# HG changeset patch # User Misaki Miyashita # Date 1426890687 25200 # Node ID 95b8f35fcdd5db68944b9018642535f7c2d4a131 # Parent 5bd484384122b13d03b9e85b2195dad7b187410b 20735615 Upgrade OpenSSL version to 1.0.1m 20735495 problem in LIBRARY/OPENSSL 20735520 problem in LIBRARY/OPENSSL 20735531 problem in LIBRARY/OPENSSL 20735537 problem in LIBRARY/OPENSSL 20735541 problem in LIBRARY/OPENSSL 20735555 problem in LIBRARY/OPENSSL 20735563 problem in LIBRARY/OPENSSL 20688058 problem in LIBRARY/OPENSSL diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/Makefile --- a/components/openssl/openssl-1.0.1-fips-140/Makefile Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Fri Mar 20 15:31:27 2015 -0700 @@ -32,18 +32,18 @@ COMPONENT_NAME = openssl-fips-140 # Note that this is the OpenSSL version that is used to build FIPS-140 certified # libraries. However, we use the FIPS canister version for the IPS package. -COMPONENT_VERSION = 1.0.1k +COMPONENT_VERSION = 1.0.1m IPS_COMPONENT_VERSION = 2.0.6 COMPONENT_PROJECT_URL= http://www.openssl.org/ COMPONENT_SRC_NAME = openssl COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c + sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= library/openssl -TPNO= 21111 +TPNO= 21965 # OpenSSL FIPS directory OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/15-pkcs11_engine-0.9.8a.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,3 +1,7 @@ +# +# This patch file adds the Solaris's pkcs11 engine. +# This is Solaris-specific (developed in house): not suitable for upstream. +# --- /tmp/Configure Fri Feb 11 14:40:39 2011 +++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011 @@ -10,7 +10,7 @@ @@ -29,7 +33,7 @@ my $prefix=""; my $libdir=""; my $openssldir=""; -@@ -876,6 +879,10 @@ +@@ -882,6 +888,10 @@ $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; $flags.=$_." "; } @@ -40,7 +44,7 @@ elsif (/^--prefix=(.*)$/) { $prefix=$1; -@@ -1043,6 +1054,13 @@ +@@ -1049,6 +1059,13 @@ exit 0; } @@ -54,7 +58,7 @@ if ($target =~ m/^CygWin32(-.*)$/) { $target = "Cygwin".$1; } -@@ -1209,6 +1226,8 @@ +@@ -1215,6 +1232,8 @@ if ($flags ne "") { $cflags="$flags$cflags"; } else { $no_user_cflags=1; } @@ -63,12 +67,12 @@ # Kerberos settings. The flavor must be provided from outside, either through # the script "config" or manually. if (!$no_krb5) -@@ -1598,6 +1617,7 @@ +@@ -1604,6 +1623,7 @@ s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; + s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/; - s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; + s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; --- /tmp/Makefile.org Fri Feb 11 14:41:54 2011 @@ -83,32 +87,32 @@ # Do not edit this manually. Use Configure --openssldir=DIR do change this! OPENSSLDIR=/usr/local/ssl ---- openssl-1.0.1e/engines/Makefile.~1~ Fri Nov 22 13:40:31 2013 -+++ openssl-1.0.1e/engines/Makefile Fri Nov 22 13:43:46 2013 +--- /tmp/Makefile Mon Feb 14 14:59:22 2011 ++++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011 @@ -26,7 +26,8 @@ APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ -+ pk11 ++ pk11 LIBSRC= e_4758cca.c \ - e_aep.c \ + e_aep.c \ @@ -38,7 +39,8 @@ - e_sureware.c \ - e_ubsec.c \ - e_padlock.c \ + e_sureware.c \ + e_ubsec.c \ + e_padlock.c \ - e_capi.c + e_capi.c \ + e_pk11.c LIBOBJ= e_4758cca.o \ - e_aep.o \ - e_atalla.o \ + e_aep.o \ + e_atalla.o \ @@ -49,7 +51,8 @@ - e_sureware.o \ - e_ubsec.o \ - e_padlock.o \ + e_sureware.o \ + e_ubsec.o \ + e_padlock.o \ - e_capi.o + e_capi.o \ + e_pk11.o @@ -116,9 +120,9 @@ SRC= $(LIBSRC) @@ -63,7 +66,8 @@ - e_nuron_err.c e_nuron_err.h \ - e_sureware_err.c e_sureware_err.h \ - e_ubsec_err.c e_ubsec_err.h \ + e_nuron_err.c e_nuron_err.h \ + e_sureware_err.c e_sureware_err.h \ + e_ubsec_err.c e_ubsec_err.h \ - e_capi_err.c e_capi_err.h + e_capi_err.c e_capi_err.h \ + e_pk11.h e_pk11_uri.h e_pk11_err.h e_pk11_pub.c e_pk11_uri.c e_pk11_err.c @@ -126,23 +130,23 @@ ALL= $(GENERAL) $(SRC) $(HEADER) @@ -78,7 +82,7 @@ - for l in $(LIBNAMES); do \ - $(MAKE) -f ../Makefile.shared -e \ - LIBNAME=$$l LIBEXTRAS=e_$$l.o \ + for l in $(LIBNAMES); do \ + $(MAKE) -f ../Makefile.shared -e \ + LIBNAME=$$l LIBEXTRAS=e_$$l.o \ - LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ + LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ - link_o.$(SHLIB_TARGET); \ - done; \ - else \ ---- openssl-1.0.1e/crypto/engine/eng_all.c.~1~ Mon Feb 11 07:26:04 2013 -+++ openssl-1.0.1e/crypto/engine/eng_all.c Wed Nov 20 11:38:05 2013 -@@ -59,6 +59,16 @@ + link_o.$(SHLIB_TARGET); \ + done; \ + else \ +--- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 ++++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 +@@ -60,6 +60,16 @@ #include "cryptlib.h" #include "eng_int.h" - + +/* + * pkcs11 engine no longer is a built-in engine, and ENGINE_load_pk11() needs to be -+ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it loads dynamic ++ * defined in libcrypto.so for ssh. Instead of load pkcs11 engine, it load dynamic + * engines. + */ +void ENGINE_load_pk11(void) @@ -151,52 +155,50 @@ + } + void ENGINE_load_builtin_engines(void) - { - /* Some ENGINEs need this */ + { + /* Some ENGINEs need this */ @@ -80,6 +90,9 @@ - ENGINE_load_rdrand(); + ENGINE_load_rdrand(); #endif - ENGINE_load_dynamic(); + ENGINE_load_dynamic(); +#ifndef OPENSSL_NO_HW_PKCS11 -+ ENGINE_load_pk11(); ++ ENGINE_load_pk11(); +#endif #ifndef OPENSSL_NO_STATIC_ENGINE - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_4758_CCA ---- openssl-1.0.1e/crypto/dso/dso_lib.c.~1~ Wed Nov 20 13:10:57 2013 -+++ openssl-1.0.1e/crypto/dso/dso_lib.c Wed Nov 20 13:30:46 2013 -@@ -426,6 +426,26 @@ - DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); - return(NULL); - } -+ /* -+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to -+ * avoid the name collision with PKCS#11 library. -+ */ -+ if (strcmp(filename, "pkcs11") == 0) -+ { -+#ifdef _LP64 -+ static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so"; + # ifndef OPENSSL_NO_HW + # ifndef OPENSSL_NO_HW_4758_CCA +--- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 ++++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 +@@ -396,6 +396,24 @@ + DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); + return (NULL); + } ++ /* ++ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to ++ * avoid the name collision with PKCS#11 library. ++ */ ++ if (strcmp(filename, "pkcs11") == 0) { ++#ifdef _LP64 ++ static const char fullpath[] = "/lib/openssl/engines/64/libpk11.so"; +#else -+ static const char fullpath[] = "/lib/openssl/engines/libpk11.so"; ++ static const char fullpath[] = "/lib/openssl/engines/libpk11.so"; +#endif -+ result = OPENSSL_malloc(strlen(fullpath) + 1); -+ if(result == NULL) -+ { -+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); -+ return(NULL); -+ } -+ BUF_strlcpy(result, fullpath, sizeof(fullpath)); -+ return(result); -+ } - if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) - { - if(dso->name_converter != NULL) ---- /tmp/engine.h Fri Feb 11 14:46:24 2011 -+++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 -@@ -351,6 +351,7 @@ - #endif - #endif ++ result = OPENSSL_malloc(strlen(fullpath) + 1); ++ if(result == NULL) { ++ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); ++ return(NULL); ++ } ++ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1); ++ return (result); ++ } + if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { + if (dso->name_converter != NULL) + result = dso->name_converter(dso, filename); +--- /tmp/engine.h Fri Feb 11 14:46:24 2011 ++++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 +@@ -413,6 +413,7 @@ + # endif + # endif void ENGINE_load_cryptodev(void); +void ENGINE_load_pk11(void); void ENGINE_load_rsax(void); diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,82 +1,85 @@ +# +# Patch developed in-house. Solaris-specific; not suitable for upstream. +# --- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 +++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 -@@ -134,6 +134,9 @@ - #include +@@ -135,6 +135,9 @@ + # include #endif +/* Solaris OpenSSL */ +#include + - /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the - * base prototypes (we cast each variable inside the function to the required - * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper -@@ -153,9 +156,10 @@ + /* + * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with + * the base prototypes (we cast each variable inside the function to the +@@ -155,9 +158,10 @@ + BIO *bio_err = NULL; #endif - +static int *modes; + static void lock_dbg_cb(int mode, int type, const char *file, int line) - { -- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ - const char *errstr = NULL; - int rw; - -@@ -166,7 +170,7 @@ - goto err; - } + { +- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ + const char *errstr = NULL; + int rw; + +@@ -167,7 +168,7 @@ + goto err; + } -- if (type < 0 || type >= CRYPTO_NUM_LOCKS) -+ if (type < 0 || type >= CRYPTO_num_locks()) - { - errstr = "type out of bounds"; - goto err; -@@ -311,6 +315,14 @@ - if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) +- if (type < 0 || type >= CRYPTO_NUM_LOCKS) { ++ if (type < 0 || type >= CRYPTO_num_locks()) { + errstr = "type out of bounds"; + goto err; + } +@@ -305,6 +306,14 @@ + if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) #endif - { -+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); -+ if (modes == NULL) { -+ ERR_load_crypto_strings(); -+ BIO_printf(bio_err,"Memory allocation failure\n"); -+ ERR_print_errors(bio_err); -+ EXIT(1); -+ } -+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); - CRYPTO_set_locking_callback(lock_dbg_cb); - } + { ++ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); ++ if (modes == NULL) { ++ ERR_load_crypto_strings(); ++ BIO_printf(bio_err,"Memory allocation failure\n"); ++ ERR_print_errors(bio_err); ++ EXIT(1); ++ } ++ memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); + CRYPTO_set_locking_callback(lock_dbg_cb); + } -@@ -314,18 +326,28 @@ - CRYPTO_set_locking_callback(lock_dbg_cb); - } +@@ -308,18 +320,28 @@ + CRYPTO_set_locking_callback(lock_dbg_cb); + } +/* + * Solaris OpenSSL + * Add a further check for the FIPS_mode_set() symbol before calling to + * allow openssl(1openssl) to be run against both fips and non-fips libraries. + */ - if(getenv("OPENSSL_FIPS")) { + if (getenv("OPENSSL_FIPS")) { -#ifdef OPENSSL_FIPS -- if (!FIPS_mode_set(1)) { +- if (!FIPS_mode_set(1)) { + -+ int (*FIPS_mode_set)(int); -+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); ++ int (*FIPS_mode_set)(int); ++ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); + -+ if (FIPS_mode_set != NULL) { -+ if (!(*FIPS_mode_set)(1)) { - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - EXIT(1); - } ++ if (FIPS_mode_set != NULL) { ++ if (!(*FIPS_mode_set)(1)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); + EXIT(1); + } -#else -- fprintf(stderr, "FIPS mode not supported.\n"); -+ } else { -+ fprintf(stderr, "Failed to enable FIPS mode. " -+ "For more information about running in FIPS mode see openssl(5).\n"); - EXIT(1); +- fprintf(stderr, "FIPS mode not supported.\n"); ++ } else { ++ fprintf(stderr, "Failed to enable FIPS mode. " ++ "For more information about running in FIPS mode see openssl(5).\n"); + EXIT(1); -#endif - } -+ } + } ++ } - apps_startup(); + apps_startup(); diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/28-enginesdir.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,3 +1,7 @@ +# +# This was developed in house to configure the engine dir. +# Not suitable for upstream. +# --- /tmp/18/Configure Fri Feb 11 15:15:50 2011 +++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011 @@ -18,6 +18,8 @@ @@ -9,7 +13,7 @@ # # --pk11-libname PKCS#11 library name. # (Default: none) -@@ -672,6 +672,7 @@ +@@ -679,6 +679,7 @@ my $prefix=""; my $libdir=""; my $openssldir=""; @@ -17,7 +21,7 @@ my $exe_ext=""; my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; my $cross_compile_prefix=""; -@@ -904,6 +904,10 @@ +@@ -917,6 +920,10 @@ { $openssldir=$1; } @@ -28,7 +32,7 @@ elsif (/^--install.prefix=(.*)$/) { $install_prefix=$1; -@@ -1211,6 +1218,10 @@ +@@ -1224,6 +1231,10 @@ # we're ready to tolerate, so don't... $multilib="" if !-d "$prefix/lib$multilib"; @@ -39,7 +43,7 @@ $libdir="lib$multilib" if $libdir eq ""; $cflags = "$cflags$exp_cflags"; -@@ -1830,7 +1841,7 @@ +@@ -1846,7 +1857,7 @@ } elsif (/^#define\s+ENGINESDIR/) { diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/29_fork_safe.patch Fri Mar 20 15:31:27 2015 -0700 @@ -13,18 +13,19 @@ +#include #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) - static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -@@ -181,6 +182,7 @@ - numbers. */ - static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; + static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ +@@ -184,6 +185,8 @@ + */ + static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; +static pthread_mutex_t *solaris_openssl_locks; - - static void (MS_FAR *locking_callback)(int mode,int type, - const char *file,int line)=0; -@@ -406,6 +409,79 @@ - return(add_lock_callback); - } ++ + static void (MS_FAR *locking_callback) (int mode, int type, + const char *file, int line) = 0; + static int (MS_FAR *add_lock_callback) (int *pointer, int amount, +@@ -402,6 +405,79 @@ + return (add_lock_callback); + } +/* + * This is the locking callback function which all applications will be @@ -97,24 +98,24 @@ + } + locking_callback = solaris_locking_callback; + -+ } ++} + - void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)) - { -@@ -413,7 +478,11 @@ - * are started. - */ - OPENSSL_init(); -- locking_callback=func; + void CRYPTO_set_locking_callback(void (*func) (int mode, int type, + const char *file, int line)) + { +@@ -410,7 +486,11 @@ + * started. + */ + OPENSSL_init(); +- locking_callback = func; + + /* + * we now setup our own locking callback and mutexes, and disallow + * setting of another locking callback. + */ - } + } - void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, + void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, --- openssl-1.0.1f/crypto/cryptlib.h.~1~ Fri Feb 7 10:41:42 2014 +++ openssl-1.0.1f/crypto/cryptlib.h Thu Feb 6 16:04:16 2014 @@ -104,6 +104,8 @@ diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,14 +1,18 @@ +# +# This was developed in house and reported to the upstream. +# --- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013 +++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013 -@@ -574,8 +574,11 @@ - static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, - const unsigned char *in, size_t len) +@@ -536,8 +536,12 @@ + static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) { -+ size_t bl = ctx->cipher->block_size; - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; ++ size_t bl = ctx->cipher->block_size; + EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; -+ if (lenstream.cbc) - (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt); - else if (ctx->encrypt) + if (dat->stream.cbc) + (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); + else if (ctx->encrypt) diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch Fri Mar 20 15:31:27 2015 -0700 @@ -6,200 +6,205 @@ Index: openssl/crypto/x509/x509_trs.c ============================================================================ $ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c ---- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 -+++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 -@@ -114,6 +114,15 @@ int X509_check_trust(X509 *x, int id, int flags) - X509_TRUST *pt; - int idx; - if(id == -1) return 1; -+ /* We get this as a default value */ -+ if (id == 0) -+ { -+ int rv; -+ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); -+ if (rv != X509_TRUST_UNTRUSTED) -+ return rv; -+ return trust_compat(NULL, x, 0); -+ } - idx = X509_TRUST_get_by_id(id); - if(idx == -1) return default_trust(id, x, flags); - pt = X509_TRUST_get0(idx); +--- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 ++++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 +@@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags) + int idx; + if (id == -1) + return 1; ++ /* We get this as a default value */ ++ if (id == 0) { ++ int rv; ++ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); ++ if (rv != X509_TRUST_UNTRUSTED) ++ return rv; ++ return trust_compat(NULL, x, 0); ++ } + idx = X509_TRUST_get_by_id(id); + if (idx == -1) + return default_trust(id, x, flags); Index: openssl/crypto/x509/x509_vfy.c ============================================================================ $ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c ---- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3 -+++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4 -@@ -150,6 +150,33 @@ - } +--- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3 ++++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4 +@@ -149,6 +149,33 @@ + } #endif +/* Given a certificate try and find an exact match in the store */ + +static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) -+ { -+ STACK_OF(X509) *certs; -+ X509 *xtmp = NULL; -+ int i; -+ /* Lookup all certs with matching subject name */ -+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); -+ if (certs == NULL) -+ return NULL; -+ /* Look for exact match */ -+ for (i = 0; i < sk_X509_num(certs); i++) -+ { -+ xtmp = sk_X509_value(certs, i); -+ if (!X509_cmp(xtmp, x)) -+ break; -+ } -+ if (i < sk_X509_num(certs)) -+ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); -+ else -+ xtmp = NULL; -+ sk_X509_pop_free(certs, X509_free); -+ return xtmp; -+ } ++ { ++ STACK_OF(X509) *certs; ++ X509 *xtmp = NULL; ++ int i; ++ /* Lookup all certs with matching subject name */ ++ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); ++ if (certs == NULL) ++ return NULL; ++ /* Look for exact match */ ++ for (i = 0; i < sk_X509_num(certs); i++) ++ { ++ xtmp = sk_X509_value(certs, i); ++ if (!X509_cmp(xtmp, x)) ++ break; ++ } ++ if (i < sk_X509_num(certs)) ++ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); ++ else ++ xtmp = NULL; ++ sk_X509_pop_free(certs, X509_free); ++ return xtmp; ++ } + + int X509_verify_cert(X509_STORE_CTX *ctx) - { - X509 *x,*xtmp,*chain_ss=NULL; -@@ -307,8 +307,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + { + X509 *x, *xtmp, *chain_ss = NULL; +@@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - /* we now have our chain, lets check it... */ + /* we now have our chain, lets check it... */ -- /* Is last certificate looked up self signed? */ -- if (!ctx->check_issued(ctx,x,x)) -+ i = check_trust(ctx); +- /* Is last certificate looked up self signed? */ +- if (!ctx->check_issued(ctx, x, x)) { ++ i = check_trust(ctx); + -+ /* If explicitly rejected error */ -+ if (i == X509_TRUST_REJECTED) -+ goto end; -+ /* If not explicitly trusted then indicate error */ -+ if (i != X509_TRUST_TRUSTED) - { - if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) - { -@@ -346,12 +351,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - - if (!ok) goto end; ++ /* If explicitly rejected error */ ++ if (i == X509_TRUST_REJECTED) ++ goto end; ++ /* ++ * If not explicitly trusted then indicate error unless it's a single ++ * self signed certificate in which case we've indicated an error already ++ * and set bad_chain == 1 ++ */ ++ if (i != X509_TRUST_TRUSTED && !bad_chain) { + if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { + if (ctx->last_untrusted >= num) + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; +@@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + ok = check_name_constraints(ctx); -- /* The chain extensions are OK: check trust */ + if (!ok) +- goto end; - -- if (param->trust > 0) ok = check_trust(ctx); +- /* The chain extensions are OK: check trust */ - -- if (!ok) goto end; +- if (param->trust > 0) +- ok = check_trust(ctx); - - /* We may as well copy down any DSA parameters that are required */ - X509_get_pubkey_parameters(NULL,ctx->chain); +- if (!ok) + goto end; -@@ -642,28 +641,54 @@ static int check_name_constraints(X509_STORE_CTX *ctx) + /* We may as well copy down any DSA parameters that are required */ +@@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx) static int check_trust(X509_STORE_CTX *ctx) { -#ifdef OPENSSL_NO_CHAIN_VERIFY -- return 1; +- return 1; -#else - int i, ok; -- X509 *x; -+ X509 *x = NULL; - int (*cb)(int xok,X509_STORE_CTX *xctx); - cb=ctx->verify_cb; + int i, ok; +- X509 *x; ++ X509 *x = NULL; + int (*cb) (int xok, X509_STORE_CTX *xctx); + cb = ctx->verify_cb; -/* For now just check the last certificate in the chain */ -- i = sk_X509_num(ctx->chain) - 1; -- x = sk_X509_value(ctx->chain, i); -- ok = X509_check_trust(x, ctx->param->trust, 0); -- if (ok == X509_TRUST_TRUSTED) -- return 1; -- ctx->error_depth = i; -- ctx->current_cert = x; -- if (ok == X509_TRUST_REJECTED) -- ctx->error = X509_V_ERR_CERT_REJECTED; -- else -- ctx->error = X509_V_ERR_CERT_UNTRUSTED; -- ok = cb(0, ctx); -- return ok; +- i = sk_X509_num(ctx->chain) - 1; +- x = sk_X509_value(ctx->chain, i); +- ok = X509_check_trust(x, ctx->param->trust, 0); +- if (ok == X509_TRUST_TRUSTED) +- return 1; +- ctx->error_depth = i; +- ctx->current_cert = x; +- if (ok == X509_TRUST_REJECTED) +- ctx->error = X509_V_ERR_CERT_REJECTED; +- else +- ctx->error = X509_V_ERR_CERT_UNTRUSTED; +- ok = cb(0, ctx); +- return ok; -#endif -+ /* Check all trusted certificates in chain */ -+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) -+ { -+ x = sk_X509_value(ctx->chain, i); -+ ok = X509_check_trust(x, ctx->param->trust, 0); -+ /* If explicitly trusted return trusted */ -+ if (ok == X509_TRUST_TRUSTED) -+ return X509_TRUST_TRUSTED; -+ /* If explicitly rejected notify callback and reject if -+ * not overridden. -+ */ -+ if (ok == X509_TRUST_REJECTED) -+ { -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ctx->error = X509_V_ERR_CERT_REJECTED; -+ ok = cb(0, ctx); -+ if (!ok) -+ return X509_TRUST_REJECTED; -+ } -+ } -+ /* If we accept partial chains and have at least one trusted -+ * certificate return success. -+ */ -+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) -+ { -+ X509 *mx; -+ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) -+ return X509_TRUST_TRUSTED; -+ x = sk_X509_value(ctx->chain, 0); -+ mx = lookup_cert_match(ctx, x); -+ if (mx) -+ { -+ (void)sk_X509_set(ctx->chain, 0, mx); -+ X509_free(x); -+ ctx->last_untrusted = 0; -+ return X509_TRUST_TRUSTED; -+ } -+ } ++ /* Check all trusted certificates in chain */ ++ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { ++ x = sk_X509_value(ctx->chain, i); ++ ok = X509_check_trust(x, ctx->param->trust, 0); ++ /* If explicitly trusted return trusted */ ++ if (ok == X509_TRUST_TRUSTED) ++ return X509_TRUST_TRUSTED; ++ /* ++ * If explicitly rejected notify callback and reject if not ++ * overridden. ++ */ ++ if (ok == X509_TRUST_REJECTED) { ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ctx->error = X509_V_ERR_CERT_REJECTED; ++ ok = cb(0, ctx); ++ if (!ok) ++ return X509_TRUST_REJECTED; ++ } ++ } ++ /* ++ * If we accept partial chains and have at least one trusted certificate ++ * return success. ++ */ ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { ++ X509 *mx; ++ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) ++ return X509_TRUST_TRUSTED; ++ x = sk_X509_value(ctx->chain, 0); ++ mx = lookup_cert_match(ctx, x); ++ if (mx) { ++ (void)sk_X509_set(ctx->chain, 0, mx); ++ X509_free(x); ++ ctx->last_untrusted = 0; ++ return X509_TRUST_TRUSTED; ++ } ++ } + -+ /* If no trusted certs in chain at all return untrusted and -+ * allow standard (no issuer cert) etc errors to be indicated. -+ */ -+ return X509_TRUST_UNTRUSTED; ++ /* ++ * If no trusted certs in chain at all return untrusted and allow ++ * standard (no issuer cert) etc errors to be indicated. ++ */ ++ return X509_TRUST_UNTRUSTED; } static int check_revocation(X509_STORE_CTX *ctx) -@@ -1602,6 +1641,8 @@ static int internal_verify(X509_STORE_CTX *ctx) - xs=xi; - else - { -+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0) -+ return check_cert_time(ctx, xi); - if (n <= 0) - { - ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; +@@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx) + if (ctx->check_issued(ctx, xi, xi)) + xs = xi; + else { ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0) ++ return check_cert_time(ctx, xi); + if (n <= 0) { + ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; + ctx->current_cert = xi; Index: openssl/crypto/x509/x509_vfy.h ============================================================================ $ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h ---- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1 -+++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2 -@@ -390,6 +390,8 @@ +--- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1 ++++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2 +@@ -406,6 +406,9 @@ /* Check selfsigned CA signature */ - #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Allow partial chains if at least one certificate is in trusted store */ -+#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 - - #define X509_VP_FLAG_DEFAULT 0x1 - #define X509_VP_FLAG_OVERWRITE 0x2 ++# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 ++ + # define X509_VP_FLAG_DEFAULT 0x1 + # define X509_VP_FLAG_OVERWRITE 0x2 + # define X509_VP_FLAG_RESET_FLAGS 0x4 Index: openssl/apps/apps.c ============================================================================ $ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c ---- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 -+++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 -@@ -2361,6 +2361,8 @@ - flags |= X509_V_FLAG_NOTIFY_POLICY; - else if (!strcmp(arg, "-check_ss_sig")) - flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; -+ else if (!strcmp(arg, "-partial_chain")) -+ flags |= X509_V_FLAG_PARTIAL_CHAIN; - else - return 0; +--- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 ++++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 +@@ -2238,6 +2238,8 @@ + flags |= X509_V_FLAG_NOTIFY_POLICY; + else if (!strcmp(arg, "-check_ss_sig")) + flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; ++ else if (!strcmp(arg, "-partial_chain")) ++ flags |= X509_V_FLAG_PARTIAL_CHAIN; + else + return 0; diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,144 +1,144 @@ Patch developed in-house. Solaris-specific; not suitable for upstream. ---- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013 -+++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014 -@@ -394,10 +394,14 @@ - { - ret = M_do_cipher(ctx, out, NULL, 0); - if (ret < 0) -- return 0; -+ { -+ ret = 0; -+ goto cleanup; -+ } - else - *outl = ret; -- return 1; -+ ret = 1; -+ goto cleanup; - } +--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013 ++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014 +@@ -379,11 +379,13 @@ + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + ret = M_do_cipher(ctx, out, NULL, 0); +- if (ret < 0) +- return 0; +- else ++ if (ret < 0) { ++ ret = 0; ++ goto cleanup; ++ } else + *outl = ret; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + b = ctx->cipher->block_size; +@@ -390,7 +392,8 @@ + OPENSSL_assert(b <= sizeof ctx->buf); + if (b == 1) { + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + bl = ctx->buf_len; + if (ctx->flags & EVP_CIPH_NO_PADDING) { +@@ -397,10 +400,12 @@ + if (bl) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, + EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ ret = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } - b=ctx->cipher->block_size; -@@ -405,7 +409,8 @@ - if (b == 1) - { - *outl=0; -- return 1; -+ ret = 1; -+ goto cleanup; - } - bl=ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) -@@ -413,10 +418,12 @@ - if(bl) - { - EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -- return 0; -+ ret = 0; -+ goto cleanup; - } - *outl = 0; -- return 1; -+ ret = 1; -+ goto cleanup; - } - - n=b-bl; -@@ -428,6 +435,12 @@ - if(ret) - *outl=b; + n = b - bl; +@@ -411,6 +416,11 @@ + if (ret) + *outl = b; +cleanup: -+ if (ctx->cipher->cleanup) -+ { -+ ctx->cipher->cleanup(ctx); -+ } ++ if (ctx->cipher->cleanup) { ++ ctx->cipher->cleanup(ctx); ++ } + - return ret; - } - -@@ -501,6 +501,7 @@ - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { - int i,n; -+ int err = 1; - unsigned int b; - *outl=0; + return ret; + } -@@ -508,10 +509,14 @@ - { - i = M_do_cipher(ctx, out, NULL, 0); - if (i < 0) -- return 0; -+ { -+ err = 0; -+ goto cleanup; -+ } - else - *outl = i; -- return 1; -+ err = 1; -+ goto cleanup; - } +@@ -478,6 +488,7 @@ + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int i, n; ++ int err = 1; + unsigned int b; + *outl = 0; - b=ctx->cipher->block_size; -@@ -520,10 +525,12 @@ - if(ctx->buf_len) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -- return 0; -+ err = 0; -+ goto cleanup; - } - *outl = 0; -- return 1; -+ err = 1; -+ goto cleanup; - } - if (b > 1) - { -@@ -530,7 +537,8 @@ - if (ctx->buf_len || !ctx->final_used) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); -- return(0); -+ err = 0; -+ goto cleanup; - } - OPENSSL_assert(b <= sizeof ctx->final); +@@ -483,11 +494,13 @@ + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + i = M_do_cipher(ctx, out, NULL, 0); +- if (i < 0) +- return 0; +- else ++ if (i < 0) { ++ err = 0; ++ goto cleanup; ++ } else + *outl = i; +- return 1; ++ err = 1; ++ goto cleanup; + } + + b = ctx->cipher->block_size; +@@ -495,10 +508,12 @@ + if (ctx->buf_len) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, + EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ err = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ err = 1; ++ goto cleanup; + } + if (b > 1) { + if (ctx->buf_len || !ctx->final_used) { +@@ -503,7 +518,8 @@ + if (b > 1) { + if (ctx->buf_len || !ctx->final_used) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); +- return (0); ++ err = 0; ++ goto cleanup; + } + OPENSSL_assert(b <= sizeof ctx->final); -@@ -542,7 +550,8 @@ - if (n == 0 || n > (int)b) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); -- return(0); -+ err = 0; -+ goto cleanup; - } - for (i=0; ifinal[--b] != n) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); -- return(0); -+ err = 0; -+ goto cleanup; - } - } - n=ctx->cipher->block_size-n; -@@ -559,7 +569,13 @@ - } - else - *outl=0; -- return(1); -+ err = 1; +@@ -514,7 +530,8 @@ + n = ctx->final[b - 1]; + if (n == 0 || n > (int)b) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); +- return (0); ++ err = 0; ++ goto cleanup; + } + for (i = 0; i < n; i++) { + if (ctx->final[--b] != n) { +@@ -519,7 +536,8 @@ + for (i = 0; i < n; i++) { + if (ctx->final[--b] != n) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); +- return (0); ++ err = 0; ++ goto cleanup; + } + } + n = ctx->cipher->block_size - n; +@@ -528,7 +546,12 @@ + *outl = n; + } else + *outl = 0; +- return (1); ++ err = 1; +cleanup: -+ if (ctx->cipher->cleanup) -+ { -+ ctx->cipher->cleanup(ctx); -+ } -+ return err; - } ++ if (ctx->cipher->cleanup) { ++ ctx->cipher->cleanup(ctx); ++ } ++ return err; + } void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch --- a/components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1-fips-140/patches/38_remove_illegal_instruction_calls.patch Fri Mar 20 15:31:27 2015 -0700 @@ -2,8 +2,8 @@ # This patch was developed in house. # This is Solaris-specific: not suitable for upstream. # ---- openssl-1.0.1g/crypto/sparcv9cap.c.~1~ Fri May 2 15:08:47 2014 -+++ openssl-1.0.1g/crypto/sparcv9cap.c Fri May 2 15:08:32 2014 +--- openssl-1.0.1g/crypto/sparcv9cap.c.~1~ Thu May 1 13:07:00 2014 ++++ openssl-1.0.1g/crypto/sparcv9cap.c Thu May 1 13:11:33 2014 @@ -2,9 +2,9 @@ #include #include @@ -13,116 +13,116 @@ #include +#include - #define SPARCV9_TICK_PRIVILEGED (1<<0) - #define SPARCV9_PREFER_FPU (1<<1) + #define SPARCV9_TICK_PRIVILEGED (1<<0) + #define SPARCV9_PREFER_FPU (1<<1) @@ -11,6 +11,7 @@ - #define SPARCV9_VIS1 (1<<2) - #define SPARCV9_VIS2 (1<<3) /* reserved */ - #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ -+#define SPARCV9_BLK (1<<5) + #define SPARCV9_VIS1 (1<<2) + #define SPARCV9_VIS2 (1<<3) /* reserved */ + #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ ++#define SPARCV9_BLK (1<<5) - static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; - -@@ -28,10 +29,7 @@ - } + static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED; - unsigned long _sparcv9_rdtick(void); --void _sparcv9_vis1_probe(void); - unsigned long _sparcv9_vis1_instrument(void); --void _sparcv9_vis2_probe(void); --void _sparcv9_fmadd_probe(void); +@@ -31,10 +31,7 @@ + } + + unsigned long _sparcv9_rdtick(void); +-void _sparcv9_vis1_probe(void); + unsigned long _sparcv9_vis1_instrument(void); +-void _sparcv9_vis2_probe(void); +-void _sparcv9_fmadd_probe(void); unsigned long OPENSSL_rdtsc(void) - { -@@ -162,15 +160,11 @@ - + { +@@ -170,18 +167,11 @@ + #else - + -static sigjmp_buf common_jmp; --static void common_handler(int sig) { siglongjmp(common_jmp,sig); } +-static void common_handler(int sig) +-{ +- siglongjmp(common_jmp, sig); +-} - void OPENSSL_cpuid_setup(void) - { - char *e; -- struct sigaction common_act,ill_oact,bus_oact; -- sigset_t all_masked,oset; - static int trigger=0; -+ uint_t ui = 0; + { + char *e; +- struct sigaction common_act, ill_oact, bus_oact; +- sigset_t all_masked, oset; + static int trigger = 0; ++ uint_t ui = 0; + + if (trigger) + return; +@@ -192,54 +182,24 @@ + return; + } - if (trigger) return; - trigger=1; -@@ -181,57 +175,27 @@ - return; - } - -+ (void) getisax(&ui, 1); ++ (void) getisax(&ui, 1); + - /* Initial value, fits UltraSPARC-I&II... */ -- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P = SPARCV9_BLK; + /* Initial value, fits UltraSPARC-I&II... */ +- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P = SPARCV9_BLK; -- sigfillset(&all_masked); -- sigdelset(&all_masked,SIGILL); -- sigdelset(&all_masked,SIGTRAP); --#ifdef SIGEMT -- sigdelset(&all_masked,SIGEMT); --#endif -- sigdelset(&all_masked,SIGFPE); -- sigdelset(&all_masked,SIGBUS); -- sigdelset(&all_masked,SIGSEGV); -- sigprocmask(SIG_SETMASK,&all_masked,&oset); +- sigfillset(&all_masked); +- sigdelset(&all_masked, SIGILL); +- sigdelset(&all_masked, SIGTRAP); +-# ifdef SIGEMT +- sigdelset(&all_masked, SIGEMT); +-# endif +- sigdelset(&all_masked, SIGFPE); +- sigdelset(&all_masked, SIGBUS); +- sigdelset(&all_masked, SIGSEGV); +- sigprocmask(SIG_SETMASK, &all_masked, &oset); - -- memset(&common_act,0,sizeof(common_act)); -- common_act.sa_handler = common_handler; -- common_act.sa_mask = all_masked; -- -- sigaction(SIGILL,&common_act,&ill_oact); -- sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */ +- memset(&common_act, 0, sizeof(common_act)); +- common_act.sa_handler = common_handler; +- common_act.sa_mask = all_masked; - -- if (sigsetjmp(common_jmp,1) == 0) -+ if (ui & AV_SPARC_VIS) - { -- _sparcv9_rdtick(); -- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; -- } +- sigaction(SIGILL, &common_act, &ill_oact); +- sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on +- * Linux] */ +- +- if (sigsetjmp(common_jmp, 1) == 0) { +- _sparcv9_rdtick(); +- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; +- } - -- if (sigsetjmp(common_jmp,1) == 0) -- { -- _sparcv9_vis1_probe(); -- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; -- /* detect UltraSPARC-Tx, see sparccpud.S for details... */ -- if (_sparcv9_vis1_instrument() >= 12) -- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); -- else -+ /* detect UltraSPARC-Tx, see sparccpuid.S for details... */ -+ if (_sparcv9_vis1_instrument() < 7) -+ OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED; -+ if (_sparcv9_vis1_instrument() < 12) - { -- _sparcv9_vis2_probe(); -- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; -+ OPENSSL_sparcv9cap_P |= SPARCV9_VIS1|SPARCV9_PREFER_FPU; -+ if (ui & AV_SPARC_VIS2) -+ OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; - } - } +- if (sigsetjmp(common_jmp, 1) == 0) { +- _sparcv9_vis1_probe(); +- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; +- /* detect UltraSPARC-Tx, see sparccpud.S for details... */ +- if (_sparcv9_vis1_instrument() >= 12) +- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); +- else { +- _sparcv9_vis2_probe(); +- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; ++ if (ui & AV_SPARC_VIS) { ++ /* detect UltraSPARC-Tx, see sparccpuid.S for details... */ ++ if (_sparcv9_vis1_instrument() < 7) ++ OPENSSL_sparcv9cap_P |= SPARCV9_TICK_PRIVILEGED; ++ if (_sparcv9_vis1_instrument() < 12) { ++ OPENSSL_sparcv9cap_P |= SPARCV9_VIS1|SPARCV9_PREFER_FPU; ++ if (ui & AV_SPARC_VIS2) ++ OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; + } + } -- if (sigsetjmp(common_jmp,1) == 0) -- { -- _sparcv9_fmadd_probe(); -+ if (ui & AV_SPARC_FMAF) - OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; -- } - -- sigaction(SIGBUS,&bus_oact,NULL); -- sigaction(SIGILL,&ill_oact,NULL); +- if (sigsetjmp(common_jmp, 1) == 0) { +- _sparcv9_fmadd_probe(); ++ if (ui & AV_SPARC_FMAF) + OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; +- } - -- sigprocmask(SIG_SETMASK,&oset,NULL); - } +- sigaction(SIGBUS, &bus_oact, NULL); +- sigaction(SIGILL, &ill_oact, NULL); +- +- sigprocmask(SIG_SETMASK, &oset, NULL); + } #endif ---- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Fri May 2 11:23:54 2014 -+++ openssl-1.0.1g/crypto/sparccpuid.S Fri May 2 11:24:23 2014 +--- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Thu May 1 13:07:00 2014 ++++ openssl-1.0.1g/crypto/sparccpuid.S Thu May 1 13:11:33 2014 @@ -232,16 +232,6 @@ .type _sparcv9_rdtick,#function .size _sparcv9_rdtick,.-_sparcv9_rdtick diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/Makefile --- a/components/openssl/openssl-1.0.1/Makefile Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/Makefile Fri Mar 20 15:31:27 2015 -0700 @@ -28,19 +28,19 @@ # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. # For more information about wanboot-openssl testing, please refer to # ../README. -COMPONENT_VERSION = 1.0.1k +COMPONENT_VERSION = 1.0.1m # Version for IPS. It is easier to do it manually than convert the letter to a # number while taking into account that there might be no letter at all. -IPS_COMPONENT_VERSION = 1.0.1.11 +IPS_COMPONENT_VERSION = 1.0.1.13 COMPONENT_PROJECT_URL= http://www.openssl.org/ COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c + sha256:095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= library/openssl -TPNO= 21111 +TPNO= 21965 include $(WS_MAKE_RULES)/prep.mk include $(WS_MAKE_RULES)/configure.mk diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch --- a/components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,3 +1,7 @@ +# +# This patch file adds the Solaris's pkcs11 engine. +# This is Solaris-specific (developed in house): not suitable for upstream. +# --- /tmp/Configure Fri Feb 11 14:40:39 2011 +++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011 @@ -10,7 +10,7 @@ @@ -29,7 +33,7 @@ my $prefix=""; my $libdir=""; my $openssldir=""; -@@ -876,6 +879,10 @@ +@@ -882,6 +888,10 @@ $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; $flags.=$_." "; } @@ -40,7 +44,7 @@ elsif (/^--prefix=(.*)$/) { $prefix=$1; -@@ -1043,6 +1054,13 @@ +@@ -1049,6 +1059,13 @@ exit 0; } @@ -54,7 +58,7 @@ if ($target =~ m/^CygWin32(-.*)$/) { $target = "Cygwin".$1; } -@@ -1209,6 +1226,8 @@ +@@ -1215,6 +1232,8 @@ if ($flags ne "") { $cflags="$flags$cflags"; } else { $no_user_cflags=1; } @@ -63,7 +67,7 @@ # Kerberos settings. The flavor must be provided from outside, either through # the script "config" or manually. if (!$no_krb5) -@@ -1598,6 +1617,7 @@ +@@ -1604,6 +1623,7 @@ s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; @@ -136,7 +140,7 @@ else \ --- crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 +++ openssl-1.0.1e/crypto/engine/eng_all.c Thu Sep 5 12:59:50 2013 -@@ -59,6 +59,16 @@ +@@ -60,6 +60,16 @@ #include "cryptlib.h" #include "eng_int.h" @@ -151,42 +155,40 @@ + } + void ENGINE_load_builtin_engines(void) - { - /* Some ENGINEs need this */ + { + /* Some ENGINEs need this */ --- crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 +++ openssl-1.0.1e/crypto/dso/dso_lib.c Thu Sep 5 12:59:50 2013 -@@ -426,6 +426,26 @@ - DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); - return(NULL); - } -+ /* -+ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to -+ * avoid the name collision with PKCS#11 library. -+ */ -+ if (strcmp(filename, "pkcs11") == 0) -+ { -+#ifdef _LP64 -+ char *fullpath = "/lib/openssl/engines/64/libpk11.so"; +@@ -396,6 +396,24 @@ + DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); + return (NULL); + } ++ /* ++ * For pkcs11 engine, use libpk11.so (instead of libpkcs11.so) to ++ * avoid the name collision with PKCS#11 library. ++ */ ++ if (strcmp(filename, "pkcs11") == 0) { ++#ifdef _LP64 ++ char *fullpath = "/lib/openssl/engines/64/libpk11.so"; +#else -+ char *fullpath = "/lib/openssl/engines/libpk11.so"; ++ char *fullpath = "/lib/openssl/engines/libpk11.so"; +#endif -+ result = OPENSSL_malloc(strlen(fullpath) + 1); -+ if(result == NULL) -+ { -+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); -+ return(NULL); -+ } -+ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1); -+ return (result); -+ } - if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) - { - if(dso->name_converter != NULL) ++ result = OPENSSL_malloc(strlen(fullpath) + 1); ++ if(result == NULL) { ++ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); ++ return(NULL); ++ } ++ BUF_strlcpy(result, fullpath, strlen(fullpath) + 1); ++ return (result); ++ } + if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { + if (dso->name_converter != NULL) + result = dso->name_converter(dso, filename); --- /tmp/engine.h Fri Feb 11 14:46:24 2011 +++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 -@@ -351,6 +351,7 @@ - #endif - #endif +@@ -413,6 +413,7 @@ + # endif + # endif void ENGINE_load_cryptodev(void); +void ENGINE_load_pk11(void); void ENGINE_load_rsax(void); diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch --- a/components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,3 +1,7 @@ +# +# This was developed in house to support Solaris-specific options. +# Not suitable for upstream. +# --- openssl-1.0.0d/Configure Thu Feb 10 20:02:41 2011 +++ /tmp/Configure Thu Feb 10 20:01:51 2011 @@ -257,6 +257,19 @@ @@ -19,4 +23,4 @@ + #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. - "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/28-enginesdir.patch --- a/components/openssl/openssl-1.0.1/patches/28-enginesdir.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/28-enginesdir.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,3 +1,7 @@ +# +# This was developed in house to configure the engine dir. +# Not suitable for upstream. +# --- /tmp/18/Configure Fri Feb 11 15:15:50 2011 +++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011 @@ -18,6 +18,8 @@ @@ -17,7 +21,7 @@ my $exe_ext=""; my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; my $cross_compile_prefix=""; -@@ -911,6 +911,10 @@ +@@ -917,6 +920,10 @@ { $openssldir=$1; } @@ -28,7 +32,7 @@ elsif (/^--install.prefix=(.*)$/) { $install_prefix=$1; -@@ -1218,6 +1225,10 @@ +@@ -1224,6 +1231,10 @@ # we're ready to tolerate, so don't... $multilib="" if !-d "$prefix/lib$multilib"; @@ -39,7 +43,7 @@ $libdir="lib$multilib" if $libdir eq ""; $cflags = "$cflags$exp_cflags"; -@@ -1837,7 +1848,7 @@ +@@ -1846,7 +1857,7 @@ } elsif (/^#define\s+ENGINESDIR/) { diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/29_fork_safe.patch --- a/components/openssl/openssl-1.0.1/patches/29_fork_safe.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/29_fork_safe.patch Fri Mar 20 15:31:27 2015 -0700 @@ -13,18 +13,19 @@ +#include #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) - static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -@@ -181,6 +182,7 @@ - numbers. */ - static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; + static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ +@@ -184,6 +185,8 @@ + */ + static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; +static pthread_mutex_t *solaris_openssl_locks; - - static void (MS_FAR *locking_callback)(int mode,int type, - const char *file,int line)=0; -@@ -406,6 +409,79 @@ - return(add_lock_callback); - } ++ + static void (MS_FAR *locking_callback) (int mode, int type, + const char *file, int line) = 0; + static int (MS_FAR *add_lock_callback) (int *pointer, int amount, +@@ -402,6 +405,79 @@ + return (add_lock_callback); + } +/* + * This is the locking callback function which all applications will be @@ -97,24 +98,24 @@ + } + locking_callback = solaris_locking_callback; + -+ } ++} + - void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)) - { -@@ -413,7 +478,11 @@ - * are started. - */ - OPENSSL_init(); -- locking_callback=func; + void CRYPTO_set_locking_callback(void (*func) (int mode, int type, + const char *file, int line)) + { +@@ -410,7 +486,11 @@ + * started. + */ + OPENSSL_init(); +- locking_callback = func; + + /* + * we now setup our own locking callback and mutexes, and disallow + * setting of another locking callback. + */ - } + } - void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, + void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, --- openssl-1.0.1f/crypto/cryptlib.h.~1~ Fri Feb 7 10:41:42 2014 +++ openssl-1.0.1f/crypto/cryptlib.h Thu Feb 6 16:04:16 2014 @@ -104,6 +104,8 @@ diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/30_wanboot.patch --- a/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Fri Mar 20 15:31:27 2015 -0700 @@ -36,7 +36,7 @@ --- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800 -@@ -415,6 +415,7 @@ +@@ -412,6 +412,7 @@ static void solaris_locking_callback(int mode, int type, const char *file, int line) { @@ -44,15 +44,15 @@ if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&solaris_openssl_locks[type]); -@@ -423,6 +424,7 @@ +@@ -420,6 +421,7 @@ { pthread_mutex_unlock(&solaris_openssl_locks[type]); } +#endif } - - -@@ -456,6 +458,12 @@ + + +@@ -453,6 +455,12 @@ } /* @@ -65,164 +65,169 @@ * Set atfork handler so that child can setup its own mutexes and * locking callbacks when it is forked */ -@@ -478,7 +486,7 @@ +@@ -475,7 +483,7 @@ pthread_mutex_init(&solaris_openssl_locks[i], NULL); } locking_callback = solaris_locking_callback; - +#endif - } + } - void CRYPTO_set_locking_callback(void (*func)(int mode,int type, -@@ -979,6 +979,10 @@ - MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); + void CRYPTO_set_locking_callback(void (*func) (int mode, int type, +@@ -1021,6 +1029,12 @@ + MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP); } #else -+/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since -+ * * OPENSSL_showfatal() is not used anywhere else then here we can safely use -+ * * the code from 0.9.7d version. */ ++/* ++ * Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since ++ * OPENSSL_showfatal() is not used anywhere else then here we can safely use ++ * the code from 0.9.7d version. ++ */ +#ifndef _BOOT - void OPENSSL_showfatal (const char *fmta,...) - { va_list ap; - -@@ -986,14 +990,21 @@ - vfprintf (stderr,fmta,ap); - va_end (ap); + void OPENSSL_showfatal(const char *fmta, ...) + { + va_list ap; +@@ -1029,6 +1043,7 @@ + vfprintf(stderr, fmta, ap); + va_end(ap); } +#endif /* _BOOT */ - int OPENSSL_isservice (void) { return 0; } - #endif + + int OPENSSL_isservice(void) + { +@@ -1038,9 +1053,15 @@ - void OpenSSLDie(const char *file,int line,const char *assertion) - { + void OpenSSLDie(const char *file, int line, const char *assertion) + { +#ifndef _BOOT - OPENSSL_showfatal( - "%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); + OPENSSL_showfatal + ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, + assertion); +#else + fprintf(stderr, + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); +#endif #if !defined(_WIN32) || defined(__CYGWIN__) - abort(); + abort(); #else --- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800 @@ -148,7 +148,9 @@ - ERR_load_X509V3_strings(); - ERR_load_PKCS12_strings(); - ERR_load_RAND_strings(); + ERR_load_X509V3_strings(); + ERR_load_PKCS12_strings(); + ERR_load_RAND_strings(); +#ifndef _BOOT - ERR_load_DSO_strings(); + ERR_load_DSO_strings(); +#endif /* _BOOT */ - ERR_load_TS_strings(); - #ifndef OPENSSL_NO_ENGINE - ERR_load_ENGINE_strings(); + ERR_load_TS_strings(); + # ifndef OPENSSL_NO_ENGINE + ERR_load_ENGINE_strings(); --- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800 -@@ -84,7 +84,7 @@ - else - return(prompt_string); - } +@@ -83,7 +83,7 @@ + else + return (prompt_string); + } - +#ifndef _BOOT - /* For historical reasons, the standard function for reading passwords is - * in the DES library -- if someone ever wants to disable DES, - * this function will fail */ -@@ -111,6 +111,7 @@ - OPENSSL_cleanse(buff,BUFSIZ); - return ret; - } + /* + * For historical reasons, the standard function for reading passwords is in + * the DES library -- if someone ever wants to disable DES, this function +@@ -115,6 +115,7 @@ + OPENSSL_cleanse(buff, BUFSIZ); + return ret; + } +#endif /* !_BOOT */ - int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, int datal, + int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, --- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800 @@ -122,7 +122,11 @@ - #include - #include - #include + # include + # include + # include +#ifdef _BOOT -+#include ++# include +#else - #include + # include +#endif - #include - #include - #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ -@@ -253,6 +257,11 @@ - const char **egdsocket = NULL; - #endif + # include + # include + # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually +@@ -259,6 +263,11 @@ + const char **egdsocket = NULL; + # endif +#ifdef _BOOT +/* open() is provided by standalone libsa not visible from here */ +extern int open(const char *, int); +#endif + - #ifdef DEVRANDOM - memset(randomstats,0,sizeof(randomstats)); - /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD -@@ -295,9 +304,13 @@ - { - int try_read = 0; - --#if defined(OPENSSL_SYS_BEOS_R5) -+#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT) - /* select() is broken in BeOS R5, so we simply - * try to read something and snooze if we couldn't */ -+ /* -+ * select() is not available when linking stand-alone -+ * library for wanboot -+ */ - try_read = 1; + # ifdef DEVRANDOM + memset(randomstats, 0, sizeof(randomstats)); + /* +@@ -307,11 +316,15 @@ + do { + int try_read = 0; + +-# if defined(OPENSSL_SYS_BEOS_R5) ++# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT) + /* + * select() is broken in BeOS R5, so we simply try to read + * something and snooze if we couldn't + */ ++ /* ++ * select() is not available when linking stand-alone ++ * library for wanboot ++ */ + try_read = 1; - #elif defined(OPENSSL_SYS_LINUX) -@@ -355,6 +368,7 @@ - else - r = -1; - -+#ifndef _BOOT - /* Some Unixen will update t in select(), some - won't. For those who won't, or if we - didn't use select() in the first place, -@@ -366,13 +380,17 @@ - } - while ((r > 0 || - (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); -+#else /* _BOOT */ -+ } -+ while (r > 0 && n < ENTROPY_NEEDED); -+#endif /* _BOOT */ - - close(fd); - } - } - #endif /* defined(DEVRANDOM) */ - --#ifdef DEVRANDOM_EGD -+#if defined(DEVRANDOM_EGD) && !defined(_BOOT) - /* Use an EGD socket to read entropy from an EGD or PRNGD entropy - * collecting daemon. */ - -@@ -395,6 +413,7 @@ - } - #endif + # elif defined(OPENSSL_SYS_LINUX) +@@ -365,6 +378,7 @@ + } else + r = -1; + ++#ifndef _BOOT + /* + * Some Unixen will update t in select(), some won't. For + * those who won't, or if we didn't use select() in the first +@@ -377,13 +391,17 @@ + while ((r > 0 || + (errno == EINTR || errno == EAGAIN)) && usec != 0 + && n < ENTROPY_NEEDED); ++#else /* _BOOT */ ++ } ++ while (r > 0 && n < ENTROPY_NEEDED); ++#endif /* _BOOT */ + + close(fd); + } + } + # endif /* defined(DEVRANDOM) */ + +-# ifdef DEVRANDOM_EGD ++# if defined(DEVRANDOM_EGD) && !defined(_BOOT) + /* + * Use an EGD socket to read entropy from an EGD or PRNGD entropy + * collecting daemon. +@@ -407,6 +424,7 @@ + } + # endif +#ifndef _BOOT - /* put in some default random data, we need more than just this */ - l=curr_pid; - RAND_add(&l,sizeof(l),0.0); -@@ -403,6 +422,7 @@ + /* put in some default random data, we need more than just this */ + l = curr_pid; + RAND_add(&l, sizeof(l), 0.0); +@@ -415,6 +433,7 @@ - l=time(NULL); - RAND_add(&l,sizeof(l),0.0); + l = time(NULL); + RAND_add(&l, sizeof(l), 0.0); +#endif /* !_BOOT */ - #if defined(OPENSSL_SYS_BEOS) - { - + # if defined(OPENSSL_SYS_BEOS) + { --- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800 @@ -57,9 +57,11 @@ @@ -231,137 +236,135 @@ /* We need to define this to get macros like S_IFBLK and S_IFCHR */ +#ifndef _BOOT #if !defined(OPENSSL_SYS_VXWORKS) - #define _XOPEN_SOURCE 500 + # define _XOPEN_SOURCE 500 #endif +#endif /* _BOOT */ #include #include -@@ -179,6 +181,7 @@ - return(ret); - } +@@ -191,6 +193,7 @@ + return (ret); + } +#ifndef _BOOT int RAND_write_file(const char *file) - { - unsigned char buf[BUFSIZE]; -@@ -327,3 +330,5 @@ + { + unsigned char buf[BUFSIZE]; +@@ -335,3 +338,5 @@ #endif - return(buf); - } + return (buf); + } + +#endif /* _BOOT */ --- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800 -@@ -659,9 +659,52 @@ - } - } +@@ -715,9 +715,50 @@ + } + } +#if defined(_BOOT) +/* This function was copied from bio/b_sock.c */ +static int get_ip(const char *str, unsigned char ip[4]) -+ { -+ unsigned int tmp[4]; -+ int num=0,c,ok=0; ++{ ++ unsigned int tmp[4]; ++ int num = 0, c, ok = 0; + -+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; ++ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; + -+ for (;;) -+ { -+ c= *(str++); -+ if ((c >= '0') && (c <= '9')) -+ { -+ ok=1; -+ tmp[num]=tmp[num]*10+c-'0'; -+ if (tmp[num] > 255) return(0); -+ } -+ else if (c == '.') -+ { -+ if (!ok) return(-1); -+ if (num == 3) return(0); -+ num++; -+ ok=0; -+ } -+ else if (c == '\0' && (num == 3) && ok) -+ break; -+ else -+ return(0); -+ } -+ ip[0]=tmp[0]; -+ ip[1]=tmp[1]; -+ ip[2]=tmp[2]; -+ ip[3]=tmp[3]; -+ return(1); -+ } ++ for (;;) { ++ c = *(str++); ++ if ((c >= '0') && (c <= '9')) { ++ ok = 1; ++ tmp[num] = tmp[num]*10+c-'0'; ++ if (tmp[num] > 255) ++ return(0); ++ } else if (c == '.') { ++ if (!ok) ++ return (-1); ++ if (num == 3) ++ return (0); ++ num++; ++ ok = 0; ++ } else if (c == '\0' && (num == 3) && ok) ++ break; ++ else ++ return(0); ++ } ++ ip[0]=tmp[0]; ++ ip[1]=tmp[1]; ++ ip[2]=tmp[2]; ++ ip[3]=tmp[3]; ++ return(1); ++} +#endif /* _BOOT */ + static int ipv4_from_asc(unsigned char *v4, const char *in) - { - int a0, a1, a2, a3; + { + int a0, a1, a2, a3; + +#if defined(_BOOT) + if (get_ip(in, v4) != 1) + return 0; +#else /* _BOOT */ - if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) - return 0; - if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) -@@ -671,6 +716,7 @@ - v4[1] = a1; - v4[2] = a2; - v4[3] = a3; + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + return 0; + if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) +@@ -727,6 +768,7 @@ + v4[1] = a1; + v4[2] = a2; + v4[3] = a3; +#endif /* _BOOT */ - return 1; - } - + return 1; + } + --- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800 +++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800 -@@ -206,10 +206,19 @@ - #define get_last_socket_error() errno - #define clear_socket_error() errno=0 - #define ioctlsocket(a,b,c) ioctl(a,b,c) +@@ -213,10 +213,19 @@ + # define get_last_socket_error() errno + # define clear_socket_error() errno=0 + # define ioctlsocket(a,b,c) ioctl(a,b,c) +#ifdef _BOOT +#include +extern int socket_read(int, void *, size_t, int); +extern int socket_close(int); -+#define closesocket(s) socket_close(s) -+#define readsocket(s,b,n) socket_read((s),(b),(n), 200) -+#define writesocket(s,b,n) send((s),(b),(n), 0) ++# define closesocket(s) socket_close(s) ++# define readsocket(s,b,n) socket_read((s),(b),(n), 200) ++# define writesocket(s,b,n) send((s),(b),(n), 0) +#else /* !_BOOT */ - #define closesocket(s) close(s) - #define readsocket(s,b,n) read((s),(b),(n)) - #define writesocket(s,b,n) write((s),(b),(n)) - #endif + # define closesocket(s) close(s) + # define readsocket(s,b,n) read((s),(b),(n)) + # define writesocket(s,b,n) write((s),(b),(n)) + # endif +#endif - #ifdef WIN16 /* never the case */ - # define MS_CALLBACK _far _loadds + # ifdef WIN16 /* never the case */ + # define MS_CALLBACK _far _loadds --- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800 @@ -12,7 +12,11 @@ - #define SPARCV9_VIS2 (1<<3) /* reserved */ - #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ - -+#ifndef _BOOT - static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; + #define SPARCV9_VIS2 (1<<3) /* reserved */ + #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ + ++#ifndef _BOOT + static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED; +#else +static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1; +#endif - int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) - { -@@ -33,6 +37,7 @@ - void _sparcv9_vis2_probe(void); - void _sparcv9_fmadd_probe(void); + int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num) +@@ -36,6 +40,7 @@ + void _sparcv9_vis2_probe(void); + void _sparcv9_fmadd_probe(void); +#ifndef _BOOT unsigned long OPENSSL_rdtsc(void) - { - if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED) -@@ -44,8 +49,19 @@ - else - return _sparcv9_rdtick(); - } + { + if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED) +@@ -47,8 +52,19 @@ + else + return _sparcv9_rdtick(); + } +#endif + +#if defined(_BOOT) @@ -370,15 +373,15 @@ + * Older CPUs are EOLed anyway. + */ +void OPENSSL_cpuid_setup(void) -+ { -+ OPENSSL_sparcv9cap_P = SPARCV9_VIS1; -+ } - ++ { ++ OPENSSL_sparcv9cap_P = SPARCV9_VIS1; ++ } + -#if 0 && defined(__sun) && defined(__SVR4) +#elif 0 && defined(__sun) && defined(__SVR4) - /* This code path is disabled, because of incompatibility of - * libdevinfo.so.1 and libmalloc.so.1 (see below for details) - */ + /* + * This code path is disabled, because of incompatibility of libdevinfo.so.1 + * and libmalloc.so.1 (see below for details) --- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700 +++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800 @@ -397,8 +397,13 @@ @@ -397,7 +400,7 @@ +#endif --- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012 +++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012 -@@ -35,9 +35,9 @@ +@@ -36,9 +36,9 @@ LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ @@ -411,31 +414,29 @@ --- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014 +++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014 -@@ -681,8 +681,13 @@ +@@ -668,7 +668,11 @@ - p=s->s3->client_random; - + p = s->s3->client_random; + +#ifndef _BOOT - if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) - goto err; + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) +#else -+ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) -+ goto err; ++ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) +#endif + goto err; - /* Do the message type and length last */ - d=p= &(buf[4]); + /* Do the message type and length last */ --- openssl-1.0.1f/ssl/s3_lib.c Wed Oct 15 11:18:30 2014 +++ openssl-1.0.1f/ssl/s3_lib.c.new Wed Oct 15 11:20:07 2014 -@@ -3364,7 +3364,11 @@ - return 1; - /* Apparently we're using a version-flexible SSL_METHOD - * (not at its highest protocol version). */ +@@ -3343,7 +3343,11 @@ + * Apparently we're using a version-flexible SSL_METHOD (not at its + * highest protocol version). + */ +#ifndef _BOOT - if (s->ctx->method->version == SSLv23_method()->version) + if (s->ctx->method->version == SSLv23_method()->version) { +#else -+ if (s->ctx->method->version == TLS1_2_VERSION) ++ if (s->ctx->method->version == TLS1_2_VERSION) { +#endif - { #if TLS_MAX_VERSION != TLS1_2_VERSION - # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. + # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. + #endif diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch --- a/components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/32_aes_cbc_len_check.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,14 +1,18 @@ +# +# This was developed in house and reported to the upstream. +# --- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013 +++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013 -@@ -574,8 +574,11 @@ - static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, - const unsigned char *in, size_t len) +@@ -536,8 +536,12 @@ + static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) { -+ size_t bl = ctx->cipher->block_size; - EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; ++ size_t bl = ctx->cipher->block_size; + EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; -+ if (lenstream.cbc) - (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt); - else if (ctx->encrypt) + if (dat->stream.cbc) + (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); + else if (ctx->encrypt) diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/33_cert_chain.patch --- a/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/33_cert_chain.patch Fri Mar 20 15:31:27 2015 -0700 @@ -6,200 +6,205 @@ Index: openssl/crypto/x509/x509_trs.c ============================================================================ $ diff -ru crypto/x509/x509_trs.c crypto/x509/x509_trs.c ---- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 -+++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 -@@ -114,6 +114,15 @@ int X509_check_trust(X509 *x, int id, int flags) - X509_TRUST *pt; - int idx; - if(id == -1) return 1; -+ /* We get this as a default value */ -+ if (id == 0) -+ { -+ int rv; -+ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); -+ if (rv != X509_TRUST_UNTRUSTED) -+ return rv; -+ return trust_compat(NULL, x, 0); -+ } - idx = X509_TRUST_get_by_id(id); - if(idx == -1) return default_trust(id, x, flags); - pt = X509_TRUST_get0(idx); +--- openssl/crypto/x509/x509_trs.c.orig 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 ++++ openssl/crypto/x509/x509_trs.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 +@@ -119,6 +119,14 @@ int X509_check_trust(X509 *x, int id, int flags) + int idx; + if (id == -1) + return 1; ++ /* We get this as a default value */ ++ if (id == 0) { ++ int rv; ++ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); ++ if (rv != X509_TRUST_UNTRUSTED) ++ return rv; ++ return trust_compat(NULL, x, 0); ++ } + idx = X509_TRUST_get_by_id(id); + if (idx == -1) + return default_trust(id, x, flags); Index: openssl/crypto/x509/x509_vfy.c ============================================================================ $ cvs diff -u -r1.105.2.9.2.4.2.3 -r1.105.2.9.2.4.2.4 x509_vfy.c ---- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3 -+++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4 -@@ -150,6 +150,33 @@ - } +--- openssl/crypto/x509/x509_vfy.c 14 Dec 2012 12:53:48 -0000 1.105.2.9.2.4.2.3 ++++ openssl/crypto/x509/x509_vfy.c 14 Dec 2012 14:30:46 -0000 1.105.2.9.2.4.2.4 +@@ -149,6 +149,33 @@ + } #endif +/* Given a certificate try and find an exact match in the store */ + +static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) -+ { -+ STACK_OF(X509) *certs; -+ X509 *xtmp = NULL; -+ int i; -+ /* Lookup all certs with matching subject name */ -+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); -+ if (certs == NULL) -+ return NULL; -+ /* Look for exact match */ -+ for (i = 0; i < sk_X509_num(certs); i++) -+ { -+ xtmp = sk_X509_value(certs, i); -+ if (!X509_cmp(xtmp, x)) -+ break; -+ } -+ if (i < sk_X509_num(certs)) -+ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); -+ else -+ xtmp = NULL; -+ sk_X509_pop_free(certs, X509_free); -+ return xtmp; -+ } ++ { ++ STACK_OF(X509) *certs; ++ X509 *xtmp = NULL; ++ int i; ++ /* Lookup all certs with matching subject name */ ++ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); ++ if (certs == NULL) ++ return NULL; ++ /* Look for exact match */ ++ for (i = 0; i < sk_X509_num(certs); i++) ++ { ++ xtmp = sk_X509_value(certs, i); ++ if (!X509_cmp(xtmp, x)) ++ break; ++ } ++ if (i < sk_X509_num(certs)) ++ CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); ++ else ++ xtmp = NULL; ++ sk_X509_pop_free(certs, X509_free); ++ return xtmp; ++ } + + int X509_verify_cert(X509_STORE_CTX *ctx) - { - X509 *x,*xtmp,*chain_ss=NULL; -@@ -307,8 +307,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + { + X509 *x, *xtmp, *chain_ss = NULL; +@@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - /* we now have our chain, lets check it... */ + /* we now have our chain, lets check it... */ -- /* Is last certificate looked up self signed? */ -- if (!ctx->check_issued(ctx,x,x)) -+ i = check_trust(ctx); +- /* Is last certificate looked up self signed? */ +- if (!ctx->check_issued(ctx, x, x)) { ++ i = check_trust(ctx); + -+ /* If explicitly rejected error */ -+ if (i == X509_TRUST_REJECTED) -+ goto end; -+ /* If not explicitly trusted then indicate error */ -+ if (i != X509_TRUST_TRUSTED) - { - if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) - { -@@ -346,12 +351,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - - if (!ok) goto end; ++ /* If explicitly rejected error */ ++ if (i == X509_TRUST_REJECTED) ++ goto end; ++ /* ++ * If not explicitly trusted then indicate error unless it's a single ++ * self signed certificate in which case we've indicated an error already ++ * and set bad_chain == 1 ++ */ ++ if (i != X509_TRUST_TRUSTED && !bad_chain) { + if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { + if (ctx->last_untrusted >= num) + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; +@@ -340,14 +376,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + ok = check_name_constraints(ctx); -- /* The chain extensions are OK: check trust */ + if (!ok) +- goto end; - -- if (param->trust > 0) ok = check_trust(ctx); +- /* The chain extensions are OK: check trust */ - -- if (!ok) goto end; +- if (param->trust > 0) +- ok = check_trust(ctx); - - /* We may as well copy down any DSA parameters that are required */ - X509_get_pubkey_parameters(NULL,ctx->chain); +- if (!ok) + goto end; -@@ -642,28 +641,54 @@ static int check_name_constraints(X509_STORE_CTX *ctx) + /* We may as well copy down any DSA parameters that are required */ +@@ -630,28 +658,53 @@ static int check_name_constraints(X509_STORE_CTX *ctx) static int check_trust(X509_STORE_CTX *ctx) { -#ifdef OPENSSL_NO_CHAIN_VERIFY -- return 1; +- return 1; -#else - int i, ok; -- X509 *x; -+ X509 *x = NULL; - int (*cb)(int xok,X509_STORE_CTX *xctx); - cb=ctx->verify_cb; + int i, ok; +- X509 *x; ++ X509 *x = NULL; + int (*cb) (int xok, X509_STORE_CTX *xctx); + cb = ctx->verify_cb; -/* For now just check the last certificate in the chain */ -- i = sk_X509_num(ctx->chain) - 1; -- x = sk_X509_value(ctx->chain, i); -- ok = X509_check_trust(x, ctx->param->trust, 0); -- if (ok == X509_TRUST_TRUSTED) -- return 1; -- ctx->error_depth = i; -- ctx->current_cert = x; -- if (ok == X509_TRUST_REJECTED) -- ctx->error = X509_V_ERR_CERT_REJECTED; -- else -- ctx->error = X509_V_ERR_CERT_UNTRUSTED; -- ok = cb(0, ctx); -- return ok; +- i = sk_X509_num(ctx->chain) - 1; +- x = sk_X509_value(ctx->chain, i); +- ok = X509_check_trust(x, ctx->param->trust, 0); +- if (ok == X509_TRUST_TRUSTED) +- return 1; +- ctx->error_depth = i; +- ctx->current_cert = x; +- if (ok == X509_TRUST_REJECTED) +- ctx->error = X509_V_ERR_CERT_REJECTED; +- else +- ctx->error = X509_V_ERR_CERT_UNTRUSTED; +- ok = cb(0, ctx); +- return ok; -#endif -+ /* Check all trusted certificates in chain */ -+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) -+ { -+ x = sk_X509_value(ctx->chain, i); -+ ok = X509_check_trust(x, ctx->param->trust, 0); -+ /* If explicitly trusted return trusted */ -+ if (ok == X509_TRUST_TRUSTED) -+ return X509_TRUST_TRUSTED; -+ /* If explicitly rejected notify callback and reject if -+ * not overridden. -+ */ -+ if (ok == X509_TRUST_REJECTED) -+ { -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ ctx->error = X509_V_ERR_CERT_REJECTED; -+ ok = cb(0, ctx); -+ if (!ok) -+ return X509_TRUST_REJECTED; -+ } -+ } -+ /* If we accept partial chains and have at least one trusted -+ * certificate return success. -+ */ -+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) -+ { -+ X509 *mx; -+ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) -+ return X509_TRUST_TRUSTED; -+ x = sk_X509_value(ctx->chain, 0); -+ mx = lookup_cert_match(ctx, x); -+ if (mx) -+ { -+ (void)sk_X509_set(ctx->chain, 0, mx); -+ X509_free(x); -+ ctx->last_untrusted = 0; -+ return X509_TRUST_TRUSTED; -+ } -+ } ++ /* Check all trusted certificates in chain */ ++ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { ++ x = sk_X509_value(ctx->chain, i); ++ ok = X509_check_trust(x, ctx->param->trust, 0); ++ /* If explicitly trusted return trusted */ ++ if (ok == X509_TRUST_TRUSTED) ++ return X509_TRUST_TRUSTED; ++ /* ++ * If explicitly rejected notify callback and reject if not ++ * overridden. ++ */ ++ if (ok == X509_TRUST_REJECTED) { ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ctx->error = X509_V_ERR_CERT_REJECTED; ++ ok = cb(0, ctx); ++ if (!ok) ++ return X509_TRUST_REJECTED; ++ } ++ } ++ /* ++ * If we accept partial chains and have at least one trusted certificate ++ * return success. ++ */ ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { ++ X509 *mx; ++ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) ++ return X509_TRUST_TRUSTED; ++ x = sk_X509_value(ctx->chain, 0); ++ mx = lookup_cert_match(ctx, x); ++ if (mx) { ++ (void)sk_X509_set(ctx->chain, 0, mx); ++ X509_free(x); ++ ctx->last_untrusted = 0; ++ return X509_TRUST_TRUSTED; ++ } ++ } + -+ /* If no trusted certs in chain at all return untrusted and -+ * allow standard (no issuer cert) etc errors to be indicated. -+ */ -+ return X509_TRUST_UNTRUSTED; ++ /* ++ * If no trusted certs in chain at all return untrusted and allow ++ * standard (no issuer cert) etc errors to be indicated. ++ */ ++ return X509_TRUST_UNTRUSTED; } static int check_revocation(X509_STORE_CTX *ctx) -@@ -1602,6 +1641,8 @@ static int internal_verify(X509_STORE_CTX *ctx) - xs=xi; - else - { -+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0) -+ return check_cert_time(ctx, xi); - if (n <= 0) - { - ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; +@@ -1526,6 +1579,8 @@ static int internal_verify(X509_STORE_CTX *ctx) + if (ctx->check_issued(ctx, xi, xi)) + xs = xi; + else { ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0) ++ return check_cert_time(ctx, xi); + if (n <= 0) { + ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; + ctx->current_cert = xi; Index: openssl/crypto/x509/x509_vfy.h ============================================================================ $ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h ---- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1 -+++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2 -@@ -390,6 +390,8 @@ +--- openssl/crypto/x509/x509_vfy.h 26 Sep 2012 13:50:42 -0000 1.67.2.3.4.1 ++++ openssl/crypto/x509/x509_vfy.h 14 Dec 2012 14:30:46 -0000 1.67.2.3.4.2 +@@ -406,6 +406,9 @@ /* Check selfsigned CA signature */ - #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Allow partial chains if at least one certificate is in trusted store */ -+#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 - - #define X509_VP_FLAG_DEFAULT 0x1 - #define X509_VP_FLAG_OVERWRITE 0x2 ++# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 ++ + # define X509_VP_FLAG_DEFAULT 0x1 + # define X509_VP_FLAG_OVERWRITE 0x2 + # define X509_VP_FLAG_RESET_FLAGS 0x4 Index: openssl/apps/apps.c ============================================================================ $ cvs diff -u -r1.133.2.11.2.6.2.3 -r1.133.2.11.2.6.2.4 apps.c ---- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 -+++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 -@@ -2361,6 +2361,8 @@ - flags |= X509_V_FLAG_NOTIFY_POLICY; - else if (!strcmp(arg, "-check_ss_sig")) - flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; -+ else if (!strcmp(arg, "-partial_chain")) -+ flags |= X509_V_FLAG_PARTIAL_CHAIN; - else - return 0; +--- openssl/apps/apps.c 4 Dec 2012 17:26:04 -0000 1.133.2.11.2.6.2.3 ++++ openssl/apps/apps.c 14 Dec 2012 14:30:45 -0000 1.133.2.11.2.6.2.4 +@@ -2238,6 +2238,8 @@ + flags |= X509_V_FLAG_NOTIFY_POLICY; + else if (!strcmp(arg, "-check_ss_sig")) + flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; ++ else if (!strcmp(arg, "-partial_chain")) ++ flags |= X509_V_FLAG_PARTIAL_CHAIN; + else + return 0; diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/36_evp_leak.patch --- a/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/36_evp_leak.patch Fri Mar 20 15:31:27 2015 -0700 @@ -1,144 +1,144 @@ Patch developed in-house. Solaris-specific; not suitable for upstream. ---- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013 -+++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014 -@@ -394,10 +394,14 @@ - { - ret = M_do_cipher(ctx, out, NULL, 0); - if (ret < 0) -- return 0; -+ { -+ ret = 0; -+ goto cleanup; -+ } - else - *outl = ret; -- return 1; -+ ret = 1; -+ goto cleanup; - } +--- openssl-1.0.1f/crypto/evp/evp_enc.c.orig Mon Feb 11 07:26:04 2013 ++++ openssl-1.0.1f/crypto/evp/evp_enc.c Mon Feb 3 16:40:48 2014 +@@ -379,11 +379,13 @@ + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + ret = M_do_cipher(ctx, out, NULL, 0); +- if (ret < 0) +- return 0; +- else ++ if (ret < 0) { ++ ret = 0; ++ goto cleanup; ++ } else + *outl = ret; +- return 1; ++ ret = 1; ++ goto cleanup; + } + + b = ctx->cipher->block_size; +@@ -390,7 +392,8 @@ + OPENSSL_assert(b <= sizeof ctx->buf); + if (b == 1) { + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } + bl = ctx->buf_len; + if (ctx->flags & EVP_CIPH_NO_PADDING) { +@@ -397,10 +400,12 @@ + if (bl) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, + EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ ret = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ ret = 1; ++ goto cleanup; + } - b=ctx->cipher->block_size; -@@ -405,7 +409,8 @@ - if (b == 1) - { - *outl=0; -- return 1; -+ ret = 1; -+ goto cleanup; - } - bl=ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) -@@ -413,10 +418,12 @@ - if(bl) - { - EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -- return 0; -+ ret = 0; -+ goto cleanup; - } - *outl = 0; -- return 1; -+ ret = 1; -+ goto cleanup; - } - - n=b-bl; -@@ -428,6 +435,12 @@ - if(ret) - *outl=b; + n = b - bl; +@@ -411,6 +416,11 @@ + if (ret) + *outl = b; +cleanup: -+ if (ctx->cipher->cleanup) -+ { -+ ctx->cipher->cleanup(ctx); -+ } ++ if (ctx->cipher->cleanup) { ++ ctx->cipher->cleanup(ctx); ++ } + - return ret; - } - -@@ -501,6 +501,7 @@ - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { - int i,n; -+ int err = 1; - unsigned int b; - *outl=0; + return ret; + } -@@ -508,10 +509,14 @@ - { - i = M_do_cipher(ctx, out, NULL, 0); - if (i < 0) -- return 0; -+ { -+ err = 0; -+ goto cleanup; -+ } - else - *outl = i; -- return 1; -+ err = 1; -+ goto cleanup; - } +@@ -478,6 +488,7 @@ + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + { + int i, n; ++ int err = 1; + unsigned int b; + *outl = 0; - b=ctx->cipher->block_size; -@@ -520,10 +525,12 @@ - if(ctx->buf_len) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); -- return 0; -+ err = 0; -+ goto cleanup; - } - *outl = 0; -- return 1; -+ err = 1; -+ goto cleanup; - } - if (b > 1) - { -@@ -530,7 +537,8 @@ - if (ctx->buf_len || !ctx->final_used) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); -- return(0); -+ err = 0; -+ goto cleanup; - } - OPENSSL_assert(b <= sizeof ctx->final); +@@ -483,11 +494,13 @@ + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + i = M_do_cipher(ctx, out, NULL, 0); +- if (i < 0) +- return 0; +- else ++ if (i < 0) { ++ err = 0; ++ goto cleanup; ++ } else + *outl = i; +- return 1; ++ err = 1; ++ goto cleanup; + } + + b = ctx->cipher->block_size; +@@ -495,10 +508,12 @@ + if (ctx->buf_len) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, + EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; ++ err = 0; ++ goto cleanup; + } + *outl = 0; +- return 1; ++ err = 1; ++ goto cleanup; + } + if (b > 1) { + if (ctx->buf_len || !ctx->final_used) { +@@ -503,7 +518,8 @@ + if (b > 1) { + if (ctx->buf_len || !ctx->final_used) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); +- return (0); ++ err = 0; ++ goto cleanup; + } + OPENSSL_assert(b <= sizeof ctx->final); -@@ -542,7 +550,8 @@ - if (n == 0 || n > (int)b) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); -- return(0); -+ err = 0; -+ goto cleanup; - } - for (i=0; ifinal[--b] != n) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); -- return(0); -+ err = 0; -+ goto cleanup; - } - } - n=ctx->cipher->block_size-n; -@@ -559,7 +569,13 @@ - } - else - *outl=0; -- return(1); -+ err = 1; +@@ -514,7 +530,8 @@ + n = ctx->final[b - 1]; + if (n == 0 || n > (int)b) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); +- return (0); ++ err = 0; ++ goto cleanup; + } + for (i = 0; i < n; i++) { + if (ctx->final[--b] != n) { +@@ -519,7 +536,8 @@ + for (i = 0; i < n; i++) { + if (ctx->final[--b] != n) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); +- return (0); ++ err = 0; ++ goto cleanup; + } + } + n = ctx->cipher->block_size - n; +@@ -528,7 +546,12 @@ + *outl = n; + } else + *outl = 0; +- return (1); ++ err = 1; +cleanup: -+ if (ctx->cipher->cleanup) -+ { -+ ctx->cipher->cleanup(ctx); -+ } -+ return err; - } ++ if (ctx->cipher->cleanup) { ++ ctx->cipher->cleanup(ctx); ++ } ++ return err; + } void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/37_openssl_t4_inline.patch --- a/components/openssl/openssl-1.0.1/patches/37_openssl_t4_inline.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/37_openssl_t4_inline.patch Fri Mar 20 15:31:27 2015 -0700 @@ -29,15 +29,6 @@ #if defined(__SUNPRO_C) && defined(__sparcv9) # define ABI64 /* They've said -xarch=v9 at command line */ #elif defined(__GNUC__) && defined(__arch64__) -@@ -123,7 +127,7 @@ - fmovs %f1,%f3 - fmovs %f0,%f2 - -- add %fp,BIAS,%i0 ! return pointer to caller´s top of stack -+ add %fp,BIAS,%i0 ! return pointer to caller?s top of stack - - ret - restore @@ -235,10 +239,10 @@ .global _sparcv9_vis1_probe .align 8 @@ -111,98 +102,98 @@ +.global _sparcv9_vis1_instrument_bus +.align 8 +_sparcv9_vis1_instrument_bus: -+ mov %o1,%o3 ! save cnt -+ .word 0x99410000 !rd %tick,%o4 ! tick -+ mov %o4,%o5 ! lasttick = tick -+ set 0,%g4 ! diff ++ mov %o1,%o3 ! save cnt ++ .word 0x99410000 !rd %tick,%o4 ! tick ++ mov %o4,%o5 ! lasttick = tick ++ set 0,%g4 ! diff + -+ andn %o0,63,%g1 -+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load -+ .word 0x8143e040 !membar #Sync -+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit -+ .word 0x8143e040 !membar #Sync -+ ld [%o0],%o4 -+ add %o4,%g4,%g4 -+ .word 0xc9e2100c !cas [%o0],%o4,%g4 ++ andn %o0,63,%g1 ++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load ++ .word 0x8143e040 !membar #Sync ++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit ++ .word 0x8143e040 !membar #Sync ++ ld [%o0],%o4 ++ add %o4,%g4,%g4 ++ .word 0xc9e2100c !cas [%o0],%o4,%g4 + -+.Loop: .word 0x99410000 !rd %tick,%o4 -+ sub %o4,%o5,%g4 ! diff=tick-lasttick -+ mov %o4,%o5 ! lasttick=tick ++.Loop: .word 0x99410000 !rd %tick,%o4 ++ sub %o4,%o5,%g4 ! diff=tick-lasttick ++ mov %o4,%o5 ! lasttick=tick + -+ andn %o0,63,%g1 -+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load -+ .word 0x8143e040 !membar #Sync -+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit -+ .word 0x8143e040 !membar #Sync -+ ld [%o0],%o4 -+ add %o4,%g4,%g4 -+ .word 0xc9e2100c !cas [%o0],%o4,%g4 -+ subcc %o1,1,%o1 ! --$cnt -+ bnz .Loop -+ add %o0,4,%o0 ! ++$out ++ andn %o0,63,%g1 ++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load ++ .word 0x8143e040 !membar #Sync ++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit ++ .word 0x8143e040 !membar #Sync ++ ld [%o0],%o4 ++ add %o4,%g4,%g4 ++ .word 0xc9e2100c !cas [%o0],%o4,%g4 ++ subcc %o1,1,%o1 ! --$cnt ++ bnz .Loop ++ add %o0,4,%o0 ! ++$out + -+ retl -+ mov %o3,%o0 -+.type _sparcv9_vis1_instrument_bus,#function -+.size _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus ++ retl ++ mov %o3,%o0 ++.type _sparcv9_vis1_instrument_bus,#function ++.size _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus + -+.global _sparcv9_vis1_instrument_bus2 -+.align 8 ++.global _sparcv9_vis1_instrument_bus2 ++.align 8 +_sparcv9_vis1_instrument_bus2: -+ mov %o1,%o3 ! save cnt -+ sll %o1,2,%o1 ! cnt*=4 ++ mov %o1,%o3 ! save cnt ++ sll %o1,2,%o1 ! cnt*=4 + -+ .word 0x99410000 !rd %tick,%o4 ! tick -+ mov %o4,%o5 ! lasttick = tick -+ set 0,%g4 ! diff ++ .word 0x99410000 !rd %tick,%o4 ! tick ++ mov %o4,%o5 ! lasttick = tick ++ set 0,%g4 ! diff + -+ andn %o0,63,%g1 -+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load -+ .word 0x8143e040 !membar #Sync -+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit -+ .word 0x8143e040 !membar #Sync -+ ld [%o0],%o4 -+ add %o4,%g4,%g4 -+ .word 0xc9e2100c !cas [%o0],%o4,%g4 ++ andn %o0,63,%g1 ++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load ++ .word 0x8143e040 !membar #Sync ++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit ++ .word 0x8143e040 !membar #Sync ++ ld [%o0],%o4 ++ add %o4,%g4,%g4 ++ .word 0xc9e2100c !cas [%o0],%o4,%g4 + -+ .word 0x99410000 !rd %tick,%o4 ! tick -+ sub %o4,%o5,%g4 ! diff=tick-lasttick -+ mov %o4,%o5 ! lasttick=tick -+ mov %g4,%g5 ! lastdiff=diff ++ .word 0x99410000 !rd %tick,%o4 ! tick ++ sub %o4,%o5,%g4 ! diff=tick-lasttick ++ mov %o4,%o5 ! lasttick=tick ++ mov %g4,%g5 ! lastdiff=diff +.Loop2: -+ andn %o0,63,%g1 -+ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load -+ .word 0x8143e040 !membar #Sync -+ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit -+ .word 0x8143e040 !membar #Sync -+ ld [%o0],%o4 -+ add %o4,%g4,%g4 -+ .word 0xc9e2100c !cas [%o0],%o4,%g4 ++ andn %o0,63,%g1 ++ .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load ++ .word 0x8143e040 !membar #Sync ++ .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit ++ .word 0x8143e040 !membar #Sync ++ ld [%o0],%o4 ++ add %o4,%g4,%g4 ++ .word 0xc9e2100c !cas [%o0],%o4,%g4 + -+ subcc %o2,1,%o2 ! --max -+ bz .Ldone2 -+ nop ++ subcc %o2,1,%o2 ! --max ++ bz .Ldone2 ++ nop + -+ .word 0x99410000 !rd %tick,%o4 ! tick -+ sub %o4,%o5,%g4 ! diff=tick-lasttick -+ mov %o4,%o5 ! lasttick=tick -+ cmp %g4,%g5 -+ mov %g4,%g5 ! lastdiff=diff ++ .word 0x99410000 !rd %tick,%o4 ! tick ++ sub %o4,%o5,%g4 ! diff=tick-lasttick ++ mov %o4,%o5 ! lasttick=tick ++ cmp %g4,%g5 ++ mov %g4,%g5 ! lastdiff=diff + -+ .word 0x83408000 !rd %ccr,%g1 -+ and %g1,4,%g1 ! isolate zero flag -+ xor %g1,4,%g1 ! flip zero flag ++ .word 0x83408000 !rd %ccr,%g1 ++ and %g1,4,%g1 ! isolate zero flag ++ xor %g1,4,%g1 ! flip zero flag + -+ subcc %o1,%g1,%o1 ! conditional --$cnt -+ bnz .Loop2 -+ add %o0,%g1,%o0 ! conditional ++$out ++ subcc %o1,%g1,%o1 ! conditional --$cnt ++ bnz .Loop2 ++ add %o0,%g1,%o0 ! conditional ++$out + +.Ldone2: -+ srl %o1,2,%o1 -+ retl -+ sub %o3,%o1,%o0 -+.type _sparcv9_vis1_instrument_bus2,#function -+.size _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2 ++ srl %o1,2,%o1 ++ retl ++ sub %o3,%o1,%o0 ++.type _sparcv9_vis1_instrument_bus2,#function ++.size _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2 + .section ".init",#alloc,#execinstr call solaris_locking_setup @@ -212,285 +203,281 @@ diff -ru openssl-1.0.1e/crypto/sparcv9cap.c openssl-1.0.1e/crypto/sparcv9cap.c --- openssl-1.0.1e/crypto/sparcv9cap.c 2011-05-24 17:02:24.000000000 -0700 +++ openssl-1.0.1e/crypto/sparcv9cap.c 2011-07-27 10:48:17.817470000 -0700 -@@ -4,31 +4,55 @@ +@@ -4,34 +4,58 @@ #include #include #include +#include #include --#define SPARCV9_TICK_PRIVILEGED (1<<0) --#define SPARCV9_PREFER_FPU (1<<1) --#define SPARCV9_VIS1 (1<<2) --#define SPARCV9_VIS2 (1<<3) /* reserved */ --#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ +-#define SPARCV9_TICK_PRIVILEGED (1<<0) +-#define SPARCV9_PREFER_FPU (1<<1) +-#define SPARCV9_VIS1 (1<<2) +-#define SPARCV9_VIS2 (1<<3) /* reserved */ +-#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ +#include "sparc_arch.h" +#if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +#endif - #ifndef _BOOT --static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; -+unsigned int OPENSSL_sparcv9cap_P[2]={SPARCV9_TICK_PRIVILEGED,0}; + #ifndef _BOOT +-static int OPENSSL_sparcv9cap_P = SPARCV9_TICK_PRIVILEGED; ++unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_TICK_PRIVILEGED, 0}; #else -static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1; -+unsigned int OPENSSL_sparcv9cap_P[2]={SPARCV9_VIS1,0}; ++unsigned int OPENSSL_sparcv9cap_P[2] = {SPARCV9_VIS1, 0}; #endif - int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) - { -+ int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); - int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); - int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); + int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num) + { ++ int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ const BN_ULONG *np,const BN_ULONG *n0, int num); + int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); + int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); -- if (num>=8 && !(num&1) && -- (OPENSSL_sparcv9cap_P&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) == -- (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) -- return bn_mul_mont_fpu(rp,ap,bp,np,n0,num); -- else -- return bn_mul_mont_int(rp,ap,bp,np,n0,num); -+ if (!(num&1) && num>=6) -+ { -+ if ((num&15)==0 && num<=64 && -+ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))== -+ (CFR_MONTMUL|CFR_MONTSQR)) -+ { -+ typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); -+ static const bn_mul_mont_f funcs[4] = { -+ bn_mul_mont_t4_8, bn_mul_mont_t4_16, -+ bn_mul_mont_t4_24, bn_mul_mont_t4_32 }; -+ bn_mul_mont_f worker = funcs[num/16-1]; +- if (num >= 8 && !(num & 1) && +- (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) == +- (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) +- return bn_mul_mont_fpu(rp, ap, bp, np, n0, num); +- else +- return bn_mul_mont_int(rp, ap, bp, np, n0, num); ++ if (!(num&1) && num>=6) { ++ if ((num&15)==0 && num<=64 && ++ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))== ++ (CFR_MONTMUL|CFR_MONTSQR)) ++ { ++ typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0); ++ static const bn_mul_mont_f funcs[4] = { ++ bn_mul_mont_t4_8, bn_mul_mont_t4_16, ++ bn_mul_mont_t4_24, bn_mul_mont_t4_32 }; ++ bn_mul_mont_f worker = funcs[num/16-1]; + -+ if ((*worker)(rp,ap,bp,np,n0)) return 1; -+ /* retry once and fall back */ -+ if ((*worker)(rp,ap,bp,np,n0)) return 1; -+ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num); -+ } -+ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3)) -+ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num); -+ else if (num>=8 && -+ (OPENSSL_sparcv9cap_P[0]&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) == -+ (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) -+ return bn_mul_mont_fpu(rp,ap,bp,np,n0,num); -+ } -+ return bn_mul_mont_int(rp,ap,bp,np,n0,num); - } ++ if ((*worker)(rp,ap,bp,np,n0)) return 1; ++ /* retry once and fall back */ ++ if ((*worker)(rp,ap,bp,np,n0)) return 1; ++ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num); ++ } ++ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3)) ++ return bn_mul_mont_vis3(rp,ap,bp,np,n0,num); ++ else if (num>=8 && ++ (OPENSSL_sparcv9cap_P[0]&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) == ++ (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ++ return bn_mul_mont_fpu(rp,ap,bp,np,n0,num); ++ } ++ return bn_mul_mont_int(rp,ap,bp,np,n0,num); + } - unsigned long _sparcv9_rdtick(void); -@@ -36,11 +60,18 @@ - unsigned long _sparcv9_vis1_instrument(void); - void _sparcv9_vis2_probe(void); - void _sparcv9_fmadd_probe(void); -+unsigned long _sparcv9_rdcfr(void); -+void _sparcv9_vis3_probe(void); -+unsigned long _sparcv9_random(void); + unsigned long _sparcv9_rdtick(void); +@@ -39,11 +63,18 @@ + unsigned long _sparcv9_vis1_instrument(void); + void _sparcv9_vis2_probe(void); + void _sparcv9_fmadd_probe(void); ++unsigned long _sparcv9_rdcfr(void); ++void _sparcv9_vis3_probe(void); ++unsigned long _sparcv9_random(void); +#ifndef _BOOT -+size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t); -+size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t); ++size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t); ++size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t); +#endif #ifndef _BOOT unsigned long OPENSSL_rdtsc(void) - { -- if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED) -+ if (OPENSSL_sparcv9cap_P[0]&SPARCV9_TICK_PRIVILEGED) + { +- if (OPENSSL_sparcv9cap_P & SPARCV9_TICK_PRIVILEGED) ++ if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED) #if defined(__sun) && defined(__SVR4) - return gethrtime(); + return gethrtime(); #else -@@ -49,6 +80,24 @@ - else - return _sparcv9_rdtick(); - } +@@ -52,6 +83,24 @@ + else + return _sparcv9_rdtick(); + } + +size_t OPENSSL_instrument_bus(unsigned int *out,size_t cnt) -+ { -+ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) == -+ SPARCV9_BLK) -+ return _sparcv9_vis1_instrument_bus(out,cnt); -+ else -+ return 0; -+ } ++{ ++ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) == ++ SPARCV9_BLK) ++ return _sparcv9_vis1_instrument_bus(out,cnt); ++ else ++ return 0; ++} + +size_t OPENSSL_instrument_bus2(unsigned int *out,size_t cnt,size_t max) -+ { -+ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) == -+ SPARCV9_BLK) -+ return _sparcv9_vis1_instrument_bus2(out,cnt,max); -+ else -+ return 0; -+ } ++{ ++ if ((OPENSSL_sparcv9cap_P[0]&(SPARCV9_TICK_PRIVILEGED|SPARCV9_BLK)) == ++ SPARCV9_BLK) ++ return _sparcv9_vis1_instrument_bus2(out,cnt,max); ++ else ++ return 0; ++} #endif #if defined(_BOOT) -@@ -58,7 +107,7 @@ +@@ -61,7 +110,7 @@ */ void OPENSSL_cpuid_setup(void) - { -- OPENSSL_sparcv9cap_P = SPARCV9_VIS1; -+ OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1; - } + { +- OPENSSL_sparcv9cap_P = SPARCV9_VIS1; ++ OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1; + } #elif 0 && defined(__sun) && defined(__SVR4) -@@ -85,11 +116,11 @@ - if (!strcmp (name,"SUNW,UltraSPARC") || - !strncmp(name,"SUNW,UltraSPARC-I",17)) /* covers II,III,IV */ - { -- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU|SPARCV9_VIS1; +@@ -90,11 +139,11 @@ + if (!strcmp(name, "SUNW,UltraSPARC") || + /* covers II,III,IV */ + !strncmp(name, "SUNW,UltraSPARC-I", 17)) { +- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU | SPARCV9_VIS1; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1; - /* %tick is privileged only on UltraSPARC-I/II, but not IIe */ - if (name[14]!='\0' && name[17]!='\0' && name[18]!='\0') -- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + /* %tick is privileged only on UltraSPARC-I/II, but not IIe */ + if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0') +- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - return DI_WALK_TERMINATE; - } -@@ -96,7 +127,7 @@ - /* This is expected to catch remaining UltraSPARCs, such as T1 */ - else if (!strncmp(name,"SUNW,UltraSPARC",15)) - { -- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + return DI_WALK_TERMINATE; + } +@@ -100,7 +149,7 @@ + } + /* This is expected to catch remaining UltraSPARCs, such as T1 */ + else if (!strncmp(name, "SUNW,UltraSPARC", 15)) { +- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - return DI_WALK_TERMINATE; - } -@@ -115,7 +146,7 @@ + return DI_WALK_TERMINATE; + } +@@ -119,7 +168,7 @@ + trigger = 1; - if ((e=getenv("OPENSSL_sparcv9cap"))) - { -- OPENSSL_sparcv9cap_P=strtoul(e,NULL,0); -+ OPENSSL_sparcv9cap_P[0]=strtoul(e,NULL,0); - return; - } + if ((e = getenv("OPENSSL_sparcv9cap"))) { +- OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0); ++ OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0); + return; + } -@@ -123,17 +154,17 @@ - { - if (strcmp(si,"sun4v")) - /* FPU is preferred for all CPUs, but US-T1/2 */ -- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; - } +@@ -126,15 +175,15 @@ + if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) { + if (strcmp(si, "sun4v")) + /* FPU is preferred for all CPUs, but US-T1/2 */ +- OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; + } - if (sysinfo(SI_ISALIST,si,sizeof(si))>0) - { - if (strstr(si,"+vis")) -- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1|SPARCV9_BLK; - if (strstr(si,"+vis2")) - { -- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; -- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; -+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - return; - } - } -@@ -193,12 +224,14 @@ - - if ((e=getenv("OPENSSL_sparcv9cap"))) - { -- OPENSSL_sparcv9cap_P=strtoul(e,NULL,0); -+ OPENSSL_sparcv9cap_P[0]=strtoul(e,NULL,0); -+ if ((e=strchr(e,':'))) -+ OPENSSL_sparcv9cap_P[1]=strtoul(e+1,NULL,0); - return; - } + if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) { + if (strstr(si, "+vis")) +- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK; + if (strstr(si, "+vis2")) { +- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; +- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; ++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + return; + } + } +@@ -204,12 +253,14 @@ + trigger = 1; - /* Initial value, fits UltraSPARC-I&II... */ -- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED; + if ((e = getenv("OPENSSL_sparcv9cap"))) { +- OPENSSL_sparcv9cap_P = strtoul(e, NULL, 0); ++ OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0); ++ if ((e = strchr(e, ':'))) ++ OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0); + return; + } + + /* Initial value, fits UltraSPARC-I&II... */ +- OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; + + sigfillset(&all_masked); + sigdelset(&all_masked, SIGILL); +@@ -232,18 +283,18 @@ - sigfillset(&all_masked); - sigdelset(&all_masked,SIGILL); -@@ -221,20 +254,20 @@ - if (sigsetjmp(common_jmp,1) == 0) - { - _sparcv9_rdtick(); -- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - } + if (sigsetjmp(common_jmp, 1) == 0) { + _sparcv9_rdtick(); +- OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + } - if (sigsetjmp(common_jmp,1) == 0) - { - _sparcv9_vis1_probe(); -- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1|SPARCV9_BLK; - /* detect UltraSPARC-Tx, see sparccpud.S for details... */ - if (_sparcv9_vis1_instrument() >= 12) -- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); -+ OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); - else - { - _sparcv9_vis2_probe(); -- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; - } - } + if (sigsetjmp(common_jmp, 1) == 0) { + _sparcv9_vis1_probe(); +- OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK; + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if (_sparcv9_vis1_instrument() >= 12) +- OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); ++ OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); + else { + _sparcv9_vis2_probe(); +- OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; + } + } -@@ -241,13 +274,53 @@ - if (sigsetjmp(common_jmp,1) == 0) - { - _sparcv9_fmadd_probe(); -- OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; - } +@@ -249,13 +300,50 @@ + + if (sigsetjmp(common_jmp, 1) == 0) { + _sparcv9_fmadd_probe(); +- OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; + } -+ /* -+ * VIS3 flag is tested independently from VIS1, unlike VIS2 that is, -+ * because VIS3 defines even integer instructions. -+ */ -+ if (sigsetjmp(common_jmp,1) == 0) -+ { -+ _sparcv9_vis3_probe(); -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; -+ } ++ /* ++ * VIS3 flag is tested independently from VIS1, unlike VIS2 that is, ++ * because VIS3 defines even integer instructions. ++ */ ++ if (sigsetjmp(common_jmp,1) == 0) { ++ _sparcv9_vis3_probe(); ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; ++ } + -+ if (sigsetjmp(common_jmp,1) == 0) -+ { -+ (void)_sparcv9_random(); -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM; -+ } ++ if (sigsetjmp(common_jmp,1) == 0) { ++ (void)_sparcv9_random(); ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM; ++ } + -+ /* -+ * In wait for better solution _sparcv9_rdcfr is masked by -+ * VIS3 flag, because it goes to uninterruptable endless -+ * loop on UltraSPARC II running Solaris. Things might be -+ * different on Linux... -+ */ -+ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && -+ sigsetjmp(common_jmp,1) == 0) -+ { -+ OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); -+ } ++ /* ++ * In wait for better solution _sparcv9_rdcfr is masked by ++ * VIS3 flag, because it goes to uninterruptable endless ++ * loop on UltraSPARC II running Solaris. Things might be ++ * different on Linux... ++ */ ++ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && ++ sigsetjmp(common_jmp, 1) == 0) { ++ OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); ++ } + - sigaction(SIGBUS,&bus_oact,NULL); - sigaction(SIGILL,&ill_oact,NULL); + sigaction(SIGBUS, &bus_oact, NULL); + sigaction(SIGILL, &ill_oact, NULL); - sigprocmask(SIG_SETMASK,&oset,NULL); + sigprocmask(SIG_SETMASK, &oset, NULL); + -+ if (sizeof(size_t)==8) -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; ++ if (sizeof(size_t) == 8) ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; +#ifdef __linux -+ else -+ { -+ int ret = syscall(340); ++ else ++ { ++ int ret = syscall(340); + -+ if (ret>=0 && ret&1) -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; -+ } ++ if (ret >= 0 && ret & 1) ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; ++ } +#endif - } + } #endif Index: crypto/md5/Makefile =================================================================== diff -ru openssl-1.0.1e/crypto/md5/Makefile openssl-1.0.1e/crypto/md5/Makefile ---- openssl-1.0.1e/crypto/md5/Makefile 2011-05-24 17:02:24.000000000 -0700 -+++ openssl-1.0.1e/crypto/md5/Makefile 2011-07-27 10:48:17.817470000 -0700 +--- openssl-1.0.1e/crypto/md5/Makefile 2011-05-24 17:02:24.000000000 -0700 ++++ openssl-1.0.1e/crypto/md5/Makefile 2011-07-27 10:48:17.817470000 -0700 @@ -52,6 +52,9 @@ $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ @@ -574,81 +561,81 @@ .align 32 .globl sha1_block_data_order sha1_block_data_order: -+ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) -+ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] ++ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) ++ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] + -+ andcc %g1, CFR_SHA1, %g0 -+ be .Lsoftware -+ nop ++ andcc %g1, CFR_SHA1, %g0 ++ be .Lsoftware ++ nop + -+ ld [%o0 + 0x00], %f0 ! load context -+ ld [%o0 + 0x04], %f1 -+ ld [%o0 + 0x08], %f2 -+ andcc %o1, 0x7, %g0 -+ ld [%o0 + 0x0c], %f3 -+ bne,pn %icc, .Lhwunaligned -+ ld [%o0 + 0x10], %f4 ++ ld [%o0 + 0x00], %f0 ! load context ++ ld [%o0 + 0x04], %f1 ++ ld [%o0 + 0x08], %f2 ++ andcc %o1, 0x7, %g0 ++ ld [%o0 + 0x0c], %f3 ++ bne,pn %icc, .Lhwunaligned ++ ld [%o0 + 0x10], %f4 + +.Lhw_loop: -+ ldd [%o1 + 0x00], %f8 -+ ldd [%o1 + 0x08], %f10 -+ ldd [%o1 + 0x10], %f12 -+ ldd [%o1 + 0x18], %f14 -+ ldd [%o1 + 0x20], %f16 -+ ldd [%o1 + 0x28], %f18 -+ ldd [%o1 + 0x30], %f20 -+ subcc %o2, 1, %o2 ! done yet? -+ ldd [%o1 + 0x38], %f22 -+ add %o1, 0x40, %o1 ++ ldd [%o1 + 0x00], %f8 ++ ldd [%o1 + 0x08], %f10 ++ ldd [%o1 + 0x10], %f12 ++ ldd [%o1 + 0x18], %f14 ++ ldd [%o1 + 0x20], %f16 ++ ldd [%o1 + 0x28], %f18 ++ ldd [%o1 + 0x30], %f20 ++ subcc %o2, 1, %o2 ! done yet? ++ ldd [%o1 + 0x38], %f22 ++ add %o1, 0x40, %o1 + -+ .word 0x81b02820 ! SHA1 ++ .word 0x81b02820 ! SHA1 + -+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhw_loop -+ nop ++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhw_loop ++ nop + +.Lhwfinish: -+ st %f0, [%o0 + 0x00] ! store context -+ st %f1, [%o0 + 0x04] -+ st %f2, [%o0 + 0x08] -+ st %f3, [%o0 + 0x0c] -+ retl -+ st %f4, [%o0 + 0x10] ++ st %f0, [%o0 + 0x00] ! store context ++ st %f1, [%o0 + 0x04] ++ st %f2, [%o0 + 0x08] ++ st %f3, [%o0 + 0x0c] ++ retl ++ st %f4, [%o0 + 0x10] + -+.align 8 ++.align 8 +.Lhwunaligned: -+ alignaddr %o1, %g0, %o1 ++ alignaddr %o1, %g0, %o1 + -+ ldd [%o1 + 0x00], %f10 ++ ldd [%o1 + 0x00], %f10 +.Lhwunaligned_loop: -+ ldd [%o1 + 0x08], %f12 -+ ldd [%o1 + 0x10], %f14 -+ ldd [%o1 + 0x18], %f16 -+ ldd [%o1 + 0x20], %f18 -+ ldd [%o1 + 0x28], %f20 -+ ldd [%o1 + 0x30], %f22 -+ ldd [%o1 + 0x38], %f24 -+ subcc %o2, 1, %o2 ! done yet? -+ ldd [%o1 + 0x40], %f26 -+ add %o1, 0x40, %o1 ++ ldd [%o1 + 0x08], %f12 ++ ldd [%o1 + 0x10], %f14 ++ ldd [%o1 + 0x18], %f16 ++ ldd [%o1 + 0x20], %f18 ++ ldd [%o1 + 0x28], %f20 ++ ldd [%o1 + 0x30], %f22 ++ ldd [%o1 + 0x38], %f24 ++ subcc %o2, 1, %o2 ! done yet? ++ ldd [%o1 + 0x40], %f26 ++ add %o1, 0x40, %o1 + -+ faligndata %f10, %f12, %f8 -+ faligndata %f12, %f14, %f10 -+ faligndata %f14, %f16, %f12 -+ faligndata %f16, %f18, %f14 -+ faligndata %f18, %f20, %f16 -+ faligndata %f20, %f22, %f18 -+ faligndata %f22, %f24, %f20 -+ faligndata %f24, %f26, %f22 ++ faligndata %f10, %f12, %f8 ++ faligndata %f12, %f14, %f10 ++ faligndata %f14, %f16, %f12 ++ faligndata %f16, %f18, %f14 ++ faligndata %f18, %f20, %f16 ++ faligndata %f20, %f22, %f18 ++ faligndata %f22, %f24, %f20 ++ faligndata %f24, %f26, %f22 + -+ .word 0x81b02820 ! SHA1 ++ .word 0x81b02820 ! SHA1 + -+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop -+ for %f26, %f26, %f10 ! %f10=%f26 ++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop ++ for %f26, %f26, %f10 ! %f10=%f26 + -+ ba .Lhwfinish -+ nop ++ ba .Lhwfinish ++ nop + -+.align 16 ++.align 16 +.Lsoftware: save %sp,-$frame,%sp sllx $len,6,$len @@ -667,27 +654,27 @@ +sub unvis { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my $ref,$opf; -+my %visopf = ( "faligndata" => 0x048, -+ "for" => 0x07c ); ++my %visopf = ( "faligndata" => 0x048, ++ "for" => 0x07c ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { -+ foreach ($rs1,$rs2,$rd) { -+ return $ref if (!/%f([0-9]{1,2})/); -+ $_=$1; -+ if ($1>=32) { -+ return $ref if ($1&1); -+ # re-encode for upper double register addressing -+ $_=($1|$1>>5)&31; -+ } -+ } ++ foreach ($rs1,$rs2,$rd) { ++ return $ref if (!/%f([0-9]{1,2})/); ++ $_=$1; ++ if ($1>=32) { ++ return $ref if ($1&1); ++ # re-encode for upper double register addressing ++ $_=($1|$1>>5)&31; ++ } ++ } + -+ return sprintf ".word\t0x%08x !%s", -+ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, -+ $ref; ++ return sprintf ".word\t0x%08x !%s", ++ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, ++ $ref; + } else { -+ return $ref; ++ return $ref; + } +} +sub unalignaddr { @@ -696,25 +683,25 @@ +my $ref="$mnemonic\t$rs1,$rs2,$rd"; + + foreach ($rs1,$rs2,$rd) { -+ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } -+ else { return $ref; } ++ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } ++ else { return $ref; } + } + return sprintf ".word\t0x%08x !%s", -+ 0x81b00300|$rd<<25|$rs1<<14|$rs2, -+ $ref; ++ 0x81b00300|$rd<<25|$rs1<<14|$rs2, ++ $ref; +} + +foreach (split("\n",$code)) { -+ s/\`([^\`]*)\`/eval $1/ge; ++ s/\`([^\`]*)\`/eval $1/ge; + -+ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ -+ &unvis($1,$2,$3,$4) -+ /ge; -+ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ -+ &unalignaddr($1,$2,$3,$4) -+ /ge; ++ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ ++ &unvis($1,$2,$3,$4) ++ /ge; ++ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ ++ &unalignaddr($1,$2,$3,$4) ++ /ge; + -+ print $_,"\n"; ++ print $_,"\n"; +} + close STDOUT; @@ -767,187 +754,187 @@ .globl sha${label}_block_data_order +.align 32 sha${label}_block_data_order: -+ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) -+ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] ++ SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) ++ ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] + -+ andcc %g1, CFR_SHA${label}, %g0 -+ be .Lsoftware -+ nop ++ andcc %g1, CFR_SHA${label}, %g0 ++ be .Lsoftware ++ nop +___ -+$code.=<<___ if ($SZ==8); # SHA512 -+ ldd [%o0 + 0x00], %f0 ! load context -+ ldd [%o0 + 0x08], %f2 -+ ldd [%o0 + 0x10], %f4 -+ ldd [%o0 + 0x18], %f6 -+ ldd [%o0 + 0x20], %f8 -+ ldd [%o0 + 0x28], %f10 -+ andcc %o1, 0x7, %g0 -+ ldd [%o0 + 0x30], %f12 -+ bne,pn %icc, .Lhwunaligned -+ ldd [%o0 + 0x38], %f14 ++$code.=<<___ if ($SZ==8); # SHA512 ++ ldd [%o0 + 0x00], %f0 ! load context ++ ldd [%o0 + 0x08], %f2 ++ ldd [%o0 + 0x10], %f4 ++ ldd [%o0 + 0x18], %f6 ++ ldd [%o0 + 0x20], %f8 ++ ldd [%o0 + 0x28], %f10 ++ andcc %o1, 0x7, %g0 ++ ldd [%o0 + 0x30], %f12 ++ bne,pn %icc, .Lhwunaligned ++ ldd [%o0 + 0x38], %f14 + +.Lhwaligned_loop: -+ ldd [%o1 + 0x00], %f16 -+ ldd [%o1 + 0x08], %f18 -+ ldd [%o1 + 0x10], %f20 -+ ldd [%o1 + 0x18], %f22 -+ ldd [%o1 + 0x20], %f24 -+ ldd [%o1 + 0x28], %f26 -+ ldd [%o1 + 0x30], %f28 -+ ldd [%o1 + 0x38], %f30 -+ ldd [%o1 + 0x40], %f32 -+ ldd [%o1 + 0x48], %f34 -+ ldd [%o1 + 0x50], %f36 -+ ldd [%o1 + 0x58], %f38 -+ ldd [%o1 + 0x60], %f40 -+ ldd [%o1 + 0x68], %f42 -+ ldd [%o1 + 0x70], %f44 -+ subcc %o2, 1, %o2 ! done yet? -+ ldd [%o1 + 0x78], %f46 -+ add %o1, 0x80, %o1 ++ ldd [%o1 + 0x00], %f16 ++ ldd [%o1 + 0x08], %f18 ++ ldd [%o1 + 0x10], %f20 ++ ldd [%o1 + 0x18], %f22 ++ ldd [%o1 + 0x20], %f24 ++ ldd [%o1 + 0x28], %f26 ++ ldd [%o1 + 0x30], %f28 ++ ldd [%o1 + 0x38], %f30 ++ ldd [%o1 + 0x40], %f32 ++ ldd [%o1 + 0x48], %f34 ++ ldd [%o1 + 0x50], %f36 ++ ldd [%o1 + 0x58], %f38 ++ ldd [%o1 + 0x60], %f40 ++ ldd [%o1 + 0x68], %f42 ++ ldd [%o1 + 0x70], %f44 ++ subcc %o2, 1, %o2 ! done yet? ++ ldd [%o1 + 0x78], %f46 ++ add %o1, 0x80, %o1 + -+ .word 0x81b02860 ! SHA512 ++ .word 0x81b02860 ! SHA512 + -+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwaligned_loop -+ nop ++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwaligned_loop ++ nop + +.Lhwfinish: -+ std %f0, [%o0 + 0x00] ! store context -+ std %f2, [%o0 + 0x08] -+ std %f4, [%o0 + 0x10] -+ std %f6, [%o0 + 0x18] -+ std %f8, [%o0 + 0x20] -+ std %f10, [%o0 + 0x28] -+ std %f12, [%o0 + 0x30] -+ retl -+ std %f14, [%o0 + 0x38] ++ std %f0, [%o0 + 0x00] ! store context ++ std %f2, [%o0 + 0x08] ++ std %f4, [%o0 + 0x10] ++ std %f6, [%o0 + 0x18] ++ std %f8, [%o0 + 0x20] ++ std %f10, [%o0 + 0x28] ++ std %f12, [%o0 + 0x30] ++ retl ++ std %f14, [%o0 + 0x38] + -+.align 16 ++.align 16 +.Lhwunaligned: -+ alignaddr %o1, %g0, %o1 ++ alignaddr %o1, %g0, %o1 + -+ ldd [%o1 + 0x00], %f18 ++ ldd [%o1 + 0x00], %f18 +.Lhwunaligned_loop: -+ ldd [%o1 + 0x08], %f20 -+ ldd [%o1 + 0x10], %f22 -+ ldd [%o1 + 0x18], %f24 -+ ldd [%o1 + 0x20], %f26 -+ ldd [%o1 + 0x28], %f28 -+ ldd [%o1 + 0x30], %f30 -+ ldd [%o1 + 0x38], %f32 -+ ldd [%o1 + 0x40], %f34 -+ ldd [%o1 + 0x48], %f36 -+ ldd [%o1 + 0x50], %f38 -+ ldd [%o1 + 0x58], %f40 -+ ldd [%o1 + 0x60], %f42 -+ ldd [%o1 + 0x68], %f44 -+ ldd [%o1 + 0x70], %f46 -+ ldd [%o1 + 0x78], %f48 -+ subcc %o2, 1, %o2 ! done yet? -+ ldd [%o1 + 0x80], %f50 -+ add %o1, 0x80, %o1 ++ ldd [%o1 + 0x08], %f20 ++ ldd [%o1 + 0x10], %f22 ++ ldd [%o1 + 0x18], %f24 ++ ldd [%o1 + 0x20], %f26 ++ ldd [%o1 + 0x28], %f28 ++ ldd [%o1 + 0x30], %f30 ++ ldd [%o1 + 0x38], %f32 ++ ldd [%o1 + 0x40], %f34 ++ ldd [%o1 + 0x48], %f36 ++ ldd [%o1 + 0x50], %f38 ++ ldd [%o1 + 0x58], %f40 ++ ldd [%o1 + 0x60], %f42 ++ ldd [%o1 + 0x68], %f44 ++ ldd [%o1 + 0x70], %f46 ++ ldd [%o1 + 0x78], %f48 ++ subcc %o2, 1, %o2 ! done yet? ++ ldd [%o1 + 0x80], %f50 ++ add %o1, 0x80, %o1 + -+ faligndata %f18, %f20, %f16 -+ faligndata %f20, %f22, %f18 -+ faligndata %f22, %f24, %f20 -+ faligndata %f24, %f26, %f22 -+ faligndata %f26, %f28, %f24 -+ faligndata %f28, %f30, %f26 -+ faligndata %f30, %f32, %f28 -+ faligndata %f32, %f34, %f30 -+ faligndata %f34, %f36, %f32 -+ faligndata %f36, %f38, %f34 -+ faligndata %f38, %f40, %f36 -+ faligndata %f40, %f42, %f38 -+ faligndata %f42, %f44, %f40 -+ faligndata %f44, %f46, %f42 -+ faligndata %f46, %f48, %f44 -+ faligndata %f48, %f50, %f46 ++ faligndata %f18, %f20, %f16 ++ faligndata %f20, %f22, %f18 ++ faligndata %f22, %f24, %f20 ++ faligndata %f24, %f26, %f22 ++ faligndata %f26, %f28, %f24 ++ faligndata %f28, %f30, %f26 ++ faligndata %f30, %f32, %f28 ++ faligndata %f32, %f34, %f30 ++ faligndata %f34, %f36, %f32 ++ faligndata %f36, %f38, %f34 ++ faligndata %f38, %f40, %f36 ++ faligndata %f40, %f42, %f38 ++ faligndata %f42, %f44, %f40 ++ faligndata %f44, %f46, %f42 ++ faligndata %f46, %f48, %f44 ++ faligndata %f48, %f50, %f46 + -+ .word 0x81b02860 ! SHA512 ++ .word 0x81b02860 ! SHA512 + -+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop -+ for %f50, %f50, %f18 ! %f18=%f50 ++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop ++ for %f50, %f50, %f18 ! %f18=%f50 + -+ ba .Lhwfinish -+ nop ++ ba .Lhwfinish ++ nop +___ -+$code.=<<___ if ($SZ==4); # SHA256 -+ ld [%o0 + 0x00], %f0 -+ ld [%o0 + 0x04], %f1 -+ ld [%o0 + 0x08], %f2 -+ ld [%o0 + 0x0c], %f3 -+ ld [%o0 + 0x10], %f4 -+ ld [%o0 + 0x14], %f5 -+ andcc %o1, 0x7, %g0 -+ ld [%o0 + 0x18], %f6 -+ bne,pn %icc, .Lhwunaligned -+ ld [%o0 + 0x1c], %f7 ++$code.=<<___ if ($SZ==4); # SHA256 ++ ld [%o0 + 0x00], %f0 ++ ld [%o0 + 0x04], %f1 ++ ld [%o0 + 0x08], %f2 ++ ld [%o0 + 0x0c], %f3 ++ ld [%o0 + 0x10], %f4 ++ ld [%o0 + 0x14], %f5 ++ andcc %o1, 0x7, %g0 ++ ld [%o0 + 0x18], %f6 ++ bne,pn %icc, .Lhwunaligned ++ ld [%o0 + 0x1c], %f7 + +.Lhwloop: -+ ldd [%o1 + 0x00], %f8 -+ ldd [%o1 + 0x08], %f10 -+ ldd [%o1 + 0x10], %f12 -+ ldd [%o1 + 0x18], %f14 -+ ldd [%o1 + 0x20], %f16 -+ ldd [%o1 + 0x28], %f18 -+ ldd [%o1 + 0x30], %f20 -+ subcc %o2, 1, %o2 ! done yet? -+ ldd [%o1 + 0x38], %f22 -+ add %o1, 0x40, %o1 ++ ldd [%o1 + 0x00], %f8 ++ ldd [%o1 + 0x08], %f10 ++ ldd [%o1 + 0x10], %f12 ++ ldd [%o1 + 0x18], %f14 ++ ldd [%o1 + 0x20], %f16 ++ ldd [%o1 + 0x28], %f18 ++ ldd [%o1 + 0x30], %f20 ++ subcc %o2, 1, %o2 ! done yet? ++ ldd [%o1 + 0x38], %f22 ++ add %o1, 0x40, %o1 + -+ .word 0x81b02840 ! SHA256 ++ .word 0x81b02840 ! SHA256 + -+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwloop -+ nop ++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwloop ++ nop + +.Lhwfinish: -+ st %f0, [%o0 + 0x00] ! store context -+ st %f1, [%o0 + 0x04] -+ st %f2, [%o0 + 0x08] -+ st %f3, [%o0 + 0x0c] -+ st %f4, [%o0 + 0x10] -+ st %f5, [%o0 + 0x14] -+ st %f6, [%o0 + 0x18] -+ retl -+ st %f7, [%o0 + 0x1c] ++ st %f0, [%o0 + 0x00] ! store context ++ st %f1, [%o0 + 0x04] ++ st %f2, [%o0 + 0x08] ++ st %f3, [%o0 + 0x0c] ++ st %f4, [%o0 + 0x10] ++ st %f5, [%o0 + 0x14] ++ st %f6, [%o0 + 0x18] ++ retl ++ st %f7, [%o0 + 0x1c] + -+.align 8 ++.align 8 +.Lhwunaligned: -+ alignaddr %o1, %g0, %o1 ++ alignaddr %o1, %g0, %o1 + -+ ldd [%o1 + 0x00], %f10 ++ ldd [%o1 + 0x00], %f10 +.Lhwunaligned_loop: -+ ldd [%o1 + 0x08], %f12 -+ ldd [%o1 + 0x10], %f14 -+ ldd [%o1 + 0x18], %f16 -+ ldd [%o1 + 0x20], %f18 -+ ldd [%o1 + 0x28], %f20 -+ ldd [%o1 + 0x30], %f22 -+ ldd [%o1 + 0x38], %f24 -+ subcc %o2, 1, %o2 ! done yet? -+ ldd [%o1 + 0x40], %f26 -+ add %o1, 0x40, %o1 ++ ldd [%o1 + 0x08], %f12 ++ ldd [%o1 + 0x10], %f14 ++ ldd [%o1 + 0x18], %f16 ++ ldd [%o1 + 0x20], %f18 ++ ldd [%o1 + 0x28], %f20 ++ ldd [%o1 + 0x30], %f22 ++ ldd [%o1 + 0x38], %f24 ++ subcc %o2, 1, %o2 ! done yet? ++ ldd [%o1 + 0x40], %f26 ++ add %o1, 0x40, %o1 + -+ faligndata %f10, %f12, %f8 -+ faligndata %f12, %f14, %f10 -+ faligndata %f14, %f16, %f12 -+ faligndata %f16, %f18, %f14 -+ faligndata %f18, %f20, %f16 -+ faligndata %f20, %f22, %f18 -+ faligndata %f22, %f24, %f20 -+ faligndata %f24, %f26, %f22 ++ faligndata %f10, %f12, %f8 ++ faligndata %f12, %f14, %f10 ++ faligndata %f14, %f16, %f12 ++ faligndata %f16, %f18, %f14 ++ faligndata %f18, %f20, %f16 ++ faligndata %f20, %f22, %f18 ++ faligndata %f22, %f24, %f20 ++ faligndata %f24, %f26, %f22 + -+ .word 0x81b02840 ! SHA256 ++ .word 0x81b02840 ! SHA256 + -+ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop -+ for %f26, %f26, %f10 ! %f10=%f26 ++ bne,pt `$bits==64?"%xcc":"%icc"`, .Lhwunaligned_loop ++ for %f26, %f26, %f10 ! %f10=%f26 + -+ ba .Lhwfinish -+ nop ++ ba .Lhwfinish ++ nop +___ +$code.=<<___; -+.align 16 ++.align 16 +.Lsoftware: save %sp,`-$frame-$locals`,%sp and $inp,`$align-1`,$tmp31 @@ -966,27 +953,27 @@ +sub unvis { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my $ref,$opf; -+my %visopf = ( "faligndata" => 0x048, -+ "for" => 0x07c ); ++my %visopf = ( "faligndata" => 0x048, ++ "for" => 0x07c ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { -+ foreach ($rs1,$rs2,$rd) { -+ return $ref if (!/%f([0-9]{1,2})/); -+ $_=$1; -+ if ($1>=32) { -+ return $ref if ($1&1); -+ # re-encode for upper double register addressing -+ $_=($1|$1>>5)&31; -+ } -+ } ++ foreach ($rs1,$rs2,$rd) { ++ return $ref if (!/%f([0-9]{1,2})/); ++ $_=$1; ++ if ($1>=32) { ++ return $ref if ($1&1); ++ # re-encode for upper double register addressing ++ $_=($1|$1>>5)&31; ++ } ++ } + -+ return sprintf ".word\t0x%08x !%s", -+ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, -+ $ref; ++ return sprintf ".word\t0x%08x !%s", ++ 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, ++ $ref; + } else { -+ return $ref; ++ return $ref; + } +} +sub unalignaddr { @@ -995,25 +982,25 @@ +my $ref="$mnemonic\t$rs1,$rs2,$rd"; + + foreach ($rs1,$rs2,$rd) { -+ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } -+ else { return $ref; } ++ if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } ++ else { return $ref; } + } + return sprintf ".word\t0x%08x !%s", -+ 0x81b00300|$rd<<25|$rs1<<14|$rs2, -+ $ref; ++ 0x81b00300|$rd<<25|$rs1<<14|$rs2, ++ $ref; +} + +foreach (split("\n",$code)) { -+ s/\`([^\`]*)\`/eval $1/ge; ++ s/\`([^\`]*)\`/eval $1/ge; + -+ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ -+ &unvis($1,$2,$3,$4) -+ /ge; -+ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ -+ &unalignaddr($1,$2,$3,$4) -+ /ge; ++ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ ++ &unvis($1,$2,$3,$4) ++ /ge; ++ s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ ++ &unalignaddr($1,$2,$3,$4) ++ /ge; + -+ print $_,"\n"; ++ print $_,"\n"; +} + close STDOUT; @@ -1037,115 +1024,109 @@ --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -65,6 +65,30 @@ - #include - #include + # include + # include -+typedef struct -+ { -+ union { double align; DES_key_schedule ks; } ks; -+ union { -+ void (*cbc)(const void *,void *,size_t,const void *,void *); -+ } stream; -+ } EVP_DES_KEY; ++typedef struct { ++ union { double align; DES_key_schedule ks; } ks; ++ union { ++ void (*cbc)(const void *,void *,size_t,const void *,void *); ++ } stream; ++} EVP_DES_KEY; + +#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) +/* ---------^^^ this is not a typo, just a way to detect that -+ * assembler support was in general requested... */ ++ * assembler support was in general requested... ++ */ +#include "sparc_arch.h" + +extern unsigned int OPENSSL_sparcv9cap_P[]; + -+#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) ++#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) + -+void des_t4_key_expand(const void *key, DES_key_schedule *ks); -+void des_t4_cbc_encrypt(const void *inp,void *out,size_t len, -+ DES_key_schedule *ks,unsigned char iv[8]); -+void des_t4_cbc_decrypt(const void *inp,void *out,size_t len, -+ DES_key_schedule *ks,unsigned char iv[8]); ++void des_t4_key_expand(const void *key, DES_key_schedule *ks); ++void des_t4_cbc_encrypt(const void *inp,void *out,size_t len, ++ DES_key_schedule *ks,unsigned char iv[8]); ++void des_t4_cbc_decrypt(const void *inp,void *out,size_t len, ++ DES_key_schedule *ks,unsigned char iv[8]); +#endif + static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); -@@ -99,6 +123,13 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +@@ -102,6 +126,12 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { -+ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data; ++ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data; + -+ if (dat->stream.cbc) -+ { -+ (*dat->stream.cbc)(in,out,inl,&dat->ks.ks,ctx->iv); -+ return 1; -+ } - while(inl>=EVP_MAXCHUNK) - { - DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, -@@ -176,18 +207,18 @@ ++ if (dat->stream.cbc) { ++ (*dat->stream.cbc)(in,out,inl,&dat->ks.ks,ctx->iv); ++ return 1; ++ } + while (inl >= EVP_MAXCHUNK) { + DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); +@@ -179,16 +209,16 @@ return 1; - } + } -BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, +BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - des_ctrl) + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + --BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, -+BLOCK_CIPHER_def_cfb(des,EVP_DES_KEY,NID_des,8,8,1, - EVP_CIPH_RAND_KEY, des_init_key,NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,des_ctrl) +-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, ++BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) --BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, -+BLOCK_CIPHER_def_cfb(des,EVP_DES_KEY,NID_des,8,8,8, - EVP_CIPH_RAND_KEY,des_init_key,NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv,des_ctrl) -@@ -196,8 +227,25 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - DES_cblock *deskey = (DES_cblock *)key; -+ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data; +-BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, ++BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + +@@ -196,8 +226,23 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; ++ EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data; + -+ dat->stream.cbc = NULL; ++ dat->stream.cbc = NULL; +#if defined(SPARC_DES_CAPABLE) -+ if (SPARC_DES_CAPABLE) -+ { -+ int mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ if (SPARC_DES_CAPABLE) { ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; + -+ if (mode == EVP_CIPH_CBC_MODE) -+ { -+ des_t4_key_expand(key,&dat->ks.ks); -+ dat->stream.cbc = enc ? des_t4_cbc_encrypt : -+ des_t4_cbc_decrypt; -+ return 1; -+ } -+ } ++ if (mode == EVP_CIPH_CBC_MODE) { ++ des_t4_key_expand(key,&dat->ks.ks); ++ dat->stream.cbc = enc ? des_t4_cbc_encrypt : ++ des_t4_cbc_decrypt; ++ return 1; ++ } ++ } +#endif - #ifdef EVP_CHECK_DES_KEY -- if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) -+ if(DES_set_key_checked(deskey,dat->ks.ks) != 0) - return 0; - #else - DES_set_key_unchecked(deskey,ctx->cipher_data); + # ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(deskey, ctx->cipher_data) != 0) ++ if (DES_set_key_checked(deskey, dat->ks.ks) != 0) + return 0; + # else + DES_set_key_unchecked(deskey, ctx->cipher_data); Index: crypto/evp/e_des3.c =================================================================== diff -ru openssl-1.0.1e/crypto/evp/e_des3.c.orig openssl-1.0.1e/crypto/evp/e_des3.c --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c -@@ -65,6 +65,33 @@ - #include - #include +@@ -65,6 +65,32 @@ + # include + # include -+typedef struct -+ { -+ union { double align; DES_key_schedule ks[3]; } ks; -+ union { -+ void (*cbc)(const void *,void *,size_t,const void *,void *); -+ } stream; -+ } DES_EDE_KEY; ++typedef struct { ++ union { double align; DES_key_schedule ks[3]; } ks; ++ union { ++ void (*cbc)(const void *,void *,size_t,const void *,void *); ++ } stream; ++} DES_EDE_KEY; +#define ks1 ks.ks[0] +#define ks2 ks.ks[1] +#define ks3 ks.ks[2] @@ -1157,200 +1138,190 @@ + +extern unsigned int OPENSSL_sparcv9cap_P[]; + -+#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) ++#define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) + -+void des_t4_key_expand(const void *key, DES_key_schedule *ks); -+void des_t4_ede3_cbc_encrypt(const void *inp,void *out,size_t len, -+ DES_key_schedule *ks,unsigned char iv[8]); -+void des_t4_ede3_cbc_decrypt(const void *inp,void *out,size_t len, -+ DES_key_schedule *ks,unsigned char iv[8]); ++void des_t4_key_expand(const void *key, DES_key_schedule *ks); ++void des_t4_ede3_cbc_encrypt(const void *inp,void *out,size_t len, ++ DES_key_schedule *ks,unsigned char iv[8]); ++void des_t4_ede3_cbc_decrypt(const void *inp,void *out,size_t len, ++ DES_key_schedule *ks,unsigned char iv[8]); +#endif + - #ifndef OPENSSL_FIPS + # ifndef OPENSSL_FIPS static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -@@ -75,13 +100,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - +@@ -75,12 +100,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - --typedef struct -- { -- DES_key_schedule ks1;/* key schedule */ -- DES_key_schedule ks2;/* key schedule (for ede) */ -- DES_key_schedule ks3;/* key schedule (for ede3) */ -- } DES_EDE_KEY; + +-typedef struct { +- DES_key_schedule ks1; /* key schedule */ +- DES_key_schedule ks2; /* key schedule (for ede) */ +- DES_key_schedule ks3; /* key schedule (for ede3) */ +-} DES_EDE_KEY; - - #define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) - - /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ -@@ -121,6 +141,8 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + # define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) + + /* +@@ -123,6 +117,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { -+ DES_EDE_KEY *dat = data(ctx); -+ - #ifdef KSSL_DEBUG - { ++ DES_EDE_KEY *dat = data(ctx); + # ifdef KSSL_DEBUG + { int i; -@@ -132,10 +154,16 @@ - printf("\n"); - } - #endif /* KSSL_DEBUG */ -+ if (dat->stream.cbc) -+ { -+ (*dat->stream.cbc)(in,out,inl,&dat->ks,ctx->iv); -+ return 1; -+ } +@@ -134,11 +155,15 @@ + fprintf(stderr, "\n"); + } + # endif /* KSSL_DEBUG */ ++ if (dat->stream.cbc) { ++ (*dat->stream.cbc)(in,out,inl,&dat->ks,ctx->iv); ++ return 1; ++ } + - while (inl>=EVP_MAXCHUNK) - { - DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, -- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -+ &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - inl-=EVP_MAXCHUNK; - in +=EVP_MAXCHUNK; -@@ -143,7 +169,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - } - if (inl) - DES_ede3_cbc_encrypt(in, out, (long)inl, -- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, -+ &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; + while (inl >= EVP_MAXCHUNK) { + DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, +- &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, (DES_cblock *)ctx->iv, +- ctx->encrypt); ++ &dat->ks1, &dat->ks2, &dat->ks3, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; +@@ -145,9 +170,8 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } + if (inl) + DES_ede3_cbc_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, (DES_cblock *)ctx->iv, +- ctx->encrypt); ++ &dat->ks1, &dat->ks2, &dat->ks3, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; } -@@ -208,9 +234,8 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - } - + +@@ -215,39 +239,58 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } + BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, -- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1, -+ des_ede_init_key, NULL, NULL, NULL, - des3_ctrl) - - #define des_ede3_cfb64_cipher des_ede_cfb64_cipher -@@ -219,37 +246,53 @@ - #define des_ede3_ecb_cipher des_ede_ecb_cipher - - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, -- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- des3_ctrl) -+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -+ des_ede3_init_key, NULL, NULL, NULL, -+ des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, -- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- des3_ctrl) -+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -+ des_ede3_init_key, NULL, NULL, NULL, -+ des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, -- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, -- EVP_CIPHER_set_asn1_iv, -- EVP_CIPHER_get_asn1_iv, -- des3_ctrl) -+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, -+ des_ede3_init_key, NULL, NULL, NULL, -+ des3_ctrl) - +- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl) ++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1, ++ des_ede_init_key, NULL, NULL, NULL, ++ des3_ctrl) + # define des_ede3_cfb64_cipher des_ede_cfb64_cipher + # define des_ede3_ofb_cipher des_ede_ofb_cipher + # define des_ede3_cbc_cipher des_ede_cbc_cipher + # define des_ede3_ecb_cipher des_ede_ecb_cipher + BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, +- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des3_ctrl) ++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, ++ des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, +- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, des3_ctrl) ++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, ++ des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, +- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, des3_ctrl) ++ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, ++ des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - DES_cblock *deskey = (DES_cblock *)key; -+ DES_EDE_KEY *dat = data(ctx); + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; ++ DES_EDE_KEY *dat = data(ctx); + -+ dat->stream.cbc = NULL; ++ dat->stream.cbc = NULL; +#if defined(SPARC_DES_CAPABLE) -+ if (SPARC_DES_CAPABLE) -+ { -+ int mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ if (SPARC_DES_CAPABLE) { ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; + -+ if (mode == EVP_CIPH_CBC_MODE) -+ { -+ des_t4_key_expand(&deskey[0],&dat->ks1); -+ des_t4_key_expand(&deskey[1],&dat->ks2); -+ memcpy(&dat->ks3,&dat->ks1,sizeof(dat->ks1)); -+ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : -+ des_t4_ede3_cbc_decrypt; -+ return 1; -+ } -+ } ++ if (mode == EVP_CIPH_CBC_MODE) { ++ des_t4_key_expand(&deskey[0],&dat->ks1); ++ des_t4_key_expand(&deskey[1],&dat->ks2); ++ memcpy(&dat->ks3,&dat->ks1,sizeof(dat->ks1)); ++ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : ++ des_t4_ede3_cbc_decrypt; ++ return 1; ++ } ++ } +#endif - #ifdef EVP_CHECK_DES_KEY -- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) -- !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) -+ if (DES_set_key_checked(&deskey[0],&dat->ks1) -+ !! DES_set_key_checked(&deskey[1],&dat->ks2)) - return 0; - #else -- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); -- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); -+ DES_set_key_unchecked(&deskey[0],&dat->ks1); -+ DES_set_key_unchecked(&deskey[1],&dat->ks2); - #endif -- memcpy(&data(ctx)->ks3,&data(ctx)->ks1, -- sizeof(data(ctx)->ks1)); -+ memcpy(&dat->ks3,&dat->ks1, -+ sizeof(dat->ks1)); - return 1; - } - -@@ -257,6 +300,8 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - DES_cblock *deskey = (DES_cblock *)key; -+ DES_EDE_KEY *dat = data(ctx); + # ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) +- ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) ++ if (DES_set_key_checked(&deskey[0],&dat->ks1) ++ !! DES_set_key_checked(&deskey[1],&dat->ks2)) + return 0; + # else +- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); +- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); ++ DES_set_key_unchecked(&deskey[0],&dat->ks1); ++ DES_set_key_unchecked(&deskey[1],&dat->ks2); + # endif +- memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1)); ++ memcpy(&dat->ks3,&dat->ks1, sizeof(dat->ks1)); + return 1; + } + +@@ -255,6 +298,8 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; ++ DES_EDE_KEY *dat = data(ctx); + - #ifdef KSSL_DEBUG - { + # ifdef KSSL_DEBUG + { int i; -@@ -268,15 +313,32 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - } - #endif /* KSSL_DEBUG */ - -+ dat->stream.cbc = NULL; +@@ -272,15 +317,30 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + # endif /* KSSL_DEBUG */ + ++ dat->stream.cbc = NULL; +#if defined(SPARC_DES_CAPABLE) -+ if (SPARC_DES_CAPABLE) -+ { -+ int mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ if (SPARC_DES_CAPABLE) { ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; + -+ if (mode == EVP_CIPH_CBC_MODE) -+ { -+ des_t4_key_expand(&deskey[0],&dat->ks1); -+ des_t4_key_expand(&deskey[1],&dat->ks2); -+ des_t4_key_expand(&deskey[2],&dat->ks3); -+ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : -+ des_t4_ede3_cbc_decrypt; -+ return 1; -+ } -+ } ++ if (mode == EVP_CIPH_CBC_MODE) { ++ des_t4_key_expand(&deskey[0],&dat->ks1); ++ des_t4_key_expand(&deskey[1],&dat->ks2); ++ des_t4_key_expand(&deskey[2],&dat->ks3); ++ dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : ++ des_t4_ede3_cbc_decrypt; ++ return 1; ++ } ++ } +#endif - #ifdef EVP_CHECK_DES_KEY -- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) -- || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) -- || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) -+ if (DES_set_key_checked(&deskey[0],&dat->ks1) -+ || DES_set_key_checked(&deskey[1],&dat->ks2) -+ || DES_set_key_checked(&deskey[2],&dat->ks3)) - return 0; - #else -- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); -- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); -- DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); -+ DES_set_key_unchecked(&deskey[0],&dat->ks1); -+ DES_set_key_unchecked(&deskey[1],&dat->ks2); -+ DES_set_key_unchecked(&deskey[2],&dat->ks3); - #endif - return 1; - } + # ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) +- || DES_set_key_checked(&deskey[1], &data(ctx)->ks2) +- || DES_set_key_checked(&deskey[2], &data(ctx)->ks3)) ++ if (DES_set_key_checked(&deskey[0],&dat->ks1) ++ || DES_set_key_checked(&deskey[1],&dat->ks2) ++ || DES_set_key_checked(&deskey[2],&dat->ks3)) + return 0; + # else +- DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); +- DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); +- DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); ++ DES_set_key_unchecked(&deskey[0],&dat->ks1); ++ DES_set_key_unchecked(&deskey[1],&dat->ks2); ++ DES_set_key_unchecked(&deskey[2],&dat->ks3); + # endif + return 1; + } Index: openssl/crypto/bn/Makefile =================================================================== diff -ru openssl-1.0.1e/crypto/bn/Makefile openssl-1.0.1e/crypto/bn/Makefile.new @@ -1372,9 +1343,9 @@ Index: openssl/crypto/bn/bn_exp.c =================================================================== diff -ru openssl-1.0.1e/crypto/bn/bn_exp.c openssl-1.0.1e/crypto/bn/bn_exp.c.new ---- bn_exp.c 2011/10/29 19:25:13 1.38 -+++ bn_exp.c 2012/11/17 10:34:11 1.39 -@@ -123,8 +123,15 @@ +--- bn_exp.c 2011/10/29 19:25:13 1.38 ++++ bn_exp.c 2012/11/17 10:34:11 1.39 +@@ -122,8 +122,15 @@ # ifndef alloca # define alloca(s) __builtin_alloca((s)) # endif @@ -1388,282 +1359,286 @@ +#endif + /* maximum precomputation table size for *variable* sliding windows */ - #define TABLE_SIZE 32 + #define TABLE_SIZE 32 -@@ -467,7 +467,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - wstart=bits-1; /* The top bit of the window */ - wend=0; /* The bottom bit of the window */ +@@ -464,8 +471,16 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ -+#if 1 /* by Shay Gueron's suggestion */ -+ j = mont->N.top; /* borrow j */ -+ if (bn_wexpand(r,j) == NULL) goto err; -+ r->d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */ -+ for(i=1;id[i] = (~m->d[i])&BN_MASK2; -+ r->top = j; ++#if 1 /* by Shay Gueron's suggestion */ ++ j = mont->N.top; /* borrow j */ ++ if (bn_wexpand(r,j) == NULL) goto err; ++ r->d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */ ++ for(i=1;id[i] = (~m->d[i])&BN_MASK2; ++ r->top = j; +#else - if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; + if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + goto err; +#endif - for (;;) - { - if (BN_is_bit_set(p,wstart) == 0) -@@ -519,6 +527,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - start=0; - if (wstart < 0) break; - } + for (;;) { + if (BN_is_bit_set(p, wstart) == 0) { + if (!start) { +@@ -515,6 +530,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + if (wstart < 0) + break; + } +#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) -+ if (OPENSSL_sparcv9cap_P[0]&(SPARCV9_VIS3|SPARCV9_PREFER_FPU)) -+ { -+ j = mont->N.top; /* borrow j */ -+ val[0]->d[0] = 1; /* borrow val[0] */ -+ for (i=1;id[i] = 0; -+ val[0]->top = j; -+ if (!BN_mod_mul_montgomery(rr,r,val[0],mont,ctx)) goto err; -+ } -+ else ++ if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3|SPARCV9_PREFER_FPU)) { ++ j = mont->N.top; /* borrow j */ ++ val[0]->d[0] = 1; /* borrow val[0] */ ++ for (i=1;id[i] = 0; ++ val[0]->top = j; ++ if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx)) ++ goto err; ++ } else +#endif - if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; - ret=1; - err: -@@ -528,6 +547,28 @@ err: - return(ret); - } - + if (!BN_from_montgomery(rr, r, mont, ctx)) + goto err; + ret = 1; +@@ -526,6 +552,26 @@ err: + return (ret); + } + +#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) -+static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) -+ { -+ BN_ULONG ret=0; -+ int wordpos; ++static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) { ++ BN_ULONG ret = 0; ++ int wordpos; + -+ wordpos = bitpos/BN_BITS2; -+ bitpos %= BN_BITS2; -+ if (wordpos>=0 && wordpos < a->top) -+ { -+ ret = a->d[wordpos]&BN_MASK2; -+ if (bitpos) -+ { -+ ret >>= bitpos; -+ if (++wordpos < a->top) -+ ret |= a->d[wordpos]<<(BN_BITS2-bitpos); -+ } -+ } ++ wordpos = bitpos / BN_BITS2; ++ bitpos %= BN_BITS2; ++ if (wordpos>=0 && wordpos < a->top) { ++ ret = a->d[wordpos]&BN_MASK2; ++ if (bitpos) { ++ ret >>= bitpos; ++ if (++wordpos < a->top) ++ ret |= a->d[wordpos]<<(BN_BITS2-bitpos); ++ } ++ } + -+ return ret&BN_MASK2; ++ return ret & BN_MASK2; +} +#endif - - /* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout - * so that accessing any of these table values shows the same access pattern as far -@@ -587,6 +592,9 @@ - int powerbufLen = 0; - unsigned char *powerbuf=NULL; - BIGNUM tmp, am; -+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc) -+ unsigned int t4=0; -+#endif - - bn_check_top(a); - bn_check_top(p); -@@ -621,9 +629,18 @@ - - /* Get the window size to use with size of p. */ - window = BN_window_bits_for_ctime_exponent_size(bits); -+#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc) -+ if (window>=5 && (top&15)==0 && top<=64 && -+ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))== -+ (CFR_MONTMUL|CFR_MONTSQR) && -+ (t4=OPENSSL_sparcv9cap_P[0])) -+ window=5; -+ else -+#endif - #if defined(OPENSSL_BN_ASM_MONT5) - if (window==6 && bits<=1024) window=5; /* ~5% improvement of 2048-bit RSA sign */ - #endif -+ (void)0; - - /* Allocate a buffer large enough to hold all of the pre-computed - * powers of am, am itself and tmp. -@@ -656,13 +715,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - tmp.flags = am.flags = BN_FLG_STATIC_DATA; - - /* prepare a^0 in Montgomery domain */ --#if 1 -- if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx)) goto err; --#else -+#if 1 /* by Shay Gueron's suggestion */ - tmp.d[0] = (0-m->d[0])&BN_MASK2; /* 2^(top*BN_BITS2) - m */ - for (i=1;id[i])&BN_MASK2; - tmp.top = top; -+#else -+ if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx)) goto err; - #endif - - /* prepare a^1 in Montgomery domain */ -@@ -673,6 +690,121 @@ - } - else if (!BN_to_montgomery(&am,a,mont,ctx)) goto err; - ++ + /* + * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific + * layout so that accessing any of these table values shows the same access +@@ -594,6 +640,9 @@ + int powerbufLen = 0; + unsigned char *powerbuf = NULL; + BIGNUM tmp, am; +#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc) -+ if (t4) -+ { -+ typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp,const BN_ULONG *np, -+ const BN_ULONG *n0,const void *table,int power,int bits); -+ int bn_pwr5_mont_t4_8(BN_ULONG *tp,const BN_ULONG *np, -+ const BN_ULONG *n0,const void *table,int power,int bits); -+ int bn_pwr5_mont_t4_16(BN_ULONG *tp,const BN_ULONG *np, -+ const BN_ULONG *n0,const void *table,int power,int bits); -+ int bn_pwr5_mont_t4_24(BN_ULONG *tp,const BN_ULONG *np, -+ const BN_ULONG *n0,const void *table,int power,int bits); -+ int bn_pwr5_mont_t4_32(BN_ULONG *tp,const BN_ULONG *np, -+ const BN_ULONG *n0,const void *table,int power,int bits); -+ static const bn_pwr5_mont_f pwr5_funcs[4] = { -+ bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16, -+ bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 }; -+ bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top/16-1]; -+ -+ typedef int (*bn_mul_mont_f)(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_8(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_16(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_24(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); -+ int bn_mul_mont_t4_32(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); -+ static const bn_mul_mont_f mul_funcs[4] = { -+ bn_mul_mont_t4_8, bn_mul_mont_t4_16, -+ bn_mul_mont_t4_24, bn_mul_mont_t4_32 }; -+ bn_mul_mont_f mul_worker = mul_funcs[top/16-1]; -+ -+ void bn_mul_mont_vis3(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np, -+ const BN_ULONG *n0,int num); -+ void bn_mul_mont_t4(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *bp,const BN_ULONG *np, -+ const BN_ULONG *n0,int num); -+ void bn_mul_mont_gather5_t4(BN_ULONG *rp,const BN_ULONG *ap, -+ const void *table,const BN_ULONG *np, -+ const BN_ULONG *n0,int num,int power); -+ void bn_flip_n_scatter5_t4(const BN_ULONG *inp,size_t num, -+ void *table,size_t power); -+ void bn_gather5_t4(BN_ULONG *out,size_t num, -+ void *table,size_t power); -+ void bn_flip_t4(BN_ULONG *dst,BN_ULONG *src,size_t num); -+ -+ BN_ULONG *np=mont->N.d, *n0=mont->n0; -+ int stride = 5*(6-(top/16-1)); /* multiple of 5, but less than 32 */ -+ -+ /* BN_to_montgomery can contaminate words above .top -+ * [in BN_DEBUG[_DEBUG] build]... */ -+ for (i=am.top; iN.d,top); -+ -+ bits--; -+ for (wvalue=0, i=bits%5; i>=0; i--,bits--) -+ wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); -+ bn_gather5_t4(tmp.d,top,powerbuf,wvalue); -+ -+ /* Scan the exponent one window at a time starting from the most -+ * significant bits. -+ */ -+ while (bits >= 0) -+ { -+ if (bits < stride) stride = bits+1; -+ bits -= stride; -+ wvalue = (bn_get_bits(p,bits+1)); -+ -+ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride)) continue; -+ /* retry once and fall back */ -+ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride)) continue; -+ -+ bits += stride-5; -+ wvalue >>= stride-5; -+ wvalue &= 31; -+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); -+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); -+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); -+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); -+ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); -+ bn_mul_mont_gather5_t4(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue); -+ } -+ -+ bn_flip_t4(tmp.d,tmp.d,top); -+ top *= 2; -+ /* back to 32-bit domain */ -+ tmp.top=top; -+ bn_correct_top(&tmp); -+ OPENSSL_cleanse(np,top*sizeof(BN_ULONG)); -+ } ++ unsigned int t4=0; ++#endif + + bn_check_top(a); + bn_check_top(p); +@@ -628,10 +677,18 @@ + + /* Get the window size to use with size of p. */ + window = BN_window_bits_for_ctime_exponent_size(bits); ++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc) ++ if (window>=5 && (top&15)==0 && top<=64 && ++ (OPENSSL_sparcv9cap_P[1]&(CFR_MONTMUL|CFR_MONTSQR))== ++ (CFR_MONTMUL|CFR_MONTSQR) && (t4=OPENSSL_sparcv9cap_P[0])) ++ window=5; + else +#endif #if defined(OPENSSL_BN_ASM_MONT5) - /* This optimization uses ideas from http://eprint.iacr.org/2011/239, - * specifically optimization of cache-timing attack countermeasures -@@ -816,6 +990,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - } - - /* Convert the final result from montgomery to standard format */ + if (window == 6 && bits <= 1024) + window = 5; /* ~5% improvement of 2048-bit RSA sign */ + #endif ++ (void) 0; + + /* + * Allocate a buffer large enough to hold all of the pre-computed powers +@@ -670,14 +727,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + tmp.flags = am.flags = BN_FLG_STATIC_DATA; + + /* prepare a^0 in Montgomery domain */ +-#if 1 +- if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) +- goto err; +-#else ++#if 1 /* by Shay Gueron's suggestion */ + tmp.d[0] = (0 - m->d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */ + for (i = 1; i < top; i++) + tmp.d[i] = (~m->d[i]) & BN_MASK2; + tmp.top = top; ++#else ++ if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx)) ++ goto err; + #endif + + /* prepare a^1 in Montgomery domain */ +@@ -689,6 +746,122 @@ + } else if (!BN_to_montgomery(&am, a, mont, ctx)) + goto err; + ++#if defined(OPENSSL_BN_ASM_MONT) && defined(__sparc) ++ if (t4) { ++ typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp,const BN_ULONG *np, ++ const BN_ULONG *n0,const void *table,int power,int bits); ++ int bn_pwr5_mont_t4_8(BN_ULONG *tp,const BN_ULONG *np, ++ const BN_ULONG *n0,const void *table,int power,int bits); ++ int bn_pwr5_mont_t4_16(BN_ULONG *tp,const BN_ULONG *np, ++ const BN_ULONG *n0,const void *table,int power,int bits); ++ int bn_pwr5_mont_t4_24(BN_ULONG *tp,const BN_ULONG *np, ++ const BN_ULONG *n0,const void *table,int power,int bits); ++ int bn_pwr5_mont_t4_32(BN_ULONG *tp,const BN_ULONG *np, ++ const BN_ULONG *n0,const void *table,int power,int bits); ++ static const bn_pwr5_mont_f pwr5_funcs[4] = { ++ bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16, ++ bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 }; ++ bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top/16-1]; ++ ++ typedef int (*bn_mul_mont_f)(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_8(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_16(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_24(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); ++ int bn_mul_mont_t4_32(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np,const BN_ULONG *n0); ++ static const bn_mul_mont_f mul_funcs[4] = { ++ bn_mul_mont_t4_8, bn_mul_mont_t4_16, ++ bn_mul_mont_t4_24, bn_mul_mont_t4_32 }; ++ bn_mul_mont_f mul_worker = mul_funcs[top/16-1]; ++ ++ void bn_mul_mont_vis3(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np, ++ const BN_ULONG *n0,int num); ++ void bn_mul_mont_t4(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *bp,const BN_ULONG *np, ++ const BN_ULONG *n0,int num); ++ void bn_mul_mont_gather5_t4(BN_ULONG *rp,const BN_ULONG *ap, ++ const void *table,const BN_ULONG *np, ++ const BN_ULONG *n0,int num,int power); ++ void bn_flip_n_scatter5_t4(const BN_ULONG *inp,size_t num, ++ void *table,size_t power); ++ void bn_gather5_t4(BN_ULONG *out,size_t num, ++ void *table,size_t power); ++ void bn_flip_t4(BN_ULONG *dst,BN_ULONG *src,size_t num); ++ ++ BN_ULONG *np=mont->N.d, *n0=mont->n0; ++ int stride = 5*(6-(top/16-1)); /* multiple of 5, but less than 32 */ ++ ++ /* ++ * BN_to_montgomery can contaminate words above .top ++ * [in BN_DEBUG[_DEBUG] build]... ++ */ ++ for (i=am.top; iN.d,top); ++ ++ bits--; ++ for (wvalue=0, i=bits%5; i>=0; i--,bits--) ++ wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); ++ bn_gather5_t4(tmp.d,top,powerbuf,wvalue); ++ ++ /* Scan the exponent one window at a time starting from the most ++ * significant bits. ++ */ ++ while (bits >= 0) { ++ if (bits < stride) ++ stride = bits+1; ++ bits -= stride; ++ wvalue = (bn_get_bits(p,bits+1)); ++ ++ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride)) ++ continue; ++ /* retry once and fall back */ ++ if ((*pwr5_worker)(tmp.d,np,n0,powerbuf,wvalue,stride)) ++ continue; ++ ++ bits += stride-5; ++ wvalue >>= stride-5; ++ wvalue &= 31; ++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); ++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); ++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); ++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); ++ bn_mul_mont_t4(tmp.d,tmp.d,tmp.d,np,n0,top); ++ bn_mul_mont_gather5_t4(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue); ++ } ++ ++ bn_flip_t4(tmp.d,tmp.d,top); ++ top *= 2; ++ /* back to 32-bit domain */ ++ tmp.top=top; ++ bn_correct_top(&tmp); ++ OPENSSL_cleanse(np,top*sizeof(BN_ULONG)); ++ } else ++#endif + #if defined(OPENSSL_BN_ASM_MONT5) + if (window == 5 && top > 1) { + /* +@@ -844,6 +1017,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + } + + /* Convert the final result from montgomery to standard format */ +#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) -+ if (OPENSSL_sparcv9cap_P[0]&(SPARCV9_VIS3|SPARCV9_PREFER_FPU)) -+ { -+ am.d[0] = 1; /* borrow am */ -+ for (i=1;i $@ @@ -1673,123 +1648,120 @@ + aes-ppc.s: asm/aes-ppc.pl $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ - + Index: openssl/crypto/evp/e_aes.c =================================================================== ---- e_aes.c Mon Feb 11 07:26:04 2013 -+++ e_aes.c.56 Thu May 2 14:26:35 2013 -@@ -56,13 +58,12 @@ - #include - #include - #include "evp_locl.h" --#ifndef OPENSSL_FIPS - #include "modes_lcl.h" - #include - - typedef struct - { -- AES_KEY ks; -+ union { double align; AES_KEY ks; } ks; - block128_f block; - union { - cbc128_f cbc; -@@ -72,7 +73,7 @@ - - typedef struct - { -- AES_KEY ks; /* AES key schedule to use */ -+ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - GCM128_CONTEXT gcm; -@@ -86,7 +87,7 @@ - - typedef struct - { -- AES_KEY ks1, ks2; /* AES key schedules to use */ -+ union { double align; AES_KEY ks; } ks1, ks2; /* AES key schedules to use */ - XTS128_CONTEXT xts; - void (*stream)(const unsigned char *in, - unsigned char *out, size_t length, -@@ -96,7 +97,7 @@ - - typedef struct - { -- AES_KEY ks; /* AES key schedule to use */ -+ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ -@@ -160,7 +161,7 @@ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) - +--- e_aes.c Mon Feb 11 07:26:04 2013 ++++ e_aes.c.56 Thu May 2 14:26:35 2013 +@@ -56,12 +58,11 @@ + # include + # include + # include "evp_locl.h" +-# ifndef OPENSSL_FIPS + # include "modes_lcl.h" + # include + + typedef struct { +- AES_KEY ks; ++ union { double align; AES_KEY ks; } ks; + block128_f block; + union { + cbc128_f cbc; +@@ -70,7 +69,7 @@ + } EVP_AES_KEY; + + typedef struct { +- AES_KEY ks; /* AES key schedule to use */ ++ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + GCM128_CONTEXT gcm; +@@ -83,7 +82,7 @@ + } EVP_AES_GCM_CTX; + + typedef struct { +- AES_KEY ks1, ks2; /* AES key schedules to use */ ++ union { double align; AES_KEY ks; } ks1, ks2; /* AES key schedules to use */ + XTS128_CONTEXT xts; + void (*stream) (const unsigned char *in, + unsigned char *out, size_t length, +@@ -92,7 +91,7 @@ + } EVP_AES_XTS_CTX; + + typedef struct { +- AES_KEY ks; /* AES key schedule to use */ ++ union { double align; AES_KEY ks; } ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + int tag_set; /* Set if tag is valid */ +@@ -155,7 +154,7 @@ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(__INTEL__) ) + -extern unsigned int OPENSSL_ia32cap_P[2]; +extern unsigned int OPENSSL_ia32cap_P[]; - - #ifdef VPAES_ASM - #define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -@@ -310,7 +311,7 @@ - return 1; - if (key) - { -- aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); -+ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f)aesni_encrypt); - gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; -@@ -355,19 +356,19 @@ - /* key_len is two AES keys */ - if (enc) - { -- aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); -+ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f)aesni_encrypt; - xctx->stream = aesni_xts_encrypt; - } - else - { -- aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); -+ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f)aesni_decrypt; - xctx->stream = aesni_xts_decrypt; - } - - aesni_set_encrypt_key(key + ctx->key_len/2, -- ctx->key_len * 4, &xctx->ks2); -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f)aesni_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -394,7 +395,7 @@ - return 1; - if (key) - { -- aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); -+ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f)aesni_encrypt); - cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks : -@@ -456,6 +457,379 @@ + + # ifdef VPAES_ASM + # define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +@@ -297,7 +296,7 @@ + if (!iv && !key) + return 1; + if (key) { +- aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); ++ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); + gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + /* +@@ -336,17 +335,17 @@ + if (key) { + /* key_len is two AES keys */ + if (enc) { +- aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); ++ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aesni_encrypt; + xctx->stream = aesni_xts_encrypt; + } else { +- aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); ++ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aesni_decrypt; + xctx->stream = aesni_xts_decrypt; + } + + aesni_set_encrypt_key(key + ctx->key_len / 2, +- ctx->key_len * 4, &xctx->ks2); ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) aesni_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -371,7 +370,7 @@ + if (!iv && !key) + return 1; + if (key) { +- aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); ++ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) aesni_encrypt); + cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : +@@ -432,6 +431,364 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } - -+#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + ++#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + +#include "sparc_arch.h" + +extern unsigned int OPENSSL_sparcv9cap_P[]; + -+#define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) ++#define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) + -+void aes_t4_set_encrypt_key (const unsigned char *key, int bits, -+ AES_KEY *ks); -+void aes_t4_set_decrypt_key (const unsigned char *key, int bits, -+ AES_KEY *ks); -+void aes_t4_encrypt (const unsigned char *in, unsigned char *out, -+ const AES_KEY *key); -+void aes_t4_decrypt (const unsigned char *in, unsigned char *out, -+ const AES_KEY *key); ++void aes_t4_set_encrypt_key (const unsigned char *key, int bits, ++ AES_KEY *ks); ++void aes_t4_set_decrypt_key (const unsigned char *key, int bits, ++ AES_KEY *ks); ++void aes_t4_encrypt (const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void aes_t4_decrypt (const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); +/* + * Key-length specific subroutines were chosen for following reason. + * Each SPARC T4 core can execute up to 8 threads which share core's @@ -1801,523 +1773,495 @@ + * acceptable, while latter means code size increase to size occupied + * by multiple key-length specfic subroutines, so why fight? + */ -+void aes128_t4_cbc_encrypt (const unsigned char *in, unsigned char *out, -+ size_t len, const AES_KEY *key, -+ unsigned char *ivec); -+void aes128_t4_cbc_decrypt (const unsigned char *in, unsigned char *out, -+ size_t len, const AES_KEY *key, -+ unsigned char *ivec); -+void aes192_t4_cbc_encrypt (const unsigned char *in, unsigned char *out, -+ size_t len, const AES_KEY *key, -+ unsigned char *ivec); -+void aes192_t4_cbc_decrypt (const unsigned char *in, unsigned char *out, -+ size_t len, const AES_KEY *key, -+ unsigned char *ivec); -+void aes256_t4_cbc_encrypt (const unsigned char *in, unsigned char *out, -+ size_t len, const AES_KEY *key, -+ unsigned char *ivec); -+void aes256_t4_cbc_decrypt (const unsigned char *in, unsigned char *out, -+ size_t len, const AES_KEY *key, -+ unsigned char *ivec); -+void aes128_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out, -+ size_t blocks, const AES_KEY *key, -+ unsigned char *ivec); -+void aes192_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out, -+ size_t blocks, const AES_KEY *key, -+ unsigned char *ivec); -+void aes256_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out, -+ size_t blocks, const AES_KEY *key, -+ unsigned char *ivec); ++void aes128_t4_cbc_encrypt (const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes128_t4_cbc_decrypt (const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes192_t4_cbc_encrypt (const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes192_t4_cbc_decrypt (const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes256_t4_cbc_encrypt (const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes256_t4_cbc_decrypt (const unsigned char *in, unsigned char *out, ++ size_t len, const AES_KEY *key, ++ unsigned char *ivec); ++void aes128_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ unsigned char *ivec); ++void aes192_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ unsigned char *ivec); ++void aes256_t4_ctr32_encrypt (const unsigned char *in, unsigned char *out, ++ size_t blocks, const AES_KEY *key, ++ unsigned char *ivec); + +static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -+ const unsigned char *iv, int enc) -+ { -+ int ret, mode, bits; -+ EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; ++ const unsigned char *iv, int enc) ++{ ++ int ret, mode, bits; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + -+ mode = ctx->cipher->flags & EVP_CIPH_MODE; -+ bits = ctx->key_len*8; -+ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) -+ && !enc) -+ { -+ ret = 0; -+ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data); -+ dat->block = (block128_f)aes_t4_decrypt; -+ switch (bits) { -+ case 128: -+ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? -+ (cbc128_f)aes128_t4_cbc_decrypt : -+ NULL; -+ break; -+ case 192: -+ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? -+ (cbc128_f)aes192_t4_cbc_decrypt : -+ NULL; -+ break; -+ case 256: -+ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? -+ (cbc128_f)aes256_t4_cbc_decrypt : -+ NULL; -+ break; -+ default: -+ ret = -1; -+ } -+ } -+ else { -+ ret = 0; -+ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data); -+ dat->block = (block128_f)aes_t4_encrypt; -+ switch (bits) { -+ case 128: -+ if (mode==EVP_CIPH_CBC_MODE) -+ dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; -+ else if (mode==EVP_CIPH_CTR_MODE) -+ dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; -+ else -+ dat->stream.cbc = NULL; -+ break; -+ case 192: -+ if (mode==EVP_CIPH_CBC_MODE) -+ dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; -+ else if (mode==EVP_CIPH_CTR_MODE) -+ dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; -+ else -+ dat->stream.cbc = NULL; -+ break; -+ case 256: -+ if (mode==EVP_CIPH_CBC_MODE) -+ dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; -+ else if (mode==EVP_CIPH_CTR_MODE) -+ dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; -+ else -+ dat->stream.cbc = NULL; -+ break; -+ default: -+ ret = -1; -+ } -+ } ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ bits = ctx->key_len*8; ++ if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { ++ ret = 0; ++ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data); ++ dat->block = (block128_f)aes_t4_decrypt; ++ switch (bits) { ++ case 128: ++ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? ++ (cbc128_f)aes128_t4_cbc_decrypt : ++ NULL; ++ break; ++ case 192: ++ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? ++ (cbc128_f)aes192_t4_cbc_decrypt : ++ NULL; ++ break; ++ case 256: ++ dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? ++ (cbc128_f)aes256_t4_cbc_decrypt : ++ NULL; ++ break; ++ default: ++ ret = -1; ++ } ++ } else { ++ ret = 0; ++ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data); ++ dat->block = (block128_f)aes_t4_encrypt; ++ switch (bits) { ++ case 128: ++ if (mode==EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; ++ else if (mode==EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ case 192: ++ if (mode==EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; ++ else if (mode==EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ case 256: ++ if (mode==EVP_CIPH_CBC_MODE) ++ dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; ++ else if (mode==EVP_CIPH_CTR_MODE) ++ dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; ++ else ++ dat->stream.cbc = NULL; ++ break; ++ default: ++ ret = -1; ++ } ++ } + -+ if(ret < 0) -+ { -+ EVPerr(EVP_F_AES_T4_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); -+ return 0; -+ } ++ if (ret < 0) { ++ EVPerr(EVP_F_AES_T4_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); ++ return 0; ++ } + -+ return 1; -+ } ++ return 1; ++} + +#define aes_t4_cbc_cipher aes_cbc_cipher +static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, -+ const unsigned char *in, size_t len); ++ const unsigned char *in, size_t len); + -+#define aes_t4_ecb_cipher aes_ecb_cipher ++#define aes_t4_ecb_cipher aes_ecb_cipher +static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, -+ const unsigned char *in, size_t len); ++ const unsigned char *in, size_t len); + +#define aes_t4_ofb_cipher aes_ofb_cipher +static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, -+ const unsigned char *in,size_t len); ++ const unsigned char *in,size_t len); + +#define aes_t4_cfb_cipher aes_cfb_cipher +static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, -+ const unsigned char *in,size_t len); ++ const unsigned char *in,size_t len); + +#define aes_t4_cfb8_cipher aes_cfb8_cipher +static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, -+ const unsigned char *in,size_t len); ++ const unsigned char *in,size_t len); + +#define aes_t4_cfb1_cipher aes_cfb1_cipher +static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, -+ const unsigned char *in,size_t len); ++ const unsigned char *in,size_t len); + +#define aes_t4_ctr_cipher aes_ctr_cipher +static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len); ++ const unsigned char *in, size_t len); + +static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) -+ { -+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; -+ if (!iv && !key) -+ return 1; -+ if (key) -+ { -+ int bits = ctx->key_len * 8; -+ aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); -+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, -+ (block128_f)aes_t4_encrypt); -+ switch (bits) { -+ case 128: -+ gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt; -+ break; -+ case 192: -+ gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt; -+ break; -+ case 256: -+ gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt; -+ break; -+ default: -+ return 0; -+ } -+ /* If we have an iv can set it directly, otherwise use -+ * saved IV. -+ */ -+ if (iv == NULL && gctx->iv_set) -+ iv = gctx->iv; -+ if (iv) -+ { -+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); -+ gctx->iv_set = 1; -+ } -+ gctx->key_set = 1; -+ } -+ else -+ { -+ /* If key set use IV, otherwise copy */ -+ if (gctx->key_set) -+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); -+ else -+ memcpy(gctx->iv, iv, gctx->ivlen); -+ gctx->iv_set = 1; -+ gctx->iv_gen = 0; -+ } -+ return 1; -+ } ++{ ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ int bits = ctx->key_len * 8; ++ aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); ++ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, ++ (block128_f)aes_t4_encrypt); ++ switch (bits) { ++ case 128: ++ gctx->ctr = (ctr128_f)aes128_t4_ctr32_encrypt; ++ break; ++ case 192: ++ gctx->ctr = (ctr128_f)aes192_t4_ctr32_encrypt; ++ break; ++ case 256: ++ gctx->ctr = (ctr128_f)aes256_t4_ctr32_encrypt; ++ break; ++ default: ++ return 0; ++ } ++ /* If we have an iv can set it directly, otherwise use ++ * saved IV. ++ */ ++ if (iv == NULL && gctx->iv_set) ++ iv = gctx->iv; ++ if (iv) { ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ } ++ gctx->key_set = 1; ++ } else { ++ /* If key set use IV, otherwise copy */ ++ if (gctx->key_set) ++ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); ++ else ++ memcpy(gctx->iv, iv, gctx->ivlen); ++ gctx->iv_set = 1; ++ gctx->iv_gen = 0; ++ } ++ return 1; ++} + +#define aes_t4_gcm_cipher aes_gcm_cipher +static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len); ++ const unsigned char *in, size_t len); + +static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) -+ { -+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; -+ if (!iv && !key) -+ return 1; ++{ ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; + -+ if (key) -+ { -+ int bits = ctx->key_len * 4; -+ /* key_len is two AES keys */ -+ if (enc) -+ { -+ aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f)aes_t4_encrypt; ++ if (key) { ++ int bits = ctx->key_len * 4; ++ /* key_len is two AES keys */ ++ if (enc) { ++ aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f)aes_t4_encrypt; +#if 0 /* not yet */ -+ switch (bits) { -+ case 128: -+ xctx->stream = aes128_t4_xts_encrypt; -+ break; -+ case 192: -+ xctx->stream = aes192_t4_xts_encrypt; -+ break; -+ case 256: -+ xctx->stream = aes256_t4_xts_encrypt; -+ break; -+ default: -+ return 0; -+ } ++ switch (bits) { ++ case 128: ++ xctx->stream = aes128_t4_xts_encrypt; ++ break; ++ case 192: ++ xctx->stream = aes192_t4_xts_encrypt; ++ break; ++ case 256: ++ xctx->stream = aes256_t4_xts_encrypt; ++ break; ++ default: ++ return 0; ++ } +#endif -+ } -+ else -+ { -+ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); -+ xctx->xts.block1 = (block128_f)aes_t4_decrypt; ++ } else { ++ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); ++ xctx->xts.block1 = (block128_f)aes_t4_decrypt; +#if 0 /* not yet */ -+ switch (bits) { -+ case 128: -+ xctx->stream = aes128_t4_xts_decrypt; -+ break; -+ case 192: -+ xctx->stream = aes192_t4_xts_decrypt; -+ break; -+ case 256: -+ xctx->stream = aes256_t4_xts_decrypt; -+ break; -+ default: -+ return 0; -+ } ++ switch (bits) { ++ case 128: ++ xctx->stream = aes128_t4_xts_decrypt; ++ break; ++ case 192: ++ xctx->stream = aes192_t4_xts_decrypt; ++ break; ++ case 256: ++ xctx->stream = aes256_t4_xts_decrypt; ++ break; ++ default: ++ return 0; ++ } +#endif -+ } ++ } + -+ aes_t4_set_encrypt_key(key + ctx->key_len/2, -+ ctx->key_len * 4, &xctx->ks2.ks); -+ xctx->xts.block2 = (block128_f)aes_t4_encrypt; ++ aes_t4_set_encrypt_key(key + ctx->key_len/2, ++ ctx->key_len * 4, &xctx->ks2.ks); ++ xctx->xts.block2 = (block128_f)aes_t4_encrypt; + -+ xctx->xts.key1 = &xctx->ks1; -+ } ++ xctx->xts.key1 = &xctx->ks1; ++ } + -+ if (iv) -+ { -+ xctx->xts.key2 = &xctx->ks2; -+ memcpy(ctx->iv, iv, 16); -+ } ++ if (iv) { ++ xctx->xts.key2 = &xctx->ks2; ++ memcpy(ctx->iv, iv, 16); ++ } + -+ return 1; -+ } ++ return 1; ++} + +#define aes_t4_xts_cipher aes_xts_cipher +static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len); ++ const unsigned char *in, size_t len); + +static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) -+ { -+ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; -+ if (!iv && !key) -+ return 1; -+ if (key) -+ { -+ int bits = ctx->key_len * 8; -+ aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); -+ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, -+ &cctx->ks, (block128_f)aes_t4_encrypt); ++{ ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) { ++ int bits = ctx->key_len * 8; ++ aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); ++ CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, ++ &cctx->ks, (block128_f)aes_t4_encrypt); +#if 0 /* not yet */ -+ switch (bits) { -+ case 128: -+ cctx->str = enc?(ccm128_f)aes128_t4_ccm64_encrypt : -+ (ccm128_f)ae128_t4_ccm64_decrypt; -+ break; -+ case 192: -+ cctx->str = enc?(ccm128_f)aes192_t4_ccm64_encrypt : -+ (ccm128_f)ae192_t4_ccm64_decrypt; -+ break; -+ case 256: -+ cctx->str = enc?(ccm128_f)aes256_t4_ccm64_encrypt : -+ (ccm128_f)ae256_t4_ccm64_decrypt; -+ break; -+ default: -+ return 0; -+ } ++ switch (bits) { ++ case 128: ++ cctx->str = enc?(ccm128_f)aes128_t4_ccm64_encrypt : ++ (ccm128_f)ae128_t4_ccm64_decrypt; ++ break; ++ case 192: ++ cctx->str = enc?(ccm128_f)aes192_t4_ccm64_encrypt : ++ (ccm128_f)ae192_t4_ccm64_decrypt; ++ break; ++ case 256: ++ cctx->str = enc?(ccm128_f)aes256_t4_ccm64_encrypt : ++ (ccm128_f)ae256_t4_ccm64_decrypt; ++ break; ++ default: ++ return 0; ++ } +#endif -+ cctx->key_set = 1; -+ } -+ if (iv) -+ { -+ memcpy(ctx->iv, iv, 15 - cctx->L); -+ cctx->iv_set = 1; -+ } -+ return 1; -+ } ++ cctx->key_set = 1; ++ } ++ if (iv) { ++ memcpy(ctx->iv, iv, 15 - cctx->L); ++ cctx->iv_set = 1; ++ } ++ return 1; ++} + +#define aes_t4_ccm_cipher aes_ccm_cipher +static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t len); ++ const unsigned char *in, size_t len); + +#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ -+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ -+ flags|EVP_CIPH_##MODE##_MODE, \ -+ aes_t4_init_key, \ -+ aes_t4_##mode##_cipher, \ -+ NULL, \ -+ sizeof(EVP_AES_KEY), \ -+ NULL,NULL,NULL,NULL }; \ ++ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_t4_init_key, \ ++ aes_t4_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ -+ nid##_##keylen##_##nmode,blocksize, \ -+ keylen/8,ivlen, \ -+ flags|EVP_CIPH_##MODE##_MODE, \ -+ aes_init_key, \ -+ aes_##mode##_cipher, \ -+ NULL, \ -+ sizeof(EVP_AES_KEY), \ -+ NULL,NULL,NULL,NULL }; \ ++ nid##_##keylen##_##nmode,blocksize, \ ++ keylen/8,ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_init_key, \ ++ aes_##mode##_cipher, \ ++ NULL, \ ++ sizeof(EVP_AES_KEY), \ ++ NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + +#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ -+ nid##_##keylen##_##mode,blocksize, \ -+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ -+ flags|EVP_CIPH_##MODE##_MODE, \ -+ aes_t4_##mode##_init_key, \ -+ aes_t4_##mode##_cipher, \ -+ aes_##mode##_cleanup, \ -+ sizeof(EVP_AES_##MODE##_CTX), \ -+ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_t4_##mode##_init_key, \ ++ aes_t4_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ -+ nid##_##keylen##_##mode,blocksize, \ -+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ -+ flags|EVP_CIPH_##MODE##_MODE, \ -+ aes_##mode##_init_key, \ -+ aes_##mode##_cipher, \ -+ aes_##mode##_cleanup, \ -+ sizeof(EVP_AES_##MODE##_CTX), \ -+ NULL,NULL,aes_##mode##_ctrl,NULL }; \ ++ nid##_##keylen##_##mode,blocksize, \ ++ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ ++ flags|EVP_CIPH_##MODE##_MODE, \ ++ aes_##mode##_init_key, \ ++ aes_##mode##_cipher, \ ++ aes_##mode##_cleanup, \ ++ sizeof(EVP_AES_##MODE##_CTX), \ ++ NULL,NULL,aes_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + - #else - - #define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -@@ -505,7 +879,7 @@ - #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE) - { -- ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); -+ ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks); - dat->block = (block128_f)AES_decrypt; - dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; - } -@@ -514,7 +888,7 @@ - #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) - { -- ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks); -+ ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks); - dat->block = (block128_f)vpaes_decrypt; - dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? - (cbc128_f)vpaes_cbc_encrypt : -@@ -523,7 +897,7 @@ - else - #endif - { -- ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); -+ ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks); - dat->block = (block128_f)AES_decrypt; - dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? - (cbc128_f)AES_cbc_encrypt : -@@ -533,7 +907,7 @@ - #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE) - { -- ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); -+ ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks); - dat->block = (block128_f)AES_encrypt; - dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; - } -@@ -542,7 +916,7 @@ - #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) - { -- ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks); -+ ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks); - dat->block = (block128_f)vpaes_encrypt; - dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? - (cbc128_f)vpaes_cbc_encrypt : -@@ -551,7 +925,7 @@ - else - #endif - { -- ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); -+ ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks); - dat->block = (block128_f)AES_encrypt; - dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? - (cbc128_f)AES_cbc_encrypt : -@@ -828,7 +1202,7 @@ - #ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) - { -- AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); -+ AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, - (block128_f)AES_encrypt); - gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; -@@ -839,7 +1213,7 @@ - #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) - { -- vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); -+ vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, - (block128_f)vpaes_encrypt); - gctx->ctr = NULL; -@@ -849,7 +1223,7 @@ - #endif - (void)0; /* terminate potentially open 'else' */ - -- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); -+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt); - #ifdef AES_CTR_ASM - gctx->ctr = (ctr128_f)AES_ctr32_encrypt; -@@ -1080,17 +1454,17 @@ - { - if (enc) - { -- vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); -+ vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f)vpaes_encrypt; - } - else - { -- vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); -+ vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f)vpaes_decrypt; - } - - vpaes_set_encrypt_key(key + ctx->key_len/2, -- ctx->key_len * 4, &xctx->ks2); -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f)vpaes_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -1102,17 +1476,17 @@ - - if (enc) - { -- AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); -+ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f)AES_encrypt; - } - else - { -- AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); -+ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f)AES_decrypt; - } - - AES_set_encrypt_key(key + ctx->key_len/2, -- ctx->key_len * 4, &xctx->ks2); -+ ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f)AES_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -1223,7 +1597,7 @@ - #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) - { -- vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); -+ vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f)vpaes_encrypt); - cctx->str = NULL; -@@ -1231,7 +1605,7 @@ - break; - } - #endif -- AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); -+ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f)AES_encrypt); - cctx->str = NULL; -@@ -1319,5 +1693,4 @@ - BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) - --#endif + # else + + # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +@@ -480,7 +837,7 @@ + && !enc) + # ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { +- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks); ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) AES_decrypt; + dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt; + } else +@@ -487,7 +844,7 @@ + # endif + # ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks); ++ ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) vpaes_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) vpaes_cbc_encrypt : NULL; +@@ -494,7 +851,7 @@ + } else + # endif + { +- ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks); ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) AES_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) AES_cbc_encrypt : NULL; +@@ -508,7 +865,7 @@ + # endif + # ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks); ++ ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) vpaes_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) vpaes_cbc_encrypt : NULL; +@@ -515,7 +872,7 @@ + } else + # endif + { +- ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks); ++ ret = AES_set_encrypt_key(key, ctx->key_len*8, &dat->ks.ks); + dat->block = (block128_f) AES_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) AES_cbc_encrypt : NULL; +@@ -810,7 +1167,7 @@ + do { + # ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { +- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); ++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) AES_encrypt); + gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; +@@ -819,7 +1176,7 @@ + # endif + # ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); ++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) vpaes_encrypt); + gctx->ctr = NULL; +@@ -828,7 +1185,7 @@ + # endif + (void)0; /* terminate potentially open 'else' */ + +- AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); ++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) AES_encrypt); + # ifdef AES_CTR_ASM +@@ -1049,15 +1406,15 @@ + # ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + if (enc) { +- vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); ++ vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) vpaes_encrypt; + } else { +- vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); ++ vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) vpaes_decrypt; + } + + vpaes_set_encrypt_key(key + ctx->key_len / 2, +- ctx->key_len * 4, &xctx->ks2); ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) vpaes_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -1067,15 +1424,15 @@ + (void)0; /* terminate potentially open 'else' */ + + if (enc) { +- AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); ++ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) AES_encrypt; + } else { +- AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); ++ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) AES_decrypt; + } + + AES_set_encrypt_key(key + ctx->key_len / 2, +- ctx->key_len * 4, &xctx->ks2); ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) AES_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -1196,7 +1553,7 @@ + do { + # ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); ++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) vpaes_encrypt); + cctx->str = NULL; +@@ -1204,7 +1561,7 @@ + break; + } + # endif +- AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); ++ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) AES_encrypt); + cctx->str = NULL; +@@ -1285,5 +1642,4 @@ + EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) +-# endif #endif Index: openssl/crypto/evp/evp.h =================================================================== ---- evp.h Mon Feb 11 07:26:04 2013 -+++ evp.h.new Thu May 2 14:31:55 2013 -@@ -1256,6 +1256,7 @@ - #define EVP_F_AESNI_INIT_KEY 165 - #define EVP_F_AESNI_XTS_CIPHER 176 - #define EVP_F_AES_INIT_KEY 133 -+#define EVP_F_AES_T4_INIT_KEY 178 - #define EVP_F_AES_XTS 172 - #define EVP_F_AES_XTS_CIPHER 175 - #define EVP_F_ALG_MODULE_INIT 177 +--- evp.h Mon Feb 11 07:26:04 2013 ++++ evp.h.new Thu May 2 14:31:55 2013 +@@ -1325,6 +1325,7 @@ + # define EVP_F_AESNI_INIT_KEY 165 + # define EVP_F_AESNI_XTS_CIPHER 176 + # define EVP_F_AES_INIT_KEY 133 ++# define EVP_F_AES_T4_INIT_KEY 178 + # define EVP_F_AES_XTS 172 + # define EVP_F_AES_XTS_CIPHER 175 + # define EVP_F_ALG_MODULE_INIT 177 Index: openssl/crypto/evp/evp_err.c =================================================================== --- evp_err.c Mon Feb 11 07:26:04 2013 +++ evp_err.c.new Thu May 2 14:33:24 2013 @@ -73,6 +73,7 @@ - {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, - {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, -+{ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, - {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, - {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, + {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, + {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, + {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, + {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, + {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, + {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, diff -r 5bd484384122 -r 95b8f35fcdd5 components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch --- a/components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch Thu Mar 19 14:41:20 2015 -0700 +++ b/components/openssl/openssl-1.0.1/patches/38_remove_illegal_instruction_calls.patch Fri Mar 20 15:31:27 2015 -0700 @@ -16,143 +16,142 @@ #include "sparc_arch.h" -@@ -56,13 +56,8 @@ - } +@@ -59,13 +59,8 @@ + } - unsigned long _sparcv9_rdtick(void); --void _sparcv9_vis1_probe(void); - unsigned long _sparcv9_vis1_instrument(void); --void _sparcv9_vis2_probe(void); --void _sparcv9_fmadd_probe(void); - unsigned long _sparcv9_rdcfr(void); --void _sparcv9_vis3_probe(void); --unsigned long _sparcv9_random(void); + unsigned long _sparcv9_rdtick(void); +-void _sparcv9_vis1_probe(void); + unsigned long _sparcv9_vis1_instrument(void); +-void _sparcv9_vis2_probe(void); +-void _sparcv9_fmadd_probe(void); + unsigned long _sparcv9_rdcfr(void); +-void _sparcv9_vis3_probe(void); +-unsigned long _sparcv9_random(void); #ifndef _BOOT - size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t); - size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t); -@@ -227,15 +222,11 @@ - + size_t _sparcv9_vis1_instrument_bus(unsigned int *,size_t); + size_t _sparcv9_vis1_instrument_bus2(unsigned int *,size_t,size_t); +@@ -235,18 +235,11 @@ + #else - + -static sigjmp_buf common_jmp; --static void common_handler(int sig) { siglongjmp(common_jmp,sig); } +-static void common_handler(int sig) +-{ +- siglongjmp(common_jmp, sig); +-} - void OPENSSL_cpuid_setup(void) - { - char *e; -- struct sigaction common_act,ill_oact,bus_oact; -- sigset_t all_masked,oset; - static int trigger=0; -+ uint_t ui = 0; + { + char *e; +- struct sigaction common_act, ill_oact, bus_oact; +- sigset_t all_masked, oset; + static int trigger = 0; ++ uint_t ui = 0; + + if (trigger) + return; +@@ -259,80 +247,40 @@ + return; + } - if (trigger) return; - trigger=1; -@@ -248,86 +239,42 @@ - return; - } - -+ (void) getisax(&ui, 1); ++ (void) getisax(&ui, 1); + - /* Initial value, fits UltraSPARC-I&II... */ -- OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED; -+ OPENSSL_sparcv9cap_P[0] = SPARCV9_BLK; + /* Initial value, fits UltraSPARC-I&II... */ +- OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; ++ OPENSSL_sparcv9cap_P[0] = SPARCV9_BLK; -- sigfillset(&all_masked); -- sigdelset(&all_masked,SIGILL); -- sigdelset(&all_masked,SIGTRAP); --#ifdef SIGEMT -- sigdelset(&all_masked,SIGEMT); --#endif -- sigdelset(&all_masked,SIGFPE); -- sigdelset(&all_masked,SIGBUS); -- sigdelset(&all_masked,SIGSEGV); -- sigprocmask(SIG_SETMASK,&all_masked,&oset); +- sigfillset(&all_masked); +- sigdelset(&all_masked, SIGILL); +- sigdelset(&all_masked, SIGTRAP); +-# ifdef SIGEMT +- sigdelset(&all_masked, SIGEMT); +-# endif +- sigdelset(&all_masked, SIGFPE); +- sigdelset(&all_masked, SIGBUS); +- sigdelset(&all_masked, SIGSEGV); +- sigprocmask(SIG_SETMASK, &all_masked, &oset); - -- memset(&common_act,0,sizeof(common_act)); -- common_act.sa_handler = common_handler; -- common_act.sa_mask = all_masked; -- -- sigaction(SIGILL,&common_act,&ill_oact); -- sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */ +- memset(&common_act, 0, sizeof(common_act)); +- common_act.sa_handler = common_handler; +- common_act.sa_mask = all_masked; - -- if (sigsetjmp(common_jmp,1) == 0) -+ if (ui & AV_SPARC_VIS) - { -- _sparcv9_rdtick(); -- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; -- } +- sigaction(SIGILL, &common_act, &ill_oact); +- sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on +- * Linux] */ +- +- if (sigsetjmp(common_jmp, 1) == 0) { +- _sparcv9_rdtick(); +- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; +- } - -- if (sigsetjmp(common_jmp,1) == 0) -- { -- _sparcv9_vis1_probe(); -- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1|SPARCV9_BLK; - /* detect UltraSPARC-Tx, see sparccpud.S for details... */ -- if (_sparcv9_vis1_instrument() >= 12) -- OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); -- else -+ if (_sparcv9_vis1_instrument() < 7) -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_TICK_PRIVILEGED; -+ if (_sparcv9_vis1_instrument() < 12) - { -- _sparcv9_vis2_probe(); -- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; -+ OPENSSL_sparcv9cap_P[0] |= (SPARCV9_VIS1|SPARCV9_PREFER_FPU); -+ if (ui & AV_SPARC_VIS2) -+ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; - } - } +- if (sigsetjmp(common_jmp, 1) == 0) { +- _sparcv9_vis1_probe(); +- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK; ++ if (ui & AV_SPARC_VIS) { + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ +- if (_sparcv9_vis1_instrument() >= 12) +- OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); +- else { +- _sparcv9_vis2_probe(); +- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; +- } ++ if (_sparcv9_vis1_instrument() < 7) ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_TICK_PRIVILEGED; ++ if (_sparcv9_vis1_instrument() < 12) { ++ OPENSSL_sparcv9cap_P[0] |= (SPARCV9_VIS1 | SPARCV9_PREFER_FPU); ++ if (ui & AV_SPARC_VIS2) ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; ++ } + } -- if (sigsetjmp(common_jmp,1) == 0) -- { -- _sparcv9_fmadd_probe(); -+ if (ui & AV_SPARC_FMAF) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; -- } +- if (sigsetjmp(common_jmp, 1) == 0) { +- _sparcv9_fmadd_probe(); ++ if (ui & AV_SPARC_FMAF) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; +- } - /* - * VIS3 flag is tested independently from VIS1, unlike VIS2 that is, - * because VIS3 defines even integer instructions. - */ -- if (sigsetjmp(common_jmp,1) == 0) -- { -- _sparcv9_vis3_probe(); -+ if (ui & AV_SPARC_VIS3) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; -- } + /* + * VIS3 flag is tested independently from VIS1, unlike VIS2 that is, + * because VIS3 defines even integer instructions. + */ +- if (sigsetjmp(common_jmp,1) == 0) { +- _sparcv9_vis3_probe(); +- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; +- } ++ if (ui & AV_SPARC_VIS3) ++ OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; -- if (sigsetjmp(common_jmp,1) == 0) -- { -- (void)_sparcv9_random(); -- OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM; -- } -+#define AV_T4_MECHS (AV_SPARC_AES | AV_SPARC_DES | AV_SPARC_KASUMI | \ -+ AV_SPARC_CAMELLIA | AV_SPARC_MD5 | AV_SPARC_SHA1 | \ -+ AV_SPARC_SHA256 | AV_SPARC_SHA512 | AV_SPARC_MPMUL | AV_SPARC_CRC32C) +- if (sigsetjmp(common_jmp,1) == 0) { +- (void)_sparcv9_random(); +- OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM; +- } ++#define AV_T4_MECHS (AV_SPARC_AES | AV_SPARC_DES | AV_SPARC_KASUMI | \ ++ AV_SPARC_CAMELLIA | AV_SPARC_MD5 | AV_SPARC_SHA1 | \ ++ AV_SPARC_SHA256 | AV_SPARC_SHA512 | AV_SPARC_MPMUL | \ ++ AV_SPARC_CRC32C) -- /* -- * In wait for better solution _sparcv9_rdcfr is masked by -- * VIS3 flag, because it goes to uninterruptable endless -- * loop on UltraSPARC II running Solaris. Things might be -- * different on Linux... -- */ - if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && -- sigsetjmp(common_jmp,1) == 0) -- { -- OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); -- } -+ (ui & AV_T4_MECHS)) -+ OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); +- /* +- * In wait for better solution _sparcv9_rdcfr is masked by +- * VIS3 flag, because it goes to uninterruptable endless +- * loop on UltraSPARC II running Solaris. Things might be +- * different on Linux... +- */ +- if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && +- sigsetjmp(common_jmp, 1) == 0) { ++ if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS3) && (ui & AV_T4_MECHS)) + OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); +- } -- sigaction(SIGBUS,&bus_oact,NULL); -- sigaction(SIGILL,&ill_oact,NULL); +- sigaction(SIGBUS, &bus_oact, NULL); +- sigaction(SIGILL, &ill_oact, NULL); - -- sigprocmask(SIG_SETMASK,&oset,NULL); +- sigprocmask(SIG_SETMASK, &oset, NULL); - - if (sizeof(size_t)==8) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; + if (sizeof(size_t) == 8) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; #ifdef __linux ---- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Fri Apr 25 16:16:07 2014 -+++ openssl-1.0.1g/crypto/sparccpuid.S Fri Apr 25 16:17:40 2014 +--- openssl-1.0.1g/crypto/sparccpuid.S.~1~ Thu May 1 13:07:00 2014 ++++ openssl-1.0.1g/crypto/sparccpuid.S Thu May 1 13:11:33 2014 @@ -236,16 +236,6 @@ .type _sparcv9_rdtick,#function .size _sparcv9_rdtick,.-_sparcv9_rdtick