]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/patches/openssl-1.0.1e-cryptodev.patch
projects / people / teissler / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ppp-update' into beyond-next
[people/teissler/ipfire-2.x.git] / src / patches / openssl-1.0.1e-cryptodev.patch
1 Patch created by Michael Tremer <michael.tremer@ipfire.org> from
2 http://download.gna.org/cryptodev-linux/cryptodev-linux-1.6.tar.gz
3
4 diff -Nur openssl-1.0.1e-vanilla/crypto/cryptodev.h openssl-1.0.1e/crypto/cryptodev.h
5 --- openssl-1.0.1e-vanilla/crypto/cryptodev.h 1970-01-01 00:00:00.000000000 +0000
6 +++ openssl-1.0.1e/crypto/cryptodev.h 2013-12-25 14:27:20.907326820 +0000
7 @@ -0,0 +1,292 @@
8 +/* This is a source compatible implementation with the original API of
9 + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
10 + * Placed under public domain */
11 +
12 +#ifndef L_CRYPTODEV_H
13 +#define L_CRYPTODEV_H
14 +
15 +#include <linux/types.h>
16 +#ifndef __KERNEL__
17 +#define __user
18 +#endif
19 +
20 +/* API extensions for linux */
21 +#define CRYPTO_HMAC_MAX_KEY_LEN 512
22 +#define CRYPTO_CIPHER_MAX_KEY_LEN 64
23 +
24 +/* All the supported algorithms
25 + */
26 +enum cryptodev_crypto_op_t {
27 + CRYPTO_DES_CBC = 1,
28 + CRYPTO_3DES_CBC = 2,
29 + CRYPTO_BLF_CBC = 3,
30 + CRYPTO_CAST_CBC = 4,
31 + CRYPTO_SKIPJACK_CBC = 5,
32 + CRYPTO_MD5_HMAC = 6,
33 + CRYPTO_SHA1_HMAC = 7,
34 + CRYPTO_RIPEMD160_HMAC = 8,
35 + CRYPTO_MD5_KPDK = 9,
36 + CRYPTO_SHA1_KPDK = 10,
37 + CRYPTO_RIJNDAEL128_CBC = 11,
38 + CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
39 + CRYPTO_ARC4 = 12,
40 + CRYPTO_MD5 = 13,
41 + CRYPTO_SHA1 = 14,
42 + CRYPTO_DEFLATE_COMP = 15,
43 + CRYPTO_NULL = 16,
44 + CRYPTO_LZS_COMP = 17,
45 + CRYPTO_SHA2_256_HMAC = 18,
46 + CRYPTO_SHA2_384_HMAC = 19,
47 + CRYPTO_SHA2_512_HMAC = 20,
48 + CRYPTO_AES_CTR = 21,
49 + CRYPTO_AES_XTS = 22,
50 + CRYPTO_AES_ECB = 23,
51 + CRYPTO_AES_GCM = 50,
52 +
53 + CRYPTO_CAMELLIA_CBC = 101,
54 + CRYPTO_RIPEMD160,
55 + CRYPTO_SHA2_224,
56 + CRYPTO_SHA2_256,
57 + CRYPTO_SHA2_384,
58 + CRYPTO_SHA2_512,
59 + CRYPTO_SHA2_224_HMAC,
60 + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
61 +};
62 +
63 +#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1)
64 +
65 +/* Values for ciphers */
66 +#define DES_BLOCK_LEN 8
67 +#define DES3_BLOCK_LEN 8
68 +#define RIJNDAEL128_BLOCK_LEN 16
69 +#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
70 +#define CAMELLIA_BLOCK_LEN 16
71 +#define BLOWFISH_BLOCK_LEN 8
72 +#define SKIPJACK_BLOCK_LEN 8
73 +#define CAST128_BLOCK_LEN 8
74 +
75 +/* the maximum of the above */
76 +#define EALG_MAX_BLOCK_LEN 16
77 +
78 +/* Values for hashes/MAC */
79 +#define AALG_MAX_RESULT_LEN 64
80 +
81 +/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
82 +#define CRYPTODEV_MAX_ALG_NAME 64
83 +
84 +#define HASH_MAX_LEN 64
85 +
86 +/* input of CIOCGSESSION */
87 +struct session_op {
88 + /* Specify either cipher or mac
89 + */
90 + __u32 cipher; /* cryptodev_crypto_op_t */
91 + __u32 mac; /* cryptodev_crypto_op_t */
92 +
93 + __u32 keylen;
94 + __u8 __user *key;
95 + __u32 mackeylen;
96 + __u8 __user *mackey;
97 +
98 + __u32 ses; /* session identifier */
99 +};
100 +
101 +struct session_info_op {
102 + __u32 ses; /* session identifier */
103 +
104 + /* verbose names for the requested ciphers */
105 + struct alg_info {
106 + char cra_name[CRYPTODEV_MAX_ALG_NAME];
107 + char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
108 + } cipher_info, hash_info;
109 +
110 + __u16 alignmask; /* alignment constraints */
111 + __u32 flags; /* SIOP_FLAGS_* */
112 +};
113 +
114 +/* If this flag is set then this algorithm uses
115 + * a driver only available in kernel (software drivers,
116 + * or drivers based on instruction sets do not set this flag).
117 + *
118 + * If multiple algorithms are involved (as in AEAD case), then
119 + * if one of them is kernel-driver-only this flag will be set.
120 + */
121 +#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
122 +
123 +#define COP_ENCRYPT 0
124 +#define COP_DECRYPT 1
125 +
126 +/* input of CIOCCRYPT */
127 +struct crypt_op {
128 + __u32 ses; /* session identifier */
129 + __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
130 + __u16 flags; /* see COP_FLAG_* */
131 + __u32 len; /* length of source data */
132 + __u8 __user *src; /* source data */
133 + __u8 __user *dst; /* pointer to output data */
134 + /* pointer to output data for hash/MAC operations */
135 + __u8 __user *mac;
136 + /* initialization vector for encryption operations */
137 + __u8 __user *iv;
138 +};
139 +
140 +/* input of CIOCAUTHCRYPT */
141 +struct crypt_auth_op {
142 + __u32 ses; /* session identifier */
143 + __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
144 + __u16 flags; /* see COP_FLAG_AEAD_* */
145 + __u32 len; /* length of source data */
146 + __u32 auth_len; /* length of auth data */
147 + __u8 __user *auth_src; /* authenticated-only data */
148 +
149 + /* The current implementation is more efficient if data are
150 + * encrypted in-place (src==dst). */
151 + __u8 __user *src; /* data to be encrypted and authenticated */
152 + __u8 __user *dst; /* pointer to output data. Must have
153 + * space for tag. For TLS this should be at least
154 + * len + tag_size + block_size for padding */
155 +
156 + __u8 __user *tag; /* where the tag will be copied to. TLS mode
157 + * doesn't use that as tag is copied to dst.
158 + * SRTP mode copies tag there. */
159 + __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */
160 +
161 + /* initialization vector for encryption operations */
162 + __u8 __user *iv;
163 + __u32 iv_len;
164 +};
165 +
166 +/* In plain AEAD mode the following are required:
167 + * flags : 0
168 + * iv : the initialization vector (12 bytes)
169 + * auth_len: the length of the data to be authenticated
170 + * auth_src: the data to be authenticated
171 + * len : length of data to be encrypted
172 + * src : the data to be encrypted
173 + * dst : space to hold encrypted data. It must have
174 + * at least a size of len + tag_size.
175 + * tag_size: the size of the desired authentication tag or zero to use
176 + * the maximum tag output.
177 + *
178 + * Note tag isn't being used because the Linux AEAD interface
179 + * copies the tag just after data.
180 + */
181 +
182 +/* In TLS mode (used for CBC ciphers that required padding)
183 + * the following are required:
184 + * flags : COP_FLAG_AEAD_TLS_TYPE
185 + * iv : the initialization vector
186 + * auth_len: the length of the data to be authenticated only
187 + * len : length of data to be encrypted
188 + * auth_src: the data to be authenticated
189 + * src : the data to be encrypted
190 + * dst : space to hold encrypted data (preferably in-place). It must have
191 + * at least a size of len + tag_size + blocksize.
192 + * tag_size: the size of the desired authentication tag or zero to use
193 + * the default mac output.
194 + *
195 + * Note that the padding used is the minimum padding.
196 + */
197 +
198 +/* In SRTP mode the following are required:
199 + * flags : COP_FLAG_AEAD_SRTP_TYPE
200 + * iv : the initialization vector
201 + * auth_len: the length of the data to be authenticated. This must
202 + * include the SRTP header + SRTP payload (data to be encrypted) + rest
203 + *
204 + * len : length of data to be encrypted
205 + * auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
206 + * src : pointer to the data to be encrypted.
207 + * dst : This is mandatory to be the same as src (in-place only).
208 + * tag_size: the size of the desired authentication tag or zero to use
209 + * the default mac output.
210 + * tag : Pointer to an address where the authentication tag will be copied.
211 + */
212 +
213 +
214 +/* struct crypt_op flags */
215 +
216 +#define COP_FLAG_NONE (0 << 0) /* totally no flag */
217 +#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */
218 +#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */
219 +#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */
220 +#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */
221 +#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the
222 + * TLS protocol rules */
223 +#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the
224 + * SRTP protocol rules */
225 +#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state.
226 + * should be used in combination
227 + * with COP_FLAG_UPDATE */
228 +
229 +
230 +/* Stuff for bignum arithmetic and public key
231 + * cryptography - not supported yet by linux
232 + * cryptodev.
233 + */
234 +
235 +#define CRYPTO_ALG_FLAG_SUPPORTED 1
236 +#define CRYPTO_ALG_FLAG_RNG_ENABLE 2
237 +#define CRYPTO_ALG_FLAG_DSA_SHA 4
238 +
239 +struct crparam {
240 + __u8 *crp_p;
241 + __u32 crp_nbits;
242 +};
243 +
244 +#define CRK_MAXPARAM 8
245 +
246 +/* input of CIOCKEY */
247 +struct crypt_kop {
248 + __u32 crk_op; /* cryptodev_crk_ot_t */
249 + __u32 crk_status;
250 + __u16 crk_iparams;
251 + __u16 crk_oparams;
252 + __u32 crk_pad1;
253 + struct crparam crk_param[CRK_MAXPARAM];
254 +};
255 +
256 +enum cryptodev_crk_op_t {
257 + CRK_MOD_EXP = 0,
258 + CRK_MOD_EXP_CRT = 1,
259 + CRK_DSA_SIGN = 2,
260 + CRK_DSA_VERIFY = 3,
261 + CRK_DH_COMPUTE_KEY = 4,
262 + CRK_ALGORITHM_ALL
263 +};
264 +
265 +#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1)
266 +
267 +/* features to be queried with CIOCASYMFEAT ioctl
268 + */
269 +#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
270 +#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
271 +#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
272 +#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
273 +#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
274 +
275 +
276 +/* ioctl's. Compatible with old linux cryptodev.h
277 + */
278 +#define CRIOGET _IOWR('c', 101, __u32)
279 +#define CIOCGSESSION _IOWR('c', 102, struct session_op)
280 +#define CIOCFSESSION _IOW('c', 103, __u32)
281 +#define CIOCCRYPT _IOWR('c', 104, struct crypt_op)
282 +#define CIOCKEY _IOWR('c', 105, struct crypt_kop)
283 +#define CIOCASYMFEAT _IOR('c', 106, __u32)
284 +#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op)
285 +
286 +/* to indicate that CRIOGET is not required in linux
287 + */
288 +#define CRIOGET_NOT_NEEDED 1
289 +
290 +/* additional ioctls for AEAD */
291 +#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op)
292 +
293 +/* additional ioctls for asynchronous operation.
294 + * These are conditionally enabled since version 1.6.
295 + */
296 +#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
297 +#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
298 +
299 +#endif /* L_CRYPTODEV_H */
300 diff -Nur openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c openssl-1.0.1e/crypto/engine/eng_cryptodev.c
301 --- openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c 2013-02-11 15:26:04.000000000 +0000
302 +++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-12-25 14:27:06.968877039 +0000
303 @@ -2,6 +2,7 @@
304 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
305 * Copyright (c) 2002 Theo de Raadt
306 * Copyright (c) 2002 Markus Friedl
307 + * Copyright (c) 2012 Nikos Mavrogiannopoulos
308 * All rights reserved.
309 *
310 * Redistribution and use in source and binary forms, with or without
311 @@ -74,8 +75,6 @@
312 int d_fd;
313
314 #ifdef USE_CRYPTODEV_DIGESTS
315 - char dummy_mac_key[HASH_MAX_LEN];
316 -
317 unsigned char digest_res[HASH_MAX_LEN];
318 char *mac_data;
319 int mac_len;
320 @@ -157,15 +156,21 @@
321 static struct {
322 int id;
323 int nid;
324 - int keylen;
325 + int digestlen;
326 } digests[] = {
327 +#if 0
328 + /* HMAC is not supported */
329 { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
330 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
331 - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
332 - { CRYPTO_MD5_KPDK, NID_undef, 0},
333 - { CRYPTO_SHA1_KPDK, NID_undef, 0},
334 + { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
335 + { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
336 + { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
337 +#endif
338 { CRYPTO_MD5, NID_md5, 16},
339 { CRYPTO_SHA1, NID_sha1, 20},
340 + { CRYPTO_SHA2_256, NID_sha256, 32},
341 + { CRYPTO_SHA2_384, NID_sha384, 48},
342 + { CRYPTO_SHA2_512, NID_sha512, 64},
343 { 0, NID_undef, 0},
344 };
345 #endif
346 @@ -243,13 +248,14 @@
347 static int nids[CRYPTO_ALGORITHM_MAX];
348 struct session_op sess;
349 int fd, i, count = 0;
350 + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
351
352 if ((fd = get_dev_crypto()) < 0) {
353 *cnids = NULL;
354 return (0);
355 }
356 memset(&sess, 0, sizeof(sess));
357 - sess.key = (caddr_t)"123456789abcdefghijklmno";
358 + sess.key = (void*)fake_key;
359
360 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
361 if (ciphers[i].nid == NID_undef)
362 @@ -281,6 +287,7 @@
363 get_cryptodev_digests(const int **cnids)
364 {
365 static int nids[CRYPTO_ALGORITHM_MAX];
366 + unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
367 struct session_op sess;
368 int fd, i, count = 0;
369
370 @@ -289,12 +296,12 @@
371 return (0);
372 }
373 memset(&sess, 0, sizeof(sess));
374 - sess.mackey = (caddr_t)"123456789abcdefghijklmno";
375 + sess.mackey = fake_key;
376 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
377 if (digests[i].nid == NID_undef)
378 continue;
379 sess.mac = digests[i].id;
380 - sess.mackeylen = digests[i].keylen;
381 + sess.mackeylen = 8;
382 sess.cipher = 0;
383 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
384 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
385 @@ -382,14 +389,14 @@
386 cryp.ses = sess->ses;
387 cryp.flags = 0;
388 cryp.len = inl;
389 - cryp.src = (caddr_t) in;
390 - cryp.dst = (caddr_t) out;
391 + cryp.src = (void*) in;
392 + cryp.dst = (void*) out;
393 cryp.mac = 0;
394
395 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
396
397 if (ctx->cipher->iv_len) {
398 - cryp.iv = (caddr_t) ctx->iv;
399 + cryp.iv = (void*) ctx->iv;
400 if (!ctx->encrypt) {
401 iiv = in + inl - ctx->cipher->iv_len;
402 memcpy(save_iv, iiv, ctx->cipher->iv_len);
403 @@ -440,7 +447,7 @@
404 if ((state->d_fd = get_dev_crypto()) < 0)
405 return (0);
406
407 - sess->key = (caddr_t)key;
408 + sess->key = (void*)key;
409 sess->keylen = ctx->key_len;
410 sess->cipher = cipher;
411
412 @@ -660,18 +667,6 @@
413 }
414
415
416 -static int
417 -digest_key_length(int nid)
418 -{
419 - int i;
420 -
421 - for (i = 0; digests[i].id; i++)
422 - if (digests[i].nid == nid)
423 - return digests[i].keylen;
424 - return (0);
425 -}
426 -
427 -
428 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
429 {
430 struct dev_crypto_state *state = ctx->md_data;
431 @@ -682,7 +677,6 @@
432 printf("cryptodev_digest_init: Can't get digest \n");
433 return (0);
434 }
435 -
436 memset(state, 0, sizeof(struct dev_crypto_state));
437
438 if ((state->d_fd = get_dev_crypto()) < 0) {
439 @@ -690,8 +684,8 @@
440 return (0);
441 }
442
443 - sess->mackey = state->dummy_mac_key;
444 - sess->mackeylen = digest_key_length(ctx->digest->type);
445 + sess->mackey = NULL;
446 + sess->mackeylen = 0;
447 sess->mac = digest;
448
449 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
450 @@ -707,8 +701,8 @@
451 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
452 size_t count)
453 {
454 - struct crypt_op cryp;
455 struct dev_crypto_state *state = ctx->md_data;
456 + struct crypt_op cryp;
457 struct session_op *sess = &state->d_sess;
458
459 if (!data || state->d_fd < 0) {
460 @@ -717,7 +711,7 @@
461 }
462
463 if (!count) {
464 - return (0);
465 + return (1);
466 }
467
468 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
469 @@ -740,9 +734,9 @@
470 cryp.ses = sess->ses;
471 cryp.flags = 0;
472 cryp.len = count;
473 - cryp.src = (caddr_t) data;
474 + cryp.src = (void*) data;
475 cryp.dst = NULL;
476 - cryp.mac = (caddr_t) state->digest_res;
477 + cryp.mac = (void*) state->digest_res;
478 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
479 printf("cryptodev_digest_update: digest failed\n");
480 return (0);
481 @@ -757,8 +751,6 @@
482 struct dev_crypto_state *state = ctx->md_data;
483 struct session_op *sess = &state->d_sess;
484
485 - int ret = 1;
486 -
487 if (!md || state->d_fd < 0) {
488 printf("cryptodev_digest_final: illegal input\n");
489 return(0);
490 @@ -772,7 +764,7 @@
491 cryp.len = state->mac_len;
492 cryp.src = state->mac_data;
493 cryp.dst = NULL;
494 - cryp.mac = (caddr_t)md;
495 + cryp.mac = (void*)md;
496 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
497 printf("cryptodev_digest_final: digest failed\n");
498 return (0);
499 @@ -783,7 +775,7 @@
500
501 memcpy(md, state->digest_res, ctx->digest->md_size);
502
503 - return (ret);
504 + return 1;
505 }
506
507
508 @@ -835,8 +827,8 @@
509
510 digest = digest_nid_to_cryptodev(to->digest->type);
511
512 - sess->mackey = dstate->dummy_mac_key;
513 - sess->mackeylen = digest_key_length(to->digest->type);
514 + sess->mackey = NULL;
515 + sess->mackeylen = 0;
516 sess->mac = digest;
517
518 dstate->d_fd = get_dev_crypto();
519 @@ -861,34 +853,117 @@
520 }
521
522
523 -const EVP_MD cryptodev_sha1 = {
524 +static const EVP_MD cryptodev_sha1 = {
525 NID_sha1,
526 - NID_undef,
527 + NID_sha1WithRSAEncryption,
528 SHA_DIGEST_LENGTH,
529 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
530 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
531 + EVP_MD_FLAG_DIGALGID_ABSENT|
532 +#endif
533 EVP_MD_FLAG_ONESHOT,
534 cryptodev_digest_init,
535 cryptodev_digest_update,
536 cryptodev_digest_final,
537 cryptodev_digest_copy,
538 cryptodev_digest_cleanup,
539 - EVP_PKEY_NULL_method,
540 + EVP_PKEY_RSA_method,
541 SHA_CBLOCK,
542 - sizeof(struct dev_crypto_state),
543 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
544 +};
545 +
546 +static const EVP_MD cryptodev_sha256 = {
547 + NID_sha256,
548 + NID_sha256WithRSAEncryption,
549 + SHA256_DIGEST_LENGTH,
550 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
551 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
552 + EVP_MD_FLAG_DIGALGID_ABSENT|
553 +#endif
554 + EVP_MD_FLAG_ONESHOT,
555 + cryptodev_digest_init,
556 + cryptodev_digest_update,
557 + cryptodev_digest_final,
558 + cryptodev_digest_copy,
559 + cryptodev_digest_cleanup,
560 + EVP_PKEY_RSA_method,
561 + SHA256_CBLOCK,
562 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
563 +};
564 +static const EVP_MD cryptodev_sha224 = {
565 + NID_sha224,
566 + NID_sha224WithRSAEncryption,
567 + SHA224_DIGEST_LENGTH,
568 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
569 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
570 + EVP_MD_FLAG_DIGALGID_ABSENT|
571 +#endif
572 + EVP_MD_FLAG_ONESHOT,
573 + cryptodev_digest_init,
574 + cryptodev_digest_update,
575 + cryptodev_digest_final,
576 + cryptodev_digest_copy,
577 + cryptodev_digest_cleanup,
578 + EVP_PKEY_RSA_method,
579 + SHA256_CBLOCK,
580 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
581 +};
582 +
583 +static const EVP_MD cryptodev_sha384 = {
584 + NID_sha384,
585 + NID_sha384WithRSAEncryption,
586 + SHA384_DIGEST_LENGTH,
587 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
588 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
589 + EVP_MD_FLAG_DIGALGID_ABSENT|
590 +#endif
591 + EVP_MD_FLAG_ONESHOT,
592 + cryptodev_digest_init,
593 + cryptodev_digest_update,
594 + cryptodev_digest_final,
595 + cryptodev_digest_copy,
596 + cryptodev_digest_cleanup,
597 + EVP_PKEY_RSA_method,
598 + SHA512_CBLOCK,
599 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
600 +};
601 +
602 +static const EVP_MD cryptodev_sha512 = {
603 + NID_sha512,
604 + NID_sha512WithRSAEncryption,
605 + SHA512_DIGEST_LENGTH,
606 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
607 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
608 + EVP_MD_FLAG_DIGALGID_ABSENT|
609 +#endif
610 + EVP_MD_FLAG_ONESHOT,
611 + cryptodev_digest_init,
612 + cryptodev_digest_update,
613 + cryptodev_digest_final,
614 + cryptodev_digest_copy,
615 + cryptodev_digest_cleanup,
616 + EVP_PKEY_RSA_method,
617 + SHA512_CBLOCK,
618 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
619 };
620
621 -const EVP_MD cryptodev_md5 = {
622 +static const EVP_MD cryptodev_md5 = {
623 NID_md5,
624 - NID_undef,
625 + NID_md5WithRSAEncryption,
626 16 /* MD5_DIGEST_LENGTH */,
627 +#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
628 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
629 + EVP_MD_FLAG_DIGALGID_ABSENT|
630 +#endif
631 EVP_MD_FLAG_ONESHOT,
632 cryptodev_digest_init,
633 cryptodev_digest_update,
634 cryptodev_digest_final,
635 cryptodev_digest_copy,
636 cryptodev_digest_cleanup,
637 - EVP_PKEY_NULL_method,
638 + EVP_PKEY_RSA_method,
639 64 /* MD5_CBLOCK */,
640 - sizeof(struct dev_crypto_state),
641 + sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
642 };
643
644 #endif /* USE_CRYPTODEV_DIGESTS */
645 @@ -909,6 +984,18 @@
646 case NID_sha1:
647 *digest = &cryptodev_sha1;
648 break;
649 + case NID_sha224:
650 + *digest = &cryptodev_sha224;
651 + break;
652 + case NID_sha256:
653 + *digest = &cryptodev_sha256;
654 + break;
655 + case NID_sha384:
656 + *digest = &cryptodev_sha384;
657 + break;
658 + case NID_sha512:
659 + *digest = &cryptodev_sha512;
660 + break;
661 default:
662 #endif /* USE_CRYPTODEV_DIGESTS */
663 *digest = NULL;
664 @@ -940,7 +1027,7 @@
665 return (1);
666 memset(b, 0, bytes);
667
668 - crp->crp_p = (caddr_t) b;
669 + crp->crp_p = (void*) b;
670 crp->crp_nbits = bits;
671
672 for (i = 0, j = 0; i < a->top; i++) {
673 @@ -1193,7 +1280,7 @@
674 kop.crk_op = CRK_DSA_SIGN;
675
676 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
677 - kop.crk_param[0].crp_p = (caddr_t)dgst;
678 + kop.crk_param[0].crp_p = (void*)dgst;
679 kop.crk_param[0].crp_nbits = dlen * 8;
680 if (bn2crparam(dsa->p, &kop.crk_param[1]))
681 goto err;
682 @@ -1233,7 +1320,7 @@
683 kop.crk_op = CRK_DSA_VERIFY;
684
685 /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
686 - kop.crk_param[0].crp_p = (caddr_t)dgst;
687 + kop.crk_param[0].crp_p = (void*)dgst;
688 kop.crk_param[0].crp_nbits = dlen * 8;
689 if (bn2crparam(dsa->p, &kop.crk_param[1]))
690 goto err;
691 @@ -1311,9 +1398,10 @@
692 goto err;
693 kop.crk_iparams = 3;
694
695 - kop.crk_param[3].crp_p = (caddr_t) key;
696 - kop.crk_param[3].crp_nbits = keylen * 8;
697 + kop.crk_param[3].crp_p = (void*) key;
698 + kop.crk_param[3].crp_nbits = keylen;
699 kop.crk_oparams = 1;
700 + dhret = keylen/8;
701
702 if (ioctl(fd, CIOCKEY, &kop) == -1) {
703 const DH_METHOD *meth = DH_OpenSSL();
704 @@ -1385,7 +1473,7 @@
705 put_dev_crypto(fd);
706
707 if (!ENGINE_set_id(engine, "cryptodev") ||
708 - !ENGINE_set_name(engine, "BSD cryptodev engine") ||
709 + !ENGINE_set_name(engine, "cryptodev engine") ||
710 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
711 !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
712 !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
Timo's tree of IPFire 2.x