isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/openssl-1.0.2k-backports.patch

450916
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl
450916
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports	2017-03-09 17:59:26.367233931 +0100
450916
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl	2017-03-27 15:25:28.615014528 +0200
450916
@@ -1702,6 +1702,7 @@ $code.=<<___;
450916
 	mov	240($key),$rounds
450916
 	sub	$in0,$out
450916
 	movups	($key),$rndkey0			# $key[0]
450916
+	movups	($ivp),$iv			# load IV
450916
 	movups	16($key),$rndkey[0]		# forward reference
450916
 	lea	112($key),$key			# size optimization
450916
 
450916
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl
450916
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports	2017-03-09 17:59:26.369233978 +0100
450916
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl	2017-03-27 15:25:28.618014599 +0200
450916
@@ -1299,6 +1299,7 @@ $code.=<<___;
450916
 	mov		240($key),$rounds
450916
 	sub		$in0,$out
450916
 	movups		($key),$rndkey0		# $key[0]
450916
+	movups		($ivp),$iv		# load IV
450916
 	movups		16($key),$rndkey[0]	# forward reference
450916
 	lea		112($key),$key		# size optimization
450916
 
450916
diff -up openssl-1.0.2k/crypto/x86cpuid.pl.backports openssl-1.0.2k/crypto/x86cpuid.pl
450916
--- openssl-1.0.2k/crypto/x86cpuid.pl.backports	2017-03-09 17:59:26.339233278 +0100
450916
+++ openssl-1.0.2k/crypto/x86cpuid.pl	2017-03-27 15:26:06.833916588 +0200
450916
@@ -20,10 +20,10 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
450916
 	&pop	("eax");
450916
 	&xor	("ecx","eax");
450916
 	&xor	("eax","eax");
450916
+	&mov	("esi",&wparam(0));
450916
+	&mov	(&DWP(8,"esi"),"eax");	# clear extended feature flags
450916
 	&bt	("ecx",21);
450916
 	&jnc	(&label("nocpuid"));
450916
-	&mov	("esi",&wparam(0));
450916
-	&mov	(&DWP(8,"esi"),"eax");	# clear 3rd word
450916
 	&cpuid	();
450916
 	&mov	("edi","eax");		# max value for standard query level
450916
 
450916
@@ -81,26 +81,16 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
450916
 	&jmp	(&label("generic"));
450916
 	
450916
 &set_label("intel");
450916
-	&cmp	("edi",7);
450916
-	&jb	(&label("cacheinfo"));
450916
-
450916
-	&mov	("esi",&wparam(0));
450916
-	&mov	("eax",7);
450916
-	&xor	("ecx","ecx");
450916
-	&cpuid	();
450916
-	&mov	(&DWP(8,"esi"),"ebx");
450916
-
450916
-&set_label("cacheinfo");
450916
 	&cmp	("edi",4);
450916
-	&mov	("edi",-1);
450916
+	&mov	("esi",-1);
450916
 	&jb	(&label("nocacheinfo"));
450916
 
450916
 	&mov	("eax",4);
450916
 	&mov	("ecx",0);		# query L1D
450916
 	&cpuid	();
450916
-	&mov	("edi","eax");
450916
-	&shr	("edi",14);
450916
-	&and	("edi",0xfff);		# number of cores -1 per L1D
450916
+	&mov	("esi","eax");
450916
+	&shr	("esi",14);
450916
+	&and	("esi",0xfff);		# number of cores -1 per L1D
450916
 
450916
 &set_label("nocacheinfo");
450916
 	&mov	("eax",1);
450916
@@ -118,7 +108,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
450916
 	&bt	("edx",28);		# test hyper-threading bit
450916
 	&jnc	(&label("generic"));
450916
 	&and	("edx",0xefffffff);
450916
-	&cmp	("edi",0);
450916
+	&cmp	("esi",0);
450916
 	&je	(&label("generic"));
450916
 
450916
 	&or	("edx",0x10000000);
450916
@@ -130,10 +120,19 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
450916
 &set_label("generic");
450916
 	&and	("ebp",1<<11);		# isolate AMD XOP flag
450916
 	&and	("ecx",0xfffff7ff);	# force 11th bit to 0
450916
-	&mov	("esi","edx");
450916
+	&mov	("esi","edx");		# %ebp:%esi is copy of %ecx:%edx
450916
 	&or	("ebp","ecx");		# merge AMD XOP flag
450916
 
450916
-	&bt	("ecx",27);		# check OSXSAVE bit
450916
+	&cmp	("edi",7);
450916
+	&mov	("edi",&wparam(0));
450916
+	&jb	(&label("no_extended_info"));
450916
+	&mov	("eax",7);
450916
+	&xor	("ecx","ecx");
450916
+	&cpuid	();
450916
+	&mov	(&DWP(8,"edi"),"ebx");	# save extended feature flag
450916
+&set_label("no_extended_info");
450916
+
450916
+	&bt	("ebp",27);		# check OSXSAVE bit
450916
 	&jnc	(&label("clear_avx"));
450916
 	&xor	("ecx","ecx");
450916
 	&data_byte(0x0f,0x01,0xd0);	# xgetbv
450916
@@ -147,7 +146,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
450916
 	&and	("esi",0xfeffffff);	# clear FXSR
450916
 &set_label("clear_avx");
450916
 	&and	("ebp",0xefffe7ff);	# clear AVX, FMA and AMD XOP bits
450916
-	&mov	("edi",&wparam(0));
450916
 	&and	(&DWP(8,"edi"),0xffffffdf);	# clear AVX2
450916
 &set_label("done");
450916
 	&mov	("eax","esi");
450916
diff -up openssl-1.0.2k/crypto/x86_64cpuid.pl.backports openssl-1.0.2k/crypto/x86_64cpuid.pl
450916
--- openssl-1.0.2k/crypto/x86_64cpuid.pl.backports	2017-03-09 17:59:26.339233278 +0100
450916
+++ openssl-1.0.2k/crypto/x86_64cpuid.pl	2017-03-27 15:26:06.833916588 +0200
450916
@@ -59,7 +59,7 @@ OPENSSL_ia32_cpuid:
450916
 	mov	%rbx,%r8		# save %rbx
450916
 
450916
 	xor	%eax,%eax
450916
-	mov	%eax,8(%rdi)		# clear 3rd word
450916
+	mov	%eax,8(%rdi)		# clear extended feature flags
450916
 	cpuid
450916
 	mov	%eax,%r11d		# max value for standard query level
450916
 
450916
@@ -127,14 +127,6 @@ OPENSSL_ia32_cpuid:
450916
 	shr	\$14,%r10d
450916
 	and	\$0xfff,%r10d		# number of cores -1 per L1D
450916
 
450916
-	cmp	\$7,%r11d
450916
-	jb	.Lnocacheinfo
450916
-
450916
-	mov	\$7,%eax
450916
-	xor	%ecx,%ecx
450916
-	cpuid
450916
-	mov	%ebx,8(%rdi)
450916
-
450916
 .Lnocacheinfo:
450916
 	mov	\$1,%eax
450916
 	cpuid
450916
@@ -164,6 +156,15 @@ OPENSSL_ia32_cpuid:
450916
 	or	%ecx,%r9d		# merge AMD XOP flag
450916
 
450916
 	mov	%edx,%r10d		# %r9d:%r10d is copy of %ecx:%edx
450916
+
450916
+	cmp	\$7,%r11d
450916
+	jb	.Lno_extended_info
450916
+	mov	\$7,%eax
450916
+	xor	%ecx,%ecx
450916
+	cpuid
450916
+	mov	%ebx,8(%rdi)		# save extended feature flags
450916
+.Lno_extended_info:
450916
+
450916
 	bt	\$27,%r9d		# check OSXSAVE bit
450916
 	jnc	.Lclear_avx
450916
 	xor	%ecx,%ecx		# XCR0
450916
diff -up openssl-1.0.2k/ssl/ssl_locl.h.backports openssl-1.0.2k/ssl/ssl_locl.h
450916
--- openssl-1.0.2k/ssl/ssl_locl.h.backports	2017-03-09 17:59:26.183229642 +0100
450916
+++ openssl-1.0.2k/ssl/ssl_locl.h	2017-03-09 17:59:26.311232626 +0100
450916
@@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ex
450916
 long ssl_get_algorithm2(SSL *s);
450916
 int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
450916
 int tls1_process_sigalgs(SSL *s);
450916
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
450916
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
450916
 int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
450916
                             const unsigned char *sig, EVP_PKEY *pkey);
450916
 void ssl_set_client_disabled(SSL *s);
450916
diff -up openssl-1.0.2k/ssl/s3_lib.c.backports openssl-1.0.2k/ssl/s3_lib.c
450916
--- openssl-1.0.2k/ssl/s3_lib.c.backports	2017-03-09 17:59:26.294232230 +0100
450916
+++ openssl-1.0.2k/ssl/s3_lib.c	2017-03-09 17:59:26.311232626 +0100
450916
@@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsig
450916
         return (int)s->cert->ctype_num;
450916
     }
450916
     /* get configured sigalgs */
450916
-    siglen = tls12_get_psigalgs(s, &sig);
450916
+    siglen = tls12_get_psigalgs(s, 1, &sig);
450916
     if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
450916
         nostrict = 0;
450916
     for (i = 0; i < siglen; i += 2, sig += 2) {
450916
diff -up openssl-1.0.2k/ssl/s3_srvr.c.backports openssl-1.0.2k/ssl/s3_srvr.c
450916
--- openssl-1.0.2k/ssl/s3_srvr.c.backports	2017-01-26 14:22:04.000000000 +0100
450916
+++ openssl-1.0.2k/ssl/s3_srvr.c	2017-03-09 17:59:26.311232626 +0100
450916
@@ -2084,7 +2084,7 @@ int ssl3_send_certificate_request(SSL *s
450916
 
450916
         if (SSL_USE_SIGALGS(s)) {
450916
             const unsigned char *psigs;
450916
-            nl = tls12_get_psigalgs(s, &psigs);
450916
+            nl = tls12_get_psigalgs(s, 1, &psigs);
450916
             s2n(nl, p);
450916
             memcpy(p, psigs, nl);
450916
             p += nl;
450916
diff -up openssl-1.0.2k/ssl/t1_lib.c.backports openssl-1.0.2k/ssl/t1_lib.c
450916
--- openssl-1.0.2k/ssl/t1_lib.c.backports	2017-03-09 17:59:26.297232299 +0100
450916
+++ openssl-1.0.2k/ssl/t1_lib.c	2017-03-09 17:59:26.312232649 +0100
450916
@@ -1015,7 +1015,7 @@ static unsigned char suiteb_sigalgs[] =
450916
         tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
450916
 };
450916
 # endif
450916
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
450916
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
450916
 {
450916
     /*
450916
      * If Suite B mode use Suite B sigalgs only, ignore any other
450916
@@ -1037,7 +1037,7 @@ size_t tls12_get_psigalgs(SSL *s, const
450916
     }
450916
 # endif
450916
     /* If server use client authentication sigalgs if not NULL */
450916
-    if (s->server && s->cert->client_sigalgs) {
450916
+    if (s->server == sent && s->cert->client_sigalgs) {
450916
         *psigs = s->cert->client_sigalgs;
450916
         return s->cert->client_sigalgslen;
450916
     } else if (s->cert->conf_sigalgs) {
450916
@@ -1101,7 +1101,7 @@ int tls12_check_peer_sigalg(const EVP_MD
450916
 # endif
450916
 
450916
     /* Check signature matches a type we sent */
450916
-    sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
450916
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
450916
     for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
450916
         if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
450916
             break;
450916
@@ -1149,7 +1149,7 @@ void ssl_set_client_disabled(SSL *s)
450916
      * Now go through all signature algorithms seeing if we support any for
450916
      * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
450916
      */
450916
-    sigalgslen = tls12_get_psigalgs(s, &sigalgs);
450916
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
450916
     for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
450916
         switch (sigalgs[1]) {
450916
 # ifndef OPENSSL_NO_RSA
450916
@@ -1420,7 +1420,7 @@ unsigned char *ssl_add_clienthello_tlsex
450916
     if (SSL_CLIENT_USE_SIGALGS(s)) {
450916
         size_t salglen;
450916
         const unsigned char *salg;
450916
-        salglen = tls12_get_psigalgs(s, &salg);
450916
+        salglen = tls12_get_psigalgs(s, 1, &salg);
450916
 
450916
         /*-
450916
          * check for enough space.
450916
@@ -3783,7 +3783,7 @@ static int tls1_set_shared_sigalgs(SSL *
450916
         conf = c->conf_sigalgs;
450916
         conflen = c->conf_sigalgslen;
450916
     } else
450916
-        conflen = tls12_get_psigalgs(s, &conf;;
450916
+        conflen = tls12_get_psigalgs(s, 0, &conf;;
450916
     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
450916
         pref = conf;
450916
         preflen = conflen;