OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/package/openssl/patches/200-ocf-20080917.patch

1	--- a/Configure
2	+++ b/Configure
3	@@ -36,6 +36,8 @@ my $usage="Usage: Configure [no-<cipher>
4	# (Default: KRB5_DIR/include)
5	# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
6	# supported values are "MIT" and "Heimdal". A value is required.
7	+# --with-cryptodev Force support for cryptodev (ie., ocf-linux)
8	+# --with-cryptodev-digests Force support for cryptodev digests (generally slow)
9	#
10	# --test-sanity Make a number of sanity checks on the data in this file.
11	# This is a debugging tool for OpenSSL developers.
12	@@ -554,6 +556,9 @@ my %table=(
13	##### Compaq Non-Stop Kernel (Tandem)
14	"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
15
16	+# uClinux
17	+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
18	+
19	);
20
21	my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
22	@@ -610,6 +615,8 @@ my $montasm=1; # but "no-montasm" is d
23	my $no_asm=0;
24	my $no_dso=0;
25	my $no_gmp=0;
26	+my $have_cryptodev=0;
27	+my $use_cryptodev_digests=0;
28	my @skip=();
29	my $Makefile="Makefile";
30	my $des_locl="crypto/des/des_locl.h";
31	@@ -762,6 +769,14 @@ PROCESS_ARGS:
32	{
33	$strict_warnings = 1;
34	}
35	+ elsif (/^--with-cryptodev$/)
36	+ {
37	+ $have_cryptodev = 1;
38	+ }
39	+ elsif (/^--with-cryptodev-digests$/)
40	+ {
41	+ $use_cryptodev_digests = 1;
42	+ }
43	elsif (/^reconfigure/ \|\| /^reconf/)
44	{
45	if (open(IN,"<$Makefile"))
46	@@ -1055,6 +1070,7 @@ foreach (sort (keys %disabled))
47	print " OPENSSL_NO_$ALGO";
48
49	if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
50	+ elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; }
51	elsif (/^asm$/) { $no_asm = 1; }
52	}
53	else
54	@@ -1184,6 +1200,16 @@ if (!$no_krb5)
55	$withargs{"krb5-dir"} ne "";
56	}
57
58	+# enable the linux cryptodev (ocf-linux) support
59	+if ($have_cryptodev)
60	+ {
61	+ if ($use_cryptodev_digests)
62	+ {
63	+ $cflags = "-DUSE_CRYPTODEV_DIGESTS $cflags";
64	+ }
65	+ $cflags = "-DHAVE_CRYPTODEV $cflags";
66	+ }
67	+
68	# The DSO code currently always implements all functions so that no
69	# applications will have to worry about that from a compilation point
70	# of view. However, the "method"s may return zero unless that platform
71	--- a/INSTALL
72	+++ b/INSTALL
73	@@ -103,6 +103,12 @@
74	define preprocessor symbols, specify additional libraries,
75	library directories or other compiler options.
76
77	+ --with-cryptodev Enabled the BSD cryptodev engine even if we are not using
78	+ BSD. Useful if you are running ocf-linux or something
79	+ similar. Once enabled you can also enable the use of
80	+ cryptodev digests, with is usually slower unless you have
81	+ large amounts data. Use --with-cryptodev-digests to force
82	+ it.
83
84	Installation in Detail
85	----------------------
86	--- a/Makefile.org
87	+++ b/Makefile.org
88	@@ -504,7 +504,7 @@ files:
89
90	links:
91	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
92	- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
93	+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(HEADER) $(EXHEADER)
94	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
95	@if [ -z "$(FIPSCANLIB)" ]; then \
96	set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
97	--- a/Makefile.shared
98	+++ b/Makefile.shared
99	@@ -6,13 +6,13 @@
100	# properly
101
102	# CC contains the current compiler. This one MUST be defined
103	-CC=cc
104	-CFLAGS=$(CFLAG)
105	+CC?=cc
106	+CFLAGS?=$(CFLAG)
107	# LDFLAGS contains flags to be used when temporary object files (when building
108	# shared libraries) are created, or when an application is linked.
109	# SHARED_LDFLAGS contains flags to be used when the shared library is created.
110	-LDFLAGS=
111	-SHARED_LDFLAGS=
112	+LDFLAGS?=
113	+SHARED_LDFLAGS?=
114
115	# LIBNAME contains just the name of the library, without prefix ("lib"
116	# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
117	--- a/config
118	+++ b/config
119	@@ -270,7 +270,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
120	echo "ppc-apple-darwin${VERSION}"
121	;;
122	*)
123	- echo "i386-apple-darwin${VERSION}"
124	+ echo "${MACHINE}-apple-darwin${VERSION}"
125	;;
126	esac
127	exit 0
128	@@ -399,7 +399,8 @@ exit 0
129	# this is where the translation occurs into SSLeay terms
130	# ---------------------------------------------------------------------------
131
132	-GCCVER=`(gcc -dumpversion) 2>/dev/null`
133	+CC="${CC:-gcc}"
134	+GCCVER=`(${CC} -dumpversion) 2>/dev/null`
135	if [ "$GCCVER" != "" ]; then
136	# then strip off whatever prefix egcs prepends the number with...
137	# Hopefully, this will work for any future prefixes as well.
138	@@ -409,6 +410,8 @@ if [ "$GCCVER" != "" ]; then
139	# major and minor version numbers.
140	# peak single digit before and after first dot, e.g. 2.95.1 gives 29
141	GCCVER=`echo $GCCVER \| sed 's/$[0-9]$\.$[0-9]$.*/\1\2/'`
142	+else
143	+ CC="${CC:-cc}"
144	fi
145
146	# Only set CC if not supplied already
147	@@ -488,6 +491,9 @@ echo Operating system: $GUESSOS
148	# script above so we end up with values in vars but that would take
149	# more time that I want to waste at the moment
150	case "$GUESSOS" in
151	+ uClinux*)
152	+ OUT=uClinux-dist
153	+ ;;
154	mips2-sgi-irix)
155	CPU=`(hinv -t cpu) 2>/dev/null \| head -1 \| sed 's/^CPU:[^R]R$[0-9]$.*/\1/'`
156	CPU=${CPU:-0}
157	--- /dev/null
158	+++ b/makefile-uclinuxdist
159	@@ -0,0 +1,138 @@
160	+#
161	+# this makefile gets recursed through by various bits of the build
162	+# so we need to only setup some things when invoked from outside
163	+# this directory.
164	+#
165	+# davidm@snapgear.com
166	+#
167	+
168	+IN_LIBSSL := true
169	+export IN_LIBSSL
170	+
171	+CONFIG_OPTS := --prefix=// --install_prefix=$(shell pwd)/build/install
172	+
173	+ifdef CONFIG_USER_FLATFSD_FLATFSD
174	+CONFIG_OPTS += --openssldir=/etc/config
175	+else
176	+CONFIG_OPTS += --openssldir=/etc
177	+endif
178	+ifdef DISABLE_SHARED_SSL
179	+CONFIG_OPTS += no-shared
180	+else
181	+CONFIG_OPTS += shared
182	+endif
183	+
184	+CONFIG_OPTS += no-rc2
185	+CONFIG_OPTS += no-krb5
186	+CONFIG_OPTS += no-rc5
187	+CONFIG_OPTS += no-md2
188	+CONFIG_OPTS += no-idea
189	+#CONFIG_OPTS += no-pem
190	+#CONFIG_OPTS += no-md5
191	+#CONFIG_OPTS += no-sha
192	+#CONFIG_OPTS += no-hmac
193	+#CONFIG_OPTS += no-des
194	+#CONFIG_OPTS += no-aes
195	+#CONFIG_OPTS += no-bn
196	+CONFIG_OPTS += no-ec
197	+#CONFIG_OPTS += no-rsa
198	+#CONFIG_OPTS += no-dsa
199	+CONFIG_OPTS += no-ecdsa
200	+#CONFIG_OPTS += no-dh
201	+CONFIG_OPTS += no-ecdh
202	+CONFIG_OPTS += no-dso
203	+#CONFIG_OPTS += no-engine
204	+#CONFIG_OPTS += no-buffer
205	+#CONFIG_OPTS += no-bio
206	+#CONFIG_OPTS += no-stack
207	+#CONFIG_OPTS += no-lhash
208	+#CONFIG_OPTS += no-rand
209	+CONFIG_OPTS += no-err
210	+#CONFIG_OPTS += no-evp
211	+#CONFIG_OPTS += no-asn1
212	+#CONFIG_OPTS += no-x509
213	+#CONFIG_OPTS += no-x509v3
214	+#CONFIG_OPTS += no-txt_db
215	+#CONFIG_OPTS += no-pkcs7
216	+#CONFIG_OPTS += no-pkcs12
217	+#CONFIG_OPTS += no-comp
218	+#CONFIG_OPTS += no-ocsp
219	+#CONFIG_OPTS += no-ui
220	+#CONFIG_OPTS += no-store
221	+CONFIG_OPTS += no-pqueue
222	+
223	+# REVISIT: It would be better to have OPENSSL config options
224	+# which turn on this support as needed
225	+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH),)
226	+CONFIG_OPTS += no-ripemd
227	+CONFIG_OPTS += no-cast
228	+CONFIG_OPTS += no-rc4
229	+endif
230	+
231	+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH)$(CONFIG_PROP_SSCEP_SSCEP),)
232	+CONFIG_OPTS += no-bf
233	+endif
234	+
235	+ifeq ($(CONFIG_USER_OPENVPN_OPENVPN)$(CONFIG_USER_WGET),)
236	+CONFIG_OPTS += no-md4
237	+endif
238	+
239	+ifdef CONFIG_OCF_OCF
240	+CONFIG_OPTS += --with-cryptodev
241	+#CONFIG_OPTS += --with-cryptodev-digests
242	+endif
243	+
244	+#
245	+# if you want engines (they are dl loaded), a few things
246	+# need to be setup, you will also need to mod everything
247	+# to link against -ldl if it uses libcrypto. By default we
248	+# disable it (cryptodev suport is still included).
249	+#
250	+ifdef YOU_WANT_DYNAMIC_HW_ENGINES_ENABLED
251	+LIBSSL_dlfcn = dlfcn
252	+else
253	+CONFIG_OPTS += no-hw
254	+LIBSSL_dlfcn =
255	+endif
256	+
257	+#
258	+# our libs aren't in the default location yet
259	+#
260	+LDFLAGS += -L$(ROOTDIR)/lib/libssl/build
261	+export LDFLAGS
262	+
263	+all: build/configured
264	+ $(MAKE) -C build
265	+ $(MAKE) -C build install_sw
266	+
267	+build/configured: makefile config Configure
268	+ rm -rf build
269	+ find . -type d > .dirs
270	+ find . ! -type d \| grep -v ./makefile > .files
271	+ while read t; do mkdir -p build/$$t; done < .dirs
272	+ while read t; do ln -s `pwd`/$$t build/$$t; done < .files
273	+ rm -f .dirs .files
274	+ chmod +x build/config
275	+ cd build; MACHINE=uClinux-dist ./config $(CONFIG_OPTS)
276	+ $(MAKE) -C build depend
277	+ $(MAKE) -C build links
278	+ touch build/configured
279	+
280	+clean:
281	+ -rm -rf build
282	+
283	+romfs:
284	+ cd build/install/lib; \
285	+ for i in .so; do \
286	+ if [ -L $$i ]; then \
287	+ $(ROMFSINST) -s `find $$i -printf %l` /lib/$$i; \
288	+ elif [ -f $$i ]; then \
289	+ $(ROMFSINST) /lib/$$i; \
290	+ fi; \
291	+ done
292	+
293	+romfs_user:
294	+ $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/openssl /bin/openssl
295	+ # $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/c_rehash /bin/c_rehash
296	+
297	+
298	--- a/apps/apps.h
299	+++ b/apps/apps.h
300	@@ -112,7 +112,7 @@
301	#ifndef HEADER_APPS_H
302	#define HEADER_APPS_H
303
304	-#include "e_os.h"
305	+#include <openssl/e_os.h>
306
307	#include <openssl/bio.h>
308	#include <openssl/x509.h>
309	--- a/apps/progs.h
310	+++ b/apps/progs.h
311	@@ -129,7 +129,9 @@ FUNCTION functions[] = {
312	#ifndef OPENSSL_NO_ENGINE
313	{FUNC_TYPE_GENERAL,"engine",engine_main},
314	#endif
315	+#ifndef OPENSSL_NO_OCSP
316	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
317	+#endif
318	{FUNC_TYPE_GENERAL,"prime",prime_main},
319	#ifndef OPENSSL_NO_MD2
320	{FUNC_TYPE_MD,"md2",dgst_main},
321	--- a/apps/speed.c
322	+++ b/apps/speed.c
323	@@ -296,7 +296,7 @@ static const char *names[ALGOR_NUM]={
324	"evp","sha256","sha512",
325	"aes-128 ige","aes-192 ige","aes-256 ige"};
326	static double results[ALGOR_NUM][SIZE_NUM];
327	-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
328	+static int lengths[SIZE_NUM]={16,64,256,1024,21024,41024};
329	#ifndef OPENSSL_NO_RSA
330	static double rsa_results[RSA_NUM][2];
331	#endif
332	@@ -336,6 +336,79 @@ static SIGRETTYPE sig_done(int sig)
333	#define START 0
334	#define STOP 1
335
336	+#ifdef __linux__
337	+/*
338	+ * record CPU usage as well
339	+ */
340	+
341	+static int do_cpu = 0;
342	+
343	+struct cpu_stat {
344	+ unsigned int user;
345	+ unsigned int nice;
346	+ unsigned int system;
347	+ unsigned int idle;
348	+ unsigned int total;
349	+};
350	+
351	+static unsigned int cpu_usage[ALGOR_NUM][SIZE_NUM];
352	+static unsigned int rsa_cpu_usage[RSA_NUM][2];
353	+static unsigned int dsa_cpu_usage[DSA_NUM][2];
354	+static struct cpu_stat cpu_start, cpu_finish;
355	+
356	+static void
357	+get_cpu(int s)
358	+{
359	+ FILE *fp = NULL;
360	+ unsigned char buf[80];
361	+ struct cpu_stat *st = s == START ? &cpu_start : &cpu_finish;
362	+
363	+ memset(st, 0, sizeof(*st));
364	+
365	+ if (fp == NULL)
366	+ fp = fopen("/proc/stat", "r");
367	+ if (!fp)
368	+ return;
369	+ if (fseek(fp, 0, SEEK_SET) == -1) {
370	+ fclose(fp);
371	+ return;
372	+ }
373	+ fscanf(fp, "%s %d %d %d %d", &buf[0], &st->user, &st->nice,
374	+ &st->system, &st->idle);
375	+ st->total = st->user + st->nice + st->system + st->idle;
376	+ fclose(fp);
377	+}
378	+
379	+static unsigned int
380	+calc_cpu()
381	+{
382	+ unsigned int total, res;
383	+
384	+ total = cpu_finish.total - cpu_start.total;
385	+ if (total <= 0)
386	+ return 0;
387	+#if 1 // busy
388	+ res = ((cpu_finish.system + cpu_finish.user + cpu_finish.nice) -
389	+ (cpu_start.system + cpu_start.user + cpu_start.nice)) *
390	+ 100 / total;
391	+#endif
392	+#if 0 // system
393	+ res = (cpu_finish.system - cpu_start.system) * 100 / total;
394	+#endif
395	+#if 0 // user
396	+ res = (cpu_finish.user - cpu_start.user) * 100 / total;
397	+#endif
398	+#if 0 // nice
399	+ res = (cpu_finish.nice - cpu_start.nice) * 100 / total;
400	+#endif
401	+#if 0 // idle
402	+ res = (cpu_finish.idle - cpu_start.idle) * 100 / total;
403	+#endif
404	+ return(res);
405	+}
406	+
407	+#endif
408	+
409	#if defined(OPENSSL_SYS_NETWARE)
410
411	/* for NetWare the best we can do is use clock() which returns the
412	@@ -366,6 +439,11 @@ static double Time_F(int s)
413	{
414	double ret;
415
416	+#ifdef __linux__
417	+ if (do_cpu)
418	+ get_cpu(s);
419	+#endif
420	+
421	#ifdef USE_TOD
422	if(usertime)
423	{
424	@@ -840,6 +918,14 @@ int MAIN(int argc, char **argv)
425	j--; /* Otherwise, -elapsed gets confused with
426	an algorithm. */
427	}
428	+#ifdef __linux__
429	+ else if ((argc > 0) && (strcmp(*argv,"-cpu") == 0))
430	+ {
431	+ do_cpu = 1;
432	+ j--; /* Otherwise, -cpu gets confused with
433	+ an algorithm. */
434	+ }
435	+#endif
436	else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
437	{
438	argc--;
439	@@ -1268,6 +1354,9 @@ int MAIN(int argc, char **argv)
440	#ifndef NO_FORK
441	BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
442	#endif
443	+#ifdef __linux__
444	+ BIO_printf(bio_err,"-cpu calculate cpu utilisation.\n");
445	+#endif
446	goto end;
447	}
448	argc--;
449	@@ -1275,11 +1364,6 @@ int MAIN(int argc, char **argv)
450	j++;
451	}
452
453	-#ifndef NO_FORK
454	- if(multi && do_multi(multi))
455	- goto show_res;
456	-#endif
457	-
458	if (j == 0)
459	{
460	for (i=0; i<ALGOR_NUM; i++)
461	@@ -1612,6 +1696,11 @@ int MAIN(int argc, char **argv)
462	signal(SIGALRM,sig_done);
463	#endif /* SIGALRM */
464
465	+#ifdef HAVE_FORK /* DM */
466	+ if(multi && do_multi(multi))
467	+ goto show_res;
468	+#endif
469	+
470	#ifndef OPENSSL_NO_MD2
471	if (doit[D_MD2])
472	{
473	@@ -2041,8 +2130,6 @@ int MAIN(int argc, char **argv)
474	/* -O3 -fschedule-insns messes up an
475	* optimization here! names[D_EVP]
476	* somehow becomes NULL */
477	- print_message(names[D_EVP],save_count,
478	- lengths[j]);
479
480	EVP_CIPHER_CTX_init(&ctx);
481	if(decrypt)
482	@@ -2051,6 +2138,9 @@ int MAIN(int argc, char **argv)
483	EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
484	EVP_CIPHER_CTX_set_padding(&ctx, 0);
485
486	+ print_message(names[D_EVP],save_count,
487	+ lengths[j]);
488	+
489	Time_F(START);
490	if(decrypt)
491	for (count=0,run=1; COND(save_count4lengths[0]/lengths[j]); count++)
492	@@ -2115,6 +2205,8 @@ int MAIN(int argc, char **argv)
493	}
494	}
495	d=Time_F(STOP);
496	+ if (do_cpu)
497	+ rsa_cpu_usage[j][0] = calc_cpu();
498	BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
499	: "%ld %d bit private RSA's in %.2fs\n",
500	count,rsa_bits[j],d);
501	@@ -2150,6 +2242,8 @@ int MAIN(int argc, char **argv)
502	}
503	}
504	d=Time_F(STOP);
505	+ if (do_cpu)
506	+ rsa_cpu_usage[j][1] = calc_cpu();
507	BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
508	: "%ld %d bit public RSA's in %.2fs\n",
509	count,rsa_bits[j],d);
510	@@ -2209,6 +2303,8 @@ int MAIN(int argc, char **argv)
511	}
512	}
513	d=Time_F(STOP);
514	+ if (do_cpu)
515	+ dsa_cpu_usage[j][0] = calc_cpu();
516	BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
517	: "%ld %d bit DSA signs in %.2fs\n",
518	count,dsa_bits[j],d);
519	@@ -2244,6 +2340,8 @@ int MAIN(int argc, char **argv)
520	}
521	}
522	d=Time_F(STOP);
523	+ if (do_cpu)
524	+ dsa_cpu_usage[j][1] = calc_cpu();
525	BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
526	: "%ld %d bit DSA verify in %.2fs\n",
527	count,dsa_bits[j],d);
528	@@ -2538,14 +2636,23 @@ show_res:
529	fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
530	fprintf(stdout,"type ");
531	}
532	- for (j=0; j<SIZE_NUM; j++)
533	+ for (j=0; j<SIZE_NUM; j++) {
534	fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
535	+ if (do_cpu && !mr)
536	+ fprintf(stdout, " /cpu");
537	+ }
538	fprintf(stdout,"\n");
539	}
540
541	for (k=0; k<ALGOR_NUM; k++)
542	{
543	if (!doit[k]) continue;
544	+ if (k == D_EVP) {
545	+ if (evp_cipher)
546	+ names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
547	+ else
548	+ names[D_EVP]=OBJ_nid2ln(evp_md->type);
549	+ }
550	if(mr)
551	fprintf(stdout,"+F:%d:%s",k,names[k]);
552	else
553	@@ -2556,6 +2663,8 @@ show_res:
554	fprintf(stdout," %11.2fk",results[k][j]/1e3);
555	else
556	fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
557	+ if (do_cpu)
558	+ fprintf(stdout, mr ? "/%d" : "/%%%-3d", cpu_usage[k][j]);
559	}
560	fprintf(stdout,"\n");
561	}
562	@@ -2570,13 +2679,18 @@ show_res:
563	j=0;
564	}
565	if(mr)
566	- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
567	- k,rsa_bits[k],rsa_results[k][0],
568	- rsa_results[k][1]);
569	- else
570	- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
571	- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
572	- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
573	+ fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
574	+ else
575	+ fprintf(stdout,"rsa %4u bits %8.6fs",rsa_bits[k],rsa_results[k][0]);
576	+ if (do_cpu)
577	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][0]);
578	+ fprintf(stdout, mr ? ":%f" : " %8.6fs", rsa_results[k][1]);
579	+ if (do_cpu)
580	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][1]);
581	+ if(!mr)
582	+ fprintf(stdout, " %8.1f %8.1f",
583	+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
584	+ fprintf(stdout, "\n");
585	}
586	#endif
587	#ifndef OPENSSL_NO_DSA
588	@@ -2590,12 +2704,18 @@ show_res:
589	j=0;
590	}
591	if(mr)
592	- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
593	- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
594	+ fprintf(stdout,"+F3:%u:%u:%f", k,dsa_bits[k],dsa_results[k][0]);
595	else
596	- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
597	- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
598	- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
599	+ fprintf(stdout,"dsa %4u bits %8.6fs",dsa_bits[k],dsa_results[k][0]);
600	+ if (do_cpu)
601	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][0]);
602	+ fprintf(stdout, mr ? ":%f" : " %8.6fs", dsa_results[k][1]);
603	+ if (do_cpu)
604	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][1]);
605	+ if(!mr)
606	+ fprintf(stdout, " %8.1f %8.1f",
607	+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
608	+ fprintf(stdout, "\n");
609	}
610	#endif
611	#ifndef OPENSSL_NO_ECDSA
612	@@ -2720,8 +2840,10 @@ static void pkey_print_message(const cha
613
614	static void print_result(int alg,int run_no,int count,double time_used)
615	{
616	- BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
617	- : "%d %s's in %.2fs\n",count,names[alg],time_used);
618	+ if (do_cpu)
619	+ cpu_usage[alg][run_no] = calc_cpu();
620	+ BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
621	+ : "%ld %s's in %.2fs\n",count,names[alg],time_used);
622	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
623	}
624
625	@@ -2816,29 +2938,11 @@ static int do_multi(int multi)
626	p=buf+3;
627	alg=atoi(sstrsep(&p,sep));
628	sstrsep(&p,sep);
629	- for(j=0 ; j < SIZE_NUM ; ++j)
630	+ for(j=0 ; j < SIZE_NUM ; ++j) {
631	+ if (do_cpu && strchr(p, '/'))
632	+ cpu_usage[alg][j] = atoi(strchr(p, '/') + 1);
633	results[alg][j]+=atof(sstrsep(&p,sep));
634	}
635	- else if(!strncmp(buf,"+F2:",4))
636	- {
637	- int k;
638	- double d;
639	-
640	- p=buf+4;
641	- k=atoi(sstrsep(&p,sep));
642	- sstrsep(&p,sep);
643	-
644	- d=atof(sstrsep(&p,sep));
645	- if(n)
646	- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
647	- else
648	- rsa_results[k][0]=d;
649	-
650	- d=atof(sstrsep(&p,sep));
651	- if(n)
652	- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
653	- else
654	- rsa_results[k][1]=d;
655	}
656	else if(!strncmp(buf,"+F2:",4))
657	{
658	@@ -2849,12 +2953,18 @@ static int do_multi(int multi)
659	k=atoi(sstrsep(&p,sep));
660	sstrsep(&p,sep);
661
662	+ /* before we move the token along */
663	+ if (do_cpu && strchr(p, '/'))
664	+ rsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
665	d=atof(sstrsep(&p,sep));
666	if(n)
667	rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
668	else
669	rsa_results[k][0]=d;
670
671	+ /* before we move the token along */
672	+ if (do_cpu && strchr(p, '/'))
673	+ rsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
674	d=atof(sstrsep(&p,sep));
675	if(n)
676	rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
677	@@ -2870,12 +2980,18 @@ static int do_multi(int multi)
678	k=atoi(sstrsep(&p,sep));
679	sstrsep(&p,sep);
680
681	+ /* before we move the token along */
682	+ if (do_cpu && strchr(p, '/'))
683	+ dsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
684	d=atof(sstrsep(&p,sep));
685	if(n)
686	dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
687	else
688	dsa_results[k][0]=d;
689
690	+ /* before we move the token along */
691	+ if (do_cpu && strchr(p, '/'))
692	+ dsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
693	d=atof(sstrsep(&p,sep));
694	if(n)
695	dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
696	--- a/crypto/cryptlib.h
697	+++ b/crypto/cryptlib.h
698	@@ -62,7 +62,7 @@
699	#include <stdlib.h>
700	#include <string.h>
701
702	-#include "e_os.h"
703	+#include <openssl/e_os.h>
704
705	#ifdef OPENSSL_USE_APPLINK
706	#define BIO_FLAGS_UPLINK 0x8000
707	--- a/crypto/engine/eng_all.c
708	+++ b/crypto/engine/eng_all.c
709	@@ -104,7 +104,7 @@ void ENGINE_load_builtin_engines(void)
710	#endif
711	#endif
712	#ifndef OPENSSL_NO_HW
713	-#if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
714	+#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
715	ENGINE_load_cryptodev();
716	#endif
717	#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
718	@@ -113,7 +113,7 @@ void ENGINE_load_builtin_engines(void)
719	#endif
720	}
721
722	-#if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
723	+#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
724	void ENGINE_setup_bsd_cryptodev(void) {
725	static int bsd_cryptodev_default_loaded = 0;
726	if (!bsd_cryptodev_default_loaded) {
727	--- a/crypto/engine/eng_cryptodev.c
728	+++ b/crypto/engine/eng_cryptodev.c
729	@@ -72,6 +72,16 @@ ENGINE_load_cryptodev(void)
730	struct dev_crypto_state {
731	struct session_op d_sess;
732	int d_fd;
733	+
734	+#ifdef USE_CRYPTODEV_DIGESTS
735	+ char dummy_mac_key[20];
736	+
737	+ unsigned char digest_res[20];
738	+ char *mac_data;
739	+ int mac_len;
740	+
741	+ int copy;
742	+#endif
743	};
744
745	static u_int32_t cryptodev_asymfeat = 0;
746	@@ -79,9 +89,11 @@ static u_int32_t cryptodev_asymfeat = 0;
747	static int get_asym_dev_crypto(void);
748	static int open_dev_crypto(void);
749	static int get_dev_crypto(void);
750	+#if 0
751	static int cryptodev_max_iv(int cipher);
752	static int cryptodev_key_length_valid(int cipher, int len);
753	static int cipher_nid_to_cryptodev(int nid);
754	+#endif
755	static int get_cryptodev_ciphers(const int **cnids);
756	/static int get_cryptodev_digests(const int cnids);/
757	static int cryptodev_usable_ciphers(const int **nids);
758	@@ -134,9 +146,12 @@ static struct {
759	int ivmax;
760	int keylen;
761	} ciphers[] = {
762	+ { CRYPTO_ARC4, NID_rc4, 0, 16, },
763	{ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
764	{ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
765	{ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
766	+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
767	+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
768	{ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
769	{ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
770	{ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
771	@@ -147,14 +162,15 @@ static struct {
772	static struct {
773	int id;
774	int nid;
775	+ int keylen;
776	} digests[] = {
777	- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
778	- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
779	- { CRYPTO_MD5_KPDK, NID_undef, },
780	- { CRYPTO_SHA1_KPDK, NID_undef, },
781	- { CRYPTO_MD5, NID_md5, },
782	- { CRYPTO_SHA1, NID_undef, },
783	- { 0, NID_undef, },
784	+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
785	+ { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/?/},
786	+ { CRYPTO_MD5_KPDK, NID_undef, 0},
787	+ { CRYPTO_SHA1_KPDK, NID_undef, 0},
788	+ { CRYPTO_MD5, NID_md5, 16},
789	+ { CRYPTO_SHA1, NID_sha1, 20},
790	+ { 0, NID_undef, 0},
791	};
792	#endif
793
794	@@ -182,10 +198,17 @@ open_dev_crypto(void)
795	static int
796	get_dev_crypto(void)
797	{
798	- int fd, retfd;
799	+ static int fd = -1;
800	+ int retfd;
801
802	- if ((fd = open_dev_crypto()) == -1)
803	- return (-1);
804	+ if (fd == -1) {
805	+ if ((fd = open_dev_crypto()) == -1)
806	+ return (-1);
807	+ if (fcntl(fd, F_SETFD, 1) == -1) {
808	+ close(fd);
809	+ return (-1);
810	+ }
811	+ }
812	if (ioctl(fd, CRIOGET, &retfd) == -1)
813	return (-1);
814
815	@@ -208,6 +231,7 @@ get_asym_dev_crypto(void)
816	return fd;
817	}
818
819	+#if 0
820	/*
821	* XXXX this needs to be set for each alg - and determined from
822	* a running card.
823	@@ -251,6 +275,7 @@ cipher_nid_to_cryptodev(int nid)
824	return (ciphers[i].id);
825	return (0);
826	}
827	+#endif
828
829	/*
830	* Find out what ciphers /dev/crypto will let us have a session for.
831	@@ -270,7 +295,7 @@ get_cryptodev_ciphers(const int **cnids)
832	return (0);
833	}
834	memset(&sess, 0, sizeof(sess));
835	- sess.key = (caddr_t)"123456781234567812345678";
836	+ sess.key = (caddr_t)"123456789abcdefghijklmno";
837
838	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
839	if (ciphers[i].nid == NID_undef)
840	@@ -310,10 +335,12 @@ get_cryptodev_digests(const int **cnids)
841	return (0);
842	}
843	memset(&sess, 0, sizeof(sess));
844	+ sess.mackey = (caddr_t)"123456789abcdefghijklmno";
845	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
846	if (digests[i].nid == NID_undef)
847	continue;
848	sess.mac = digests[i].id;
849	+ sess.mackeylen = digests[i].keylen;
850	sess.cipher = 0;
851	if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
852	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
853	@@ -360,6 +387,9 @@ cryptodev_usable_ciphers(const int **nid
854	static int
855	cryptodev_usable_digests(const int **nids)
856	{
857	+#ifdef USE_CRYPTODEV_DIGESTS
858	+ return (get_cryptodev_digests(nids));
859	+#else
860	/*
861	* XXXX just disable all digests for now, because it sucks.
862	* we need a better way to decide this - i.e. I may not
863	@@ -374,6 +404,7 @@ cryptodev_usable_digests(const int **nid
864	*/
865	*nids = NULL;
866	return (0);
867	+#endif
868	}
869
870	static int
871	@@ -436,16 +467,20 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
872	{
873	struct dev_crypto_state *state = ctx->cipher_data;
874	struct session_op *sess = &state->d_sess;
875	- int cipher;
876	+ int cipher, i;
877
878	- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
879	- return (0);
880	-
881	- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
882	- return (0);
883	+ for (i = 0; ciphers[i].id; i++)
884	+ if (ctx->cipher->nid == ciphers[i].nid &&
885	+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
886	+ ctx->key_len == ciphers[i].keylen) {
887	+ cipher = ciphers[i].id;
888	+ break;
889	+ }
890
891	- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
892	+ if (!ciphers[i].id) {
893	+ state->d_fd = -1;
894	return (0);
895	+ }
896
897	memset(sess, 0, sizeof(struct session_op));
898
899	@@ -505,6 +540,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
900	* gets called when libcrypto requests a cipher NID.
901	*/
902
903	+/* RC4 */
904	+const EVP_CIPHER cryptodev_rc4 = {
905	+ NID_rc4,
906	+ 1, 16, 0,
907	+ EVP_CIPH_VARIABLE_LENGTH,
908	+ cryptodev_init_key,
909	+ cryptodev_cipher,
910	+ cryptodev_cleanup,
911	+ sizeof(struct dev_crypto_state),
912	+ NULL,
913	+ NULL,
914	+ NULL
915	+};
916	+
917	/* DES CBC EVP */
918	const EVP_CIPHER cryptodev_des_cbc = {
919	NID_des_cbc,
920	@@ -572,6 +621,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
921	NULL
922	};
923
924	+const EVP_CIPHER cryptodev_aes_192_cbc = {
925	+ NID_aes_192_cbc,
926	+ 16, 24, 16,
927	+ EVP_CIPH_CBC_MODE,
928	+ cryptodev_init_key,
929	+ cryptodev_cipher,
930	+ cryptodev_cleanup,
931	+ sizeof(struct dev_crypto_state),
932	+ EVP_CIPHER_set_asn1_iv,
933	+ EVP_CIPHER_get_asn1_iv,
934	+ NULL
935	+};
936	+
937	+const EVP_CIPHER cryptodev_aes_256_cbc = {
938	+ NID_aes_256_cbc,
939	+ 16, 32, 16,
940	+ EVP_CIPH_CBC_MODE,
941	+ cryptodev_init_key,
942	+ cryptodev_cipher,
943	+ cryptodev_cleanup,
944	+ sizeof(struct dev_crypto_state),
945	+ EVP_CIPHER_set_asn1_iv,
946	+ EVP_CIPHER_get_asn1_iv,
947	+ NULL
948	+};
949	+
950	/*
951	* Registered by the ENGINE when used to find out how to deal with
952	* a particular NID in the ENGINE. this says what we'll do at the
953	@@ -585,6 +660,9 @@ cryptodev_engine_ciphers(ENGINE *e, cons
954	return (cryptodev_usable_ciphers(nids));
955
956	switch (nid) {
957	+ case NID_rc4:
958	+ *cipher = &cryptodev_rc4;
959	+ break;
960	case NID_des_ede3_cbc:
961	*cipher = &cryptodev_3des_cbc;
962	break;
963	@@ -600,6 +678,12 @@ cryptodev_engine_ciphers(ENGINE *e, cons
964	case NID_aes_128_cbc:
965	*cipher = &cryptodev_aes_cbc;
966	break;
967	+ case NID_aes_192_cbc:
968	+ *cipher = &cryptodev_aes_192_cbc;
969	+ break;
970	+ case NID_aes_256_cbc:
971	+ *cipher = &cryptodev_aes_256_cbc;
972	+ break;
973	default:
974	*cipher = NULL;
975	break;
976	@@ -607,6 +691,234 @@ cryptodev_engine_ciphers(ENGINE *e, cons
977	return (*cipher != NULL);
978	}
979
980	+
981	+#ifdef USE_CRYPTODEV_DIGESTS
982	+
983	+/* convert digest type to cryptodev */
984	+static int
985	+digest_nid_to_cryptodev(int nid)
986	+{
987	+ int i;
988	+
989	+ for (i = 0; digests[i].id; i++)
990	+ if (digests[i].nid == nid)
991	+ return (digests[i].id);
992	+ return (0);
993	+}
994	+
995	+
996	+static int
997	+digest_key_length(int nid)
998	+{
999	+ int i;
1000	+
1001	+ for (i = 0; digests[i].id; i++)
1002	+ if (digests[i].nid == nid)
1003	+ return digests[i].keylen;
1004	+ return (0);
1005	+}
1006	+
1007	+
1008	+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
1009	+{
1010	+ struct dev_crypto_state *state = ctx->md_data;
1011	+ struct session_op *sess = &state->d_sess;
1012	+ int digest;
1013	+
1014	+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
1015	+ printf("cryptodev_digest_init: Can't get digest \n");
1016	+ return (0);
1017	+ }
1018	+
1019	+ memset(state, 0, sizeof(struct dev_crypto_state));
1020	+
1021	+ if ((state->d_fd = get_dev_crypto()) < 0) {
1022	+ printf("cryptodev_digest_init: Can't get Dev \n");
1023	+ return (0);
1024	+ }
1025	+
1026	+ sess->mackey = state->dummy_mac_key;
1027	+ sess->mackeylen = digest_key_length(ctx->digest->type);
1028	+ sess->mac = digest;
1029	+
1030	+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
1031	+ close(state->d_fd);
1032	+ state->d_fd = -1;
1033	+ printf("cryptodev_digest_init: Open session failed\n");
1034	+ return (0);
1035	+ }
1036	+
1037	+ return (1);
1038	+}
1039	+
1040	+static int cryptodev_digest_update(EVP_MD_CTX ctx, const void data,
1041	+ size_t count)
1042	+{
1043	+ struct crypt_op cryp;
1044	+ struct dev_crypto_state *state = ctx->md_data;
1045	+ struct session_op *sess = &state->d_sess;
1046	+
1047	+ if (!data \|\| state->d_fd < 0) {
1048	+ printf("cryptodev_digest_update: illegal inputs \n");
1049	+ return (0);
1050	+ }
1051	+
1052	+ if (!count) {
1053	+ return (0);
1054	+ }
1055	+
1056	+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
1057	+ /* if application doesn't support one buffer */
1058	+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
1059	+
1060	+ if (!state->mac_data) {
1061	+ printf("cryptodev_digest_update: realloc failed\n");
1062	+ return (0);
1063	+ }
1064	+
1065	+ memcpy(state->mac_data + state->mac_len, data, count);
1066	+ state->mac_len += count;
1067	+
1068	+ return (1);
1069	+ }
1070	+
1071	+ memset(&cryp, 0, sizeof(cryp));
1072	+
1073	+ cryp.ses = sess->ses;
1074	+ cryp.flags = 0;
1075	+ cryp.len = count;
1076	+ cryp.src = (caddr_t) data;
1077	+ cryp.dst = NULL;
1078	+ cryp.mac = state->digest_res;
1079	+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1080	+ printf("cryptodev_digest_update: digest failed\n");
1081	+ return (0);
1082	+ }
1083	+ return (1);
1084	+}
1085	+
1086	+
1087	+static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
1088	+{
1089	+ struct crypt_op cryp;
1090	+ struct dev_crypto_state *state = ctx->md_data;
1091	+ struct session_op *sess = &state->d_sess;
1092	+
1093	+ int ret = 1;
1094	+
1095	+ if (!md \|\| state->d_fd < 0) {
1096	+ printf("cryptodev_digest_final: illegal input\n");
1097	+ return(0);
1098	+ }
1099	+
1100	+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
1101	+ /* if application doesn't support one buffer */
1102	+ memset(&cryp, 0, sizeof(cryp));
1103	+
1104	+ cryp.ses = sess->ses;
1105	+ cryp.flags = 0;
1106	+ cryp.len = state->mac_len;
1107	+ cryp.src = state->mac_data;
1108	+ cryp.dst = NULL;
1109	+ cryp.mac = md;
1110	+
1111	+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1112	+ printf("cryptodev_digest_final: digest failed\n");
1113	+ return (0);
1114	+ }
1115	+
1116	+ return 1;
1117	+ }
1118	+
1119	+ memcpy(md, state->digest_res, ctx->digest->md_size);
1120	+
1121	+ return (ret);
1122	+}
1123	+
1124	+
1125	+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
1126	+{
1127	+ int ret = 1;
1128	+ struct dev_crypto_state *state = ctx->md_data;
1129	+ struct session_op *sess = &state->d_sess;
1130	+
1131	+ if (state->d_fd < 0) {
1132	+ printf("cryptodev_digest_cleanup: illegal input\n");
1133	+ return (0);
1134	+ }
1135	+
1136	+ if (state->mac_data) {
1137	+ OPENSSL_free(state->mac_data);
1138	+ state->mac_data = NULL;
1139	+ state->mac_len = 0;
1140	+ }
1141	+
1142	+ if (state->copy)
1143	+ return 1;
1144	+
1145	+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1146	+ printf("cryptodev_digest_cleanup: failed to close session\n");
1147	+ ret = 0;
1148	+ } else {
1149	+ ret = 1;
1150	+ }
1151	+ close(state->d_fd);
1152	+ state->d_fd = -1;
1153	+
1154	+ return (ret);
1155	+}
1156	+
1157	+static int cryptodev_digest_copy(EVP_MD_CTX to,const EVP_MD_CTX from)
1158	+{
1159	+ struct dev_crypto_state *fstate = from->md_data;
1160	+ struct dev_crypto_state *dstate = to->md_data;
1161	+
1162	+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1163	+
1164	+ if (fstate->mac_len != 0) {
1165	+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1166	+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1167	+ }
1168	+
1169	+ dstate->copy = 1;
1170	+
1171	+ return 1;
1172	+}
1173	+
1174	+
1175	+const EVP_MD cryptodev_sha1 = {
1176	+ NID_sha1,
1177	+ NID_undef,
1178	+ SHA_DIGEST_LENGTH,
1179	+ EVP_MD_FLAG_ONESHOT,
1180	+ cryptodev_digest_init,
1181	+ cryptodev_digest_update,
1182	+ cryptodev_digest_final,
1183	+ cryptodev_digest_copy,
1184	+ cryptodev_digest_cleanup,
1185	+ EVP_PKEY_NULL_method,
1186	+ SHA_CBLOCK,
1187	+ sizeof(struct dev_crypto_state),
1188	+};
1189	+
1190	+const EVP_MD cryptodev_md5 = {
1191	+ NID_md5,
1192	+ NID_undef,
1193	+ 16 /* MD5_DIGEST_LENGTH */,
1194	+ EVP_MD_FLAG_ONESHOT,
1195	+ cryptodev_digest_init,
1196	+ cryptodev_digest_update,
1197	+ cryptodev_digest_final,
1198	+ cryptodev_digest_copy,
1199	+ cryptodev_digest_cleanup,
1200	+ EVP_PKEY_NULL_method,
1201	+ 64 /* MD5_CBLOCK */,
1202	+ sizeof(struct dev_crypto_state),
1203	+};
1204	+
1205	+#endif /* USE_CRYPTODEV_DIGESTS */
1206	+
1207	+
1208	static int
1209	cryptodev_engine_digests(ENGINE e, const EVP_MD *digest,
1210	const int **nids, int nid)
1211	@@ -615,10 +927,15 @@ cryptodev_engine_digests(ENGINE *e, cons
1212	return (cryptodev_usable_digests(nids));
1213
1214	switch (nid) {
1215	+#ifdef USE_CRYPTODEV_DIGESTS
1216	case NID_md5:
1217	- digest = NULL; / need to make a clean md5 critter */
1218	+ *digest = &cryptodev_md5;
1219	break;
1220	+ case NID_sha1:
1221	+ *digest = &cryptodev_sha1;
1222	+ break;
1223	default:
1224	+#endif /* USE_CRYPTODEV_DIGESTS */
1225	*digest = NULL;
1226	break;
1227	}
1228	@@ -646,6 +963,7 @@ bn2crparam(const BIGNUM *a, struct crpar
1229	b = malloc(bytes);
1230	if (b == NULL)
1231	return (1);
1232	+ memset(b, 0, bytes);
1233
1234	crp->crp_p = (char *)b;
1235	crp->crp_nbits = bits;
1236	@@ -690,7 +1008,7 @@ zapparams(struct crypt_kop *kop)
1237	{
1238	int i;
1239
1240	- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
1241	+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1242	if (kop->crk_param[i].crp_p)
1243	free(kop->crk_param[i].crp_p);
1244	kop->crk_param[i].crp_p = NULL;
1245	--- a/crypto/engine/engine.h
1246	+++ b/crypto/engine/engine.h
1247	@@ -705,7 +705,7 @@ typedef int (*dynamic_bind_engine)(ENGIN
1248	* values. */
1249	void *ENGINE_get_static_state(void);
1250
1251	-#if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
1252	+#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
1253	void ENGINE_setup_bsd_cryptodev(void);
1254	#endif
1255
1256	--- a/crypto/evp/c_all.c
1257	+++ b/crypto/evp/c_all.c
1258	@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(v
1259	OpenSSL_add_all_ciphers();
1260	OpenSSL_add_all_digests();
1261	#ifndef OPENSSL_NO_ENGINE
1262	-# if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
1263	+# if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
1264	ENGINE_setup_bsd_cryptodev();
1265	# endif
1266	#endif
1267	--- a/crypto/evp/c_alld.c
1268	+++ b/crypto/evp/c_alld.c
1269	@@ -78,7 +78,7 @@ void OpenSSL_add_all_digests(void)
1270	EVP_add_digest(EVP_dss());
1271	#endif
1272	#endif
1273	-#ifndef OPENSSL_NO_SHA
1274	+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
1275	EVP_add_digest(EVP_sha1());
1276	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
1277	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
1278	--- a/engines/Makefile
1279	+++ b/engines/Makefile
1280	@@ -97,6 +97,7 @@ install:
1281	( echo installing $$l; \
1282	if [ "$(PLATFORM)" != "Cygwin" ]; then \
1283	case "$(CFLAGS)" in \
1284	+ OPENSSL_NO_HW) continue;; \
1285	DSO_DLFCN) sfx="so";; \
1286	DSO_DL) sfx="sl";; \
1287	*) sfx="bad";; \
1288	--- a/util/domd
1289	+++ b/util/domd
1290	@@ -22,13 +22,17 @@ if expr "$MAKEDEPEND" : '.*gcc$' > /dev/
1291	done
1292	sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
1293	echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
1294	- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
1295	+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp && \
1296	${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
1297	+ RC=$?
1298	rm -f Makefile.tmp
1299	else
1300	- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@
1301	+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
1302	${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
1303	+ RC=$?
1304	fi
1305	mv Makefile.new Makefile
1306	# unfake the presence of Kerberos
1307	rm $TOP/krb5.h
1308	+
1309	+exit $RC
1310

Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl

OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/package/openssl/patches/200-ocf-20080917.patch

interactive