diff options
| author | Waldemar Brodkorb <wbx@openadk.org> | 2015-04-06 16:10:52 +0200 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2015-04-06 16:10:52 +0200 |
| commit | 82a266c21bdd3fd746fc862654abd131f74c2f51 (patch) | |
| tree | e12fe567a150dc445211f07ce9ee34de71135aab /package/openssl/patches | |
| parent | 131c2c6d2339f15e2789d69bfa985994c84d5459 (diff) | |
update openssl, fix Cygwin host build
Diffstat (limited to 'package/openssl/patches')
| -rw-r--r-- | package/openssl/patches/patch-Configure | 19 | ||||
| -rw-r--r-- | package/openssl/patches/patch-Makefile | 96 | ||||
| -rw-r--r-- | package/openssl/patches/patch-Makefile_org | 6 | ||||
| -rw-r--r-- | package/openssl/patches/patch-crypto_engine_eng_cryptodev_c | 2613 | ||||
| -rw-r--r-- | package/openssl/patches/patch-crypto_opensslconf_h | 193 | ||||
| -rw-r--r-- | package/openssl/patches/patch-crypto_ui_ui_openssl_c | 15 | ||||
| -rw-r--r-- | package/openssl/patches/patch-tools_c_rehash | 14 |
7 files changed, 2406 insertions, 550 deletions
diff --git a/package/openssl/patches/patch-Configure b/package/openssl/patches/patch-Configure index 5d9f9329f..19d3ef1a8 100644 --- a/package/openssl/patches/patch-Configure +++ b/package/openssl/patches/patch-Configure @@ -1,11 +1,12 @@ ---- openssl-1.0.1e.orig/Configure 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/Configure 2013-08-17 16:07:11.782623643 +0200 -@@ -402,6 +402,8 @@ my %table=( - "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -+"linux-embedded","gcc:-DTERMIOS \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-embedded-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +--- openssl-1.0.2a.orig/Configure 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/Configure 2015-04-06 10:56:31.333266600 +0200 +@@ -443,6 +443,9 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - # Android: linux-* but without -DTERMIO and pointers to headers and libs. ++"linux-embedded","gcc: \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-embedded-x86_64","gcc:-m64 -DL_ENDIAN \$(OPTIMIZATION_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++ + # Android: linux-* but without pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/package/openssl/patches/patch-Makefile b/package/openssl/patches/patch-Makefile deleted file mode 100644 index f1fc87d21..000000000 --- a/package/openssl/patches/patch-Makefile +++ /dev/null @@ -1,96 +0,0 @@ ---- openssl-1.0.1i.orig/Makefile 2014-08-06 23:18:45.000000000 +0200 -+++ openssl-1.0.1i/Makefile 2014-08-07 10:03:55.000000000 +0200 -@@ -11,11 +11,11 @@ SHLIB_VERSION_NUMBER=1.0.0 - SHLIB_VERSION_HISTORY= - SHLIB_MAJOR=1 - SHLIB_MINOR=0.0 --SHLIB_EXT= --PLATFORM=dist --OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine --CONFIGURE_ARGS=dist --SHLIB_TARGET= -+SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -+PLATFORM=linux-embedded -+OPTIONS=--prefix=/usr --openssldir=/etc/ssl -I/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/include -L/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/lib -DOPENSSL_SMALL_FOOTPRINT enable-shared enable-threads enable-zlib-dynamic no-aes192 no-camellia no-cast no-ec_nistp_64_gcc_128 no-engines no-err no-gmp no-idea no-jpake no-krb5 no-md2 no-mdc2 no-rc5 no-rfc3779 no-ripemd no-sctp no-sha0 no-smime no-store no-unit-test no-static-engine -+CONFIGURE_ARGS=linux-embedded --prefix=/usr --openssldir=/etc/ssl -I/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/include -L/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/lib -DOPENSSL_SMALL_FOOTPRINT shared threads no-err no-krb5 zlib-dynamic no-engines no-camellia no-idea no-rc5 no-mdc2 no-sha0 no-smime no-aes192 no-ripemd no-cast -+SHLIB_TARGET=linux-shared - - # HERE indicates where this Makefile lives. This can be used to indicate - # where sub-Makefiles are expected to be. Currently has very limited usage, -@@ -26,10 +26,10 @@ HERE=. - # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. - # Normally it is left empty. - INSTALL_PREFIX= --INSTALLTOP=/usr/local/ssl -+INSTALLTOP=/usr - - # Do not edit this manually. Use Configure --openssldir=DIR do change this! --OPENSSLDIR=/usr/local/ssl -+OPENSSLDIR=/etc/ssl - - # NO_IDEA - Define to build without the IDEA algorithm - # NO_RC4 - Define to build without the RC4 algorithm -@@ -59,16 +59,17 @@ OPENSSLDIR=/usr/local/ssl - # equal 4. - # PKCS1_CHECK - pkcs1 tests. - --CC= cc --CFLAG= -O --DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -+CROSS_COMPILE= /home/wbx/adk/toolchain_qemu-x86_uclibc-ng_i686/usr/bin/i686-openadk-linux-uclibc- -+CC= $(CROSS_COMPILE)/home/wbx/adk/toolchain_qemu-x86_uclibc-ng_i686/usr/bin/i686-openadk-linux-uclibc-gcc -+CFLAG= -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/include -DOPENSSL_SMALL_FOOTPRINT -DOPENSSL_NO_ERR -DTERMIOS $(OPTIMIZATION_FLAGS) -Wall -+DEPFLAG= -DOPENSSL_NO_AES192 -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAST -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_ENGINES -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_SCTP -DOPENSSL_NO_SHA0 -DOPENSSL_NO_SMIME -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST - PEX_LIBS= --EX_LIBS= -+EX_LIBS= -L/home/wbx/adk/target_qemu-x86_uclibc-ng_i686/usr/lib -ldl - EXE_EXT= - ARFLAGS= --AR= ar $(ARFLAGS) r --RANLIB= /usr/bin/ranlib --NM= nm -+AR= $(CROSS_COMPILE)ar $(ARFLAGS) r -+RANLIB= $(CROSS_COMPILE)ranlib -+NM= $(CROSS_COMPILE)nm - PERL= /usr/bin/perl - TAR= tar - TARFLAGS= --no-recursion --record-size=10240 -@@ -103,7 +104,7 @@ WP_ASM_OBJ= wp_block.o - CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o - MODES_ASM_OBJ= - ENGINES_ASM_OBJ= --PERLASM_SCHEME= -+PERLASM_SCHEME= void - - # KRB5 stuff - KRB5_INCLUDES= -@@ -137,15 +138,15 @@ FIPSCANLIB= - - BASEADDR=0xFB00000 - --DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl engines apps tools - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - - # dirs in crypto to build - SDIRS= \ - objects \ -- md4 md5 sha mdc2 hmac ripemd whrlpool \ -- des aes rc2 rc4 idea bf cast camellia seed modes \ -+ md4 md5 sha hmac whrlpool \ -+ des aes rc2 rc4 bf seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ -@@ -174,8 +175,8 @@ WDIRS= windows - LIBS= libcrypto.a libssl.a - SHARED_CRYPTO=libcrypto$(SHLIB_EXT) - SHARED_SSL=libssl$(SHLIB_EXT) --SHARED_LIBS= --SHARED_LIBS_LINK_EXTS= -+SHARED_LIBS=$(SHARED_CRYPTO) $(SHARED_SSL) -+SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so - SHARED_LDFLAGS= - - GENERAL= Makefile diff --git a/package/openssl/patches/patch-Makefile_org b/package/openssl/patches/patch-Makefile_org index f19124dbe..dca37518d 100644 --- a/package/openssl/patches/patch-Makefile_org +++ b/package/openssl/patches/patch-Makefile_org @@ -1,6 +1,6 @@ ---- openssl-1.0.1c.orig/Makefile.org 2012-04-22 15:25:19.000000000 +0200 -+++ openssl-1.0.1c/Makefile.org 2013-01-31 14:28:34.000000000 +0100 -@@ -135,7 +135,7 @@ FIPSCANLIB= +--- openssl-1.0.2a.orig/Makefile.org 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/Makefile.org 2015-04-06 10:52:37.192455300 +0200 +@@ -136,7 +136,7 @@ FIPSCANLIB= BASEADDR= diff --git a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c index 7b8898a5d..603e33133 100644 --- a/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c +++ b/package/openssl/patches/patch-crypto_engine_eng_cryptodev_c @@ -1,5 +1,5 @@ ---- openssl-1.0.1e.orig/crypto/engine/eng_cryptodev.c 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-08-09 16:51:49.915851335 +0200 +--- openssl-1.0.2a.orig/crypto/engine/eng_cryptodev.c 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/engine/eng_cryptodev.c 2015-02-02 21:02:31.009892700 +0100 @@ -2,6 +2,7 @@ * Copyright (c) 2002 Bob Beck <beck@openbsd.org> * Copyright (c) 2002 Theo de Raadt @@ -8,250 +8,1502 @@ * All rights reserved. * * Redistribution and use in source and binary forms, with or without -@@ -74,9 +75,7 @@ struct dev_crypto_state { - int d_fd; +@@ -32,8 +33,8 @@ + #include <openssl/bn.h> - #ifdef USE_CRYPTODEV_DIGESTS -- char dummy_mac_key[HASH_MAX_LEN]; + #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ +- (defined(OpenBSD) || defined(__FreeBSD__)) +-# include <sys/param.h> ++ (defined(OpenBSD) || defined(__FreeBSD__)) ++#include <sys/param.h> + # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) + # define HAVE_CRYPTODEV + # endif +@@ -44,39 +45,40 @@ + + #ifndef HAVE_CRYPTODEV + +-void ENGINE_load_cryptodev(void) ++void ++ENGINE_load_cryptodev(void) + { +- /* This is a NOP on platforms without /dev/crypto */ +- return; ++ /* This is a NOP on platforms without /dev/crypto */ ++ return; + } + +-#else - -- unsigned char digest_res[HASH_MAX_LEN]; +-# include <sys/types.h> +-# include <crypto/cryptodev.h> +-# include <openssl/dh.h> +-# include <openssl/dsa.h> +-# include <openssl/err.h> +-# include <openssl/rsa.h> +-# include <sys/ioctl.h> +-# include <errno.h> +-# include <stdio.h> +-# include <unistd.h> +-# include <fcntl.h> +-# include <stdarg.h> +-# include <syslog.h> +-# include <errno.h> +-# include <string.h> ++#else ++ ++#include <sys/types.h> ++#include <crypto/cryptodev.h> ++#include <crypto/dh/dh.h> ++#include <crypto/dsa/dsa.h> ++#include <crypto/err/err.h> ++#include <crypto/rsa/rsa.h> ++#include <sys/ioctl.h> ++#include <errno.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <stdarg.h> ++#include <syslog.h> ++#include <errno.h> ++#include <string.h> + + struct dev_crypto_state { +- struct session_op d_sess; +- int d_fd; +-# ifdef USE_CRYPTODEV_DIGESTS +- char dummy_mac_key[HASH_MAX_LEN]; +- unsigned char digest_res[HASH_MAX_LEN]; +- char *mac_data; +- int mac_len; +-# endif ++ struct session_op d_sess; ++ int d_fd; ++ ++#ifdef USE_CRYPTODEV_DIGESTS + unsigned char digest_res[64]; - char *mac_data; - int mac_len; - #endif -@@ -157,15 +156,21 @@ static struct { ++ char *mac_data; ++ int mac_len; ++#endif + }; + + static u_int32_t cryptodev_asymfeat = 0; +@@ -85,196 +87,153 @@ static int get_asym_dev_crypto(void); + static int open_dev_crypto(void); + static int get_dev_crypto(void); + static int get_cryptodev_ciphers(const int **cnids); +-# ifdef USE_CRYPTODEV_DIGESTS ++#ifdef USE_CRYPTODEV_DIGESTS + static int get_cryptodev_digests(const int **cnids); +-# endif ++#endif + static int cryptodev_usable_ciphers(const int **nids); + static int cryptodev_usable_digests(const int **nids); + static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t inl); ++ const unsigned char *in, size_t inl); + static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); + static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); ++ const int **nids, int nid); + static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid); ++ const int **nids, int nid); + static int bn2crparam(const BIGNUM *a, struct crparam *crp); + static int crparam2bn(struct crparam *crp, BIGNUM *a); + static void zapparams(struct crypt_kop *kop); + static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, +- int slen, BIGNUM *s); ++ int slen, BIGNUM *s); + + static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx); +-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, ++ RSA *rsa, BN_CTX *ctx); ++static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, +- BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, +- BIGNUM *p, BN_CTX *ctx, +- BN_MONT_CTX *mont); +-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, +- DSA *dsa); ++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, ++ BN_CTX *ctx, BN_MONT_CTX *mont); ++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, ++ int dlen, DSA *dsa); + static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa); ++ DSA_SIG *sig, DSA *dsa); + static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, +- DH *dh); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx); ++static int cryptodev_dh_compute_key(unsigned char *key, ++ const BIGNUM *pub_key, DH *dh); + static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, +- void (*f) (void)); ++ void (*f)(void)); + void ENGINE_load_cryptodev(void); + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { +- {0, NULL, NULL, 0} ++ { 0, NULL, NULL, 0 } + }; + + static struct { +- int id; +- int nid; +- int ivmax; +- int keylen; ++ int id; ++ int nid; ++ int ivmax; ++ int keylen; + } ciphers[] = { +- { +- CRYPTO_ARC4, NID_rc4, 0, 16, +- }, +- { +- CRYPTO_DES_CBC, NID_des_cbc, 8, 8, +- }, +- { +- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, +- }, +- { +- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, +- }, +-# ifdef CRYPTO_AES_CTR +- { +- CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16, +- }, +- { +- CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24, +- }, +- { +- CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32, +- }, +-# endif +- { +- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, +- }, +- { +- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, +- }, +- { +- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, +- }, +- { +- 0, NID_undef, 0, 0, +- }, ++ { CRYPTO_ARC4, NID_rc4, 0, 16, }, ++ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, ++ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, ++ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, ++ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, ++ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, ++ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, ++ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, ++ { 0, NID_undef, 0, 0, }, + }; + +-# ifdef USE_CRYPTODEV_DIGESTS ++#ifdef USE_CRYPTODEV_DIGESTS static struct { - int id; - int nid; -- int keylen; +- int id; +- int nid; +- int keylen; ++ int id; ++ int nid; + int digestlen; } digests[] = { +- { +- CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16 +- }, +- { +- CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20 +- }, +- { +- CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16 +- /* ? */ +- }, +- { +- CRYPTO_MD5_KPDK, NID_undef, 0 +- }, +- { +- CRYPTO_SHA1_KPDK, NID_undef, 0 +- }, +- { +- CRYPTO_MD5, NID_md5, 16 +- }, +- { +- CRYPTO_SHA1, NID_sha1, 20 +- }, +- { +- 0, NID_undef, 0 +- }, +#if 0 + /* HMAC is not supported */ - { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, -- { CRYPTO_MD5_KPDK, NID_undef, 0}, -- { CRYPTO_SHA1_KPDK, NID_undef, 0}, ++ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, ++ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, +#endif - { CRYPTO_MD5, NID_md5, 16}, - { CRYPTO_SHA1, NID_sha1, 20}, ++ { CRYPTO_MD5, NID_md5, 16}, ++ { CRYPTO_SHA1, NID_sha1, 20}, + { CRYPTO_SHA2_256, NID_sha256, 32}, + { CRYPTO_SHA2_384, NID_sha384, 48}, + { CRYPTO_SHA2_512, NID_sha512, 64}, - { 0, NID_undef, 0}, ++ { 0, NID_undef, 0}, }; - #endif -@@ -182,7 +187,7 @@ open_dev_crypto(void) - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (-1); - /* close on exec */ -- if (fcntl(fd, F_SETFD, 1) == -1) { +-# endif ++#endif + + /* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +-static int open_dev_crypto(void) ++static int ++open_dev_crypto(void) + { +- static int fd = -1; ++ static int fd = -1; + +- if (fd == -1) { +- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) +- return (-1); +- /* close on exec */ +- if (fcntl(fd, F_SETFD, 1) == -1) { +- close(fd); +- fd = -1; +- return (-1); +- } +- } +- return (fd); ++ if (fd == -1) { ++ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) ++ return (-1); ++ /* close on exec */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { - close(fd); - fd = -1; - return (-1); -@@ -243,13 +248,14 @@ get_cryptodev_ciphers(const int **cnids) - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; ++ close(fd); ++ fd = -1; ++ return (-1); ++ } ++ } ++ return (fd); + } + +-static int get_dev_crypto(void) ++static int ++get_dev_crypto(void) + { +- int fd, retfd; ++ int fd, retfd; + +- if ((fd = open_dev_crypto()) == -1) +- return (-1); +-# ifndef CRIOGET_NOT_NEEDED +- if (ioctl(fd, CRIOGET, &retfd) == -1) +- return (-1); ++ if ((fd = open_dev_crypto()) == -1) ++ return (-1); ++#ifndef CRIOGET_NOT_NEEDED ++ if (ioctl(fd, CRIOGET, &retfd) == -1) ++ return (-1); + +- /* close on exec */ +- if (fcntl(retfd, F_SETFD, 1) == -1) { +- close(retfd); +- return (-1); +- } +-# else +- retfd = fd; +-# endif +- return (retfd); ++ /* close on exec */ ++ if (fcntl(retfd, F_SETFD, 1) == -1) { ++ close(retfd); ++ return (-1); ++ } ++#else ++ retfd = fd; ++#endif ++ return (retfd); + } + + static void put_dev_crypto(int fd) + { +-# ifndef CRIOGET_NOT_NEEDED +- close(fd); +-# endif ++#ifndef CRIOGET_NOT_NEEDED ++ close(fd); ++#endif + } + + /* Caching version for asym operations */ +-static int get_asym_dev_crypto(void) ++static int ++get_asym_dev_crypto(void) + { +- static int fd = -1; ++ static int fd = -1; + +- if (fd == -1) +- fd = get_dev_crypto(); +- return fd; ++ if (fd == -1) ++ fd = get_dev_crypto(); ++ return fd; + } + + /* +@@ -283,76 +242,80 @@ static int get_asym_dev_crypto(void) + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_ciphers routine + */ +-static int get_cryptodev_ciphers(const int **cnids) ++static int ++get_cryptodev_ciphers(const int **cnids) + { +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; ++ static int nids[CRYPTO_ALGORITHM_MAX]; ++ struct session_op sess; ++ int fd, i, count = 0; + unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456789abcdefghijklmno"; +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- sess.key = (caddr_t) "123456789abcdefghijklmno"; ++ if ((fd = get_dev_crypto()) < 0) { ++ *cnids = NULL; ++ return (0); ++ } ++ memset(&sess, 0, sizeof(sess)); + sess.key = (void*)fake_key; - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -281,6 +287,7 @@ static int - get_cryptodev_digests(const int **cnids) +- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (ciphers[i].nid == NID_undef) +- continue; +- sess.cipher = ciphers[i].id; +- sess.keylen = ciphers[i].keylen; +- sess.mac = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = ciphers[i].nid; +- } +- put_dev_crypto(fd); ++ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (ciphers[i].nid == NID_undef) ++ continue; ++ sess.cipher = ciphers[i].id; ++ sess.keylen = ciphers[i].keylen; ++ sess.mac = 0; ++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ++ nids[count++] = ciphers[i].nid; ++ } ++ put_dev_crypto(fd); + +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); ++ if (count > 0) ++ *cnids = nids; ++ else ++ *cnids = NULL; ++ return (count); + } + +-# ifdef USE_CRYPTODEV_DIGESTS ++#ifdef USE_CRYPTODEV_DIGESTS + /* + * Find out what digests /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_digests routine + */ +-static int get_cryptodev_digests(const int **cnids) ++static int ++get_cryptodev_digests(const int **cnids) { - static int nids[CRYPTO_ALGORITHM_MAX]; +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; ++ static int nids[CRYPTO_ALGORITHM_MAX]; + unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - struct session_op sess; - int fd, i, count = 0; - -@@ -289,12 +296,12 @@ get_cryptodev_digests(const int **cnids) - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t)"123456789abcdefghijklmno"; ++ struct session_op sess; ++ int fd, i, count = 0; + +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- sess.mackey = (caddr_t) "123456789abcdefghijklmno"; +- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (digests[i].nid == NID_undef) +- continue; +- sess.mac = digests[i].id; +- sess.mackeylen = digests[i].keylen; +- sess.cipher = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = digests[i].nid; +- } +- put_dev_crypto(fd); ++ if ((fd = get_dev_crypto()) < 0) { ++ *cnids = NULL; ++ return (0); ++ } ++ memset(&sess, 0, sizeof(sess)); + sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -- sess.mackeylen = digests[i].keylen; ++ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (digests[i].nid == NID_undef) ++ continue; ++ sess.mac = digests[i].id; + sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -@@ -382,14 +389,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, un - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; ++ sess.cipher = 0; ++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ++ nids[count++] = digests[i].nid; ++ } ++ put_dev_crypto(fd); + +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); ++ if (count > 0) ++ *cnids = nids; ++ else ++ *cnids = NULL; ++ return (count); + } +-# endif /* 0 */ ++#endif /* 0 */ + + /* + * Find the useable ciphers|digests from dev/crypto - this is the first +@@ -375,158 +338,161 @@ static int get_cryptodev_digests(const i + * want most of the decisions made about what we actually want + * to use from /dev/crypto. + */ +-static int cryptodev_usable_ciphers(const int **nids) ++static int ++cryptodev_usable_ciphers(const int **nids) + { +- return (get_cryptodev_ciphers(nids)); ++ return (get_cryptodev_ciphers(nids)); + } + +-static int cryptodev_usable_digests(const int **nids) ++static int ++cryptodev_usable_digests(const int **nids) + { +-# ifdef USE_CRYPTODEV_DIGESTS +- return (get_cryptodev_digests(nids)); +-# else +- /* +- * XXXX just disable all digests for now, because it sucks. +- * we need a better way to decide this - i.e. I may not +- * want digests on slow cards like hifn on fast machines, +- * but might want them on slow or loaded machines, etc. +- * will also want them when using crypto cards that don't +- * suck moose gonads - would be nice to be able to decide something +- * as reasonable default without having hackery that's card dependent. +- * of course, the default should probably be just do everything, +- * with perhaps a sysctl to turn algoritms off (or have them off +- * by default) on cards that generally suck like the hifn. +- */ +- *nids = NULL; +- return (0); +-# endif ++#ifdef USE_CRYPTODEV_DIGESTS ++ return (get_cryptodev_digests(nids)); ++#else ++ /* ++ * XXXX just disable all digests for now, because it sucks. ++ * we need a better way to decide this - i.e. I may not ++ * want digests on slow cards like hifn on fast machines, ++ * but might want them on slow or loaded machines, etc. ++ * will also want them when using crypto cards that don't ++ * suck moose gonads - would be nice to be able to decide something ++ * as reasonable default without having hackery that's card dependent. ++ * of course, the default should probably be just do everything, ++ * with perhaps a sysctl to turn algoritms off (or have them off ++ * by default) on cards that generally suck like the hifn. ++ */ ++ *nids = NULL; ++ return (0); ++#endif + } + + static int + cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t inl) ++ const unsigned char *in, size_t inl) + { +- struct crypt_op cryp; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- const void *iiv; +- unsigned char save_iv[EVP_MAX_IV_LENGTH]; ++ struct crypt_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ const void *iiv; ++ unsigned char save_iv[EVP_MAX_IV_LENGTH]; + +- if (state->d_fd < 0) +- return (0); +- if (!inl) +- return (1); +- if ((inl % ctx->cipher->block_size) != 0) +- return (0); ++ if (state->d_fd < 0) ++ return (0); ++ if (!inl) ++ return (1); ++ if ((inl % ctx->cipher->block_size) != 0) ++ return (0); + +- memset(&cryp, 0, sizeof(cryp)); ++ memset(&cryp, 0, sizeof(cryp)); + +- cryp.ses = sess->ses; +- cryp.flags = 0; +- cryp.len = inl; +- cryp.src = (caddr_t) in; +- cryp.dst = (caddr_t) out; +- cryp.mac = 0; ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = inl; + cryp.src = (void*) in; + cryp.dst = (void*) out; - cryp.mac = 0; ++ cryp.mac = 0; - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; +- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; +- if (ctx->cipher->iv_len) { +- cryp.iv = (caddr_t) ctx->iv; +- if (!ctx->encrypt) { +- iiv = in + inl - ctx->cipher->iv_len; +- memcpy(save_iv, iiv, ctx->cipher->iv_len); +- } +- } else +- cryp.iv = NULL; ++ if (ctx->cipher->iv_len) { + cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -440,7 +447,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (caddr_t)key; ++ if (!ctx->encrypt) { ++ iiv = in + inl - ctx->cipher->iv_len; ++ memcpy(save_iv, iiv, ctx->cipher->iv_len); ++ } ++ } else ++ cryp.iv = NULL; + +- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { +- /* +- * XXX need better errror handling this can fail for a number of +- * different reasons. +- */ +- return (0); +- } ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { ++ /* XXX need better errror handling ++ * this can fail for a number of different reasons. ++ */ ++ return (0); ++ } + +- if (ctx->cipher->iv_len) { +- if (ctx->encrypt) +- iiv = out + inl - ctx->cipher->iv_len; +- else +- iiv = save_iv; +- memcpy(ctx->iv, iiv, ctx->cipher->iv_len); +- } +- return (1); ++ if (ctx->cipher->iv_len) { ++ if (ctx->encrypt) ++ iiv = out + inl - ctx->cipher->iv_len; ++ else ++ iiv = save_iv; ++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); ++ } ++ return (1); + } + + static int + cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) ++ const unsigned char *iv, int enc) + { +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- int cipher = -1, i; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher = -1, i; + +- for (i = 0; ciphers[i].id; i++) +- if (ctx->cipher->nid == ciphers[i].nid && +- ctx->cipher->iv_len <= ciphers[i].ivmax && +- ctx->key_len == ciphers[i].keylen) { +- cipher = ciphers[i].id; +- break; +- } ++ for (i = 0; ciphers[i].id; i++) ++ if (ctx->cipher->nid == ciphers[i].nid && ++ ctx->cipher->iv_len <= ciphers[i].ivmax && ++ ctx->key_len == ciphers[i].keylen) { ++ cipher = ciphers[i].id; ++ break; ++ } + +- if (!ciphers[i].id) { +- state->d_fd = -1; +- return (0); +- } ++ if (!ciphers[i].id) { ++ state->d_fd = -1; ++ return (0); ++ } + +- memset(sess, 0, sizeof(struct session_op)); ++ memset(sess, 0, sizeof(struct session_op)); + +- if ((state->d_fd = get_dev_crypto()) < 0) +- return (0); ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return (0); + +- sess->key = (caddr_t) key; +- sess->keylen = ctx->key_len; +- sess->cipher = cipher; + sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; -@@ -660,18 +667,6 @@ digest_nid_to_cryptodev(int nid) +- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { +- put_dev_crypto(state->d_fd); +- state->d_fd = -1; +- return (0); +- } +- return (1); ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ put_dev_crypto(state->d_fd); ++ state->d_fd = -1; ++ return (0); ++ } ++ return (1); } + /* + * free anything we allocated earlier when |