main/openssl: refresh hmac/oneshot and padlock patches

* fixed hmac oneshot flag to work as expected
 * renamed the patch series, and rebased against 1.0.1c

main/openssl/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch

@@ -1,7 +1,8 @@
-From 74e428937523858363f26f89d86db24932447ca1 Mon Sep 17 00:00:00 2001
+From ca3e27975dce1d969eeb41f5d882b34cb3eb1efb Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Fri, 4 Jun 2010 09:48:39 +0300
-Subject: [PATCH 1/5] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly
+Subject: [PATCH 1/4] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it
+ properly
 
 Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT
 is set before final update. This is because some crypto accelerators cannot
@@ -12,22 +13,14 @@ differently here. It is set before the final EVP_DigestUpdate call, not
 necessarily before EVP_DigestInit call. This will not cause any problems
 though.
 ---
- crypto/hmac/hmac.c |   14 +++++++++++---
- 1 files changed, 11 insertions(+), 3 deletions(-)
+ crypto/hmac/hmac.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
 
 diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
-index 45015fe..55ad15c 100644
+index ba27cbf..cffa0ba 100644
 --- a/crypto/hmac/hmac.c
 +++ b/crypto/hmac/hmac.c
-@@ -66,6 +66,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- 	{
- 	int i,j,reset=0;
- 	unsigned char pad[HMAC_MAX_MD_CBLOCK];
-+	unsigned long flags;
- 
- 	if (md != NULL)
- 		{
-@@ -82,6 +83,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+@@ -104,6 +104,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
  		OPENSSL_assert(j <= (int)sizeof(ctx->key));
  		if (j < len)
  			{
@@ -35,17 +28,15 @@ index 45015fe..55ad15c 100644
  			if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
  				goto err;
  			if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
-@@ -105,17 +107,22 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+@@ -127,6 +128,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
  		{
  		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
  			pad[i]=0x36^ctx->key[i];
-+		flags = EVP_MD_CTX_test_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
 +		EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
  		if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
  			goto err;
  		if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
- 			goto err;
-+		EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+@@ -134,14 +136,18 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
  
  		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
  			pad[i]=0x5c^ctx->key[i];
@@ -54,29 +45,53 @@ index 45015fe..55ad15c 100644
  			goto err;
  		if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
  			goto err;
-+		EVP_MD_CTX_set_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
  		}
++
  	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
  			goto err;
-@@ -197,7 +204,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
++	EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ 	return 1;
++
+ 	err:
+ 	return 0;
+ 	}
+@@ -166,6 +172,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ 	{
+ 	unsigned int i;
+ 	unsigned char buf[EVP_MAX_MD_SIZE];
++
+ #ifdef OPENSSL_FIPS
+ 	if (FIPS_mode() && !ctx->i_ctx.engine)
+ 		return FIPS_hmac_final(ctx, md, len);
+@@ -175,6 +182,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ 		goto err;
+ 	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
+ 		goto err;
++	EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT);
+ 	if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
+ 		goto err;
+ 	if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
+@@ -231,8 +239,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
  
  	if (md == NULL) md=m;
  	HMAC_CTX_init(&c);
 -	if (!HMAC_Init(&c,key,key_len,evp_md))
-+	HMAC_CTX_set_flags(&c, EVP_MD_CTX_FLAG_ONESHOT);
 +	if (!HMAC_Init_ex(&c,key,key_len,evp_md,NULL))
  		goto err;
++	HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT);
  	if (!HMAC_Update(&c,d,n))
  		goto err;
-@@ -212,6 +220,6 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ 	if (!HMAC_Final(&c,md,md_len))
+@@ -245,7 +254,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ 
  void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
  	{
- 	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+-	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
 -	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
--	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
++	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
 +	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
-+	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
+ 	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
  	}
 -- 
-1.7.0.4
+1.7.11.3
 

main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch

@@ -1,7 +1,7 @@
-From 1d27eeb41fbc2e8f36f156d4d66d04486afee742 Mon Sep 17 00:00:00 2001
+From 6e182155643a6aeb07cbba1e7f79ac1adfcddad2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Wed, 28 Jul 2010 08:29:09 +0300
-Subject: [PATCH 3/5] engines/e_padlock: backport cvs head changes
+Subject: [PATCH 2/4] engines/e_padlock: backport cvs head changes
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -10,11 +10,11 @@ Includes support for VIA Nano 64-bit mode.
 
 Signed-off-by: Timo Teräs <timo.teras@iki.fi>
 ---
- engines/e_padlock.c |  140 ++++++++++++++++++++++++++++++++++++++++++++-------
- 1 files changed, 122 insertions(+), 18 deletions(-)
+ engines/e_padlock.c | 140 +++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 122 insertions(+), 18 deletions(-)
 
 diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index 381a746..4300f35 100644
+index 9f7a85a..6ab42d2 100644
 --- a/engines/e_padlock.c
 +++ b/engines/e_padlock.c
 @@ -101,7 +101,10 @@
@@ -28,8 +28,8 @@ index 381a746..4300f35 100644
 +     ) || \
       (defined(_MSC_VER) && defined(_M_IX86))
  #  define COMPILE_HW_PADLOCK
- static ENGINE *ENGINE_padlock (void);
-@@ -294,6 +297,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
+ # endif
+@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
   * =======================================================
   */
  #if defined(__GNUC__) && __GNUC__>=2
@@ -37,7 +37,7 @@ index 381a746..4300f35 100644
  /*
   * As for excessive "push %ebx"/"pop %ebx" found all over.
   * When generating position-independent code GCC won't let
-@@ -373,21 +377,6 @@ padlock_available(void)
+@@ -383,21 +387,6 @@ padlock_available(void)
  	return padlock_use_ace + padlock_use_rng;
  }
  
@@ -59,7 +59,7 @@ index 381a746..4300f35 100644
  /* Force key reload from memory to the CPU microcode.
     Loading EFLAGS from the stack clears EFLAGS[30] 
     which does the trick. */
-@@ -445,12 +434,127 @@ static inline void *name(size_t cnt,		\
+@@ -455,12 +444,127 @@ static inline void *name(size_t cnt,		\
  		: "edx", "cc", "memory");	\
  	return iv;				\
  }
@@ -187,7 +187,7 @@ index 381a746..4300f35 100644
  #endif
  
  /* The RNG call itself */
-@@ -481,8 +585,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
+@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
  static inline unsigned char *
  padlock_memcpy(void *dst,const void *src,size_t n)
  {
@@ -199,5 +199,5 @@ index 381a746..4300f35 100644
  	n /= sizeof(*d);
  	do { *d++ = *s++; } while (--n);
 -- 
-1.7.0.4
+1.7.11.3
 

main/openssl/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch

@@ -1,7 +1,8 @@
-From b235a1c0686e5f4f32703c0eb0a75ee9902a7e89 Mon Sep 17 00:00:00 2001
+From 77b32d0906eaac4d9adf3e6b7c3b52d927e10b41 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Wed, 28 Jul 2010 08:37:58 +0300
-Subject: [PATCH 4/5] engines/e_padlock: implement sha1/sha224/sha256 acceleration
+Subject: [PATCH 3/4] engines/e_padlock: implement sha1/sha224/sha256
+ acceleration
 
 Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT
 is used appropriately (as done by EVP_Digest, and my previous HMAC patch).
@@ -24,11 +25,11 @@ sha1         37713.77k   114562.71k   259637.33k   379907.41k   438818.13k
 sha256       34262.86k   103233.75k   232476.07k   338386.60k   389860.01k
 hmac(sha1)    8424.70k    31475.11k   104036.10k   245559.30k   406667.26k
 ---
- engines/e_padlock.c |  660 +++++++++++++++++++++++++++++++++++++++++++++++----
- 1 files changed, 613 insertions(+), 47 deletions(-)
+ engines/e_padlock.c | 660 ++++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 613 insertions(+), 47 deletions(-)
 
 diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index 4300f35..3591c59 100644
+index 6ab42d2..e107d3c 100644
 --- a/engines/e_padlock.c
 +++ b/engines/e_padlock.c
 @@ -3,6 +3,9 @@
@@ -85,7 +86,7 @@ index 4300f35..3591c59 100644
  /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
  #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
  #  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-@@ -143,58 +169,40 @@ static int padlock_available(void);
+@@ -149,58 +175,40 @@ static int padlock_available(void);
  static int padlock_init(ENGINE *e);
  
  /* RNG Stuff */
@@ -163,9 +164,9 @@ index 4300f35..3591c59 100644
 -}
 +/* ===== Engine "management" functions ===== */
  
- /* Constructor */
- static ENGINE *
-@@ -218,7 +226,7 @@ ENGINE_padlock(void)
+ #ifdef OPENSSL_NO_DYNAMIC_ENGINE
+ 
+@@ -228,7 +236,7 @@ ENGINE_padlock(void)
  static int
  padlock_init(ENGINE *e)
  {
@@ -174,7 +175,7 @@ index 4300f35..3591c59 100644
  }
  
  /* This stuff is needed if this ENGINE is being compiled into a self-contained
-@@ -371,10 +379,20 @@ padlock_available(void)
+@@ -381,10 +389,20 @@ padlock_available(void)
  		: "+a"(eax), "=d"(edx) : : "ecx");
  
  	/* Fill up some flags */
@@ -198,7 +199,7 @@ index 4300f35..3591c59 100644
  }
  
  /* Force key reload from memory to the CPU microcode.
-@@ -471,10 +489,14 @@ padlock_available(void)
+@@ -481,10 +499,14 @@ padlock_available(void)
  		: "+a"(eax), "=d"(edx) : : "rbx", "rcx");
  
  	/* Fill up some flags */
@@ -217,7 +218,7 @@ index 4300f35..3591c59 100644
  }
  
  /* Force key reload from memory to the CPU microcode.
-@@ -1263,6 +1285,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+@@ -1273,6 +1295,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
  
  #endif /* OPENSSL_NO_AES */
  
@@ -714,7 +715,7 @@ index 4300f35..3591c59 100644
  /* ===== Random Number Generator ===== */
  /*
   * This code is not engaged. The reason is that it does not comply
-@@ -1319,6 +1831,60 @@ static RAND_METHOD padlock_rand = {
+@@ -1329,6 +1841,60 @@ static RAND_METHOD padlock_rand = {
  	padlock_rand_status,	/* rand status */
  };
  
@@ -776,5 +777,5 @@ index 4300f35..3591c59 100644
  #ifndef OPENSSL_NO_DYNAMIC_ENGINE
  OPENSSL_EXPORT
 -- 
-1.7.0.4
+1.7.11.3
 

main/openssl/0004-crypto-engine-autoload-padlock-dynamic-engine.patch

@@ -1,17 +1,17 @@
-From b96276c8f11e656e4296955bf1a8d0ac2b6094fe Mon Sep 17 00:00:00 2001
+From 21668119c0f83f309b423b8a443dbef5206ab778 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
 Date: Fri, 4 Jun 2010 18:02:39 +0300
-Subject: [PATCH 5/5] crypto/engine: autoload padlock dynamic engine
+Subject: [PATCH 4/4] crypto/engine: autoload padlock dynamic engine
 
 ---
- crypto/engine/eng_all.c |   10 ++++++++++
- 1 files changed, 10 insertions(+), 0 deletions(-)
+ crypto/engine/eng_all.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
 
 diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
-index 22c1204..827e447 100644
+index 6093376..210b2d7 100644
 --- a/crypto/engine/eng_all.c
 +++ b/crypto/engine/eng_all.c
-@@ -112,6 +112,16 @@ void ENGINE_load_builtin_engines(void)
+@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void)
  	ENGINE_load_capi();
  #endif
  #endif
@@ -25,9 +25,9 @@ index 22c1204..827e447 100644
 +		}
 +	}
 +#endif
-	ENGINE_register_all_complete();
+ 	ENGINE_register_all_complete();
  	}
  
 -- 
-1.7.0.4
+1.7.11.3
 

main/openssl/APKBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openssl
 pkgver=1.0.1c
-pkgrel=1
+pkgrel=2
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
 depends=
@@ -16,9 +16,9 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
 	fix-manpages.patch
 	openssl-bb-basename.patch
 	0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
-	0003-engines-e_padlock-backport-cvs-head-changes.patch
-	0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
-	0005-crypto-engine-autoload-padlock-dynamic-engine.patch
+	0002-engines-e_padlock-backport-cvs-head-changes.patch
+	0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
+	0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -71,7 +71,7 @@ libssl() {
 md5sums="ae412727c8c15b67880aef7bd2999b2e  openssl-1.0.1c.tar.gz
 115c481cd59b3dba631364e8fb1778f5  fix-manpages.patch
 c6a9857a5dbd30cead0404aa7dd73977  openssl-bb-basename.patch
-1f607b8e11347e56a0906756f3d6928a  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
-53fbd01733b488717575e04a5aaf6664  0003-engines-e_padlock-backport-cvs-head-changes.patch
-c0dae72e29e8fdfb753906411b1722bc  0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
-7820941f69acf58f05cccb33faf4ee70  0005-crypto-engine-autoload-padlock-dynamic-engine.patch"
+ddb5fc155145d5b852425adaec32234d  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+4a7b9e20beb33a5e262ab64c2b8e5b48  0002-engines-e_padlock-backport-cvs-head-changes.patch
+d95bbaa38889836afd3c52f3962f3b54  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
+c32f42451a07267ee5dfb3781fa40c00  0004-crypto-engine-autoload-padlock-dynamic-engine.patch"