diff options
| author | Fathi Boudra <fathi.boudra@linaro.org> | 2013-04-24 12:45:04 +0300 |
|---|---|---|
| committer | Fathi Boudra <fathi.boudra@linaro.org> | 2013-04-28 09:06:54 +0300 |
| commit | bb612d6a59521b30e8dbe7b91cd696e2980cbf6b (patch) | |
| tree | cf4e6c90666e011442623c3f2a5f35ec17fcb7c1 | |
| parent | f266c1ae405c7f4feb768de03d8810422b4e4ed3 (diff) | |
Imported Debian patch 1.0.1c-3ubuntu2.5~linaro2debian/1.0.1c-3ubuntu2.5_linaro2
49 files changed, 2117 insertions, 435 deletions
diff --git a/debian/changelog b/debian/changelog index e1e67e6..9c76aae 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +openssl (1.0.1c-3ubuntu2.5~linaro2) quantal; urgency=low + + * Update patches - merged upstream (): + - 0000-bsaes-armv7.patch + - 0000-crypto-modes-modes_lcl.h-let-STRICT_ALIGNMENT-be-on-.patch + - 0001-bsaes-armv7.pl-take-it-into-build-loop.patch + - 0002-bsaes-armv7.pl-add-bsaes_cbc_encrypt-and-bsaes_ctr32.patch + - 0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch + * Update debian/control: build on armhf architecture only. + + -- Fathi Boudra <fathi.boudra@linaro.org> Wed, 24 Apr 2013 12:45:04 +0300 + openssl (1.0.1c-3ubuntu2.5~linaro1) quantal; urgency=low * Add patches from Ard Biesheuvel: diff --git a/debian/control b/debian/control index 4651700..8868169 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ XS-Debian-Vcs-Svn: svn://svn.debian.org/pkg-openssl/openssl/ Package: openssl Priority: optional -Architecture: any +Architecture: armhf Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends} Suggests: ca-certificates Description: Secure Socket Layer (SSL) binary and related cryptographic tools @@ -30,7 +30,7 @@ Description: Secure Socket Layer (SSL) binary and related cryptographic tools Package: libssl1.0.0 Section: libs Priority: important -Architecture: any +Architecture: armhf Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} @@ -45,7 +45,7 @@ Package: libcrypto1.0.0-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional -Architecture: any +Architecture: armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: crypto shared library - udeb libcrypto shared library. @@ -56,7 +56,7 @@ Package: libssl1.0.0-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional -Architecture: any +Architecture: armhf Depends: ${shlibs:Depends}, ${misc:Depends} Description: ssl shared library - udeb libssl shared library. @@ -66,7 +66,7 @@ Description: ssl shared library - udeb Package: libssl-dev Section: libdevel Priority: optional -Architecture: any +Architecture: armhf Recommends: libssl-doc Depends: libssl1.0.0 (= ${binary:Version}), zlib1g-dev, ${misc:Depends} Description: SSL development libraries, header files and documentation @@ -91,7 +91,7 @@ Description: SSL development documentation documentation Package: libssl1.0.0-dbg Section: debug Priority: extra -Architecture: any +Architecture: armhf Multi-Arch: same Depends: libssl1.0.0 (= ${binary:Version}), ${misc:Depends} Description: Symbol tables for libssl and libcrypto diff --git a/debian/patches/0000-bsaes-armv7.patch b/debian/patches/0000-bsaes-armv7.patch new file mode 100644 index 0000000..bedf8a9 --- /dev/null +++ b/debian/patches/0000-bsaes-armv7.patch @@ -0,0 +1,990 @@ +--- + crypto/aes/asm/bsaes-armv7.pl | 983 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 983 insertions(+) + +--- /dev/null ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -0,0 +1,983 @@ ++#!/usr/bin/env perl ++ ++# ==================================================================== ++# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++ ++# Bit-sliced AES for ARM NEON ++# ++# February 2012. ++# ++# This implementation is direct adaptation of bsaes-x86_64 module for ++# ARM NEON. Except that this module is endian-neutral [in sense that ++# it can be compiled for either endianness] by courtesy of vld1.8's ++# neutrality. Initial version doesn't implement interface to OpenSSL, ++# only low-level primitives and unsupported entry points, just enough ++# to collect performance results, which for Cortex-A8 core are: ++# ++# encrypt 19.5 cycles per byte processed with 128-bit key ++# decrypt 24.0 cycles per byte processed with 128-bit key ++# key conv. 440 cycles per 128-bit key/0.18 of 8x block ++# ++# Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 22.6, ++# which is [much] worse than anticipated (for further details see ++# http://www.openssl.org/~appro/Snapdragon-S4.html). ++# ++# When comparing to x86_64 results keep in mind that NEON unit is ++# [mostly] single-issue and thus can't [fully] benefit from ++# instruction-level parallelism. And when comparing to aes-armv4 ++# results keep in mind key schedule conversion overhead (see ++# bsaes-x86_64.pl for further details)... ++# ++# <appro@openssl.org> ++ ++while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} ++open STDOUT,">$output"; ++ ++my ($inp,$out,$len,$key)=("r0","r1","r2","r3"); ++my @XMM=map("q$_",(0..15)); ++ ++{ ++my ($key,$rounds,$const)=("r4","r5","r6"); ++ ++sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } ++sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } ++ ++sub Sbox { ++# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb ++# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb ++my @b=@_[0..7]; ++my @t=@_[8..11]; ++my @s=@_[12..15]; ++ &InBasisChange (@b); ++ &Inv_GF256 (@b[6,5,0,3,7,1,4,2],@t,@s); ++ &OutBasisChange (@b[7,1,4,2,6,5,0,3]); ++} ++ ++sub InBasisChange { ++# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb ++# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb ++my @b=@_[0..7]; ++$code.=<<___; ++ veor @b[2], @b[2], @b[1] ++ veor @b[5], @b[5], @b[6] ++ veor @b[3], @b[3], @b[0] ++ veor @b[6], @b[6], @b[2] ++ veor @b[5], @b[5], @b[0] ++ ++ veor @b[6], @b[6], @b[3] ++ veor @b[3], @b[3], @b[7] ++ veor @b[7], @b[7], @b[5] ++ veor @b[3], @b[3], @b[4] ++ veor @b[4], @b[4], @b[5] ++ ++ veor @b[2], @b[2], @b[7] ++ veor @b[3], @b[3], @b[1] ++ veor @b[1], @b[1], @b[5] ++___ ++} ++ ++sub OutBasisChange { ++# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb ++# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb ++my @b=@_[0..7]; ++$code.=<<___; ++ veor @b[0], @b[0], @b[6] ++ veor @b[1], @b[1], @b[4] ++ veor @b[4], @b[4], @b[6] ++ veor @b[2], @b[2], @b[0] ++ veor @b[6], @b[6], @b[1] ++ ++ veor @b[1], @b[1], @b[5] ++ veor @b[5], @b[5], @b[3] ++ veor @b[3], @b[3], @b[7] ++ veor @b[7], @b[7], @b[5] ++ veor @b[2], @b[2], @b[5] ++ ++ veor @b[4], @b[4], @b[7] ++___ ++} ++ ++sub InvSbox { ++# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb ++# output in lsb > [b0, b1, b6, b4, b2, b7, b3, b5] < msb ++my @b=@_[0..7]; ++my @t=@_[8..11]; ++my @s=@_[12..15]; ++ &InvInBasisChange (@b); ++ &Inv_GF256 (@b[5,1,2,6,3,7,0,4],@t,@s); ++ &InvOutBasisChange (@b[3,7,0,4,5,1,2,6]); ++} ++ ++sub InvInBasisChange { # OutBasisChange in reverse (with twist) ++my @b=@_[5,1,2,6,3,7,0,4]; ++$code.=<<___ ++ veor @b[1], @b[1], @b[7] ++ veor @b[4], @b[4], @b[7] ++ ++ veor @b[7], @b[7], @b[5] ++ veor @b[1], @b[1], @b[3] ++ veor @b[2], @b[2], @b[5] ++ veor @b[3], @b[3], @b[7] ++ ++ veor @b[6], @b[6], @b[1] ++ veor @b[2], @b[2], @b[0] ++ veor @b[5], @b[5], @b[3] ++ veor @b[4], @b[4], @b[6] ++ veor @b[0], @b[0], @b[6] ++ veor @b[1], @b[1], @b[4] ++___ ++} ++ ++sub InvOutBasisChange { # InBasisChange in reverse ++my @b=@_[2,5,7,3,6,1,0,4]; ++$code.=<<___; ++ veor @b[1], @b[1], @b[5] ++ veor @b[2], @b[2], @b[7] ++ ++ veor @b[3], @b[3], @b[1] ++ veor @b[4], @b[4], @b[5] ++ veor @b[7], @b[7], @b[5] ++ veor @b[3], @b[3], @b[4] ++ veor @b[5], @b[5], @b[0] ++ veor @b[3], @b[3], @b[7] ++ veor @b[6], @b[6], @b[2] ++ veor @b[2], @b[2], @b[1] ++ veor @b[6], @b[6], @b[3] ++ ++ veor @b[3], @b[3], @b[0] ++ veor @b[5], @b[5], @b[6] ++___ ++} ++ ++sub Mul_GF4 { ++#;************************************************************* ++#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) * ++#;************************************************************* ++my ($x0,$x1,$y0,$y1,$t0,$t1)=@_; ++$code.=<<___; ++ veor $t0, $y0, $y1 ++ vand $t0, $t0, $x0 ++ veor $x0, $x0, $x1 ++ vand $t1, $x1, $y0 ++ vand $x0, $x0, $y1 ++ veor $x1, $t1, $t0 ++ veor $x0, $x0, $t1 ++___ ++} ++ ++sub Mul_GF4_N { # not used, see next subroutine ++# multiply and scale by N ++my ($x0,$x1,$y0,$y1,$t0)=@_; ++$code.=<<___; ++ veor $t0, $y0, $y1 ++ vand $t0, $t0, $x0 ++ veor $x0, $x0, $x1 ++ vand $x1, $x1, $y0 ++ vand $x0, $x0, $y1 ++ veor $x1, $x1, $x0 ++ veor $x0, $x0, $t0 ++___ ++} ++ ++sub Mul_GF4_N_GF4 { ++# interleaved Mul_GF4_N and Mul_GF4 ++my ($x0,$x1,$y0,$y1,$t0, ++ $x2,$x3,$y2,$y3,$t1)=@_; ++$code.=<<___; ++ veor $t0, $y0, $y1 ++ veor $t1, $y2, $y3 ++ vand $t0, $t0, $x0 ++ vand $t1, $t1, $x2 ++ veor $x0, $x0, $x1 ++ veor $x2, $x2, $x3 ++ vand $x1, $x1, $y0 ++ vand $x3, $x3, $y2 ++ vand $x0, $x0, $y1 ++ vand $x2, $x2, $y3 ++ veor $x1, $x1, $x0 ++ veor $x2, $x2, $x3 ++ veor $x0, $x0, $t0 ++ veor $x3, $x3, $t1 ++___ ++} ++sub Mul_GF16_2 { ++my @x=@_[0..7]; ++my @y=@_[8..11]; ++my @t=@_[12..15]; ++$code.=<<___; ++ veor @t[0], @x[0], @x[2] ++ veor @t[1], @x[1], @x[3] ++___ ++ &Mul_GF4 (@x[0], @x[1], @y[0], @y[1], @t[2..3]); ++$code.=<<___; ++ veor @y[0], @y[0], @y[2] ++ veor @y[1], @y[1], @y[3] ++___ ++ Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], ++ @x[2], @x[3], @y[2], @y[3], @t[2]); ++$code.=<<___; ++ veor @x[0], @x[0], @t[0] ++ veor @x[2], @x[2], @t[0] ++ veor @x[1], @x[1], @t[1] ++ veor @x[3], @x[3], @t[1] ++ ++ veor @t[0], @x[4], @x[6] ++ veor @t[1], @x[5], @x[7] ++___ ++ &Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], ++ @x[6], @x[7], @y[2], @y[3], @t[2]); ++$code.=<<___; ++ veor @y[0], @y[0], @y[2] ++ veor @y[1], @y[1], @y[3] ++___ ++ &Mul_GF4 (@x[4], @x[5], @y[0], @y[1], @t[2..3]); ++$code.=<<___; ++ veor @x[4], @x[4], @t[0] ++ veor @x[6], @x[6], @t[0] ++ veor @x[5], @x[5], @t[1] ++ veor @x[7], @x[7], @t[1] ++___ ++} ++sub Inv_GF256 { ++#;******************************************************************** ++#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144) * ++#;******************************************************************** ++my @x=@_[0..7]; ++my @t=@_[8..11]; ++my @s=@_[12..15]; ++# direct optimizations from hardware ++$code.=<<___; ++ veor @t[3], @x[4], @x[6] ++ veor @t[2], @x[5], @x[7] ++ veor @t[1], @x[1], @x[3] ++ veor @s[1], @x[7], @x[6] ++ vmov @t[0], @t[2] ++ veor @s[0], @x[0], @x[2] ++ ++ vorr @t[2], @t[2], @t[1] ++ veor @s[3], @t[3], @t[0] ++ vand @s[2], @t[3], @s[0] ++ vorr @t[3], @t[3], @s[0] ++ veor @s[0], @s[0], @t[1] ++ vand @t[0], @t[0], @t[1] ++ veor @t[1], @x[3], @x[2] ++ vand @s[3], @s[3], @s[0] ++ vand @s[1], @s[1], @t[1] ++ veor @t[1], @x[4], @x[5] ++ veor @s[0], @x[1], @x[0] ++ veor @t[3], @t[3], @s[1] ++ veor @t[2], @t[2], @s[1] ++ vand @s[1], @t[1], @s[0] ++ vorr @t[1], @t[1], @s[0] ++ veor @t[3], @t[3], @s[3] ++ veor @t[0], @t[0], @s[1] ++ veor @t[2], @t[2], @s[2] ++ veor @t[1], @t[1], @s[3] ++ veor @t[0], @t[0], @s[2] ++ vand @s[0], @x[7], @x[3] ++ veor @t[1], @t[1], @s[2] ++ vand @s[1], @x[6], @x[2] ++ vand @s[2], @x[5], @x[1] ++ vorr @s[3], @x[4], @x[0] ++ veor @t[3], @t[3], @s[0] ++ veor @t[1], @t[1], @s[2] ++ veor @t[0], @t[0], @s[3] ++ veor @t[2], @t[2], @s[1] ++ ++ @ Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 ++ ++ @ new smaller inversion ++ ++ vand @s[2], @t[3], @t[1] ++ vmov @s[0], @t[0] ++ ++ veor @s[1], @t[2], @s[2] ++ veor @s[3], @t[0], @s[2] ++ veor @s[2], @t[0], @s[2] @ @s[2]=@s[3] ++ ++ vbsl @s[1], @t[1], @t[0] ++ vbsl @s[3], @t[3], @t[2] ++ veor @t[3], @t[3], @t[2] ++ ++ vbsl @s[0], @s[1], @s[2] ++ vbsl @t[0], @s[2], @s[1] ++ ++ vand @s[2], @s[0], @s[3] ++ veor @t[1], @t[1], @t[0] ++ ++ veor @s[2], @s[2], @t[3] ++___ ++# output in s3, s2, s1, t1 ++ ++# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3 ++ ++# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3 ++ &Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]); ++ ++### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb ++} ++ ++# AES linear components ++ ++sub ShiftRows { ++my @x=@_[0..7]; ++my @t=@_[8..11]; ++my $mask=pop; ++$code.=<<___; ++ vldmia $key!, {@t[0]-@t[3]} ++ veor @t[0], @t[0], @x[0] ++ veor @t[1], @t[1], @x[1] ++ vtbl.8 `&Dlo(@x[0])`, {@t[0]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[0])`, {@t[0]}, `&Dhi($mask)` ++ vldmia $key!, {@t[0]} ++ veor @t[2], @t[2], @x[2] ++ vtbl.8 `&Dlo(@x[1])`, {@t[1]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[1])`, {@t[1]}, `&Dhi($mask)` ++ vldmia $key!, {@t[1]} ++ veor @t[3], @t[3], @x[3] ++ vtbl.8 `&Dlo(@x[2])`, {@t[2]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[2])`, {@t[2]}, `&Dhi($mask)` ++ vldmia $key!, {@t[2]} ++ vtbl.8 `&Dlo(@x[3])`, {@t[3]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[3])`, {@t[3]}, `&Dhi($mask)` ++ vldmia $key!, {@t[3]} ++ veor @t[0], @t[0], @x[4] ++ veor @t[1], @t[1], @x[5] ++ vtbl.8 `&Dlo(@x[4])`, {@t[0]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[4])`, {@t[0]}, `&Dhi($mask)` ++ veor @t[2], @t[2], @x[6] ++ vtbl.8 `&Dlo(@x[5])`, {@t[1]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[5])`, {@t[1]}, `&Dhi($mask)` ++ veor @t[3], @t[3], @x[7] ++ vtbl.8 `&Dlo(@x[6])`, {@t[2]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[6])`, {@t[2]}, `&Dhi($mask)` ++ vtbl.8 `&Dlo(@x[7])`, {@t[3]}, `&Dlo($mask)` ++ vtbl.8 `&Dhi(@x[7])`, {@t[3]}, `&Dhi($mask)` ++___ ++} ++ ++sub MixColumns { ++# modified to emit output in order suitable for feeding back to aesenc[last] ++my @x=@_[0..7]; ++my @t=@_[8..15]; ++$code.=<<___; ++ vext.8 @t[0], @x[0], @x[0], #12 @ x0 <<< 32 ++ vext.8 @t[1], @x[1], @x[1], #12 ++ veor @x[0], @x[0], @t[0] @ x0 ^ (x0 <<< 32) ++ vext.8 @t[2], @x[2], @x[2], #12 ++ veor @x[1], @x[1], @t[1] ++ vext.8 @t[3], @x[3], @x[3], #12 ++ veor @x[2], @x[2], @t[2] ++ vext.8 @t[4], @x[4], @x[4], #12 ++ veor @x[3], @x[3], @t[3] ++ vext.8 @t[5], @x[5], @x[5], #12 ++ veor @x[4], @x[4], @t[4] ++ vext.8 @t[6], @x[6], @x[6], #12 ++ veor @x[5], @x[5], @t[5] ++ vext.8 @t[7], @x[7], @x[7], #12 ++ veor @x[6], @x[6], @t[6] ++ ++ veor @t[1], @t[1], @x[0] ++ veor @x[7], @x[7], @t[7] ++ vext.8 @x[0], @x[0], @x[0], #8 @ (x0 ^ (x0 <<< 32)) <<< 64) ++ veor @t[2], @t[2], @x[1] ++ veor @t[0], @t[0], @x[7] ++ veor @t[1], @t[1], @x[7] ++ vext.8 @x[1], @x[1], @x[1], #8 ++ veor @t[5], @t[5], @x[4] ++ veor @x[0], @x[0], @t[0] ++ veor @t[6], @t[6], @x[5] ++ veor @x[1], @x[1], @t[1] ++ vext.8 @t[0], @x[4], @x[4], #8 ++ veor @t[4], @t[4], @x[3] ++ vext.8 @t[1], @x[5], @x[5], #8 ++ veor @t[7], @t[7], @x[6] ++ vext.8 @x[4], @x[3], @x[3], #8 ++ veor @t[3], @t[3], @x[2] ++ vext.8 @x[5], @x[7], @x[7], #8 ++ veor @t[4], @t[4], @x[7] ++ vext.8 @x[3], @x[6], @x[6], #8 ++ veor @t[3], @t[3], @x[7] ++ vext.8 @x[6], @x[2], @x[2], #8 ++ veor @x[7], @t[1], @t[5] ++ veor @x[2], @t[0], @t[4] ++ ++ veor @x[4], @x[4], @t[3] ++ veor @x[5], @x[5], @t[7] ++ veor @x[3], @x[3], @t[6] ++ @ vmov @x[2], @t[0] ++ veor @x[6], @x[6], @t[2] ++ @ vmov @x[7], @t[1] ++___ ++} ++ ++sub InvMixColumns { ++my @x=@_[0..7]; ++my @t=@_[8..15]; ++ ++$code.=<<___; ++ @ multiplication by 0x0e ++ vext.8 @t[7], @x[7], @x[7], #12 ++ vmov @t[2], @x[2] ++ veor @x[2], @x[2], @x[5] @ 2 5 ++ veor @x[7], @x[7], @x[5] @ 7 5 ++ vext.8 @t[0], @x[0], @x[0], #12 ++ vmov @t[5], @x[5] ++ veor @x[5], @x[5], @x[0] @ 5 0 [1] ++ veor @x[0], @x[0], @x[1] @ 0 1 ++ vext.8 @t[1], @x[1], @x[1], #12 ++ veor @x[1], @x[1], @x[2] @ 1 25 ++ veor @x[0], @x[0], @x[6] @ 01 6 [2] ++ vext.8 @t[3], @x[3], @x[3], #12 ++ veor @x[1], @x[1], @x[3] @ 125 3 [4] ++ veor @x[2], @x[2], @x[0] @ 25 016 [3] ++ veor @x[3], @x[3], @x[7] @ 3 75 ++ veor @x[7], @x[7], @x[6] @ 75 6 [0] ++ vext.8 @t[6], @x[6], @x[6], #12 ++ vmov @t[4], @x[4] ++ veor @x[6], @x[6], @x[4] @ 6 4 ++ veor @x[4], @x[4], @x[3] @ 4 375 [6] ++ veor @x[3], @x[3], @x[7] @ 375 756=36 ++ veor @x[6], @x[6], @t[5] @ 64 5 [7] ++ veor @x[3], @x[3], @t[2] @ 36 2 ++ vext.8 @t[5], @t[5], @t[5], #12 ++ veor @x[3], @x[3], @t[4] @ 362 4 [5] ++___ ++ my @y = @x[7,5,0,2,1,3,4,6]; ++$code.=<<___; ++ @ multiplication by 0x0b ++ veor @y[1], @y[1], @y[0] ++ veor @y[0], @y[0], @t[0] ++ vext.8 @t[2], @t[2], @t[2], #12 ++ veor @y[1], @y[1], @t[1] ++ veor @y[0], @y[0], @t[5] ++ vext.8 @t[4], @t[4], @t[4], #12 ++ veor @y[1], @y[1], @t[6] ++ veor @y[0], @y[0], @t[7] ++ veor @t[7], @t[7], @t[6] @ clobber t[7] ++ ++ veor @y[3], @y[3], @t[0] ++ veor @y[1], @y[1], @y[0] ++ vext.8 @t[0], @t[0], @t[0], #12 ++ veor @y[2], @y[2], @t[1] ++ veor @y[4], @y[4], @t[1] ++ vext.8 @t[1], @t[1], @t[1], #12 ++ veor @y[2], @y[2], @t[2] ++ veor @y[3], @y[3], @t[2] ++ veor @y[5], @y[5], @t[2] ++ veor @y[2], @y[2], @t[7] ++ vext.8 @t[2], @t[2], @t[2], #12 ++ veor @y[3], @y[3], @t[3] ++ veor @y[6], @y[6], @t[3] ++ veor @y[4], @y[4], @t[3] ++ veor @y[7], @y[7], @t[4] ++ vext.8 @t[3], @t[3], @t[3], #12 ++ veor @y[5], @y[5], @t[4] ++ veor @y[7], @y[7], @t[7] ++ veor @t[7], @t[7], @t[5] @ clobber t[7] even more ++ veor @y[3], @y[3], @t[5] ++ veor @y[4], @y[4], @t[4] ++ ++ veor @y[5], @y[5], @t[7] ++ vext.8 @t[4], @t[4], @t[4], #12 ++ veor @y[6], @y[6], @t[7] ++ veor @y[4], @y[4], @t[7] ++ ++ veor @t[7], @t[7], @t[5] ++ vext.8 @t[5], @t[5], @t[5], #12 ++ ++ @ multiplication by 0x0d ++ veor @y[4], @y[4], @y[7] ++ veor @t[7], @t[7], @t[6] @ restore t[7] ++ veor @y[7], @y[7], @t[4] ++ vext.8 @t[6], @t[6], @t[6], #12 ++ veor @y[2], @y[2], @t[0] ++ veor @y[7], @y[7], @t[5] ++ vext.8 @t[7], @t[7], @t[7], #12 ++ veor @y[2], @y[2], @t[2] ++ ++ veor @y[3], @y[3], @y[1] ++ veor @y[1], @y[1], @t[1] ++ veor @y[0], @y[0], @t[0] ++ veor @y[3], @y[3], @t[0] ++ veor @y[1], @y[1], @t[5] ++ veor @y[0], @y[0], @t[5] ++ vext.8 @t[0], @t[0], @t[0], #12 ++ veor @y[1], @y[1], @t[7] ++ veor @y[0], @y[0], @t[6] ++ veor @y[3], @y[3], @y[1] ++ veor @y[4], @y[4], @t[1] ++ vext.8 @t[1], @t[1], @t[1], #12 ++ ++ veor @y[7], @y[7], @t[7] ++ veor @y[4], @y[4], @t[2] ++ veor @y[5], @y[5], @t[2] ++ veor @y[2], @y[2], @t[6] ++ veor @t[6], @t[6], @t[3] @ clobber t[6] ++ vext.8 @t[2], @t[2], @t[2], #12 ++ veor @y[4], @y[4], @y[7] ++ veor @y[3], @y[3], @t[6] ++ ++ veor @y[6], @y[6], @t[6] ++ veor @y[5], @y[5], @t[5] ++ vext.8 @t[5], @t[5], @t[5], #12 ++ veor @y[6], @y[6], @t[4] ++ vext.8 @t[4], @t[4], @t[4], #12 ++ veor @y[5], @y[5], @t[6] ++ veor @y[6], @y[6], @t[7] ++ vext.8 @t[7], @t[7], @t[7], #12 ++ veor @t[6], @t[6], @t[3] @ restore t[6] ++ vext.8 @t[3], @t[3], @t[3], #12 ++ ++ @ multiplication by 0x09 ++ veor @y[4], @y[4], @y[1] ++ veor @t[1], @t[1], @y[1] @ t[1]=y[1] ++ veor @t[0], @t[0], @t[5] @ clobber t[0] ++ vext.8 @t[6], @t[6], @t[6], #12 ++ veor @t[1], @t[1], @t[5] ++ veor @y[3], @y[3], @t[0] ++ veor @t[0], @t[0], @y[0] @ t[0]=y[0] ++ veor @t[1], @t[1], @t[6] ++ veor @t[6], @t[6], @t[7] @ clobber t[6] ++ veor @y[4], @y[4], @t[1] ++ veor @y[7], @y[7], @t[4] ++ veor @y[6], @y[6], @t[3] ++ veor @y[5], @y[5], @t[2] ++ veor @t[4], @t[4], @y[4] @ t[4]=y[4] ++ veor @t[3], @t[3], @y[3] @ t[3]=y[3] ++ veor @t[5], @t[5], @y[5] @ t[5]=y[5] ++ veor @t[2], @t[2], @y[2] @ t[2]=y[2] ++ veor @t[3], @t[3], @t[7] ++ veor @XMM[5], @t[5], @t[6] ++ veor @XMM[6], @t[6], @y[6] @ t[6]=y[6] ++ veor @XMM[2], @t[2], @t[6] ++ veor @XMM[7], @t[7], @y[7] @ t[7]=y[7] ++ ++ vmov @XMM[0], @t[0] ++ vmov @XMM[1], @t[1] ++ @ vmov @XMM[2], @t[2] ++ vmov @XMM[3], @t[3] ++ vmov @XMM[4], @t[4] ++ @ vmov @XMM[5], @t[5] ++ @ vmov @XMM[6], @t[6] ++ @ vmov @XMM[7], @t[7] ++___ ++} ++ ++sub swapmove { ++my ($a,$b,$n,$mask,$t)=@_; ++$code.=<<___; ++ vshr.u64 $t, $b, #$n ++ veor $t, $t, $a ++ vand $t, $t, $mask ++ veor $a, $a, $t ++ vshl.u64 $t, $t, #$n ++ veor $b, $b, $t ++___ ++} ++sub swapmove2x { ++my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_; ++$code.=<<___; ++ vshr.u64 $t0, $b0, #$n ++ vshr.u64 $t1, $b1, #$n ++ veor $t0, $t0, $a0 ++ veor $t1, $t1, $a1 ++ vand $t0, $t0, $mask ++ vand $t1, $t1, $mask ++ veor $a0, $a0, $t0 ++ vshl.u64 $t0, $t0, #$n ++ veor $a1, $a1, $t1 ++ vshl.u64 $t1, $t1, #$n ++ veor $b0, $b0, $t0 ++ veor $b1, $b1, $t1 ++___ ++} ++ ++sub bitslice { ++my @x=reverse(@_[0..7]); ++my ($t0,$t1,$t2,$t3)=@_[8..11]; ++$code.=<<___; ++ vmov.i8 $t0,#0x55 @ compose .LBS0 ++ vmov.i8 $t1,#0x33 @ compose .LBS1 ++___ ++ &swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3); ++ &swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); ++$code.=<<___; ++ vmov.i8 $t0,#0x0f @ compose .LBS2 ++___ ++ &swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3); ++ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); ++ ++ &swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3); ++ &swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3); ++} ++ ++$code.=<<___; ++.text ++.code 32 ++.fpu neon ++ ++.type _bsaes_decrypt8,%function ++.align 4 ++_bsaes_decrypt8: ++ sub $const,pc,#8 @ _bsaes_decrypt8 ++ vldmia $key!, {@XMM[9]} @ round 0 key ++ add $const,$const,#.LM0ISR-_bsaes_decrypt8 ++ ++ vldmia $const!, {@XMM[8]} @ .LM0ISR ++ veor @XMM[10], @XMM[0], @XMM[9] @ xor with round0 key ++ veor @XMM[11], @XMM[1], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])` ++ veor @XMM[12], @XMM[2], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])` ++ veor @XMM[13], @XMM[3], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])` ++ veor @XMM[14], @XMM[4], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])` ++ veor @XMM[15], @XMM[5], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])` ++ veor @XMM[10], @XMM[6], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])` ++ veor @XMM[11], @XMM[7], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])` ++ vtbl.8 `&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])` ++___ ++ &bitslice (@XMM[0..7, 8..11]); ++$code.=<<___; ++ sub $rounds,$rounds,#1 ++ b .Ldec_sbox ++.align 4 ++.Ldec_loop: ++___ ++ &ShiftRows (@XMM[0..7, 8..12]); ++$code.=".Ldec_sbox:\n"; ++ &InvSbox (@XMM[0..7, 8..15]); ++$code.=<<___; ++ subs $rounds,$rounds,#1 ++ bcc .Ldec_done ++___ ++ &InvMixColumns (@XMM[0,1,6,4,2,7,3,5, 8..15]); ++$code.=<<___; ++ vldmia $const, {@XMM[12]} @ .LISR ++ addeq $const,$const,#0x10 ++ bne .Ldec_loop ++ vldmia $const, {@XMM[12]} @ .LISRM0 ++ b .Ldec_loop ++.align 4 ++.Ldec_done: ++___ ++ &bitslice (@XMM[0,1,6,4,2,7,3,5, 8..11]); ++$code.=<<___; ++ vldmia $key, {@XMM[8]} @ last round key ++ veor @XMM[6], @XMM[6], @XMM[8] ++ veor @XMM[4], @XMM[4], @XMM[8] ++ veor @XMM[2], @XMM[2], @XMM[8] ++ veor @XMM[7], @XMM[7], @XMM[8] ++ veor @XMM[3], @XMM[3], @XMM[8] ++ veor @XMM[5], @XMM[5], @XMM[8] ++ veor @XMM[0], @XMM[0], @XMM[8] ++ veor @XMM[1], @XMM[1], @XMM[8] ++ bx lr ++.size _bsaes_decrypt8,.-_bsaes_decrypt8 ++ ++.type _bsaes_const,%object ++.align 6 ++_bsaes_const: ++.LM0ISR: @ InvShiftRows constants ++ .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 ++.LISR: ++ .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 ++.LISRM0: ++ .quad 0x01040b0e0205080f, 0x0306090c00070a0d ++.LM0SR: @ ShiftRows constants ++ .quad 0x0a0e02060f03070b, 0x0004080c05090d01 ++.LSR: ++ .quad 0x0504070600030201, 0x0f0e0d0c0a09080b ++.LSRM0: ++ .quad 0x0304090e00050a0f, 0x01060b0c0207080d ++.LM0: ++ .quad 0x02060a0e03070b0f, 0x0004080c0105090d ++.asciz "Bit-sliced AES for NEON, CRYPTOGAMS by <appro\@openssl.org>" ++.align 6 ++.size _bsaes_const,.-_bsaes_const ++ ++.type _bsaes_encrypt8,%function ++.align 4 ++_bsaes_encrypt8: ++ sub $const,pc,#8 @ _bsaes_encrypt8 ++ vldmia $key!, {@XMM[9]} @ round 0 key ++ sub $const,$const,#_bsaes_encrypt8-.LM0SR ++ ++ vldmia $const!, {@XMM[8]} @ .LM0SR ++ veor @XMM[10], @XMM[0], @XMM[9] @ xor with round0 key ++ veor @XMM[11], @XMM[1], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])` ++ veor @XMM[12], @XMM[2], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])` ++ veor @XMM[13], @XMM[3], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])` ++ veor @XMM[14], @XMM[4], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])` ++ veor @XMM[15], @XMM[5], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])` ++ veor @XMM[10], @XMM[6], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])` ++ veor @XMM[11], @XMM[7], @XMM[9] ++ vtbl.8 `&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])` ++ vtbl.8 `&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])` ++ vtbl.8 `&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])` ++_bsaes_encrypt8_bitslice: ++___ ++ &bitslice (@XMM[0..7, 8..11]); ++$code.=<<___; ++ sub $rounds,$rounds,#1 ++ b .Lenc_sbox ++.align 4 ++.Lenc_loop: ++___ ++ &ShiftRows (@XMM[0..7, 8..12]); ++$code.=".Lenc_sbox:\n"; ++ &Sbox (@XMM[0..7, 8..15]); ++$code.=<<___; ++ subs $rounds,$rounds,#1 ++ bcc .Lenc_done ++___ ++ &MixColumns (@XMM[0,1,4,6,3,7,2,5, 8..15]); ++$code.=<<___; ++ vldmia $const, {@XMM[12]} @ .LSR ++ addeq $const,$const,#0x10 ++ bne .Lenc_loop ++ vldmia $const, {@XMM[12]} @ .LSRM0 ++ b .Lenc_loop ++.align 4 ++.Lenc_done: ++___ ++ # output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb ++ &bitslice (@XMM[0,1,4,6,3,7,2,5, 8..11]); ++$code.=<<___; ++ vldmia $key, {@XMM[8]} @ last round key ++ veor @XMM[4], @XMM[4], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[8] ++ veor @XMM[3], @XMM[3], @XMM[8] ++ veor @XMM[7], @XMM[7], @XMM[8] ++ veor @XMM[2], @XMM[2], @XMM[8] ++ veor @XMM[5], @XMM[5], @XMM[8] ++ veor @XMM[0], @XMM[0], @XMM[8] ++ veor @XMM[1], @XMM[1], @XMM[8] ++ bx lr ++.size _bsaes_encrypt8,.-_bsaes_encrypt8 ++___ ++} ++{ ++my ($out,$inp,$rounds,$const)=("r12","r4","r5","r6"); ++ ++sub bitslice_key { ++my @x=reverse(@_[0..7]); ++my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12]; ++ ++ &swapmove (@x[0,1],1,$bs0,$t2,$t3); ++$code.=<<___; ++ @ &swapmove(@x[2,3],1,$t0,$t2,$t3); ++ vmov @x[2], @x[0] ++ vmov @x[3], @x[1] ++___ ++ #&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); ++ ++ &swapmove2x (@x[0,2,1,3],2,$bs1,$t2,$t3); ++$code.=<<___; ++ @ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); ++ vmov @x[4], @x[0] ++ vmov @x[6], @x[2] ++ vmov @x[5], @x[1] ++ vmov @x[7], @x[3] ++___ ++ &swapmove2x (@x[0,4,1,5],4,$bs2,$t2,$t3); ++ &swapmove2x (@x[2,6,3,7],4,$bs2,$t2,$t3); ++} ++ ++$code.=<<___; ++.type _bsaes_key_convert,%function ++.align 4 ++_bsaes_key_convert: ++ sub $const,pc,#8 @ _bsaes_key_convert ++ vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key ++ sub $const,$const,#_bsaes_key_convert-.LM0 ++ vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key ++ ++ vmov.i8 @XMM[8], #0x01 @ bit masks ++ vmov.i8 @XMM[9], #0x02 ++ vmov.i8 @XMM[10], #0x04 ++ vmov.i8 @XMM[11], #0x08 ++ vmov.i8 @XMM[12], #0x10 ++ vmov.i8 @XMM[13], #0x20 ++ vldmia $const, {@XMM[14]} @ .LM0 ++ ++#ifdef __ARMEL__ ++ vrev32.8 @XMM[7], @XMM[7] ++ vrev32.8 @XMM[15], @XMM[15] ++#endif ++ sub $rounds,$rounds,#1 ++ vstmia $out!, {@XMM[7]} @ save round 0 key ++ b .Lkey_loop ++ ++.align 4 ++.Lkey_loop: ++ vtbl.8 `&Dlo(@XMM[7])`,{@XMM[15]},`&Dlo(@XMM[14])` ++ vtbl.8 `&Dhi(@XMM[7])`,{@XMM[15]},`&Dhi(@XMM[14])` ++ vmov.i8 @XMM[6], #0x40 ++ vmov.i8 @XMM[15], #0x80 ++ ++ vtst.8 @XMM[0], @XMM[7], @XMM[8] ++ vtst.8 @XMM[1], @XMM[7], @XMM[9] ++ vtst.8 @XMM[2], @XMM[7], @XMM[10] ++ vtst.8 @XMM[3], @XMM[7], @XMM[11] ++ vtst.8 @XMM[4], @XMM[7], @XMM[12] ++ vtst.8 @XMM[5], @XMM[7], @XMM[13] ++ vtst.8 @XMM[6], @XMM[7], @XMM[6] ++ vtst.8 @XMM[7], @XMM[7], @XMM[15] ++ vld1.8 {@XMM[15]}, [$inp]! @ load next round key ++ vmvn @XMM[0], @XMM[0] @ "pnot" ++ vmvn @XMM[1], @XMM[1] ++ vmvn @XMM[5], @XMM[5] ++ vmvn @XMM[6], @XMM[6] ++#ifdef __ARMEL__ ++ vrev32.8 @XMM[15], @XMM[15] ++#endif ++ subs $rounds,$rounds,#1 ++ vstmia $out!,{@XMM[0]-@XMM[7]} @ write bit-sliced round key ++ bne .Lkey_loop ++ ++ vmov.i8 @XMM[7],#0x63 @ compose .L63 ++ @ don't save last round key ++ bx lr ++.size _bsaes_key_convert,.-_bsaes_key_convert ++___ ++} ++ ++if (1) { # following four functions are unsupported interface ++ # used for benchmarking... ++$code.=<<___; ++.globl bsaes_enc_key_convert ++.type bsaes_enc_key_convert,%function ++.align 4 ++bsaes_enc_key_convert: ++ stmdb sp!,{r4-r6,lr} ++ vstmdb sp!,{d8-d15} @ ABI specification says so ++ ++ ldr r5,[$inp,#240] @ pass rounds ++ mov r4,$inp @ pass key ++ mov r12,$out @ pass key schedule ++ bl _bsaes_key_convert ++ veor @XMM[7],@XMM[7],@XMM[15] @ fix up last round key ++ vstmia r12, {@XMM[7]} @ save last round key ++ ++ vldmia sp!,{d8-d15} ++ ldmia sp!,{r4-r6,pc} ++.size bsaes_enc_key_convert,.-bsaes_enc_key_convert ++ ++.globl bsaes_encrypt_128 ++.type bsaes_encrypt_128,%function ++.align 4 ++bsaes_encrypt_128: ++ stmdb sp!,{r4-r6,lr} ++ vstmdb sp!,{d8-d15} @ ABI specification says so ++.Lenc128_loop: ++ vld1.8 {@XMM[0]-@XMM[1]}, [$inp]! @ load input ++ vld1.8 {@XMM[2]-@XMM[3]}, [$inp]! ++ mov r4,$key @ pass the key ++ vld1.8 {@XMM[4]-@XMM[5]}, [$inp]! ++ mov r5,#10 @ pass rounds ++ vld1.8 {@XMM[6]-@XMM[7]}, [$inp]! ++ ++ bl _bsaes_encrypt8 ++ ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ vst1.8 {@XMM[4]}, [$out]! ++ vst1.8 {@XMM[6]}, [$out]! ++ vst1.8 {@XMM[3]}, [$out]! ++ vst1.8 {@XMM[7]}, [$out]! ++ vst1.8 {@XMM[2]}, [$out]! ++ subs $len,$len,#0x80 ++ vst1.8 {@XMM[5]}, [$out]! ++ bhi .Lenc128_loop ++ ++ vldmia sp!,{d8-d15} ++ ldmia sp!,{r4-r6,pc} ++.size bsaes_encrypt_128,.-bsaes_encrypt_128 ++ ++.globl bsaes_dec_key_convert ++.type bsaes_dec_key_convert,%function ++.align 4 ++bsaes_dec_key_convert: ++ stmdb sp!,{r4-r6,lr} ++ vstmdb sp!,{d8-d15} @ ABI specification says so ++ ++ ldr r5,[$inp,#240] @ pass rounds ++ mov r4,$inp @ pass key ++ mov r12,$out @ pass key schedule ++ bl _bsaes_key_convert ++ vldmia $out, {@XMM[6]} ++ vstmia r12, {@XMM[15]} @ save last round key ++ veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key ++ vstmia $out, {@XMM[7]} ++ ++ vldmia sp!,{d8-d15} ++ ldmia sp!,{r4-r6,pc} ++.size bsaes_dec_key_convert,.-bsaes_dec_key_convert ++ ++.globl bsaes_decrypt_128 ++.type bsaes_decrypt_128,%function ++.align 4 ++bsaes_decrypt_128: ++ stmdb sp!,{r4-r6,lr} ++ vstmdb sp!,{d8-d15} @ ABI specification says so ++.Ldec128_loop: ++ vld1.8 {@XMM[0]-@XMM[1]}, [$inp]! @ load input ++ vld1.8 {@XMM[2]-@XMM[3]}, [$inp]! ++ mov r4,$key @ pass the key ++ vld1.8 {@XMM[4]-@XMM[5]}, [$inp]! ++ mov r5,#10 @ pass rounds ++ vld1.8 {@XMM[6]-@XMM[7]}, [$inp]! ++ ++ bl _bsaes_decrypt8 ++ ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ vst1.8 {@XMM[6]}, [$out]! ++ vst1.8 {@XMM[4]}, [$out]! ++ vst1.8 {@XMM[2]}, [$out]! ++ vst1.8 {@XMM[7]}, [$out]! ++ vst1.8 {@XMM[3]}, [$out]! ++ subs $len,$len,#0x80 ++ vst1.8 {@XMM[5]}, [$out]! ++ bhi .Ldec128_loop ++ ++ vldmia sp!,{d8-d15} ++ ldmia sp!,{r4-r6,pc} ++.size bsaes_decrypt_128,.-bsaes_decrypt_128 ++___ ++} ++ ++$code =~ s/\`([^\`]*)\`/eval($1)/gem; ++ ++print $code; ++ ++close STDOUT; diff --git a/debian/patches/0000-crypto-modes-modes_lcl.h-let-STRICT_ALIGNMENT-be-on-.patch b/debian/patches/0000-crypto-modes-modes_lcl.h-let-STRICT_ALIGNMENT-be-on-.patch new file mode 100644 index 0000000..5824d01 --- /dev/null +++ b/debian/patches/0000-crypto-modes-modes_lcl.h-let-STRICT_ALIGNMENT-be-on-.patch @@ -0,0 +1,31 @@ +From 3bdd80521a81d50ade4214053cd9b293f920a77b Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Sat, 13 Apr 2013 20:57:37 +0200 +Subject: [PATCH 1/6] crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on + ARMv7. + +While ARMv7 in general is capable of unaligned access, not all instructions +actually are. And trouble is that compiler doesn't seem to differentiate +those capable and incapable of unaligned access. Side effect is that kernel +goes into endless loop retrying same instruction triggering unaligned trap. +Problem was observed in xts128.c and ccm128.c modules. It's possible to +resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT +be feels more appropriate. +--- + crypto/modes/modes_lcl.h | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +--- a/crypto/modes/modes_lcl.h ++++ b/crypto/modes/modes_lcl.h +@@ -29,10 +29,7 @@ typedef unsigned char u8; + #if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ +- defined(__s390__) || defined(__s390x__) || \ +- ( (defined(__arm__) || defined(__arm)) && \ +- (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ +- defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) ) ++ defined(__s390__) || defined(__s390x__) + # undef STRICT_ALIGNMENT + #endif + diff --git a/debian/patches/0001-bsaes-armv7.pl-take-it-into-build-loop.patch b/debian/patches/0001-bsaes-armv7.pl-take-it-into-build-loop.patch new file mode 100644 index 0000000..5658a7f --- /dev/null +++ b/debian/patches/0001-bsaes-armv7.pl-take-it-into-build-loop.patch @@ -0,0 +1,65 @@ +From 75fe422323c3d5efd89d846d1b8fede3fed246cf Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Tue, 23 Apr 2013 17:49:54 +0200 +Subject: [PATCH 4/6] bsaes-armv7.pl: take it into build loop. + +--- + Configure | 2 +- + crypto/aes/Makefile | 2 ++ + crypto/aes/asm/bsaes-armv7.pl | 9 +++++++++ + 3 files changed, 12 insertions(+), 1 deletion(-) + +--- a/Configure ++++ b/Configure +@@ -140,7 +140,7 @@ my $alpha_asm="alphacpuid.o:bn_asm.o alp + my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::"; + my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; + my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; +-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void"; ++my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o bsaes-armv7.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void"; + my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; + my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; + my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::"; +--- a/crypto/aes/Makefile ++++ b/crypto/aes/Makefile +@@ -81,6 +81,8 @@ aes-mips.S: asm/aes-mips.pl + # GNU make "catch all" + aes-%.S: asm/aes-%.pl; $(PERL) $< $(PERLASM_SCHEME) > $@ + aes-armv4.o: aes-armv4.S ++bsaes-%.S: asm/bsaes-%.pl; $(PERL) $< $(PERLASM_SCHEME) > $@ ++bsaes-armv7.o: bsaes-armv7.S + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +--- a/crypto/aes/asm/bsaes-armv7.pl ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -26,6 +26,9 @@ + # which is [much] worse than anticipated (for further details see + # http://www.openssl.org/~appro/Snapdragon-S4.html). + # ++# Cortex-A15 manages in 14.2/19.6 cycles [when integer-only code ++# manages in 20.0 cycles]. ++# + # When comparing to x86_64 results keep in mind that NEON unit is + # [mostly] single-issue and thus can't [fully] benefit from + # instruction-level parallelism. And when comparing to aes-armv4 +@@ -617,6 +620,9 @@ ___ + } + + $code.=<<___; ++#include "arm_arch.h" ++ ++#if __ARM_ARCH__>=7 + .text + .code 32 + .fpu neon +@@ -975,6 +981,9 @@ bsaes_decrypt_128: + .size bsaes_decrypt_128,.-bsaes_decrypt_128 + ___ + } ++$code.=<<___; ++#endif ++___ + + $code =~ s/\`([^\`]*)\`/eval($1)/gem; + diff --git a/debian/patches/0002-bsaes-armv7.pl-add-bsaes_cbc_encrypt-and-bsaes_ctr32.patch b/debian/patches/0002-bsaes-armv7.pl-add-bsaes_cbc_encrypt-and-bsaes_ctr32.patch new file mode 100644 index 0000000..f6c8837 --- /dev/null +++ b/debian/patches/0002-bsaes-armv7.pl-add-bsaes_cbc_encrypt-and-bsaes_ctr32.patch @@ -0,0 +1,507 @@ +From 9575d1a91ad9dd6eb5c964365dfbb72dbd3d1333 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov <appro@openssl.org> +Date: Tue, 23 Apr 2013 17:52:14 +0200 +Subject: [PATCH 5/6] bsaes-armv7.pl: add bsaes_cbc_encrypt and + bsaes_ctr32_encrypt_blocks. + +Submitted by: Ard Biesheuvel <ard.biesheuvel@linaro.org> + +Contributor claims ~50% improvement in CTR and ~9% in CBC decrypt +on Cortex-A15. +--- + crypto/aes/asm/bsaes-armv7.pl | 431 +++++++++++++++++++++++++++++++++++++++++- + crypto/evp/e_aes.c | 10 + 2 files changed, 440 insertions(+), 1 deletion(-) + +--- a/crypto/aes/asm/bsaes-armv7.pl ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -715,6 +715,8 @@ _bsaes_const: + .quad 0x0304090e00050a0f, 0x01060b0c0207080d + .LM0: + .quad 0x02060a0e03070b0f, 0x0004080c0105090d ++.LREVM0SR: ++ .quad 0x090d02060c030708, 0x00040b0f050a0e01 + .asciz "Bit-sliced AES for NEON, CRYPTOGAMS by <appro\@openssl.org>" + .align 6 + .size _bsaes_const,.-_bsaes_const +@@ -727,6 +729,7 @@ _bsaes_encrypt8: + sub $const,$const,#_bsaes_encrypt8-.LM0SR + + vldmia $const!, {@XMM[8]} @ .LM0SR ++_bsaes_encrypt8_alt: + veor @XMM[10], @XMM[0], @XMM[9] @ xor with round0 key + veor @XMM[11], @XMM[1], @XMM[9] + vtbl.8 `&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])` +@@ -879,7 +882,7 @@ _bsaes_key_convert: + ___ + } + +-if (1) { # following four functions are unsupported interface ++if (0) { # following four functions are unsupported interface + # used for benchmarking... + $code.=<<___; + .globl bsaes_enc_key_convert +@@ -981,6 +984,432 @@ bsaes_decrypt_128: + .size bsaes_decrypt_128,.-bsaes_decrypt_128 + ___ + } ++{ ++my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10)); ++my ($keysched)=("sp"); ++ ++$code.=<<___; ++.extern AES_cbc_encrypt ++.extern AES_decrypt ++ ++.global bsaes_cbc_encrypt ++.type bsaes_cbc_encrypt,%function ++.align 5 ++bsaes_cbc_encrypt: ++ cmp $len, #128 ++ blo AES_cbc_encrypt ++ ++ @ it is up to the caller to make sure we are called with enc == 0 ++ ++ stmdb sp!, {r4-r10, lr} ++ vstmdb sp!, {d8-d15} @ ABI specification says so ++ ldr $ivp, [sp, #0x60] @ IV is 1st arg on the stack ++ mov $len, $len, lsr#4 @ len in 16 byte blocks ++ sub sp, #0x10 @ scratch space to carry over the IV ++ mov $fp, sp @ save sp ++ ++ @ allocate the key schedule on the stack ++ ldr $rounds, [$key, #240] @ get # of rounds ++ sub sp, sp, $rounds, lsl#7 @ 128 bytes per inner round key ++ add sp, sp, #`128-32` @ size of bit-sliced key schedule ++ ++ @ populate the key schedule ++ mov r4, $key @ pass key ++ mov r5, $rounds @ pass # of rounds ++ mov r12, $keysched @ pass key schedule ++ bl _bsaes_key_convert ++ vldmia $keysched, {@XMM[6]} ++ vstmia r12, {@XMM[15]} @ save last round key ++ veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key ++ vstmia $keysched, {@XMM[7]} ++ ++ vld1.8 {@XMM[15]}, [$ivp] @ load IV ++ b .Lcbc_dec_loop ++ ++.align 4 ++.Lcbc_dec_loop: ++ subs $len, $len, #0x8 ++ bmi .Lcbc_dec_loop_finish ++ ++ vld1.8 {@XMM[0]-@XMM[1]}, [$inp]! @ load input ++ vld1.8 {@XMM[2]-@XMM[3]}, [$inp]! ++ mov r4, $keysched @ pass the key ++ vld1.8 {@XMM[4]-@XMM[5]}, [$inp]! ++ mov r5, $rounds ++ vld1.8 {@XMM[6]-@XMM[7]}, [$inp] ++ sub $inp, $inp, #0x60 ++ vstmia $fp, {@XMM[15]} @ put aside IV ++ ++ bl _bsaes_decrypt8 ++ ++ vldmia $fp, {@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! ++ veor @XMM[1], @XMM[1], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[9] ++ vld1.8 {@XMM[12]-@XMM[13]}, [$inp]! ++ veor @XMM[4], @XMM[4], @XMM[10] ++ veor @XMM[2], @XMM[2], @XMM[11] ++ vld1.8 {@XMM[14]-@XMM[15]}, [$inp]! ++ veor @XMM[7], @XMM[7], @XMM[12] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ veor @XMM[3], @XMM[3], @XMM[13] ++ vst1.8 {@XMM[6]}, [$out]! ++ veor @XMM[5], @XMM[5], @XMM[14] ++ vst1.8 {@XMM[4]}, [$out]! ++ vst1.8 {@XMM[2]}, [$out]! ++ vst1.8 {@XMM[7]}, [$out]! ++ vst1.8 {@XMM[3]}, [$out]! ++ vst1.8 {@XMM[5]}, [$out]! ++ ++ b .Lcbc_dec_loop ++ ++.Lcbc_dec_loop_finish: ++ adds $len, $len, #8 ++ beq .Lcbc_dec_done ++ ++ vld1.8 {@XMM[0]}, [$inp]! @ load input ++ cmp $len, #2 ++ blo .Lcbc_dec_one ++ vld1.8 {@XMM[1]}, [$inp]! ++ mov r4, $keysched @ pass the key ++ mov r5, $rounds ++ vstmia $fp, {@XMM[15]} @ put aside IV ++ beq .Lcbc_dec_two ++ vld1.8 {@XMM[2]}, [$inp]! ++ cmp $len, #4 ++ blo .Lcbc_dec_three ++ vld1.8 {@XMM[3]}, [$inp]! ++ beq .Lcbc_dec_four ++ vld1.8 {@XMM[4]}, [$inp]! ++ cmp $len, #6 ++ blo .Lcbc_dec_five ++ vld1.8 {@XMM[5]}, [$inp]! ++ beq .Lcbc_dec_six ++ vld1.8 {@XMM[6]}, [$inp]! ++ sub $inp, $inp, #0x70 ++ ++ bl _bsaes_decrypt8 ++ ++ vldmia $fp, {@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! ++ veor @XMM[1], @XMM[1], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[9] ++ vld1.8 {@XMM[12]-@XMM[13]}, [$inp]! ++ veor @XMM[4], @XMM[4], @XMM[10] ++ veor @XMM[2], @XMM[2], @XMM[11] ++ vld1.8 {@XMM[15]}, [$inp]! ++ veor @XMM[7], @XMM[7], @XMM[12] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ veor @XMM[3], @XMM[3], @XMM[13] ++ vst1.8 {@XMM[6]}, [$out]! ++ vst1.8 {@XMM[4]}, [$out]! ++ vst1.8 {@XMM[2]}, [$out]! ++ vst1.8 {@XMM[7]}, [$out]! ++ vst1.8 {@XMM[3]}, [$out]! ++ b .Lcbc_dec_done ++.align 4 ++.Lcbc_dec_six: ++ sub $inp, $inp, #0x60 ++ bl _bsaes_decrypt8 ++ vldmia $fp,{@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! ++ veor @XMM[1], @XMM[1], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[9] ++ vld1.8 {@XMM[12]}, [$inp]! ++ veor @XMM[4], @XMM[4], @XMM[10] ++ veor @XMM[2], @XMM[2], @XMM[11] ++ vld1.8 {@XMM[15]}, [$inp]! ++ veor @XMM[7], @XMM[7], @XMM[12] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ vst1.8 {@XMM[6]}, [$out]! ++ vst1.8 {@XMM[4]}, [$out]! ++ vst1.8 {@XMM[2]}, [$out]! ++ vst1.8 {@XMM[7]}, [$out]! ++ b .Lcbc_dec_done ++.align 4 ++.Lcbc_dec_five: ++ sub $inp, $inp, #0x50 ++ bl _bsaes_decrypt8 ++ vldmia $fp, {@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! ++ veor @XMM[1], @XMM[1], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[9] ++ vld1.8 {@XMM[15]}, [$inp]! ++ veor @XMM[4], @XMM[4], @XMM[10] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ veor @XMM[2], @XMM[2], @XMM[11] ++ vst1.8 {@XMM[6]}, [$out]! ++ vst1.8 {@XMM[4]}, [$out]! ++ vst1.8 {@XMM[2]}, [$out]! ++ b .Lcbc_dec_done ++.align 4 ++.Lcbc_dec_four: ++ sub $inp, $inp, #0x40 ++ bl _bsaes_decrypt8 ++ vldmia $fp, {@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[10]}, [$inp]! ++ veor @XMM[1], @XMM[1], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[9] ++ vld1.8 {@XMM[15]}, [$inp]! ++ veor @XMM[4], @XMM[4], @XMM[10] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ vst1.8 {@XMM[6]}, [$out]! ++ vst1.8 {@XMM[4]}, [$out]! ++ b .Lcbc_dec_done ++.align 4 ++.Lcbc_dec_three: ++ sub $inp, $inp, #0x30 ++ bl _bsaes_decrypt8 ++ vldmia $fp, {@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[15]}, [$inp]! ++ veor @XMM[1], @XMM[1], @XMM[8] ++ veor @XMM[6], @XMM[6], @XMM[9] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ vst1.8 {@XMM[6]}, [$out]! ++ b .Lcbc_dec_done ++.align 4 ++.Lcbc_dec_two: ++ sub $inp, $inp, #0x20 ++ bl _bsaes_decrypt8 ++ vldmia $fp, {@XMM[14]} @ reload IV ++ vld1.8 {@XMM[8]}, [$inp]! @ reload input ++ veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV ++ vld1.8 {@XMM[15]}, [$inp]! @ reload input ++ veor @XMM[1], @XMM[1], @XMM[8] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ b .Lcbc_dec_done ++.align 4 ++.Lcbc_dec_one: ++ sub $inp, $inp, #0x10 ++ mov $rounds, $out @ save original out pointer ++ mov $out, $fp @ use the iv scratch space as out buffer ++ mov r2, $key ++ vmov @XMM[4],@XMM[15] @ just in case ensure that IV ++ vmov @XMM[5],@XMM[0] @ and input are preserved ++ bl AES_decrypt ++ vld1.8 {@XMM[0]}, [$fp,:64] @ load result ++ veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV ++ vmov @XMM[15], @XMM[5] @ @XMM[5] holds input ++ vst1.8 {@XMM[0]}, [$rounds] @ write output ++ ++.Lcbc_dec_done: ++ vmov.i32 q0, #0 ++ vmov.i32 q1, #0 ++.Lcbc_dec_bzero: @ wipe key schedule [if any] ++ vstmia $keysched!, {q0-q1} ++ teq $keysched, $fp ++ bne .Lcbc_dec_bzero ++ ++ add sp, $fp, #0x10 ++ vst1.8 {@XMM[15]}, [$ivp] @ return IV ++ vldmia sp!, {d8-d15} ++ ldmia sp!, {r4-r10, pc} ++.size bsaes_cbc_encrypt,.-bsaes_cbc_encrypt ++___ ++} ++{ ++my ($inp,$out,$len,$key, $ctr,$fp,$rounds)=(map("r$_",(0..3,8..10))); ++my $const = "r6"; # shared with _bsaes_encrypt8_alt ++my $keysched = "sp"; ++ ++$code.=<<___; ++.extern AES_encrypt ++.global bsaes_ctr32_encrypt_blocks ++.type bsaes_ctr32_encrypt_blocks,%function ++.align 5 ++bsaes_ctr32_encrypt_blocks: ++ cmp $len, #8 @ use plain AES for ++ blo .Lctr_enc_short @ small sizes ++ ++ stmdb sp!, {r4-r10, lr} ++ vstmdb sp!, {d8-d15} @ ABI specification says so ++ ldr $ctr, [sp, #0x60] @ ctr is 1st arg on the stack ++ sub sp, sp, #0x10 @ scratch space to carry over the ctr ++ mov $fp, sp @ save sp ++ ++ @ allocate the key schedule on the stack ++ ldr $rounds, [$key, #240] @ get # of rounds ++ sub sp, sp, $rounds, lsl#7 @ 128 bytes per inner round key ++ add sp, sp, #`128-32` @ size of bit-sliced key schedule ++ ++ @ populate the key schedule ++ mov r4, $key @ pass key ++ mov r5, $rounds @ pass # of rounds ++ mov r12, $keysched @ pass key schedule ++ bl _bsaes_key_convert ++ veor @XMM[7],@XMM[7],@XMM[15] @ fix up last round key ++ vstmia r12, {@XMM[7]} @ save last round key ++ ++ vld1.8 {@XMM[0]}, [$ctr] @ load counter ++ add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr ++ vldmia $keysched, {@XMM[4]} @ load round0 key ++ ++ vmov.i32 `&Dhi("@XMM[8]")`,#1 @ compose 1<<96 ++ vmov.i32 `&Dlo("@XMM[8]")`,#0 ++ vrev32.8 `&Dhi("@XMM[0]")`,`&Dhi("@XMM[0]")` ++ vshl.u64 `&Dhi("@XMM[8]")`,#32 ++ vrev32.8 `&Dhi("@XMM[4]")`,`&Dhi("@XMM[4]")` ++ vadd.u32 @XMM[9],@XMM[8],@XMM[8] @ compose 2<<96 ++ vstmia $keysched, {@XMM[4]} @ save adjusted round0 key ++ b .Lctr_enc_loop ++ ++.align 4 ++.Lctr_enc_loop: ++ vadd.u32 @XMM[10], @XMM[8], @XMM[9] @ compose 3<<96 ++ vadd.u32 @XMM[1], @XMM[0], @XMM[8] @ +1 ++ vadd.u32 @XMM[2], @XMM[0], @XMM[9] @ +2 ++ vadd.u32 @XMM[3], @XMM[0], @XMM[10] @ +3 ++ vadd.u32 @XMM[4], @XMM[1], @XMM[10] ++ vadd.u32 @XMM[5], @XMM[2], @XMM[10] ++ vadd.u32 @XMM[6], @XMM[3], @XMM[10] ++ vadd.u32 @XMM[7], @XMM[4], @XMM[10] ++ vadd.u32 @XMM[10], @XMM[5], @XMM[10] @ next counter ++ ++ @ Borrow prologue from _bsaes_encrypt8 to use the opportunity ++ @ to flip byte order in 32-bit counter ++ ++ vldmia $keysched, {@XMM[9]} @ load round0 key ++ add r4, $keysched, #0x10 @ pass next round key ++ vldmia $ctr, {@XMM[8]} @ .LREVM0SR ++ mov r5, $rounds @ pass rounds ++ vstmia $fp, {@XMM[10]} @ save next counter ++ sub $const, $ctr, #.LREVM0SR-.LSR @ pass constants ++ ++ bl _bsaes_encrypt8_alt ++ ++ subs $len, $len, #8 ++ blo .Lctr_enc_loop_done ++ ++ vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ load input ++ vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! ++ veor @XMM[0], @XMM[8] ++ veor @XMM[1], @XMM[9] ++ vld1.8 {@XMM[12]-@XMM[13]}, [$inp]! ++ veor @XMM[4], @XMM[10] ++ veor @XMM[6], @XMM[11] ++ vld1.8 {@XMM[14]-@XMM[15]}, [$inp]! ++ veor @XMM[3], @XMM[12] ++ vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output ++ veor @XMM[7], @XMM[13] ++ veor @XMM[2], @XMM[14] ++ vst1.8 {@XMM[4]}, [$out]! ++ veor @XMM[5], @XMM[15] ++ vst1.8 {@XMM[6]}, [$out]! ++ vmov.i32 `&Dhi("@XMM[8]")`,#1 @ compose 1<<96 ++ vst1.8 {@XMM[3]}, [$out]! ++ vmov.i32 `&Dlo("@XMM[8]")`,#0 ++ vst1.8 {@XMM[7]}, [$out]! ++ vshl.u64 `&Dhi("@XMM[8]")`,#32 ++ vst1.8 {@XMM[2]}, [$out]! ++ vadd.u32 @XMM[9],@XMM[8],@XMM[8] @ compose 2<<96 ++ vst1.8 {@XMM[5]}, [$out]! ++ vldmia $fp, {@XMM[0]} @ load counter ++ ++ bne .Lctr_enc_loop ++ b .Lctr_enc_done ++ ++.align 4 ++.Lctr_enc_loop_done: ++ add $len, $len, #8 ++ vld1.8 {@XMM[8]}, [$inp]! @ load input ++ veor @XMM[0], @XMM[8] ++ vst1.8 {@XMM[0]}, [$out]! @ write output ++ cmp $len, #2 ++ blo .Lctr_enc_done ++ vld1.8 {@XMM[9]}, [$inp]! ++ veor @XMM[1], @XMM[9] ++ vst1.8 {@XMM[1]}, [$out]! ++ beq .Lctr_enc_done ++ vld1.8 {@XMM[10]}, [$inp]! ++ veor @XMM[4], @XMM[10] ++ vst1.8 {@XMM[4]}, [$out]! ++ cmp $len, #4 ++ blo .Lctr_enc_done ++ vld1.8 {@XMM[11]}, [$inp]! ++ veor @XMM[6], @XMM[11] ++ vst1.8 {@XMM[6]}, [$out]! ++ beq .Lctr_enc_done ++ vld1.8 {@XMM[12]}, [$inp]! ++ veor @XMM[3], @XMM[12] ++ vst1.8 {@XMM[3]}, [$out]! ++ cmp $len, #6 ++ blo .Lctr_enc_done ++ vld1.8 {@XMM[13]}, [$inp]! ++ veor @XMM[7], @XMM[13] ++ vst1.8 {@XMM[7]}, [$out]! ++ beq .Lctr_enc_done ++ vld1.8 {@XMM[14]}, [$inp] ++ veor @XMM[2], @XMM[14] ++ vst1.8 {@XMM[2]}, [$out]! ++ ++.Lctr_enc_done: ++ vmov.i32 q0, #0 ++ vmov.i32 q1, #0 ++.Lctr_enc_bzero: @ wipe key schedule [if any] ++ vstmia $keysched!, {q0-q1} ++ teq $keysched, $fp ++ bne .Lctr_enc_bzero ++ ++ add sp, $fp, #0x10 ++ vldmia sp!, {d8-d15} ++ ldmia sp!, {r4-r10, pc} @ return ++ ++.align 4 ++.Lctr_enc_short: ++ ldr ip, [sp] @ ctr pointer is passed on stack ++ stmdb sp!, {r4-r8, lr} ++ ++ mov r4, $inp @ copy arguments ++ mov r5, $out ++ mov r6, $len ++ mov r7, $key ++ ldr r8, [ip, #12] @ load counter LSW ++ vld1.8 {@XMM[1]}, [ip] @ load whole counter value ++#ifdef __ARMEL__ ++ rev r8, r8 ++#endif ++ sub sp, sp, #0x10 ++ vst1.8 {@XMM[1]}, [sp,:64] @ copy counter value ++ sub sp, sp, #0x10 ++ ++.Lctr_enc_short_loop: ++ add r0, sp, #0x10 @ input counter value ++ mov r1, sp @ output on the stack ++ mov r2, r7 @ key ++ ++ bl AES_encrypt ++ ++ vld1.8 {@XMM[0]}, [r4]! @ load input ++ vld1.8 {@XMM[1]}, [sp,:64] @ load encrypted counter ++ add r8, r8, #1 ++#ifdef __ARMEL__ ++ rev r0, r8 ++ str r0, [sp, #0x1c] @ next counter value ++#else ++ str r8, [sp, #0x1c] @ next counter value ++#endif ++ veor @XMM[0],@XMM[0],@XMM[1] ++ vst1.8 {@XMM[0]}, [r5]! @ store output ++ subs r6, r6, #1 ++ bne .Lctr_enc_short_loop ++ ++ add sp, sp, #0x20 ++ ldmia sp!, {r4-r8, pc} ++.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks ++___ ++} + $code.=<<___; + #endif + ___ +--- a/crypto/evp/e_aes.c ++++ b/crypto/evp/e_aes.c +@@ -482,6 +482,14 @@ static const EVP_CIPHER aes_##keylen##_# + NULL,NULL,aes_##mode##_ctrl,NULL }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return &aes_##keylen##_##mode; } ++ ++#endif ++ ++#if defined(AES_ASM) && defined(BSAES_ASM) && (defined(__arm__) || defined(__arm)) ++#include "arm_arch.h" ++#if __ARM_ARCH__>=7 ++#define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) ++#endif + #endif + + #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ +@@ -1064,11 +1072,13 @@ static int aes_xts_init_key(EVP_CIPHER_C + xctx->stream = NULL; + #endif + /* key_len is two AES keys */ ++#if !(defined(__arm__) || defined(__arm)) /* not yet? */ + #ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) + xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; + else + #endif ++#endif + #ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) + { diff --git a/debian/patches/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch b/debian/patches/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch index 4d2235d..cfaf098 100644 --- a/debian/patches/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch +++ b/debian/patches/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch @@ -1,7 +1,7 @@ -From a2f9535dd2b0d2e230f978aa3eaf103f5224b6d5 Mon Sep 17 00:00:00 2001 +From 92a4d3aaf6ac7d17334d6ca528da08d7ecbc5224 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ard.biesheuvel@linaro.org> Date: Mon, 15 Apr 2013 14:32:59 +0200 -Subject: [PATCH 3/3] bsaes-armv7.pl: avoid bit-sliced AES/CBC for block sizes +Subject: [PATCH 6/6] bsaes-armv7.pl: avoid bit-sliced AES/CBC for block sizes < 1k Avoid using bit sliced AES for CBC decryption when the block size @@ -13,9 +13,9 @@ key schedule is larger than the obtained speedup on Cortex-A9. --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl -@@ -985,7 +985,7 @@ $code.=<<___; - .global bsaes_cbc_encrypt - .type bsaes_cbc_encrypt,%function +@@ -996,7 +996,7 @@ $code.=<<___; + .type bsaes_cbc_encrypt,%function + .align 5 bsaes_cbc_encrypt: - cmp $len, #128 + cmp $len, #1024 diff --git a/debian/patches/CVE-2013-0166.patch b/debian/patches/CVE-2013-0166.patch index 9e96e3b..694de34 100644 --- a/debian/patches/CVE-2013-0166.patch +++ b/debian/patches/CVE-2013-0166.patch @@ -2,11 +2,14 @@ Description: fix denial of service via invalid OCSP key Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889 -diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c -index 432722e..fc84cd3 100644 +--- + crypto/asn1/a_verify.c | 6 ++++++ + crypto/ocsp/ocsp_vfy.c | 9 ++++++--- + 2 files changed, 12 insertions(+), 3 deletions(-) + --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c -@@ -140,6 +140,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, +@@ -140,6 +140,12 @@ int ASN1_item_verify(const ASN1_ITEM *it int mdnid, pknid; @@ -19,11 +22,9 @@ index 432722e..fc84cd3 100644 EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ -diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c -index 8a5e788..2767183 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c -@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs { EVP_PKEY *skey; skey = X509_get_pubkey(signer); @@ -39,6 +40,3 @@ index 8a5e788..2767183 100644 { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); goto end; --- -1.7.9.5 - diff --git a/debian/patches/CVE-2013-0169.patch b/debian/patches/CVE-2013-0169.patch index 43301f1..3a09211 100644 --- a/debian/patches/CVE-2013-0169.patch +++ b/debian/patches/CVE-2013-0169.patch @@ -29,11 +29,37 @@ Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=9fe460 Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889 -Index: openssl-1.0.1c/crypto/bn/bn_word.c -=================================================================== ---- openssl-1.0.1c.orig/crypto/bn/bn_word.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/crypto/bn/bn_word.c 2013-03-19 14:35:06.318647390 -0400 -@@ -144,26 +144,17 @@ +--- + crypto/bn/bn_word.c | 25 - + crypto/cryptlib.c | 13 + crypto/crypto.h | 7 + crypto/evp/e_aes_cbc_hmac_sha1.c | 215 +++++++++- + crypto/rsa/rsa_oaep.c | 2 + openssl.ld | 1 + ssl/Makefile | 4 + ssl/d1_enc.c | 59 -- + ssl/d1_pkt.c | 91 ++-- + ssl/s2_clnt.c | 2 + ssl/s2_pkt.c | 3 + ssl/s3_both.c | 2 + ssl/s3_cbc.c | 790 +++++++++++++++++++++++++++++++++++++++ + ssl/s3_enc.c | 121 +++-- + ssl/s3_pkt.c | 100 ++-- + ssl/ssl.h | 1 + ssl/ssl_algs.c | 1 + ssl/ssl_err.c | 1 + ssl/ssl_lib.c | 2 + ssl/ssl_locl.h | 38 + + ssl/ssltest.c | 8 + ssl/t1_enc.c | 157 +++---- + ssl/t1_lib.c | 2 + test/testssl | 17 + util/libeay.num | 1 + 25 files changed, 1362 insertions(+), 301 deletions(-) + +--- a/crypto/bn/bn_word.c ++++ b/crypto/bn/bn_word.c +@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } @@ -68,11 +94,9 @@ Index: openssl-1.0.1c/crypto/bn/bn_word.c bn_check_top(a); return(1); } -Index: openssl-1.0.1c/crypto/cryptlib.c -=================================================================== ---- openssl-1.0.1c.orig/crypto/cryptlib.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/crypto/cryptlib.c 2013-03-19 14:35:06.318647390 -0400 -@@ -924,3 +924,16 @@ +--- a/crypto/cryptlib.c ++++ b/crypto/cryptlib.c +@@ -924,3 +924,16 @@ void OpenSSLDie(const char *file,int lin } void *OPENSSL_stderr(void) { return stderr; } @@ -89,11 +113,9 @@ Index: openssl-1.0.1c/crypto/cryptlib.c + + return x; + } -Index: openssl-1.0.1c/crypto/crypto.h -=================================================================== ---- openssl-1.0.1c.orig/crypto/crypto.h 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/crypto/crypto.h 2013-03-19 14:35:06.318647390 -0400 -@@ -574,6 +574,13 @@ +--- a/crypto/crypto.h ++++ b/crypto/crypto.h +@@ -574,6 +574,13 @@ void OPENSSL_init(void); #define fips_cipher_abort(alg) while(0) #endif @@ -107,11 +129,9 @@ Index: openssl-1.0.1c/crypto/crypto.h /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. -Index: openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c -=================================================================== ---- openssl-1.0.1c.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c 2013-03-19 14:35:15.898647635 -0400 -@@ -90,6 +90,10 @@ +--- a/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -90,6 +90,10 @@ typedef struct defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) @@ -122,7 +142,7 @@ Index: openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c extern unsigned int OPENSSL_ia32cap_P[2]; #define AESNI_CAPABLE (1<<(57-32)) -@@ -167,6 +171,9 @@ +@@ -167,6 +171,9 @@ static void sha1_update(SHA_CTX *c,const SHA1_Update(c,ptr,res); } @@ -132,7 +152,7 @@ Index: openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c #define SHA1_Update sha1_update static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -@@ -184,6 +191,8 @@ +@@ -184,6 +191,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV sha_off = SHA_CBLOCK-key->md.num; #endif @@ -141,7 +161,7 @@ Index: openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c if (len%AES_BLOCK_SIZE) return 0; if (ctx->encrypt) { -@@ -234,47 +243,211 @@ +@@ -234,47 +243,211 @@ static int aesni_cbc_hmac_sha1_cipher(EV &key->ks,ctx->iv,1); } } else { @@ -373,7 +393,7 @@ Index: openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c return 1; } -@@ -309,6 +482,8 @@ +@@ -309,6 +482,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_ SHA1_Init(&key->tail); SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key)); @@ -382,11 +402,9 @@ Index: openssl-1.0.1c/crypto/evp/e_aes_cbc_hmac_sha1.c return 1; } case EVP_CTRL_AEAD_TLS1_AAD: -Index: openssl-1.0.1c/crypto/rsa/rsa_oaep.c -=================================================================== ---- openssl-1.0.1c.orig/crypto/rsa/rsa_oaep.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/crypto/rsa/rsa_oaep.c 2013-03-19 14:35:06.318647390 -0400 -@@ -149,7 +149,7 @@ +--- a/crypto/rsa/rsa_oaep.c ++++ b/crypto/rsa/rsa_oaep.c +@@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigne if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL)) return -1; @@ -395,11 +413,9 @@ Index: openssl-1.0.1c/crypto/rsa/rsa_oaep.c goto decoding_err; else { -Index: openssl-1.0.1c/ssl/Makefile -=================================================================== ---- openssl-1.0.1c.orig/ssl/Makefile 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/Makefile 2013-03-19 14:35:06.318647390 -0400 -@@ -22,7 +22,7 @@ +--- a/ssl/Makefile ++++ b/ssl/Makefile +@@ -22,7 +22,7 @@ LIB=$(TOP)/libssl.a SHARED_LIB= libssl$(SHLIB_EXT) LIBSRC= \ s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \ @@ -408,7 +424,7 @@ Index: openssl-1.0.1c/ssl/Makefile s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \ -@@ -33,7 +33,7 @@ +@@ -33,7 +33,7 @@ LIBSRC= \ bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c LIBOBJ= \ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ @@ -417,10 +433,8 @@ Index: openssl-1.0.1c/ssl/Makefile s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \ -Index: openssl-1.0.1c/ssl/d1_enc.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/d1_enc.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/d1_enc.c 2013-03-19 14:35:06.318647390 -0400 +--- a/ssl/d1_enc.c ++++ b/ssl/d1_enc.c @@ -126,20 +126,28 @@ #include <openssl/des.h> #endif @@ -453,7 +467,7 @@ Index: openssl-1.0.1c/ssl/d1_enc.c return -1; } ds=s->enc_write_ctx; -@@ -164,9 +172,8 @@ +@@ -164,9 +172,8 @@ int dtls1_enc(SSL *s, int send) { if (EVP_MD_CTX_md(s->read_hash)) { @@ -465,7 +479,7 @@ Index: openssl-1.0.1c/ssl/d1_enc.c } ds=s->enc_read_ctx; rec= &(s->s3->rrec); -@@ -231,7 +238,7 @@ +@@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) @@ -474,7 +488,7 @@ Index: openssl-1.0.1c/ssl/d1_enc.c } EVP_Cipher(ds,rec->data,rec->input,l); -@@ -246,43 +253,7 @@ +@@ -246,43 +253,7 @@ int dtls1_enc(SSL *s, int send) #endif /* KSSL_DEBUG */ if ((bs != 1) && !send) @@ -519,11 +533,9 @@ Index: openssl-1.0.1c/ssl/d1_enc.c } return(1); } -Index: openssl-1.0.1c/ssl/d1_pkt.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/d1_pkt.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/d1_pkt.c 2013-03-19 14:35:06.318647390 -0400 -@@ -376,15 +376,11 @@ +--- a/ssl/d1_pkt.c ++++ b/ssl/d1_pkt.c +@@ -376,15 +376,11 @@ static int dtls1_process_record(SSL *s) { int i,al; @@ -540,7 +552,7 @@ Index: openssl-1.0.1c/ssl/d1_pkt.c rr= &(s->s3->rrec); sess = s->session; -@@ -416,12 +412,16 @@ +@@ -416,12 +412,16 @@ dtls1_process_record(SSL *s) rr->data=rr->input; enc_err = s->method->ssl3_enc->enc(s,0); @@ -562,7 +574,7 @@ Index: openssl-1.0.1c/ssl/d1_pkt.c } #ifdef TLS_DEBUG -@@ -431,45 +431,62 @@ +@@ -431,45 +431,62 @@ printf("\n"); #endif /* r->length is now the compressed data plus mac */ @@ -652,11 +664,9 @@ Index: openssl-1.0.1c/ssl/d1_pkt.c { /* decryption failed, silently discard message */ rr->length = 0; -Index: openssl-1.0.1c/ssl/s2_clnt.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/s2_clnt.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/s2_clnt.c 2013-03-19 14:35:06.318647390 -0400 -@@ -937,7 +937,7 @@ +--- a/ssl/s2_clnt.c ++++ b/ssl/s2_clnt.c +@@ -937,7 +937,7 @@ static int get_server_verify(SSL *s) s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ p += 1; @@ -665,11 +675,9 @@ Index: openssl-1.0.1c/ssl/s2_clnt.c { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); -Index: openssl-1.0.1c/ssl/s2_pkt.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/s2_pkt.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/s2_pkt.c 2013-03-19 14:35:06.318647390 -0400 -@@ -269,8 +269,7 @@ +--- a/ssl/s2_pkt.c ++++ b/ssl/s2_pkt.c +@@ -269,8 +269,7 @@ static int ssl2_read_internal(SSL *s, vo s->s2->ract_data_length-=mac_size; ssl2_mac(s,mac,0); s->s2->ract_data_length-=s->s2->padding; @@ -679,11 +687,9 @@ Index: openssl-1.0.1c/ssl/s2_pkt.c (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) { SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE); -Index: openssl-1.0.1c/ssl/s3_both.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/s3_both.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/s3_both.c 2013-03-19 14:35:06.318647390 -0400 -@@ -263,7 +263,7 @@ +--- a/ssl/s3_both.c ++++ b/ssl/s3_both.c +@@ -263,7 +263,7 @@ int ssl3_get_finished(SSL *s, int a, int goto f_err; } @@ -692,10 +698,8 @@ Index: openssl-1.0.1c/ssl/s3_both.c { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); -Index: openssl-1.0.1c/ssl/s3_cbc.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1c/ssl/s3_cbc.c 2013-03-19 14:35:06.318647390 -0400 +--- /dev/null ++++ b/ssl/s3_cbc.c @@ -0,0 +1,790 @@ +/* ssl/s3_cbc.c */ +/* ==================================================================== @@ -1487,11 +1491,9 @@ Index: openssl-1.0.1c/ssl/s3_cbc.c + (blocks_orig - blocks_data + 1) * block_size); + } +#endif -Index: openssl-1.0.1c/ssl/s3_enc.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/s3_enc.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/s3_enc.c 2013-03-19 14:35:06.318647390 -0400 -@@ -466,12 +466,21 @@ +--- a/ssl/s3_enc.c ++++ b/ssl/s3_enc.c +@@ -466,12 +466,21 @@ void ssl3_cleanup_key_block(SSL *s) s->s3->tmp.key_block_length=0; } @@ -1514,7 +1516,7 @@ Index: openssl-1.0.1c/ssl/s3_enc.c const EVP_CIPHER *enc; if (send) -@@ -522,32 +531,16 @@ +@@ -522,32 +531,16 @@ int ssl3_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) @@ -1550,7 +1552,7 @@ Index: openssl-1.0.1c/ssl/s3_enc.c } return(1); } -@@ -716,7 +709,7 @@ +@@ -716,7 +709,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char * EVP_MD_CTX md_ctx; const EVP_MD_CTX *hash; unsigned char *p,rec_char; @@ -1559,7 +1561,7 @@ Index: openssl-1.0.1c/ssl/s3_enc.c int npad; int t; -@@ -741,28 +734,72 @@ +@@ -741,28 +734,72 @@ int n_ssl3_mac(SSL *ssl, unsigned char * md_size=t; npad=(48/md_size)*md_size; @@ -1653,11 +1655,9 @@ Index: openssl-1.0.1c/ssl/s3_enc.c ssl3_record_sequence_update(seq); return(md_size); -Index: openssl-1.0.1c/ssl/s3_pkt.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/s3_pkt.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/s3_pkt.c 2013-03-19 14:35:06.318647390 -0400 -@@ -290,11 +290,8 @@ +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -290,11 +290,8 @@ static int ssl3_get_record(SSL *s) unsigned char *p; unsigned char md[EVP_MAX_MD_SIZE]; short version; @@ -1670,7 +1670,7 @@ Index: openssl-1.0.1c/ssl/s3_pkt.c rr= &(s->s3->rrec); sess=s->session; -@@ -403,17 +400,15 @@ +@@ -403,17 +400,15 @@ fprintf(stderr, "Record type=%d, Length= rr->data=rr->input; enc_err = s->method->ssl3_enc->enc(s,0); @@ -1696,7 +1696,7 @@ Index: openssl-1.0.1c/ssl/s3_pkt.c } #ifdef TLS_DEBUG -@@ -423,53 +418,62 @@ +@@ -423,53 +418,62 @@ printf("\n"); #endif /* r->length is now the compressed data plus mac */ @@ -1793,11 +1793,9 @@ Index: openssl-1.0.1c/ssl/s3_pkt.c { /* A separate 'decryption_failed' alert was introduced with TLS 1.0, * SSL 3.0 only has 'bad_record_mac'. But unless a decryption -Index: openssl-1.0.1c/ssl/ssl.h -=================================================================== ---- openssl-1.0.1c.orig/ssl/ssl.h 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/ssl.h 2013-03-19 14:35:06.322647390 -0400 -@@ -2206,6 +2206,7 @@ +--- a/ssl/ssl.h ++++ b/ssl/ssl.h +@@ -2206,6 +2206,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_GET_NEW_SESSION 181 #define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 @@ -1805,11 +1803,9 @@ Index: openssl-1.0.1c/ssl/ssl.h #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -Index: openssl-1.0.1c/ssl/ssl_algs.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/ssl_algs.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/ssl_algs.c 2013-03-19 14:35:06.322647390 -0400 -@@ -94,6 +94,7 @@ +--- a/ssl/ssl_algs.c ++++ b/ssl/ssl_algs.c +@@ -94,6 +94,7 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); #endif @@ -1817,11 +1813,9 @@ Index: openssl-1.0.1c/ssl/ssl_algs.c #endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); -Index: openssl-1.0.1c/ssl/ssl_err.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/ssl_err.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/ssl_err.c 2013-03-19 14:35:06.322647390 -0400 -@@ -228,6 +228,7 @@ +--- a/ssl/ssl_err.c ++++ b/ssl/ssl_err.c +@@ -228,6 +228,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, @@ -1829,11 +1823,9 @@ Index: openssl-1.0.1c/ssl/ssl_err.c {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, -Index: openssl-1.0.1c/ssl/ssl_lib.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/ssl_lib.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/ssl_lib.c 2013-03-19 14:35:06.322647390 -0400 -@@ -2342,7 +2342,7 @@ +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -2342,7 +2342,7 @@ X509 *ssl_get_server_send_cert(SSL *s) i=SSL_PKEY_GOST01; else /* if (alg_a & SSL_aNULL) */ { @@ -1842,10 +1834,8 @@ Index: openssl-1.0.1c/ssl/ssl_lib.c return(NULL); } if (c->pkeys[i].x509 == NULL) return(NULL); -Index: openssl-1.0.1c/ssl/ssl_locl.h -=================================================================== ---- openssl-1.0.1c.orig/ssl/ssl_locl.h 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/ssl_locl.h 2013-03-19 14:35:06.322647390 -0400 +--- a/ssl/ssl_locl.h ++++ b/ssl/ssl_locl.h @@ -215,6 +215,15 @@ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) @@ -1862,7 +1852,7 @@ Index: openssl-1.0.1c/ssl/ssl_locl.h #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ l|=((BN_ULLONG)(*((c)++)))<<32, \ l|=((BN_ULLONG)(*((c)++)))<<24, \ -@@ -1131,4 +1140,33 @@ +@@ -1131,4 +1140,33 @@ int ssl_parse_clienthello_use_srtp_ext(S int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen); int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al); @@ -1896,11 +1886,9 @@ Index: openssl-1.0.1c/ssl/ssl_locl.h + const unsigned char *data, size_t data_len, size_t orig_len); + #endif -Index: openssl-1.0.1c/ssl/ssltest.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/ssltest.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/ssltest.c 2013-03-19 14:35:06.322647390 -0400 -@@ -881,7 +881,13 @@ +--- a/ssl/ssltest.c ++++ b/ssl/ssltest.c +@@ -881,7 +881,13 @@ bad: meth=SSLv23_method(); #else #ifdef OPENSSL_NO_SSL2 @@ -1915,11 +1903,9 @@ Index: openssl-1.0.1c/ssl/ssltest.c #else meth=SSLv2_method(); #endif -Index: openssl-1.0.1c/ssl/t1_enc.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/t1_enc.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/t1_enc.c 2013-03-19 14:35:06.322647390 -0400 -@@ -667,12 +667,21 @@ +--- a/ssl/t1_enc.c ++++ b/ssl/t1_enc.c +@@ -667,12 +667,21 @@ err: return(ret); } @@ -1942,7 +1928,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c const EVP_CIPHER *enc; if (send) -@@ -729,11 +738,11 @@ +@@ -729,11 +738,11 @@ int tls1_enc(SSL *s, int send) printf("tls1_enc(%d)\n", send); #endif /* KSSL_DEBUG */ @@ -1956,7 +1942,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c } else { -@@ -797,13 +806,13 @@ +@@ -797,13 +806,13 @@ int tls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { @@ -1975,7 +1961,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c printf("\t\tIV: "); for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); printf("\n"); -@@ -816,13 +825,7 @@ +@@ -816,13 +825,7 @@ int tls1_enc(SSL *s, int send) if (!send) { if (l == 0 || l%bs != 0) @@ -1989,7 +1975,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c } i = EVP_Cipher(ds,rec->data,rec->input,l); -@@ -839,68 +842,24 @@ +@@ -839,68 +842,24 @@ int tls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { @@ -2068,7 +2054,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) { unsigned int ret; -@@ -990,10 +949,10 @@ +@@ -990,10 +949,10 @@ int tls1_mac(SSL *ssl, unsigned char *md SSL3_RECORD *rec; unsigned char *seq; EVP_MD_CTX *hash; @@ -2081,7 +2067,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM)); int t; -@@ -1014,12 +973,6 @@ +@@ -1014,12 +973,6 @@ int tls1_mac(SSL *ssl, unsigned char *md OPENSSL_assert(t >= 0); md_size=t; @@ -2094,7 +2080,7 @@ Index: openssl-1.0.1c/ssl/t1_enc.c /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ if (stream_mac) { -@@ -1038,17 +991,55 @@ +@@ -1038,17 +991,55 @@ int tls1_mac(SSL *ssl, unsigned char *md s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); memcpy (p,&seq[2],6); @@ -2157,11 +2143,9 @@ Index: openssl-1.0.1c/ssl/t1_enc.c #ifdef TLS_DEBUG printf("sec="); {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } -Index: openssl-1.0.1c/ssl/t1_lib.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/t1_lib.c 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/ssl/t1_lib.c 2013-03-19 14:35:06.322647390 -0400 -@@ -2189,7 +2189,7 @@ +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2189,7 +2189,7 @@ static int tls_decrypt_ticket(SSL *s, co HMAC_Update(&hctx, etick, eticklen); HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); @@ -2170,11 +2154,9 @@ Index: openssl-1.0.1c/ssl/t1_lib.c return 2; /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ -Index: openssl-1.0.1c/test/testssl -=================================================================== ---- openssl-1.0.1c.orig/test/testssl 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/test/testssl 2013-03-19 14:35:06.322647390 -0400 -@@ -119,6 +119,23 @@ +--- a/test/testssl ++++ b/test/testssl +@@ -119,6 +119,23 @@ $ssltest -bio_pair -server_auth -client_ echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 @@ -2198,11 +2180,9 @@ Index: openssl-1.0.1c/test/testssl ############################################################################# if ../util/shlib_wrap.sh ../apps/openssl no-dh; then -Index: openssl-1.0.1c/util/libeay.num -=================================================================== ---- openssl-1.0.1c.orig/util/libeay.num 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/util/libeay.num 2013-03-19 14:35:06.322647390 -0400 -@@ -3510,6 +3510,7 @@ +--- a/util/libeay.num ++++ b/util/libeay.num +@@ -3510,6 +3510,7 @@ BIO_get_callback_arg BIO_set_callback 3903 EXIST::FUNCTION: d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 @@ -2210,11 +2190,9 @@ Index: openssl-1.0.1c/util/libeay.num SEED_decrypt 3908 EXIST::FUNCTION:SEED SEED_encrypt 3909 EXIST::FUNCTION:SEED SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED -Index: openssl-1.0.1c/openssl.ld -=================================================================== ---- openssl-1.0.1c.orig/openssl.ld 2013-03-19 14:35:06.326647390 -0400 -+++ openssl-1.0.1c/openssl.ld 2013-03-19 14:35:06.326647390 -0400 -@@ -3763,6 +3763,7 @@ +--- a/openssl.ld ++++ b/openssl.ld +@@ -3763,6 +3763,7 @@ OPENSSL_1.0.0 { BIO_set_callback; d2i_ASIdOrRange; i2d_ASIdentifiers; diff --git a/debian/patches/block_digicert_malaysia.patch b/debian/patches/block_digicert_malaysia.patch index 4ac875e..50a70be 100644 --- a/debian/patches/block_digicert_malaysia.patch +++ b/debian/patches/block_digicert_malaysia.patch @@ -5,11 +5,13 @@ Forwarded: not-needed Origin: vendor Last-Update: 2011-11-05 -Index: openssl-1.0.0e/crypto/x509/x509_vfy.c -=================================================================== ---- openssl-1.0.0e.orig/crypto/x509/x509_vfy.c -+++ openssl-1.0.0e/crypto/x509/x509_vfy.c -@@ -833,10 +833,11 @@ static int check_ca_blacklist(X509_STORE +--- + crypto/x509/x509_vfy.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -828,10 +828,11 @@ static int check_ca_blacklist(X509_STORE for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { x = sk_X509_value(ctx->chain, i); diff --git a/debian/patches/block_diginotar.patch b/debian/patches/block_diginotar.patch index db9b133..a23bf17 100644 --- a/debian/patches/block_diginotar.patch +++ b/debian/patches/block_diginotar.patch @@ -10,10 +10,12 @@ Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk> This is not meant as final patch. -Index: openssl-1.0.0d/crypto/x509/x509_vfy.c -=================================================================== ---- openssl-1.0.0d.orig/crypto/x509/x509_vfy.c -+++ openssl-1.0.0d/crypto/x509/x509_vfy.c +--- + crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c @@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *c static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); @@ -22,7 +24,7 @@ Index: openssl-1.0.0d/crypto/x509/x509_vfy.c static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, -@@ -374,6 +375,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx +@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx ok=internal_verify(ctx); if(!ok) goto end; @@ -32,7 +34,7 @@ Index: openssl-1.0.0d/crypto/x509/x509_vfy.c #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); -@@ -820,6 +824,29 @@ static int check_crl_time(X509_STORE_CTX +@@ -816,6 +820,29 @@ static int check_crl_time(X509_STORE_CTX return 1; } diff --git a/debian/patches/c_rehash-compat.patch b/debian/patches/c_rehash-compat.patch index 300b41b..ecd85a5 100644 --- a/debian/patches/c_rehash-compat.patch +++ b/debian/patches/c_rehash-compat.patch @@ -5,13 +5,11 @@ Subject: [PATCH] also create old hash for compatibility --- tools/c_rehash.in | 8 +++++++- - 1 files changed, 7 insertions(+), 1 deletions(-) + 1 file changed, 7 insertions(+), 1 deletion(-) -Index: openssl-1.0.0d/tools/c_rehash.in -=================================================================== ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 -@@ -86,6 +86,7 @@ +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -86,6 +86,7 @@ sub hash_dir { } } link_hash_cert($fname) if($cert); @@ -19,7 +17,7 @@ Index: openssl-1.0.0d/tools/c_rehash.in link_hash_crl($fname) if($crl); } } -@@ -119,8 +120,9 @@ +@@ -119,8 +120,9 @@ sub check_file { sub link_hash_cert { my $fname = $_[0]; @@ -30,7 +28,7 @@ Index: openssl-1.0.0d/tools/c_rehash.in chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; -@@ -150,6 +152,10 @@ +@@ -150,6 +152,10 @@ sub link_hash_cert { $hashlist{$hash} = $fprint; } diff --git a/debian/patches/ca.patch b/debian/patches/ca.patch index 761eebe..80c3ef1 100644 --- a/debian/patches/ca.patch +++ b/debian/patches/ca.patch @@ -1,8 +1,10 @@ -Index: openssl-0.9.8m/apps/CA.pl.in -=================================================================== ---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 -+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 -@@ -65,6 +65,7 @@ +--- + apps/CA.pl.in | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in +@@ -65,6 +65,7 @@ $RET = 0; foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; @@ -10,7 +12,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in exit 0; } elsif (/^-newcert$/) { # create a certificate -@@ -165,6 +166,7 @@ +@@ -165,6 +166,7 @@ foreach (@ARGV) { } else { print STDERR "Unknown arg $_\n"; print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; diff --git a/debian/patches/config-hurd.patch b/debian/patches/config-hurd.patch index 31a9184..abe35f6 100644 --- a/debian/patches/config-hurd.patch +++ b/debian/patches/config-hurd.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/config -=================================================================== ---- openssl-1.0.0c.orig/config 2010-12-12 16:09:43.000000000 +0100 -+++ openssl-1.0.0c/config 2010-12-12 16:09:48.000000000 +0100 -@@ -170,8 +170,8 @@ +--- + config | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/config ++++ b/config +@@ -170,8 +170,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACHINE}-whatever-linux1"; exit 0 ;; diff --git a/debian/patches/debian-targets.patch b/debian/patches/debian-targets.patch index 8acbbad..0727967 100644 --- a/debian/patches/debian-targets.patch +++ b/debian/patches/debian-targets.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.1/Configure -=================================================================== ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 -@@ -105,6 +105,10 @@ +--- + Configure | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 46 insertions(+) + +--- a/Configure ++++ b/Configure +@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no-<cipher> my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; @@ -13,7 +15,7 @@ Index: openssl-1.0.1/Configure my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -338,6 +342,48 @@ +@@ -338,6 +342,48 @@ my %table=( "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", diff --git a/debian/patches/default_bits.patch b/debian/patches/default_bits.patch index 8e7e416..4b0b8f6 100644 --- a/debian/patches/default_bits.patch +++ b/debian/patches/default_bits.patch @@ -1,6 +1,10 @@ ---- openssl/apps/openssl.cnf 2012-06-06 00:51:47.000000000 +0200 -+++ openssl/apps/openssl.cnf 2012-06-06 00:53:48.000000000 +0200 -@@ -105,7 +105,7 @@ +--- + apps/openssl.cnf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -103,7 +103,7 @@ emailAddress = optional #################################################################### [ req ] diff --git a/debian/patches/dgst_hmac.patch b/debian/patches/dgst_hmac.patch index 9523f9c..e6dc412 100644 --- a/debian/patches/dgst_hmac.patch +++ b/debian/patches/dgst_hmac.patch @@ -8,11 +8,14 @@ apply to the Debian package as well. I'm open for better wor- ding though, especially considering the FIPS option, which I found as undocumented too. -Index: openssl-1.0.0d/doc/apps/dgst.pod -=================================================================== ---- openssl-1.0.0d.orig/doc/apps/dgst.pod 2009-04-10 16:42:27.000000000 +0000 -+++ openssl-1.0.0d/doc/apps/dgst.pod 2011-06-13 11:00:04.000000000 +0000 -@@ -12,6 +12,8 @@ +--- + apps/dgst.c | 2 ++ + doc/apps/dgst.pod | 10 ++++++++++ + 2 files changed, 12 insertions(+) + +--- a/doc/apps/dgst.pod ++++ b/doc/apps/dgst.pod +@@ -12,6 +12,8 @@ B<openssl> B<dgst> [B<-d>] [B<-hex>] [B<-binary>] @@ -21,7 +24,7 @@ Index: openssl-1.0.0d/doc/apps/dgst.pod [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] -@@ -54,6 +56,14 @@ +@@ -54,6 +56,14 @@ digest as opposed to a digital signature output the digest or signature in binary form. @@ -36,11 +39,9 @@ Index: openssl-1.0.0d/doc/apps/dgst.pod =item B<-out filename> filename to output to, or standard output by default. -Index: openssl-1.0.0d/apps/dgst.c -=================================================================== ---- openssl-1.0.0d.orig/apps/dgst.c 2010-02-12 17:07:24.000000000 +0000 -+++ openssl-1.0.0d/apps/dgst.c 2011-06-13 11:00:04.000000000 +0000 -@@ -268,6 +268,8 @@ +--- a/apps/dgst.c ++++ b/apps/dgst.c +@@ -273,6 +273,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-d to output debug info\n"); BIO_printf(bio_err,"-hex output as hex dump\n"); BIO_printf(bio_err,"-binary output in binary form\n"); diff --git a/debian/patches/engines-path.patch b/debian/patches/engines-path.patch index 3d6981a..75763a4 100644 --- a/debian/patches/engines-path.patch +++ b/debian/patches/engines-path.patch @@ -1,8 +1,13 @@ -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-01-27 17:06:58.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-13 19:41:03.000000000 +0100 -@@ -497,7 +497,7 @@ +--- + Configure | 2 +- + Makefile.org | 2 +- + engines/Makefile | 10 +++++----- + engines/ccgost/Makefile | 6 +++--- + 4 files changed, 10 insertions(+), 10 deletions(-) + +--- a/Makefile.org ++++ b/Makefile.org +@@ -542,7 +542,7 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ @@ -11,11 +16,9 @@ Index: openssl-1.0.0c/Makefile.org $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ -Index: openssl-1.0.0c/engines/Makefile -=================================================================== ---- openssl-1.0.0c.orig/engines/Makefile 2010-08-24 23:46:34.000000000 +0200 -+++ openssl-1.0.0c/engines/Makefile 2010-12-12 19:16:22.000000000 +0100 -@@ -107,7 +107,7 @@ +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -107,7 +107,7 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ @@ -24,7 +27,7 @@ Index: openssl-1.0.0c/engines/Makefile for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ -@@ -119,13 +119,13 @@ +@@ -119,13 +119,13 @@ install: *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ @@ -42,11 +45,9 @@ Index: openssl-1.0.0c/engines/Makefile done; \ fi @target=install; $(RECURSIVE_MAKE) -Index: openssl-1.0.0c/Configure -=================================================================== ---- openssl-1.0.0c.orig/Configure 2010-12-12 19:16:22.000000000 +0100 -+++ openssl-1.0.0c/Configure 2010-12-13 19:40:53.000000000 +0100 -@@ -1732,7 +1732,7 @@ +--- a/Configure ++++ b/Configure +@@ -1848,7 +1848,7 @@ while (<IN>) } elsif (/^#define\s+ENGINESDIR/) { @@ -55,11 +56,9 @@ Index: openssl-1.0.0c/Configure $foo =~ s/\\/\\\\/g; print OUT "#define ENGINESDIR \"$foo\"\n"; } -Index: openssl-1.0.0c/engines/ccgost/Makefile -=================================================================== ---- openssl-1.0.0c.orig/engines/ccgost/Makefile 2010-12-13 19:41:14.000000000 +0100 -+++ openssl-1.0.0c/engines/ccgost/Makefile 2010-12-13 19:42:21.000000000 +0100 -@@ -53,13 +53,13 @@ +--- a/engines/ccgost/Makefile ++++ b/engines/ccgost/Makefile +@@ -53,13 +53,13 @@ install: *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ diff --git a/debian/patches/fix_key_decoding_deadlock.patch b/debian/patches/fix_key_decoding_deadlock.patch index 2ea02e3..c92d645 100644 --- a/debian/patches/fix_key_decoding_deadlock.patch +++ b/debian/patches/fix_key_decoding_deadlock.patch @@ -6,15 +6,12 @@ Subject: [PATCH] PR: 2813 Reported by: Constantine Sapuntzakis Fix possible deadlock when decoding public keys. --- - CHANGES | 3 +++ crypto/asn1/x_pubkey.c | 5 ++++- - 2 files changed, 7 insertions(+), 1 deletion(-) + 1 file changed, 4 insertions(+), 1 deletion(-) -diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c -index 627ec87..b649e1f 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c -@@ -175,12 +175,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) +@@ -175,12 +175,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *k CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); if (key->pkey) { @@ -31,6 +28,3 @@ index 627ec87..b649e1f 100644 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); return ret; --- -1.7.9.5 - diff --git a/debian/patches/gnu_source.patch b/debian/patches/gnu_source.patch index 7216e59..4b2bd51 100644 --- a/debian/patches/gnu_source.patch +++ b/debian/patches/gnu_source.patch @@ -5,10 +5,12 @@ We need this atleast for kfreebsd because they also use glibc. There shouldn't be a problem defining this on systems not using glibc. -Index: openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c -=================================================================== ---- openssl-1.0.0c.obsolete.0.297891860202984.orig/crypto/dso/dso_dlfcn.c 2010-12-19 16:18:36.000000000 +0100 -+++ openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c 2010-12-19 16:19:01.000000000 +0100 +--- + crypto/dso/dso_dlfcn.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/crypto/dso/dso_dlfcn.c ++++ b/crypto/dso/dso_dlfcn.c @@ -60,10 +60,8 @@ that handle _GNU_SOURCE and other similar macros. Defining it later is simply too late, because those headers are protected from re- diff --git a/debian/patches/libdoc-manpgs-pod-spell.patch b/debian/patches/libdoc-manpgs-pod-spell.patch index d181bc6..9e4962c 100644 --- a/debian/patches/libdoc-manpgs-pod-spell.patch +++ b/debian/patches/libdoc-manpgs-pod-spell.patch @@ -1,6 +1,23 @@ +--- + doc/crypto/ASN1_generate_nconf.pod | 2 +- + doc/crypto/BN_BLINDING_new.pod | 2 +- + doc/crypto/EVP_BytesToKey.pod | 2 +- + doc/crypto/EVP_EncryptInit.pod | 2 +- + doc/crypto/EVP_PKEY_cmp.pod | 2 +- + doc/crypto/X509_STORE_CTX_get_error.pod | 2 ++ + doc/crypto/pem.pod | 2 +- + doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 ++++ + doc/ssl/SSL_CTX_set_verify.pod | 4 ++-- + doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 8 ++++++++ + doc/ssl/SSL_accept.pod | 8 ++++++++ + doc/ssl/SSL_connect.pod | 18 +++++++++--------- + doc/ssl/SSL_do_handshake.pod | 8 ++++++++ + doc/ssl/SSL_shutdown.pod | 8 ++++++++ + 14 files changed, 55 insertions(+), 17 deletions(-) + --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod -@@ -61,7 +61,7 @@ +@@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> st =item B<INTEGER>, B<INT> Encodes an ASN1 B<INTEGER> type. The B<value> string represents @@ -11,7 +28,7 @@ --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod -@@ -48,7 +48,7 @@ +@@ -48,7 +48,7 @@ necessary parameters are set, by re-crea BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>. If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be @@ -22,7 +39,7 @@ the inverse blinding. --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod -@@ -17,7 +17,7 @@ +@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encrypti EVP_BytesToKey() derives a key and IV from various parameters. B<type> is the cipher to derive the key and IV for. B<md> is the message digest to use. @@ -33,7 +50,7 @@ iteration count to use. The derived key and IV will be written to B<key> --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod -@@ -152,7 +152,7 @@ +@@ -152,7 +152,7 @@ does not remain in memory. EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and @@ -44,7 +61,7 @@ EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a --- a/doc/crypto/EVP_PKEY_cmp.pod +++ b/doc/crypto/EVP_PKEY_cmp.pod -@@ -26,7 +26,7 @@ +@@ -26,7 +26,7 @@ B<from> to key B<to>. The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys B<a> and B<b>. @@ -55,7 +72,7 @@ =head1 NOTES --- a/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/doc/crypto/X509_STORE_CTX_get_error.pod -@@ -278,6 +278,8 @@ +@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl an application specific error. This will never be returned unless explicitly set by an application. @@ -66,7 +83,7 @@ The above functions should be used instead of directly referencing the fields --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod -@@ -201,7 +201,7 @@ +@@ -201,7 +201,7 @@ handle PKCS#8 format encrypted and unenc PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption @@ -77,7 +94,7 @@ encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. --- a/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -70,6 +70,10 @@ +@@ -70,6 +70,10 @@ values: The operation succeeded. @@ -90,7 +107,7 @@ A failure while manipulating the STACK_OF(X509_NAME) object occurred or --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod -@@ -169,8 +169,8 @@ +@@ -169,8 +169,8 @@ that will always continue the TLS/SSL ha failure, if wished. The callback realizes a verification depth limit with more informational output. @@ -103,7 +120,7 @@ --- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -81,6 +81,8 @@ +@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_ Return values from the server callback are interpreted as follows: @@ -112,7 +129,7 @@ =item > 0 PSK identity was found and the server callback has provided the PSK -@@ -94,9 +96,15 @@ +@@ -94,9 +96,15 @@ data to B<psk> and return the length of connection will fail with decryption_error before it will be finished completely. @@ -130,7 +147,7 @@ =cut --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod -@@ -49,12 +49,20 @@ +@@ -49,12 +49,20 @@ The following return values can occur: The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. @@ -153,7 +170,7 @@ The TLS/SSL handshake was not successful because a fatal error occurred either --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod -@@ -41,10 +41,13 @@ +@@ -41,10 +41,13 @@ The following return values can occur: =over 4 @@ -170,7 +187,7 @@ =item 0 -@@ -52,13 +55,10 @@ +@@ -52,13 +55,10 @@ The TLS/SSL handshake was not successful by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B<ret> to find out the reason. @@ -189,7 +206,7 @@ --- a/doc/ssl/SSL_do_handshake.pod +++ b/doc/ssl/SSL_do_handshake.pod -@@ -50,12 +50,20 @@ +@@ -50,12 +50,20 @@ The following return values can occur: The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. @@ -212,7 +229,7 @@ The TLS/SSL handshake was not successful because a fatal error occurred either --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod -@@ -97,6 +97,10 @@ +@@ -97,6 +97,10 @@ The following return values can occur: The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close notify" alert was received. @@ -223,7 +240,7 @@ =item 0 The shutdown is not yet finished. Call SSL_shutdown() for a second time, -@@ -104,6 +108,10 @@ +@@ -104,6 +108,10 @@ if a bidirectional shutdown shall be per The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. diff --git a/debian/patches/libssl-misspell.patch b/debian/patches/libssl-misspell.patch index 96ff398..ef1d0c8 100644 --- a/debian/patches/libssl-misspell.patch +++ b/debian/patches/libssl-misspell.patch @@ -1,6 +1,10 @@ +--- + crypto/asn1/asn1_err.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c -@@ -302,7 +302,7 @@ +@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, diff --git a/debian/patches/make-targets.patch b/debian/patches/make-targets.patch index 57e1b14..2ce715e 100644 --- a/debian/patches/make-targets.patch +++ b/debian/patches/make-targets.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.1/Makefile.org -=================================================================== ---- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000 -+++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000 -@@ -135,7 +135,7 @@ +--- + Makefile.org | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Makefile.org ++++ b/Makefile.org +@@ -135,7 +135,7 @@ FIPSCANLIB= BASEADDR= diff --git a/debian/patches/man-dir.patch b/debian/patches/man-dir.patch index a35b37e..157f087 100644 --- a/debian/patches/man-dir.patch +++ b/debian/patches/man-dir.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -@@ -131,7 +131,7 @@ +--- + Makefile.org | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Makefile.org ++++ b/Makefile.org +@@ -157,7 +157,7 @@ TESTS = alltests MAKEFILE= Makefile diff --git a/debian/patches/man-section.patch b/debian/patches/man-section.patch index a8ac662..59690b51 100644 --- a/debian/patches/man-section.patch +++ b/debian/patches/man-section.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/Makefile.org -=================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 -@@ -134,7 +134,8 @@ +--- + Makefile.org | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/Makefile.org ++++ b/Makefile.org +@@ -160,7 +160,8 @@ MAKEFILE= Makefile MANDIR=/usr/share/man MAN1=1 MAN3=3 @@ -12,7 +14,7 @@ Index: openssl-1.0.0c/Makefile.org HTMLSUFFIX=html HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh -@@ -606,7 +607,7 @@ +@@ -651,7 +652,7 @@ install_docs: echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ @@ -21,7 +23,7 @@ Index: openssl-1.0.0c/Makefile.org --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ -@@ -623,7 +624,7 @@ +@@ -668,7 +669,7 @@ install_docs: echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ diff --git a/debian/patches/no-rpath.patch b/debian/patches/no-rpath.patch index 6ef0f0e..b1c4b11 100644 --- a/debian/patches/no-rpath.patch +++ b/debian/patches/no-rpath.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/Makefile.shared -=================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -@@ -153,7 +153,7 @@ +--- + Makefile.shared | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" diff --git a/debian/patches/no-symbolic.patch b/debian/patches/no-symbolic.patch index 2a30777..e9fc567 100644 --- a/debian/patches/no-symbolic.patch +++ b/debian/patches/no-symbolic.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/Makefile.shared -=================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 -@@ -151,7 +151,7 @@ +--- + Makefile.shared | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ diff --git a/debian/patches/0001-Added-CTR-and-CBC-decrypt-hooks-for-NEON-bit-sliced-.patch b/debian/patches/old/0001-Added-CTR-and-CBC-decrypt-hooks-for-NEON-bit-sliced-.patch index 0ebaba8..0ebaba8 100644 --- a/debian/patches/0001-Added-CTR-and-CBC-decrypt-hooks-for-NEON-bit-sliced-.patch +++ b/debian/patches/old/0001-Added-CTR-and-CBC-decrypt-hooks-for-NEON-bit-sliced-.patch diff --git a/debian/patches/0002-bsaes-armv7.pl-Big-endian-fixes.patch b/debian/patches/old/0002-bsaes-armv7.pl-Big-endian-fixes.patch index 23fb94a..23fb94a 100644 --- a/debian/patches/0002-bsaes-armv7.pl-Big-endian-fixes.patch +++ b/debian/patches/old/0002-bsaes-armv7.pl-Big-endian-fixes.patch diff --git a/debian/patches/old/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch b/debian/patches/old/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch new file mode 100644 index 0000000..4d2235d --- /dev/null +++ b/debian/patches/old/0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch @@ -0,0 +1,24 @@ +From a2f9535dd2b0d2e230f978aa3eaf103f5224b6d5 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel <ard.biesheuvel@linaro.org> +Date: Mon, 15 Apr 2013 14:32:59 +0200 +Subject: [PATCH 3/3] bsaes-armv7.pl: avoid bit-sliced AES/CBC for block sizes + < 1k + +Avoid using bit sliced AES for CBC decryption when the block size +is smaller than 1k. The reason is that the overhead of creating the +key schedule is larger than the obtained speedup on Cortex-A9. +--- + crypto/aes/asm/bsaes-armv7.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/crypto/aes/asm/bsaes-armv7.pl ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -985,7 +985,7 @@ $code.=<<___; + .global bsaes_cbc_encrypt + .type bsaes_cbc_encrypt,%function + bsaes_cbc_encrypt: +- cmp $len, #128 ++ cmp $len, #1024 + blo AES_cbc_encrypt + + @ it is up to the caller to make sure we are called with enc == 0 diff --git a/debian/patches/openssl-pod-misspell.patch b/debian/patches/openssl-pod-misspell.patch index a15c364..e3088ac 100644 --- a/debian/patches/openssl-pod-misspell.patch +++ b/debian/patches/openssl-pod-misspell.patch @@ -1,7 +1,16 @@ -Index: openssl-1.0.1/apps/ca.c -=================================================================== ---- openssl-1.0.1.orig/apps/ca.c 2012-01-12 16:28:02.000000000 +0000 -+++ openssl-1.0.1/apps/ca.c 2012-03-17 09:31:48.000000000 +0000 +--- + apps/ca.c | 2 +- + apps/ecparam.c | 4 ++-- + crypto/evp/encode.c | 2 +- + doc/apps/config.pod | 2 +- + doc/apps/req.pod | 2 +- + doc/apps/ts.pod | 4 ++-- + doc/apps/tsget.pod | 2 +- + doc/apps/x509v3_config.pod | 2 +- + 8 files changed, 10 insertions(+), 10 deletions(-) + +--- a/apps/ca.c ++++ b/apps/ca.c @@ -148,7 +148,7 @@ static const char *ca_usage[]={ "usage: ca args\n", @@ -11,10 +20,8 @@ Index: openssl-1.0.1/apps/ca.c " -config file - A config file\n", " -name arg - The particular CA definition to use\n", " -gencrl - Generate a new CRL\n", -Index: openssl-1.0.1/apps/ecparam.c -=================================================================== ---- openssl-1.0.1.orig/apps/ecparam.c 2010-06-15 17:25:02.000000000 +0000 -+++ openssl-1.0.1/apps/ecparam.c 2012-03-17 09:31:48.000000000 +0000 +--- a/apps/ecparam.c ++++ b/apps/ecparam.c @@ -105,7 +105,7 @@ * in the asn1 der encoding * possible values: named_curve (default) @@ -24,7 +31,7 @@ Index: openssl-1.0.1/apps/ecparam.c * -genkey - generate ec key * -rand file - files to use for random number input * -engine e - use engine e, possibly a hardware device -@@ -286,7 +286,7 @@ +@@ -286,7 +286,7 @@ bad: BIO_printf(bio_err, " " " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" @@ -33,11 +40,9 @@ Index: openssl-1.0.1/apps/ecparam.c " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); -Index: openssl-1.0.1/crypto/evp/encode.c -=================================================================== ---- openssl-1.0.1.orig/crypto/evp/encode.c 2010-06-15 17:25:09.000000000 +0000 -+++ openssl-1.0.1/crypto/evp/encode.c 2012-03-17 09:31:48.000000000 +0000 -@@ -250,7 +250,7 @@ +--- a/crypto/evp/encode.c ++++ b/crypto/evp/encode.c +@@ -250,7 +250,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx /* We parse the input data */ for (i=0; i<inl; i++) { @@ -46,11 +51,9 @@ Index: openssl-1.0.1/crypto/evp/encode.c if (ln >= 80) { rv= -1; goto end; } /* Get char and put it into the buffer */ -Index: openssl-1.0.1/doc/apps/config.pod -=================================================================== ---- openssl-1.0.1.orig/doc/apps/config.pod 2004-11-25 17:47:29.000000000 +0000 -+++ openssl-1.0.1/doc/apps/config.pod 2012-03-17 09:31:48.000000000 +0000 -@@ -119,7 +119,7 @@ +--- a/doc/apps/config.pod ++++ b/doc/apps/config.pod +@@ -119,7 +119,7 @@ variable points to a section containing information. The section pointed to by B<engines> is a table of engine names (though see @@ -59,11 +62,9 @@ Index: openssl-1.0.1/doc/apps/config.pod specific to each ENGINE. Each ENGINE specific section is used to set default algorithms, load -Index: openssl-1.0.1/doc/apps/req.pod -=================================================================== ---- openssl-1.0.1.orig/doc/apps/req.pod 2009-04-10 16:42:28.000000000 +0000 -+++ openssl-1.0.1/doc/apps/req.pod 2012-03-17 09:31:48.000000000 +0000 -@@ -159,7 +159,7 @@ +--- a/doc/apps/req.pod ++++ b/doc/apps/req.pod +@@ -159,7 +159,7 @@ B<param:file> generates a key using the the algorithm is determined by the parameters. B<algname:file> use algorithm B<algname> and parameter file B<file>: the two algorithms must match or an error occurs. B<algname> just uses algorithm B<algname>, and parameters, @@ -72,11 +73,9 @@ Index: openssl-1.0.1/doc/apps/req.pod B<dsa:filename> generates a DSA key using the parameters in the file B<filename>. B<ec:filename> generates EC key (usable both with -Index: openssl-1.0.1/doc/apps/ts.pod -=================================================================== ---- openssl-1.0.1.orig/doc/apps/ts.pod 2009-04-10 11:25:54.000000000 +0000 -+++ openssl-1.0.1/doc/apps/ts.pod 2012-03-17 09:31:48.000000000 +0000 -@@ -352,7 +352,7 @@ +--- a/doc/apps/ts.pod ++++ b/doc/apps/ts.pod +@@ -352,7 +352,7 @@ switch always overrides the settings in This is the main section and it specifies the name of another section that contains all the options for the B<-reply> command. This default @@ -85,7 +84,7 @@ Index: openssl-1.0.1/doc/apps/ts.pod =item B<oid_file> -@@ -453,7 +453,7 @@ +@@ -453,7 +453,7 @@ included. Default is no. (Optional) =head1 ENVIRONMENT VARIABLES B<OPENSSL_CONF> contains the path of the configuration file and can be @@ -94,11 +93,9 @@ Index: openssl-1.0.1/doc/apps/ts.pod =head1 EXAMPLES -Index: openssl-1.0.1/doc/apps/tsget.pod -=================================================================== ---- openssl-1.0.1.orig/doc/apps/tsget.pod 2010-01-05 17:17:20.000000000 +0000 -+++ openssl-1.0.1/doc/apps/tsget.pod 2012-03-17 09:31:48.000000000 +0000 -@@ -124,7 +124,7 @@ +--- a/doc/apps/tsget.pod ++++ b/doc/apps/tsget.pod +@@ -124,7 +124,7 @@ The name of an EGD socket to get random =item [request]... List of files containing B<RFC 3161> DER-encoded time stamp requests. If no @@ -107,11 +104,9 @@ Index: openssl-1.0.1/doc/apps/tsget.pod read from the standard input. (Optional) =back -Index: openssl-1.0.1/doc/apps/x509v3_config.pod -=================================================================== ---- openssl-1.0.1.orig/doc/apps/x509v3_config.pod 2006-11-07 13:44:03.000000000 +0000 -+++ openssl-1.0.1/doc/apps/x509v3_config.pod 2012-03-17 09:31:48.000000000 +0000 -@@ -174,7 +174,7 @@ +--- a/doc/apps/x509v3_config.pod ++++ b/doc/apps/x509v3_config.pod +@@ -174,7 +174,7 @@ The IP address used in the B<IP> options The value of B<dirName> should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by diff --git a/debian/patches/perlpath-quilt.patch b/debian/patches/perlpath-quilt.patch index 5eace40..bcf5c5e 100644 --- a/debian/patches/perlpath-quilt.patch +++ b/debian/patches/perlpath-quilt.patch @@ -1,7 +1,10 @@ -diff -Nur openssl-0.9.8o/util/perlpath.pl openssl-0.9.8o.new/util/perlpath.pl ---- openssl-0.9.8o/util/perlpath.pl 2010-06-14 10:17:46.000000000 -0400 -+++ openssl-0.9.8o.new/util/perlpath.pl 2010-06-14 10:18:04.000000000 -0400 -@@ -11,6 +11,10 @@ +--- + util/perlpath.pl | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/util/perlpath.pl ++++ b/util/perlpath.pl +@@ -11,6 +11,10 @@ $#ARGV == 0 || print STDERR "usage: perl sub wanted { diff --git a/debian/patches/pic.patch b/debian/patches/pic.patch index 352a014..ed95be4 100644 --- a/debian/patches/pic.patch +++ b/debian/patches/pic.patch @@ -1,8 +1,13 @@ -Index: openssl-1.0.1/crypto/des/asm/desboth.pl -=================================================================== ---- openssl-1.0.1.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 -+++ openssl-1.0.1/crypto/des/asm/desboth.pl 2012-03-17 14:03:25.000000000 +0100 -@@ -16,6 +16,11 @@ +--- + crypto/des/asm/desboth.pl | 17 ++++++++++++++--- + crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- + crypto/perlasm/x86gas.pl | 11 +++++++++++ + crypto/x86cpuid.pl | 10 +++++----- + 4 files changed, 50 insertions(+), 12 deletions(-) + +--- a/crypto/des/asm/desboth.pl ++++ b/crypto/des/asm/desboth.pl +@@ -16,6 +16,11 @@ sub DES_encrypt3 &push("edi"); @@ -14,7 +19,7 @@ Index: openssl-1.0.1/crypto/des/asm/desboth.pl &comment(""); &comment("Load the data words"); &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ +@@ -47,15 +52,21 @@ sub DES_encrypt3 &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "eax"); &mov(&swtmp(0), "ebx"); @@ -39,11 +44,9 @@ Index: openssl-1.0.1/crypto/des/asm/desboth.pl &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); -Index: openssl-1.0.1/crypto/perlasm/cbc.pl -=================================================================== ---- openssl-1.0.1.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 -+++ openssl-1.0.1/crypto/perlasm/cbc.pl 2012-03-17 14:03:25.000000000 +0100 -@@ -122,7 +122,11 @@ +--- a/crypto/perlasm/cbc.pl ++++ b/crypto/perlasm/cbc.pl +@@ -122,7 +122,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -56,7 +59,7 @@ Index: openssl-1.0.1/crypto/perlasm/cbc.pl &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ +@@ -185,7 +189,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -69,7 +72,7 @@ Index: openssl-1.0.1/crypto/perlasm/cbc.pl &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ +@@ -218,7 +226,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -82,7 +85,7 @@ Index: openssl-1.0.1/crypto/perlasm/cbc.pl &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ +@@ -261,7 +273,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -95,11 +98,9 @@ Index: openssl-1.0.1/crypto/perlasm/cbc.pl &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -Index: openssl-1.0.1/crypto/perlasm/x86gas.pl -=================================================================== ---- openssl-1.0.1.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 -+++ openssl-1.0.1/crypto/perlasm/x86gas.pl 2012-03-17 14:03:25.000000000 +0100 -@@ -161,6 +161,7 @@ +--- a/crypto/perlasm/x86gas.pl ++++ b/crypto/perlasm/x86gas.pl +@@ -161,6 +161,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } @@ -107,7 +108,7 @@ Index: openssl-1.0.1/crypto/perlasm/x86gas.pl } push(@out,$initseg) if ($initseg); } -@@ -218,7 +219,17 @@ +@@ -218,7 +219,17 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init @@ -125,11 +126,9 @@ Index: openssl-1.0.1/crypto/perlasm/x86gas.pl ___ } elsif ($::coff) -Index: openssl-1.0.1/crypto/x86cpuid.pl -=================================================================== ---- openssl-1.0.1.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 -+++ openssl-1.0.1/crypto/x86cpuid.pl 2012-03-17 14:13:56.000000000 +0100 -@@ -8,6 +8,8 @@ +--- a/crypto/x86cpuid.pl ++++ b/crypto/x86cpuid.pl +@@ -8,6 +8,8 @@ require "x86asm.pl"; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -138,7 +137,7 @@ Index: openssl-1.0.1/crypto/x86cpuid.pl &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); -@@ -139,9 +141,7 @@ +@@ -139,9 +141,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); @@ -149,7 +148,7 @@ Index: openssl-1.0.1/crypto/x86cpuid.pl &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -155,7 +155,7 @@ +@@ -155,7 +155,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... @@ -158,7 +157,7 @@ Index: openssl-1.0.1/crypto/x86cpuid.pl &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC -@@ -222,7 +222,7 @@ +@@ -222,7 +222,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &ret (); &function_end_B("OPENSSL_far_spin"); diff --git a/debian/patches/pkcs12-doc.patch b/debian/patches/pkcs12-doc.patch index 0fed024..20dad3b 100644 --- a/debian/patches/pkcs12-doc.patch +++ b/debian/patches/pkcs12-doc.patch @@ -9,11 +9,13 @@ specified, in which case -password as equivalent to -passout. The patch below makes this explicit. -Index: openssl-1.0.0d/doc/apps/pkcs12.pod -=================================================================== ---- openssl-1.0.0d.orig/doc/apps/pkcs12.pod 2011-06-13 10:46:06.000000000 +0000 -+++ openssl-1.0.0d/doc/apps/pkcs12.pod 2011-06-13 10:47:36.000000000 +0000 -@@ -67,7 +67,7 @@ +--- + doc/apps/pkcs12.pod | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/doc/apps/pkcs12.pod ++++ b/doc/apps/pkcs12.pod +@@ -67,7 +67,7 @@ by default. The filename to write certificates and private keys to, standard output by default. They are all written in PEM format. @@ -22,7 +24,7 @@ Index: openssl-1.0.0d/doc/apps/pkcs12.pod the PKCS#12 file (i.e. input file) password source. For more information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in -@@ -79,6 +79,11 @@ +@@ -79,6 +79,11 @@ pass phrase source to encrypt any output information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. diff --git a/debian/patches/pod_ec.misspell.patch b/debian/patches/pod_ec.misspell.patch index a92e418..4edadd3 100644 --- a/debian/patches/pod_ec.misspell.patch +++ b/debian/patches/pod_ec.misspell.patch @@ -1,6 +1,10 @@ +--- + doc/apps/ec.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod -@@ -41,7 +41,7 @@ +@@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs This specifies the input format. The B<DER> option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it diff --git a/debian/patches/pod_pksc12.misspell.patch b/debian/patches/pod_pksc12.misspell.patch index 62dc533..fc11c23 100644 --- a/debian/patches/pod_pksc12.misspell.patch +++ b/debian/patches/pod_pksc12.misspell.patch @@ -1,6 +1,10 @@ +--- + doc/apps/pkcs12.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod -@@ -75,7 +75,7 @@ +@@ -75,7 +75,7 @@ L<openssl(1)|openssl(1)>. =item B<-passout arg> diff --git a/debian/patches/pod_req_misspell2.patch b/debian/patches/pod_req_misspell2.patch index 7095098..02bb1e3 100644 --- a/debian/patches/pod_req_misspell2.patch +++ b/debian/patches/pod_req_misspell2.patch @@ -1,7 +1,10 @@ -diff --git a/doc/apps/req.pod b/doc/apps/req.pod +--- + doc/apps/req.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + --- a/doc/apps/req.pod +++ b/doc/apps/req.pod -@@ -303,7 +303,7 @@ +@@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge> =item B<-newhdr> diff --git a/debian/patches/pod_s_server.misspell.patch b/debian/patches/pod_s_server.misspell.patch index c899a58..ebb7883 100644 --- a/debian/patches/pod_s_server.misspell.patch +++ b/debian/patches/pod_s_server.misspell.patch @@ -1,6 +1,10 @@ +--- + doc/apps/s_server.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod -@@ -111,7 +111,7 @@ +@@ -111,7 +111,7 @@ by using an appropriate certificate. =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> diff --git a/debian/patches/pod_x509setflags.misspell.patch b/debian/patches/pod_x509setflags.misspell.patch index 6be3923..79fa45e 100644 --- a/debian/patches/pod_x509setflags.misspell.patch +++ b/debian/patches/pod_x509setflags.misspell.patch @@ -1,6 +1,10 @@ +--- + doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod -@@ -113,7 +113,7 @@ +@@ -113,7 +113,7 @@ a special status code is set to the veri to examine the valid policy tree and perform additional checks or simply log it for debugging purposes. diff --git a/debian/patches/rehash-crt.patch b/debian/patches/rehash-crt.patch index 6c7ee06..9aaa487 100644 --- a/debian/patches/rehash-crt.patch +++ b/debian/patches/rehash-crt.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/tools/c_rehash.in -=================================================================== ---- openssl-1.0.0c.orig/tools/c_rehash.in 2010-04-15 01:07:28.000000000 +0200 -+++ openssl-1.0.0c/tools/c_rehash.in 2010-12-12 17:10:51.000000000 +0100 -@@ -75,12 +75,15 @@ +--- + tools/c_rehash.in | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -75,12 +75,15 @@ sub hash_dir { } } closedir DIR; @@ -21,7 +23,7 @@ Index: openssl-1.0.0c/tools/c_rehash.in } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); -@@ -153,6 +156,9 @@ +@@ -153,6 +156,9 @@ sub link_hash_crl { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; diff --git a/debian/patches/rehash_pod.patch b/debian/patches/rehash_pod.patch index c06e217..d1d0431 100644 --- a/debian/patches/rehash_pod.patch +++ b/debian/patches/rehash_pod.patch @@ -1,7 +1,9 @@ -Index: openssl-0.9.8k/doc/apps/c_rehash.pod -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-0.9.8k/doc/apps/c_rehash.pod 2009-07-19 11:36:27.000000000 +0200 +--- + doc/apps/c_rehash.pod | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 55 insertions(+) + +--- /dev/null ++++ b/doc/apps/c_rehash.pod @@ -0,0 +1,55 @@ + +=pod diff --git a/debian/patches/renegiotate_tls.patch b/debian/patches/renegiotate_tls.patch index 142bbbf..c675232 100644 --- a/debian/patches/renegiotate_tls.patch +++ b/debian/patches/renegiotate_tls.patch @@ -1,6 +1,10 @@ ---- openssl/ssl/s3_pkt.c 2012/04/17 13:21:19 1.95 -+++ openssl/ssl/s3_pkt.c 2012/05/11 13:34:29 1.96 -@@ -744,6 +744,7 @@ +--- + ssl/s3_pkt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -744,6 +744,7 @@ static int do_ssl3_write(SSL *s, int typ * bytes and record version number > TLS 1.0 */ if (s->state == SSL3_ST_CW_CLNT_HELLO_B diff --git a/debian/patches/series b/debian/patches/series index c99a535..a2845d0 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -40,6 +40,8 @@ CVE-2013-0169.patch fix_key_decoding_deadlock.patch # Linaro -0001-Added-CTR-and-CBC-decrypt-hooks-for-NEON-bit-sliced-.patch -0002-bsaes-armv7.pl-Big-endian-fixes.patch +0000-bsaes-armv7.patch +0000-crypto-modes-modes_lcl.h-let-STRICT_ALIGNMENT-be-on-.patch +0001-bsaes-armv7.pl-take-it-into-build-loop.patch +0002-bsaes-armv7.pl-add-bsaes_cbc_encrypt-and-bsaes_ctr32.patch 0003-bsaes-armv7.pl-avoid-bit-sliced-AES-CBC-for-block-si.patch diff --git a/debian/patches/shared-lib-ext.patch b/debian/patches/shared-lib-ext.patch index 6b57a6d..add9ffe 100644 --- a/debian/patches/shared-lib-ext.patch +++ b/debian/patches/shared-lib-ext.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/Configure -=================================================================== ---- openssl-1.0.0c.orig/Configure 2010-12-12 16:10:12.000000000 +0100 -+++ openssl-1.0.0c/Configure 2010-12-12 17:12:38.000000000 +0100 -@@ -1605,7 +1605,8 @@ +--- + Configure | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/Configure ++++ b/Configure +@@ -1718,7 +1718,8 @@ while (<IN>) elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; diff --git a/debian/patches/stddef.patch b/debian/patches/stddef.patch index bb65b23..5bba6ab 100644 --- a/debian/patches/stddef.patch +++ b/debian/patches/stddef.patch @@ -1,7 +1,9 @@ -Index: openssl-0.9.8k/crypto/sha/sha.h -=================================================================== ---- openssl-0.9.8k.orig/crypto/sha/sha.h 2008-09-16 12:47:28.000000000 +0200 -+++ openssl-0.9.8k/crypto/sha/sha.h 2009-07-19 11:36:28.000000000 +0200 +--- + crypto/sha/sha.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/crypto/sha/sha.h ++++ b/crypto/sha/sha.h @@ -59,6 +59,7 @@ #ifndef HEADER_SHA_H #define HEADER_SHA_H diff --git a/debian/patches/tls12_workarounds.patch b/debian/patches/tls12_workarounds.patch index abbaf6b..758fde6 100644 --- a/debian/patches/tls12_workarounds.patch +++ b/debian/patches/tls12_workarounds.patch @@ -16,11 +16,14 @@ Bug: http://rt.openssl.org/Ticket/Display.html?id=2881 Forwarded: not-needed Last-Update: 2012-10-04 -Index: openssl-1.0.1c/Configure -=================================================================== ---- openssl-1.0.1c.orig/Configure 2012-10-03 23:59:05.235548667 -0700 -+++ openssl-1.0.1c/Configure 2012-10-04 10:34:23.076454592 -0700 -@@ -106,7 +106,7 @@ +--- + Configure | 2 +- + ssl/s23_clnt.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/Configure ++++ b/Configure +@@ -106,7 +106,7 @@ my $usage="Usage: Configure [no-<cipher> my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; # There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS @@ -29,11 +32,9 @@ Index: openssl-1.0.1c/Configure $debian_cflags =~ s/\n/ /g; my $strict_warnings = 0; -Index: openssl-1.0.1c/ssl/s23_clnt.c -=================================================================== ---- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-10-03 23:46:22.967530550 -0700 -+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-10-04 10:33:13.820452946 -0700 -@@ -491,7 +491,7 @@ +--- a/ssl/s23_clnt.c ++++ b/ssl/s23_clnt.c +@@ -491,7 +491,7 @@ static int ssl23_client_hello(SSL *s) * as hack workaround chop number of supported ciphers * to keep it well below this if we use TLS v1.2 */ diff --git a/debian/patches/ubuntu_deb676533_arm_asm.patch b/debian/patches/ubuntu_deb676533_arm_asm.patch index 1d7ad69..9325394 100644 --- a/debian/patches/ubuntu_deb676533_arm_asm.patch +++ b/debian/patches/ubuntu_deb676533_arm_asm.patch @@ -3,9 +3,13 @@ Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676533 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676533 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1083498 +--- + Configure | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + --- a/Configure +++ b/Configure -@@ -346,9 +346,8 @@ +@@ -346,9 +346,8 @@ my %table=( "debian-alpha","gcc:-DTERMIO $debian_cflag::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/debian/patches/valgrind.patch b/debian/patches/valgrind.patch index ee97297..37a95f1 100644 --- a/debian/patches/valgrind.patch +++ b/debian/patches/valgrind.patch @@ -1,8 +1,10 @@ -Index: openssl-1.0.0c/crypto/rand/md_rand.c -=================================================================== ---- openssl-1.0.0c.orig/crypto/rand/md_rand.c 2010-06-16 15:17:22.000000000 +0200 -+++ openssl-1.0.0c/crypto/rand/md_rand.c 2010-12-12 17:02:50.000000000 +0100 -@@ -476,6 +476,7 @@ +--- + crypto/rand/md_rand.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/crypto/rand/md_rand.c ++++ b/crypto/rand/md_rand.c +@@ -479,6 +479,7 @@ static int ssleay_rand_bytes(unsigned ch MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ @@ -10,7 +12,7 @@ Index: openssl-1.0.0c/crypto/rand/md_rand.c /* The following line uses the supplied buffer as a small * source of entropy: since this buffer is often uninitialised * it may cause programs such as purify or valgrind to -@@ -485,6 +486,7 @@ +@@ -488,6 +489,7 @@ static int ssleay_rand_bytes(unsigned ch */ MD_Update(&m,buf,j); #endif diff --git a/debian/patches/version-script.patch b/debian/patches/version-script.patch index 39662da..18e6158 100644 --- a/debian/patches/version-script.patch +++ b/debian/patches/version-script.patch @@ -1,8 +1,13 @@ -Index: openssl-1.0.1/Configure -=================================================================== ---- openssl-1.0.1.orig/Configure 2012-03-17 11:25:15.000000000 +0000 -+++ openssl-1.0.1/Configure 2012-03-17 11:48:15.000000000 +0000 -@@ -1616,6 +1616,8 @@ +--- + Configure | 2 + engines/ccgost/openssl.ld | 10 + engines/openssl.ld | 10 + openssl.ld | 4615 ++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 4637 insertions(+) + +--- a/Configure ++++ b/Configure +@@ -1620,6 +1620,8 @@ if ($strict_warnings) } } @@ -11,10 +16,8 @@ Index: openssl-1.0.1/Configure open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.1/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1/openssl.ld 2012-03-17 11:46:37.000000000 +0000 +--- /dev/null ++++ b/openssl.ld @@ -0,0 +1,4615 @@ +OPENSSL_1.0.0 { + global: @@ -4631,10 +4634,8 @@ Index: openssl-1.0.1/openssl.ld + BIO_dgram_sctp_notification_cb; +} OPENSSL_1.0.0; + -Index: openssl-1.0.1/engines/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1/engines/openssl.ld 2012-03-17 11:25:15.000000000 +0000 +--- /dev/null ++++ b/engines/openssl.ld @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: @@ -4646,10 +4647,8 @@ Index: openssl-1.0.1/engines/openssl.ld + *; +}; + -Index: openssl-1.0.1/engines/ccgost/openssl.ld -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1/engines/ccgost/openssl.ld 2012-03-17 11:25:15.000000000 +0000 +--- /dev/null ++++ b/engines/ccgost/openssl.ld @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: |