From f24c9564f015f017b07f8498bbe51edf9ba1c801 Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Sat, 24 May 2008 13:12:04 +0200 Subject: [PATCH] Update samba and collectd to current versions Included padlock patches for openssh and openssl not yet included in make --- doc/packages-list.txt | 2 + lfs/collectd | 6 +- lfs/openssh | 3 + lfs/openssl | 3 + lfs/samba | 6 +- src/patches/openssh-4.7p1-padlock.patch | 141 ++++ .../openssl-0.9.8g-engine-padlock.patch | 24 + src/patches/openssl-0.9.8g-sha-padlock.patch | 620 ++++++++++++++++++ 8 files changed, 799 insertions(+), 6 deletions(-) create mode 100644 src/patches/openssh-4.7p1-padlock.patch create mode 100644 src/patches/openssl-0.9.8g-engine-padlock.patch create mode 100644 src/patches/openssl-0.9.8g-sha-padlock.patch diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 87be4fbfc..814ac33d8 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -60,6 +60,7 @@ * clamav-0.93 * cmake-2.4.8 * collectd-4.3.0 +* collectd-4.4.0 * coreutils-5.96 * cpio-2.6 * cups-1.3.7 @@ -241,6 +242,7 @@ * rsync-2.6.9 * rtorrent-0.7.9 * samba-3.0.28a +* samba-3.0.29 * sane-1.0.19 * sane-1.0.19-kmod * screen-4.0.3 diff --git a/lfs/collectd b/lfs/collectd index 90564fe43..770528e34 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -25,7 +25,7 @@ include Config PKG_NAME = collectd -VER = 4.3.0 +VER = 4.4.0 THISAPP = collectd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ace292ba502f09379741e79561cf2c89 +$(DL_FILE)_MD5 = 76ec42bf1976c1d4110443d845decca3 install : $(TARGET) @@ -78,7 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var \ - --disable-{apache,apple_sensors,csv,ipvs,memcached,mysql,netlink,nginx,nut} \ + --disable-{apple_sensors,csv,ipvs,memcached,mysql,netlink,nginx,nut} \ --disable-{perl,serial,sensors,snmp,tape,vserver,wireless,xmms} \ --enable-{apcups,battery,cpu{,freq},df,disk,dns,email,entropy,exec,hddtemp} \ --enable-{interface,iptables,irq,load,logfile,mbmon,memory,multimeter} \ diff --git a/lfs/openssh b/lfs/openssh index 5e2f6865d..9e61bd156 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) +ifeq "$(PADLOCK)" "1" + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-4.7p1-padlock.patch +endif cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc/ssh \ --libexecdir=/usr/lib/openssh --with-md5-passwords \ diff --git a/lfs/openssl b/lfs/openssl index 681e4d792..c90846f78 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) +ifeq "$(PADLOCK)" "1" + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8g-engine-padlock.patch +endif @rm -rf /etc/ssl cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure diff --git a/lfs/samba b/lfs/samba index 51bff29e5..b846f38ed 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 3.0.28a +VER = 3.0.29 THISAPP = samba-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 5 +PAK_VER = 6 DEPS = "cups cyrus-sasl" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 59754cb0c19da6e65c42d0a163c5885a +$(DL_FILE)_MD5 = ac338e28f159e59a8d25cb1d0895cf8e install : $(TARGET) diff --git a/src/patches/openssh-4.7p1-padlock.patch b/src/patches/openssh-4.7p1-padlock.patch new file mode 100644 index 000000000..d0708f453 --- /dev/null +++ b/src/patches/openssh-4.7p1-padlock.patch @@ -0,0 +1,141 @@ +diff -urN openssh-4.7p1.orig/ssh-add.c openssh-4.7p1/ssh-add.c +--- openssh-4.7p1.orig/ssh-add.c 2007-09-06 15:16:42.472974134 +0200 ++++ openssh-4.7p1/ssh-add.c 2007-09-06 15:21:26.489159294 +0200 +@@ -42,6 +42,7 @@ + #include + + #include ++#include + + #include + #include +@@ -343,7 +344,11 @@ + + SSLeay_add_all_algorithms(); + +- /* At first, get a connection to the authentication agent. */ ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + ac = ssh_get_authentication_connection(); + if (ac == NULL) { + fprintf(stderr, +diff -urN openssh-4.7p1.orig/ssh-agent.c openssh-4.7p1/ssh-agent.c +--- openssh-4.7p1.orig/ssh-agent.c 2007-09-06 15:16:42.472974134 +0200 ++++ openssh-4.7p1/ssh-agent.c 2007-09-06 15:23:21.495713144 +0200 +@@ -51,6 +51,7 @@ + + #include + #include ++#include + + #include + #include +@@ -1061,6 +1062,11 @@ + + SSLeay_add_all_algorithms(); + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + __progname = ssh_get_progname(av[0]); + init_rng(); + seed_rng(); +diff -urN openssh-4.7p1.orig/ssh.c openssh-4.7p1/ssh.c +--- openssh-4.7p1.orig/ssh.c 2007-09-06 15:16:42.472974134 +0200 ++++ openssh-4.7p1/ssh.c 2007-09-06 15:24:18.498961574 +0200 +@@ -72,6 +72,7 @@ + + #include + #include ++#include + + #include "xmalloc.h" + #include "ssh.h" +@@ -560,6 +561,11 @@ + SSLeay_add_all_algorithms(); + ERR_load_crypto_strings(); + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + /* Initialize the command to execute on remote host. */ + buffer_init(&command); + +diff -urN openssh-4.7p1.orig/sshd.c openssh-4.7p1/sshd.c +--- openssh-4.7p1.orig/sshd.c 2007-09-06 15:16:42.472974134 +0200 ++++ openssh-4.7p1/sshd.c 2007-09-06 15:25:03.001497629 +0200 +@@ -75,6 +75,7 @@ + #include + #include + #include ++#include + #ifdef HAVE_SECUREWARE + #include + #include +@@ -1376,6 +1377,11 @@ + + SSLeay_add_all_algorithms(); + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + /* + * Force logging to stderr until we have loaded the private host + * key (unless started from inetd) +diff -urN openssh-4.7p1.orig/ssh-keygen.c openssh-4.7p1/ssh-keygen.c +--- openssh-4.7p1.orig/ssh-keygen.c 2007-09-06 15:16:42.472974134 +0200 ++++ openssh-4.7p1/ssh-keygen.c 2007-09-06 15:25:52.982847129 +0200 +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + #include + #include +@@ -1073,6 +1074,12 @@ + __progname = ssh_get_progname(argv[0]); + + SSLeay_add_all_algorithms(); ++ ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); + + init_rng(); +diff -urN openssh-4.7p1.orig/ssh-keysign.c openssh-4.7p1/ssh-keysign.c +--- openssh-4.7p1.orig/ssh-keysign.c 2007-09-06 15:16:42.472974134 +0200 ++++ openssh-4.7p1/ssh-keysign.c 2007-09-06 15:26:18.971328869 +0200 +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + + #include "xmalloc.h" + #include "log.h" +@@ -195,6 +196,12 @@ + fatal("could not open any host key"); + + SSLeay_add_all_algorithms(); ++ ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); diff --git a/src/patches/openssl-0.9.8g-engine-padlock.patch b/src/patches/openssl-0.9.8g-engine-padlock.patch new file mode 100644 index 000000000..37f45581f --- /dev/null +++ b/src/patches/openssl-0.9.8g-engine-padlock.patch @@ -0,0 +1,24 @@ +diff -urN openssl-0.9.8g.orig/ssl/ssl_algs.c openssl-0.9.8g/ssl/ssl_algs.c ++++ openssl-0.9.8g/ssl/ssl_algs.c 2007-11-13 19:50:35.356816442 +0100 +--- openssl-0.9.8g.orig/ssl/ssl_algs.c 2007-11-13 19:40:02.820770267 +0100 +@@ -57,6 +57,7 @@ + */ + + #include ++#include + #include + #include + #include "ssl_locl.h" +@@ -127,6 +128,12 @@ + #endif + /* initialize cipher/digest methods table */ + ssl_load_ciphers(); ++ ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + return(1); + } + diff --git a/src/patches/openssl-0.9.8g-sha-padlock.patch b/src/patches/openssl-0.9.8g-sha-padlock.patch new file mode 100644 index 000000000..9b1bb2a2a --- /dev/null +++ b/src/patches/openssl-0.9.8g-sha-padlock.patch @@ -0,0 +1,620 @@ +diff -urN openssl-0.9.8g.orig/crypto/engine/eng_padlock.c openssl-0.9.8g/crypto/engine/eng_padlock.c +--- openssl-0.9.8g.orig/crypto/engine/eng_padlock.c 2007-11-13 20:00:28.390611512 +0100 ++++ openssl-0.9.8g/crypto/engine/eng_padlock.c 2007-11-13 20:02:52.398818072 +0100 +@@ -74,12 +74,23 @@ + #ifndef OPENSSL_NO_AES + #include + #endif ++#ifndef OPENSSL_NO_SHA ++#include ++#endif + #include + #include + + #ifndef OPENSSL_NO_HW + #ifndef OPENSSL_NO_HW_PADLOCK + ++/* PadLock RNG is disabled by default */ ++#define PADLOCK_NO_RNG 1 ++ ++/* No ASM routines for SHA in MSC yet */ ++#ifdef _MSC_VER ++#define OPENSSL_NO_SHA ++#endif ++ + /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ + #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) + # ifndef OPENSSL_NO_DYNAMIC_ENGINE +@@ -135,52 +146,89 @@ + static int padlock_init(ENGINE *e); + + /* RNG Stuff */ ++#ifndef PADLOCK_NO_RNG + static RAND_METHOD padlock_rand; ++#endif + + /* Cipher Stuff */ + #ifndef OPENSSL_NO_AES + static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + #endif + ++/* Digest Stuff */ ++#ifndef OPENSSL_NO_SHA ++static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); ++#endif ++ + /* Engine names */ + static const char *padlock_id = "padlock"; + static char padlock_name[100]; + + /* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ ++enum padlock_flags { ++ PADLOCK_RNG = 0x01, ++ PADLOCK_ACE = 0x02, ++ PADLOCK_ACE2 = 0x04, ++ PADLOCK_PHE = 0x08, ++ PADLOCK_PMM = 0x10 ++}; ++enum padlock_flags padlock_flags; ++ ++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG) ++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2)) ++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE) ++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2) ++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE) ++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM) ++ + #ifndef OPENSSL_NO_AES + static int padlock_aes_align_required = 1; + #endif + ++/* Init / Max buffer sizes for SHA */ ++#define PADLOCK_SHA_INIT_ORD 13 /* = 8192 */ ++#define PADLOCK_SHA_MAX_ORD 13 /* = 8192 */ ++ + /* ===== Engine "management" functions ===== */ + + /* Prepare the ENGINE structure for registration */ + static int + padlock_bind_helper(ENGINE *e) + { ++ char phe_string[20]; ++ + /* Check available features */ + padlock_available(); + +-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ +- padlock_use_rng=0; +-#endif ++ /* Build PHE info with buffer size argument */ ++ if (PADLOCK_HAVE_PHE) ++ BIO_snprintf(phe_string, sizeof(phe_string), ++ "PHE(%lu) ", 1UL << PADLOCK_SHA_MAX_ORD); + + /* Generate a nice engine name with available features */ + BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); ++ "VIA PadLock: %s%s%s%s%s", ++ padlock_flags ? "" : "not supported", ++ PADLOCK_HAVE_RNG ? "RNG " : "", ++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "", ++ PADLOCK_HAVE_PHE ? phe_string : "", ++ PADLOCK_HAVE_PMM ? "PMM " : ""); + + /* Register everything or return with an error */ + if (!ENGINE_set_id(e, padlock_id) || + !ENGINE_set_name(e, padlock_name) || + +- !ENGINE_set_init_function(e, padlock_init) || ++ !ENGINE_set_init_function(e, padlock_init) + #ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || ++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers)) ++#endif ++#ifndef OPENSSL_NO_SHA ++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests)) ++#endif ++#ifndef PADLOCK_NO_RNG ++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand)) + #endif +- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { ++ ) { + return 0; + } + +@@ -210,7 +258,7 @@ + static int + padlock_init(ENGINE *e) + { +- return (padlock_use_rng || padlock_use_ace); ++ return (padlock_flags); + } + + /* This stuff is needed if this ENGINE is being compiled into a self-contained +@@ -237,6 +285,17 @@ + + /* ===== Here comes the "real" engine ===== */ + ++#ifdef __GNUC__ ++#define likely(x) __builtin_expect(!!(x), 1) ++#define unlikely(x) __builtin_expect(!!(x), 0) ++#else ++#define likely(x) (x) ++#define unlikely(x) (x) ++#endif ++ ++/* How to test if we need to typedef uint32_t ??? */ ++typedef unsigned long uint32_t; ++ + #ifndef OPENSSL_NO_AES + /* Some AES-related constants */ + #define AES_BLOCK_SIZE 16 +@@ -362,10 +421,22 @@ + : "+a"(eax), "=d"(edx) : : "ecx"); + + /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); +- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); ++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0); ++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0); ++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0); ++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0); ++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0); + +- return padlock_use_ace + padlock_use_rng; ++ return padlock_flags; ++} ++ ++static inline void ++padlock_htonl_block(uint32_t *data, size_t count) ++{ ++ while (count--) { ++ asm volatile ("bswapl %0" : "+r"(*data)); ++ data++; ++ } + } + + #ifndef OPENSSL_NO_AES +@@ -374,12 +445,9 @@ + padlock_bswapl(AES_KEY *ks) + { + size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); +- unsigned int *key = ks->rd_key; ++ uint32_t *key = (uint32_t*) ks->rd_key; + +- while (i--) { +- asm volatile ("bswapl %0" : "+r"(*key)); +- key++; +- } ++ padlock_htonl_block(key, i); + } + #endif + +@@ -1154,6 +1222,415 @@ + + #endif /* OPENSSL_NO_AES */ + ++#ifndef OPENSSL_NO_SHA ++ ++// #define PADLOCK_SHA_STAT 1 ++ ++union sha_all_ctx { ++ SHA_CTX sha_ctx; ++ SHA256_CTX sha256_ctx; /* shared with SHA224 */ ++}; ++ ++typedef int (*f_sha_init)(void *c); ++typedef int (*f_sha_update)(void *c, const void *_data, size_t len); ++typedef int (*f_sha_final)(unsigned char *md, void *c); ++typedef void (*f_sha_padlock)(char *in, unsigned char *out, int count); ++ ++struct sha_digest_functions { ++ f_sha_init init; ++ f_sha_update update; ++ f_sha_final final; ++ f_sha_padlock padlock; ++}; ++ ++/* Don't forget to initialize all relevant ++ * fields in padlock_sha_init() or face the ++ * consequences!!! ++ * BTW We don't use bzero() on this structure ++ * because zeroing fallback_ctx is ++ * a waste of time. */ ++struct padlock_digest_data { ++ void *buf_start, *buf_alloc; ++ ssize_t used; ++ unsigned long order:8, bypass:1; ++ /* Fallback support */ ++ struct sha_digest_functions fallback_fcs; ++ union sha_all_ctx fallback_ctx; ++#ifdef PADLOCK_SHA_STAT ++ size_t stat_count, stat_total; ++#endif ++}; ++ ++#ifdef PADLOCK_SHA_STAT ++size_t all_count, all_total; ++#endif ++ ++#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data)) ++#define DDATA_FREE(ddata) ((size_t)(1L << ddata->order) - ddata->used) ++ ++static void ++padlock_sha_bypass(struct padlock_digest_data *ddata) ++{ ++ if (ddata->bypass) ++ return; ++ ++ ddata->fallback_fcs.init(&ddata->fallback_ctx); ++ if (ddata->buf_start && ddata->used > 0) { ++ ddata->fallback_fcs.update(&ddata->fallback_ctx, ddata->buf_start, ddata->used); ++ if (ddata->buf_alloc) { ++ memset(ddata->buf_start, 0, ddata->used); ++ free(ddata->buf_alloc); ++ ddata->buf_alloc = 0; ++ } ++ } ++ ddata->buf_start = 0; ++ ddata->used = 0; ++ ddata->bypass = 1; ++ ++ return; ++} ++ ++static void ++padlock_do_sha1(char *in, char *out, int count) ++{ ++ /* We can't store directly to *out as it ++ * doesn't have to be aligned. But who cares, ++ * it's only a few bytes... */ ++ char buf[128+16]; ++ unsigned char *output = NEAREST_ALIGNED(buf); ++ ++ ((uint32_t*)output)[0] = 0x67452301; ++ ((uint32_t*)output)[1] = 0xEFCDAB89; ++ ((uint32_t*)output)[2] = 0x98BADCFE; ++ ((uint32_t*)output)[3] = 0x10325476; ++ ((uint32_t*)output)[4] = 0xC3D2E1F0; ++ ++ asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */ ++ : "+S"(in), "+D"(output) ++ : "c"(count), "a"(0)); ++ ++ memcpy(out, output, 5 * sizeof(uint32_t)); ++ ++ padlock_htonl_block((uint32_t*)out, 5); ++} ++ ++static void ++padlock_do_sha224(char *in, char *out, int count) ++{ ++ /* We can't store directly to *out as it ++ * doesn't have to be aligned. But who cares, ++ * it's only a few bytes... */ ++ char buf[128+16]; ++ unsigned char *output = NEAREST_ALIGNED(buf); ++ ++ ((uint32_t*)output)[0] = 0xC1059ED8UL; ++ ((uint32_t*)output)[1] = 0x367CD507UL; ++ ((uint32_t*)output)[2] = 0x3070DD17UL; ++ ((uint32_t*)output)[3] = 0xF70E5939UL; ++ ((uint32_t*)output)[4] = 0xFFC00B31UL; ++ ((uint32_t*)output)[5] = 0x68581511UL; ++ ((uint32_t*)output)[6] = 0x64F98FA7UL; ++ ((uint32_t*)output)[7] = 0xBEFA4FA4UL; ++ ++ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ ++ : "+S"(in), "+D"(output) ++ : "c"(count), "a"(0)); ++ ++ memcpy(out, output, 7 * sizeof(uint32_t)); ++ ++ padlock_htonl_block((uint32_t*)out, 7); ++} ++ ++static void ++padlock_do_sha256(char *in, char *out, int count) ++{ ++ /* We can't store directly to *out as it ++ * doesn't have to be aligned. But who cares, ++ * it's only a few bytes... */ ++ char buf[128+16]; ++ unsigned char *output = NEAREST_ALIGNED(buf); ++ ++ ((uint32_t*)output)[0] = 0x6A09E667; ++ ((uint32_t*)output)[1] = 0xBB67AE85; ++ ((uint32_t*)output)[2] = 0x3C6EF372; ++ ((uint32_t*)output)[3] = 0xA54FF53A; ++ ((uint32_t*)output)[4] = 0x510E527F; ++ ((uint32_t*)output)[5] = 0x9B05688C; ++ ((uint32_t*)output)[6] = 0x1F83D9AB; ++ ((uint32_t*)output)[7] = 0x5BE0CD19; ++ ++ asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */ ++ : "+S"(in), "+D"(output) ++ : "c"(count), "a"(0)); ++ ++ memcpy(out, output, 8 * sizeof(uint32_t)); ++ ++ padlock_htonl_block((uint32_t*)out, 8); ++} ++ ++static int ++padlock_sha_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ ddata->used = 0; ++ ddata->bypass = 0; ++ ++ ddata->order = PADLOCK_SHA_INIT_ORD; ++ ddata->buf_alloc = malloc((1L << ddata->order) + 16); ++ ddata->buf_start = NEAREST_ALIGNED(ddata->buf_alloc); ++ ++ return 1; ++} ++ ++static int ++padlock_sha1_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ ddata->fallback_fcs.init = (f_sha_init)SHA1_Init; ++ ddata->fallback_fcs.update = (f_sha_update)SHA1_Update; ++ ddata->fallback_fcs.final = (f_sha_final)SHA1_Final; ++ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha1; ++ ++ return padlock_sha_init(ctx); ++} ++ ++static int ++padlock_sha224_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ ddata->fallback_fcs.init = (f_sha_init)SHA224_Init; ++ ddata->fallback_fcs.update = (f_sha_update)SHA224_Update; ++ ddata->fallback_fcs.final = (f_sha_final)SHA224_Final; ++ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha224; ++ ++ return padlock_sha_init(ctx); ++} ++ ++static int ++padlock_sha256_init(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ ddata->fallback_fcs.init = (f_sha_init)SHA256_Init; ++ ddata->fallback_fcs.update = (f_sha_update)SHA256_Update; ++ ddata->fallback_fcs.final = (f_sha_final)SHA256_Final; ++ ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha256; ++ ++ return padlock_sha_init(ctx); ++} ++ ++static int ++padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++#ifdef PADLOCK_SHA_STAT ++ ddata->stat_count++; ++ ddata->stat_total += length; ++ all_count++; ++ all_total += length; ++#endif ++ if (unlikely(ddata->bypass)) { ++ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); ++ return 1; ++ } ++ if (unlikely(DDATA_FREE(ddata) < length)) { ++ if (likely(ddata->used + length > (1 << PADLOCK_SHA_MAX_ORD))) { ++ /* Too much data to be stored -> bypass to SW SHA */ ++ padlock_sha_bypass(ddata); ++ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); ++ return 1; ++ } else { ++ /* Resize the alocated buffer */ ++ char *new_buf; ++ size_t new_size; ++ ++ while ((1<<++ddata->order) < (ddata->used + length)); ++ new_size = (1<order); ++ if(!(new_buf = realloc(ddata->buf_alloc, new_size + 16))) { ++ /* fallback plan again */ ++ padlock_sha_bypass(ddata); ++ ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length); ++ return 1; ++ } ++ ddata->buf_alloc = new_buf; ++ ddata->buf_start = NEAREST_ALIGNED(new_buf); ++ } ++ } ++ ++ memcpy(ddata->buf_start + ddata->used, data, length); ++ ddata->used += length; ++ ++ return 1; ++} ++ ++static int ++padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++#ifdef PADLOCK_SHA_STAT ++ fprintf(stderr, "PadLock CTX: cnt=%zu, tot=%zu, avg=%zu\n", ++ ddata->stat_count, ddata->stat_total, ++ ddata->stat_count ? (ddata->stat_total/ddata->stat_count) : 0); ++ fprintf(stderr, "PadLock ALL: cnt=%zu, tot=%zu, avg=%zu\n", ++ all_count, all_total, all_count ? (all_total/all_count) : 0); ++#endif ++ ++ if (ddata->bypass) { ++ ddata->fallback_fcs.final(md, &ddata->fallback_ctx); ++ return 1; ++ } ++ ++ /* Pass the input buffer to PadLock microcode... */ ++ ddata->fallback_fcs.padlock(ddata->buf_start, md, ddata->used); ++ memset(ddata->buf_start, 0, ddata->used); ++ free(ddata->buf_alloc); ++ ddata->buf_start = 0; ++ ddata->buf_alloc = 0; ++ ddata->used = 0; ++ ++ return 1; ++} ++ ++static int ++padlock_sha_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) ++{ ++ struct padlock_digest_data *ddata_from = DIGEST_DATA(from); ++ struct padlock_digest_data *ddata_to = DIGEST_DATA(to); ++ ++ memcpy(ddata_to, ddata_from, sizeof(struct padlock_digest_data)); ++ if (ddata_from->buf_alloc) { ++ ddata_to->buf_alloc = malloc(1L << ddata_to->order); ++ if (!ddata_to->buf_start) { ++ fprintf(stderr, "%s(): malloc() failed\n", __func__); ++ exit(1); ++ } ++ ddata_to->buf_start = NEAREST_ALIGNED(ddata_to->buf_alloc); ++ memcpy(ddata_to->buf_start, ddata_from->buf_start, ddata_from->used); ++ } ++ return 1; ++} ++ ++static int ++padlock_sha_cleanup(EVP_MD_CTX *ctx) ++{ ++ struct padlock_digest_data *ddata = DIGEST_DATA(ctx); ++ ++ if (ddata->buf_alloc) { ++ memset(ddata->buf_start, 0, ddata->used); ++ free(ddata->buf_alloc); ++ } ++ ++ memset(ddata, 0, sizeof(struct padlock_digest_data)); ++ ++ return 1; ++} ++ ++static const EVP_MD padlock_sha1_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ padlock_sha1_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static const EVP_MD padlock_sha224_md = { ++ NID_sha224, ++ NID_sha224WithRSAEncryption, ++ SHA224_DIGEST_LENGTH, ++ 0, ++ padlock_sha224_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static const EVP_MD padlock_sha256_md = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ 0, ++ padlock_sha256_init, ++ padlock_sha_update, ++ padlock_sha_final, ++ padlock_sha_copy, ++ padlock_sha_cleanup, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(struct padlock_digest_data), ++}; ++ ++static int padlock_digest_nids[] = { ++#if !defined(OPENSSL_NO_SHA) ++ NID_sha1, ++#endif ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ NID_sha224, ++#endif ++ NID_sha256, ++#endif ++}; ++ ++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]); ++ ++static int ++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid) ++{ ++ /* No specific digest => return a list of supported nids ... */ ++ if (!digest) { ++ *nids = padlock_digest_nids; ++ return padlock_digest_nids_num; ++ } ++ ++ /* ... or the requested "digest" otherwise */ ++ switch (nid) { ++#if !defined(OPENSSL_NO_SHA) ++ case NID_sha1: ++ *digest = &padlock_sha1_md; ++ break; ++#endif ++ ++ ++#if !defined(OPENSSL_NO_SHA256) ++#if !defined(OPENSSL_NO_SHA224) ++ case NID_sha224: ++ *digest = &padlock_sha224_md; ++ break; ++#endif /* OPENSSL_NO_SHA224 */ ++ ++ case NID_sha256: ++ *digest = &padlock_sha256_md; ++ break; ++#endif /* OPENSSL_NO_SHA256 */ ++ ++ default: ++ /* Sorry, we don't support this NID */ ++ *digest = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_NO_SHA */ ++ ++#ifndef PADLOCK_NO_RNG + /* ===== Random Number Generator ===== */ + /* + * This code is not engaged. The reason is that it does not comply +@@ -1209,6 +1686,7 @@ + padlock_rand_bytes, /* pseudorand */ + padlock_rand_status, /* rand status */ + }; ++#endif /* PADLOCK_NO_RNG */ + + #endif /* COMPILE_HW_PADLOCK */ + -- 2.39.2