Root/package/openssl/patches/200-ocf-20080917.patch

1--- a/Configure
2+++ b/Configure
3@@ -36,6 +36,8 @@ my $usage="Usage: Configure [no-<cipher>
4 # (Default: KRB5_DIR/include)
5 # --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
6 # supported values are "MIT" and "Heimdal". A value is required.
7+# --with-cryptodev Force support for cryptodev (ie., ocf-linux)
8+# --with-cryptodev-digests Force support for cryptodev digests (generally slow)
9 #
10 # --test-sanity Make a number of sanity checks on the data in this file.
11 # This is a debugging tool for OpenSSL developers.
12@@ -554,6 +556,9 @@ my %table=(
13 ##### Compaq Non-Stop Kernel (Tandem)
14 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
15 
16+# uClinux
17+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG::::::::::::\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}",
18+
19 );
20 
21 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
22@@ -610,6 +615,8 @@ my $montasm=1; # but "no-montasm" is d
23 my $no_asm=0;
24 my $no_dso=0;
25 my $no_gmp=0;
26+my $have_cryptodev=0;
27+my $use_cryptodev_digests=0;
28 my @skip=();
29 my $Makefile="Makefile";
30 my $des_locl="crypto/des/des_locl.h";
31@@ -762,6 +769,14 @@ PROCESS_ARGS:
32             {
33             $strict_warnings = 1;
34             }
35+ elsif (/^--with-cryptodev$/)
36+ {
37+ $have_cryptodev = 1;
38+ }
39+ elsif (/^--with-cryptodev-digests$/)
40+ {
41+ $use_cryptodev_digests = 1;
42+ }
43         elsif (/^reconfigure/ || /^reconf/)
44             {
45             if (open(IN,"<$Makefile"))
46@@ -1055,6 +1070,7 @@ foreach (sort (keys %disabled))
47             print " OPENSSL_NO_$ALGO";
48         
49             if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
50+ elsif (/^hw$/) { $flags .= "-DOPENSSL_NO_HW "; }
51             elsif (/^asm$/) { $no_asm = 1; }
52             }
53         else
54@@ -1184,6 +1200,16 @@ if (!$no_krb5)
55            $withargs{"krb5-dir"} ne "";
56     }
57 
58+# enable the linux cryptodev (ocf-linux) support
59+if ($have_cryptodev)
60+ {
61+ if ($use_cryptodev_digests)
62+ {
63+ $cflags = "-DUSE_CRYPTODEV_DIGESTS $cflags";
64+ }
65+ $cflags = "-DHAVE_CRYPTODEV $cflags";
66+ }
67+
68 # The DSO code currently always implements all functions so that no
69 # applications will have to worry about that from a compilation point
70 # of view. However, the "method"s may return zero unless that platform
71--- a/INSTALL
72+++ b/INSTALL
73@@ -103,6 +103,12 @@
74                 define preprocessor symbols, specify additional libraries,
75                 library directories or other compiler options.
76 
77+ --with-cryptodev Enabled the BSD cryptodev engine even if we are not using
78+ BSD. Useful if you are running ocf-linux or something
79+ similar. Once enabled you can also enable the use of
80+ cryptodev digests, with is usually slower unless you have
81+ large amounts data. Use --with-cryptodev-digests to force
82+ it.
83 
84  Installation in Detail
85  ----------------------
86--- a/Makefile.org
87+++ b/Makefile.org
88@@ -504,7 +504,7 @@ files:
89 
90 links:
91     @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
92- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
93+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(HEADER) $(EXHEADER)
94     @set -e; target=links; $(RECURSIVE_BUILD_CMD)
95     @if [ -z "$(FIPSCANLIB)" ]; then \
96         set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
97--- a/Makefile.shared
98+++ b/Makefile.shared
99@@ -6,13 +6,13 @@
100 # properly
101 
102 # CC contains the current compiler. This one MUST be defined
103-CC=cc
104-CFLAGS=$(CFLAG)
105+CC?=cc
106+CFLAGS?=$(CFLAG)
107 # LDFLAGS contains flags to be used when temporary object files (when building
108 # shared libraries) are created, or when an application is linked.
109 # SHARED_LDFLAGS contains flags to be used when the shared library is created.
110-LDFLAGS=
111-SHARED_LDFLAGS=
112+LDFLAGS?=
113+SHARED_LDFLAGS?=
114 
115 # LIBNAME contains just the name of the library, without prefix ("lib"
116 # on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
117--- a/config
118+++ b/config
119@@ -270,7 +270,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
120         echo "ppc-apple-darwin${VERSION}"
121         ;;
122         *)
123- echo "i386-apple-darwin${VERSION}"
124+ echo "${MACHINE}-apple-darwin${VERSION}"
125         ;;
126     esac
127     exit 0
128@@ -399,7 +399,8 @@ exit 0
129 # this is where the translation occurs into SSLeay terms
130 # ---------------------------------------------------------------------------
131 
132-GCCVER=`(gcc -dumpversion) 2>/dev/null`
133+CC="${CC:-gcc}"
134+GCCVER=`(${CC} -dumpversion) 2>/dev/null`
135 if [ "$GCCVER" != "" ]; then
136   # then strip off whatever prefix egcs prepends the number with...
137   # Hopefully, this will work for any future prefixes as well.
138@@ -409,6 +410,8 @@ if [ "$GCCVER" != "" ]; then
139   # major and minor version numbers.
140   # peak single digit before and after first dot, e.g. 2.95.1 gives 29
141   GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
142+else
143+ CC="${CC:-cc}"
144 fi
145 
146 # Only set CC if not supplied already
147@@ -488,6 +491,9 @@ echo Operating system: $GUESSOS
148 # script above so we end up with values in vars but that would take
149 # more time that I want to waste at the moment
150 case "$GUESSOS" in
151+ uClinux*)
152+ OUT=uClinux-dist
153+ ;;
154   mips2-sgi-irix)
155     CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
156     CPU=${CPU:-0}
157--- /dev/null
158+++ b/makefile-uclinuxdist
159@@ -0,0 +1,138 @@
160+#
161+# this makefile gets recursed through by various bits of the build
162+# so we need to only setup some things when invoked from outside
163+# this directory.
164+#
165+# davidm@snapgear.com
166+#
167+
168+IN_LIBSSL := true
169+export IN_LIBSSL
170+
171+CONFIG_OPTS := --prefix=// --install_prefix=$(shell pwd)/build/install
172+
173+ifdef CONFIG_USER_FLATFSD_FLATFSD
174+CONFIG_OPTS += --openssldir=/etc/config
175+else
176+CONFIG_OPTS += --openssldir=/etc
177+endif
178+ifdef DISABLE_SHARED_SSL
179+CONFIG_OPTS += no-shared
180+else
181+CONFIG_OPTS += shared
182+endif
183+
184+CONFIG_OPTS += no-rc2
185+CONFIG_OPTS += no-krb5
186+CONFIG_OPTS += no-rc5
187+CONFIG_OPTS += no-md2
188+CONFIG_OPTS += no-idea
189+#CONFIG_OPTS += no-pem
190+#CONFIG_OPTS += no-md5
191+#CONFIG_OPTS += no-sha
192+#CONFIG_OPTS += no-hmac
193+#CONFIG_OPTS += no-des
194+#CONFIG_OPTS += no-aes
195+#CONFIG_OPTS += no-bn
196+CONFIG_OPTS += no-ec
197+#CONFIG_OPTS += no-rsa
198+#CONFIG_OPTS += no-dsa
199+CONFIG_OPTS += no-ecdsa
200+#CONFIG_OPTS += no-dh
201+CONFIG_OPTS += no-ecdh
202+CONFIG_OPTS += no-dso
203+#CONFIG_OPTS += no-engine
204+#CONFIG_OPTS += no-buffer
205+#CONFIG_OPTS += no-bio
206+#CONFIG_OPTS += no-stack
207+#CONFIG_OPTS += no-lhash
208+#CONFIG_OPTS += no-rand
209+CONFIG_OPTS += no-err
210+#CONFIG_OPTS += no-evp
211+#CONFIG_OPTS += no-asn1
212+#CONFIG_OPTS += no-x509
213+#CONFIG_OPTS += no-x509v3
214+#CONFIG_OPTS += no-txt_db
215+#CONFIG_OPTS += no-pkcs7
216+#CONFIG_OPTS += no-pkcs12
217+#CONFIG_OPTS += no-comp
218+#CONFIG_OPTS += no-ocsp
219+#CONFIG_OPTS += no-ui
220+#CONFIG_OPTS += no-store
221+CONFIG_OPTS += no-pqueue
222+
223+# REVISIT: It would be better to have OPENSSL config options
224+# which turn on this support as needed
225+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH),)
226+CONFIG_OPTS += no-ripemd
227+CONFIG_OPTS += no-cast
228+CONFIG_OPTS += no-rc4
229+endif
230+
231+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH)$(CONFIG_PROP_SSCEP_SSCEP),)
232+CONFIG_OPTS += no-bf
233+endif
234+
235+ifeq ($(CONFIG_USER_OPENVPN_OPENVPN)$(CONFIG_USER_WGET),)
236+CONFIG_OPTS += no-md4
237+endif
238+
239+ifdef CONFIG_OCF_OCF
240+CONFIG_OPTS += --with-cryptodev
241+#CONFIG_OPTS += --with-cryptodev-digests
242+endif
243+
244+#
245+# if you want engines (they are dl loaded), a few things
246+# need to be setup, you will also need to mod everything
247+# to link against -ldl if it uses libcrypto. By default we
248+# disable it (cryptodev suport is still included).
249+#
250+ifdef YOU_WANT_DYNAMIC_HW_ENGINES_ENABLED
251+LIBSSL_dlfcn = dlfcn
252+else
253+CONFIG_OPTS += no-hw
254+LIBSSL_dlfcn =
255+endif
256+
257+#
258+# our libs aren't in the default location yet
259+#
260+LDFLAGS += -L$(ROOTDIR)/lib/libssl/build
261+export LDFLAGS
262+
263+all: build/configured
264+ $(MAKE) -C build
265+ $(MAKE) -C build install_sw
266+
267+build/configured: makefile config Configure
268+ rm -rf build
269+ find . -type d > .dirs
270+ find . ! -type d | grep -v ./makefile > .files
271+ while read t; do mkdir -p build/$$t; done < .dirs
272+ while read t; do ln -s `pwd`/$$t build/$$t; done < .files
273+ rm -f .dirs .files
274+ chmod +x build/config
275+ cd build; MACHINE=uClinux-dist ./config $(CONFIG_OPTS)
276+ $(MAKE) -C build depend
277+ $(MAKE) -C build links
278+ touch build/configured
279+
280+clean:
281+ -rm -rf build
282+
283+romfs:
284+ cd build/install/lib; \
285+ for i in *.so*; do \
286+ if [ -L $$i ]; then \
287+ $(ROMFSINST) -s `find $$i -printf %l` /lib/$$i; \
288+ elif [ -f $$i ]; then \
289+ $(ROMFSINST) /lib/$$i; \
290+ fi; \
291+ done
292+
293+romfs_user:
294+ $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/openssl /bin/openssl
295+ # $(ROMFSINST) -e CONFIG_USER_OPENSSL_APPS build/install/bin/c_rehash /bin/c_rehash
296+
297+
298--- a/apps/apps.h
299+++ b/apps/apps.h
300@@ -112,7 +112,7 @@
301 #ifndef HEADER_APPS_H
302 #define HEADER_APPS_H
303 
304-#include "e_os.h"
305+#include <openssl/e_os.h>
306 
307 #include <openssl/bio.h>
308 #include <openssl/x509.h>
309--- a/apps/progs.h
310+++ b/apps/progs.h
311@@ -129,7 +129,9 @@ FUNCTION functions[] = {
312 #ifndef OPENSSL_NO_ENGINE
313     {FUNC_TYPE_GENERAL,"engine",engine_main},
314 #endif
315+#ifndef OPENSSL_NO_OCSP
316     {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
317+#endif
318     {FUNC_TYPE_GENERAL,"prime",prime_main},
319 #ifndef OPENSSL_NO_MD2
320     {FUNC_TYPE_MD,"md2",dgst_main},
321--- a/apps/speed.c
322+++ b/apps/speed.c
323@@ -296,7 +296,7 @@ static const char *names[ALGOR_NUM]={
324   "evp","sha256","sha512",
325   "aes-128 ige","aes-192 ige","aes-256 ige"};
326 static double results[ALGOR_NUM][SIZE_NUM];
327-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
328+static int lengths[SIZE_NUM]={16,64,256,1024,2*1024,4*1024};
329 #ifndef OPENSSL_NO_RSA
330 static double rsa_results[RSA_NUM][2];
331 #endif
332@@ -336,6 +336,79 @@ static SIGRETTYPE sig_done(int sig)
333 #define START 0
334 #define STOP 1
335 
336+#ifdef __linux__
337+/*
338+ * record CPU usage as well
339+ */
340+
341+static int do_cpu = 0;
342+
343+struct cpu_stat {
344+ unsigned int user;
345+ unsigned int nice;
346+ unsigned int system;
347+ unsigned int idle;
348+ unsigned int total;
349+};
350+
351+static unsigned int cpu_usage[ALGOR_NUM][SIZE_NUM];
352+static unsigned int rsa_cpu_usage[RSA_NUM][2];
353+static unsigned int dsa_cpu_usage[DSA_NUM][2];
354+static struct cpu_stat cpu_start, cpu_finish;
355+
356+static void
357+get_cpu(int s)
358+{
359+ FILE *fp = NULL;
360+ unsigned char buf[80];
361+ struct cpu_stat *st = s == START ? &cpu_start : &cpu_finish;
362+
363+ memset(st, 0, sizeof(*st));
364+
365+ if (fp == NULL)
366+ fp = fopen("/proc/stat", "r");
367+ if (!fp)
368+ return;
369+ if (fseek(fp, 0, SEEK_SET) == -1) {
370+ fclose(fp);
371+ return;
372+ }
373+ fscanf(fp, "%s %d %d %d %d", &buf[0], &st->user, &st->nice,
374+ &st->system, &st->idle);
375+ st->total = st->user + st->nice + st->system + st->idle;
376+ fclose(fp);
377+}
378+
379+static unsigned int
380+calc_cpu()
381+{
382+ unsigned int total, res;
383+
384+ total = cpu_finish.total - cpu_start.total;
385+ if (total <= 0)
386+ return 0;
387+#if 1 // busy
388+ res = ((cpu_finish.system + cpu_finish.user + cpu_finish.nice) -
389+ (cpu_start.system + cpu_start.user + cpu_start.nice)) *
390+ 100 / total;
391+#endif
392+#if 0 // system
393+ res = (cpu_finish.system - cpu_start.system) * 100 / total;
394+#endif
395+#if 0 // user
396+ res = (cpu_finish.user - cpu_start.user) * 100 / total;
397+#endif
398+#if 0 // nice
399+ res = (cpu_finish.nice - cpu_start.nice) * 100 / total;
400+#endif
401+#if 0 // idle
402+ res = (cpu_finish.idle - cpu_start.idle) * 100 / total;
403+#endif
404+ return(res);
405+}
406+
407+#endif
408+
409 #if defined(OPENSSL_SYS_NETWARE)
410 
411    /* for NetWare the best we can do is use clock() which returns the
412@@ -366,6 +439,11 @@ static double Time_F(int s)
413     {
414     double ret;
415 
416+#ifdef __linux__
417+ if (do_cpu)
418+ get_cpu(s);
419+#endif
420+
421 #ifdef USE_TOD
422     if(usertime)
423         {
424@@ -840,6 +918,14 @@ int MAIN(int argc, char **argv)
425             j--; /* Otherwise, -elapsed gets confused with
426                    an algorithm. */
427             }
428+#ifdef __linux__
429+ else if ((argc > 0) && (strcmp(*argv,"-cpu") == 0))
430+ {
431+ do_cpu = 1;
432+ j--; /* Otherwise, -cpu gets confused with
433+ an algorithm. */
434+ }
435+#endif
436         else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
437             {
438             argc--;
439@@ -1268,6 +1354,9 @@ int MAIN(int argc, char **argv)
440 #ifndef NO_FORK
441             BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
442 #endif
443+#ifdef __linux__
444+ BIO_printf(bio_err,"-cpu calculate cpu utilisation.\n");
445+#endif
446             goto end;
447             }
448         argc--;
449@@ -1275,11 +1364,6 @@ int MAIN(int argc, char **argv)
450         j++;
451         }
452 
453-#ifndef NO_FORK
454- if(multi && do_multi(multi))
455- goto show_res;
456-#endif
457-
458     if (j == 0)
459         {
460         for (i=0; i<ALGOR_NUM; i++)
461@@ -1612,6 +1696,11 @@ int MAIN(int argc, char **argv)
462     signal(SIGALRM,sig_done);
463 #endif /* SIGALRM */
464 
465+#ifdef HAVE_FORK /* DM */
466+ if(multi && do_multi(multi))
467+ goto show_res;
468+#endif
469+
470 #ifndef OPENSSL_NO_MD2
471     if (doit[D_MD2])
472         {
473@@ -2041,8 +2130,6 @@ int MAIN(int argc, char **argv)
474                 /* -O3 -fschedule-insns messes up an
475                  * optimization here! names[D_EVP]
476                  * somehow becomes NULL */
477- print_message(names[D_EVP],save_count,
478- lengths[j]);
479 
480                 EVP_CIPHER_CTX_init(&ctx);
481                 if(decrypt)
482@@ -2051,6 +2138,9 @@ int MAIN(int argc, char **argv)
483                     EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
484                 EVP_CIPHER_CTX_set_padding(&ctx, 0);
485 
486+ print_message(names[D_EVP],save_count,
487+ lengths[j]);
488+
489                 Time_F(START);
490                 if(decrypt)
491                     for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
492@@ -2115,6 +2205,8 @@ int MAIN(int argc, char **argv)
493                     }
494                 }
495             d=Time_F(STOP);
496+ if (do_cpu)
497+ rsa_cpu_usage[j][0] = calc_cpu();
498             BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
499                    : "%ld %d bit private RSA's in %.2fs\n",
500                    count,rsa_bits[j],d);
501@@ -2150,6 +2242,8 @@ int MAIN(int argc, char **argv)
502                     }
503                 }
504             d=Time_F(STOP);
505+ if (do_cpu)
506+ rsa_cpu_usage[j][1] = calc_cpu();
507             BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
508                    : "%ld %d bit public RSA's in %.2fs\n",
509                    count,rsa_bits[j],d);
510@@ -2209,6 +2303,8 @@ int MAIN(int argc, char **argv)
511                     }
512                 }
513             d=Time_F(STOP);
514+ if (do_cpu)
515+ dsa_cpu_usage[j][0] = calc_cpu();
516             BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
517                    : "%ld %d bit DSA signs in %.2fs\n",
518                    count,dsa_bits[j],d);
519@@ -2244,6 +2340,8 @@ int MAIN(int argc, char **argv)
520                     }
521                 }
522             d=Time_F(STOP);
523+ if (do_cpu)
524+ dsa_cpu_usage[j][1] = calc_cpu();
525             BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
526                    : "%ld %d bit DSA verify in %.2fs\n",
527                    count,dsa_bits[j],d);
528@@ -2538,14 +2636,23 @@ show_res:
529             fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
530             fprintf(stdout,"type ");
531             }
532- for (j=0; j<SIZE_NUM; j++)
533+ for (j=0; j<SIZE_NUM; j++) {
534             fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
535+ if (do_cpu && !mr)
536+ fprintf(stdout, " /cpu");
537+ }
538         fprintf(stdout,"\n");
539         }
540 
541     for (k=0; k<ALGOR_NUM; k++)
542         {
543         if (!doit[k]) continue;
544+ if (k == D_EVP) {
545+ if (evp_cipher)
546+ names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
547+ else
548+ names[D_EVP]=OBJ_nid2ln(evp_md->type);
549+ }
550         if(mr)
551             fprintf(stdout,"+F:%d:%s",k,names[k]);
552         else
553@@ -2556,6 +2663,8 @@ show_res:
554                 fprintf(stdout," %11.2fk",results[k][j]/1e3);
555             else
556                 fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
557+ if (do_cpu)
558+ fprintf(stdout, mr ? "/%d" : "/%%%-3d", cpu_usage[k][j]);
559             }
560         fprintf(stdout,"\n");
561         }
562@@ -2570,13 +2679,18 @@ show_res:
563             j=0;
564             }
565         if(mr)
566- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
567- k,rsa_bits[k],rsa_results[k][0],
568- rsa_results[k][1]);
569- else
570- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
571- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
572- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
573+ fprintf(stdout,"+F2:%u:%u:%f", k,rsa_bits[k],rsa_results[k][0]);
574+ else
575+ fprintf(stdout,"rsa %4u bits %8.6fs",rsa_bits[k],rsa_results[k][0]);
576+ if (do_cpu)
577+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][0]);
578+ fprintf(stdout, mr ? ":%f" : " %8.6fs", rsa_results[k][1]);
579+ if (do_cpu)
580+ fprintf(stdout, mr ? "/%d": "/%%%-3d", rsa_cpu_usage[k][1]);
581+ if(!mr)
582+ fprintf(stdout, " %8.1f %8.1f",
583+ 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
584+ fprintf(stdout, "\n");
585         }
586 #endif
587 #ifndef OPENSSL_NO_DSA
588@@ -2590,12 +2704,18 @@ show_res:
589             j=0;
590             }
591         if(mr)
592- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
593- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
594+ fprintf(stdout,"+F3:%u:%u:%f", k,dsa_bits[k],dsa_results[k][0]);
595         else
596- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
597- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
598- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
599+ fprintf(stdout,"dsa %4u bits %8.6fs",dsa_bits[k],dsa_results[k][0]);
600+ if (do_cpu)
601+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][0]);
602+ fprintf(stdout, mr ? ":%f" : " %8.6fs", dsa_results[k][1]);
603+ if (do_cpu)
604+ fprintf(stdout, mr ? "/%d": "/%%%-3d", dsa_cpu_usage[k][1]);
605+ if(!mr)
606+ fprintf(stdout, " %8.1f %8.1f",
607+ 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
608+ fprintf(stdout, "\n");
609         }
610 #endif
611 #ifndef OPENSSL_NO_ECDSA
612@@ -2720,8 +2840,10 @@ static void pkey_print_message(const cha
613 
614 static void print_result(int alg,int run_no,int count,double time_used)
615     {
616- BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
617- : "%d %s's in %.2fs\n",count,names[alg],time_used);
618+ if (do_cpu)
619+ cpu_usage[alg][run_no] = calc_cpu();
620+ BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
621+ : "%ld %s's in %.2fs\n",count,names[alg],time_used);
622     results[alg][run_no]=((double)count)/time_used*lengths[run_no];
623     }
624 
625@@ -2816,29 +2938,11 @@ static int do_multi(int multi)
626                 p=buf+3;
627                 alg=atoi(sstrsep(&p,sep));
628                 sstrsep(&p,sep);
629- for(j=0 ; j < SIZE_NUM ; ++j)
630+ for(j=0 ; j < SIZE_NUM ; ++j) {
631+ if (do_cpu && strchr(p, '/'))
632+ cpu_usage[alg][j] = atoi(strchr(p, '/') + 1);
633                     results[alg][j]+=atof(sstrsep(&p,sep));
634                 }
635- else if(!strncmp(buf,"+F2:",4))
636- {
637- int k;
638- double d;
639-
640- p=buf+4;
641- k=atoi(sstrsep(&p,sep));
642- sstrsep(&p,sep);
643-
644- d=atof(sstrsep(&p,sep));
645- if(n)
646- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
647- else
648- rsa_results[k][0]=d;
649-
650- d=atof(sstrsep(&p,sep));
651- if(n)
652- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
653- else
654- rsa_results[k][1]=d;
655                 }
656             else if(!strncmp(buf,"+F2:",4))
657                 {
658@@ -2849,12 +2953,18 @@ static int do_multi(int multi)
659                 k=atoi(sstrsep(&p,sep));
660                 sstrsep(&p,sep);
661 
662+ /* before we move the token along */
663+ if (do_cpu && strchr(p, '/'))
664+ rsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
665                 d=atof(sstrsep(&p,sep));
666                 if(n)
667                     rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
668                 else
669                     rsa_results[k][0]=d;
670 
671+ /* before we move the token along */
672+ if (do_cpu && strchr(p, '/'))
673+ rsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
674                 d=atof(sstrsep(&p,sep));
675                 if(n)
676                     rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
677@@ -2870,12 +2980,18 @@ static int do_multi(int multi)
678                 k=atoi(sstrsep(&p,sep));
679                 sstrsep(&p,sep);
680 
681+ /* before we move the token along */
682+ if (do_cpu && strchr(p, '/'))
683+ dsa_cpu_usage[k][0] = atoi(strchr(p, '/') + 1);
684                 d=atof(sstrsep(&p,sep));
685                 if(n)
686                     dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
687                 else
688                     dsa_results[k][0]=d;
689 
690+ /* before we move the token along */
691+ if (do_cpu && strchr(p, '/'))
692+ dsa_cpu_usage[k][1] = atoi(strchr(p, '/') + 1);
693                 d=atof(sstrsep(&p,sep));
694                 if(n)
695                     dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
696--- a/crypto/cryptlib.h
697+++ b/crypto/cryptlib.h
698@@ -62,7 +62,7 @@
699 #include <stdlib.h>
700 #include <string.h>
701 
702-#include "e_os.h"
703+#include <openssl/e_os.h>
704 
705 #ifdef OPENSSL_USE_APPLINK
706 #define BIO_FLAGS_UPLINK 0x8000
707--- a/crypto/engine/eng_all.c
708+++ b/crypto/engine/eng_all.c
709@@ -104,7 +104,7 @@ void ENGINE_load_builtin_engines(void)
710 #endif
711 #endif
712 #ifndef OPENSSL_NO_HW
713-#if defined(__OpenBSD__) || defined(__FreeBSD__)
714+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
715     ENGINE_load_cryptodev();
716 #endif
717 #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
718@@ -113,7 +113,7 @@ void ENGINE_load_builtin_engines(void)
719 #endif
720     }
721 
722-#if defined(__OpenBSD__) || defined(__FreeBSD__)
723+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
724 void ENGINE_setup_bsd_cryptodev(void) {
725     static int bsd_cryptodev_default_loaded = 0;
726     if (!bsd_cryptodev_default_loaded) {
727--- a/crypto/engine/eng_cryptodev.c
728+++ b/crypto/engine/eng_cryptodev.c
729@@ -72,6 +72,16 @@ ENGINE_load_cryptodev(void)
730 struct dev_crypto_state {
731     struct session_op d_sess;
732     int d_fd;
733+
734+#ifdef USE_CRYPTODEV_DIGESTS
735+ char dummy_mac_key[20];
736+
737+ unsigned char digest_res[20];
738+ char *mac_data;
739+ int mac_len;
740+
741+ int copy;
742+#endif
743 };
744 
745 static u_int32_t cryptodev_asymfeat = 0;
746@@ -79,9 +89,11 @@ static u_int32_t cryptodev_asymfeat = 0;
747 static int get_asym_dev_crypto(void);
748 static int open_dev_crypto(void);
749 static int get_dev_crypto(void);
750+#if 0
751 static int cryptodev_max_iv(int cipher);
752 static int cryptodev_key_length_valid(int cipher, int len);
753 static int cipher_nid_to_cryptodev(int nid);
754+#endif
755 static int get_cryptodev_ciphers(const int **cnids);
756 /*static int get_cryptodev_digests(const int **cnids);*/
757 static int cryptodev_usable_ciphers(const int **nids);
758@@ -134,9 +146,12 @@ static struct {
759     int ivmax;
760     int keylen;
761 } ciphers[] = {
762+ { CRYPTO_ARC4, NID_rc4, 0, 16, },
763     { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
764     { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
765     { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
766+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
767+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
768     { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
769     { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
770     { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
771@@ -147,14 +162,15 @@ static struct {
772 static struct {
773     int id;
774     int nid;
775+ int keylen;
776 } digests[] = {
777- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
778- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
779- { CRYPTO_MD5_KPDK, NID_undef, },
780- { CRYPTO_SHA1_KPDK, NID_undef, },
781- { CRYPTO_MD5, NID_md5, },
782- { CRYPTO_SHA1, NID_undef, },
783- { 0, NID_undef, },
784+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
785+ { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
786+ { CRYPTO_MD5_KPDK, NID_undef, 0},
787+ { CRYPTO_SHA1_KPDK, NID_undef, 0},
788+ { CRYPTO_MD5, NID_md5, 16},
789+ { CRYPTO_SHA1, NID_sha1, 20},
790+ { 0, NID_undef, 0},
791 };
792 #endif
793 
794@@ -182,10 +198,17 @@ open_dev_crypto(void)
795 static int
796 get_dev_crypto(void)
797 {
798- int fd, retfd;
799+ static int fd = -1;
800+ int retfd;
801 
802- if ((fd = open_dev_crypto()) == -1)
803- return (-1);
804+ if (fd == -1) {
805+ if ((fd = open_dev_crypto()) == -1)
806+ return (-1);
807+ if (fcntl(fd, F_SETFD, 1) == -1) {
808+ close(fd);
809+ return (-1);
810+ }
811+ }
812     if (ioctl(fd, CRIOGET, &retfd) == -1)
813         return (-1);
814 
815@@ -208,6 +231,7 @@ get_asym_dev_crypto(void)
816     return fd;
817 }
818 
819+#if 0
820 /*
821  * XXXX this needs to be set for each alg - and determined from
822  * a running card.
823@@ -251,6 +275,7 @@ cipher_nid_to_cryptodev(int nid)
824             return (ciphers[i].id);
825     return (0);
826 }
827+#endif
828 
829 /*
830  * Find out what ciphers /dev/crypto will let us have a session for.
831@@ -270,7 +295,7 @@ get_cryptodev_ciphers(const int **cnids)
832         return (0);
833     }
834     memset(&sess, 0, sizeof(sess));
835- sess.key = (caddr_t)"123456781234567812345678";
836+ sess.key = (caddr_t)"123456789abcdefghijklmno";
837 
838     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
839         if (ciphers[i].nid == NID_undef)
840@@ -310,10 +335,12 @@ get_cryptodev_digests(const int **cnids)
841         return (0);
842     }
843     memset(&sess, 0, sizeof(sess));
844+ sess.mackey = (caddr_t)"123456789abcdefghijklmno";
845     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
846         if (digests[i].nid == NID_undef)
847             continue;
848         sess.mac = digests[i].id;
849+ sess.mackeylen = digests[i].keylen;
850         sess.cipher = 0;
851         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
852             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
853@@ -360,6 +387,9 @@ cryptodev_usable_ciphers(const int **nid
854 static int
855 cryptodev_usable_digests(const int **nids)
856 {
857+#ifdef USE_CRYPTODEV_DIGESTS
858+ return (get_cryptodev_digests(nids));
859+#else
860     /*
861      * XXXX just disable all digests for now, because it sucks.
862      * we need a better way to decide this - i.e. I may not
863@@ -374,6 +404,7 @@ cryptodev_usable_digests(const int **nid
864      */
865     *nids = NULL;
866     return (0);
867+#endif
868 }
869 
870 static int
871@@ -436,16 +467,20 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx,
872 {
873     struct dev_crypto_state *state = ctx->cipher_data;
874     struct session_op *sess = &state->d_sess;
875- int cipher;
876+ int cipher, i;
877 
878- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
879- return (0);
880-
881- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
882- return (0);
883+ for (i = 0; ciphers[i].id; i++)
884+ if (ctx->cipher->nid == ciphers[i].nid &&
885+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
886+ ctx->key_len == ciphers[i].keylen) {
887+ cipher = ciphers[i].id;
888+ break;
889+ }
890 
891- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
892+ if (!ciphers[i].id) {
893+ state->d_fd = -1;
894         return (0);
895+ }
896 
897     memset(sess, 0, sizeof(struct session_op));
898 
899@@ -505,6 +540,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
900  * gets called when libcrypto requests a cipher NID.
901  */
902 
903+/* RC4 */
904+const EVP_CIPHER cryptodev_rc4 = {
905+ NID_rc4,
906+ 1, 16, 0,
907+ EVP_CIPH_VARIABLE_LENGTH,
908+ cryptodev_init_key,
909+ cryptodev_cipher,
910+ cryptodev_cleanup,
911+ sizeof(struct dev_crypto_state),
912+ NULL,
913+ NULL,
914+ NULL
915+};
916+
917 /* DES CBC EVP */
918 const EVP_CIPHER cryptodev_des_cbc = {
919     NID_des_cbc,
920@@ -572,6 +621,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
921     NULL
922 };
923 
924+const EVP_CIPHER cryptodev_aes_192_cbc = {
925+ NID_aes_192_cbc,
926+ 16, 24, 16,
927+ EVP_CIPH_CBC_MODE,
928+ cryptodev_init_key,
929+ cryptodev_cipher,
930+ cryptodev_cleanup,
931+ sizeof(struct dev_crypto_state),
932+ EVP_CIPHER_set_asn1_iv,
933+ EVP_CIPHER_get_asn1_iv,
934+ NULL
935+};
936+
937+const EVP_CIPHER cryptodev_aes_256_cbc = {
938+ NID_aes_256_cbc,
939+ 16, 32, 16,
940+ EVP_CIPH_CBC_MODE,
941+ cryptodev_init_key,
942+ cryptodev_cipher,
943+ cryptodev_cleanup,
944+ sizeof(struct dev_crypto_state),
945+ EVP_CIPHER_set_asn1_iv,
946+ EVP_CIPHER_get_asn1_iv,
947+ NULL
948+};
949+
950 /*
951  * Registered by the ENGINE when used to find out how to deal with
952  * a particular NID in the ENGINE. this says what we'll do at the
953@@ -585,6 +660,9 @@ cryptodev_engine_ciphers(ENGINE *e, cons
954         return (cryptodev_usable_ciphers(nids));
955 
956     switch (nid) {
957+ case NID_rc4:
958+ *cipher = &cryptodev_rc4;
959+ break;
960     case NID_des_ede3_cbc:
961         *cipher = &cryptodev_3des_cbc;
962         break;
963@@ -600,6 +678,12 @@ cryptodev_engine_ciphers(ENGINE *e, cons
964     case NID_aes_128_cbc:
965         *cipher = &cryptodev_aes_cbc;
966         break;
967+ case NID_aes_192_cbc:
968+ *cipher = &cryptodev_aes_192_cbc;
969+ break;
970+ case NID_aes_256_cbc:
971+ *cipher = &cryptodev_aes_256_cbc;
972+ break;
973     default:
974         *cipher = NULL;
975         break;
976@@ -607,6 +691,234 @@ cryptodev_engine_ciphers(ENGINE *e, cons
977     return (*cipher != NULL);
978 }
979 
980+
981+#ifdef USE_CRYPTODEV_DIGESTS
982+
983+/* convert digest type to cryptodev */
984+static int
985+digest_nid_to_cryptodev(int nid)
986+{
987+ int i;
988+
989+ for (i = 0; digests[i].id; i++)
990+ if (digests[i].nid == nid)
991+ return (digests[i].id);
992+ return (0);
993+}
994+
995+
996+static int
997+digest_key_length(int nid)
998+{
999+ int i;
1000+
1001+ for (i = 0; digests[i].id; i++)
1002+ if (digests[i].nid == nid)
1003+ return digests[i].keylen;
1004+ return (0);
1005+}
1006+
1007+
1008+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
1009+{
1010+ struct dev_crypto_state *state = ctx->md_data;
1011+ struct session_op *sess = &state->d_sess;
1012+ int digest;
1013+
1014+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
1015+ printf("cryptodev_digest_init: Can't get digest \n");
1016+ return (0);
1017+ }
1018+
1019+ memset(state, 0, sizeof(struct dev_crypto_state));
1020+
1021+ if ((state->d_fd = get_dev_crypto()) < 0) {
1022+ printf("cryptodev_digest_init: Can't get Dev \n");
1023+ return (0);
1024+ }
1025+
1026+ sess->mackey = state->dummy_mac_key;
1027+ sess->mackeylen = digest_key_length(ctx->digest->type);
1028+ sess->mac = digest;
1029+
1030+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
1031+ close(state->d_fd);
1032+ state->d_fd = -1;
1033+ printf("cryptodev_digest_init: Open session failed\n");
1034+ return (0);
1035+ }
1036+
1037+ return (1);
1038+}
1039+
1040+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
1041+ size_t count)
1042+{
1043+ struct crypt_op cryp;
1044+ struct dev_crypto_state *state = ctx->md_data;
1045+ struct session_op *sess = &state->d_sess;
1046+
1047+ if (!data || state->d_fd < 0) {
1048+ printf("cryptodev_digest_update: illegal inputs \n");
1049+ return (0);
1050+ }
1051+
1052+ if (!count) {
1053+ return (0);
1054+ }
1055+
1056+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
1057+ /* if application doesn't support one buffer */
1058+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
1059+
1060+ if (!state->mac_data) {
1061+ printf("cryptodev_digest_update: realloc failed\n");
1062+ return (0);
1063+ }
1064+
1065+ memcpy(state->mac_data + state->mac_len, data, count);
1066+ state->mac_len += count;
1067+
1068+ return (1);
1069+ }
1070+
1071+ memset(&cryp, 0, sizeof(cryp));
1072+
1073+ cryp.ses = sess->ses;
1074+ cryp.flags = 0;
1075+ cryp.len = count;
1076+ cryp.src = (caddr_t) data;
1077+ cryp.dst = NULL;
1078+ cryp.mac = state->digest_res;
1079+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1080+ printf("cryptodev_digest_update: digest failed\n");
1081+ return (0);
1082+ }
1083+ return (1);
1084+}
1085+
1086+
1087+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
1088+{
1089+ struct crypt_op cryp;
1090+ struct dev_crypto_state *state = ctx->md_data;
1091+ struct session_op *sess = &state->d_sess;
1092+
1093+ int ret = 1;
1094+
1095+ if (!md || state->d_fd < 0) {
1096+ printf("cryptodev_digest_final: illegal input\n");
1097+ return(0);
1098+ }
1099+
1100+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
1101+ /* if application doesn't support one buffer */
1102+ memset(&cryp, 0, sizeof(cryp));
1103+
1104+ cryp.ses = sess->ses;
1105+ cryp.flags = 0;
1106+ cryp.len = state->mac_len;
1107+ cryp.src = state->mac_data;
1108+ cryp.dst = NULL;
1109+ cryp.mac = md;
1110+
1111+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
1112+ printf("cryptodev_digest_final: digest failed\n");
1113+ return (0);
1114+ }
1115+
1116+ return 1;
1117+ }
1118+
1119+ memcpy(md, state->digest_res, ctx->digest->md_size);
1120+
1121+ return (ret);
1122+}
1123+
1124+
1125+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
1126+{
1127+ int ret = 1;
1128+ struct dev_crypto_state *state = ctx->md_data;
1129+ struct session_op *sess = &state->d_sess;
1130+
1131+ if (state->d_fd < 0) {
1132+ printf("cryptodev_digest_cleanup: illegal input\n");
1133+ return (0);
1134+ }
1135+
1136+ if (state->mac_data) {
1137+ OPENSSL_free(state->mac_data);
1138+ state->mac_data = NULL;
1139+ state->mac_len = 0;
1140+ }
1141+
1142+ if (state->copy)
1143+ return 1;
1144+
1145+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
1146+ printf("cryptodev_digest_cleanup: failed to close session\n");
1147+ ret = 0;
1148+ } else {
1149+ ret = 1;
1150+ }
1151+ close(state->d_fd);
1152+ state->d_fd = -1;
1153+
1154+ return (ret);
1155+}
1156+
1157+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
1158+{
1159+ struct dev_crypto_state *fstate = from->md_data;
1160+ struct dev_crypto_state *dstate = to->md_data;
1161+
1162+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
1163+
1164+ if (fstate->mac_len != 0) {
1165+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
1166+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
1167+ }
1168+
1169+ dstate->copy = 1;
1170+
1171+ return 1;
1172+}
1173+
1174+
1175+const EVP_MD cryptodev_sha1 = {
1176+ NID_sha1,
1177+ NID_undef,
1178+ SHA_DIGEST_LENGTH,
1179+ EVP_MD_FLAG_ONESHOT,
1180+ cryptodev_digest_init,
1181+ cryptodev_digest_update,
1182+ cryptodev_digest_final,
1183+ cryptodev_digest_copy,
1184+ cryptodev_digest_cleanup,
1185+ EVP_PKEY_NULL_method,
1186+ SHA_CBLOCK,
1187+ sizeof(struct dev_crypto_state),
1188+};
1189+
1190+const EVP_MD cryptodev_md5 = {
1191+ NID_md5,
1192+ NID_undef,
1193+ 16 /* MD5_DIGEST_LENGTH */,
1194+ EVP_MD_FLAG_ONESHOT,
1195+ cryptodev_digest_init,
1196+ cryptodev_digest_update,
1197+ cryptodev_digest_final,
1198+ cryptodev_digest_copy,
1199+ cryptodev_digest_cleanup,
1200+ EVP_PKEY_NULL_method,
1201+ 64 /* MD5_CBLOCK */,
1202+ sizeof(struct dev_crypto_state),
1203+};
1204+
1205+#endif /* USE_CRYPTODEV_DIGESTS */
1206+
1207+
1208 static int
1209 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
1210     const int **nids, int nid)
1211@@ -615,10 +927,15 @@ cryptodev_engine_digests(ENGINE *e, cons
1212         return (cryptodev_usable_digests(nids));
1213 
1214     switch (nid) {
1215+#ifdef USE_CRYPTODEV_DIGESTS
1216     case NID_md5:
1217- *digest = NULL; /* need to make a clean md5 critter */
1218+ *digest = &cryptodev_md5;
1219         break;
1220+ case NID_sha1:
1221+ *digest = &cryptodev_sha1;
1222+ break;
1223     default:
1224+#endif /* USE_CRYPTODEV_DIGESTS */
1225         *digest = NULL;
1226         break;
1227     }
1228@@ -646,6 +963,7 @@ bn2crparam(const BIGNUM *a, struct crpar
1229     b = malloc(bytes);
1230     if (b == NULL)
1231         return (1);
1232+ memset(b, 0, bytes);
1233 
1234     crp->crp_p = (char *)b;
1235     crp->crp_nbits = bits;
1236@@ -690,7 +1008,7 @@ zapparams(struct crypt_kop *kop)
1237 {
1238     int i;
1239 
1240- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
1241+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
1242         if (kop->crk_param[i].crp_p)
1243             free(kop->crk_param[i].crp_p);
1244         kop->crk_param[i].crp_p = NULL;
1245--- a/crypto/engine/engine.h
1246+++ b/crypto/engine/engine.h
1247@@ -705,7 +705,7 @@ typedef int (*dynamic_bind_engine)(ENGIN
1248  * values. */
1249 void *ENGINE_get_static_state(void);
1250 
1251-#if defined(__OpenBSD__) || defined(__FreeBSD__)
1252+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
1253 void ENGINE_setup_bsd_cryptodev(void);
1254 #endif
1255 
1256--- a/crypto/evp/c_all.c
1257+++ b/crypto/evp/c_all.c
1258@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(v
1259     OpenSSL_add_all_ciphers();
1260     OpenSSL_add_all_digests();
1261 #ifndef OPENSSL_NO_ENGINE
1262-# if defined(__OpenBSD__) || defined(__FreeBSD__)
1263+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
1264     ENGINE_setup_bsd_cryptodev();
1265 # endif
1266 #endif
1267--- a/crypto/evp/c_alld.c
1268+++ b/crypto/evp/c_alld.c
1269@@ -78,7 +78,7 @@ void OpenSSL_add_all_digests(void)
1270     EVP_add_digest(EVP_dss());
1271 #endif
1272 #endif
1273-#ifndef OPENSSL_NO_SHA
1274+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
1275     EVP_add_digest(EVP_sha1());
1276     EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
1277     EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
1278--- a/engines/Makefile
1279+++ b/engines/Makefile
1280@@ -97,6 +97,7 @@ install:
1281             ( echo installing $$l; \
1282               if [ "$(PLATFORM)" != "Cygwin" ]; then \
1283                 case "$(CFLAGS)" in \
1284+ *OPENSSL_NO_HW*) continue;; \
1285                 *DSO_DLFCN*) sfx="so";; \
1286                 *DSO_DL*) sfx="sl";; \
1287                 *) sfx="bad";; \
1288--- a/util/domd
1289+++ b/util/domd
1290@@ -22,13 +22,17 @@ if expr "$MAKEDEPEND" : '.*gcc$' > /dev/
1291     done
1292     sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
1293     echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
1294- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
1295+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp && \
1296     ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
1297+ RC=$?
1298     rm -f Makefile.tmp
1299 else
1300- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@
1301+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
1302     ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
1303+ RC=$?
1304 fi
1305 mv Makefile.new Makefile
1306 # unfake the presence of Kerberos
1307 rm $TOP/krb5.h
1308+
1309+exit $RC
1310

Archive Download this file



interactive