]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/patches/openssl-0.9.8u-cryptodev.patch
projects / people / teissler / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'ummeegge/iptraf-ng' into next
[people/teissler/ipfire-2.x.git] / src / patches / openssl-0.9.8u-cryptodev.patch
1 diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c
2 --- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100
3 +++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200
4 @@ -113,7 +113,6 @@
5 #endif
6 }
7
8 -#if defined(__OpenBSD__) || defined(__FreeBSD__)
9 void ENGINE_setup_bsd_cryptodev(void) {
10 static int bsd_cryptodev_default_loaded = 0;
11 if (!bsd_cryptodev_default_loaded) {
12 @@ -122,4 +121,3 @@
13 }
14 bsd_cryptodev_default_loaded=1;
15 }
16 -#endif
17 diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c
18 --- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100
19 +++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200
20 @@ -2,6 +2,7 @@
21 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
22 * Copyright (c) 2002 Theo de Raadt
23 * Copyright (c) 2002 Markus Friedl
24 + * Copyright (c) 2012 Nikos Mavrogiannopoulos
25 * All rights reserved.
26 *
27 * Redistribution and use in source and binary forms, with or without
28 @@ -30,10 +31,6 @@
29 #include <openssl/engine.h>
30 #include <openssl/evp.h>
31 #include <openssl/bn.h>
32 -#include <openssl/dsa.h>
33 -#include <openssl/rsa.h>
34 -#include <openssl/dh.h>
35 -#include <openssl/err.h>
36
37 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
38 (defined(OpenBSD) || defined(__FreeBSD__))
39 @@ -59,6 +56,10 @@
40
41 #include <sys/types.h>
42 #include <crypto/cryptodev.h>
43 +#include <crypto/dh/dh.h>
44 +#include <crypto/dsa/dsa.h>
45 +#include <crypto/err/err.h>
46 +#include <crypto/rsa/rsa.h>
47 #include <sys/ioctl.h>
48 #include <errno.h>
49 #include <stdio.h>
50 @@ -72,6 +73,12 @@
51 struct dev_crypto_state {
52 struct session_op d_sess;
53 int d_fd;
54 +
55 +#ifdef USE_CRYPTODEV_DIGESTS
56 + unsigned char digest_res[HASH_MAX_LEN];
57 + char *mac_data;
58 + int mac_len;
59 +#endif
60 };
61
62 static u_int32_t cryptodev_asymfeat = 0;
63 @@ -79,15 +86,14 @@
64 static int get_asym_dev_crypto(void);
65 static int open_dev_crypto(void);
66 static int get_dev_crypto(void);
67 -static int cryptodev_max_iv(int cipher);
68 -static int cryptodev_key_length_valid(int cipher, int len);
69 -static int cipher_nid_to_cryptodev(int nid);
70 static int get_cryptodev_ciphers(const int **cnids);
71 -/*static int get_cryptodev_digests(const int **cnids);*/
72 +#ifdef USE_CRYPTODEV_DIGESTS
73 +static int get_cryptodev_digests(const int **cnids);
74 +#endif
75 static int cryptodev_usable_ciphers(const int **nids);
76 static int cryptodev_usable_digests(const int **nids);
77 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
78 - const unsigned char *in, unsigned int inl);
79 + const unsigned char *in, size_t inl);
80 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
81 const unsigned char *iv, int enc);
82 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
83 @@ -121,7 +127,7 @@
84 static int cryptodev_dh_compute_key(unsigned char *key,
85 const BIGNUM *pub_key, DH *dh);
86 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
87 - void (*f)());
88 + void (*f)(void));
89 void ENGINE_load_cryptodev(void);
90
91 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
92 @@ -134,27 +140,38 @@
93 int ivmax;
94 int keylen;
95 } ciphers[] = {
96 + { CRYPTO_ARC4, NID_rc4, 0, 16, },
97 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
98 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
99 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
100 + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
101 + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
102 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
103 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
104 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
105 { 0, NID_undef, 0, 0, },
106 };
107
108 -#if 0
109 +#ifdef USE_CRYPTODEV_DIGESTS
110 static struct {
111 int id;
112 int nid;
113 + int digestlen;
114 } digests[] = {
115 - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
116 - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
117 - { CRYPTO_MD5_KPDK, NID_undef, },
118 - { CRYPTO_SHA1_KPDK, NID_undef, },
119 - { CRYPTO_MD5, NID_md5, },
120 - { CRYPTO_SHA1, NID_undef, },
121 - { 0, NID_undef, },
122 +#if 0
123 + /* HMAC is not supported */
124 + { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
125 + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
126 + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
127 + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
128 + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
129 +#endif
130 + { CRYPTO_MD5, NID_md5, 16},
131 + { CRYPTO_SHA1, NID_sha1, 20},
132 + { CRYPTO_SHA2_256, NID_sha256, 32},
133 + { CRYPTO_SHA2_384, NID_sha384, 48},
134 + { CRYPTO_SHA2_512, NID_sha512, 64},
135 + { 0, NID_undef, 0},
136 };
137 #endif
138
139 @@ -186,6 +203,7 @@
140
141 if ((fd = open_dev_crypto()) == -1)
142 return (-1);
143 +#ifndef CRIOGET_NOT_NEEDED
144 if (ioctl(fd, CRIOGET, &retfd) == -1)
145 return (-1);
146
147 @@ -194,9 +212,19 @@
148 close(retfd);
149 return (-1);
150 }
151 +#else
152 + retfd = fd;
153 +#endif
154 return (retfd);
155 }
156
157 +static void put_dev_crypto(int fd)
158 +{
159 +#ifndef CRIOGET_NOT_NEEDED
160 + close(fd);
161 +#endif
162 +}
163 +
164 /* Caching version for asym operations */
165 static int
166 get_asym_dev_crypto(void)
167 @@ -209,50 +237,6 @@
168 }
169
170 /*
171 - * XXXX this needs to be set for each alg - and determined from
172 - * a running card.
173 - */
174 -static int
175 -cryptodev_max_iv(int cipher)
176 -{
177 - int i;
178 -
179 - for (i = 0; ciphers[i].id; i++)
180 - if (ciphers[i].id == cipher)
181 - return (ciphers[i].ivmax);
182 - return (0);
183 -}
184 -
185 -/*
186 - * XXXX this needs to be set for each alg - and determined from
187 - * a running card. For now, fake it out - but most of these
188 - * for real devices should return 1 for the supported key
189 - * sizes the device can handle.
190 - */
191 -static int
192 -cryptodev_key_length_valid(int cipher, int len)
193 -{
194 - int i;
195 -
196 - for (i = 0; ciphers[i].id; i++)
197 - if (ciphers[i].id == cipher)
198 - return (ciphers[i].keylen == len);
199 - return (0);
200 -}
201 -
202 -/* convert libcrypto nids to cryptodev */
203 -static int
204 -cipher_nid_to_cryptodev(int nid)
205 -{
206 - int i;
207 -
208 - for (i = 0; ciphers[i].id; i++)
209 - if (ciphers[i].nid == nid)
210 - return (ciphers[i].id);
211 - return (0);
212 -}
213 -
214 -/*
215 * Find out what ciphers /dev/crypto will let us have a session for.
216 * XXX note, that some of these openssl doesn't deal with yet!
217 * returning them here is harmless, as long as we return NULL
218 @@ -264,13 +248,14 @@
219 static int nids[CRYPTO_ALGORITHM_MAX];
220 struct session_op sess;
221 int fd, i, count = 0;
222 + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
223
224 if ((fd = get_dev_crypto()) < 0) {
225 *cnids = NULL;
226 return (0);
227 }
228 memset(&sess, 0, sizeof(sess));
229 - sess.key = (caddr_t)"123456781234567812345678";
230 + sess.key = (void*)fake_key;
231
232 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
233 if (ciphers[i].nid == NID_undef)
234 @@ -282,7 +267,7 @@
235 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
236 nids[count++] = ciphers[i].nid;
237 }
238 - close(fd);
239 + put_dev_crypto(fd);
240
241 if (count > 0)
242 *cnids = nids;
243 @@ -291,7 +276,7 @@
244 return (count);
245 }
246
247 -#if 0 /* unused */
248 +#ifdef USE_CRYPTODEV_DIGESTS
249 /*
250 * Find out what digests /dev/crypto will let us have a session for.
251 * XXX note, that some of these openssl doesn't deal with yet!
252 @@ -302,6 +287,7 @@
253 get_cryptodev_digests(const int **cnids)
254 {
255 static int nids[CRYPTO_ALGORITHM_MAX];
256 + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
257 struct session_op sess;
258 int fd, i, count = 0;
259
260 @@ -310,16 +296,18 @@
261 return (0);
262 }
263 memset(&sess, 0, sizeof(sess));
264 + sess.mackey = fake_key;
265 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
266 if (digests[i].nid == NID_undef)
267 continue;
268 sess.mac = digests[i].id;
269 + sess.mackeylen = 8;
270 sess.cipher = 0;
271 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
272 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
273 nids[count++] = digests[i].nid;
274 }
275 - close(fd);
276 + put_dev_crypto(fd);
277
278 if (count > 0)
279 *cnids = nids;
280 @@ -327,8 +315,7 @@
281 *cnids = NULL;
282 return (count);
283 }
284 -
285 -#endif
286 +#endif /* 0 */
287
288 /*
289 * Find the useable ciphers|digests from dev/crypto - this is the first
290 @@ -360,6 +347,9 @@
291 static int
292 cryptodev_usable_digests(const int **nids)
293 {
294 +#ifdef USE_CRYPTODEV_DIGESTS
295 + return (get_cryptodev_digests(nids));
296 +#else
297 /*
298 * XXXX just disable all digests for now, because it sucks.
299 * we need a better way to decide this - i.e. I may not
300 @@ -374,11 +364,12 @@
301 */
302 *nids = NULL;
303 return (0);
304 +#endif
305 }
306
307 static int
308 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
309 - const unsigned char *in, unsigned int inl)
310 + const unsigned char *in, size_t inl)
311 {
312 struct crypt_op cryp;
313 struct dev_crypto_state *state = ctx->cipher_data;
314 @@ -398,14 +389,14 @@
315 cryp.ses = sess->ses;
316 cryp.flags = 0;
317 cryp.len = inl;
318 - cryp.src = (caddr_t) in;
319 - cryp.dst = (caddr_t) out;
320 + cryp.src = (void*) in;
321 + cryp.dst = (void*) out;
322 cryp.mac = 0;
323
324 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
325
326 if (ctx->cipher->iv_len) {
327 - cryp.iv = (caddr_t) ctx->iv;
328 + cryp.iv = (void*) ctx->iv;
329 if (!ctx->encrypt) {
330 iiv = in + inl - ctx->cipher->iv_len;
331 memcpy(save_iv, iiv, ctx->cipher->iv_len);
332 @@ -436,28 +427,32 @@
333 {
334 struct dev_crypto_state *state = ctx->cipher_data;
335 struct session_op *sess = &state->d_sess;
336 - int cipher;
337 + int cipher = -1, i;
338
339 - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
340 - return (0);
341 -
342 - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
343 - return (0);
344 + for (i = 0; ciphers[i].id; i++)
345 + if (ctx->cipher->nid == ciphers[i].nid &&
346 + ctx->cipher->iv_len <= ciphers[i].ivmax &&
347 + ctx->key_len == ciphers[i].keylen) {
348 + cipher = ciphers[i].id;
349 + break;
350 + }
351
352 - if (!cryptodev_key_length_valid(cipher, ctx->key_len))
353 + if (!ciphers[i].id) {
354 + state->d_fd = -1;
355 return (0);
356 + }
357
358 memset(sess, 0, sizeof(struct session_op));
359
360 if ((state->d_fd = get_dev_crypto()) < 0)
361 return (0);
362
363 - sess->key = (char *)key;
364 + sess->key = (void*)key;
365 sess->keylen = ctx->key_len;
366 sess->cipher = cipher;
367
368 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
369 - close(state->d_fd);
370 + put_dev_crypto(state->d_fd);
371 state->d_fd = -1;
372 return (0);
373 }
374 @@ -494,7 +489,7 @@
375 } else {
376 ret = 1;
377 }
378 - close(state->d_fd);
379 + put_dev_crypto(state->d_fd);
380 state->d_fd = -1;
381
382 return (ret);
383 @@ -505,6 +500,20 @@
384 * gets called when libcrypto requests a cipher NID.
385 */
386
387 +/* RC4 */
388 +const EVP_CIPHER cryptodev_rc4 = {
389 + NID_rc4,
390 + 1, 16, 0,
391 + EVP_CIPH_VARIABLE_LENGTH,
392 + cryptodev_init_key,
393 + cryptodev_cipher,
394 + cryptodev_cleanup,
395 + sizeof(struct dev_crypto_state),
396 + NULL,
397 + NULL,
398 + NULL
399 +};
400 +
401 /* DES CBC EVP */
402 const EVP_CIPHER cryptodev_des_cbc = {
403 NID_des_cbc,
404 @@ -572,6 +581,32 @@
405 NULL
406 };
407
408 +const EVP_CIPHER cryptodev_aes_192_cbc = {
409 + NID_aes_192_cbc,
410 + 16, 24, 16,
411 + EVP_CIPH_CBC_MODE,
412 + cryptodev_init_key,
413 + cryptodev_cipher,
414 + cryptodev_cleanup,
415 + sizeof(struct dev_crypto_state),
416 + EVP_CIPHER_set_asn1_iv,
417 + EVP_CIPHER_get_asn1_iv,
418 + NULL
419 +};
420 +
421 +const EVP_CIPHER cryptodev_aes_256_cbc = {
422 + NID_aes_256_cbc,
423 + 16, 32, 16,
424 + EVP_CIPH_CBC_MODE,
425 + cryptodev_init_key,
426 + cryptodev_cipher,
427 + cryptodev_cleanup,
428 + sizeof(struct dev_crypto_state),
429 + EVP_CIPHER_set_asn1_iv,
430 + EVP_CIPHER_get_asn1_iv,
431 + NULL
432 +};
433 +
434 /*
435 * Registered by the ENGINE when used to find out how to deal with
436 * a particular NID in the ENGINE. this says what we'll do at the
437 @@ -585,6 +620,9 @@
438 return (cryptodev_usable_ciphers(nids));
439
440 switch (nid) {
441 + case NID_rc4:
442 + *cipher = &cryptodev_rc4;
443 + break;
444 case NID_des_ede3_cbc:
445 *cipher = &cryptodev_3des_cbc;
446 break;
447 @@ -600,6 +638,12 @@
448 case NID_aes_128_cbc:
449 *cipher = &cryptodev_aes_cbc;
450 break;
451 + case NID_aes_192_cbc:
452 + *cipher = &cryptodev_aes_192_cbc;
453 + break;
454 + case NID_aes_256_cbc:
455 + *cipher = &cryptodev_aes_256_cbc;
456 + break;
457 default:
458 *cipher = NULL;
459 break;
460 @@ -607,6 +651,286 @@
461 return (*cipher != NULL);
462 }
463
464 +
465 +#ifdef USE_CRYPTODEV_DIGESTS
466 +
467 +/* convert digest type to cryptodev */
468 +static int
469 +digest_nid_to_cryptodev(int nid)
470 +{
471 + int i;
472 +
473 + for (i = 0; digests[i].id; i++)
474 + if (digests[i].nid == nid)
475 + return (digests[i].id);
476 + return (0);
477 +}
478 +
479 +
480 +static int cryptodev_digest_init(EVP_MD_CTX *ctx)
481 +{
482 + struct dev_crypto_state *state = ctx->md_data;
483 + struct session_op *sess = &state->d_sess;
484 + int digest;
485 +
486 + if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
487 + printf("cryptodev_digest_init: Can't get digest \n");
488 + return (0);
489 + }
490 + memset(state, 0, sizeof(struct dev_crypto_state));
491 +
492 + if ((state->d_fd = get_dev_crypto()) < 0) {
493 + printf("cryptodev_digest_init: Can't get Dev \n");
494 + return (0);
495 + }
496 +
497 + sess->mackey = NULL;
498 + sess->mackeylen = 0;
499 + sess->mac = digest;
500 +
501 + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
502 + put_dev_crypto(state->d_fd);
503 + state->d_fd = -1;
504 + printf("cryptodev_digest_init: Open session failed\n");
505 + return (0);
506 + }
507 +
508 + return (1);
509 +}
510 +
511 +static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
512 + size_t count)
513 +{
514 + struct dev_crypto_state *state = ctx->md_data;
515 + struct crypt_op cryp;
516 + struct session_op *sess = &state->d_sess;
517 +
518 + if (!data || state->d_fd < 0) {
519 + printf("cryptodev_digest_update: illegal inputs \n");
520 + return (0);
521 + }
522 +
523 + if (!count) {
524 + return (1);
525 + }
526 +
527 + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
528 + /* if application doesn't support one buffer */
529 + state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
530 +
531 + if (!state->mac_data) {
532 + printf("cryptodev_digest_update: realloc failed\n");
533 + return (0);
534 + }
535 +
536 + memcpy(state->mac_data + state->mac_len, data, count);
537 + state->mac_len += count;
538 +
539 + return (1);
540 + }
541 +
542 + memset(&cryp, 0, sizeof(cryp));
543 +
544 + cryp.ses = sess->ses;
545 + cryp.flags = 0;
546 + cryp.len = count;
547 + cryp.src = (void*) data;
548 + cryp.dst = NULL;
549 + cryp.mac = (void*) state->digest_res;
550 + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
551 + printf("cryptodev_digest_update: digest failed\n");
552 + return (0);
553 + }
554 + return (1);
555 +}
556 +
557 +
558 +static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
559 +{
560 + struct crypt_op cryp;
561 + struct dev_crypto_state *state = ctx->md_data;
562 + struct session_op *sess = &state->d_sess;
563 +
564 + if (!md || state->d_fd < 0) {
565 + printf("cryptodev_digest_final: illegal input\n");
566 + return(0);
567 + }
568 +
569 + if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
570 + /* if application doesn't support one buffer */
571 + memset(&cryp, 0, sizeof(cryp));
572 + cryp.ses = sess->ses;
573 + cryp.flags = 0;
574 + cryp.len = state->mac_len;
575 + cryp.src = state->mac_data;
576 + cryp.dst = NULL;
577 + cryp.mac = (void*)md;
578 + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
579 + printf("cryptodev_digest_final: digest failed\n");
580 + return (0);
581 + }
582 +
583 + return 1;
584 + }
585 +
586 + memcpy(md, state->digest_res, ctx->digest->md_size);
587 +
588 + return 1;
589 +}
590 +
591 +
592 +static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
593 +{
594 + int ret = 1;
595 + struct dev_crypto_state *state = ctx->md_data;
596 + struct session_op *sess = &state->d_sess;
597 +
598 + if (state == NULL)
599 + return 0;
600 +
601 + if (state->d_fd < 0) {
602 + printf("cryptodev_digest_cleanup: illegal input\n");
603 + return (0);
604 + }
605 +
606 + if (state->mac_data) {
607 + OPENSSL_free(state->mac_data);
608 + state->mac_data = NULL;
609 + state->mac_len = 0;
610 + }
611 +
612 + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
613 + printf("cryptodev_digest_cleanup: failed to close session\n");
614 + ret = 0;
615 + } else {
616 + ret = 1;
617 + }
618 + put_dev_crypto(state->d_fd);
619 + state->d_fd = -1;
620 +
621 + return (ret);
622 +}
623 +
624 +static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
625 +{
626 + struct dev_crypto_state *fstate = from->md_data;
627 + struct dev_crypto_state *dstate = to->md_data;
628 + struct session_op *sess;
629 + int digest;
630 +
631 + if (dstate == NULL || fstate == NULL)
632 + return 1;
633 +
634 + memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
635 +
636 + sess = &dstate->d_sess;
637 +
638 + digest = digest_nid_to_cryptodev(to->digest->type);
639 +
640 + sess->mackey = NULL;
641 + sess->mackeylen = 0;
642 + sess->mac = digest;
643 +
644 + dstate->d_fd = get_dev_crypto();
645 +
646 + if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
647 + put_dev_crypto(dstate->d_fd);
648 + dstate->d_fd = -1;
649 + printf("cryptodev_digest_init: Open session failed\n");
650 + return (0);
651 + }
652 +
653 + if (fstate->mac_len != 0) {
654 + if (fstate->mac_data != NULL)
655 + {
656 + dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
657 + memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
658 + dstate->mac_len = fstate->mac_len;
659 + }
660 + }
661 +
662 + return 1;
663 +}
664 +
665 +
666 +static const EVP_MD cryptodev_sha1 = {
667 + NID_sha1,
668 + NID_sha1WithRSAEncryption,
669 + SHA_DIGEST_LENGTH,
670 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
671 + cryptodev_digest_init,
672 + cryptodev_digest_update,
673 + cryptodev_digest_final,
674 + cryptodev_digest_copy,
675 + cryptodev_digest_cleanup,
676 + EVP_PKEY_RSA_method,
677 + SHA_CBLOCK,
678 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
679 +};
680 +
681 +static const EVP_MD cryptodev_sha256 = {
682 + NID_sha256,
683 + NID_sha256WithRSAEncryption,
684 + SHA256_DIGEST_LENGTH,
685 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
686 + cryptodev_digest_init,
687 + cryptodev_digest_update,
688 + cryptodev_digest_final,
689 + cryptodev_digest_copy,
690 + cryptodev_digest_cleanup,
691 + EVP_PKEY_RSA_method,
692 + SHA256_CBLOCK,
693 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
694 +};
695 +
696 +static const EVP_MD cryptodev_sha384 = {
697 + NID_sha384,
698 + NID_sha384WithRSAEncryption,
699 + SHA384_DIGEST_LENGTH,
700 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
701 + cryptodev_digest_init,
702 + cryptodev_digest_update,
703 + cryptodev_digest_final,
704 + cryptodev_digest_copy,
705 + cryptodev_digest_cleanup,
706 + EVP_PKEY_RSA_method,
707 + SHA512_CBLOCK,
708 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
709 +};
710 +
711 +static const EVP_MD cryptodev_sha512 = {
712 + NID_sha512,
713 + NID_sha512WithRSAEncryption,
714 + SHA512_DIGEST_LENGTH,
715 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
716 + cryptodev_digest_init,
717 + cryptodev_digest_update,
718 + cryptodev_digest_final,
719 + cryptodev_digest_copy,
720 + cryptodev_digest_cleanup,
721 + EVP_PKEY_RSA_method,
722 + SHA512_CBLOCK,
723 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
724 +};
725 +
726 +static const EVP_MD cryptodev_md5 = {
727 + NID_md5,
728 + NID_md5WithRSAEncryption,
729 + 16 /* MD5_DIGEST_LENGTH */,
730 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
731 + cryptodev_digest_init,
732 + cryptodev_digest_update,
733 + cryptodev_digest_final,
734 + cryptodev_digest_copy,
735 + cryptodev_digest_cleanup,
736 + EVP_PKEY_RSA_method,
737 + 64 /* MD5_CBLOCK */,
738 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
739 +};
740 +
741 +#endif /* USE_CRYPTODEV_DIGESTS */
742 +
743 +
744 static int
745 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
746 const int **nids, int nid)
747 @@ -615,10 +939,24 @@
748 return (cryptodev_usable_digests(nids));
749
750 switch (nid) {
751 +#ifdef USE_CRYPTODEV_DIGESTS
752 case NID_md5:
753 - *digest = NULL; /* need to make a clean md5 critter */
754 + *digest = &cryptodev_md5;
755 break;
756 + case NID_sha1:
757 + *digest = &cryptodev_sha1;
758 + break;
759 + case NID_sha256:
760 + *digest = &cryptodev_sha256;
761 + break;
762 + case NID_sha384:
763 + *digest = &cryptodev_sha384;
764 + break;
765 + case NID_sha512:
766 + *digest = &cryptodev_sha512;
767 + break;
768 default:
769 +#endif /* USE_CRYPTODEV_DIGESTS */
770 *digest = NULL;
771 break;
772 }
773 @@ -646,8 +984,9 @@
774 b = malloc(bytes);
775 if (b == NULL)
776 return (1);
777 + memset(b, 0, bytes);
778
779 - crp->crp_p = (char *)b;
780 + crp->crp_p = (void*) b;
781 crp->crp_nbits = bits;
782
783 for (i = 0, j = 0; i < a->top; i++) {
784 @@ -690,7 +1029,7 @@
785 {
786 int i;
787
788 - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
789 + for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
790 if (kop->crk_param[i].crp_p)
791 free(kop->crk_param[i].crp_p);
792 kop->crk_param[i].crp_p = NULL;
793 @@ -776,8 +1115,9 @@
794 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
795 {
796 int r;
797 -
798 + ctx = BN_CTX_new();
799 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
800 + BN_CTX_free(ctx);
801 return (r);
802 }
803
804 @@ -899,7 +1239,7 @@
805 kop.crk_op = CRK_DSA_SIGN;
806
807 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
808 - kop.crk_param[0].crp_p = (caddr_t)dgst;
809 + kop.crk_param[0].crp_p = (void*)dgst;
810 kop.crk_param[0].crp_nbits = dlen * 8;
811 if (bn2crparam(dsa->p, &kop.crk_param[1]))
812 goto err;
813 @@ -939,7 +1279,7 @@
814 kop.crk_op = CRK_DSA_VERIFY;
815
816 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
817 - kop.crk_param[0].crp_p = (caddr_t)dgst;
818 + kop.crk_param[0].crp_p = (void*)dgst;
819 kop.crk_param[0].crp_nbits = dlen * 8;
820 if (bn2crparam(dsa->p, &kop.crk_param[1]))
821 goto err;
822 @@ -1017,7 +1357,7 @@
823 goto err;
824 kop.crk_iparams = 3;
825
826 - kop.crk_param[3].crp_p = (char *)key;
827 + kop.crk_param[3].crp_p = (void*) key;
828 kop.crk_param[3].crp_nbits = keylen * 8;
829 kop.crk_oparams = 1;
830
831 @@ -1048,7 +1388,7 @@
832 * but I expect we'll want some options soon.
833 */
834 static int
835 -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
836 +cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
837 {
838 #ifdef HAVE_SYSLOG_R
839 struct syslog_data sd = SYSLOG_DATA_INIT;
840 @@ -1084,14 +1424,14 @@
841 * find out what asymmetric crypto algorithms we support
842 */
843 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
844 - close(fd);
845 + put_dev_crypto(fd);
846 ENGINE_free(engine);
847 return;
848 }
849 - close(fd);
850 + put_dev_crypto(fd);
851
852 if (!ENGINE_set_id(engine, "cryptodev") ||
853 - !ENGINE_set_name(engine, "BSD cryptodev engine") ||
854 + !ENGINE_set_name(engine, "cryptodev engine") ||
855 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
856 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
857 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
858 diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h
859 --- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100
860 +++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200
861 @@ -705,9 +705,7 @@
862 * values. */
863 void *ENGINE_get_static_state(void);
864
865 -#if defined(__OpenBSD__) || defined(__FreeBSD__)
866 void ENGINE_setup_bsd_cryptodev(void);
867 -#endif
868
869 /* BEGIN ERROR CODES */
870 /* The following lines are auto generated by the script mkerr.pl. Any changes
871 diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c
872 --- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200
873 +++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200
874 @@ -83,8 +83,6 @@
875 OpenSSL_add_all_ciphers();
876 OpenSSL_add_all_digests();
877 #ifndef OPENSSL_NO_ENGINE
878 -# if defined(__OpenBSD__) || defined(__FreeBSD__)
879 ENGINE_setup_bsd_cryptodev();
880 -# endif
881 #endif
882 }
Timo's tree of IPFire 2.x