OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/package/openssl/patches/200-ocf-20100325.patch

1	--- a/Configure
2	+++ b/Configure
3	@@ -36,6 +36,8 @@ my $usage="Usage: Configure [no-<cipher>
4	# (Default: KRB5_DIR/include)
5	# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
6	# supported values are "MIT" and "Heimdal". A value is required.
7	+# --with-cryptodev Force support for cryptodev (ie., ocf-linux)
8	+# --with-cryptodev-digests Force support for cryptodev digests (generally slow)
9	#
10	# --test-sanity Make a number of sanity checks on the data in this file.
11	# This is a debugging tool for OpenSSL developers.
12	@@ -554,6 +556,10 @@ my %table=(
13	##### Compaq Non-Stop Kernel (Tandem)
14	"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
15
16	+# uClinux
17	+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
18	+"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
19	+
20	);
21
22	my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
23	@@ -610,6 +616,8 @@ my $montasm=1; # but "no-montasm" is d
24	my $no_asm=0;
25	my $no_dso=0;
26	my $no_gmp=0;
27	+my $have_cryptodev=0;
28	+my $use_cryptodev_digests=0;
29	my @skip=();
30	my $Makefile="Makefile";
31	my $des_locl="crypto/des/des_locl.h";
32	@@ -758,6 +766,14 @@ PROCESS_ARGS:
33	{
34	exit(&test_sanity());
35	}
36	+ elsif (/^--with-cryptodev$/)
37	+ {
38	+ $have_cryptodev = 1;
39	+ }
40	+ elsif (/^--with-cryptodev-digests$/)
41	+ {
42	+ $use_cryptodev_digests = 1;
43	+ }
44	elsif (/^--strict-warnings/)
45	{
46	$strict_warnings = 1;
47	@@ -1055,6 +1071,7 @@ foreach (sort (keys %disabled))
48	print " OPENSSL_NO_$ALGO";
49
50	if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
51	+ elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; }
52	elsif (/^asm$/) { $no_asm = 1; }
53	}
54	else
55	@@ -1184,6 +1201,16 @@ if (!$no_krb5)
56	$withargs{"krb5-dir"} ne "";
57	}
58
59	+# enable the linux cryptodev (ocf-linux) support
60	+if ($have_cryptodev)
61	+ {
62	+ if ($use_cryptodev_digests)
63	+ {
64	+ $cflags = "-DUSE_CRYPTODEV_DIGESTS $cflags";
65	+ }
66	+ $cflags = "-DHAVE_CRYPTODEV $cflags";
67	+ }
68	+
69	# The DSO code currently always implements all functions so that no
70	# applications will have to worry about that from a compilation point
71	# of view. However, the "method"s may return zero unless that platform
72	--- a/INSTALL
73	+++ b/INSTALL
74	@@ -103,6 +103,12 @@
75	define preprocessor symbols, specify additional libraries,
76	library directories or other compiler options.
77
78	+ --with-cryptodev Enabled the BSD cryptodev engine even if we are not using
79	+ BSD. Useful if you are running ocf-linux or something
80	+ similar. Once enabled you can also enable the use of
81	+ cryptodev digests, with is usually slower unless you have
82	+ large amounts data. Use --with-cryptodev-digests to force
83	+ it.
84
85	Installation in Detail
86	----------------------
87	--- a/Makefile.org
88	+++ b/Makefile.org
89	@@ -499,7 +499,7 @@ files:
90
91	links:
92	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
93	- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
94	+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(HEADER) $(EXHEADER)
95	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
96	@if [ -z "$(FIPSCANLIB)" ]; then \
97	set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
98	--- a/Makefile.shared
99	+++ b/Makefile.shared
100	@@ -6,13 +6,13 @@
101	# properly
102
103	# CC contains the current compiler. This one MUST be defined
104	-CC=cc
105	-CFLAGS=$(CFLAG)
106	+CC?=cc
107	+CFLAGS?=$(CFLAG)
108	# LDFLAGS contains flags to be used when temporary object files (when building
109	# shared libraries) are created, or when an application is linked.
110	# SHARED_LDFLAGS contains flags to be used when the shared library is created.
111	-LDFLAGS=
112	-SHARED_LDFLAGS=
113	+LDFLAGS?=
114	+SHARED_LDFLAGS?=
115
116	# LIBNAME contains just the name of the library, without prefix ("lib"
117	# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
118	--- a/config
119	+++ b/config
120	@@ -270,7 +270,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
121	echo "ppc-apple-darwin${VERSION}"
122	;;
123	*)
124	- echo "i386-apple-darwin${VERSION}"
125	+ echo "${MACHINE}-apple-darwin${VERSION}"
126	;;
127	esac
128	exit 0
129	@@ -399,7 +399,7 @@ exit 0
130	# this is where the translation occurs into SSLeay terms
131	# ---------------------------------------------------------------------------
132
133	-GCCVER=`(gcc -dumpversion) 2>/dev/null`
134	+GCCVER=`(${CC:-gcc} -dumpversion) 2>/dev/null`
135	if [ "$GCCVER" != "" ]; then
136	# then strip off whatever prefix egcs prepends the number with...
137	# Hopefully, this will work for any future prefixes as well.
138	@@ -488,6 +488,12 @@ echo Operating system: $GUESSOS
139	# script above so we end up with values in vars but that would take
140	# more time that I want to waste at the moment
141	case "$GUESSOS" in
142	+ uClinux64)
143	+ OUT=uClinux-dist64
144	+ ;;
145	+ uClinux*)
146	+ OUT=uClinux-dist
147	+ ;;
148	mips2-sgi-irix)
149	CPU=`(hinv -t cpu) 2>/dev/null \| head -1 \| sed 's/^CPU:[^R]R$[0-9]$.*/\1/'`
150	CPU=${CPU:-0}
151	--- a/apps/apps.h
152	+++ b/apps/apps.h
153	@@ -112,7 +112,7 @@
154	#ifndef HEADER_APPS_H
155	#define HEADER_APPS_H
156
157	-#include "e_os.h"
158	+#include <openssl/e_os.h>
159
160	#include <openssl/bio.h>
161	#include <openssl/x509.h>
162	--- a/apps/progs.h
163	+++ b/apps/progs.h
164	@@ -129,7 +129,9 @@ FUNCTION functions[] = {
165	#ifndef OPENSSL_NO_ENGINE
166	{FUNC_TYPE_GENERAL,"engine",engine_main},
167	#endif
168	+#ifndef OPENSSL_NO_OCSP
169	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
170	+#endif
171	{FUNC_TYPE_GENERAL,"prime",prime_main},
172	#ifndef OPENSSL_NO_MD2
173	{FUNC_TYPE_MD,"md2",dgst_main},
174	--- a/apps/speed.c
175	+++ b/apps/speed.c
176	@@ -302,7 +302,7 @@ static const char *names[ALGOR_NUM]={
177	"evp","sha256","sha512",
178	"aes-128 ige","aes-192 ige","aes-256 ige"};
179	static double results[ALGOR_NUM][SIZE_NUM];
180	-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
181	+static int lengths[SIZE_NUM]={16,64,256,1024,21024,41024};
182	#ifndef OPENSSL_NO_RSA
183	static double rsa_results[RSA_NUM][2];
184	#endif
185	@@ -342,6 +342,82 @@ static SIGRETTYPE sig_done(int sig)
186	#define START 0
187	#define STOP 1
188
189	+static int do_cpu = 0;
190	+
191	+#ifdef __linux__
192	+
193	+#define HAVE_CPU_USAGE 1
194	+
195	+/*
196	+ * record CPU usage as well
197	+ */
198	+
199	+struct cpu_stat {
200	+ unsigned int user;
201	+ unsigned int nice;
202	+ unsigned int system;
203	+ unsigned int idle;
204	+ unsigned int total;
205	+};
206	+
207	+static unsigned int cpu_usage[ALGOR_NUM][SIZE_NUM];
208	+static unsigned int rsa_cpu_usage[RSA_NUM][2];
209	+static unsigned int dsa_cpu_usage[DSA_NUM][2];
210	+static struct cpu_stat cpu_start, cpu_finish;
211	+
212	+static void
213	+get_cpu(int s)
214	+{
215	+ FILE *fp = NULL;
216	+ unsigned char buf[80];
217	+ struct cpu_stat *st = s == START ? &cpu_start : &cpu_finish;
218	+
219	+ memset(st, 0, sizeof(*st));
220	+
221	+ if (fp == NULL)
222	+ fp = fopen("/proc/stat", "r");
223	+ if (!fp)
224	+ return;
225	+ if (fseek(fp, 0, SEEK_SET) == -1) {
226	+ fclose(fp);
227	+ return;
228	+ }
229	+ fscanf(fp, "%s %d %d %d %d", &buf[0], &st->user, &st->nice,
230	+ &st->system, &st->idle);
231	+ st->total = st->user + st->nice + st->system + st->idle;
232	+ fclose(fp);
233	+}
234	+
235	+static unsigned int
236	+calc_cpu()
237	+{
238	+ unsigned int total, res;
239	+
240	+ total = cpu_finish.total - cpu_start.total;
241	+ if (total <= 0)
242	+ return 0;
243	+#if 1 // busy
244	+ res = ((cpu_finish.system + cpu_finish.user + cpu_finish.nice) -
245	+ (cpu_start.system + cpu_start.user + cpu_start.nice)) *
246	+ 100 / total;
247	+#endif
248	+#if 0 // system
249	+ res = (cpu_finish.system - cpu_start.system) * 100 / total;
250	+#endif
251	+#if 0 // user
252	+ res = (cpu_finish.user - cpu_start.user) * 100 / total;
253	+#endif
254	+#if 0 // nice
255	+ res = (cpu_finish.nice - cpu_start.nice) * 100 / total;
256	+#endif
257	+#if 0 // idle
258	+ res = (cpu_finish.idle - cpu_start.idle) * 100 / total;
259	+#endif
260	+ return(res);
261	+}
262	+
263	+#endif
264	+
265	#if defined(OPENSSL_SYS_NETWARE)
266
267	/* for NetWare the best we can do is use clock() which returns the
268	@@ -372,6 +448,9 @@ static double Time_F(int s)
269	{
270	double ret;
271
272	+ if (do_cpu)
273	+ get_cpu(s);
274	+
275	#ifdef USE_TOD
276	if(usertime)
277	{
278	@@ -839,6 +918,14 @@ int MAIN(int argc, char **argv)
279	j--; /* Otherwise, -elapsed gets confused with
280	an algorithm. */
281	}
282	+#ifdef HAVE_CPU_USAGE
283	+ else if ((argc > 0) && (strcmp(*argv,"-cpu") == 0))
284	+ {
285	+ do_cpu = 1;
286	+ j--; /* Otherwise, -cpu gets confused with
287	+ an algorithm. */
288	+ }
289	+#endif
290	else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
291	{
292	argc--;
293	@@ -1267,6 +1354,9 @@ int MAIN(int argc, char **argv)
294	#ifndef NO_FORK
295	BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
296	#endif
297	+#ifdef HAVE_CPU_USAGE
298	+ BIO_printf(bio_err,"-cpu calculate cpu utilisation.\n");
299	+#endif
300	goto end;
301	}
302	argc--;
303	@@ -1274,11 +1364,6 @@ int MAIN(int argc, char **argv)
304	j++;
305	}
306
307	-#ifndef NO_FORK
308	- if(multi && do_multi(multi))
309	- goto show_res;
310	-#endif
311	-
312	if (j == 0)
313	{
314	for (i=0; i<ALGOR_NUM; i++)
315	@@ -1612,6 +1697,11 @@ int MAIN(int argc, char **argv)
316	signal(SIGALRM,sig_done);
317	#endif /* SIGALRM */
318
319	+#ifndef NO_FORK /* Do this a late as possible to give better CPU readings */
320	+ if(multi && do_multi(multi))
321	+ goto show_res;
322	+#endif
323	+
324	#ifndef OPENSSL_NO_MD2
325	if (doit[D_MD2])
326	{
327	@@ -2041,8 +2131,6 @@ int MAIN(int argc, char **argv)
328	/* -O3 -fschedule-insns messes up an
329	* optimization here! names[D_EVP]
330	* somehow becomes NULL */
331	- print_message(names[D_EVP],save_count,
332	- lengths[j]);
333
334	EVP_CIPHER_CTX_init(&ctx);
335	if(decrypt)
336	@@ -2051,6 +2139,9 @@ int MAIN(int argc, char **argv)
337	EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
338	EVP_CIPHER_CTX_set_padding(&ctx, 0);
339
340	+ print_message(names[D_EVP],save_count,
341	+ lengths[j]);
342	+
343	Time_F(START);
344	if(decrypt)
345	for (count=0,run=1; COND(save_count4lengths[0]/lengths[j]); count++)
346	@@ -2115,6 +2206,8 @@ int MAIN(int argc, char **argv)
347	}
348	}
349	d=Time_F(STOP);
350	+ if (do_cpu)
351	+ rsa_cpu_usage[j][0] = calc_cpu();
352	BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
353	: "%ld %d bit private RSA's in %.2fs\n",
354	count,rsa_bits[j],d);
355	@@ -2150,6 +2243,8 @@ int MAIN(int argc, char **argv)
356	}
357	}
358	d=Time_F(STOP);
359	+ if (do_cpu)
360	+ rsa_cpu_usage[j][1] = calc_cpu();
361	BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
362	: "%ld %d bit public RSA's in %.2fs\n",
363	count,rsa_bits[j],d);
364	@@ -2209,6 +2304,8 @@ int MAIN(int argc, char **argv)
365	}
366	}
367	d=Time_F(STOP);
368	+ if (do_cpu)
369	+ dsa_cpu_usage[j][0] = calc_cpu();
370	BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
371	: "%ld %d bit DSA signs in %.2fs\n",
372	count,dsa_bits[j],d);
373	@@ -2244,6 +2341,8 @@ int MAIN(int argc, char **argv)
374	}
375	}
376	d=Time_F(STOP);
377	+ if (do_cpu)
378	+ dsa_cpu_usage[j][1] = calc_cpu();
379	BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
380	: "%ld %d bit DSA verify in %.2fs\n",
381	count,dsa_bits[j],d);
382	@@ -2538,14 +2637,23 @@ show_res:
383	fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
384	fprintf(stdout,"type ");
385	}
386	- for (j=0; j<SIZE_NUM; j++)
387	+ for (j=0; j<SIZE_NUM; j++) {
388	fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
389	+ if (do_cpu && !mr)
390	+ fprintf(stdout, " /cpu");
391	+ }
392	fprintf(stdout,"\n");
393	}
394
395	for (k=0; k<ALGOR_NUM; k++)
396	{
397	if (!doit[k]) continue;
398	+ if (k == D_EVP) {
399	+ if (evp_cipher)
400	+ names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
401	+ else
402	+ names[D_EVP]=OBJ_nid2ln(evp_md->type);
403	+ }
404	if(mr)
405	fprintf(stdout,"+F:%d:%s",k,names[k]);
406	else
407	@@ -2556,6 +2664,8 @@ show_res:
408	fprintf(stdout," %11.2fk",results[k][j]/1e3);
409	else
410	fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
411	+ if (do_cpu)
412	+ fprintf(stdout, mr ? "/%d" : "/%%%-3d", cpu_usage[k][j]);
413	}
414	fprintf(stdout,"\n");
415	}
416	@@ -2570,13 +2680,18 @@ show_res:
417	j=0;
418	}
419	if(mr)
420	- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
421	- k,rsa_bits[k],rsa_results[k][0],
422	- rsa_results[k][1]);
423	- else
424	- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
425	- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
426	- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
427	+ fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
428	+ else
429	+ fprintf(stdout,"rsa %4u bits %8.6fs",rsa_bits[k],rsa_results[k][0]);
430	+ if (do_cpu)
431	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][0]);
432	+ fprintf(stdout, mr ? ":%f" : " %8.6fs", rsa_results[k][1]);
433	+ if (do_cpu)
434	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][1]);
435	+ if(!mr)
436	+ fprintf(stdout, " %8.1f %8.1f",
437	+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
438	+ fprintf(stdout, "\n");
439	}
440	#endif
441	#ifndef OPENSSL_NO_DSA
442	@@ -2590,12 +2705,18 @@ show_res:
443	j=0;
444	}
445	if(mr)
446	- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
447	- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
448	+ fprintf(stdout,"+F3:%u:%u:%f", k,dsa_bits[k],dsa_results[k][0]);
449	else
450	- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
451	- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
452	- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
453	+ fprintf(stdout,"dsa %4u bits %8.6fs",dsa_bits[k],dsa_results[k][0]);
454	+ if (do_cpu)
455	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][0]);
456	+ fprintf(stdout, mr ? ":%f" : " %8.6fs", dsa_results[k][1]);
457	+ if (do_cpu)
458	+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][1]);
459	+ if(!mr)
460	+ fprintf(stdout, " %8.1f %8.1f",
461	+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
462	+ fprintf(stdout, "\n");
463	}
464	#endif
465	#ifndef OPENSSL_NO_ECDSA
466	@@ -2720,8 +2841,10 @@ static void pkey_print_message(const cha
467
468	static void print_result(int alg,int run_no,int count,double time_used)
469	{
470	- BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
471	- : "%d %s's in %.2fs\n",count,names[alg],time_used);
472	+ if (do_cpu)
473	+ cpu_usage[alg][run_no] = calc_cpu();
474	+ BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
475	+ : "%ld %s's in %.2fs\n",count,names[alg],time_used);
476	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
477	}
478
479	@@ -2816,29 +2939,11 @@ static int do_multi(int multi)
480	p=buf+3;
481	alg=atoi(sstrsep(&p,sep));
482	sstrsep(&p,sep);
483	- for(j=0 ; j < SIZE_NUM ; ++j)
484	+ for(j=0 ; j < SIZE_NUM ; ++j) {
485	+ if (do_cpu && strchr(p, '/'))
486	+ cpu_usage[alg][j] = atoi(strchr(p, '/') + 1);
487	results[alg][j]+=atof(sstrsep(&p,sep));
488	}
489	- else if(!strncmp(buf,"+F2:",4))
490	- {
491	- int k;
492	- double d;
493	-
494	- p=buf+4;
495	- k=atoi(sstrsep(&p,sep));
496	- sstrsep(&p,sep);
497	-
498	- d=atof(sstrsep(&p,sep));
499	- if(n)
500	- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
501	- else
502	- rsa_results[k][0]=d;
503	-
504	- d=atof(sstrsep(&p,sep));
505	- if(n)
506	- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
507	- else
508	- rsa_results[k][1]=d;
509	}
510	else if(!strncmp(buf,"+F2:",4))
511	{
512	@@ -2849,12 +2954,18 @@ static int do_multi(int multi)
513	k=atoi(sstrsep(&p,sep));
514	sstrsep(&p,sep);
515
516	+ /* before we move the token along */
517	+ if (do_cpu && strchr(p, '/'))
518	+ rsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
519	d=atof(sstrsep(&p,sep));
520	if(n)
521	rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
522	else
523	rsa_results[k][0]=d;
524
525	+ /* before we move the token along */
526	+ if (do_cpu && strchr(p, '/'))
527	+ rsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
528	d=atof(sstrsep(&p,sep));
529	if(n)
530	rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
531	@@ -2870,12 +2981,18 @@ static int do_multi(int multi)
532	k=atoi(sstrsep(&p,sep));
533	sstrsep(&p,sep);
534
535	+ /* before we move the token along */
536	+ if (do_cpu && strchr(p, '/'))
537	+ dsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
538	d=atof(sstrsep(&p,sep));
539	if(n)
540	dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
541	else
542	dsa_results[k][0]=d;
543
544	+ /* before we move the token along */
545	+ if (do_cpu && strchr(p, '/'))
546	+ dsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
547	d=atof(sstrsep(&p,sep));
548	if(n)
549	dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
550	--- a/crypto/cryptlib.h
551	+++ b/crypto/cryptlib.h
552	@@ -62,7 +62,7 @@
553	#include <stdlib.h>
554	#include <string.h>
555
556	-#include "e_os.h"
557	+#include <openssl/e_os.h>
558
559	#ifdef OPENSSL_USE_APPLINK
560	#define BIO_FLAGS_UPLINK 0x8000
561	--- a/crypto/engine/eng_all.c
562	+++ b/crypto/engine/eng_all.c
563	@@ -113,7 +113,7 @@ void ENGINE_load_builtin_engines(void)
564	#endif
565	}
566
567	-#if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
568	+#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
569	void ENGINE_setup_bsd_cryptodev(void) {
570	static int bsd_cryptodev_default_loaded = 0;
571	if (!bsd_cryptodev_default_loaded) {
572	--- a/crypto/engine/eng_cryptodev.c
573	+++ b/crypto/engine/eng_cryptodev.c
574	@@ -72,6 +72,16 @@ ENGINE_load_cryptodev(void)
575	struct dev_crypto_state {
576	struct session_op d_sess;
577	int d_fd;
578	+
579	+#ifdef USE_CRYPTODEV_DIGESTS
580	+ char dummy_mac_key[20];
581	+
582	+ unsigned char digest_res[20];
583	+ char *mac_data;
584	+ int mac_len;
585	+
586	+ int copy;
587	+#endif
588	};
589
590	static u_int32_t cryptodev_asymfeat = 0;
591	@@ -79,9 +89,6 @@ static u_int32_t cryptodev_asymfeat = 0;
592	static int get_asym_dev_crypto(void);
593	static int open_dev_crypto(void);
594	static int get_dev_crypto(void);
595	-static int cryptodev_max_iv(int cipher);
596	-static int cryptodev_key_length_valid(int cipher, int len);
597	-static int cipher_nid_to_cryptodev(int nid);
598	static int get_cryptodev_ciphers(const int **cnids);
599	/static int get_cryptodev_digests(const int cnids);/
600	static int cryptodev_usable_ciphers(const int **nids);
601	@@ -134,9 +141,12 @@ static struct {
602	int ivmax;
603	int keylen;
604	} ciphers[] = {
605	+ { CRYPTO_ARC4, NID_rc4, 0, 16, },
606	{ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
607	{ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
608	{ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
609	+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
610	+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
611	{ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
612	{ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
613	{ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
614	@@ -147,14 +157,16 @@ static struct {
615	static struct {
616	int id;
617	int nid;
618	+ int keylen;
619	} digests[] = {
620	- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
621	- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
622	- { CRYPTO_MD5_KPDK, NID_undef, },
623	- { CRYPTO_SHA1_KPDK, NID_undef, },
624	- { CRYPTO_MD5, NID_md5, },
625	- { CRYPTO_SHA1, NID_undef, },
626	- { 0, NID_undef, },
627	+ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
628	+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
629	+ { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/?/},
630	+ { CRYPTO_MD5_KPDK, NID_undef, 0},
631	+ { CRYPTO_SHA1_KPDK, NID_undef, 0},
632	+ { CRYPTO_MD5, NID_md5, 16},
633	+ { CRYPTO_SHA1, NID_sha1, 20},
634	+ { 0, NID_undef, 0},
635	};
636	#endif
637
638	@@ -182,10 +194,17 @@ open_dev_crypto(void)
639	static int
640	get_dev_crypto(void)
641	{
642	- int fd, retfd;
643	+ static int fd = -1;
644	+ int retfd;
645
646	- if ((fd = open_dev_crypto()) == -1)
647	- return (-1);
648	+ if (fd == -1) {
649	+ if ((fd = open_dev_crypto()) == -1)
650	+ return (-1);
651	+ if (fcntl(fd, F_SETFD, 1) == -1) {
652	+ close(fd);
653	+ return (-1);
654	+ }
655	+ }
656	if (ioctl(fd, CRIOGET, &retfd) == -1)
657	return (-1);
658
659	@@ -209,50 +228,6 @@ get_asym_dev_crypto(void)
660	}
661
662	/*
663	- * XXXX this needs to be set for each alg - and determined from
664	- * a running card.
665	- */
666	-static int
667	-cryptodev_max_iv(int cipher)
668	-{
669	- int i;
670	-
671	- for (i = 0; ciphers[i].id; i++)
672	- if (ciphers[i].id == cipher)
673	- return (ciphers[i].ivmax);
674	- return (0);
675	-}
676	-
677	-/*
678	- * XXXX this needs to be set for each alg - and determined from
679	- * a running card. For now, fake it out - but most of these
680	- * for real devices should return 1 for the supported key
681	- * sizes the device can handle.
682	- */
683	-static int
684	-cryptodev_key_length_valid(int cipher, int len)
685	-{
686	- int i;
687	-
688	- for (i = 0; ciphers[i].id; i++)
689	- if (ciphers[i].id == cipher)
690	- return (ciphers[i].keylen == len);
691	- return (0);
692	-}
693	-
694	-/* convert libcrypto nids to cryptodev */
695	-static int
696	-cipher_nid_to_cryptodev(int nid)
697	-{
698	- int i;
699	-
700	- for (i = 0; ciphers[i].id; i++)
701	- if (ciphers[i].nid == nid)
702	- return (ciphers[i].id);
703	- return (0);
704	-}
705	-
706	-/*
707	* Find out what ciphers /dev/crypto will let us have a session for.
708	* XXX note, that some of these openssl doesn't deal with yet!
709	* returning them here is harmless, as long as we return NULL
710	@@ -270,7 +245,7 @@ get_cryptodev_ciphers(const int **cnids)
711	return (0);
712	}
713	memset(&sess, 0, sizeof(sess));
714	- sess.key = (caddr_t)"123456781234567812345678";
715	+ sess.key = (caddr_t)"123456789abcdefghijklmno";
716
717	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
718	if (ciphers[i].nid == NID_undef)
719	@@ -310,10 +285,12 @@ get_cryptodev_digests(const int **cnids)
720	return (0);
721	}
722	memset(&sess, 0, sizeof(sess));
723	+ sess.mackey = (caddr_t)"123456789abcdefghijklmno";
724	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
725	if (digests[i].nid == NID_undef)
726	continue;
727	sess.mac = digests[i].id;
728	+ sess.mackeylen = digests[i].keylen;
729	sess.cipher = 0;
730	if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
731	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
732	@@ -360,6 +337,9 @@ cryptodev_usable_ciphers(const int **nid
733	static int
734	cryptodev_usable_digests(const int **nids)
735	{
736	+#ifdef USE_CRYPTODEV_DIGESTS
737	+ return (get_cryptodev_digests(nids));
738	+#else
739	/*
740	* XXXX just disable all digests for now, because it sucks.
741	* we need a better way to decide this - i.e. I may not
742	@@ -374,6 +354,7 @@ cryptodev_usable_digests(const int **nid
743	*/
744	*nids = NULL;
745	return (0);
746	+#endif
747	}
748
749	static int
750	@@ -436,16 +417,20 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
751	{
752	struct dev_crypto_state *state = ctx->cipher_data;
753	struct session_op *sess = &state->d_sess;
754	- int cipher;
755	-
756	- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
757	- return (0);
758	+ int cipher, i;
759
760	- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
761	- return (0);
762	+ for (i = 0; ciphers[i].id; i++)
763	+ if (ctx->cipher->nid == ciphers[i].nid &&
764	+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
765	+ ctx->key_len == ciphers[i].keylen) {
766	+ cipher = ciphers[i].id;
767	+ break;
768	+ }
769
770	- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
771	+ if (!ciphers[i].id) {
772	+ state->d_fd = -1;
773	return (0);
774	+ }
775
776	memset(sess, 0, sizeof(struct session_op));
777
778	@@ -505,6 +490,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
779	* gets called when libcrypto requests a cipher NID.
780	*/
781
782	+/* RC4 */
783	+const EVP_CIPHER cryptodev_rc4 = {
784	+ NID_rc4,
785	+ 1, 16, 0,
786	+ EVP_CIPH_VARIABLE_LENGTH,
787	+ cryptodev_init_key,
788	+ cryptodev_cipher,
789	+ cryptodev_cleanup,
790	+ sizeof(struct dev_crypto_state),
791	+ NULL,
792	+ NULL,
793	+ NULL
794	+};
795	+
796	/* DES CBC EVP */
797	const EVP_CIPHER cryptodev_des_cbc = {
798	NID_des_cbc,
799	@@ -572,6 +571,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
800	NULL
801	};
802
803	+const EVP_CIPHER cryptodev_aes_192_cbc = {
804	+ NID_aes_192_cbc,
805	+ 16, 24, 16,
806	+ EVP_CIPH_CBC_MODE,
807	+ cryptodev_init_key,
808	+ cryptodev_cipher,
809	+ cryptodev_cleanup,
810	+ sizeof(struct dev_crypto_state),
811	+ EVP_CIPHER_set_asn1_iv,
812	+ EVP_CIPHER_get_asn1_iv,
813	+ NULL
814	+};
815	+
816	+const EVP_CIPHER cryptodev_aes_256_cbc = {
817	+ NID_aes_256_cbc,
818	+ 16, 32, 16,
819	+ EVP_CIPH_CBC_MODE,
820	+ cryptodev_init_key,
821	+ cryptodev_cipher,
822	+ cryptodev_cleanup,
823	+ sizeof(struct dev_crypto_state),
824	+ EVP_CIPHER_set_asn1_iv,
825	+ EVP_CIPHER_get_asn1_iv,
826	+ NULL
827	+};
828	+
829	/*
830	* Registered by the ENGINE when used to find out how to deal with
831	* a particular NID in the ENGINE. this says what we'll do at the
832	@@ -585,6 +610,9 @@ cryptodev_engine_ciphers(ENGINE *e, cons
833	return (cryptodev_usable_ciphers(nids));
834
835	switch (nid) {
836	+ case NID_rc4:
837	+ *cipher = &cryptodev_rc4;
838	+ break;
839	case NID_des_ede3_cbc:
840	*cipher = &cryptodev_3des_cbc;
841	break;
842	@@ -600,6 +628,12 @@ cryptodev_engine_ciphers(ENGINE *e, cons
843	case NID_aes_128_cbc:
844	*cipher = &cryptodev_aes_cbc;
845	break;
846	+ case NID_aes_192_cbc:
847	+ *cipher = &cryptodev_aes_192_cbc;
848	+ break;
849	+ case NID_aes_256_cbc:
850	+ *cipher = &cryptodev_aes_256_cbc;
851	+ break;
852	default:
853	*cipher = NULL;
854	break;
855	@@ -607,6 +641,234 @@ cryptodev_engine_ciphers(ENGINE *e, cons
856	return (*cipher != NULL);
857	}
858
859	+
860	+#ifdef USE_CRYPTODEV_DIGESTS
861	+
862	+/* convert digest type to cryptodev */
863	+static int
864	+digest_nid_to_cryptodev(int nid)
865	+{
866	+ int i;
867	+
868	+ for (i = 0; digests[i].id; i++)
869	+ if (digests[i].nid == nid)
870	+ return (digests[i].id);
871	+ return (0);
872	+}
873	+
874	+
875	+static int
876	+digest_key_length(int nid)
877	+{
878	+ int i;
879	+
880	+ for (i = 0; digests[i].id; i++)
881	+ if (digests[i].nid == nid)
882	+ return digests[i].keylen;
883	+ return (0);
884	+}
885	+
886	+
887	+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
888	+{
889	+ struct dev_crypto_state *state = ctx->md_data;
890	+ struct session_op *sess = &state->d_sess;
891	+ int digest;
892	+
893	+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
894	+ fprintf(stderr, "cryptodev_digest_init: Can't get digest \n");
895	+ return (0);
896	+ }
897	+
898	+ memset(state, 0, sizeof(struct dev_crypto_state));
899	+
900	+ if ((state->d_fd = get_dev_crypto()) < 0) {
901	+ fprintf(stderr, "cryptodev_digest_init: Can't get Dev \n");
902	+ return (0);
903	+ }
904	+
905	+ sess->mackey = state->dummy_mac_key;
906	+ sess->mackeylen = digest_key_length(ctx->digest->type);
907	+ sess->mac = digest;
908	+
909	+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
910	+ close(state->d_fd);
911	+ state->d_fd = -1;
912	+ fprintf(stderr, "cryptodev_digest_init: Open session failed\n");
913	+ return (0);
914	+ }
915	+
916	+ return (1);
917	+}
918	+
919	+static int cryptodev_digest_update(EVP_MD_CTX ctx, const void data,
920	+ size_t count)
921	+{
922	+ struct crypt_op cryp;
923	+ struct dev_crypto_state *state = ctx->md_data;
924	+ struct session_op *sess = &state->d_sess;
925	+
926	+ if (!data \|\| state->d_fd < 0) {
927	+ fprintf(stderr, "cryptodev_digest_update: illegal inputs \n");
928	+ return (0);
929	+ }
930	+
931	+ if (!count) {
932	+ return (0);
933	+ }
934	+
935	+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
936	+ /* if application doesn't support one buffer */
937	+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
938	+
939	+ if (!state->mac_data) {
940	+ fprintf(stderr, "cryptodev_digest_update: realloc failed\n");
941	+ return (0);
942	+ }
943	+
944	+ memcpy(state->mac_data + state->mac_len, data, count);
945	+ state->mac_len += count;
946	+
947	+ return (1);
948	+ }
949	+
950	+ memset(&cryp, 0, sizeof(cryp));
951	+
952	+ cryp.ses = sess->ses;
953	+ cryp.flags = 0;
954	+ cryp.len = count;
955	+ cryp.src = (caddr_t) data;
956	+ cryp.dst = NULL;
957	+ cryp.mac = state->digest_res;
958	+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
959	+ fprintf(stderr, "cryptodev_digest_update: digest failed\n");
960	+ return (0);
961	+ }
962	+ return (1);
963	+}
964	+
965	+
966	+static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
967	+{
968	+ struct crypt_op cryp;
969	+ struct dev_crypto_state *state = ctx->md_data;
970	+ struct session_op *sess = &state->d_sess;
971	+
972	+ int ret = 1;
973	+
974	+ if (!md \|\| state->d_fd < 0) {
975	+ fprintf(stderr, "cryptodev_digest_final: illegal input\n");
976	+ return(0);
977	+ }
978	+
979	+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
980	+ /* if application doesn't support one buffer */
981	+ memset(&cryp, 0, sizeof(cryp));
982	+
983	+ cryp.ses = sess->ses;
984	+ cryp.flags = 0;
985	+ cryp.len = state->mac_len;
986	+ cryp.src = state->mac_data;
987	+ cryp.dst = NULL;
988	+ cryp.mac = md;
989	+
990	+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
991	+ fprintf(stderr, "cryptodev_digest_final: digest failed\n");
992	+ return (0);
993	+ }
994	+
995	+ return 1;
996	+ }
997	+
998	+ memcpy(md, state->digest_res, ctx->digest->md_size);
999	+
1000	+ return (ret);
1001	+}
1002	+
1003	+
1004	+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
1005	+{
1006	+ int ret = 1;
1007	+ struct dev_crypto_state *state = ctx->md_data;
1008	+ struct session_op *sess = &state->d_sess;
1009	+
1010	+ if (state->d_fd < 0) {
1011	+ fprintf(stderr, "cryptodev_digest_cleanup: illegal input\n");
1012	+ return (0);
1013	+ }
1014	+
1015	+ if (state->mac_data) {
1016	+ OPENSSL_free(state->mac_data);
1017	+ state->mac_data = NULL;
1018	+ state->mac_len = 0;
1019	+ }
1020	+
1021	+ if (state->copy)
1022	+ return 1;
1023	+
1024	+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1025	+ fprintf(stderr, "cryptodev_digest_cleanup: failed to close session\n");
1026	+ ret = 0;
1027	+ } else {
1028	+ ret = 1;
1029	+ }
1030	+ close(state->d_fd);
1031	+ state->d_fd = -1;
1032	+
1033	+ return (ret);
1034	+}
1035	+
1036	+static int cryptodev_digest_copy(EVP_MD_CTX to,const EVP_MD_CTX from)
1037	+{
1038	+ struct dev_crypto_state *fstate = from->md_data;
1039	+ struct dev_crypto_state *dstate = to->md_data;
1040	+
1041	+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1042	+
1043	+ if (fstate->mac_len != 0) {
1044	+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1045	+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1046	+ }
1047	+
1048	+ dstate->copy = 1;
1049	+
1050	+ return 1;
1051	+}
1052	+
1053	+
1054	+const EVP_MD cryptodev_sha1 = {
1055	+ NID_sha1,
1056	+ NID_undef,
1057	+ SHA_DIGEST_LENGTH,
1058	+ EVP_MD_FLAG_ONESHOT,
1059	+ cryptodev_digest_init,
1060	+ cryptodev_digest_update,
1061	+ cryptodev_digest_final,
1062	+ cryptodev_digest_copy,
1063	+ cryptodev_digest_cleanup,
1064	+ EVP_PKEY_NULL_method,
1065	+ SHA_CBLOCK,
1066	+ sizeof(struct dev_crypto_state),
1067	+};
1068	+
1069	+const EVP_MD cryptodev_md5 = {
1070	+ NID_md5,
1071	+ NID_undef,
1072	+ 16 /* MD5_DIGEST_LENGTH */,
1073	+ EVP_MD_FLAG_ONESHOT,
1074	+ cryptodev_digest_init,
1075	+ cryptodev_digest_update,
1076	+ cryptodev_digest_final,
1077	+ cryptodev_digest_copy,
1078	+ cryptodev_digest_cleanup,
1079	+ EVP_PKEY_NULL_method,
1080	+ 64 /* MD5_CBLOCK */,
1081	+ sizeof(struct dev_crypto_state),
1082	+};
1083	+
1084	+#endif /* USE_CRYPTODEV_DIGESTS */
1085	+
1086	+
1087	static int
1088	cryptodev_engine_digests(ENGINE e, const EVP_MD *digest,
1089	const int **nids, int nid)
1090	@@ -615,10 +877,15 @@ cryptodev_engine_digests(ENGINE *e, cons
1091	return (cryptodev_usable_digests(nids));
1092
1093	switch (nid) {
1094	+#ifdef USE_CRYPTODEV_DIGESTS
1095	case NID_md5:
1096	- digest = NULL; / need to make a clean md5 critter */
1097	+ *digest = &cryptodev_md5;
1098	break;
1099	+ case NID_sha1:
1100	+ *digest = &cryptodev_sha1;
1101	+ break;
1102	default:
1103	+#endif /* USE_CRYPTODEV_DIGESTS */
1104	*digest = NULL;
1105	break;
1106	}
1107	@@ -646,6 +913,7 @@ bn2crparam(const BIGNUM *a, struct crpar
1108	b = malloc(bytes);
1109	if (b == NULL)
1110	return (1);
1111	+ memset(b, 0, bytes);
1112
1113	crp->crp_p = (char *)b;
1114	crp->crp_nbits = bits;
1115	@@ -690,7 +958,7 @@ zapparams(struct crypt_kop *kop)
1116	{
1117	int i;
1118
1119	- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
1120	+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1121	if (kop->crk_param[i].crp_p)
1122	free(kop->crk_param[i].crp_p);
1123	kop->crk_param[i].crp_p = NULL;
1124	@@ -776,7 +1044,6 @@ static int
1125	cryptodev_rsa_nocrt_mod_exp(BIGNUM r0, const BIGNUM I, RSA rsa, BN_CTX ctx)
1126	{
1127	int r;
1128	-
1129	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
1130	return (r);
1131	}
1132	@@ -920,6 +1187,9 @@ cryptodev_dsa_do_sign(const unsigned cha
1133	const DSA_METHOD *meth = DSA_OpenSSL();
1134	BN_free(r);
1135	BN_free(s);
1136	+ fprintf(stderr, "cryptodev_asym: CRK_DSA_SIGN %s failed, "
1137	+ "Running in software\n", errno==kop.crk_status ?
1138	+ "hardware operation" : "asym process");
1139	dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
1140	}
1141	err:
1142	@@ -961,6 +1231,9 @@ cryptodev_dsa_verify(const unsigned char
1143	} else {
1144	const DSA_METHOD *meth = DSA_OpenSSL();
1145
1146	+ fprintf(stderr, "cryptodev_asym: CRK_DSA_VERIFY %s failed, "
1147	+ "Running in software\n", errno==kop.crk_status ?
1148	+ "hardware operation" : "asym process");
1149	dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
1150	}
1151	err:
1152	@@ -994,8 +1267,8 @@ static int
1153	cryptodev_dh_compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
1154	{
1155	struct crypt_kop kop;
1156	- int dhret = 1;
1157	- int fd, keylen;
1158	+ int dhret = -1;
1159	+ int fd, keybits;
1160
1161	if ((fd = get_asym_dev_crypto()) < 0) {
1162	const DH_METHOD *meth = DH_OpenSSL();
1163	@@ -1003,7 +1276,7 @@ cryptodev_dh_compute_key(unsigned char *
1164	return ((meth->compute_key)(key, pub_key, dh));
1165	}
1166
1167	- keylen = BN_num_bits(dh->p);
1168	+ keybits = BN_num_bits(dh->p);
1169
1170	memset(&kop, 0, sizeof kop);
1171	kop.crk_op = CRK_DH_COMPUTE_KEY;
1172	@@ -1018,14 +1291,18 @@ cryptodev_dh_compute_key(unsigned char *
1173	kop.crk_iparams = 3;
1174
1175	kop.crk_param[3].crp_p = (char *)key;
1176	- kop.crk_param[3].crp_nbits = keylen * 8;
1177	+ kop.crk_param[3].crp_nbits = keybits;
1178	kop.crk_oparams = 1;
1179
1180	if (ioctl(fd, CIOCKEY, &kop) == -1) {
1181	const DH_METHOD *meth = DH_OpenSSL();
1182
1183	+ fprintf(stderr, "cryptodev_asym: CRK_DH_COMPUTE_KEY %s failed, "
1184	+ "Running in software\n", errno==kop.crk_status ?
1185	+ "hardware operation" : "asym process");
1186	dhret = (meth->compute_key)(key, pub_key, dh);
1187	- }
1188	+ } else
1189	+ dhret = (keybits + 7) / 8;
1190	err:
1191	kop.crk_param[3].crp_p = NULL;
1192	zapparams(&kop);
1193	--- a/crypto/engine/engine.h
1194	+++ b/crypto/engine/engine.h
1195	@@ -705,7 +705,7 @@ typedef int (*dynamic_bind_engine)(ENGIN
1196	* values. */
1197	void *ENGINE_get_static_state(void);
1198
1199	-#if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
1200	+#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
1201	void ENGINE_setup_bsd_cryptodev(void);
1202	#endif
1203
1204	--- a/crypto/evp/c_all.c
1205	+++ b/crypto/evp/c_all.c
1206	@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(v
1207	OpenSSL_add_all_ciphers();
1208	OpenSSL_add_all_digests();
1209	#ifndef OPENSSL_NO_ENGINE
1210	-# if defined(__OpenBSD__) \|\| defined(__FreeBSD__)
1211	+# if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)
1212	ENGINE_setup_bsd_cryptodev();
1213	# endif
1214	#endif
1215	--- a/crypto/evp/c_alld.c
1216	+++ b/crypto/evp/c_alld.c
1217	@@ -78,7 +78,7 @@ void OpenSSL_add_all_digests(void)
1218	EVP_add_digest(EVP_dss());
1219	#endif
1220	#endif
1221	-#ifndef OPENSSL_NO_SHA
1222	+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
1223	EVP_add_digest(EVP_sha1());
1224	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
1225	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
1226	--- a/engines/Makefile
1227	+++ b/engines/Makefile
1228	@@ -97,6 +97,7 @@ install:
1229	( echo installing $$l; \
1230	if [ "$(PLATFORM)" != "Cygwin" ]; then \
1231	case "$(CFLAGS)" in \
1232	+ OPENSSL_NO_HW) continue;; \
1233	DSO_DLFCN) sfx="so";; \
1234	DSO_DL) sfx="sl";; \
1235	*) sfx="bad";; \
1236

Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl

OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/package/openssl/patches/200-ocf-20100325.patch

interactive