.patch
|
||||
Patch57: openssl-fips-selftests_in_nonfips_mode.patch
|
||||
Patch58: openssl-fips-fix-odd-rsakeybits.patch
|
||||
Patch59: openssl-fips-clearerror.patch
|
||||
Patch60: openssl-fips-dont-fall-back-to-default-digest.patch
|
||||
Patch61: openssl-disable_rsa_keygen_tests_with_small_modulus.patch
|
||||
# FATE#321518 Add support for s390x CPACF enhancements (https://fate.suse.com/321518)
|
||||
Patch62: 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
|
||||
Patch63: 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
|
||||
Patch64: 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
|
||||
Patch65: 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
|
||||
Patch66: 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
|
||||
Patch67: 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
|
||||
Patch68: 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
|
||||
Patch69: 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
|
||||
Patch70: 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
|
||||
Patch71: 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
|
||||
Patch72: 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
|
||||
BuildRequires: bc
|
||||
BuildRequires: ed
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
Conflicts: ssl
|
||||
Provides: ssl
|
||||
# Needed for clean upgrade path, boo#1070003
|
||||
Obsoletes: openssl-1_0_0
|
||||
|
||||
%description
|
||||
OpenSSL is a software library to be used in applications that need to
|
||||
secure communications over computer networks against eavesdropping or
|
||||
need to ascertain the identity of the party at the other end.
|
||||
OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
|
||||
%package -n libopenssl1_1
|
||||
Summary: Secure Sockets and Transport Layer Security
|
||||
License: OpenSSL
|
||||
Group: Productivity/Networking/Security
|
||||
Recommends: ca-certificates-mozilla
|
||||
|
||||
%description -n libopenssl1_1
|
||||
OpenSSL is a software library to be used in applications that need to
|
||||
secure communications over computer networks against eavesdropping or
|
||||
need to ascertain the identity of the party at the other end.
|
||||
OpenSSL contains an implementation of the SSL and TLS protocols.
|
||||
|
||||
%package -n libopenssl-1_1-devel
|
||||
Summary: Development files for OpenSSL
|
||||
License: OpenSSL
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{name} = %{version}
|
||||
Requires: libopenssl1_1 = %{version}
|
||||
Requires: pkgconfig(zlib)
|
||||
# we need to have around only the exact version we are able to operate with
|
||||
Conflicts: libopenssl-devel < %{version}
|
||||
Conflicts: libopenssl-devel > %{version}
|
||||
Conflicts: ssl-devel
|
||||
Provides: ssl-devel
|
||||
|
||||
%description -n libopenssl-1_1-devel
|
||||
This subpackage contains header files for developing applications
|
||||
that want to make use of the OpenSSL C API.
|
||||
|
||||
%package -n libopenssl1_1-hmac
|
||||
Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
|
||||
License: BSD-3-Clause
|
||||
Group: Productivity/Networking/Security
|
||||
Requires: libopenssl1_1 = %{version}-%{release}
|
||||
|
||||
%description -n libopenssl1_1-hmac
|
||||
The FIPS compliant operation of the openssl shared libraries is NOT
|
||||
possible without the HMAC hashes contained in this package!
|
||||
|
||||
%package doc
|
||||
Summary: Additional Package Documentation
|
||||
License: OpenSSL
|
||||
Group: Productivity/Networking/Security
|
||||
Conflicts: openssl-doc
|
||||
Provides: openssl-doc = %{version}
|
||||
Obsoletes: openssl-doc < %{version}
|
||||
BuildArch: noarch
|
||||
|
||||
%description doc
|
||||
This package contains optional documentation provided in addition to
|
||||
this package's base documentation.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{_rname}-%{version}
|
||||
%autopatch -p1
|
||||
|
||||
%build
|
||||
%ifarch armv5el armv5tel
|
||||
export MACHINE=armv5el
|
||||
%endif
|
||||
%ifarch armv6l armv6hl
|
||||
export MACHINE=armv6l
|
||||
%endif
|
||||
|
||||
./config \
|
||||
no-rc5 no-idea \
|
||||
fips \
|
||||
no-ssl3 \
|
||||
enable-rfc3779 \
|
||||
%ifarch x86_64 aarch64 ppc64le
|
||||
enable-ec_nistp_64_gcc_128 \
|
||||
%endif
|
||||
enable-camellia \
|
||||
zlib \
|
||||
no-ec2m \
|
||||
--prefix=%{_prefix} \
|
||||
--libdir=%{_lib} \
|
||||
--openssldir=%{ssletcdir} \
|
||||
%{optflags} -std=gnu99 \
|
||||
-Wa,--noexecstack \
|
||||
-Wl,-z,relro,-z,now \
|
||||
-fno-common \
|
||||
-DTERMIO \
|
||||
-DPURIFY \
|
||||
-D_GNU_SOURCE \
|
||||
-DOPENSSL_NO_BUF_FREELISTS \
|
||||
$(getconf LFS_CFLAGS) \
|
||||
-Wall
|
||||
|
||||
util/mkdef.pl crypto update
|
||||
make depend %{?_smp_mflags}
|
||||
make all %{?_smp_mflags}
|
||||
|
||||
%check
|
||||
export MALLOC_CHECK_=3
|
||||
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
|
||||
LD_LIBRARY_PATH=`pwd` make test -j1
|
||||
# show cyphers
|
||||
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE99} -L%{buildroot}%{_libdir} -lssl -lcrypto
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
|
||||
|
||||
%install
|
||||
%make_install %{?_smp_mflags}
|
||||
# kill static libs
|
||||
rm -f %{buildroot}%{_libdir}/lib*.a
|
||||
# remove the cnf.dist
|
||||
rm -f %{buildroot}%{_sysconfdir}/ssl/openssl.cnf.dist
|
||||
ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl
|
||||
mkdir %{buildroot}/%{_datadir}/ssl
|
||||
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/
|
||||
|
||||
# avoid file conflicts with man pages from other packages
|
||||
#
|
||||
set +x
|
||||
pushd %{buildroot}/%{_mandir}
|
||||
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
|
||||
# replace spaces by underscores
|
||||
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
|
||||
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
|
||||
for i in man?/*; do
|
||||
if test -L $i ; then
|
||||
LDEST=`readlink $i`
|
||||
rm -f $i ${i}ssl
|
||||
ln -sf ${LDEST}ssl ${i}ssl
|
||||
else
|
||||
mv $i ${i}ssl
|
||||
fi
|
||||
case "$i" in
|
||||
*.1)
|
||||
# these are the pages mentioned in openssl(1). They go into the main package.
|
||||
echo %doc %{_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist;;
|
||||
*)
|
||||
# the rest goes into the openssl-doc package.
|
||||
echo %doc %{_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist.doc;;
|
||||
esac
|
||||
done
|
||||
popd
|
||||
set -x
|
||||
|
||||
# Do not install demo scripts executable under /usr/share/doc
|
||||
find demos -type f -perm /111 -exec chmod 644 {} \;
|
||||
|
||||
# Place showciphers.c for %doc macro
|
||||
cp %{SOURCE99} .
|
||||
|
||||
# the hmac hashes:
|
||||
#
|
||||
# this is a hack that re-defines the __os_install_post macro
|
||||
# for a simple reason: the macro strips the binaries and thereby
|
||||
# invalidates a HMAC that may have been created earlier.
|
||||
# solution: create the hashes _after_ the macro runs.
|
||||
#
|
||||
# this shows up earlier because otherwise the %expand of
|
||||
# the macro is too late.
|
||||
# remark: This is the same as running
|
||||
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
|
||||
%{expand:%%global __os_install_post {%__os_install_post
|
||||
|
||||
%{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
%{buildroot}%{_libdir}/libssl.so.%{maj_min} > \
|
||||
%{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac
|
||||
|
||||
%{buildroot}%{_bindir}/fips_standalone_hmac \
|
||||
%{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \
|
||||
%{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac
|
||||
|
||||
}}
|
||||
|
||||
%post -n libopenssl1_1 -p /sbin/ldconfig
|
||||
%postun -n libopenssl1_1 -p /sbin/ldconfig
|
||||
|
||||
%files -n libopenssl1_1
|
||||
%license LICENSE
|
||||
%{_libdir}/libssl.so.%{maj_min}
|
||||
%{_libdir}/libcrypto.so.%{maj_min}
|
||||
%{_libdir}/engines-%{maj_min}
|
||||
|
||||
%files -n libopenssl1_1-hmac
|
||||
%{_libdir}/.libssl.so.%{maj_min}.hmac
|
||||
%{_libdir}/.libcrypto.so.%{maj_min}.hmac
|
||||
|
||||
%files -n libopenssl-1_1-devel
|
||||
%{_includedir}/%{_rname}/
|
||||
%{_includedir}/ssl
|
||||
%{_libdir}/libssl.so
|
||||
%{_libdir}/libcrypto.so
|
||||
%{_libdir}/pkgconfig/libcrypto.pc
|
||||
%{_libdir}/pkgconfig/libssl.pc
|
||||
%{_libdir}/pkgconfig/openssl.pc
|
||||
|
||||
%files doc -f filelist.doc
|
||||
%doc doc/* demos
|
||||
%doc showciphers.c
|
||||
|
||||
%files -f filelist
|
||||
%doc CHANGE* NEWS README
|
||||
%dir %{ssletcdir}
|
||||
%config (noreplace) %{ssletcdir}/openssl.cnf
|
||||
%attr(700,root,root) %{ssletcdir}/private
|
||||
%dir %{_datadir}/ssl
|
||||
%{_datadir}/ssl/misc
|
||||
%{_bindir}/c_rehash
|
||||
%{_bindir}/fips_standalone_hmac
|
||||
%{_bindir}/%{_rname}
|
||||
|
||||
%changelog
|
12
openssl-disable_rsa_keygen_tests_with_small_modulus.patch
Normal file
12
openssl-disable_rsa_keygen_tests_with_small_modulus.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.1.0f/test/recipes/15-test_genrsa.t
|
||||
===================================================================
|
||||
--- openssl-1.1.0f.orig/test/recipes/15-test_genrsa.t 2017-05-25 14:46:21.000000000 +0200
|
||||
+++ openssl-1.1.0f/test/recipes/15-test_genrsa.t 2017-05-29 17:56:31.900331435 +0200
|
||||
@@ -16,6 +16,7 @@ use OpenSSL::Test::Utils;
|
||||
|
||||
setup("test_genrsa");
|
||||
|
||||
+plan skip_all => 'Minimal RSA modulus size is 200 bits';
|
||||
plan tests => 5;
|
||||
|
||||
is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
|
12
openssl-fips-clearerror.patch
Normal file
12
openssl-fips-clearerror.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: openssl-1.0.2g/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:54:05.763929573 +0200
|
||||
+++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:59:08.366168879 +0200
|
||||
@@ -91,6 +91,7 @@ static void init_fips_mode(void)
|
||||
NONFIPS_selftest_check();
|
||||
/* drop down to non-FIPS mode if it is not requested */
|
||||
FIPS_mode_set(0);
|
||||
+ ERR_clear_error();
|
||||
} else {
|
||||
/* abort if selftest failed */
|
||||
FIPS_selftest_check();
|
15
openssl-fips-dont-fall-back-to-default-digest.patch
Normal file
15
openssl-fips-dont-fall-back-to-default-digest.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Index: openssl-1.1.0e/apps/dgst.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/apps/dgst.c 2017-04-20 12:31:52.471544178 +0200
|
||||
+++ openssl-1.1.0e/apps/dgst.c 2017-04-20 12:38:46.669771843 +0200
|
||||
@@ -94,6 +94,10 @@ int dgst_main(int argc, char **argv)
|
||||
prog = opt_progname(argv[0]);
|
||||
buf = app_malloc(BUFSIZE, "I/O buffer");
|
||||
md = EVP_get_digestbyname(prog);
|
||||
+ if (md == NULL && strcmp(prog, "dgst") != 0) {
|
||||
+ BIO_printf(bio_err, "%s is not a known digest\n", prog);
|
||||
+ goto end;
|
||||
+ }
|
||||
|
||||
prog = opt_init(argc, argv, dgst_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
16
openssl-fips-dont_run_FIPS_module_installed.patch
Normal file
16
openssl-fips-dont_run_FIPS_module_installed.patch
Normal file
@ -0,0 +1,16 @@
|
||||
Index: openssl-1.0.2h/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2h.orig/crypto/o_init.c 2016-06-01 15:26:25.026937000 +0200
|
||||
+++ openssl-1.0.2h/crypto/o_init.c 2016-06-01 16:23:24.980858697 +0200
|
||||
@@ -111,9 +111,9 @@ void __attribute__ ((constructor)) OPENS
|
||||
return;
|
||||
done = 1;
|
||||
#ifdef OPENSSL_FIPS
|
||||
- if (!FIPS_module_installed()) {
|
||||
+ /*if (!FIPS_module_installed()) {
|
||||
return;
|
||||
- }
|
||||
+ }*/
|
||||
RAND_init_fips();
|
||||
init_fips_mode();
|
||||
if (!FIPS_mode()) {
|
14
openssl-fips-fix-odd-rsakeybits.patch
Normal file
14
openssl-fips-fix-odd-rsakeybits.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:52:34.187646539 +0200
|
||||
+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:53:39.335559301 +0200
|
||||
@@ -465,7 +465,8 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
goto err;
|
||||
|
||||
bitsp = (bits + 1) / 2;
|
||||
- bitsq = bits - bitsp;
|
||||
+ /* Use the same number of bits for p and q, our checks assume it. */
|
||||
+ bitsq = bitsp;
|
||||
|
||||
/* prepare a maximum for p and q */
|
||||
/* 0xB504F334 is (sqrt(2)/2)*2^32 */
|
39
openssl-fips-rsagen-d-bits.patch
Normal file
39
openssl-fips-rsagen-d-bits.patch
Normal file
@ -0,0 +1,39 @@
|
||||
Index: openssl-1.1.0c/crypto/rsa/rsa_gen.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/rsa/rsa_gen.c 2016-12-08 17:55:15.968669184 +0100
|
||||
+++ openssl-1.1.0c/crypto/rsa/rsa_gen.c 2016-12-08 17:55:15.976669308 +0100
|
||||
@@ -173,6 +173,12 @@ static int fips_rsa_builtin_keygen(RSA *
|
||||
goto err;
|
||||
}
|
||||
|
||||
+ BN_copy(rsa->e, e_value);
|
||||
+
|
||||
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
|
||||
+ test = 1;
|
||||
+
|
||||
+retry:
|
||||
/* prepare approximate minimum p and q */
|
||||
if (!BN_set_word(r0, 0xB504F334))
|
||||
goto err;
|
||||
@@ -185,12 +191,6 @@ static int fips_rsa_builtin_keygen(RSA *
|
||||
if (!BN_lshift(r3, r3, pbits - 100))
|
||||
goto err;
|
||||
|
||||
- BN_copy(rsa->e, e_value);
|
||||
-
|
||||
- if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
|
||||
- test = 1;
|
||||
-
|
||||
- retry:
|
||||
/* generate p and q */
|
||||
for (i = 0; i < 5 * pbits; i++) {
|
||||
ploop:
|
||||
@@ -323,6 +323,8 @@ static int fips_rsa_builtin_keygen(RSA *
|
||||
BN_free(pr0);
|
||||
}
|
||||
|
||||
+ /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */
|
||||
+ /* the LCM part is covered due to the generation by modulo above */
|
||||
if (BN_num_bits(rsa->d) < pbits)
|
||||
goto retry; /* d is too small */
|
||||
|
74
openssl-fips-selftests_in_nonfips_mode.patch
Normal file
74
openssl-fips-selftests_in_nonfips_mode.patch
Normal file
@ -0,0 +1,74 @@
|
||||
Index: openssl-1.1.0c/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/fips/fips.c 2016-12-09 11:34:28.778291575 +0100
|
||||
+++ openssl-1.1.0c/crypto/fips/fips.c 2016-12-09 11:37:18.192847119 +0100
|
||||
@@ -472,6 +472,44 @@ int FIPS_module_mode_set(int onoff)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+/* In non-FIPS mode, the selftests must succeed if the
|
||||
+ * checksum files are present
|
||||
+ */
|
||||
+void NONFIPS_selftest_check(void)
|
||||
+{
|
||||
+ int rv;
|
||||
+ char *hmacpath;
|
||||
+ char path[PATH_MAX+1];
|
||||
+
|
||||
+ if (fips_selftest_fail)
|
||||
+ {
|
||||
+ /* check if the checksum files are installed */
|
||||
+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
|
||||
+ if (rv < 0)
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+
|
||||
+ hmacpath = make_hmac_path(path);
|
||||
+ if (hmacpath == NULL)
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+
|
||||
+ if (access(hmacpath, F_OK))
|
||||
+ {
|
||||
+ /* no hmac file is present, ignore the failed selftests */
|
||||
+ if (errno == ENOENT)
|
||||
+ {
|
||||
+ free(hmacpath);
|
||||
+ return;
|
||||
+ }
|
||||
+ /* we fail on any other error */
|
||||
+ }
|
||||
+ /* if the file exists, but the selftests failed
|
||||
+ (eg wrong checksum), we fail too */
|
||||
+ free(hmacpath);
|
||||
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
|
||||
+ }
|
||||
+ /* otherwise ok, selftests were successful */
|
||||
+}
|
||||
+
|
||||
static CRYPTO_THREAD_ID fips_threadid;
|
||||
static int fips_thread_set = 0;
|
||||
|
||||
Index: openssl-1.1.0c/crypto/o_init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/o_init.c 2016-12-09 11:34:28.726290785 +0100
|
||||
+++ openssl-1.1.0c/crypto/o_init.c 2016-12-09 11:34:28.778291575 +0100
|
||||
@@ -44,6 +44,8 @@ static void init_fips_mode(void)
|
||||
*/
|
||||
|
||||
if (buf[0] != '1') {
|
||||
+ /* abort if selftest failed and the module is complete */
|
||||
+ NONFIPS_selftest_check();
|
||||
/* drop down to non-FIPS mode if it is not requested */
|
||||
FIPS_mode_set(0);
|
||||
} else {
|
||||
Index: openssl-1.1.0c/include/openssl/fips.h
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/include/openssl/fips.h 2016-12-09 11:34:28.654289692 +0100
|
||||
+++ openssl-1.1.0c/include/openssl/fips.h 2016-12-09 11:38:18.553750517 +0100
|
||||
@@ -65,6 +65,7 @@ extern "C" {
|
||||
int FIPS_selftest(void);
|
||||
int FIPS_selftest_failed(void);
|
||||
int FIPS_selftest_drbg_all(void);
|
||||
+ void NONFIPS_selftest_check(void);
|
||||
|
||||
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
||||
const EVP_MD *evpmd, const unsigned char *seed_in,
|
14
openssl-fips_disallow_ENGINE_loading.patch
Normal file
14
openssl-fips_disallow_ENGINE_loading.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Index: openssl-1.1.0c/crypto/init.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/init.c 2016-12-08 17:36:03.170689184 +0100
|
||||
+++ openssl-1.1.0c/crypto/init.c 2016-12-08 17:36:14.938873308 +0100
|
||||
@@ -564,6 +564,9 @@ int OPENSSL_init_crypto(uint64_t opts, c
|
||||
&& !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
|
||||
return 0;
|
||||
# endif
|
||||
+# ifdef OPENSSL_FIPS
|
||||
+ if (!FIPS_mode())
|
||||
+# endif
|
||||
if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
|
||||
&& !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
|
||||
return 0;
|
11
openssl-no-date.patch
Normal file
11
openssl-no-date.patch
Normal file
@ -0,0 +1,11 @@
|
||||
Index: openssl-1.1.0f/util/mkbuildinf.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.0f.orig/util/mkbuildinf.pl
|
||||
+++ openssl-1.1.0f/util/mkbuildinf.pl
|
||||
@@ -37,5 +37,5 @@ print <<"END_OUTPUT";
|
||||
'\\0'
|
||||
};
|
||||
#define PLATFORM "platform: $platform"
|
||||
-#define DATE "built on: $date"
|
||||
+#define DATE ""
|
||||
END_OUTPUT
|
22
openssl-pkgconfig.patch
Normal file
22
openssl-pkgconfig.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: openssl-1.1.0c/Configurations/unix-Makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/Configurations/unix-Makefile.tmpl 2016-11-10 15:03:43.000000000 +0100
|
||||
+++ openssl-1.1.0c/Configurations/unix-Makefile.tmpl 2016-12-02 14:42:03.547865145 +0100
|
||||
@@ -790,7 +790,7 @@ libcrypto.pc:
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Libs: -L$${libdir} -lcrypto'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
- echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
|
||||
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libcrypto.pc
|
||||
|
||||
libssl.pc:
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
@@ -804,7 +804,7 @@ libssl.pc:
|
||||
echo 'Requires.private: libcrypto'; \
|
||||
echo 'Libs: -L$${libdir} -lssl'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
- echo 'Cflags: -I$${includedir}' ) > libssl.pc
|
||||
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libssl.pc
|
||||
|
||||
openssl.pc:
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
13
openssl-ppc64-config.patch
Normal file
13
openssl-ppc64-config.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: openssl-1.1.0e/config
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/config
|
||||
+++ openssl-1.1.0e/config
|
||||
@@ -550,7 +550,7 @@ case "$GUESSOS" in
|
||||
OUT="linux-ppc64"
|
||||
else
|
||||
OUT="linux-ppc"
|
||||
- (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
|
||||
+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || OUT="linux-ppc64"
|
||||
fi
|
||||
;;
|
||||
ppc64le-*-linux2) OUT="linux-ppc64le" ;;
|
47
openssl-rsakeygen-minimum-distance.patch
Normal file
47
openssl-rsakeygen-minimum-distance.patch
Normal file
@ -0,0 +1,47 @@
|
||||
Index: openssl-1.1.0f/crypto/rsa/rsa_gen.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0f.orig/crypto/rsa/rsa_gen.c 2017-05-29 13:02:47.095166778 +0200
|
||||
+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-05-29 13:03:29.415824383 +0200
|
||||
@@ -419,6 +419,19 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
bitsp = (bits + 1) / 2;
|
||||
bitsq = bits - bitsp;
|
||||
|
||||
+ /* prepare a maximum for p and q */
|
||||
+ /* 0xB504F334 is (sqrt(2)/2)*2^32 */
|
||||
+ if (!BN_set_word(r0, 0xB504F334))
|
||||
+ goto err;
|
||||
+ if (!BN_lshift(r0, r0, bitsp - 32))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* prepare minimum p and q difference */
|
||||
+ if (!BN_one(r3))
|
||||
+ goto err;
|
||||
+ if (!BN_lshift(r3, r3, bitsp - 100))
|
||||
+ goto err;
|
||||
+
|
||||
/* We need the RSA components non-NULL */
|
||||
if (!rsa->n && ((rsa->n = BN_new()) == NULL))
|
||||
goto err;
|
||||
@@ -444,6 +457,8 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
for (;;) {
|
||||
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
|
||||
goto err;
|
||||
+ if (BN_cmp(rsa->p, r0) < 0)
|
||||
+ continue;
|
||||
if (!BN_sub(r2, rsa->p, BN_value_one()))
|
||||
goto err;
|
||||
if (!BN_gcd(r1, r2, rsa->e, ctx))
|
||||
@@ -460,6 +475,13 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
||||
goto err;
|
||||
} while (BN_cmp(rsa->p, rsa->q) == 0);
|
||||
+ if (BN_cmp(rsa->q, r0) < 0)
|
||||
+ continue;
|
||||
+ /* check for minimum distance between p and q, 2^(bitsp-100) */
|
||||
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
||||
+ goto err;
|
||||
+ if (BN_ucmp(r2, r3) <= 0)
|
||||
+ continue;
|
||||
if (!BN_sub(r2, rsa->q, BN_value_one()))
|
||||
goto err;
|
||||
if (!BN_gcd(r1, r2, rsa->e, ctx))
|
195
openssl-static-deps.patch
Normal file
195
openssl-static-deps.patch
Normal file
@ -0,0 +1,195 @@
|
||||
From 186a31e510d1326063cfeca17e58fadec236ad2a Mon Sep 17 00:00:00 2001
|
||||
From: Richard Levitte <levitte@openssl.org>
|
||||
Date: Wed, 9 Nov 2016 20:01:51 +0100
|
||||
Subject: [PATCH] Building: make it possible to force linking with static
|
||||
OpenSSL libs
|
||||
|
||||
Very simply, support having the .a extension to denote depending on
|
||||
static libraries. Note that this is not supported on native Windows
|
||||
when building shared libraries, as there is not static library then,
|
||||
just an import library with the same name.
|
||||
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/1889)
|
||||
---
|
||||
Configurations/common.tmpl | 14 +++++++++++---
|
||||
Configurations/descrip.mms.tmpl | 23 ++++++++++++++---------
|
||||
Configurations/unix-Makefile.tmpl | 19 ++++++++++++-------
|
||||
Configurations/windows-makefile.tmpl | 4 +++-
|
||||
Configure | 7 +++++++
|
||||
5 files changed, 47 insertions(+), 20 deletions(-)
|
||||
|
||||
Index: openssl-1.1.0e/Configurations/common.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/Configurations/common.tmpl
|
||||
+++ openssl-1.1.0e/Configurations/common.tmpl
|
||||
@@ -9,15 +9,22 @@
|
||||
# there are no duplicate dependencies and that they are in the
|
||||
# right order. This is especially used to sort the list of
|
||||
# libraries that a build depends on.
|
||||
+ sub extensionlesslib {
|
||||
+ my @result = map { $_ =~ /(\.a)?$/; $` } @_;
|
||||
+ return @result if wantarray;
|
||||
+ return $result[0];
|
||||
+ }
|
||||
sub resolvedepends {
|
||||
my $thing = shift;
|
||||
+ my $extensionlessthing = extensionlesslib($thing);
|
||||
my @listsofar = @_; # to check if we're looping
|
||||
- my @list = @{$unified_info{depends}->{$thing}};
|
||||
+ my @list = @{$unified_info{depends}->{$extensionlessthing}};
|
||||
my @newlist = ();
|
||||
if (scalar @list) {
|
||||
foreach my $item (@list) {
|
||||
+ my $extensionlessitem = extensionlesslib($item);
|
||||
# It's time to break off when the dependency list starts looping
|
||||
- next if grep { $_ eq $item } @listsofar;
|
||||
+ next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
|
||||
push @newlist, $item, resolvedepends($item, @listsofar, $item);
|
||||
}
|
||||
}
|
||||
@@ -28,8 +35,9 @@
|
||||
my @newlist = ();
|
||||
while (@list) {
|
||||
my $item = shift @list;
|
||||
+ my $extensionlessitem = extensionlesslib($item);
|
||||
push @newlist, $item
|
||||
- unless grep { $item eq $_ } @list;
|
||||
+ unless grep { $extensionlessitem eq extensionlesslib($_) } @list;
|
||||
}
|
||||
@newlist;
|
||||
}
|
||||
Index: openssl-1.1.0e/Configurations/descrip.mms.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/Configurations/descrip.mms.tmpl
|
||||
+++ openssl-1.1.0e/Configurations/descrip.mms.tmpl
|
||||
@@ -524,6 +524,17 @@ configdata.pm : $(SRCDIR)Configure $(SRC
|
||||
use File::Basename;
|
||||
use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
|
||||
|
||||
+ # Helper function to figure out dependencies on libraries
|
||||
+ # It takes a list of library names and outputs a list of dependencies
|
||||
+ sub compute_lib_depends {
|
||||
+ if ($disabled{shared}) {
|
||||
+ return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
|
||||
+ }
|
||||
+ return map { $_ =~ /\.a$/
|
||||
+ ? $`.".OLB"
|
||||
+ : $unified_info{sharednames}->{$_}.".EXE" } @_;
|
||||
+ }
|
||||
+
|
||||
sub generatesrc {
|
||||
my %args = @_;
|
||||
my $generator = join(" ", @{$args{generator}});
|
||||
@@ -619,9 +630,7 @@ EOF
|
||||
my $libd = dirname($lib);
|
||||
my $libn = basename($lib);
|
||||
(my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
|
||||
- my @deps = map {
|
||||
- $disabled{shared} ? $_.".OLB"
|
||||
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
|
||||
+ my @deps = compute_lib_depends(@{$args{deps}});
|
||||
my $deps = join(", -\n\t\t", @deps);
|
||||
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
|
||||
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
|
||||
@@ -667,9 +676,7 @@ EOF
|
||||
my $libn = basename($lib);
|
||||
(my $libn_nolib = $libn) =~ s/^lib//;
|
||||
my @objs = map { "$_.OBJ" } @{$args{objs}};
|
||||
- my @deps = map {
|
||||
- $disabled{shared} ? $_.".OLB"
|
||||
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
|
||||
+ my @deps = compute_lib_depends(@{$args{deps}});
|
||||
my $deps = join(", -\n\t\t", @objs, @deps);
|
||||
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
|
||||
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
|
||||
@@ -719,9 +726,7 @@ EOF
|
||||
my $bind = dirname($bin);
|
||||
my $binn = basename($bin);
|
||||
my @objs = map { "$_.OBJ" } @{$args{objs}};
|
||||
- my @deps = map {
|
||||
- $disabled{shared} ? $_.".OLB"
|
||||
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
|
||||
+ my @deps = compute_lib_depends(@{$args{deps}});
|
||||
my $deps = join(", -\n\t\t", @objs, @deps);
|
||||
# The "[]" hack is because in .OPT files, each line inherits the
|
||||
# previous line's file spec as default, so if no directory spec
|
||||
Index: openssl-1.1.0e/Configurations/unix-Makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/Configurations/unix-Makefile.tmpl
|
||||
+++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl
|
||||
@@ -837,13 +837,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRC
|
||||
# It takes a list of library names and outputs a list of dependencies
|
||||
sub compute_lib_depends {
|
||||
if ($disabled{shared}) {
|
||||
- return map { $_.$libext } @_;
|
||||
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
|
||||
}
|
||||
|
||||
# Depending on shared libraries:
|
||||
# On Windows POSIX layers, we depend on {libname}.dll.a
|
||||
# On Unix platforms, we depend on {shlibname}.so
|
||||
- return map { shlib_simple($_) } @_;
|
||||
+ return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_;
|
||||
}
|
||||
|
||||
sub generatesrc {
|
||||
@@ -1056,11 +1056,16 @@ EOF
|
||||
my $binn = basename($bin);
|
||||
my $objs = join(" ", map { $_.$objext } @{$args{objs}});
|
||||
my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
|
||||
- my $linklibs = join("", map { my $d = dirname($_);
|
||||
- my $f = basename($_);
|
||||
- $d = "." if $d eq $f;
|
||||
- (my $l = $f) =~ s/^lib//;
|
||||
- " -L$d -l$l" } @{$args{deps}});
|
||||
+ my $linklibs = join("", map { if ($_ =~ /\.a$/) {
|
||||
+ " $_";
|
||||
+ } else {
|
||||
+ my $d = dirname($_);
|
||||
+ my $f = basename($_);
|
||||
+ $d = "." if $d eq $f;
|
||||
+ (my $l = $f) =~ s/^lib//;
|
||||
+ " -L$d -l$l"
|
||||
+ }
|
||||
+ } @{$args{deps}});
|
||||
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
|
||||
return <<"EOF";
|
||||
$bin$exeext: $objs $deps
|
||||
Index: openssl-1.1.0e/Configurations/windows-makefile.tmpl
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/Configurations/windows-makefile.tmpl
|
||||
+++ openssl-1.1.0e/Configurations/windows-makefile.tmpl
|
||||
@@ -342,8 +342,10 @@ configdata.pm: "$(SRCDIR)\Configure" {-
|
||||
# It takes a list of library names and outputs a list of dependencies
|
||||
sub compute_lib_depends {
|
||||
if ($disabled{shared}) {
|
||||
- return map { $_.$libext } @_;
|
||||
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
|
||||
}
|
||||
+ die "Linking with static OpenSSL libraries is not supported in this configuration\n"
|
||||
+ if grep /\.a$/, @_;
|
||||
return map { shlib_import($_) } @_;
|
||||
}
|
||||
|
||||
Index: openssl-1.1.0e/Configure
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/Configure
|
||||
+++ openssl-1.1.0e/Configure
|
||||
@@ -1838,9 +1838,16 @@ EOF
|
||||
$d = cleanfile($buildd, $_, $blddir);
|
||||
}
|
||||
# Take note if the file to depend on is being renamed
|
||||
+ # Take extra care with files ending with .a, they should
|
||||
+ # be treated without that extension, and the extension
|
||||
+ # should be added back after treatment.
|
||||
+ $d =~ /(\.a)?$/;
|
||||
+ my $e = $1 // "";
|
||||
+ $d = $`;
|
||||
if ($unified_info{rename}->{$d}) {
|
||||
$d = $unified_info{rename}->{$d};
|
||||
}
|
||||
+ $d .= $e;
|
||||
$unified_info{depends}->{$ddest}->{$d} = 1;
|
||||
# If we depend on a header file or a perl module, let's make
|
||||
# sure it can get included
|
17
openssl-truststore.patch
Normal file
17
openssl-truststore.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Don't use the legacy /etc/ssl/certs directory anymore but rather the
|
||||
p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991)
|
||||
Index: openssl-1.1.0e/crypto/include/internal/cryptlib.h
|
||||
===================================================================
|
||||
--- openssl-1.1.0e.orig/crypto/include/internal/cryptlib.h
|
||||
+++ openssl-1.1.0e/crypto/include/internal/cryptlib.h
|
||||
@@ -41,8 +41,8 @@ DEFINE_LHASH_OF(MEM);
|
||||
|
||||
# ifndef OPENSSL_SYS_VMS
|
||||
# define X509_CERT_AREA OPENSSLDIR
|
||||
-# define X509_CERT_DIR OPENSSLDIR "/certs"
|
||||
-# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
|
||||
+# define X509_CERT_DIR "/var/lib/ca-certificates/openssl"
|
||||
+# define X509_CERT_FILE "/var/lib/ca-certificates/ca-bundle.pem"
|
||||
# define X509_PRIVATE_DIR OPENSSLDIR "/private"
|
||||
# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf"
|
||||
# else
|
100
openssl-urandom-reseeding.patch
Normal file
100
openssl-urandom-reseeding.patch
Normal file
@ -0,0 +1,100 @@
|
||||
Index: openssl-1.1.0c/crypto/rand/rand_unix.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/rand/rand_unix.c 2016-12-12 17:33:05.654295693 +0100
|
||||
+++ openssl-1.1.0c/crypto/rand/rand_unix.c 2016-12-12 17:44:44.608814886 +0100
|
||||
@@ -144,7 +144,8 @@ int RAND_poll(void)
|
||||
unsigned long l;
|
||||
pid_t curr_pid = getpid();
|
||||
# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
|
||||
- unsigned char tmpbuf[ENTROPY_NEEDED];
|
||||
+ /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */
|
||||
+ unsigned char tmpbuf[1024];
|
||||
int n = 0;
|
||||
# endif
|
||||
# ifdef DEVRANDOM
|
||||
@@ -166,7 +167,7 @@ int RAND_poll(void)
|
||||
* out of random entries.
|
||||
*/
|
||||
|
||||
- for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
|
||||
+ for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) {
|
||||
if ((fd = open(randomfiles[i], O_RDONLY
|
||||
# ifdef O_NONBLOCK
|
||||
| O_NONBLOCK
|
||||
@@ -246,7 +247,7 @@ int RAND_poll(void)
|
||||
|
||||
if (try_read) {
|
||||
r = read(fd, (unsigned char *)tmpbuf + n,
|
||||
- ENTROPY_NEEDED - n);
|
||||
+ sizeof(tmpbuf) - n);
|
||||
if (r > 0)
|
||||
n += r;
|
||||
} else
|
||||
@@ -263,7 +264,7 @@ int RAND_poll(void)
|
||||
}
|
||||
while ((r > 0 ||
|
||||
(errno == EINTR || errno == EAGAIN)) && usec != 0
|
||||
- && n < ENTROPY_NEEDED);
|
||||
+ && n < sizeof(tmpbuf));
|
||||
|
||||
close(fd);
|
||||
}
|
||||
@@ -276,12 +277,12 @@ int RAND_poll(void)
|
||||
* collecting daemon.
|
||||
*/
|
||||
|
||||
- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
|
||||
+ for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf);
|
||||
egdsocket++) {
|
||||
int r;
|
||||
|
||||
r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
|
||||
- ENTROPY_NEEDED - n);
|
||||
+ sizeof(tmpbuf) - n);
|
||||
if (r > 0)
|
||||
n += r;
|
||||
}
|
||||
Index: openssl-1.1.0c/crypto/rand/md_rand.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/rand/md_rand.c 2016-12-12 17:33:05.690296235 +0100
|
||||
+++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-12-12 18:01:49.036286763 +0100
|
||||
@@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf
|
||||
if (num <= 0)
|
||||
return 1;
|
||||
|
||||
+ /* special rule for /dev/urandom seeding ... seed with as much bytes
|
||||
+ * from /dev/urandom as you get out */
|
||||
+ RAND_load_file("/dev/urandom", num);
|
||||
+
|
||||
m = EVP_MD_CTX_new();
|
||||
if (m == NULL)
|
||||
goto err_mem;
|
||||
Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c 2016-12-12 17:33:05.690296235 +0100
|
||||
+++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-12-12 18:05:52.779971206 +0100
|
||||
@@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char
|
||||
int rv = 0;
|
||||
unsigned char *adin = NULL;
|
||||
size_t adinlen = 0;
|
||||
+
|
||||
+ /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */
|
||||
+ if (count > dctx->min_entropy)
|
||||
+ RAND_load_file("/dev/urandom", count - dctx->min_entropy);
|
||||
+
|
||||
CRYPTO_THREAD_write_lock(fips_rand_lock);
|
||||
do {
|
||||
size_t rcnt;
|
||||
Index: openssl-1.1.0c/crypto/rand/rand_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.0c.orig/crypto/rand/rand_lib.c 2016-12-12 17:33:05.690296235 +0100
|
||||
+++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-12-12 18:05:01.499195179 +0100
|
||||
@@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
|
||||
{
|
||||
RAND_OpenSSL()->add(in, inlen, entropy);
|
||||
if (FIPS_rand_status()) {
|
||||
- FIPS_drbg_reseed(ctx, NULL, 0);
|
||||
+ FIPS_drbg_reseed(ctx, in, inlen);
|
||||
}
|
||||
return 1;
|
||||
}
|
158
openssl.keyring
Normal file
158
openssl.keyring
Normal file
@ -0,0 +1,158 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQENBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay
|
||||
hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3
|
||||
iN7I8aU66yMt710nGEmcrR5E4u4NuNoHtnOBKEh+RCLGp5mo6hwbUYUzG3eUI/zi
|
||||
2hLApPpaATXnD3ZkhgtHV3ln3Z16nUWQAdIVToxYhvVno2EQsqe8Q3ifl2Uf0Ypa
|
||||
N19BDBrxM3WPOAKbJk0Ab1bjgEadavrFBCOl9CrbThewRGmkOdxJWaVkERXMShlz
|
||||
UzjJvKOUEUGOxJCmnfQimPQoCdQyVFLgHfRFABEBAAG0IE1hdHQgQ2Fzd2VsbCA8
|
||||
ZnJvZG9AYmFnZ2lucy5vcmc+iQE4BBMBAgAiBQJRgC7CAhsDBgsJCAcDAgYVCAIJ
|
||||
CgsEFgIDAQIeAQIXgAAKCRDZxNJtDmBEkWP+B/0SsWSeLGo+viob8935Uirei4Fv
|
||||
nzGOUV1w/dgDLSzavmysVxb4q9psp1vj1KEtm18vzZO79AeARGwWTQYGmFmrNRWZ
|
||||
2DgbjGyJ4LS5kLBqQ9FaF7vUFtml6R04yx+RTgQTg601XsAjeU8uSarmeZgGVMAI
|
||||
nsdMrUc74lJeWKSnovr4IFOdgiU/env19tK355bsfTvb0ksE5Q7wnnoRXdLyNet0
|
||||
AWf4ednWDEnRb6cIVDF28URjxH6yIfqAVe7VnuDB4Sfuck4R4gYFS/xGfTgocPUD
|
||||
Z4rUz8wleGLwDIiU7GpilmtZTl1FTPkFa/mqbcJgdVTJqLZO5vISJkZvqE5UiQEc
|
||||
BBABAgAGBQJUV6uPAAoJEPI0eUVcUbJ8A/4H/2h9ONzArTOEl5y/eN6jJrZc1Af3
|
||||
sC/CKxOVBJzpfVnda9O9Ldc4IFJG40ksNWuetDvShQTQtTy7dgne1lkfhud/uUG0
|
||||
uo5W2ZoYaHIXOqoC0uxCR3ctOQg5hiVsL5XPjR7YQT+0c/bDK4HWr2GgX7Fo03dt
|
||||
8LETRSjovUO2xPb8MFUNc9eZNokLPq9CbOMvmEdbZIt2EEXBOnhktdT0SvXu5E0t
|
||||
AC6HqZXAo+my1vSqDxxF9MlpDHysLKIM9G2mvLDbG583pYB3+DEYyr0F/vQIVEb+
|
||||
O8qUFaYCFaZKmEhIb3NC4SqLXV24+QKVu2NWtKY7wrg/rsmSI5/DmHVejXeJARwE
|
||||
EwECAAYFAlRX/6sACgkQumzaRh/o4CMu2AgAl1Th443nVuobOv3tKlC89l0m048J
|
||||
LG7fg8uMV0ejogQ7MAHkzQt/9uq5pQfDEtuIdLaoKqz93RtPECXfj/cBUT5iEkWl
|
||||
PmOOR4UXfKUahU3qHED9+niOmlip3vZII/92oGSHv4KXPHZHOFUPn+nvaNypnIWG
|
||||
TUJODueW9neoa+D8y3CC0KlZ9jTbwxSHVWTZjo8pezpJ1Fr4tE9bDibkWEm3pIcp
|
||||
demSodBatNliSFcj/VeOF2AV4ABSKH0PGSrZazrefdTKPGiz01ZHmPAb6qsbLd66
|
||||
94/brzuVz9YhoSRJCTqSmXmEowPbs8TsjfMeSQkkx4STSr86+DNYmG3Kc4kCHAQQ
|
||||
AQIABgUCVDuigAAKCRDfq1kqvdUvHHktD/9je36p4LXhLda0+NqWsh1Vm9dC9RxM
|
||||
023LqwoMNw6khLiLzzhmXKyazvV/q/lidPYCr3rWR3tCrmEkULogHf60unBghxYH
|
||||
xva5XvObFDVXDmMBTP2M3XvKIAQXhNk9I22HtfgYTIhI2Bs/D7HDFgszoBurLLQK
|
||||
l+rjDevDbeWbdXJZ7J4Z63kb0GaIIHnNXnvxWo7muomXfdKJEL8LIlmeUOh/ZYcI
|
||||
u8HMoGvDKYMeRZ9ph7f2Z7iJDCUmtMauLM/qPP9wiyzZKZE/wwapWkWL1KgAC+vt
|
||||
hwrFzcirkhvI2rnWUOeec+nEjmnnnPzA5tDtpyOQYqkcIf9hewkfA6l9js3fbf1i
|
||||
jCluP+nZjsbYb7MO9IT+bBQ1Jm0tjwu8MiX3HJZGl8CNBzk0UXImIl+0kSzSAnQg
|
||||
MK6EweTzDkCMIjVLRQAmpNw/8smvzu4JF3bX+w1S1MWZ5NNebCT5hs4kVhXT8Uvw
|
||||
TLmdt+afRpxtlKFxhJ05v6lNgV1o8CaOm1tmmgyqWM53/nGUi1XqtXu1+0uoO65f
|
||||
JMoJOjCoK+tHzNUvyoPmU/qhyCC0yftZHA0k1BRaI7Kf0ll+i+8laJceFlFr+k6/
|
||||
Be2Mzp/C/3KyK04nU3/jY9oyUKAjq5D1mb/Ht5TWEOPoSuUtlqzgWWpNxJWTq0xe
|
||||
jsLg/e/q5z7mR4kCHAQQAQIABgUCVDumsQAKCRDV6eQ/ffnujDUSD/9ar/zoYKhJ
|
||||
/SsEuhEZ+taED4YRgKy0eeaT7YPqtmGVcs4meww06Og9L9FeK/8Qn/pa3xnFtTvX
|
||||
K6XriSLly4DtmAZnwmtARidgXeXp+hfjEoeIXoAUpY88Af4FQhIkmJwcWRZYtM6x
|
||||
/Gno8+LyzQGrGNmeoNNLJ5t7RsvBHYRR44LQNbGpv8dN0LTOAWKCmnGmNn5cN9Uq
|
||||
BvrgJRsJvvBRtF/V53Y5giHX4N9C4VT21odQ4sEq3HrsofwEWDHnl0hEoWOpu3zu
|
||||
AcxsAdm4A113z2+WnTLcQnCRjmG7mGpDStLTiBcw45MsGOLnR2CgtNXEQOYp97/C
|
||||
wkgNF5rUyx/Owr63uw0EWOFkaqDWd8KPt4ZTmOcOUChVnEyFCXu9F3oD2ypbaM5O
|
||||
ielMwj3Uq8Br5c21g0qCeDAIUaNQLl6cFfPtD6jDiYNhVBgOGrlvHyGP3+mm+Ix3
|
||||
w2CpKmHv6z0ed2XWqQElBuOr2I8vcSos8SAK5oJz50t1joLP5PQ4T/FlbBBfXYgW
|
||||
PtEGsae9K/cXVSV6NSxcfXDtNggfDG1S4AkwH1Ka96AtrGutJCPm1xSMpMJ7m3+G
|
||||
5EfEqHnF5lnn/By+gZTvC+nnqGM4UolcAyz6FFVha/CtfoYBiXekUXnz6dDEgxm5
|
||||
fA7CVeo+TDg4LgvvHh+P+EuJKQ4lQqGQl4kCHAQQAQIABgUCVEJylwAKCRBDFxH3
|
||||
bRiS9VfrD/9yo5fWTBHdCMAVRsLa/rKSk0oB2jKXg+5Jo1m/FM3UF4JibDor8VLo
|
||||
TgKUXTn2eyqX3Dr6/3UiGFzU43kg+IG9ZdCLx8FwGAEo0MA7Tef7W0Drq00kAdVy
|
||||
dhS+1gi4NZc4Hj+rSYcYkto2/e+zlSmD5CB3X3kgTK3+qv7bQbGlLMxZfP1sWsUd
|
||||
jI2gWpxIeqqUZXM1CwIzqXWFEktKTov2CRLftk3pSQ6pS4sw60dpq2+e7EeARZfp
|
||||
WIHAG8PXCgbq2M8mhAZ1NADWgXRPHCN3MeDV3qM5Lj6ov2/i3Crmy1IV5Bxt6QLD
|
||||
A04Sbv5TpJ1tecriW2wTWUU3b/QWzFuCS+FUNSKWJe7tbQJyWQY+BtVZsMeFdjiY
|
||||
B8QrUY5WOc97tgBVXZG7+5ustM5d0VDk83sHnQrGxPVqQq57Pwi1JFTxM7YDzePX
|
||||
3KZVNXi5NR+EI69+Ej3cBRKpOUdAsq7ywKzlqiYtpcZD/uzJKi0F+AyOKLPFG4Ny
|
||||
f8eGqr75tDAXqdoE4fu6IKSybc3MKlX9+LiDyTlQmgoZIRmczHPfbCBQQln7NNk/
|
||||
6BegL87/yJYSZuR10SLzRNdYa2E1wliPZezrUxu6Y4OeYEIxL0/w6j7I1YFGqwR4
|
||||
83B2SdTXC1NKQVDUR6tbm/oDhNVo7mZ4VjUFJ7oS8en5+rbNv30svokCHAQQAQoA
|
||||
BgUCVD7PygAKCRAgZMU2QcJeXYG/D/9KUEi7mN50xURhILUp7KKJnS3WbGP32N+/
|
||||
/XXr1QIEiOuRhbCBp49Y9/Q9TGYFYGm42ClkMyGLW9Dp7zcyejjVrVRO5srQ5e9g
|
||||
q5IPgfeoa6Wu301YzsvO3RBa10dg9thA6HJsDlU+vyCnU8fKThdSS1aaYtBqEAUJ
|
||||
IzdFK0KIShqHyjKB31iVg2NL8AziBKHWIqr5Tyh84DFRuT+PAwwSYW5sy5j9wsyX
|
||||
FK1ZAfkmS9fJsrr3n0l9KsUYW8dJzLcdEmtS+dbJLAPrqbhssK1wk/NE1/N+8+Y6
|
||||
ocegn2lFfMheA6s+d1ejBnk0angY8ZGgLIvCuB/iTfivDefqM2KtbQBOqbw6rf3B
|
||||
TLlVVfiCbFo/RJgxoAQTKs4D+OH8RnWoNANoIOitpIpieBD2I0pFmVDob9sh0toV
|
||||
Hk8aDO6s6lNoEiLEJVWoh/6+qxsRX/rDAGyWO+4Oz6ctyS/laQjT2FxLGODZBMxj
|
||||
XrdyRXrC/nIcwYUlFfB3xX54xAo1j38OIauO9u93338LFLYAcpHhkW78nmkRxNa5
|
||||
SjiribecDj5/bzOI7G7gfTCKmEkUuZltCrG5MwSHorhGP/v8M+TeLsjkvzgm1Hd6
|
||||
0pf1+NXOPbZpiCq1S/yIs1zBEj1Q1t1PuJT+BYkOzlR/RhSJFSY/B4dBA+HxN/cY
|
||||
KzwNZN88HLQfTWF0dCBDYXN3ZWxsIDxtYXR0QG9wZW5zc2wub3JnPokBOAQTAQIA
|
||||
IgUCU96+vAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2cTSbQ5gRJGg
|
||||
PQf/WUQld+vrqt2+yTI6LTNTQBG9RceNuaZiRnsROR1eHtVr9OOfzVPenCavcXgh
|
||||
wsY0sPPgSDrvFur9PyuuwQ87HmdX+ZGdRP3tSaxC4udHbAsZtEG7bgUozuhfcpC+
|
||||
Ah0lZ3EccmyOkYJWITWYgUBEDOU37qne09udDMA2NHLuL89hT+eIZ2pVwyFydkJf
|
||||
kXtgfrDq3RmZgfebVB5ESdap/G7t7Iewi95syApMj9swbxnsqUtmFr0fCsVdAA8h
|
||||
JPqx9zVuUon0g1QMz2IroNH+6WTDt7SGYcuqNapizk/PJd6g2ew9cm3r3CIANiqP
|
||||
go0Mh02nVGgX2p9vWcT4MzquBokCHAQQAQoABgUCVD7PygAKCRAgZMU2QcJeXSx6
|
||||
EACM2ZWwnTz0FwLaQfqcAUEUee2rX03GwXgZsw00fIv+IRtCGvZ+c5OyP6Blujb+
|
||||
gylHK6sohL/JBqPO6y49HlQ+VOjo2iFzeFdoC8No936fKxfvM1NeocsXShb1rXak
|
||||
LDtiUj3UEqFbfdwrt7s6xqpNF6cEcci8sE8vGTSazNePui0C9NqV5Gh924MCNTwC
|
||||
EasEhXvyurKB8Sgo2X5lH3OutDlHnUuiNtJ10n8rRNe87ZKgKcPahjpsMKC87rqK
|
||||
55/sGLdqAndyXmnasHUKEd7bwQzq396SZgdKxlEruwQPyrecjaqf0CpHhGVsTpCi
|
||||
78IQ7jR6xZWdBBAAn6SeFKfxnDypx5thqXsWDRrzH5gTXAqN3BNUluTn0gQgqGVx
|
||||
dU5/uY0fHXlXjjyS/CcEBQlhMeMbXvnWCQ+IGOToRedpUwTENB1+TkdUz/RuQm/U
|
||||
EP2Lmkfx4XDj+R+lgbftQ6cfJtZccmvh+euWRcbJUlPXIeM6DJVRaL700R1VHrSi
|
||||
2oPXQi9YcMlyzh4BZ9fe3DIBiIDBDOURMGB75ULlCxi39H1H2Anf0/E11aPOOkr7
|
||||
oavD6AVziihQJ8LqNI2obdX+UwivoU35NXZMCifmTOcCbrCxw+Xih+X6EPC0qwhR
|
||||
pDevf7mqWxWVyu30hLv3YJOgmHEh+++GRzS7SL9iovev+4kBHAQQAQIABgUCU/p2
|
||||
2gAKCRA1IssGdHjPYDuZB/9arXoSdE0WGasdEfG+Qup0lL2rsfAYYXyCP08wVsZ0
|
||||
pBVmoby+hpIHEkcVH47Au+lYW9UTrvK3yMKEhSrxTzA9LIjC9Q0Mfms1CEo9oRa8
|
||||
2p2jM9Yy9thCMR21Xhq/GmCkaKuR3oK5ofMXngTf4eyMwCQYPcYhL69OVx+/60w0
|
||||
DbG6/nJ553Rd0qDTGxjk/gzji4VYe0rJcATZSIO5TjJdd2VATkDDvRWa2asvMMN+
|
||||
CcPL6U2iZi8g4s413CmImz5W8/u7R2v7dkRJ0FLbP3+OAiHFD6n7uD0WAhZKT4+H
|
||||
HSKbOnh6mMnyGMnyn2N5IvrEL3FM0cflUrKfqnbFa/KyiQEcBBABAgAGBQJUV6uP
|
||||
AAoJEPI0eUVcUbJ8OaoIALRdJKgFzcsDqtX4SeJpefJ4796u8O5B7w/16nXwOw7i
|
||||
2lDUpmz9+bwEliVOc8etFCRvB6nl/NSq8OUCdha5MIIJVoJn3EWz4LNHCcplxE0g
|
||||
zHfVMBaV8eB/+AEyvJ6QlaeN+PKBW3VPPGHxnBQBDdXmfIh2ceAkB9pCU6zN/lHV
|
||||
95fs+E3X028OAaN/uwbyaJYCmWxRYOA0nIA7A9C2UWugrnka1qISR6XtiOhjTe9u
|
||||
G9/K9FclJueW0FnFVXXwl+/O0epy4oOq199UoJvF0FEDChNvnAjjrS1iUOxGcvJ7
|
||||
/sSgCV3t8sYyNm+euCCXbKTdF5iPkpRvpSKauPjO5nmJARwEEwECAAYFAlRX/6sA
|
||||
CgkQumzaRh/o4CM5egf+J/+ia/Iqes82Gd5Q5I+I9yrNy+itjtEpBHNX3XrT+iJH
|
||||
BrRfVUN2MGW/ovElEOkxo7ZuA6c5zSnPBqsrzuLdacFR5LNMVrE2i5B7H5bcMGJ9
|
||||
AZPXud1YBTzbGaKCzdVnvW9EnrYSQK5eiDTQkPPJiHjrvz1QLrng7AJUFfWm4/xh
|
||||
RchpPT8cVHBRP7qAInkP1IYJ7dVDKOJRFsEM7J1Jx5M6vmSi1du1IvNsSeD19+8a
|
||||
fyWc5q88fJRx/DlRZ+y/R4OH8wj4fbwRwuMTqWLXAlY4A8r0AGXYhR5BN4jKZAyx
|
||||
pyq7hY64D9WNhojqYRYwxOADWn9GqxMfSesSCr1gzokCHAQQAQIABgUCVDuigAAK
|
||||
CRDfq1kqvdUvHGVQD/9WuFZgc24DIw3mAJKk2dNG+zIEmJx+EKRTqhwrs97y48xP
|
||||
0KWKGtmuEwx6fHDhBnHiOB41pixk2GD7K0XGy9sqTL3PBINgECgEPEhkmSLATqrp
|
||||
bYFA6IiAGlDtc7ySZ3qlajUgLGoUTuen5HfMxrF8waldv1IUm2MarkCYShz7/RD8
|
||||
Zq6VpnkqNAlUch9f3hnZgRI2MpuTRl2aij/vtPVzg01t5KFvfZLYI8OkJx57A1L+
|
||||
/8w6BEmKyC5WhNEEaH9uF5qhnZjZHsien7BZS7Tvkgb+6OMowS3ShNqUH3A2YVbW
|
||||
AupaLq1nRwvs7rTWDuoRMVZGGUm0SM08TUKkl16hWxsAJEzCCdVxO+8l5Ul26LkC
|
||||
KJLdeFPrJmutgQnPJOQ6Q/EsYYua3iNAbJp+hZ9quw0R0oiyO5b7Cn8P9KffpiY0
|
||||
01GQ4SqYrll80WJn1kUWp+QqvIvZC595aVmF9Fplqp24qXdXt2OMhzZF6FdSB0GS
|
||||
xplHgjR866XD2EjH6RgHZ/PTUYI9zjEEro2gk/BG5dshSa42nBkD+aJfmvjQ4CDI
|
||||
sccsHdYlLdtvujsN0F/rFRRKdIAPZhnbVB45AqNL81AUDEaXXWa93GyW58GjZy0i
|
||||
l29i0Zg/hMn7vhqt3pZY8GL9ND3J90rJuvls/zmeITIUR3wDH20ZdTw07P62RIkC
|
||||
HAQQAQIABgUCVDumsQAKCRDV6eQ/ffnujPWzD/43HZVkH0GTm9LpXlEvXGNGTmce
|
||||
y5majqUTmEOmqD2j3wJZZatW8uOCDCclKdjcwiL3B1DOZbrtVZqit4mK6uhxN/MW
|
||||
lgPnH3lO8o3xtmLNED3POZXkTUD1+VkOJRFiekg9Y9tVAn5CfUlu8/V/1p0smBvI
|
||||
HArJmhgpOy4ZzGtMTrlJHxNCuxlj+IAGL48xw+3zIrgpjuUoGHZwiLO0+bTls3Tt
|
||||
/xUvPH192OQlbBWIrby2uGfjaoM+iiRuuvztYzd/BpxLlbU61E7yYe9T/9Or35jh
|
||||
40T20KC9Ugv9etHER5QdtoNxrXJhkBGfGz9av/apTTgEuG2WeSlyFlom2scfuEsV
|
||||
XwXIHHewv9Hqpr9yIEi5vwSwEtn5/FFoAUl5cY3hN+6BMUTn7DEOIrKjuzyOwPTM
|
||||
mrS+BL8nUg/FgiO6KvdNBHMwW2cB97DTCo3ThL0Hr87i3J8bg0mB7jUIWcldAox2
|
||||
5vsKdGo9UBygEtHIHPojc5n3ludmeMpkMdM7pI8WvWfHqiOstaJhyyfWw+0RWr/c
|
||||
n5e2RaK9Ieef5PwCn6yrFmzR/KOnSV34XkBgfzMBf8J3OJzDZXDuZzw9ns/3fU25
|
||||
om3OsiCDLuXkRESLBCYBbYnenWiaUacDOkS+DqLw9P9SsPWIKOaz0cVnbPmZFIzu
|
||||
67KxPiPHmY9DZ0xuFYkCHAQQAQIABgUCVEJylwAKCRBDFxH3bRiS9VzQEACuEjJC
|
||||
doXPGk+e8orcS1Xq7/Y4FbtChfuYaqjreccV1fmTmY7EPMj6YARyVslM39TcwDwN
|
||||
gYhZ52pn7BtAGUVoz+p+A+kEerwUE2Id7J3yViH0kFk2ar3FZTUXA8rp3HhBKOZj
|
||||
P+d0FBEzTCEhS44s3SyoD+ByY7jZeTg0F9f2p4HBoEeEbTBcOR1fJv0NG/A+5lsc
|
||||
zfD6YDgJsT9C3TCLKV4AMRy/wDZjkHMoXYB0ttXASlFzjsMGsy0FwbgyAdg9XIIt
|
||||
7jrDuWHy9M9eVHCp8JBW+gEMq116Jmq1FT7/5VMBdK+o1fiU5zRRAPdYGfr9PWy5
|
||||
ygH7g6nl/jFV5XmRnnrgL7etWI07pjpoPWqHqjUTGg5UbnzMfRk9TnPBAJGXFJIw
|
||||
S2QszDEU3ApESc14NHrUUYVH4GvyeG5DYKZlz7HCpwtdpoYJ4DL2adE8U8qUmQkc
|
||||
izaoE8x8rf0h6qrQcOOw4H1vX/RdhDtxbcK/fOgaHeQYOa5+lcNAlE7lU3z/bl6f
|
||||
iB2hWlQdyzajceEoFJpxMm+QvRV/Z3wmwWeVPjZexFChbQVtaGagPJxXhid7rc2T
|
||||
o8egQq5gAAfUOPwB5YWnvmFnmq3o1zCy5wZGUcm9aU0/sNZjBa9J7Fisv6uCQblQ
|
||||
HA90wVUJ351GEm5Nh+j8oOpNafAgVim/zTaYS7kBDQRRgC7CAQgAz2dQkASmxUFj
|
||||
Ar3Y8/0yWjX961enomAEjryw4InFPDMGttPMiV69VBepb3N04MPo5spyAY24b4bo
|
||||
3Cfng/oxxGl3Z3Giv1gD7JojTJPoJWeHGxePBz++5Di0EAvq1+4wBdFUh4RWTbZw
|
||||
qTgckHrwiZcIJF3JGL0cgTmJOtkewcLiyMCyKuGVzSjyFTeCqQqHYSHBrr5TyXM3
|
||||
HTqGgURnEhVG16jPWPMIciYXsRfO0RwMhqY7y5yRUoC4psmAUaRTduS82BaVzw+D
|
||||
Hi1FQ0kYLUsTidippITB57VKkD9V7CIM5uP3s+jMJMXNEJQEKdK9oCVOekD3ROc4
|
||||
Mftqv4vloQARAQABiQEfBBgBAgAJBQJRgC7CAhsMAAoJENnE0m0OYESRCzYH/3pc
|
||||
H2HIWlf9uG7jVg2vudIDrl0OL134+Qyq8ummJyQbdVHjFdbLDMQlPDpbYM0zIU7q
|
||||
Y611daA12AMXscpli8cGvqnK20sAw/sF9YG9Tthjn24qZRJzm+XQ3OxpJvHk8NJA
|
||||
SRIgIsj7+EjC4Rc5vpnuA6tfsXW7LzdOYcU46MPaYuXmKxTMWFotWTR9lJj6YKCD
|
||||
f+KdvBvyDfX3VhuTYt9ead1oSx0TMwutPSDrAiCbJvPpR1W5U99I8aXLRVZUAbWw
|
||||
084KkC4mk1Xr5XGt1WIDHe9A9vHdfOoMVLUhKWd3SpL/tFfAy4UOlUf8EO/NByiK
|
||||
RaelFj+Wg8aRKDhMHto=
|
||||
=m5FY
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
27
showciphers.c
Normal file
27
showciphers.c
Normal file
@ -0,0 +1,27 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
int main() {
|
||||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
STACK_OF(SSL_CIPHER) *sk = NULL;
|
||||
const SSL_METHOD *meth = TLS_server_method();
|
||||
int i;
|
||||
const char *p;
|
||||
|
||||
ctx = SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
return 1;
|
||||
ssl = SSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
return 1;
|
||||
sk = SSL_get_ciphers(ssl);
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
|
||||
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
|
||||
p = SSL_CIPHER_get_name(c);
|
||||
if (p == NULL)
|
||||
break;
|
||||
printf("%s\n", p);
|
||||
}
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue
Block a user