]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/openssl-0.9.8u-cryptodev.patch
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'origin/next' into thirteen
[ipfire-2.x.git] / src / patches / openssl-0.9.8u-cryptodev.patch
CommitLineData
6d1f929a
AF		 1diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c
2--- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100
3+++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200
4@@ -113,7 +113,6 @@
5 #endif
6 }
7
8-#if defined(__OpenBSD__) || defined(__FreeBSD__)
9 void ENGINE_setup_bsd_cryptodev(void) {
10 static int bsd_cryptodev_default_loaded = 0;
11 if (!bsd_cryptodev_default_loaded) {
12@@ -122,4 +121,3 @@
13 }
14 bsd_cryptodev_default_loaded=1;
15 }
16-#endif
17diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c
18--- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100
19+++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200
20@@ -2,6 +2,7 @@
21 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
22 * Copyright (c) 2002 Theo de Raadt
23 * Copyright (c) 2002 Markus Friedl
24+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
25 * All rights reserved.
26 *
27 * Redistribution and use in source and binary forms, with or without
28@@ -30,10 +31,6 @@
29 #include <openssl/engine.h>
30 #include <openssl/evp.h>
31 #include <openssl/bn.h>
32-#include <openssl/dsa.h>
33-#include <openssl/rsa.h>
34-#include <openssl/dh.h>
35-#include <openssl/err.h>
36
37 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
38 (defined(OpenBSD) || defined(__FreeBSD__))
39@@ -59,6 +56,10 @@
40
41 #include <sys/types.h>
42 #include <crypto/cryptodev.h>
43+#include <crypto/dh/dh.h>
44+#include <crypto/dsa/dsa.h>
45+#include <crypto/err/err.h>
46+#include <crypto/rsa/rsa.h>
47 #include <sys/ioctl.h>
48 #include <errno.h>
49 #include <stdio.h>
50@@ -72,6 +73,12 @@
51 struct dev_crypto_state {
52 struct session_op d_sess;
53 int d_fd;
54+
55+#ifdef USE_CRYPTODEV_DIGESTS
56+ unsigned char digest_res[HASH_MAX_LEN];
57+ char *mac_data;
58+ int mac_len;
59+#endif
60 };
61
62 static u_int32_t cryptodev_asymfeat = 0;
63@@ -79,15 +86,14 @@
64 static int get_asym_dev_crypto(void);
65 static int open_dev_crypto(void);
66 static int get_dev_crypto(void);
67-static int cryptodev_max_iv(int cipher);
68-static int cryptodev_key_length_valid(int cipher, int len);
69-static int cipher_nid_to_cryptodev(int nid);
70 static int get_cryptodev_ciphers(const int **cnids);
71-/*static int get_cryptodev_digests(const int **cnids);*/
72+#ifdef USE_CRYPTODEV_DIGESTS
73+static int get_cryptodev_digests(const int **cnids);
74+#endif
75 static int cryptodev_usable_ciphers(const int **nids);
76 static int cryptodev_usable_digests(const int **nids);
77 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
78- const unsigned char *in, unsigned int inl);
79+ const unsigned char *in, size_t inl);
80 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
81 const unsigned char *iv, int enc);
82 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
83@@ -121,7 +127,7 @@
84 static int cryptodev_dh_compute_key(unsigned char *key,
85 const BIGNUM *pub_key, DH *dh);
86 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
87- void (*f)());
88+ void (*f)(void));
89 void ENGINE_load_cryptodev(void);
90
91 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
92@@ -134,27 +140,38 @@
93 int ivmax;
94 int keylen;
95 } ciphers[] = {
96+ { CRYPTO_ARC4, NID_rc4, 0, 16, },
97 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
98 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
99 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
100+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
101+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
102 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
103 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
104 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
105 { 0, NID_undef, 0, 0, },
106 };
107
108-#if 0
109+#ifdef USE_CRYPTODEV_DIGESTS
110 static struct {
111 int id;
112 int nid;
113+ int digestlen;
114 } digests[] = {
115- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
116- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
117- { CRYPTO_MD5_KPDK, NID_undef, },
118- { CRYPTO_SHA1_KPDK, NID_undef, },
119- { CRYPTO_MD5, NID_md5, },
120- { CRYPTO_SHA1, NID_undef, },
121- { 0, NID_undef, },
122+#if 0
123+ /* HMAC is not supported */
124+ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
125+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
126+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
127+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
128+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
129+#endif
130+ { CRYPTO_MD5, NID_md5, 16},
131+ { CRYPTO_SHA1, NID_sha1, 20},
132+ { CRYPTO_SHA2_256, NID_sha256, 32},
133+ { CRYPTO_SHA2_384, NID_sha384, 48},
134+ { CRYPTO_SHA2_512, NID_sha512, 64},
135+ { 0, NID_undef, 0},
136 };
137 #endif
138
139@@ -186,6 +203,7 @@
140
141 if ((fd = open_dev_crypto()) == -1)
142 return (-1);
143+#ifndef CRIOGET_NOT_NEEDED
144 if (ioctl(fd, CRIOGET, &retfd) == -1)
145 return (-1);
146
147@@ -194,9 +212,19 @@
148 close(retfd);
149 return (-1);
150 }
151+#else
152+ retfd = fd;
153+#endif
154 return (retfd);
155 }
156
157+static void put_dev_crypto(int fd)
158+{
159+#ifndef CRIOGET_NOT_NEEDED
160+ close(fd);
161+#endif
162+}
163+
164 /* Caching version for asym operations */
165 static int
166 get_asym_dev_crypto(void)
167@@ -209,50 +237,6 @@
168 }
169
170 /*
171- * XXXX this needs to be set for each alg - and determined from
172- * a running card.
173- */
174-static int
175-cryptodev_max_iv(int cipher)
176-{
177- int i;
178-
179- for (i = 0; ciphers[i].id; i++)
180- if (ciphers[i].id == cipher)
181- return (ciphers[i].ivmax);
182- return (0);
183-}
184-
185-/*
186- * XXXX this needs to be set for each alg - and determined from
187- * a running card. For now, fake it out - but most of these
188- * for real devices should return 1 for the supported key
189- * sizes the device can handle.
190- */
191-static int
192-cryptodev_key_length_valid(int cipher, int len)
193-{
194- int i;
195-
196- for (i = 0; ciphers[i].id; i++)
197- if (ciphers[i].id == cipher)
198- return (ciphers[i].keylen == len);
199- return (0);
200-}
201-
202-/* convert libcrypto nids to cryptodev */
203-static int
204-cipher_nid_to_cryptodev(int nid)
205-{
206- int i;
207-
208- for (i = 0; ciphers[i].id; i++)
209- if (ciphers[i].nid == nid)
210- return (ciphers[i].id);
211- return (0);
212-}
213-
214-/*
215 * Find out what ciphers /dev/crypto will let us have a session for.
216 * XXX note, that some of these openssl doesn't deal with yet!
217 * returning them here is harmless, as long as we return NULL
218@@ -264,13 +248,14 @@
219 static int nids[CRYPTO_ALGORITHM_MAX];
220 struct session_op sess;
221 int fd, i, count = 0;
222+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
223
224 if ((fd = get_dev_crypto()) < 0) {
225 *cnids = NULL;
226 return (0);
227 }
228 memset(&sess, 0, sizeof(sess));
229- sess.key = (caddr_t)"123456781234567812345678";
230+ sess.key = (void*)fake_key;
231
232 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
233 if (ciphers[i].nid == NID_undef)
234@@ -282,7 +267,7 @@
235 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
236 nids[count++] = ciphers[i].nid;
237 }
238- close(fd);
239+ put_dev_crypto(fd);
240
241 if (count > 0)
242 *cnids = nids;
243@@ -291,7 +276,7 @@
244 return (count);
245 }
246
247-#if 0 /* unused */
248+#ifdef USE_CRYPTODEV_DIGESTS
249 /*
250 * Find out what digests /dev/crypto will let us have a session for.
251 * XXX note, that some of these openssl doesn't deal with yet!
252@@ -302,6 +287,7 @@
253 get_cryptodev_digests(const int **cnids)
254 {
255 static int nids[CRYPTO_ALGORITHM_MAX];
256+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
257 struct session_op sess;
258 int fd, i, count = 0;
259
260@@ -310,16 +296,18 @@
261 return (0);
262 }
263 memset(&sess, 0, sizeof(sess));
264+ sess.mackey = fake_key;
265 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
266 if (digests[i].nid == NID_undef)
267 continue;
268 sess.mac = digests[i].id;
269+ sess.mackeylen = 8;
270 sess.cipher = 0;
271 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
272 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
273 nids[count++] = digests[i].nid;
274 }
275- close(fd);
276+ put_dev_crypto(fd);
277
278 if (count > 0)
279 *cnids = nids;
280@@ -327,8 +315,7 @@
281 *cnids = NULL;
282 return (count);
283 }
284-
285-#endif
286+#endif /* 0 */
287
288 /*
289 * Find the useable ciphers|digests from dev/crypto - this is the first
290@@ -360,6 +347,9 @@
291 static int
292 cryptodev_usable_digests(const int **nids)
293 {
294+#ifdef USE_CRYPTODEV_DIGESTS
295+ return (get_cryptodev_digests(nids));
296+#else
297 /*
298 * XXXX just disable all digests for now, because it sucks.
299 * we need a better way to decide this - i.e. I may not
300@@ -374,11 +364,12 @@
301 */
302 *nids = NULL;
303 return (0);
304+#endif
305 }
306
307 static int
308 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
309- const unsigned char *in, unsigned int inl)
310+ const unsigned char *in, size_t inl)
311 {
312 struct crypt_op cryp;
313 struct dev_crypto_state *state = ctx->cipher_data;
314@@ -398,14 +389,14 @@
315 cryp.ses = sess->ses;
316 cryp.flags = 0;
317 cryp.len = inl;
318- cryp.src = (caddr_t) in;
319- cryp.dst = (caddr_t) out;
320+ cryp.src = (void*) in;
321+ cryp.dst = (void*) out;
322 cryp.mac = 0;
323
324 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
325
326 if (ctx->cipher->iv_len) {
327- cryp.iv = (caddr_t) ctx->iv;
328+ cryp.iv = (void*) ctx->iv;
329 if (!ctx->encrypt) {
330 iiv = in + inl - ctx->cipher->iv_len;
331 memcpy(save_iv, iiv, ctx->cipher->iv_len);
332@@ -436,28 +427,32 @@
333 {
334 struct dev_crypto_state *state = ctx->cipher_data;
335 struct session_op *sess = &state->d_sess;
336- int cipher;
337+ int cipher = -1, i;
338
339- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
340- return (0);
341-
342- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
343- return (0);
344+ for (i = 0; ciphers[i].id; i++)
345+ if (ctx->cipher->nid == ciphers[i].nid &&
346+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
347+ ctx->key_len == ciphers[i].keylen) {
348+ cipher = ciphers[i].id;
349+ break;
350+ }
351
352- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
353+ if (!ciphers[i].id) {
354+ state->d_fd = -1;
355 return (0);
356+ }
357
358 memset(sess, 0, sizeof(struct session_op));
359
360 if ((state->d_fd = get_dev_crypto()) < 0)
361 return (0);
362
363- sess->key = (char *)key;
364+ sess->key = (void*)key;
365 sess->keylen = ctx->key_len;
366 sess->cipher = cipher;
367
368 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
369- close(state->d_fd);
370+ put_dev_crypto(state->d_fd);
371 state->d_fd = -1;
372 return (0);
373 }
374@@ -494,7 +489,7 @@
375 } else {
376 ret = 1;
377 }
378- close(state->d_fd);
379+ put_dev_crypto(state->d_fd);
380 state->d_fd = -1;
381
382 return (ret);
383@@ -505,6 +500,20 @@
384 * gets called when libcrypto requests a cipher NID.
385 */
386
387+/* RC4 */
388+const EVP_CIPHER cryptodev_rc4 = {
389+ NID_rc4,
390+ 1, 16, 0,
391+ EVP_CIPH_VARIABLE_LENGTH,
392+ cryptodev_init_key,
393+ cryptodev_cipher,
394+ cryptodev_cleanup,
395+ sizeof(struct dev_crypto_state),
396+ NULL,
397+ NULL,
398+ NULL
399+};
400+
401 /* DES CBC EVP */
402 const EVP_CIPHER cryptodev_des_cbc = {
403 NID_des_cbc,
404@@ -572,6 +581,32 @@
405 NULL
406 };
407
408+const EVP_CIPHER cryptodev_aes_192_cbc = {
409+ NID_aes_192_cbc,
410+ 16, 24, 16,
411+ EVP_CIPH_CBC_MODE,
412+ cryptodev_init_key,
413+ cryptodev_cipher,
414+ cryptodev_cleanup,
415+ sizeof(struct dev_crypto_state),
416+ EVP_CIPHER_set_asn1_iv,
417+ EVP_CIPHER_get_asn1_iv,
418+ NULL
419+};
420+
421+const EVP_CIPHER cryptodev_aes_256_cbc = {
422+ NID_aes_256_cbc,
423+ 16, 32, 16,
424+ EVP_CIPH_CBC_MODE,
425+ cryptodev_init_key,
426+ cryptodev_cipher,
427+ cryptodev_cleanup,
428+ sizeof(struct dev_crypto_state),
429+ EVP_CIPHER_set_asn1_iv,
430+ EVP_CIPHER_get_asn1_iv,
431+ NULL
432+};
433+
434 /*
435 * Registered by the ENGINE when used to find out how to deal with
436 * a particular NID in the ENGINE. this says what we'll do at the
437@@ -585,6 +620,9 @@
438 return (cryptodev_usable_ciphers(nids));
439
440 switch (nid) {
441+ case NID_rc4:
442+ *cipher = &cryptodev_rc4;
443+ break;
444 case NID_des_ede3_cbc:
445 *cipher = &cryptodev_3des_cbc;
446 break;
447@@ -600,6 +638,12 @@
448 case NID_aes_128_cbc:
449 *cipher = &cryptodev_aes_cbc;
450 break;
451+ case NID_aes_192_cbc:
452+ *cipher = &cryptodev_aes_192_cbc;
453+ break;
454+ case NID_aes_256_cbc:
455+ *cipher = &cryptodev_aes_256_cbc;
456+ break;
457 default:
458 *cipher = NULL;
459 break;
460@@ -607,6 +651,286 @@
461 return (*cipher != NULL);
462 }
463
464+
465+#ifdef USE_CRYPTODEV_DIGESTS
466+
467+/* convert digest type to cryptodev */
468+static int
469+digest_nid_to_cryptodev(int nid)
470+{
471+ int i;
472+
473+ for (i = 0; digests[i].id; i++)
474+ if (digests[i].nid == nid)
475+ return (digests[i].id);
476+ return (0);
477+}
478+
479+
480+static int cryptodev_digest_init(EVP_MD_CTX *ctx)
481+{
482+ struct dev_crypto_state *state = ctx->md_data;
483+ struct session_op *sess = &state->d_sess;
484+ int digest;
485+
486+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
487+ printf("cryptodev_digest_init: Can't get digest \n");
488+ return (0);
489+ }
490+ memset(state, 0, sizeof(struct dev_crypto_state));
491+
492+ if ((state->d_fd = get_dev_crypto()) < 0) {
493+ printf("cryptodev_digest_init: Can't get Dev \n");
494+ return (0);
495+ }
496+
497+ sess->mackey = NULL;
498+ sess->mackeylen = 0;
499+ sess->mac = digest;
500+
501+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
502+ put_dev_crypto(state->d_fd);
503+ state->d_fd = -1;
504+ printf("cryptodev_digest_init: Open session failed\n");
505+ return (0);
506+ }
507+
508+ return (1);
509+}
510+
511+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
512+ size_t count)
513+{
514+ struct dev_crypto_state *state = ctx->md_data;
515+ struct crypt_op cryp;
516+ struct session_op *sess = &state->d_sess;
517+
518+ if (!data || state->d_fd < 0) {
519+ printf("cryptodev_digest_update: illegal inputs \n");
520+ return (0);
521+ }
522+
523+ if (!count) {
524+ return (1);
525+ }
526+
527+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
528+ /* if application doesn't support one buffer */
529+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
530+
531+ if (!state->mac_data) {
532+ printf("cryptodev_digest_update: realloc failed\n");
533+ return (0);
534+ }
535+
536+ memcpy(state->mac_data + state->mac_len, data, count);
537+ state->mac_len += count;
538+
539+ return (1);
540+ }
541+
542+ memset(&cryp, 0, sizeof(cryp));
543+
544+ cryp.ses = sess->ses;
545+ cryp.flags = 0;
546+ cryp.len = count;
547+ cryp.src = (void*) data;
548+ cryp.dst = NULL;
549+ cryp.mac = (void*) state->digest_res;
550+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
551+ printf("cryptodev_digest_update: digest failed\n");
552+ return (0);
553+ }
554+ return (1);
555+}
556+
557+
558+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
559+{
560+ struct crypt_op cryp;
561+ struct dev_crypto_state *state = ctx->md_data;
562+ struct session_op *sess = &state->d_sess;
563+
564+ if (!md || state->d_fd < 0) {
565+ printf("cryptodev_digest_final: illegal input\n");
566+ return(0);
567+ }
568+
569+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
570+ /* if application doesn't support one buffer */
571+ memset(&cryp, 0, sizeof(cryp));
572+ cryp.ses = sess->ses;
573+ cryp.flags = 0;
574+ cryp.len = state->mac_len;
575+ cryp.src = state->mac_data;
576+ cryp.dst = NULL;
577+ cryp.mac = (void*)md;
578+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
579+ printf("cryptodev_digest_final: digest failed\n");
580+ return (0);
581+ }
582+
583+ return 1;
584+ }
585+
586+ memcpy(md, state->digest_res, ctx->digest->md_size);
587+
588+ return 1;
589+}
590+
591+
592+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
593+{
594+ int ret = 1;
595+ struct dev_crypto_state *state = ctx->md_data;
596+ struct session_op *sess = &state->d_sess;
597+
598+ if (state == NULL)
599+ return 0;
600+
601+ if (state->d_fd < 0) {
602+ printf("cryptodev_digest_cleanup: illegal input\n");
603+ return (0);
604+ }
605+
606+ if (state->mac_data) {
607+ OPENSSL_free(state->mac_data);
608+ state->mac_data = NULL;
609+ state->mac_len = 0;
610+ }
611+
612+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
613+ printf("cryptodev_digest_cleanup: failed to close session\n");
614+ ret = 0;
615+ } else {
616+ ret = 1;
617+ }
618+ put_dev_crypto(state->d_fd);
619+ state->d_fd = -1;
620+
621+ return (ret);
622+}
623+
624+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
625+{
626+ struct dev_crypto_state *fstate = from->md_data;
627+ struct dev_crypto_state *dstate = to->md_data;
628+ struct session_op *sess;
629+ int digest;
630+
631+ if (dstate == NULL || fstate == NULL)
632+ return 1;
633+
634+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
635+
636+ sess = &dstate->d_sess;
637+
638+ digest = digest_nid_to_cryptodev(to->digest->type);
639+
640+ sess->mackey = NULL;
641+ sess->mackeylen = 0;
642+ sess->mac = digest;
643+
644+ dstate->d_fd = get_dev_crypto();
645+
646+ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
647+ put_dev_crypto(dstate->d_fd);
648+ dstate->d_fd = -1;
649+ printf("cryptodev_digest_init: Open session failed\n");
650+ return (0);
651+ }
652+
653+ if (fstate->mac_len != 0) {
654+ if (fstate->mac_data != NULL)
655+ {
656+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
657+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
658+ dstate->mac_len = fstate->mac_len;
659+ }
660+ }
661+
662+ return 1;
663+}
664+
665+
666+static const EVP_MD cryptodev_sha1 = {
667+ NID_sha1,
668+ NID_sha1WithRSAEncryption,
669+ SHA_DIGEST_LENGTH,
670+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
671+ cryptodev_digest_init,
672+ cryptodev_digest_update,
673+ cryptodev_digest_final,
674+ cryptodev_digest_copy,
675+ cryptodev_digest_cleanup,
676+ EVP_PKEY_RSA_method,
677+ SHA_CBLOCK,
678+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
679+};
680+
681+static const EVP_MD cryptodev_sha256 = {
682+ NID_sha256,
683+ NID_sha256WithRSAEncryption,
684+ SHA256_DIGEST_LENGTH,
685+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
686+ cryptodev_digest_init,
687+ cryptodev_digest_update,
688+ cryptodev_digest_final,
689+ cryptodev_digest_copy,
690+ cryptodev_digest_cleanup,
691+ EVP_PKEY_RSA_method,
692+ SHA256_CBLOCK,
693+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
694+};
695+
696+static const EVP_MD cryptodev_sha384 = {
697+ NID_sha384,
698+ NID_sha384WithRSAEncryption,
699+ SHA384_DIGEST_LENGTH,
700+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
701+ cryptodev_digest_init,
702+ cryptodev_digest_update,
703+ cryptodev_digest_final,
704+ cryptodev_digest_copy,
705+ cryptodev_digest_cleanup,
706+ EVP_PKEY_RSA_method,
707+ SHA512_CBLOCK,
708+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
709+};
710+
711+static const EVP_MD cryptodev_sha512 = {
712+ NID_sha512,
713+ NID_sha512WithRSAEncryption,
714+ SHA512_DIGEST_LENGTH,
715+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
716+ cryptodev_digest_init,
717+ cryptodev_digest_update,
718+ cryptodev_digest_final,
719+ cryptodev_digest_copy,
720+ cryptodev_digest_cleanup,
721+ EVP_PKEY_RSA_method,
722+ SHA512_CBLOCK,
723+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
724+};
725+
726+static const EVP_MD cryptodev_md5 = {
727+ NID_md5,
728+ NID_md5WithRSAEncryption,
729+ 16 /* MD5_DIGEST_LENGTH */,
730+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
731+ cryptodev_digest_init,
732+ cryptodev_digest_update,
733+ cryptodev_digest_final,
734+ cryptodev_digest_copy,
735+ cryptodev_digest_cleanup,
736+ EVP_PKEY_RSA_method,
737+ 64 /* MD5_CBLOCK */,
738+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
739+};
740+
741+#endif /* USE_CRYPTODEV_DIGESTS */
742+
743+
744 static int
745 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
746 const int **nids, int nid)
747@@ -615,10 +939,24 @@
748 return (cryptodev_usable_digests(nids));
749
750 switch (nid) {
751+#ifdef USE_CRYPTODEV_DIGESTS
752 case NID_md5:
753- *digest = NULL; /* need to make a clean md5 critter */
754+ *digest = &cryptodev_md5;
755 break;
756+ case NID_sha1:
757+ *digest = &cryptodev_sha1;
758+ break;
759+ case NID_sha256:
760+ *digest = &cryptodev_sha256;
761+ break;
762+ case NID_sha384:
763+ *digest = &cryptodev_sha384;
764+ break;
765+ case NID_sha512:
766+ *digest = &cryptodev_sha512;
767+ break;
768 default:
769+#endif /* USE_CRYPTODEV_DIGESTS */
770 *digest = NULL;
771 break;
772 }
773@@ -646,8 +984,9 @@
774 b = malloc(bytes);
775 if (b == NULL)
776 return (1);
777+ memset(b, 0, bytes);
778
779- crp->crp_p = (char *)b;
780+ crp->crp_p = (void*) b;
781 crp->crp_nbits = bits;
782
783 for (i = 0, j = 0; i < a->top; i++) {
784@@ -690,7 +1029,7 @@
785 {
786 int i;
787
788- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
789+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
790 if (kop->crk_param[i].crp_p)
791 free(kop->crk_param[i].crp_p);
792 kop->crk_param[i].crp_p = NULL;
793@@ -776,8 +1115,9 @@
794 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
795 {
796 int r;
797-
798+ ctx = BN_CTX_new();
799 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
800+ BN_CTX_free(ctx);
801 return (r);
802 }
803
804@@ -899,7 +1239,7 @@
805 kop.crk_op = CRK_DSA_SIGN;
806
807 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
808- kop.crk_param[0].crp_p = (caddr_t)dgst;
809+ kop.crk_param[0].crp_p = (void*)dgst;
810 kop.crk_param[0].crp_nbits = dlen * 8;
811 if (bn2crparam(dsa->p, &kop.crk_param[1]))
812 goto err;
813@@ -939,7 +1279,7 @@
814 kop.crk_op = CRK_DSA_VERIFY;
815
816 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
817- kop.crk_param[0].crp_p = (caddr_t)dgst;
818+ kop.crk_param[0].crp_p = (void*)dgst;
819 kop.crk_param[0].crp_nbits = dlen * 8;
820 if (bn2crparam(dsa->p, &kop.crk_param[1]))
821 goto err;
822@@ -1017,7 +1357,7 @@
823 goto err;
824 kop.crk_iparams = 3;
825
826- kop.crk_param[3].crp_p = (char *)key;
827+ kop.crk_param[3].crp_p = (void*) key;
828 kop.crk_param[3].crp_nbits = keylen * 8;
829 kop.crk_oparams = 1;
830
831@@ -1048,7 +1388,7 @@
832 * but I expect we'll want some options soon.
833 */
834 static int
835-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
836+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
837 {
838 #ifdef HAVE_SYSLOG_R
839 struct syslog_data sd = SYSLOG_DATA_INIT;
840@@ -1084,14 +1424,14 @@
841 * find out what asymmetric crypto algorithms we support
842 */
843 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
844- close(fd);
845+ put_dev_crypto(fd);
846 ENGINE_free(engine);
847 return;
848 }
849- close(fd);
850+ put_dev_crypto(fd);
851
852 if (!ENGINE_set_id(engine, "cryptodev") ||
853- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
854+ !ENGINE_set_name(engine, "cryptodev engine") ||
855 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
856 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
857 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
858diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h
859--- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100
860+++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200
861@@ -705,9 +705,7 @@
862 * values. */
863 void *ENGINE_get_static_state(void);
864
865-#if defined(__OpenBSD__) || defined(__FreeBSD__)
866 void ENGINE_setup_bsd_cryptodev(void);
867-#endif
868
869 /* BEGIN ERROR CODES */
870 /* The following lines are auto generated by the script mkerr.pl. Any changes
871diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c
872--- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200
873+++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200
874@@ -83,8 +83,6 @@
875 OpenSSL_add_all_ciphers();
876 OpenSSL_add_all_digests();
877 #ifndef OPENSSL_NO_ENGINE
878-# if defined(__OpenBSD__) || defined(__FreeBSD__)
879 ENGINE_setup_bsd_cryptodev();
880-# endif
881 #endif
882 }
IPFire 2.x development tree