]>
Commit | Line | Data |
---|---|---|
0f90adc0 EK |
1 | Patch created by Michael Tremer <michael.tremer@ipfire.org> from |
2 | http://download.gna.org/cryptodev-linux/cryptodev-linux-1.6.tar.gz | |
3 | ||
4 | diff -Nur openssl-1.0.1e-vanilla/crypto/cryptodev.h openssl-1.0.1e/crypto/cryptodev.h | |
5 | --- openssl-1.0.1e-vanilla/crypto/cryptodev.h 1970-01-01 00:00:00.000000000 +0000 | |
6 | +++ openssl-1.0.1e/crypto/cryptodev.h 2013-12-25 14:27:20.907326820 +0000 | |
7 | @@ -0,0 +1,292 @@ | |
8 | +/* This is a source compatible implementation with the original API of | |
9 | + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. | |
10 | + * Placed under public domain */ | |
11 | + | |
12 | +#ifndef L_CRYPTODEV_H | |
13 | +#define L_CRYPTODEV_H | |
14 | + | |
15 | +#include <linux/types.h> | |
16 | +#ifndef __KERNEL__ | |
17 | +#define __user | |
18 | +#endif | |
19 | + | |
20 | +/* API extensions for linux */ | |
21 | +#define CRYPTO_HMAC_MAX_KEY_LEN 512 | |
22 | +#define CRYPTO_CIPHER_MAX_KEY_LEN 64 | |
23 | + | |
24 | +/* All the supported algorithms | |
25 | + */ | |
26 | +enum cryptodev_crypto_op_t { | |
27 | + CRYPTO_DES_CBC = 1, | |
28 | + CRYPTO_3DES_CBC = 2, | |
29 | + CRYPTO_BLF_CBC = 3, | |
30 | + CRYPTO_CAST_CBC = 4, | |
31 | + CRYPTO_SKIPJACK_CBC = 5, | |
32 | + CRYPTO_MD5_HMAC = 6, | |
33 | + CRYPTO_SHA1_HMAC = 7, | |
34 | + CRYPTO_RIPEMD160_HMAC = 8, | |
35 | + CRYPTO_MD5_KPDK = 9, | |
36 | + CRYPTO_SHA1_KPDK = 10, | |
37 | + CRYPTO_RIJNDAEL128_CBC = 11, | |
38 | + CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, | |
39 | + CRYPTO_ARC4 = 12, | |
40 | + CRYPTO_MD5 = 13, | |
41 | + CRYPTO_SHA1 = 14, | |
42 | + CRYPTO_DEFLATE_COMP = 15, | |
43 | + CRYPTO_NULL = 16, | |
44 | + CRYPTO_LZS_COMP = 17, | |
45 | + CRYPTO_SHA2_256_HMAC = 18, | |
46 | + CRYPTO_SHA2_384_HMAC = 19, | |
47 | + CRYPTO_SHA2_512_HMAC = 20, | |
48 | + CRYPTO_AES_CTR = 21, | |
49 | + CRYPTO_AES_XTS = 22, | |
50 | + CRYPTO_AES_ECB = 23, | |
51 | + CRYPTO_AES_GCM = 50, | |
52 | + | |
53 | + CRYPTO_CAMELLIA_CBC = 101, | |
54 | + CRYPTO_RIPEMD160, | |
55 | + CRYPTO_SHA2_224, | |
56 | + CRYPTO_SHA2_256, | |
57 | + CRYPTO_SHA2_384, | |
58 | + CRYPTO_SHA2_512, | |
59 | + CRYPTO_SHA2_224_HMAC, | |
60 | + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ | |
61 | +}; | |
62 | + | |
63 | +#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) | |
64 | + | |
65 | +/* Values for ciphers */ | |
66 | +#define DES_BLOCK_LEN 8 | |
67 | +#define DES3_BLOCK_LEN 8 | |
68 | +#define RIJNDAEL128_BLOCK_LEN 16 | |
69 | +#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN | |
70 | +#define CAMELLIA_BLOCK_LEN 16 | |
71 | +#define BLOWFISH_BLOCK_LEN 8 | |
72 | +#define SKIPJACK_BLOCK_LEN 8 | |
73 | +#define CAST128_BLOCK_LEN 8 | |
74 | + | |
75 | +/* the maximum of the above */ | |
76 | +#define EALG_MAX_BLOCK_LEN 16 | |
77 | + | |
78 | +/* Values for hashes/MAC */ | |
79 | +#define AALG_MAX_RESULT_LEN 64 | |
80 | + | |
81 | +/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ | |
82 | +#define CRYPTODEV_MAX_ALG_NAME 64 | |
83 | + | |
84 | +#define HASH_MAX_LEN 64 | |
85 | + | |
86 | +/* input of CIOCGSESSION */ | |
87 | +struct session_op { | |
88 | + /* Specify either cipher or mac | |
89 | + */ | |
90 | + __u32 cipher; /* cryptodev_crypto_op_t */ | |
91 | + __u32 mac; /* cryptodev_crypto_op_t */ | |
92 | + | |
93 | + __u32 keylen; | |
94 | + __u8 __user *key; | |
95 | + __u32 mackeylen; | |
96 | + __u8 __user *mackey; | |
97 | + | |
98 | + __u32 ses; /* session identifier */ | |
99 | +}; | |
100 | + | |
101 | +struct session_info_op { | |
102 | + __u32 ses; /* session identifier */ | |
103 | + | |
104 | + /* verbose names for the requested ciphers */ | |
105 | + struct alg_info { | |
106 | + char cra_name[CRYPTODEV_MAX_ALG_NAME]; | |
107 | + char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; | |
108 | + } cipher_info, hash_info; | |
109 | + | |
110 | + __u16 alignmask; /* alignment constraints */ | |
111 | + __u32 flags; /* SIOP_FLAGS_* */ | |
112 | +}; | |
113 | + | |
114 | +/* If this flag is set then this algorithm uses | |
115 | + * a driver only available in kernel (software drivers, | |
116 | + * or drivers based on instruction sets do not set this flag). | |
117 | + * | |
118 | + * If multiple algorithms are involved (as in AEAD case), then | |
119 | + * if one of them is kernel-driver-only this flag will be set. | |
120 | + */ | |
121 | +#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 | |
122 | + | |
123 | +#define COP_ENCRYPT 0 | |
124 | +#define COP_DECRYPT 1 | |
125 | + | |
126 | +/* input of CIOCCRYPT */ | |
127 | +struct crypt_op { | |
128 | + __u32 ses; /* session identifier */ | |
129 | + __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ | |
130 | + __u16 flags; /* see COP_FLAG_* */ | |
131 | + __u32 len; /* length of source data */ | |
132 | + __u8 __user *src; /* source data */ | |
133 | + __u8 __user *dst; /* pointer to output data */ | |
134 | + /* pointer to output data for hash/MAC operations */ | |
135 | + __u8 __user *mac; | |
136 | + /* initialization vector for encryption operations */ | |
137 | + __u8 __user *iv; | |
138 | +}; | |
139 | + | |
140 | +/* input of CIOCAUTHCRYPT */ | |
141 | +struct crypt_auth_op { | |
142 | + __u32 ses; /* session identifier */ | |
143 | + __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ | |
144 | + __u16 flags; /* see COP_FLAG_AEAD_* */ | |
145 | + __u32 len; /* length of source data */ | |
146 | + __u32 auth_len; /* length of auth data */ | |
147 | + __u8 __user *auth_src; /* authenticated-only data */ | |
148 | + | |
149 | + /* The current implementation is more efficient if data are | |
150 | + * encrypted in-place (src==dst). */ | |
151 | + __u8 __user *src; /* data to be encrypted and authenticated */ | |
152 | + __u8 __user *dst; /* pointer to output data. Must have | |
153 | + * space for tag. For TLS this should be at least | |
154 | + * len + tag_size + block_size for padding */ | |
155 | + | |
156 | + __u8 __user *tag; /* where the tag will be copied to. TLS mode | |
157 | + * doesn't use that as tag is copied to dst. | |
158 | + * SRTP mode copies tag there. */ | |
159 | + __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ | |
160 | + | |
161 | + /* initialization vector for encryption operations */ | |
162 | + __u8 __user *iv; | |
163 | + __u32 iv_len; | |
164 | +}; | |
165 | + | |
166 | +/* In plain AEAD mode the following are required: | |
167 | + * flags : 0 | |
168 | + * iv : the initialization vector (12 bytes) | |
169 | + * auth_len: the length of the data to be authenticated | |
170 | + * auth_src: the data to be authenticated | |
171 | + * len : length of data to be encrypted | |
172 | + * src : the data to be encrypted | |
173 | + * dst : space to hold encrypted data. It must have | |
174 | + * at least a size of len + tag_size. | |
175 | + * tag_size: the size of the desired authentication tag or zero to use | |
176 | + * the maximum tag output. | |
177 | + * | |
178 | + * Note tag isn't being used because the Linux AEAD interface | |
179 | + * copies the tag just after data. | |
180 | + */ | |
181 | + | |
182 | +/* In TLS mode (used for CBC ciphers that required padding) | |
183 | + * the following are required: | |
184 | + * flags : COP_FLAG_AEAD_TLS_TYPE | |
185 | + * iv : the initialization vector | |
186 | + * auth_len: the length of the data to be authenticated only | |
187 | + * len : length of data to be encrypted | |
188 | + * auth_src: the data to be authenticated | |
189 | + * src : the data to be encrypted | |
190 | + * dst : space to hold encrypted data (preferably in-place). It must have | |
191 | + * at least a size of len + tag_size + blocksize. | |
192 | + * tag_size: the size of the desired authentication tag or zero to use | |
193 | + * the default mac output. | |
194 | + * | |
195 | + * Note that the padding used is the minimum padding. | |
196 | + */ | |
197 | + | |
198 | +/* In SRTP mode the following are required: | |
199 | + * flags : COP_FLAG_AEAD_SRTP_TYPE | |
200 | + * iv : the initialization vector | |
201 | + * auth_len: the length of the data to be authenticated. This must | |
202 | + * include the SRTP header + SRTP payload (data to be encrypted) + rest | |
203 | + * | |
204 | + * len : length of data to be encrypted | |
205 | + * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. | |
206 | + * src : pointer to the data to be encrypted. | |
207 | + * dst : This is mandatory to be the same as src (in-place only). | |
208 | + * tag_size: the size of the desired authentication tag or zero to use | |
209 | + * the default mac output. | |
210 | + * tag : Pointer to an address where the authentication tag will be copied. | |
211 | + */ | |
212 | + | |
213 | + | |
214 | +/* struct crypt_op flags */ | |
215 | + | |
216 | +#define COP_FLAG_NONE (0 << 0) /* totally no flag */ | |
217 | +#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ | |
218 | +#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ | |
219 | +#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ | |
220 | +#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ | |
221 | +#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the | |
222 | + * TLS protocol rules */ | |
223 | +#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the | |
224 | + * SRTP protocol rules */ | |
225 | +#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. | |
226 | + * should be used in combination | |
227 | + * with COP_FLAG_UPDATE */ | |
228 | + | |
229 | + | |
230 | +/* Stuff for bignum arithmetic and public key | |
231 | + * cryptography - not supported yet by linux | |
232 | + * cryptodev. | |
233 | + */ | |
234 | + | |
235 | +#define CRYPTO_ALG_FLAG_SUPPORTED 1 | |
236 | +#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 | |
237 | +#define CRYPTO_ALG_FLAG_DSA_SHA 4 | |
238 | + | |
239 | +struct crparam { | |
240 | + __u8 *crp_p; | |
241 | + __u32 crp_nbits; | |
242 | +}; | |
243 | + | |
244 | +#define CRK_MAXPARAM 8 | |
245 | + | |
246 | +/* input of CIOCKEY */ | |
247 | +struct crypt_kop { | |
248 | + __u32 crk_op; /* cryptodev_crk_ot_t */ | |
249 | + __u32 crk_status; | |
250 | + __u16 crk_iparams; | |
251 | + __u16 crk_oparams; | |
252 | + __u32 crk_pad1; | |
253 | + struct crparam crk_param[CRK_MAXPARAM]; | |
254 | +}; | |
255 | + | |
256 | +enum cryptodev_crk_op_t { | |
257 | + CRK_MOD_EXP = 0, | |
258 | + CRK_MOD_EXP_CRT = 1, | |
259 | + CRK_DSA_SIGN = 2, | |
260 | + CRK_DSA_VERIFY = 3, | |
261 | + CRK_DH_COMPUTE_KEY = 4, | |
262 | + CRK_ALGORITHM_ALL | |
263 | +}; | |
264 | + | |
265 | +#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) | |
266 | + | |
267 | +/* features to be queried with CIOCASYMFEAT ioctl | |
268 | + */ | |
269 | +#define CRF_MOD_EXP (1 << CRK_MOD_EXP) | |
270 | +#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) | |
271 | +#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) | |
272 | +#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) | |
273 | +#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) | |
274 | + | |
275 | + | |
276 | +/* ioctl's. Compatible with old linux cryptodev.h | |
277 | + */ | |
278 | +#define CRIOGET _IOWR('c', 101, __u32) | |
279 | +#define CIOCGSESSION _IOWR('c', 102, struct session_op) | |
280 | +#define CIOCFSESSION _IOW('c', 103, __u32) | |
281 | +#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) | |
282 | +#define CIOCKEY _IOWR('c', 105, struct crypt_kop) | |
283 | +#define CIOCASYMFEAT _IOR('c', 106, __u32) | |
284 | +#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) | |
285 | + | |
286 | +/* to indicate that CRIOGET is not required in linux | |
287 | + */ | |
288 | +#define CRIOGET_NOT_NEEDED 1 | |
289 | + | |
290 | +/* additional ioctls for AEAD */ | |
291 | +#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) | |
292 | + | |
293 | +/* additional ioctls for asynchronous operation. | |
294 | + * These are conditionally enabled since version 1.6. | |
295 | + */ | |
296 | +#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) | |
297 | +#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) | |
298 | + | |
299 | +#endif /* L_CRYPTODEV_H */ | |
300 | diff -Nur openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c openssl-1.0.1e/crypto/engine/eng_cryptodev.c | |
301 | --- openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c 2013-02-11 15:26:04.000000000 +0000 | |
302 | +++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-12-25 14:27:06.968877039 +0000 | |
303 | @@ -2,6 +2,7 @@ | |
304 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | |
305 | * Copyright (c) 2002 Theo de Raadt | |
306 | * Copyright (c) 2002 Markus Friedl | |
307 | + * Copyright (c) 2012 Nikos Mavrogiannopoulos | |
308 | * All rights reserved. | |
309 | * | |
310 | * Redistribution and use in source and binary forms, with or without | |
311 | @@ -74,8 +75,6 @@ | |
312 | int d_fd; | |
313 | ||
314 | #ifdef USE_CRYPTODEV_DIGESTS | |
315 | - char dummy_mac_key[HASH_MAX_LEN]; | |
316 | - | |
317 | unsigned char digest_res[HASH_MAX_LEN]; | |
318 | char *mac_data; | |
319 | int mac_len; | |
320 | @@ -157,15 +156,21 @@ | |
321 | static struct { | |
322 | int id; | |
323 | int nid; | |
324 | - int keylen; | |
325 | + int digestlen; | |
326 | } digests[] = { | |
327 | +#if 0 | |
328 | + /* HMAC is not supported */ | |
329 | { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, | |
330 | { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, | |
331 | - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, | |
332 | - { CRYPTO_MD5_KPDK, NID_undef, 0}, | |
333 | - { CRYPTO_SHA1_KPDK, NID_undef, 0}, | |
334 | + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, | |
335 | + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, | |
336 | + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, | |
337 | +#endif | |
338 | { CRYPTO_MD5, NID_md5, 16}, | |
339 | { CRYPTO_SHA1, NID_sha1, 20}, | |
340 | + { CRYPTO_SHA2_256, NID_sha256, 32}, | |
341 | + { CRYPTO_SHA2_384, NID_sha384, 48}, | |
342 | + { CRYPTO_SHA2_512, NID_sha512, 64}, | |
343 | { 0, NID_undef, 0}, | |
344 | }; | |
345 | #endif | |
346 | @@ -243,13 +248,14 @@ | |
347 | static int nids[CRYPTO_ALGORITHM_MAX]; | |
348 | struct session_op sess; | |
349 | int fd, i, count = 0; | |
350 | + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; | |
351 | ||
352 | if ((fd = get_dev_crypto()) < 0) { | |
353 | *cnids = NULL; | |
354 | return (0); | |
355 | } | |
356 | memset(&sess, 0, sizeof(sess)); | |
357 | - sess.key = (caddr_t)"123456789abcdefghijklmno"; | |
358 | + sess.key = (void*)fake_key; | |
359 | ||
360 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
361 | if (ciphers[i].nid == NID_undef) | |
362 | @@ -281,6 +287,7 @@ | |
363 | get_cryptodev_digests(const int **cnids) | |
364 | { | |
365 | static int nids[CRYPTO_ALGORITHM_MAX]; | |
366 | + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; | |
367 | struct session_op sess; | |
368 | int fd, i, count = 0; | |
369 | ||
370 | @@ -289,12 +296,12 @@ | |
371 | return (0); | |
372 | } | |
373 | memset(&sess, 0, sizeof(sess)); | |
374 | - sess.mackey = (caddr_t)"123456789abcdefghijklmno"; | |
375 | + sess.mackey = fake_key; | |
376 | for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | |
377 | if (digests[i].nid == NID_undef) | |
378 | continue; | |
379 | sess.mac = digests[i].id; | |
380 | - sess.mackeylen = digests[i].keylen; | |
381 | + sess.mackeylen = 8; | |
382 | sess.cipher = 0; | |
383 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | |
384 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | |
385 | @@ -382,14 +389,14 @@ | |
386 | cryp.ses = sess->ses; | |
387 | cryp.flags = 0; | |
388 | cryp.len = inl; | |
389 | - cryp.src = (caddr_t) in; | |
390 | - cryp.dst = (caddr_t) out; | |
391 | + cryp.src = (void*) in; | |
392 | + cryp.dst = (void*) out; | |
393 | cryp.mac = 0; | |
394 | ||
395 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | |
396 | ||
397 | if (ctx->cipher->iv_len) { | |
398 | - cryp.iv = (caddr_t) ctx->iv; | |
399 | + cryp.iv = (void*) ctx->iv; | |
400 | if (!ctx->encrypt) { | |
401 | iiv = in + inl - ctx->cipher->iv_len; | |
402 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | |
403 | @@ -440,7 +447,7 @@ | |
404 | if ((state->d_fd = get_dev_crypto()) < 0) | |
405 | return (0); | |
406 | ||
407 | - sess->key = (caddr_t)key; | |
408 | + sess->key = (void*)key; | |
409 | sess->keylen = ctx->key_len; | |
410 | sess->cipher = cipher; | |
411 | ||
412 | @@ -660,18 +667,6 @@ | |
413 | } | |
414 | ||
415 | ||
416 | -static int | |
417 | -digest_key_length(int nid) | |
418 | -{ | |
419 | - int i; | |
420 | - | |
421 | - for (i = 0; digests[i].id; i++) | |
422 | - if (digests[i].nid == nid) | |
423 | - return digests[i].keylen; | |
424 | - return (0); | |
425 | -} | |
426 | - | |
427 | - | |
428 | static int cryptodev_digest_init(EVP_MD_CTX *ctx) | |
429 | { | |
430 | struct dev_crypto_state *state = ctx->md_data; | |
431 | @@ -682,7 +677,6 @@ | |
432 | printf("cryptodev_digest_init: Can't get digest \n"); | |
433 | return (0); | |
434 | } | |
435 | - | |
436 | memset(state, 0, sizeof(struct dev_crypto_state)); | |
437 | ||
438 | if ((state->d_fd = get_dev_crypto()) < 0) { | |
439 | @@ -690,8 +684,8 @@ | |
440 | return (0); | |
441 | } | |
442 | ||
443 | - sess->mackey = state->dummy_mac_key; | |
444 | - sess->mackeylen = digest_key_length(ctx->digest->type); | |
445 | + sess->mackey = NULL; | |
446 | + sess->mackeylen = 0; | |
447 | sess->mac = digest; | |
448 | ||
449 | if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | |
450 | @@ -707,8 +701,8 @@ | |
451 | static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | |
452 | size_t count) | |
453 | { | |
454 | - struct crypt_op cryp; | |
455 | struct dev_crypto_state *state = ctx->md_data; | |
456 | + struct crypt_op cryp; | |
457 | struct session_op *sess = &state->d_sess; | |
458 | ||
459 | if (!data || state->d_fd < 0) { | |
460 | @@ -717,7 +711,7 @@ | |
461 | } | |
462 | ||
463 | if (!count) { | |
464 | - return (0); | |
465 | + return (1); | |
466 | } | |
467 | ||
468 | if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | |
469 | @@ -740,9 +734,9 @@ | |
470 | cryp.ses = sess->ses; | |
471 | cryp.flags = 0; | |
472 | cryp.len = count; | |
473 | - cryp.src = (caddr_t) data; | |
474 | + cryp.src = (void*) data; | |
475 | cryp.dst = NULL; | |
476 | - cryp.mac = (caddr_t) state->digest_res; | |
477 | + cryp.mac = (void*) state->digest_res; | |
478 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | |
479 | printf("cryptodev_digest_update: digest failed\n"); | |
480 | return (0); | |
481 | @@ -757,8 +751,6 @@ | |
482 | struct dev_crypto_state *state = ctx->md_data; | |
483 | struct session_op *sess = &state->d_sess; | |
484 | ||
485 | - int ret = 1; | |
486 | - | |
487 | if (!md || state->d_fd < 0) { | |
488 | printf("cryptodev_digest_final: illegal input\n"); | |
489 | return(0); | |
490 | @@ -772,7 +764,7 @@ | |
491 | cryp.len = state->mac_len; | |
492 | cryp.src = state->mac_data; | |
493 | cryp.dst = NULL; | |
494 | - cryp.mac = (caddr_t)md; | |
495 | + cryp.mac = (void*)md; | |
496 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | |
497 | printf("cryptodev_digest_final: digest failed\n"); | |
498 | return (0); | |
499 | @@ -783,7 +775,7 @@ | |
500 | ||
501 | memcpy(md, state->digest_res, ctx->digest->md_size); | |
502 | ||
503 | - return (ret); | |
504 | + return 1; | |
505 | } | |
506 | ||
507 | ||
508 | @@ -835,8 +827,8 @@ | |
509 | ||
510 | digest = digest_nid_to_cryptodev(to->digest->type); | |
511 | ||
512 | - sess->mackey = dstate->dummy_mac_key; | |
513 | - sess->mackeylen = digest_key_length(to->digest->type); | |
514 | + sess->mackey = NULL; | |
515 | + sess->mackeylen = 0; | |
516 | sess->mac = digest; | |
517 | ||
518 | dstate->d_fd = get_dev_crypto(); | |
519 | @@ -861,34 +853,117 @@ | |
520 | } | |
521 | ||
522 | ||
523 | -const EVP_MD cryptodev_sha1 = { | |
524 | +static const EVP_MD cryptodev_sha1 = { | |
525 | NID_sha1, | |
526 | - NID_undef, | |
527 | + NID_sha1WithRSAEncryption, | |
528 | SHA_DIGEST_LENGTH, | |
529 | +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) | |
530 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| | |
531 | + EVP_MD_FLAG_DIGALGID_ABSENT| | |
532 | +#endif | |
533 | EVP_MD_FLAG_ONESHOT, | |
534 | cryptodev_digest_init, | |
535 | cryptodev_digest_update, | |
536 | cryptodev_digest_final, | |
537 | cryptodev_digest_copy, | |
538 | cryptodev_digest_cleanup, | |
539 | - EVP_PKEY_NULL_method, | |
540 | + EVP_PKEY_RSA_method, | |
541 | SHA_CBLOCK, | |
542 | - sizeof(struct dev_crypto_state), | |
543 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
544 | +}; | |
545 | + | |
546 | +static const EVP_MD cryptodev_sha256 = { | |
547 | + NID_sha256, | |
548 | + NID_sha256WithRSAEncryption, | |
549 | + SHA256_DIGEST_LENGTH, | |
550 | +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) | |
551 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| | |
552 | + EVP_MD_FLAG_DIGALGID_ABSENT| | |
553 | +#endif | |
554 | + EVP_MD_FLAG_ONESHOT, | |
555 | + cryptodev_digest_init, | |
556 | + cryptodev_digest_update, | |
557 | + cryptodev_digest_final, | |
558 | + cryptodev_digest_copy, | |
559 | + cryptodev_digest_cleanup, | |
560 | + EVP_PKEY_RSA_method, | |
561 | + SHA256_CBLOCK, | |
562 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
563 | +}; | |
564 | +static const EVP_MD cryptodev_sha224 = { | |
565 | + NID_sha224, | |
566 | + NID_sha224WithRSAEncryption, | |
567 | + SHA224_DIGEST_LENGTH, | |
568 | +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) | |
569 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| | |
570 | + EVP_MD_FLAG_DIGALGID_ABSENT| | |
571 | +#endif | |
572 | + EVP_MD_FLAG_ONESHOT, | |
573 | + cryptodev_digest_init, | |
574 | + cryptodev_digest_update, | |
575 | + cryptodev_digest_final, | |
576 | + cryptodev_digest_copy, | |
577 | + cryptodev_digest_cleanup, | |
578 | + EVP_PKEY_RSA_method, | |
579 | + SHA256_CBLOCK, | |
580 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
581 | +}; | |
582 | + | |
583 | +static const EVP_MD cryptodev_sha384 = { | |
584 | + NID_sha384, | |
585 | + NID_sha384WithRSAEncryption, | |
586 | + SHA384_DIGEST_LENGTH, | |
587 | +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) | |
588 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| | |
589 | + EVP_MD_FLAG_DIGALGID_ABSENT| | |
590 | +#endif | |
591 | + EVP_MD_FLAG_ONESHOT, | |
592 | + cryptodev_digest_init, | |
593 | + cryptodev_digest_update, | |
594 | + cryptodev_digest_final, | |
595 | + cryptodev_digest_copy, | |
596 | + cryptodev_digest_cleanup, | |
597 | + EVP_PKEY_RSA_method, | |
598 | + SHA512_CBLOCK, | |
599 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
600 | +}; | |
601 | + | |
602 | +static const EVP_MD cryptodev_sha512 = { | |
603 | + NID_sha512, | |
604 | + NID_sha512WithRSAEncryption, | |
605 | + SHA512_DIGEST_LENGTH, | |
606 | +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) | |
607 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| | |
608 | + EVP_MD_FLAG_DIGALGID_ABSENT| | |
609 | +#endif | |
610 | + EVP_MD_FLAG_ONESHOT, | |
611 | + cryptodev_digest_init, | |
612 | + cryptodev_digest_update, | |
613 | + cryptodev_digest_final, | |
614 | + cryptodev_digest_copy, | |
615 | + cryptodev_digest_cleanup, | |
616 | + EVP_PKEY_RSA_method, | |
617 | + SHA512_CBLOCK, | |
618 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
619 | }; | |
620 | ||
621 | -const EVP_MD cryptodev_md5 = { | |
622 | +static const EVP_MD cryptodev_md5 = { | |
623 | NID_md5, | |
624 | - NID_undef, | |
625 | + NID_md5WithRSAEncryption, | |
626 | 16 /* MD5_DIGEST_LENGTH */, | |
627 | +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) | |
628 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| | |
629 | + EVP_MD_FLAG_DIGALGID_ABSENT| | |
630 | +#endif | |
631 | EVP_MD_FLAG_ONESHOT, | |
632 | cryptodev_digest_init, | |
633 | cryptodev_digest_update, | |
634 | cryptodev_digest_final, | |
635 | cryptodev_digest_copy, | |
636 | cryptodev_digest_cleanup, | |
637 | - EVP_PKEY_NULL_method, | |
638 | + EVP_PKEY_RSA_method, | |
639 | 64 /* MD5_CBLOCK */, | |
640 | - sizeof(struct dev_crypto_state), | |
641 | + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), | |
642 | }; | |
643 | ||
644 | #endif /* USE_CRYPTODEV_DIGESTS */ | |
645 | @@ -909,6 +984,18 @@ | |
646 | case NID_sha1: | |
647 | *digest = &cryptodev_sha1; | |
648 | break; | |
649 | + case NID_sha224: | |
650 | + *digest = &cryptodev_sha224; | |
651 | + break; | |
652 | + case NID_sha256: | |
653 | + *digest = &cryptodev_sha256; | |
654 | + break; | |
655 | + case NID_sha384: | |
656 | + *digest = &cryptodev_sha384; | |
657 | + break; | |
658 | + case NID_sha512: | |
659 | + *digest = &cryptodev_sha512; | |
660 | + break; | |
661 | default: | |
662 | #endif /* USE_CRYPTODEV_DIGESTS */ | |
663 | *digest = NULL; | |
664 | @@ -940,7 +1027,7 @@ | |
665 | return (1); | |
666 | memset(b, 0, bytes); | |
667 | ||
668 | - crp->crp_p = (caddr_t) b; | |
669 | + crp->crp_p = (void*) b; | |
670 | crp->crp_nbits = bits; | |
671 | ||
672 | for (i = 0, j = 0; i < a->top; i++) { | |
673 | @@ -1193,7 +1280,7 @@ | |
674 | kop.crk_op = CRK_DSA_SIGN; | |
675 | ||
676 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | |
677 | - kop.crk_param[0].crp_p = (caddr_t)dgst; | |
678 | + kop.crk_param[0].crp_p = (void*)dgst; | |
679 | kop.crk_param[0].crp_nbits = dlen * 8; | |
680 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | |
681 | goto err; | |
682 | @@ -1233,7 +1320,7 @@ | |
683 | kop.crk_op = CRK_DSA_VERIFY; | |
684 | ||
685 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | |
686 | - kop.crk_param[0].crp_p = (caddr_t)dgst; | |
687 | + kop.crk_param[0].crp_p = (void*)dgst; | |
688 | kop.crk_param[0].crp_nbits = dlen * 8; | |
689 | if (bn2crparam(dsa->p, &kop.crk_param[1])) | |
690 | goto err; | |
691 | @@ -1311,9 +1398,10 @@ | |
692 | goto err; | |
693 | kop.crk_iparams = 3; | |
694 | ||
695 | - kop.crk_param[3].crp_p = (caddr_t) key; | |
696 | - kop.crk_param[3].crp_nbits = keylen * 8; | |
697 | + kop.crk_param[3].crp_p = (void*) key; | |
698 | + kop.crk_param[3].crp_nbits = keylen; | |
699 | kop.crk_oparams = 1; | |
700 | + dhret = keylen/8; | |
701 | ||
702 | if (ioctl(fd, CIOCKEY, &kop) == -1) { | |
703 | const DH_METHOD *meth = DH_OpenSSL(); | |
704 | @@ -1385,7 +1473,7 @@ | |
705 | put_dev_crypto(fd); | |
706 | ||
707 | if (!ENGINE_set_id(engine, "cryptodev") || | |
708 | - !ENGINE_set_name(engine, "BSD cryptodev engine") || | |
709 | + !ENGINE_set_name(engine, "cryptodev engine") || | |
710 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | |
711 | !ENGINE_set_digests(engine, cryptodev_engine_digests) || | |
712 | !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || |