[PATCH] Modification to VIA padlock patch

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Modification to VIA padlock patch

Daniel Mansfield


Dear OpenSSL-dev

This is a patch to a patch.

I have recently installed openssl-1.0.1c with the following patches (available from
http://git.alpinelinux.org/cgit/aports/plain/main/openssl/)

0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
0002-engines-e_padlock-backport-cvs-head-changes.patch
0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
0004-crypto-engine-autoload-padlock-dynamic-engine.patch

These patches provide PadLock support for the x64 VIA Nano processors.

I have one small change to suggest, and that is to set a flag in the definition of padlock_sha1_md.

Namely, to change 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch from

+static EVP_MD padlock_sha1_md = {
+       NID_sha1,
+       NID_sha1WithRSAEncryption,
+       SHA_DIGEST_LENGTH,
+       0,
+       padlock_sha1_init,


to

+static EVP_MD padlock_sha1_md = {
+       NID_sha1,
+       NID_sha1WithRSAEncryption,
+       SHA_DIGEST_LENGTH,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+       padlock_sha1_init,

This is because OpenSSL, it seems, does not distinguish between DSA/SHA1 and RSA/SHA1. When it comes to verify the correct required_pkey_type in p_verify.c:101, OpenSSL will always compare the type to one of the RSA/SHA1 pkey types.

OpenSSL (without padlock support) uses the flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to get around this, which is why I have copied that flag from the definition of sha1_md to padlock_sha1_md.

This change is sufficient for "make test" to pass all tests on Ubuntu 12.10 x86_64 and FreeBSD 9.0 amd64.

Regards,

Daniel

--

Daniel Mansfield
School of Mathematics and Statistics
University of New South Wales
Sydney NSW 2052
Australia

ph (+61|0)2 9385 6904

0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch (20K) Download Attachment