|
|
fd2893 |
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl
|
|
|
fd2893 |
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports 2017-03-09 17:59:26.367233931 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl 2017-03-27 15:25:28.615014528 +0200
|
|
|
fd2893 |
@@ -1702,6 +1702,7 @@ $code.=<<___;
|
|
|
fd2893 |
mov 240($key),$rounds
|
|
|
fd2893 |
sub $in0,$out
|
|
|
fd2893 |
movups ($key),$rndkey0 # $key[0]
|
|
|
fd2893 |
+ movups ($ivp),$iv # load IV
|
|
|
fd2893 |
movups 16($key),$rndkey[0] # forward reference
|
|
|
fd2893 |
lea 112($key),$key # size optimization
|
|
|
fd2893 |
|
|
|
fd2893 |
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl
|
|
|
fd2893 |
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports 2017-03-09 17:59:26.369233978 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl 2017-03-27 15:25:28.618014599 +0200
|
|
|
fd2893 |
@@ -1299,6 +1299,7 @@ $code.=<<___;
|
|
|
fd2893 |
mov 240($key),$rounds
|
|
|
fd2893 |
sub $in0,$out
|
|
|
fd2893 |
movups ($key),$rndkey0 # $key[0]
|
|
|
fd2893 |
+ movups ($ivp),$iv # load IV
|
|
|
fd2893 |
movups 16($key),$rndkey[0] # forward reference
|
|
|
fd2893 |
lea 112($key),$key # size optimization
|
|
|
fd2893 |
|
|
|
fd2893 |
diff -up openssl-1.0.2k/crypto/x86cpuid.pl.backports openssl-1.0.2k/crypto/x86cpuid.pl
|
|
|
fd2893 |
--- openssl-1.0.2k/crypto/x86cpuid.pl.backports 2017-03-09 17:59:26.339233278 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/crypto/x86cpuid.pl 2017-03-27 15:26:06.833916588 +0200
|
|
|
fd2893 |
@@ -20,10 +20,10 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
|
|
fd2893 |
&pop ("eax");
|
|
|
fd2893 |
&xor ("ecx","eax");
|
|
|
fd2893 |
&xor ("eax","eax");
|
|
|
fd2893 |
+ &mov ("esi",&wparam(0));
|
|
|
fd2893 |
+ &mov (&DWP(8,"esi"),"eax"); # clear extended feature flags
|
|
|
fd2893 |
&bt ("ecx",21);
|
|
|
fd2893 |
&jnc (&label("nocpuid"));
|
|
|
fd2893 |
- &mov ("esi",&wparam(0));
|
|
|
fd2893 |
- &mov (&DWP(8,"esi"),"eax"); # clear 3rd word
|
|
|
fd2893 |
&cpuid ();
|
|
|
fd2893 |
&mov ("edi","eax"); # max value for standard query level
|
|
|
fd2893 |
|
|
|
fd2893 |
@@ -81,26 +81,16 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
|
|
fd2893 |
&jmp (&label("generic"));
|
|
|
fd2893 |
|
|
|
fd2893 |
&set_label("intel");
|
|
|
fd2893 |
- &cmp ("edi",7);
|
|
|
fd2893 |
- &jb (&label("cacheinfo"));
|
|
|
fd2893 |
-
|
|
|
fd2893 |
- &mov ("esi",&wparam(0));
|
|
|
fd2893 |
- &mov ("eax",7);
|
|
|
fd2893 |
- &xor ("ecx","ecx");
|
|
|
fd2893 |
- &cpuid ();
|
|
|
fd2893 |
- &mov (&DWP(8,"esi"),"ebx");
|
|
|
fd2893 |
-
|
|
|
fd2893 |
-&set_label("cacheinfo");
|
|
|
fd2893 |
&cmp ("edi",4);
|
|
|
fd2893 |
- &mov ("edi",-1);
|
|
|
fd2893 |
+ &mov ("esi",-1);
|
|
|
fd2893 |
&jb (&label("nocacheinfo"));
|
|
|
fd2893 |
|
|
|
fd2893 |
&mov ("eax",4);
|
|
|
fd2893 |
&mov ("ecx",0); # query L1D
|
|
|
fd2893 |
&cpuid ();
|
|
|
fd2893 |
- &mov ("edi","eax");
|
|
|
fd2893 |
- &shr ("edi",14);
|
|
|
fd2893 |
- &and ("edi",0xfff); # number of cores -1 per L1D
|
|
|
fd2893 |
+ &mov ("esi","eax");
|
|
|
fd2893 |
+ &shr ("esi",14);
|
|
|
fd2893 |
+ &and ("esi",0xfff); # number of cores -1 per L1D
|
|
|
fd2893 |
|
|
|
fd2893 |
&set_label("nocacheinfo");
|
|
|
fd2893 |
&mov ("eax",1);
|
|
|
fd2893 |
@@ -118,7 +108,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
|
|
fd2893 |
&bt ("edx",28); # test hyper-threading bit
|
|
|
fd2893 |
&jnc (&label("generic"));
|
|
|
fd2893 |
&and ("edx",0xefffffff);
|
|
|
fd2893 |
- &cmp ("edi",0);
|
|
|
fd2893 |
+ &cmp ("esi",0);
|
|
|
fd2893 |
&je (&label("generic"));
|
|
|
fd2893 |
|
|
|
fd2893 |
&or ("edx",0x10000000);
|
|
|
fd2893 |
@@ -130,10 +120,19 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
|
|
fd2893 |
&set_label("generic");
|
|
|
fd2893 |
&and ("ebp",1<<11); # isolate AMD XOP flag
|
|
|
fd2893 |
&and ("ecx",0xfffff7ff); # force 11th bit to 0
|
|
|
fd2893 |
- &mov ("esi","edx");
|
|
|
fd2893 |
+ &mov ("esi","edx"); # %ebp:%esi is copy of %ecx:%edx
|
|
|
fd2893 |
&or ("ebp","ecx"); # merge AMD XOP flag
|
|
|
fd2893 |
|
|
|
fd2893 |
- &bt ("ecx",27); # check OSXSAVE bit
|
|
|
fd2893 |
+ &cmp ("edi",7);
|
|
|
fd2893 |
+ &mov ("edi",&wparam(0));
|
|
|
fd2893 |
+ &jb (&label("no_extended_info"));
|
|
|
fd2893 |
+ &mov ("eax",7);
|
|
|
fd2893 |
+ &xor ("ecx","ecx");
|
|
|
fd2893 |
+ &cpuid ();
|
|
|
fd2893 |
+ &mov (&DWP(8,"edi"),"ebx"); # save extended feature flag
|
|
|
fd2893 |
+&set_label("no_extended_info");
|
|
|
fd2893 |
+
|
|
|
fd2893 |
+ &bt ("ebp",27); # check OSXSAVE bit
|
|
|
fd2893 |
&jnc (&label("clear_avx"));
|
|
|
fd2893 |
&xor ("ecx","ecx");
|
|
|
fd2893 |
&data_byte(0x0f,0x01,0xd0); # xgetbv
|
|
|
fd2893 |
@@ -147,7 +146,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
|
|
fd2893 |
&and ("esi",0xfeffffff); # clear FXSR
|
|
|
fd2893 |
&set_label("clear_avx");
|
|
|
fd2893 |
&and ("ebp",0xefffe7ff); # clear AVX, FMA and AMD XOP bits
|
|
|
fd2893 |
- &mov ("edi",&wparam(0));
|
|
|
fd2893 |
&and (&DWP(8,"edi"),0xffffffdf); # clear AVX2
|
|
|
fd2893 |
&set_label("done");
|
|
|
fd2893 |
&mov ("eax","esi");
|
|
|
fd2893 |
diff -up openssl-1.0.2k/crypto/x86_64cpuid.pl.backports openssl-1.0.2k/crypto/x86_64cpuid.pl
|
|
|
fd2893 |
--- openssl-1.0.2k/crypto/x86_64cpuid.pl.backports 2017-03-09 17:59:26.339233278 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/crypto/x86_64cpuid.pl 2017-03-27 15:26:06.833916588 +0200
|
|
|
fd2893 |
@@ -59,7 +59,7 @@ OPENSSL_ia32_cpuid:
|
|
|
fd2893 |
mov %rbx,%r8 # save %rbx
|
|
|
fd2893 |
|
|
|
fd2893 |
xor %eax,%eax
|
|
|
fd2893 |
- mov %eax,8(%rdi) # clear 3rd word
|
|
|
fd2893 |
+ mov %eax,8(%rdi) # clear extended feature flags
|
|
|
fd2893 |
cpuid
|
|
|
fd2893 |
mov %eax,%r11d # max value for standard query level
|
|
|
fd2893 |
|
|
|
fd2893 |
@@ -127,14 +127,6 @@ OPENSSL_ia32_cpuid:
|
|
|
fd2893 |
shr \$14,%r10d
|
|
|
fd2893 |
and \$0xfff,%r10d # number of cores -1 per L1D
|
|
|
fd2893 |
|
|
|
fd2893 |
- cmp \$7,%r11d
|
|
|
fd2893 |
- jb .Lnocacheinfo
|
|
|
fd2893 |
-
|
|
|
fd2893 |
- mov \$7,%eax
|
|
|
fd2893 |
- xor %ecx,%ecx
|
|
|
fd2893 |
- cpuid
|
|
|
fd2893 |
- mov %ebx,8(%rdi)
|
|
|
fd2893 |
-
|
|
|
fd2893 |
.Lnocacheinfo:
|
|
|
fd2893 |
mov \$1,%eax
|
|
|
fd2893 |
cpuid
|
|
|
fd2893 |
@@ -164,6 +156,15 @@ OPENSSL_ia32_cpuid:
|
|
|
fd2893 |
or %ecx,%r9d # merge AMD XOP flag
|
|
|
fd2893 |
|
|
|
fd2893 |
mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx
|
|
|
fd2893 |
+
|
|
|
fd2893 |
+ cmp \$7,%r11d
|
|
|
fd2893 |
+ jb .Lno_extended_info
|
|
|
fd2893 |
+ mov \$7,%eax
|
|
|
fd2893 |
+ xor %ecx,%ecx
|
|
|
fd2893 |
+ cpuid
|
|
|
fd2893 |
+ mov %ebx,8(%rdi) # save extended feature flags
|
|
|
fd2893 |
+.Lno_extended_info:
|
|
|
fd2893 |
+
|
|
|
fd2893 |
bt \$27,%r9d # check OSXSAVE bit
|
|
|
fd2893 |
jnc .Lclear_avx
|
|
|
fd2893 |
xor %ecx,%ecx # XCR0
|
|
|
fd2893 |
diff -up openssl-1.0.2k/ssl/ssl_locl.h.backports openssl-1.0.2k/ssl/ssl_locl.h
|
|
|
fd2893 |
--- openssl-1.0.2k/ssl/ssl_locl.h.backports 2017-03-09 17:59:26.183229642 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/ssl/ssl_locl.h 2017-03-09 17:59:26.311232626 +0100
|
|
|
fd2893 |
@@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ex
|
|
|
fd2893 |
long ssl_get_algorithm2(SSL *s);
|
|
|
fd2893 |
int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
|
|
|
fd2893 |
int tls1_process_sigalgs(SSL *s);
|
|
|
fd2893 |
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
|
|
|
fd2893 |
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
|
|
|
fd2893 |
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
|
|
|
fd2893 |
const unsigned char *sig, EVP_PKEY *pkey);
|
|
|
fd2893 |
void ssl_set_client_disabled(SSL *s);
|
|
|
fd2893 |
diff -up openssl-1.0.2k/ssl/s3_lib.c.backports openssl-1.0.2k/ssl/s3_lib.c
|
|
|
fd2893 |
--- openssl-1.0.2k/ssl/s3_lib.c.backports 2017-03-09 17:59:26.294232230 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/ssl/s3_lib.c 2017-03-09 17:59:26.311232626 +0100
|
|
|
fd2893 |
@@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsig
|
|
|
fd2893 |
return (int)s->cert->ctype_num;
|
|
|
fd2893 |
}
|
|
|
fd2893 |
/* get configured sigalgs */
|
|
|
fd2893 |
- siglen = tls12_get_psigalgs(s, &sig);
|
|
|
fd2893 |
+ siglen = tls12_get_psigalgs(s, 1, &sig);
|
|
|
fd2893 |
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
|
|
|
fd2893 |
nostrict = 0;
|
|
|
fd2893 |
for (i = 0; i < siglen; i += 2, sig += 2) {
|
|
|
fd2893 |
diff -up openssl-1.0.2k/ssl/s3_srvr.c.backports openssl-1.0.2k/ssl/s3_srvr.c
|
|
|
fd2893 |
--- openssl-1.0.2k/ssl/s3_srvr.c.backports 2017-01-26 14:22:04.000000000 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/ssl/s3_srvr.c 2017-03-09 17:59:26.311232626 +0100
|
|
|
fd2893 |
@@ -2084,7 +2084,7 @@ int ssl3_send_certificate_request(SSL *s
|
|
|
fd2893 |
|
|
|
fd2893 |
if (SSL_USE_SIGALGS(s)) {
|
|
|
fd2893 |
const unsigned char *psigs;
|
|
|
fd2893 |
- nl = tls12_get_psigalgs(s, &psigs);
|
|
|
fd2893 |
+ nl = tls12_get_psigalgs(s, 1, &psigs);
|
|
|
fd2893 |
s2n(nl, p);
|
|
|
fd2893 |
memcpy(p, psigs, nl);
|
|
|
fd2893 |
p += nl;
|
|
|
fd2893 |
diff -up openssl-1.0.2k/ssl/t1_lib.c.backports openssl-1.0.2k/ssl/t1_lib.c
|
|
|
fd2893 |
--- openssl-1.0.2k/ssl/t1_lib.c.backports 2017-03-09 17:59:26.297232299 +0100
|
|
|
fd2893 |
+++ openssl-1.0.2k/ssl/t1_lib.c 2017-03-09 17:59:26.312232649 +0100
|
|
|
fd2893 |
@@ -1015,7 +1015,7 @@ static unsigned char suiteb_sigalgs[] =
|
|
|
fd2893 |
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
|
|
|
fd2893 |
};
|
|
|
fd2893 |
# endif
|
|
|
fd2893 |
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
|
|
|
fd2893 |
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
|
|
|
fd2893 |
{
|
|
|
fd2893 |
/*
|
|
|
fd2893 |
* If Suite B mode use Suite B sigalgs only, ignore any other
|
|
|
fd2893 |
@@ -1037,7 +1037,7 @@ size_t tls12_get_psigalgs(SSL *s, const
|
|
|
fd2893 |
}
|
|
|
fd2893 |
# endif
|
|
|
fd2893 |
/* If server use client authentication sigalgs if not NULL */
|
|
|
fd2893 |
- if (s->server && s->cert->client_sigalgs) {
|
|
|
fd2893 |
+ if (s->server == sent && s->cert->client_sigalgs) {
|
|
|
fd2893 |
*psigs = s->cert->client_sigalgs;
|
|
|
fd2893 |
return s->cert->client_sigalgslen;
|
|
|
fd2893 |
} else if (s->cert->conf_sigalgs) {
|
|
|
fd2893 |
@@ -1101,7 +1101,7 @@ int tls12_check_peer_sigalg(const EVP_MD
|
|
|
fd2893 |
# endif
|
|
|
fd2893 |
|
|
|
fd2893 |
/* Check signature matches a type we sent */
|
|
|
fd2893 |
- sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
|
|
|
fd2893 |
+ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
|
|
|
fd2893 |
for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
|
|
|
fd2893 |
if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
|
|
|
fd2893 |
break;
|
|
|
fd2893 |
@@ -1149,7 +1149,7 @@ void ssl_set_client_disabled(SSL *s)
|
|
|
fd2893 |
* Now go through all signature algorithms seeing if we support any for
|
|
|
fd2893 |
* RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
|
|
|
fd2893 |
*/
|
|
|
fd2893 |
- sigalgslen = tls12_get_psigalgs(s, &sigalgs);
|
|
|
fd2893 |
+ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
|
|
|
fd2893 |
for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
|
|
|
fd2893 |
switch (sigalgs[1]) {
|
|
|
fd2893 |
# ifndef OPENSSL_NO_RSA
|
|
|
fd2893 |
@@ -1420,7 +1420,7 @@ unsigned char *ssl_add_clienthello_tlsex
|
|
|
fd2893 |
if (SSL_CLIENT_USE_SIGALGS(s)) {
|
|
|
fd2893 |
size_t salglen;
|
|
|
fd2893 |
const unsigned char *salg;
|
|
|
fd2893 |
- salglen = tls12_get_psigalgs(s, &salg);
|
|
|
fd2893 |
+ salglen = tls12_get_psigalgs(s, 1, &salg);
|
|
|
fd2893 |
|
|
|
fd2893 |
/*-
|
|
|
fd2893 |
* check for enough space.
|
|
|
fd2893 |
@@ -3783,7 +3783,7 @@ static int tls1_set_shared_sigalgs(SSL *
|
|
|
fd2893 |
conf = c->conf_sigalgs;
|
|
|
fd2893 |
conflen = c->conf_sigalgslen;
|
|
|
fd2893 |
} else
|
|
|
fd2893 |
- conflen = tls12_get_psigalgs(s, &conf;;
|
|
|
fd2893 |
+ conflen = tls12_get_psigalgs(s, 0, &conf;;
|
|
|
fd2893 |
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
|
|
|
fd2893 |
pref = conf;
|
|
|
fd2893 |
preflen = conflen;
|