Blame SOURCES/openssl-1.0.2k-backports.patch

cfec1a
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl
cfec1a
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports	2017-03-09 17:59:26.367233931 +0100
cfec1a
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl	2017-03-27 15:25:28.615014528 +0200
cfec1a
@@ -1702,6 +1702,7 @@ $code.=<<___;
cfec1a
 	mov	240($key),$rounds
cfec1a
 	sub	$in0,$out
cfec1a
 	movups	($key),$rndkey0			# $key[0]
cfec1a
+	movups	($ivp),$iv			# load IV
cfec1a
 	movups	16($key),$rndkey[0]		# forward reference
cfec1a
 	lea	112($key),$key			# size optimization
cfec1a
 
cfec1a
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl
cfec1a
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports	2017-03-09 17:59:26.369233978 +0100
cfec1a
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl	2017-03-27 15:25:28.618014599 +0200
cfec1a
@@ -1299,6 +1299,7 @@ $code.=<<___;
cfec1a
 	mov		240($key),$rounds
cfec1a
 	sub		$in0,$out
cfec1a
 	movups		($key),$rndkey0		# $key[0]
cfec1a
+	movups		($ivp),$iv		# load IV
cfec1a
 	movups		16($key),$rndkey[0]	# forward reference
cfec1a
 	lea		112($key),$key		# size optimization
cfec1a
 
cfec1a
diff -up openssl-1.0.2k/crypto/x86cpuid.pl.backports openssl-1.0.2k/crypto/x86cpuid.pl
cfec1a
--- openssl-1.0.2k/crypto/x86cpuid.pl.backports	2017-03-09 17:59:26.339233278 +0100
cfec1a
+++ openssl-1.0.2k/crypto/x86cpuid.pl	2017-03-27 15:26:06.833916588 +0200
cfec1a
@@ -20,10 +20,10 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
cfec1a
 	&pop	("eax");
cfec1a
 	&xor	("ecx","eax");
cfec1a
 	&xor	("eax","eax");
cfec1a
+	&mov	("esi",&wparam(0));
cfec1a
+	&mov	(&DWP(8,"esi"),"eax");	# clear extended feature flags
cfec1a
 	&bt	("ecx",21);
cfec1a
 	&jnc	(&label("nocpuid"));
cfec1a
-	&mov	("esi",&wparam(0));
cfec1a
-	&mov	(&DWP(8,"esi"),"eax");	# clear 3rd word
cfec1a
 	&cpuid	();
cfec1a
 	&mov	("edi","eax");		# max value for standard query level
cfec1a
 
cfec1a
@@ -81,26 +81,16 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
cfec1a
 	&jmp	(&label("generic"));
cfec1a
 	
cfec1a
 &set_label("intel");
cfec1a
-	&cmp	("edi",7);
cfec1a
-	&jb	(&label("cacheinfo"));
cfec1a
-
cfec1a
-	&mov	("esi",&wparam(0));
cfec1a
-	&mov	("eax",7);
cfec1a
-	&xor	("ecx","ecx");
cfec1a
-	&cpuid	();
cfec1a
-	&mov	(&DWP(8,"esi"),"ebx");
cfec1a
-
cfec1a
-&set_label("cacheinfo");
cfec1a
 	&cmp	("edi",4);
cfec1a
-	&mov	("edi",-1);
cfec1a
+	&mov	("esi",-1);
cfec1a
 	&jb	(&label("nocacheinfo"));
cfec1a
 
cfec1a
 	&mov	("eax",4);
cfec1a
 	&mov	("ecx",0);		# query L1D
cfec1a
 	&cpuid	();
cfec1a
-	&mov	("edi","eax");
cfec1a
-	&shr	("edi",14);
cfec1a
-	&and	("edi",0xfff);		# number of cores -1 per L1D
cfec1a
+	&mov	("esi","eax");
cfec1a
+	&shr	("esi",14);
cfec1a
+	&and	("esi",0xfff);		# number of cores -1 per L1D
cfec1a
 
cfec1a
 &set_label("nocacheinfo");
cfec1a
 	&mov	("eax",1);
cfec1a
@@ -118,7 +108,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
cfec1a
 	&bt	("edx",28);		# test hyper-threading bit
cfec1a
 	&jnc	(&label("generic"));
cfec1a
 	&and	("edx",0xefffffff);
cfec1a
-	&cmp	("edi",0);
cfec1a
+	&cmp	("esi",0);
cfec1a
 	&je	(&label("generic"));
cfec1a
 
cfec1a
 	&or	("edx",0x10000000);
cfec1a
@@ -130,10 +120,19 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
cfec1a
 &set_label("generic");
cfec1a
 	&and	("ebp",1<<11);		# isolate AMD XOP flag
cfec1a
 	&and	("ecx",0xfffff7ff);	# force 11th bit to 0
cfec1a
-	&mov	("esi","edx");
cfec1a
+	&mov	("esi","edx");		# %ebp:%esi is copy of %ecx:%edx
cfec1a
 	&or	("ebp","ecx");		# merge AMD XOP flag
cfec1a
 
cfec1a
-	&bt	("ecx",27);		# check OSXSAVE bit
cfec1a
+	&cmp	("edi",7);
cfec1a
+	&mov	("edi",&wparam(0));
cfec1a
+	&jb	(&label("no_extended_info"));
cfec1a
+	&mov	("eax",7);
cfec1a
+	&xor	("ecx","ecx");
cfec1a
+	&cpuid	();
cfec1a
+	&mov	(&DWP(8,"edi"),"ebx");	# save extended feature flag
cfec1a
+&set_label("no_extended_info");
cfec1a
+
cfec1a
+	&bt	("ebp",27);		# check OSXSAVE bit
cfec1a
 	&jnc	(&label("clear_avx"));
cfec1a
 	&xor	("ecx","ecx");
cfec1a
 	&data_byte(0x0f,0x01,0xd0);	# xgetbv
cfec1a
@@ -147,7 +146,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
cfec1a
 	&and	("esi",0xfeffffff);	# clear FXSR
cfec1a
 &set_label("clear_avx");
cfec1a
 	&and	("ebp",0xefffe7ff);	# clear AVX, FMA and AMD XOP bits
cfec1a
-	&mov	("edi",&wparam(0));
cfec1a
 	&and	(&DWP(8,"edi"),0xffffffdf);	# clear AVX2
cfec1a
 &set_label("done");
cfec1a
 	&mov	("eax","esi");
cfec1a
diff -up openssl-1.0.2k/crypto/x86_64cpuid.pl.backports openssl-1.0.2k/crypto/x86_64cpuid.pl
cfec1a
--- openssl-1.0.2k/crypto/x86_64cpuid.pl.backports	2017-03-09 17:59:26.339233278 +0100
cfec1a
+++ openssl-1.0.2k/crypto/x86_64cpuid.pl	2017-03-27 15:26:06.833916588 +0200
cfec1a
@@ -59,7 +59,7 @@ OPENSSL_ia32_cpuid:
cfec1a
 	mov	%rbx,%r8		# save %rbx
cfec1a
 
cfec1a
 	xor	%eax,%eax
cfec1a
-	mov	%eax,8(%rdi)		# clear 3rd word
cfec1a
+	mov	%eax,8(%rdi)		# clear extended feature flags
cfec1a
 	cpuid
cfec1a
 	mov	%eax,%r11d		# max value for standard query level
cfec1a
 
cfec1a
@@ -127,14 +127,6 @@ OPENSSL_ia32_cpuid:
cfec1a
 	shr	\$14,%r10d
cfec1a
 	and	\$0xfff,%r10d		# number of cores -1 per L1D
cfec1a
 
cfec1a
-	cmp	\$7,%r11d
cfec1a
-	jb	.Lnocacheinfo
cfec1a
-
cfec1a
-	mov	\$7,%eax
cfec1a
-	xor	%ecx,%ecx
cfec1a
-	cpuid
cfec1a
-	mov	%ebx,8(%rdi)
cfec1a
-
cfec1a
 .Lnocacheinfo:
cfec1a
 	mov	\$1,%eax
cfec1a
 	cpuid
cfec1a
@@ -164,6 +156,15 @@ OPENSSL_ia32_cpuid:
cfec1a
 	or	%ecx,%r9d		# merge AMD XOP flag
cfec1a
 
cfec1a
 	mov	%edx,%r10d		# %r9d:%r10d is copy of %ecx:%edx
cfec1a
+
cfec1a
+	cmp	\$7,%r11d
cfec1a
+	jb	.Lno_extended_info
cfec1a
+	mov	\$7,%eax
cfec1a
+	xor	%ecx,%ecx
cfec1a
+	cpuid
cfec1a
+	mov	%ebx,8(%rdi)		# save extended feature flags
cfec1a
+.Lno_extended_info:
cfec1a
+
cfec1a
 	bt	\$27,%r9d		# check OSXSAVE bit
cfec1a
 	jnc	.Lclear_avx
cfec1a
 	xor	%ecx,%ecx		# XCR0
cfec1a
diff -up openssl-1.0.2k/ssl/ssl_locl.h.backports openssl-1.0.2k/ssl/ssl_locl.h
cfec1a
--- openssl-1.0.2k/ssl/ssl_locl.h.backports	2017-03-09 17:59:26.183229642 +0100
cfec1a
+++ openssl-1.0.2k/ssl/ssl_locl.h	2017-03-09 17:59:26.311232626 +0100
cfec1a
@@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ex
cfec1a
 long ssl_get_algorithm2(SSL *s);
cfec1a
 int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
cfec1a
 int tls1_process_sigalgs(SSL *s);
cfec1a
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
cfec1a
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
cfec1a
 int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
cfec1a
                             const unsigned char *sig, EVP_PKEY *pkey);
cfec1a
 void ssl_set_client_disabled(SSL *s);
cfec1a
diff -up openssl-1.0.2k/ssl/s3_lib.c.backports openssl-1.0.2k/ssl/s3_lib.c
cfec1a
--- openssl-1.0.2k/ssl/s3_lib.c.backports	2017-03-09 17:59:26.294232230 +0100
cfec1a
+++ openssl-1.0.2k/ssl/s3_lib.c	2017-03-09 17:59:26.311232626 +0100
cfec1a
@@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsig
cfec1a
         return (int)s->cert->ctype_num;
cfec1a
     }
cfec1a
     /* get configured sigalgs */
cfec1a
-    siglen = tls12_get_psigalgs(s, &sig);
cfec1a
+    siglen = tls12_get_psigalgs(s, 1, &sig);
cfec1a
     if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
cfec1a
         nostrict = 0;
cfec1a
     for (i = 0; i < siglen; i += 2, sig += 2) {
cfec1a
diff -up openssl-1.0.2k/ssl/s3_srvr.c.backports openssl-1.0.2k/ssl/s3_srvr.c
cfec1a
--- openssl-1.0.2k/ssl/s3_srvr.c.backports	2017-01-26 14:22:04.000000000 +0100
cfec1a
+++ openssl-1.0.2k/ssl/s3_srvr.c	2017-03-09 17:59:26.311232626 +0100
cfec1a
@@ -2084,7 +2084,7 @@ int ssl3_send_certificate_request(SSL *s
cfec1a
 
cfec1a
         if (SSL_USE_SIGALGS(s)) {
cfec1a
             const unsigned char *psigs;
cfec1a
-            nl = tls12_get_psigalgs(s, &psigs);
cfec1a
+            nl = tls12_get_psigalgs(s, 1, &psigs);
cfec1a
             s2n(nl, p);
cfec1a
             memcpy(p, psigs, nl);
cfec1a
             p += nl;
cfec1a
diff -up openssl-1.0.2k/ssl/t1_lib.c.backports openssl-1.0.2k/ssl/t1_lib.c
cfec1a
--- openssl-1.0.2k/ssl/t1_lib.c.backports	2017-03-09 17:59:26.297232299 +0100
cfec1a
+++ openssl-1.0.2k/ssl/t1_lib.c	2017-03-09 17:59:26.312232649 +0100
cfec1a
@@ -1015,7 +1015,7 @@ static unsigned char suiteb_sigalgs[] =
cfec1a
         tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
cfec1a
 };
cfec1a
 # endif
cfec1a
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
cfec1a
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
cfec1a
 {
cfec1a
     /*
cfec1a
      * If Suite B mode use Suite B sigalgs only, ignore any other
cfec1a
@@ -1037,7 +1037,7 @@ size_t tls12_get_psigalgs(SSL *s, const
cfec1a
     }
cfec1a
 # endif
cfec1a
     /* If server use client authentication sigalgs if not NULL */
cfec1a
-    if (s->server && s->cert->client_sigalgs) {
cfec1a
+    if (s->server == sent && s->cert->client_sigalgs) {
cfec1a
         *psigs = s->cert->client_sigalgs;
cfec1a
         return s->cert->client_sigalgslen;
cfec1a
     } else if (s->cert->conf_sigalgs) {
cfec1a
@@ -1101,7 +1101,7 @@ int tls12_check_peer_sigalg(const EVP_MD
cfec1a
 # endif
cfec1a
 
cfec1a
     /* Check signature matches a type we sent */
cfec1a
-    sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
cfec1a
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
cfec1a
     for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
cfec1a
         if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
cfec1a
             break;
cfec1a
@@ -1149,7 +1149,7 @@ void ssl_set_client_disabled(SSL *s)
cfec1a
      * Now go through all signature algorithms seeing if we support any for
cfec1a
      * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
cfec1a
      */
cfec1a
-    sigalgslen = tls12_get_psigalgs(s, &sigalgs);
cfec1a
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
cfec1a
     for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
cfec1a
         switch (sigalgs[1]) {
cfec1a
 # ifndef OPENSSL_NO_RSA
cfec1a
@@ -1420,7 +1420,7 @@ unsigned char *ssl_add_clienthello_tlsex
cfec1a
     if (SSL_CLIENT_USE_SIGALGS(s)) {
cfec1a
         size_t salglen;
cfec1a
         const unsigned char *salg;
cfec1a
-        salglen = tls12_get_psigalgs(s, &salg);
cfec1a
+        salglen = tls12_get_psigalgs(s, 1, &salg);
cfec1a
 
cfec1a
         /*-
cfec1a
          * check for enough space.
cfec1a
@@ -3783,7 +3783,7 @@ static int tls1_set_shared_sigalgs(SSL *
cfec1a
         conf = c->conf_sigalgs;
cfec1a
         conflen = c->conf_sigalgslen;
cfec1a
     } else
cfec1a
-        conflen = tls12_get_psigalgs(s, &conf;;
cfec1a
+        conflen = tls12_get_psigalgs(s, 0, &conf;;
cfec1a
     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
cfec1a
         pref = conf;
cfec1a
         preflen = conflen;