summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOtavio Salvador <otavio@ossystems.com.br>2015-07-13 14:00:59 -0300
committerOtavio Salvador <otavio@ossystems.com.br>2015-07-15 15:46:20 +0000
commitc92b415d653afc55f33b6b93fb9248193bfd4fa0 (patch)
treef473cb6d92bff7654ed35decf204041c34579b67
parent8800258fd611baf2dc62c8c620a4a2fdb75ef148 (diff)
parent60ecf4f21bb60a1c83a194b6799f56dcaf094f1b (diff)
downloadmeta-freescale-c92b415d653afc55f33b6b93fb9248193bfd4fa0.tar.gz
Merge branch 'master' from multiple repositories
Repositories: meta-fsl-arm meta-fsl-ppc Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
-rw-r--r--meta-fsl-ppc/README49
-rw-r--r--meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass14
-rw-r--r--meta-fsl-ppc/conf/layer.conf18
-rw-r--r--meta-fsl-ppc/conf/machine/b4420qds-64b.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/b4420qds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/b4860qds-64b.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/b4860qds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/bsc9131rdb.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/bsc9132qds.conf23
-rw-r--r--meta-fsl-ppc/conf/machine/c293pcie.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/include/e500mc.inc6
-rw-r--r--meta-fsl-ppc/conf/machine/include/e500v2.inc4
-rw-r--r--meta-fsl-ppc/conf/machine/include/e5500-64b.inc12
-rw-r--r--meta-fsl-ppc/conf/machine/include/e5500.inc6
-rw-r--r--meta-fsl-ppc/conf/machine/include/e6500-64b.inc12
-rw-r--r--meta-fsl-ppc/conf/machine/include/e6500.inc13
-rw-r--r--meta-fsl-ppc/conf/machine/include/qoriq-base.inc26
-rw-r--r--meta-fsl-ppc/conf/machine/p1010rdb.conf22
-rw-r--r--meta-fsl-ppc/conf/machine/p1020rdb.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/p1021rdb.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/p1022ds.conf26
-rw-r--r--meta-fsl-ppc/conf/machine/p1023rdb.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/p1025twr.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/p2020rdb.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/p2041rdb.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/p3041ds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/p4080ds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/p5020ds-64b.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/p5020ds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/p5040ds-64b.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/p5040ds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/t1024qds-64b.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1024qds.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1024rdb-64b.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1024rdb.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1040rdb-64b.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1040rdb.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1042rdb-64b.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf25
-rw-r--r--meta-fsl-ppc/conf/machine/t1042rdb-pi.conf24
-rw-r--r--meta-fsl-ppc/conf/machine/t1042rdb.conf16
-rw-r--r--meta-fsl-ppc/conf/machine/t2080qds-64b.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/t2080qds.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/t2080rdb-64b.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/t2080rdb.conf17
-rw-r--r--meta-fsl-ppc/conf/machine/t4160qds-64b.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/t4160qds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/t4240qds-64b.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/t4240qds.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/t4240rdb-64b.conf15
-rw-r--r--meta-fsl-ppc/conf/machine/t4240rdb.conf15
-rw-r--r--meta-fsl-ppc/custom-licenses/Cortina51
-rw-r--r--meta-fsl-ppc/custom-licenses/Freescale-EULA214
-rw-r--r--meta-fsl-ppc/custom-licenses/TestFloat24
-rw-r--r--meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch105
-rw-r--r--meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend4
-rw-r--r--meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb20
-rw-r--r--meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch21
-rw-r--r--meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb20
-rw-r--r--meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb50
-rw-r--r--meta-fsl-ppc/recipes-bsp/ipc/ipc.inc7
-rw-r--r--meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb41
-rw-r--r--meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb35
-rw-r--r--meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb47
-rw-r--r--meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch77
-rw-r--r--meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch38
-rw-r--r--meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb188
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README77
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel32
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel31
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey4
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left29
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right28
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left3
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right8
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left39
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right34
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport22
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport22
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv42
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem25
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem27
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh19
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh19
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt2
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf22
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport22
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel41
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport22
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel41
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport23
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv42
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup47
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left13
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right13
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf19
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem22
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left10
-rwxr-xr-xmeta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right10
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem25
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem27
-rw-r--r--meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb25
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch83
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch317
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch64
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch74
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch318
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch33
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch35
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch1564
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch28
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch2039
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch153
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch64
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch164
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch43
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch53
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch100
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch309
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc173
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch34
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch45
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch22
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch66
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch15
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch15
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch34
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch15
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch15
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch177
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch4670
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch56
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl54
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch22
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch119
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch24
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch21
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch39
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch19
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch35
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch90
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch41
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb55
-rw-r--r--meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend60
-rw-r--r--meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces6
-rw-r--r--meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend2
-rw-r--r--meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb23
-rw-r--r--meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules20
-rw-r--r--meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules24
-rw-r--r--meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules23
-rw-r--r--meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch41
-rw-r--r--meta-fsl-ppc/recipes-core/udev/udev_182.bbappend6
-rw-r--r--meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb57
-rw-r--r--meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb17
-rw-r--r--meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb15
-rw-r--r--meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb37
-rw-r--r--meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb53
-rw-r--r--meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb45
-rw-r--r--meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb62
-rw-r--r--meta-fsl-ppc/recipes-extended/cst/cst_git.bb26
-rw-r--r--meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README7
-rw-r--r--meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb25
-rw-r--r--meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend9
-rw-r--r--meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch660
-rw-r--r--meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb31
-rw-r--r--meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch1427
-rw-r--r--meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch1644
-rw-r--r--meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch67
-rw-r--r--meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb45
-rw-r--r--meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb23
-rw-r--r--meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb11
-rw-r--r--meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc40
-rw-r--r--meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc4
-rw-r--r--meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf27
-rw-r--r--meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend2
-rw-r--r--meta-fsl-ppc/recipes-kernel/asf/asf_git.bb33
-rw-r--r--meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb29
-rw-r--r--meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb30
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc17
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch52
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch32
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch207
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch898
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch200
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch213
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch212
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch238
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch170
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch160
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend2
-rw-r--r--meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend12
-rw-r--r--meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb11
-rw-r--r--meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb11
-rw-r--r--meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc26
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch140
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch43
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch52
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch94
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch62
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch348
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch141
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch92
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch46
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch65
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch86
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch62
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch102
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch200
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch114
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch137
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch160
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch134
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch51
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch64
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch324
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch41
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch212
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch47
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch91
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch41
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch210
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch98
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch47
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch145
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch80
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch51
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch85
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch53
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch46
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch94
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch96
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc46
-rw-r--r--meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb43
-rw-r--r--meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend2
-rw-r--r--meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb33
-rw-r--r--meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb15
-rw-r--r--meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb15
-rwxr-xr-xmeta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb15
-rw-r--r--meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb52
-rw-r--r--meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules2
-rw-r--r--meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb94
-rw-r--r--meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gzbin0 -> 10021 bytes
-rw-r--r--meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb16
-rw-r--r--meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf465
-rw-r--r--meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend9
266 files changed, 26455 insertions, 0 deletions
diff --git a/meta-fsl-ppc/README b/meta-fsl-ppc/README
new file mode 100644
index 00000000..10158ef9
--- /dev/null
+++ b/meta-fsl-ppc/README
@@ -0,0 +1,49 @@
1OpenEmbedded/Yocto BSP layer for Freescale's PPC platforms
2==========================================================
3
4This layer provides support for Freescale's PPC platforms for use with
5OpenEmbedded and/or Yocto.
6
7This layer depends on:
8
9URI: git://git.openembedded.org/openembedded-core
10branch: master
11revision: HEAD
12
13URI: git://git.openembedded.org/meta-openembedded
14branch: master
15revision: HEAD
16
17Contributing
18------------
19
20To contribute to this layer you should the patches for review to the
21mailing list.
22
23Mailing list:
24
25 https://lists.yoctoproject.org/listinfo/meta-freescale
26
27Source code:
28
29 git://git.yoctoproject.org/meta-fsl-ppc
30 http://git.yoctoproject.org/git/meta-fsl-ppc
31
32When creating patches, please use something like:
33
34 git format-patch -s --subject-prefix='meta-fsl-ppc dylan][PATCH' origin
35optionally include a branch if the patch applies to multiple branches,
36otherwise master is assumed
37
38When sending patches, please use something like:
39
40 git send-email --to meta-freescale@yoctoproject.org <generated patch>
41
42git.yoctoproject.org vs. git.freescale.com:
43-------------------------------------------
44
45git.yoctoproject.org hosts the official upstream work of Freescale's OE/YP repos,
46for official SDK releases at times we need to do last minute fixes or include things
47not supported upstream so we have a different repo on git.freescale.com for the
48official release. git.freescale.com should be based off repos from git.yoctoproject.org
49
diff --git a/meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass b/meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass
new file mode 100644
index 00000000..5dd8931f
--- /dev/null
+++ b/meta-fsl-ppc/classes/qoriq_build_64bit_kernel.bbclass
@@ -0,0 +1,14 @@
1inherit distro_features_check
2REQUIRED_DISTRO_FEATURES_e6500 += "multiarch"
3
4python () {
5 promote_kernel = d.getVar('BUILD_64BIT_KERNEL')
6 if promote_kernel == "1":
7 d.setVar('KERNEL_CC_append', ' -m64')
8 d.setVar('KERNEL_LD_append', ' -melf64ppc')
9
10 error_qa = d.getVar('ERROR_QA', True)
11 if 'arch' in error_qa:
12 d.setVar('ERROR_QA', error_qa.replace(' arch', ''))
13}
14
diff --git a/meta-fsl-ppc/conf/layer.conf b/meta-fsl-ppc/conf/layer.conf
new file mode 100644
index 00000000..a4d4add9
--- /dev/null
+++ b/meta-fsl-ppc/conf/layer.conf
@@ -0,0 +1,18 @@
1# We have a packages directory, add to BBFILES
2BBPATH .= ":${LAYERDIR}"
3
4BBFILES += "${LAYERDIR}/recipes-*/*/*.bb*"
5BBFILES += "${LAYERDIR}/images/*.bb*"
6BBFILES += "${LAYERDIR}/classes/*.bb*"
7
8BBFILE_COLLECTIONS += "fsl-ppc"
9BBFILE_PATTERN_fsl-ppc = "^${LAYERDIR}/"
10BBFILE_PRIORITY_fsl-ppc = "5"
11
12LICENSE_PATH += "${LAYERDIR}/custom-licenses"
13
14# Let us add layer-specific bbappends which are only applied when that
15# layer is included in our configuration
16BBFILES += "${@' '.join('${LAYERDIR}/%s/recipes*/*/*.bbappend' % layer \
17 for layer in BBFILE_COLLECTIONS.split())}"
18
diff --git a/meta-fsl-ppc/conf/machine/b4420qds-64b.conf b/meta-fsl-ppc/conf/machine/b4420qds-64b.conf
new file mode 100644
index 00000000..c0487d90
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/b4420qds-64b.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale B4420QDS-64B
3#@SOC: b4420
4#@DESCRIPTION: Machine configuration for running B4420QDS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "b4:b4420"
10UBOOT_MACHINES ?= "B4420QDS"
11KERNEL_DEVICETREE ?= "b4420qds.dtb b4420qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/b4420qds.conf b/meta-fsl-ppc/conf/machine/b4420qds.conf
new file mode 100644
index 00000000..94ab1d33
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/b4420qds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale B4420QDS
3#@SOC: b4420
4#@DESCRIPTION: Machine configuration for running B4420QDS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "b4:b4420"
10UBOOT_MACHINES ?= "B4420QDS"
11KERNEL_DEVICETREE ?= "b4420qds.dtb b4420qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/b4860qds-64b.conf b/meta-fsl-ppc/conf/machine/b4860qds-64b.conf
new file mode 100644
index 00000000..7e1f5bf9
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/b4860qds-64b.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale B4860QDS-64B
3#@SOC: b4860
4#@DESCRIPTION: Machine configuration for running B4860QDS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "b4:b4860"
10UBOOT_MACHINES ?= "B4860QDS B4860QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "b4860qds.dtb b4860qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/b4860qds.conf b/meta-fsl-ppc/conf/machine/b4860qds.conf
new file mode 100644
index 00000000..bae326e0
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/b4860qds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale B4860QDS
3#@SOC: b4860
4#@DESCRIPTION: Machine configuration for running B4860QDS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "b4:b4860"
10UBOOT_MACHINES ?= "B4860QDS B4860QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "b4860qds.dtb b4860qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/bsc9131rdb.conf b/meta-fsl-ppc/conf/machine/bsc9131rdb.conf
new file mode 100644
index 00000000..e65f7e4e
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/bsc9131rdb.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale BSC9131RDB
3#@SOC: bsc9131
4#@DESCRIPTION: Machine configuration for running BSC9131RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "bsc9131"
10UBOOT_MACHINES ?= "BSC9131RDB_SPIFLASH BSC9131RDB_NAND BSC9131RDB_NAND_SYSCLK100 BSC9131RDB_SPIFLASH_SYSCLK100"
11KERNEL_DEVICETREE ?= "bsc9131rdb.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/bsc913x_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/bsc9132qds.conf b/meta-fsl-ppc/conf/machine/bsc9132qds.conf
new file mode 100644
index 00000000..90ac2a3b
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/bsc9132qds.conf
@@ -0,0 +1,23 @@
1#@TYPE: Machine
2#@NAME: Freescale BSC9132QDS
3#@SOC: bsc9132
4#@DESCRIPTION: Machine configuration for running BSC9132QDS
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "bsc9132"
10UBOOT_MACHINES ?= " BSC9132QDS_NAND_DDRCLK133 BSC9132QDS_NAND_DDRCLK100 \
11 BSC9132QDS_NOR_DDRCLK100 BSC9132QDS_NOR_DDRCLK133 \
12 BSC9132QDS_SDCARD_DDRCLK100 BSC9132QDS_SDCARD_DDRCLK133 \
13 BSC9132QDS_SPIFLASH_DDRCLK100 BSC9132QDS_SPIFLASH_DDRCLK133 \
14 BSC9132QDS_NAND_DDRCLK100_SECURE BSC9132QDS_NAND_DDRCLK133_SECURE \
15 BSC9132QDS_NOR_DDRCLK100_SECURE BSC9132QDS_NOR_DDRCLK133_SECURE \
16 BSC9132QDS_SDCARD_DDRCLK100_SECURE BSC9132QDS_SDCARD_DDRCLK133_SECURE \
17 BSC9132QDS_SPIFLASH_DDRCLK100_SECURE BSC9132QDS_SPIFLASH_DDRCLK133_SECURE \
18"
19KERNEL_DEVICETREE ?= "bsc9132qds.dtb"
20KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/bsc913x_smp_defconfig"
21
22JFFS2_ERASEBLOCK = "0x10000"
23
diff --git a/meta-fsl-ppc/conf/machine/c293pcie.conf b/meta-fsl-ppc/conf/machine/c293pcie.conf
new file mode 100644
index 00000000..6a63844e
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/c293pcie.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale C293PCIE
3#@SOC: c293pcie
4#@DESCRIPTION: Machine configuration for running C293PCIE in 36-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "c293pcie"
10BOOTFORMAT_CONFIG = "config_ddr3_512m_c29xpcie_800M.dat"
11UBOOT_MACHINES ?= "C29XPCIE C29XPCIE_SPIFLASH C29XPCIE_SECBOOT C29XPCIE_SPIFLASH_SECBOOT"
12KERNEL_DEVICETREE ?= "c293pcie_36b.dtb"
13KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_defconfig"
14
15JFFS2_ERASEBLOCK = "0x10000"
16
diff --git a/meta-fsl-ppc/conf/machine/include/e500mc.inc b/meta-fsl-ppc/conf/machine/include/e500mc.inc
new file mode 100644
index 00000000..5871104d
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/e500mc.inc
@@ -0,0 +1,6 @@
1TARGET_FPU = "hard"
2
3require conf/machine/include/tune-ppce500mc.inc
4require conf/machine/include/qoriq-base.inc
5
6MACHINEOVERRIDES .= ":e500mc"
diff --git a/meta-fsl-ppc/conf/machine/include/e500v2.inc b/meta-fsl-ppc/conf/machine/include/e500v2.inc
new file mode 100644
index 00000000..a9372549
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/e500v2.inc
@@ -0,0 +1,4 @@
1require conf/machine/include/tune-ppce500v2.inc
2require conf/machine/include/qoriq-base.inc
3
4MACHINEOVERRIDES .= ":e500v2"
diff --git a/meta-fsl-ppc/conf/machine/include/e5500-64b.inc b/meta-fsl-ppc/conf/machine/include/e5500-64b.inc
new file mode 100644
index 00000000..d238ca89
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/e5500-64b.inc
@@ -0,0 +1,12 @@
1TARGET_FPU = "hard"
2DEFAULTTUNE ?= "ppc64e5500"
3
4require conf/machine/include/tune-ppce5500.inc
5require conf/machine/include/qoriq-base.inc
6
7MACHINEOVERRIDES .= ":e5500-64b"
8
9require conf/multilib.conf
10MULTILIBS ?= "multilib:lib32"
11DEFAULTTUNE_virtclass-multilib-lib32 ?= "ppce5500"
12
diff --git a/meta-fsl-ppc/conf/machine/include/e5500.inc b/meta-fsl-ppc/conf/machine/include/e5500.inc
new file mode 100644
index 00000000..88f6d06e
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/e5500.inc
@@ -0,0 +1,6 @@
1TARGET_FPU = "hard"
2
3require conf/machine/include/tune-ppce5500.inc
4require conf/machine/include/qoriq-base.inc
5
6MACHINEOVERRIDES .= ":e5500"
diff --git a/meta-fsl-ppc/conf/machine/include/e6500-64b.inc b/meta-fsl-ppc/conf/machine/include/e6500-64b.inc
new file mode 100644
index 00000000..522ee71f
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/e6500-64b.inc
@@ -0,0 +1,12 @@
1TARGET_FPU = "hard"
2DEFAULTTUNE ?= "ppc64e6500"
3
4require conf/machine/include/tune-ppce6500.inc
5require conf/machine/include/qoriq-base.inc
6
7MACHINEOVERRIDES .= ":e6500-64b"
8
9require conf/multilib.conf
10MULTILIBS ?= "multilib:lib32"
11DEFAULTTUNE_virtclass-multilib-lib32 ?= "ppce6500"
12
diff --git a/meta-fsl-ppc/conf/machine/include/e6500.inc b/meta-fsl-ppc/conf/machine/include/e6500.inc
new file mode 100644
index 00000000..4121fbef
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/e6500.inc
@@ -0,0 +1,13 @@
1TARGET_FPU = "hard"
2
3require conf/machine/include/tune-ppce6500.inc
4require conf/machine/include/qoriq-base.inc
5
6MACHINEOVERRIDES .= ":e6500"
7
8BUILD_64BIT_KERNEL = "1"
9
10require conf/multilib.conf
11MULTILIBS ?= "multilib:lib64"
12DEFAULTTUNE_virtclass-multilib-lib64 ?= "ppc64e6500"
13
diff --git a/meta-fsl-ppc/conf/machine/include/qoriq-base.inc b/meta-fsl-ppc/conf/machine/include/qoriq-base.inc
new file mode 100644
index 00000000..35ca79ce
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/include/qoriq-base.inc
@@ -0,0 +1,26 @@
1# Provides the QorIQ common settings
2require conf/machine/include/soc-family.inc
3
4# providers
5PREFERRED_PROVIDER_virtual/kernel ?= "linux-qoriq"
6PREFERRED_PROVIDER_u-boot ?= "u-boot-qoriq"
7
8# versions
9PREFERRED_VERSION_qemu = "1.7+fsl"
10PREFERRED_VERSION_openssl = "1.0.1i"
11
12# settings
13MACHINE_FEATURES = "keyboard pci ext2 ext3 serial"
14MACHINE_EXTRA_RRECOMMENDS += "udev-rules-qoriq kernel-modules"
15MACHINEOVERRIDES .= ":qoriq-ppc"
16
17IMAGE_CLASSES += "image_types_uboot"
18EXTRA_IMAGEDEPENDS += "u-boot"
19
20KERNEL_IMAGETYPE ?= "uImage"
21
22SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1 115200;ttyEHV0"
23SERIAL_CONSOLES_CHECK ?= "${SERIAL_CONSOLES}"
24
25USE_VT = "0"
26
diff --git a/meta-fsl-ppc/conf/machine/p1010rdb.conf b/meta-fsl-ppc/conf/machine/p1010rdb.conf
new file mode 100644
index 00000000..e24c341e
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p1010rdb.conf
@@ -0,0 +1,22 @@
1#@TYPE: Machine
2#@Name: Freescale P1010RDB
3#@SOC: p1010
4#@DESCRIPTION: Machine configuration for running P1010RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p1010"
10BOOTFORMAT_CONFIG = "config_sram_p1010rdb.dat"
11UBOOT_MACHINES ?= "P1010RDB-PB_NAND P1010RDB-PB_NOR \
12 P1010RDB-PB_SPIFLASH P1010RDB-PB_36BIT_NOR P1010RDB-PB_36BIT_NAND \
13 P1010RDB-PB_36BIT_SPIFLASH P1010RDB-PB_36BIT_NAND_SECBOOT \
14 P1010RDB-PB_36BIT_NOR_SECBOOT P1010RDB-PB_36BIT_SPIFLASH_SECBOOT \
15 P1010RDB-PB_NAND_SECBOOT P1010RDB-PB_NOR_SECBOOT \
16 P1010RDB-PB_SPIFLASH_SECBOOT \
17"
18KERNEL_DEVICETREE ?= "p1010rdb-pa.dtb p1010rdb-pb.dtb"
19KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_defconfig"
20
21JFFS2_ERASEBLOCK = "0x20000"
22
diff --git a/meta-fsl-ppc/conf/machine/p1020rdb.conf b/meta-fsl-ppc/conf/machine/p1020rdb.conf
new file mode 100644
index 00000000..e2b706ed
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p1020rdb.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale P1020RDB
3#@SOC: p1020
4#@DESCRIPTION: Machine configuration for running P1020RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p1020"
10BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
11UBOOT_MACHINES ?= " P1020RDB-PD P1020RDB-PD_NAND P1020RDB-PD_SDCARD P1020RDB-PD_SPIFLASH"
12KERNEL_DEVICETREE ?= "p1020rdb-pd_32b.dtb"
13KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
14
15JFFS2_ERASEBLOCK = "0x20000"
16
diff --git a/meta-fsl-ppc/conf/machine/p1021rdb.conf b/meta-fsl-ppc/conf/machine/p1021rdb.conf
new file mode 100644
index 00000000..03a18215
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p1021rdb.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@Name: Freescale P1021RDB
3#@SOC: p1021
4#@DESCRIPTION: Machine configuration for running P1021RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p1021"
10BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
11UBOOT_MACHINES ?= "P1021RDB-PC P1021RDB-PC_NAND P1021RDB-PC_SDCARD P1021RDB-PC_SPIFLASH P1021RDB-PC_36BIT P1021RDB-PC_36BIT_SPIFLASH P1021RDB-PC_36BIT_NAND P1021RDB-PC_36BIT_SDCARD"
12KERNEL_DEVICETREE ?= "p1021rdb-pc_32b.dtb"
13KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
14
15JFFS2_ERASEBLOCK = "0x20000"
16QE_UCODE ?= "fsl_qe_ucode_1021_10_A.bin"
17
diff --git a/meta-fsl-ppc/conf/machine/p1022ds.conf b/meta-fsl-ppc/conf/machine/p1022ds.conf
new file mode 100644
index 00000000..823131ad
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p1022ds.conf
@@ -0,0 +1,26 @@
1#@TYPE: Machine
2#@NAME: Freescale P1022DS
3#@SOC: p1022
4#@DESCRIPTION: Machine configuration for running P1022DS
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p1022"
10BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
11UBOOT_MACHINES ?= "P1022DS P1022DS_NAND P1022DS_SPIFLASH P1022DS_SDCARD P1022DS_36BIT P1022DS_36BIT_SPIFLASH P1022DS_36BIT_NAND P1022DS_36BIT_SDCARD"
12KERNEL_DEVICETREE ?= "p1022ds_32b.dtb"
13KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
14
15PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
16
17XSERVER = " \
18 xserver-xorg \
19 xf86-input-evdev \
20 xf86-input-mouse \
21 xf86-input-keyboard \
22 xf86-video-fbdev \
23"
24
25JFFS2_ERASEBLOCK = "0x20000"
26
diff --git a/meta-fsl-ppc/conf/machine/p1023rdb.conf b/meta-fsl-ppc/conf/machine/p1023rdb.conf
new file mode 100644
index 00000000..02ec4a59
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p1023rdb.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P1023RDB
3#@SOC: p1023
4#@DESCRIPTION: Machine configuration for running P1023RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p1023"
10UBOOT_MACHINES ?= "P1023RDB"
11KERNEL_DEVICETREE ?= "p1023rdb.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/p1023_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/p1025twr.conf b/meta-fsl-ppc/conf/machine/p1025twr.conf
new file mode 100644
index 00000000..0c6bb57a
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p1025twr.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@Name: Freescale P1025TWR
3#@SOC: p1025
4#@DESCRIPTION: Machine configuration for running P1025TWR
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p1025"
10BOOTFORMAT_CONFIG = "config_ddr3_1gb_p1_p2_rdb_pc_667M.dat"
11UBOOT_MACHINES ?= "TWR-P1025"
12KERNEL_DEVICETREE ?= "p1025twr_32b.dtb"
13KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
14
15JFFS2_ERASEBLOCK = "0x20000"
16QE_UCODE ?= "fsl_qe_ucode_1021_10_A.bin"
17
diff --git a/meta-fsl-ppc/conf/machine/p2020rdb.conf b/meta-fsl-ppc/conf/machine/p2020rdb.conf
new file mode 100644
index 00000000..9544c256
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p2020rdb.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@Name: Freescale P2020RDB
3#@SOC: p2020
4#@DESCRIPTION: Machine configuration for running P2020RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500v2.inc
8
9SOC_FAMILY = "p2020"
10BOOTFORMAT_CONFIG = "config_sram_p1022ds.dat"
11UBOOT_MACHINES ?= " P2020RDB-PC P2020RDB-PC_NAND P2020RDB-PC_SDCARD P2020RDB-PC_SPIFLASH P2020RDB-PC_36BIT P2020RDB-PC_36BIT_SPIFLASH P2020RDB-PC_36BIT_NAND P2020RDB-PC_36BIT_SDCARD"
12KERNEL_DEVICETREE ?= "p2020rdb-pc_32b.dtb"
13KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/mpc85xx_smp_defconfig"
14
15JFFS2_ERASEBLOCK = "0x20000"
16
diff --git a/meta-fsl-ppc/conf/machine/p2041rdb.conf b/meta-fsl-ppc/conf/machine/p2041rdb.conf
new file mode 100644
index 00000000..f641a000
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p2041rdb.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P2041RDB
3#@SOC: p2041
4#@DESCRIPTION: Machine configuration for running P2041RDB
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500mc.inc
8
9SOC_FAMILY = "p2041"
10UBOOT_MACHINES ?= "P2041RDB P2041RDB_NAND P2041RDB_SECURE_BOOT P2041RDB_SDCARD P2041RDB_SPIFLASH"
11KERNEL_DEVICETREE ?= "p2041rdb.dtb p2041rdb-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/p3041ds.conf b/meta-fsl-ppc/conf/machine/p3041ds.conf
new file mode 100644
index 00000000..01c51e40
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p3041ds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P3041DS
3#@SOC: p3041
4#@DESCRIPTION: Machine configuration for running P3041DS
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500mc.inc
8
9SOC_FAMILY = "p3041"
10UBOOT_MACHINES ?= "P3041DS P3041DS_NAND P3041DS_SECURE_BOOT P3041DS_SDCARD P3041DS_SPIFLASH"
11KERNEL_DEVICETREE ?= "p3041ds.dtb p3041ds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/p4080ds.conf b/meta-fsl-ppc/conf/machine/p4080ds.conf
new file mode 100644
index 00000000..1b6fad74
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p4080ds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P4080DS
3#@SOC: p4080
4#@DESCRIPTION: Machine configuration for running P4080DS
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e500mc.inc
8
9SOC_FAMILY = "p4080"
10UBOOT_MACHINES ?= "P4080DS P4080DS_SECURE_BOOT P4080DS_SDCARD P4080DS_SPIFLASH "
11KERNEL_DEVICETREE ?= "p4080ds.dtb p4080ds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/p5020ds-64b.conf b/meta-fsl-ppc/conf/machine/p5020ds-64b.conf
new file mode 100644
index 00000000..615157f8
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p5020ds-64b.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@NAME: Freescale P5020DS-64B
3#@SOC: p5020
4#@DESCRIPTION: Machine configuration for running P5020DS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "p5020"
10UBOOT_MACHINES ?= "P5020DS P5020DS_NAND P5020DS_SECURE_BOOT \
11 P5020DS_SDCARD P5020DS_SPIFLASH \
12"
13KERNEL_DEVICETREE ?= "p5020ds.dtb p5020ds-usdpaa.dtb"
14KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_smp_defconfig"
15
16JFFS2_ERASEBLOCK = "0x10000"
17
diff --git a/meta-fsl-ppc/conf/machine/p5020ds.conf b/meta-fsl-ppc/conf/machine/p5020ds.conf
new file mode 100644
index 00000000..7effe1e9
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p5020ds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P5020DS
3#@SOC: p5020
4#@DESCRIPTION: Machine configuration for running P5020DS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "p5020"
10UBOOT_MACHINES ?= "P5020DS P5020DS_NAND P5020DS_SECURE_BOOT P5020DS_SDCARD P5020DS_SPIFLASH "
11KERNEL_DEVICETREE ?= "p5020ds.dtb p5020ds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/p5040ds-64b.conf b/meta-fsl-ppc/conf/machine/p5040ds-64b.conf
new file mode 100644
index 00000000..fbbe9e2f
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p5040ds-64b.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P5040DS-64B
3#@SOC: p5040
4#@DESCRIPTION: Machine configuration for running P5040DS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "p5040"
10UBOOT_MACHINES ?= "P5040DS P5040DS_NAND P5040DS_SECURE_BOOT P5040DS_SDCARD P5040DS_SPIFLASH"
11KERNEL_DEVICETREE ?= "p5040ds.dtb p5040ds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/p5040ds.conf b/meta-fsl-ppc/conf/machine/p5040ds.conf
new file mode 100644
index 00000000..1cd95120
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/p5040ds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale P5040DS
3#@SOC: p5040
4#@DESCRIPTION: Machine configuration for running P5040DS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "p5040"
10UBOOT_MACHINES ?= "P5040DS P5040DS_NAND P5040DS_SECURE_BOOT P5040DS_SDCARD P5040DS_SPIFLASH"
11KERNEL_DEVICETREE ?= "p5040ds.dtb p5040ds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/t1024qds-64b.conf b/meta-fsl-ppc/conf/machine/t1024qds-64b.conf
new file mode 100644
index 00000000..9dc047cc
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1024qds-64b.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1024QDS
3#@SOC: t1024
4#@DESCRIPTION: Machine configuration for running T1024QDS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "t1:t1024"
10UBOOT_MACHINES ?= "T1024QDS T1024QDS_D4 T1024QDS_NAND T1024QDS_SDCARD T1024QDS_SPIFLASH T1024QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t1024qds.dtb t1024qds-usdpaa.dtb t1024qds-usdpaa-capwap.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1024qds.conf b/meta-fsl-ppc/conf/machine/t1024qds.conf
new file mode 100644
index 00000000..dc043a3f
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1024qds.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1024QDS
3#@SOC: t1024
4#@DESCRIPTION: Machine configuration for running T1024QDS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "t1:t1024"
10UBOOT_MACHINES ?= "T1024QDS T1024QDS_D4 T1024QDS_NAND T1024QDS_SDCARD T1024QDS_SPIFLASH T1024QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t1024qds.dtb t1024qds-usdpaa.dtb t1024qds-usdpaa-capwap.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1024rdb-64b.conf b/meta-fsl-ppc/conf/machine/t1024rdb-64b.conf
new file mode 100644
index 00000000..e9e66b21
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1024rdb-64b.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1024RDB
3#@SOC: t1024
4#@DESCRIPTION: Machine configuration for running T1024RDB in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "t1:t1024"
10UBOOT_MACHINES ?= "T1024RDB T1024RDB_NAND T1024RDB_SDCARD T1024RDB_SPIFLASH T1024RDB_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t1024rdb.dtb t1024rdb-usdpaa.dtb t1024rdb-usdpaa-capwap.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1024rdb.conf b/meta-fsl-ppc/conf/machine/t1024rdb.conf
new file mode 100644
index 00000000..80d87bdd
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1024rdb.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1024RDB
3#@SOC: t1024
4#@DESCRIPTION: Machine configuration for running T1024RDB in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "t1:t1024"
10UBOOT_MACHINES ?= "T1024RDB T1024RDB_NAND T1024RDB_SDCARD T1024RDB_SPIFLASH T1024RDB_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t1024rdb.dtb t1024rdb-usdpaa.dtb t1024rdb-usdpaa-capwap.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1024_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1040rdb-64b.conf b/meta-fsl-ppc/conf/machine/t1040rdb-64b.conf
new file mode 100644
index 00000000..6196097e
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1040rdb-64b.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1040RDB
3#@SOC: t1040
4#@DESCRIPTION: Machine configuration for running T1040RDB in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "t1:t1040"
10UBOOT_MACHINES ?= "T1040RDB T1040RDB_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t1040rdb.dtb t1040rdb-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1040rdb.conf b/meta-fsl-ppc/conf/machine/t1040rdb.conf
new file mode 100644
index 00000000..e70c44b2
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1040rdb.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1040RDB
3#@SOC: t1040
4#@DESCRIPTION: Machine configuration for running T1040RDB in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "t1:t1040"
10UBOOT_MACHINES ?= "T1040RDB T1040RDB_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t1040rdb.dtb t1040rdb-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1042rdb-64b.conf b/meta-fsl-ppc/conf/machine/t1042rdb-64b.conf
new file mode 100644
index 00000000..d60cdd06
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1042rdb-64b.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1042RDB
3#@SOC: t1042
4#@DESCRIPTION: Machine configuration for running T1042RDB in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "t1:t1042"
10UBOOT_MACHINES ?= "T1042RDB_PI"
11KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf b/meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf
new file mode 100644
index 00000000..4ebef183
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1042rdb-pi-64b.conf
@@ -0,0 +1,25 @@
1#@TYPE: Machine
2#@NAME: Freescale T1042RDB-PI
3#@SOC: t1042
4#@DESCRIPTION: Machine configuration for running T1042RDB-PI in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500-64b.inc
8
9SOC_FAMILY = "t1:t1042"
10UBOOT_MACHINES ?= "T1042RDB_PI"
11KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
16
17PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
18XSERVER = " \
19 xserver-xorg \
20 xf86-input-evdev \
21 xf86-input-mouse \
22 xf86-input-keyboard \
23 xf86-video-fbdev \
24"
25
diff --git a/meta-fsl-ppc/conf/machine/t1042rdb-pi.conf b/meta-fsl-ppc/conf/machine/t1042rdb-pi.conf
new file mode 100644
index 00000000..60270f04
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1042rdb-pi.conf
@@ -0,0 +1,24 @@
1#@TYPE: Machine
2#@NAME: Freescale T1042RDB-PI
3#@SOC: t1042
4#@DESCRIPTION: Machine configuration for running T1042RDB-PI in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "t1:t1042"
10UBOOT_MACHINES ?= "T1042RDB_PI"
11KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
16
17PREFERRED_PROVIDER_virtual/xserver ?= "xserver-xorg"
18XSERVER = " \
19 xserver-xorg \
20 xf86-input-evdev \
21 xf86-input-mouse \
22 xf86-input-keyboard \
23 xf86-video-fbdev \
24"
diff --git a/meta-fsl-ppc/conf/machine/t1042rdb.conf b/meta-fsl-ppc/conf/machine/t1042rdb.conf
new file mode 100644
index 00000000..b530b0ed
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t1042rdb.conf
@@ -0,0 +1,16 @@
1#@TYPE: Machine
2#@NAME: Freescale T1042RDB
3#@SOC: t1042
4#@DESCRIPTION: Machine configuration for running T1042RDB in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e5500.inc
8
9SOC_FAMILY = "t1:t1042"
10UBOOT_MACHINES ?= "T1042RDB_PI"
11KERNEL_DEVICETREE ?= "t1042rdb_pi.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15QE_UCODE ?= "iram_Type_A_T1040_r1.0.bin"
16
diff --git a/meta-fsl-ppc/conf/machine/t2080qds-64b.conf b/meta-fsl-ppc/conf/machine/t2080qds-64b.conf
new file mode 100644
index 00000000..88cb2c98
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t2080qds-64b.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@NAME: Freescale T2080QDS-64B
3#@SOC: t2080
4#@DESCRIPTION: Machine configuration for running T2080QDS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "t2:t2080"
10UBOOT_MACHINES ?= "T2080QDS T2080QDS_SDCARD T2080QDS_SPIFLASH \
11 T2080QDS_NAND T2080QDS_SRIO_PCIE_BOOT T2080QDS_SECURE_BOOT \
12"
13KERNEL_DEVICETREE ?= "t2080qds.dtb t2080qds-usdpaa.dtb"
14KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
15
16JFFS2_ERASEBLOCK = "0x10000"
17
diff --git a/meta-fsl-ppc/conf/machine/t2080qds.conf b/meta-fsl-ppc/conf/machine/t2080qds.conf
new file mode 100644
index 00000000..30478e9d
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t2080qds.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@NAME: Freescale T2080QDS
3#@SOC: t2080
4#@DESCRIPTION: Machine configuration for running T2080QDS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "t2:t2080"
10UBOOT_MACHINES ?= "T2080QDS T2080QDS_SDCARD T2080QDS_SPIFLASH \
11 T2080QDS_NAND T2080QDS_SRIO_PCIE_BOOT T2080QDS_SECURE_BOOT \
12"
13KERNEL_DEVICETREE ?= "t2080qds.dtb t2080qds-usdpaa.dtb"
14KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
15
16JFFS2_ERASEBLOCK = "0x10000"
17
diff --git a/meta-fsl-ppc/conf/machine/t2080rdb-64b.conf b/meta-fsl-ppc/conf/machine/t2080rdb-64b.conf
new file mode 100644
index 00000000..3892ffba
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t2080rdb-64b.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@NAME: Freescale T2080RDB
3#@SOC: t2080
4#@DESCRIPTION: Machine configuration for running T2080RDB in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "t2:t2080"
10UBOOT_MACHINES ?= "T2080RDB T2080RDB_SDCARD T2080RDB_SPIFLASH \
11 T2080RDB_NAND T2080RDB_SRIO_PCIE_BOOT T2080RDB_SECURE_BOOT \
12"
13KERNEL_DEVICETREE ?= "t2080rdb.dtb t2080rdb-usdpaa.dtb"
14KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
15
16JFFS2_ERASEBLOCK = "0x10000"
17
diff --git a/meta-fsl-ppc/conf/machine/t2080rdb.conf b/meta-fsl-ppc/conf/machine/t2080rdb.conf
new file mode 100644
index 00000000..28dca0db
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t2080rdb.conf
@@ -0,0 +1,17 @@
1#@TYPE: Machine
2#@NAME: Freescale T2080RDB
3#@SOC: t2080
4#@DESCRIPTION: Machine configuration for running T2080RDB in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "t2:t2080"
10UBOOT_MACHINES ?= "T2080RDB T2080RDB_SDCARD T2080RDB_SPIFLASH \
11 T2080RDB_NAND T2080RDB_SRIO_PCIE_BOOT T2080RDB_SECURE_BOOT \
12"
13KERNEL_DEVICETREE ?= "t2080rdb.dtb t2080rdb-usdpaa.dtb"
14KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
15
16JFFS2_ERASEBLOCK = "0x10000"
17
diff --git a/meta-fsl-ppc/conf/machine/t4160qds-64b.conf b/meta-fsl-ppc/conf/machine/t4160qds-64b.conf
new file mode 100644
index 00000000..c63aba88
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t4160qds-64b.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale T4160QDS-64B
3#@SOC: t4160
4#@DESCRIPTION: Machine configuration for running T4160QDS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "t4:t4160"
10UBOOT_MACHINES ?= "T4160QDS T4160QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/t4160qds.conf b/meta-fsl-ppc/conf/machine/t4160qds.conf
new file mode 100644
index 00000000..83fb5c84
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t4160qds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale T4160QDS
3#@SOC: t4160
4#@DESCRIPTION: Machine configuration for running T4160QDS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "t4:t4160"
10UBOOT_MACHINES ?= "T4160QDS T4160QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/t4240qds-64b.conf b/meta-fsl-ppc/conf/machine/t4240qds-64b.conf
new file mode 100644
index 00000000..006c2c1f
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t4240qds-64b.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale T4240QDS-64B
3#@SOC: t4240
4#@DESCRIPTION: Machine configuration for running T4240QDS in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "t4:t4240"
10UBOOT_MACHINES ?= "T4240QDS T4240QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/t4240qds.conf b/meta-fsl-ppc/conf/machine/t4240qds.conf
new file mode 100644
index 00000000..fe67584c
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t4240qds.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale T4240QDS
3#@SOC: t4240
4#@DESCRIPTION: Machine configuration for running T4240QDS in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "t4:t4240"
10UBOOT_MACHINES ?= "T4240QDS T4240QDS_SECURE_BOOT"
11KERNEL_DEVICETREE ?= "t4240qds.dtb t4240qds-usdpaa.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/t4240rdb-64b.conf b/meta-fsl-ppc/conf/machine/t4240rdb-64b.conf
new file mode 100644
index 00000000..09740664
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t4240rdb-64b.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale T4240RDB
3#@SOC: t4240
4#@DESCRIPTION: Machine configuration for running T4240RDB in 64-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500-64b.inc
8
9SOC_FAMILY = "t4:t4240"
10UBOOT_MACHINES ?= "T4240RDB"
11KERNEL_DEVICETREE ?= "t4240rdb.dtb t4240rdb-usdpaa.dtb t4240rdb-usdpaa-shared-interfaces.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/conf/machine/t4240rdb.conf b/meta-fsl-ppc/conf/machine/t4240rdb.conf
new file mode 100644
index 00000000..e4c31f90
--- /dev/null
+++ b/meta-fsl-ppc/conf/machine/t4240rdb.conf
@@ -0,0 +1,15 @@
1#@TYPE: Machine
2#@NAME: Freescale T4240RDB
3#@SOC: t4240
4#@DESCRIPTION: Machine configuration for running T4240RDB in 32-bit mode
5#@MAINTAINER: Chunrong Guo <B40290@freescale.com>
6
7require conf/machine/include/e6500.inc
8
9SOC_FAMILY = "t4:t4240"
10UBOOT_MACHINES ?= "T4240RDB"
11KERNEL_DEVICETREE ?= "t4240rdb.dtb t4240rdb-usdpaa.dtb t4240rdb-usdpaa-shared-interfaces.dtb"
12KERNEL_DEFCONFIG ?= "${S}/arch/powerpc/configs/85xx/e6500rev2_defconfig"
13
14JFFS2_ERASEBLOCK = "0x10000"
15
diff --git a/meta-fsl-ppc/custom-licenses/Cortina b/meta-fsl-ppc/custom-licenses/Cortina
new file mode 100644
index 00000000..a68417c5
--- /dev/null
+++ b/meta-fsl-ppc/custom-licenses/Cortina
@@ -0,0 +1,51 @@
1DEFINITIONS:“Device” is the product described in this document or document set. “Cortina” is Cortina Systems, Inc.
2“Software” is the software used with the Device, including the Application Programmable Interface (“API”). “You” are a
3customer, or potential customer, of Devices with whom Cortina has an NDA.
4LICENSE:Subject to the restrictions below, Cortina grants to You a non-exclusive, non-assignable, non-transferable,
5royalty-free copyright license to (1) copy and modify the source code of the API; (2) incorporate the API in object code
6form or as a library into Your software which is solely used with Your products (that incorporate the Devices); and (3)
7distribute to Your customer, inobject code form only, the API.
8RESTRICTIONS:The Software must be used solely in conjunction with the Devices and solely for Your internal
9evaluation, demonstration, software application development anddistribution for production purposes, either with an
10Cortina platform that contains the Device or with Your own product that incorporates the Device. Notwithstanding
11anything to the contrary, the API can be incorporated into Your software as described above and distributed to Your
12customers in object code form only. You may not distribute the Software as a stand-alone product. You shall not cause
13the incorporation, modification or distribution of the Software to become subject to any open source licenses. You will
14make reasonable efforts to discontinue the distribution of any portions of the Software that You are licensed hereunder
15to distribute upon Cortina’s release of an update, upgrade or new version of the Software. You agree that You are
16solely responsible for supporting any code which You modify, incorporate or distribute. You may not reverse-assemble,
17reverse-compile, or otherwise reverse-engineer any Software provided in binary or machine readable form.
18Distribution of the Software is also subject to the following limitations: You (i) are solely responsible to Your customers
19for any update or support obligation or other liability which may arise from the modification, incorporation, and
20distribution of the Software, (ii) do notmake any statement that Your product is“certified,” or that its performance is
21guaranteed, by Cortina, (iii) do not use Cortina's name or trademarks to market Your product without prior written
22permission, (iv) shall prohibit disassembly and reverse engineering, and (v) shall indemnify, hold harmless, and defend
23Cortina and its suppliers from and against any claims or lawsuits, including attorney's fees, that arise or result from
24Your distribution of any product.
25OWNERSHIP OF SOFTWARE AND COPYRIGHTS.The title to all copies of the Software remains with Cortina or its
26suppliers. The Software is copyrighted and protected by the laws of the United States and other countries, and
27international treaty provisions. You may not remove any copyright notices from the Software. Cortina may make
28changes to the Software, or to items referenced therein, at any timewithout notice, but is not obligated to support or
29update the Software. Except as otherwise expressly provided,Cortina grants no express or implied right under Cortina
30patents, copyrights, trademarks, or other intellectual property rights.
31DISCLAIMER OF WARRANTIES.THE SOFTWARE IS PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED
32WARRANTY OF ANY KIND. CORTINA AND ITS SUPPLIERSHEREBY DISCLAIM ALL WARRANTIES, INCLUDING
33ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR
34PURPOSE.
35LIMITATION OF LIABILITY.IN NO EVENT SHALL CORTINA OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
36WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST
37INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF CORTINA HAS
38BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
39TERMINATION OF THIS LICENSE.Cortina may terminate this license at any time if You violate its terms. Upon
40termination, You will immediately destroy the Software or return all copies of the Software to Cortina.
41APPLICABLE LAWS.Claims arising under this license shall be governed by the laws of the State of Delaware,
42excluding its principles of conflict of laws. The provisions of the United Nations Convention on Contracts for the
43International Sale of Goods shall not apply to this license.You shall not export, either directly or indirectly, any
44Software or derived object code without first obtaining any required license or other approval from the applicable
45governmental entity, including the U.S. Department of Commerce or any other agency or department of the United
46States Government if required. This isthe entire agreement and understanding between You and Cortina relating to
47this subject matter, and no amendments will be effective unless in a writing signed by both parties.
48GOVERNMENT RESTRICTED RIGHTS.The Software is provided with “RESTRICTED RIGHTS.” Use, duplication, or
49disclosure by the Government issubject to restrictions as set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or
50its successor. Use of the Software by the Government constitutes acknowledgment of Cortina's proprietary rights
51therein. Contractor or Manufacturer is Cortina.
diff --git a/meta-fsl-ppc/custom-licenses/Freescale-EULA b/meta-fsl-ppc/custom-licenses/Freescale-EULA
new file mode 100644
index 00000000..2122a1fd
--- /dev/null
+++ b/meta-fsl-ppc/custom-licenses/Freescale-EULA
@@ -0,0 +1,214 @@
1IMPORTANT. Read the following Freescale Software License Agreement ("Agreement")
2completely. By selecting the "I Accept" button at the end of this page, you
3indicate that you accept the terms of the Freescale Proprietary Software License
4Agreement and you also acknowledge that you have the authority, on behalf of your
5company, to bind your company to such terms. You may then download or install the
6file.
7
8FREESCALE PROPRIETARY SOFTWARE LICENSE AGREEMENT
9This is a license agreement ("Agreement") between you (either as an individual
10or as an authorized representative acting on behalf of your employer) and Freescale
11Semiconductor, Inc. ("Freescale"). It concerns your rights to use the software
12provided to you in binary or source code form and any accompanying written materials
13(the "Software"). The Software may include any updates or error corrections or
14documentation relating to the Software provided to you by Freescale under this
15License. In consideration for Freescale allowing you to access the Software, you are
16agreeing to be bound by the terms of this Agreement. If you do not agree to all of
17the terms of this Agreement, do not download or install the Software. If you change
18your mind later, stop using the Software and delete all copies of the Software in
19your possession or control. Any copies of the Software that you have already
20distributed, where permitted, and do not destroy will continue to be governed by
21this Agreement. Your prior use will also continue to be governed by this Agreement.
22
231. LICENSE GRANT. Freescale grants to you, free of charge, the non-exclusive,
24non-transferable, non-sublicensable right (1) to use the Software, (2) to reproduce
25the Software, (3) to prepare derivative works of the Software, (4) to distribute the
26Software and derivative works thereof in object (machine-readable) form as part of
27a programmable processing unit (e.g. a microprocessor, microcontroller, or digital
28signal processor) supplied directly or indirectly from Freescale ("Freescale
29System") and (5) to sublicense to others the right to use the distributed Software,
30provided that any and all such sublicenses include the same terms and conditions of
31this Agreement. Notwithstanding the limitation on damages in Section 8, Licensee
32will indemnify, defend, and hold harmless Freescale against any and all claims,
33costs, damages, liabilities, judgments and attorneys' fees resulting from or
34arising out of any breach by the sublicensee, or resulting from or arising out of
35any action by the sublicensee inconsistent with this Agreement.
36You must notify Freescale, in writing, any time you create a derivative of the
37Software. Freescale owns all derivatives created from the Software, and derivatives
38are licensed to you under the same terms as the Software under this Agreement. Upon
39request, you must provide Freescale the source code of any derivative of the Software.
40If you violate any of the terms or restrictions of this Agreement, Freescale may
41immediately terminate this Agreement, and require that you stop using and delete all
42copies of the Software and any derivative in your possession or control. Any license
43granted above only extends to Freescale's intellectual property rights that would
44be necessarily infringed by the Software as provided to you by Freescale and as used
45within the scope of the licenses granted. You must advise Freescale of any results
46obtained including any problems or suggested improvements thereof. Freescale retains
47the right to use such results and related information in any manner it deems
48appropriate.
49
502. OTHER RESTRICTIONS. Subject to the license grant above, the following restrictions
51 apply:
52
53a. Freescale reserves all rights not expressly granted herein.
54b. You may not rent, lease, sublicense, lend or encumber the Software, unless
55 otherwise expressly agreed to within this Agreement
56c. You may not distribute, manufacture, have manufactured, sublicense or otherwise
57 reproduce the Software for purposes other than intended in this Agreement.
58d. You may not remove or alter any proprietary legends, notices, or trademarks
59 contained in the Licensed Software,
60e. The terms and conditions of this Agreement will apply to any Software updates,
61 provided to you at Freescale's discretion, that replace and/or supplement the
62 original Software, unless such update contains a separate license.
63f. You may not translate, reverse engineer, decompile, or disassemble the Software
64 provided to you solely in object code format (machine readable) except to the
65 extent applicable law specifically prohibits such restriction. You will prohibit
66 your sublicensees from translating, reverse engineering, decompiling, or
67 disassembling the Software except to the extent applicable law specifically
68 prohibits such restriction.
69
703. OPEN SOURCE. You are about to download or install certain software that is
71subject to various open source licenses such as the Apache License, the BSD license,
72the Free Software Foundation General Public License and Lesser General Public
73License, the Mozilla Public License and others. Your use of such open source
74software is subject to the terms of each applicable license. You must agree to the
75terms of each such applicable license, or you should not use the open source software.
76Any open source license that is incompatible with the terms of this Agreement
77supersedes the terms of this Agreement.
78
794. COPYRIGHT. The Software is licensed to you, not sold. Freescale owns the
80Software, and United States copyright laws and international treaty provisions
81protect the Software. Therefore, you must treat the Software like any other
82copyrighted material (e.g. a book or musical recording). You may not use or
83copy the Software for any other purpose than what is described in this Agreement.
84Except as expressly provided herein, Freescale does not grant to you any express or
85implied rights under any Freescale or third party patents, copyrights, trademarks,
86or trade secrets. Additionally, you must reproduce and apply any copyright or other
87proprietary rights notices included on or embedded in the Software to any copies
88made thereof, in whole or in part, if any. You may not remove any copyright
89notices of Freescale incorporated in the Software.
90
915. TERM AND TERMINATION. The term of this Agreement shall commence on the date
92of installation or download and shall continue perpetually, unless earlier
93terminated in accordance with this Agreement. Freescale has the right to terminate
94this Agreement without notice and require that you stop using and delete all copies
95of the Software in your possession or control if you violate any of the terms or
96restrictions of this Agreement. Freescale may terminate this Agreement should any
97of the Software become, or in Freescale's reasonable opinion is likely to become,
98the subject of a claim of intellectual infringement or trade secret misappropriation.
99Upon termination, you must cease use of and destroy, the Software and confirm
100compliance in writing to Freescale. Upon termination, the license granted pursuant
101to this Agreement immediately terminates and the provisions of Sections 4 through
10218 will survive any termination of this Agreement.
103
1046. SUPPORT. Freescale is NOT obligated to provide any support, upgrades or new
105releases of the Software. If you wish, you may contact Freescale and report problems
106and provide suggestions regarding the Software. Freescale has no obligation
107whatsoever to respond in any way to such a problem report or suggestion. Freescale
108may make changes to the Software at any time, without any obligation to notify or
109provide updated versions of the Software to you.
110
1117. NO WARRANTY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, FREESCALE EXPRESSLY
112DISCLAIMS ANY WARRANTY FOR THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS",
113WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT
114LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
115PURPOSE, OR NON-INFRINGEMENT. YOU ASSUME THE ENTIRE RISK ARISING OUT OF THE USE
116OR PERFORMANCE OF THE SOFTWARE, OR ANY SYSTEMS YOU DESIGN USING THE SOFTWARE (IF
117ANY). NOTHING IN THIS AGREEMENT MAY BE CONSTRUED AS A WARRANTY OR REPRESENTATION
118BY FREESCALE THAT THE SOFTWARE OR ANY DERIVATIVE WORK DEVELOPED WITH OR INCORPORATING
119THE SOFTWARE WILL BE FREE FROM INFRINGEMENT OF THE INTELLECTUAL PROPERTY RIGHTS OF
120THIRD PARTIES.
121
1228. INDEMNITY. You agree to fully defend and indemnify Freescale from any and all
123claims, liabilities, and costs (including reasonable attorney's fees) related to
124(1) your use (including your sublicensee's use, if permitted) of the Software or
125(2) your violation of the terms and conditions of this Agreement.
126
1279. LIMITATION OF LIABILITY. IN NO EVENT WILL FREESCALE BE LIABLE, WHETHER IN
128CONTRACT, TORT, OR OTHERWISE, FOR ANY INCIDENTAL, SPECIAL, INDIRECT, CONSEQUENTIAL
129OR PUNITIVE DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR ANY LOSS OF USE,
130LOSS OF TIME, INCONVENIENCE, COMMERCIAL LOSS, OR LOST PROFITS, SAVINGS, OR REVENUES
131TO THE FULL EXTENT SUCH MAY BE DISCLAIMED BY LAW EVEN IF INFORMED IN ADVANCE OF THE
132POSSIBILITY OF SUCH DAMAGES. FREESCALE'S LIABILITY WILL IN ANY EVENT AND UNDER ANY
133THEORY OF RECOVERY BE LIMITED TO THE TOTAL AMOUNT RECEIVED BY FREESCALE UNDER THIS
134AGREEMENT.
135
13610. COMPLIANCE WITH LAWS; EXPORT RESTRICTIONS. You must not resell, re-export, or
137provide, directly or indirectly, the licensed software or direct product thereof,
138in any form without obtaining appropriate export or re-export licenses from the
139United States Government and from the country from which the export or re-export
140is to occur. An export occurs when products, technology, or software is transferred
141from one country to another by any means, including physical shipments, FTP file
142transfers, E-mails, faxes, remote server access, conversations, and the like. An
143export also occurs when technology or software is transferred to a foreign national
144in the United States, or foreign national of the country in which the business
145activity is taking place. A foreign national is any person who is neither a citizen
146nor permanent resident of the United States, or the country in which the business
147activity is taking place. Furthermore, if an export/import license, permit or other
148government required authority (collectively referred to as "government
149authorization") is required to transfer technology, software, hardware or other
150Freescale property to non- Freescale party(ies) and is not approved, then Freescale
151is not obligated to transfer the Software under this Agreement until such
152"government authorization" is granted..
153
15411. GOVERNMENT RIGHTS. The Licensed Software is a "Commercial Item as defined in
15548 C.F.R. $2.101, consisting of "Commercial Computer Software" and "Commercial
156Computer Software Documentation," as such terms are used in 48 C.F.R. $ 12.212 or
15748 C.F.R. $227.7202, as applicable and are only licensed to U.S. Government end
158users with the rights as are set forth herein..
159
16012. HIGH RISK ACTIVITIES. You acknowledge that the Software is not fault tolerant
161and is not designed, manufactured or intended by Freescale for incorporation into
162products intended for use or resale in on-line control equipment in hazardous,
163dangerous to life or potentially life-threatening environments requiring fail-safe
164 performance, such as in the operation of nuclear facilities, aircraft navigation
165 or communication systems, air traffic control, direct life support machines or
166weapons systems, in which the failure of products could lead directly to death,
167personal injury or severe physical or environmental damage ("High Risk Activities").
168 You specifically represent and warrant that you will not use the Software or any
169derivative work of the Software for High Risk Activities.
170
17113. CHOICE OF LAW; VENUE; LIMITATIONS. You agree that the statutes and laws of the
172United States and the State of Texas, USA, without regard to conflicts of laws
173principles, will apply to all matters relating to this Agreement or the Software,
174and you agree that any litigation will be subject to the exclusive jurisdiction of
175the state or federal courts in Texas, USA. You agree that regardless of any
176statute or law to the contrary, any claim or cause of action arising out of or
177related to this Agreement or the Software must be filed within one (1) year after
178such claim or cause of action arose or be forever barred.
179
18014. CONFIDENTIAL INFORMATION. You must treat the Software as confidential
181information and you agree to retain the Software in confidence perpetually, with
182respect to Software in source code form (human readable), or for a period of five
183(5) years from the date of termination of this Agreement, with respect to all other
184parts of the Software. During this period you may not disclose any part of the
185Software to anyone other than employees who have a need to know of the Software and
186 who have executed written agreements obligating them to protect such Licensed
187Software to at least the same degree of care as in this Agreement. You agree to use
188 the same degree of care, but no less than a reasonable degree of care, with the
189Software as you do with your own confidential information. You may disclose Software
190 to the extent required by a court or under operation of law or order provided that
191 you notify Freescale of such requirement prior to disclosure, which you only
192disclose information required, and that you allow Freescale the opportunity to
193object to such court or other legal body requiring such disclosure.
194
19515. PRODUCT LABELING. You are not authorized to use any Freescale trademarks,
196brand names, or logos.
197
19816. ENTIRE AGREEMENT. This Agreement constitutes the entire agreement between you
199and Freescale regarding the subject matter of this Agreement, and supersedes all
200prior communications, negotiations, understandings, agreements or representations,
201either written or oral, if any. This Agreement may only be amended in written form,
202executed by you and Freescale.
203
20417. SEVERABILITY. If any provision of this Agreement is held for any reason to be
205invalid or unenforceable, then the remaining provisions of this Agreement will be
206unimpaired and, unless a modification or replacement of the invalid or unenforceable
207provision is further held to deprive you or Freescale of a material benefit, in
208which case the Agreement will immediately terminate, the invalid or unenforceable
209provision will be replaced with a provision that is valid and enforceable and that
210comes closest to the intention underlying the invalid or unenforceable provision.
211
21218. NO WAIVER. The waiver by Freescale of any breach of any provision of this
213Agreement will not operate or be construed as a waiver of any other or a subsequent
214breach of the same or a different provision.
diff --git a/meta-fsl-ppc/custom-licenses/TestFloat b/meta-fsl-ppc/custom-licenses/TestFloat
new file mode 100644
index 00000000..1a1a23fe
--- /dev/null
+++ b/meta-fsl-ppc/custom-licenses/TestFloat
@@ -0,0 +1,24 @@
1Written by John R. Hauser. This work was made possible in part by the
2International Computer Science Institute, located at Suite 600, 1947 Center
3Street, Berkeley, California 94704. Funding was partially provided by the
4National Science Foundation under grant MIP-9311980. The original version
5of this code was written as part of a project to build a fixed-point vector
6processor in collaboration with the University of California at Berkeley,
7overseen by Profs. Nelson Morgan and John Wawrzynek. More information
8is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
9arithmetic/SoftFloat.html'.
10
11THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
12been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
13RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
14AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
15COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
16EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
17INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
18OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
19
20Derivative works are acceptable, even for commercial purposes, so long as
21(1) the source code for the derivative work includes prominent notice that
22the work is derivative, and (2) the source code includes prominent notice with
23these four paragraphs for those parts of this code that are retained.
24
diff --git a/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch
new file mode 100644
index 00000000..b9f17f4e
--- /dev/null
+++ b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit/ppc-fixplt.patch
@@ -0,0 +1,105 @@
1Upstream-Status: Unknown
2
3Signed-off-by: Khem Raj <raj.khem@gmail.com>
4
5libluajit is having symbols that can't be
6resolved the reloc cannot accommodate an offset greater than 24 bits.
7
8Looking at libluajit with readelf -r, you see a bunch of entries that look like:
9 000082f0 00003c0a R_PPC_REL24 00000000 sqrt + 0
10
11These should not occur when the code is compiled and linked with -fPIC.
12
13It turns out that libluajit *is* compiled and linked with -fPIC, however...
14There is one assembler file called lj_vm.s which is generated during the build.
15This file is missing the `@plt' qualifier from external references.
16
17This file is generated by a program called buildvm. This in turn uses tables
18in a file called buildvm_arch.h which is generated by dynasm.lua.
19
20Index: LuaJIT-2.0.1/src/host/buildvm.c
21===================================================================
22--- LuaJIT-2.0.1.orig/src/host/buildvm.c 2013-02-19 12:15:00.000000000 -0800
23+++ LuaJIT-2.0.1/src/host/buildvm.c 2013-05-14 20:26:05.933444512 -0700
24@@ -107,12 +107,14 @@
25 #endif
26 sprintf(name, "%s%s%s", symprefix, prefix, suffix);
27 p = strchr(name, '@');
28+#if 0
29 if (p) {
30 if (!LJ_64 && (ctx->mode == BUILD_coffasm || ctx->mode == BUILD_peobj))
31 name[0] = '@';
32 else
33 *p = '\0';
34 }
35+#endif
36 p = (char *)malloc(strlen(name)+1); /* MSVC doesn't like strdup. */
37 strcpy(p, name);
38 return p;
39Index: LuaJIT-2.0.1/src/vm_ppcspe.dasc
40===================================================================
41--- LuaJIT-2.0.1.orig/src/vm_ppcspe.dasc 2013-02-19 12:15:00.000000000 -0800
42+++ LuaJIT-2.0.1/src/vm_ppcspe.dasc 2013-05-14 20:26:05.937444512 -0700
43@@ -1390,7 +1390,7 @@
44 | checknum CARG2
45 | evmergehi CARG1, CARG2, CARG2
46 | checkfail ->fff_fallback
47- | bl extern func
48+ | bl extern func@plt
49 | evmergelo CRET1, CRET1, CRET2
50 | b ->fff_restv
51 |.endmacro
52@@ -1405,7 +1405,7 @@
53 | checknum CARG1
54 | evmergehi CARG3, CARG4, CARG4
55 | checkanyfail ->fff_fallback
56- | bl extern func
57+ | bl extern func@plt
58 | evmergelo CRET1, CRET1, CRET2
59 | b ->fff_restv
60 |.endmacro
61@@ -1437,7 +1437,7 @@
62 | checknum CARG2
63 | evmergehi CARG1, CARG2, CARG2
64 | checkfail ->fff_fallback
65- | bl extern log
66+ | bl extern log@plt
67 | evmergelo CRET1, CRET1, CRET2
68 | b ->fff_restv
69 |
70@@ -1471,7 +1471,7 @@
71 | checknum CARG1
72 | checkanyfail ->fff_fallback
73 | efdctsi CARG3, CARG4
74- | bl extern ldexp
75+ | bl extern ldexp@plt
76 | evmergelo CRET1, CRET1, CRET2
77 | b ->fff_restv
78 |
79@@ -1484,7 +1484,7 @@
80 | checkfail ->fff_fallback
81 | la CARG3, DISPATCH_GL(tmptv)(DISPATCH)
82 | lwz PC, FRAME_PC(BASE)
83- | bl extern frexp
84+ | bl extern frexp@plt
85 | lwz TMP1, DISPATCH_GL(tmptv)(DISPATCH)
86 | evmergelo CRET1, CRET1, CRET2
87 | efdcfsi CRET2, TMP1
88@@ -1503,7 +1503,7 @@
89 | checkfail ->fff_fallback
90 | la CARG3, -8(BASE)
91 | lwz PC, FRAME_PC(BASE)
92- | bl extern modf
93+ | bl extern modf@plt
94 | evmergelo CRET1, CRET1, CRET2
95 | la RA, -8(BASE)
96 | evstdd CRET1, 0(BASE)
97@@ -2399,7 +2399,7 @@
98 | checknum CARG1
99 | evmergehi CARG3, CARG4, CARG4
100 | checkanyfail ->vmeta_arith_vv
101- | bl extern pow
102+ | bl extern pow@plt
103 | evmergelo CRET2, CRET1, CRET2
104 | evstddx CRET2, BASE, RA
105 | ins_next
diff --git a/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend
new file mode 100644
index 00000000..8c6138c5
--- /dev/null
+++ b/meta-fsl-ppc/openembedded-layer/recipes-devtools/luajit/luajit_%.bbappend
@@ -0,0 +1,4 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
2
3SRC_URI_append_qoriq-ppc = " file://ppc-fixplt.patch "
4
diff --git a/meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb b/meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb
new file mode 100644
index 00000000..09d5de59
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/apptrk/apptrk_git.bb
@@ -0,0 +1,20 @@
1DESCRIPTION = "Userspace debug agent for PA CodeWarrior"
2LICENSE = "Freescale-EULA"
3LIC_FILES_CHKSUM = "file://COPYING;md5=95560debfde180684364319811cc1421"
4
5DEPENDS = "elfutils"
6
7SRC_URI = "git://git.freescale.com/ppc/sdk/apptrk.git;nobranch=1"
8SRCREV = "cbed10997c5e2a4aaa004fb0e1efec858bf1bbe1"
9
10S = "${WORKDIR}/git"
11
12CFLAGS += " -I${STAGING_INCDIR} -ISource/Linux -ISource/Portable \
13 -ISource/Linux_PA -ISource/PA -DPPC \
14"
15CFLAGS_append_powerpc64 = " -DENABLE_64BIT_SUPPORT"
16
17do_install() {
18 install -d ${D}/usr/bin
19 oe_runmake install DESTDIR=${D}
20}
diff --git a/meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch
new file mode 100644
index 00000000..cddb34cd
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format/flags.patch
@@ -0,0 +1,21 @@
1Index: git/Makefile
2===================================================================
3--- git.orig/Makefile
4+++ git/Makefile
5@@ -3,14 +3,14 @@
6 INSTALL=install
7 PREFIX=/usr
8
9-CFLAGS=-Wall
10+override CFLAGS+=-Wall
11
12 all: boot_format
13
14 boot_format.o: boot_format.c boot_format.h
15
16 boot_format: boot_format.o
17- $(CC) $< -o $@
18+ $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
19
20 install: boot_format
21 $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin
diff --git a/meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb
new file mode 100644
index 00000000..2d9f9b1d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/boot-format/boot-format_git.bb
@@ -0,0 +1,20 @@
1DESCRIPTION = "Boot format utility for booting from eSDHC/eSPI"
2LICENSE = "GPLv2"
3PR = "r6"
4LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
5
6SRC_URI = "git://git.freescale.com/ppc/sdk/boot-format.git;nobranch=1 \
7 file://flags.patch"
8SRCREV = "4eb81a6797ef4e58bf7d9b2d58afb37a21c1f550"
9
10S = "${WORKDIR}/git"
11EXTRA_OEMAKE = 'CC="${CC}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"'
12
13do_install(){
14 oe_runmake DESTDIR=${D} PREFIX=${prefix} install
15}
16
17PACKAGES =+ "${PN}-config"
18FILES_${PN}-config += "${datadir}/*"
19
20BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb b/meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb
new file mode 100644
index 00000000..c6b3cfe6
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/ipc/ipc-ust_git.bb
@@ -0,0 +1,50 @@
1SUMMARY = "Linux IPC Userspace Tool"
2DESCRIPTION = "DSP boot application and ipc test application"
3LICENSE = "BSD"
4LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10"
5
6require ipc.inc
7
8S = "${WORKDIR}/git"
9
10# workaround for issue of parallel build, required a actual fix in ipc source
11PARALLEL_MAKE = ""
12
13EXTRA_OEMAKE = 'CROSS_COMPILE="${TARGET_PREFIX}" CC="${CC}" AR="${AR}"'
14
15do_compile () {
16 case ${MACHINE} in
17 bsc9132qds|bsc9131rdb) SOC=B913x;;
18 b4860qds|b4420qds|b4860qds-64b) SOC=B4860;;
19 esac
20 oe_runmake ${SOC}=1
21}
22
23do_install () {
24 install -d ${D}${bindir}
25 install -d ${D}${includedir}
26 install -d ${D}/ipc
27 install -m 755 ${S}/dsp_boot/dsp_bt ${D}/ipc
28 install -m 755 ${S}/ipc/ipc_test ${D}/ipc
29 install -m 755 ${S}/ipc/ipc_test67 ${D}/ipc
30 install -m 755 ${S}/ipc/l1d_app ${D}/ipc
31 install -m 755 ${S}/fsl_shm/app ${D}${bindir}/lg_shm_test
32 install -d ${D}${base_libdir}
33 install -m 755 ${S}/ipc/libipc.so ${D}${base_libdir}
34 install -m 755 ${S}/ipc/libmem.so ${D}${base_libdir}
35 install -m 755 ${S}/ipc/libdspboot.so ${D}${base_libdir}
36 install -d ${D}${includedir}/ipc
37 install -d ${D}${includedir}/ipc/ipc/include
38 install -d ${D}${includedir}/ipc/fsl_shm/lib
39 install ${S}/ipc/include/*.h ${D}${includedir}/ipc/ipc/include
40 install ${S}/dsp_boot/*.h ${D}${includedir}/ipc/ipc/include
41 install ${S}/kernel/fsl_ipc_types.h ${D}${includedir}/ipc/ipc/include
42 install ${S}/kernel/fsl_heterogeneous_common.h ${D}${includedir}/ipc/ipc/include
43 install ${S}/kernel/fsl_heterogeneous_l1_defense.h ${D}${includedir}/ipc/ipc/include
44 install ${S}/fsl_shm/include/*.h ${D}${includedir}/ipc/ipc/include
45 install ${S}/fsl_shm/lib/*.h ${D}${includedir}/ipc/fsl_shm/lib
46}
47
48FILES_${PN} += "/ipc/*"
49FILES_${PN}-dbg += "/ipc/.debug"
50
diff --git a/meta-fsl-ppc/recipes-bsp/ipc/ipc.inc b/meta-fsl-ppc/recipes-bsp/ipc/ipc.inc
new file mode 100644
index 00000000..547771ae
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/ipc/ipc.inc
@@ -0,0 +1,7 @@
1DEPENDS = "virtual/kernel"
2
3SRC_URI = "git://git.freescale.com/ppc/sdk/ipc.git;nobranch=1"
4SRCREV = "c9c92ac6a7a31c9d878096eb7d135c22a38f20ff"
5
6COMPATIBLE_MACHINE = "(bsc9132qds|bsc9131rdb|b4860qds|b4420qds)"
7
diff --git a/meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb b/meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb
new file mode 100644
index 00000000..3cc5d446
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/pkc-firmware/pkc-firmware_git.bb
@@ -0,0 +1,41 @@
1DESCRIPTION = "U-boot firmware for c293pcie support "
2HOMEPAGE = "http://u-boot.sf.net"
3LICENSE = "GPLv2"
4LIC_FILES_CHKSUM = "file://COPYING;md5=1707d6db1d42237583f50183a5651ecb"
5
6INHIBIT_DEFAULT_DEPS = "1"
7DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc"
8
9inherit deploy
10
11PACKAGE_ARCH = "${MACHINE_ARCH}"
12
13SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-firmware.git;nobranch=1"
14SRCREV = "b891873c1eea7a7d53f9472ea601712897cb17b7"
15
16S = "${WORKDIR}/git"
17
18EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}"'
19
20do_compile () {
21 unset LDFLAGS
22 unset CFLAGS
23 unset CPPFLAGS
24 oe_runmake C293QDS_36BIT_SDCARD
25}
26
27do_install(){
28 install -d ${D}${sysconfdir}/crypto/
29 install ${S}/u-boot.bin ${D}${sysconfdir}/crypto/pkc-firmware.bin
30}
31
32do_deploy(){
33 install -d ${DEPLOYDIR}/pkc-firmware
34 install ${S}/u-boot.bin ${DEPLOYDIR}/pkc-firmware/pkc-firmware.bin
35}
36
37addtask deploy after do_install
38
39FILES_{PN} += "/etc/crypto/pkc-firmware.bin"
40COMPATIBLE_MACHINE = "(c293pcie)"
41
diff --git a/meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb b/meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb
new file mode 100644
index 00000000..028d9bcd
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/qe-ucode/qe-ucode_git.bb
@@ -0,0 +1,35 @@
1DESCRIPTION = "qe microcode binary"
2SECTION = "qe-ucode"
3LICENSE = "Freescale-EULA"
4LIC_FILES_CHKSUM = "file://EULA;md5=60037ccba533a5995e8d1a838d85799c"
5
6python () {
7 if not d.getVar("QE_UCODE", True):
8 machine = d.getVar("MACHINE", True)
9 raise bb.parse.SkipPackage("QE_UCODE not set in \
10 meta-fsl-ppc/conf/machine/%s.conf" % machine)
11}
12
13inherit deploy
14
15SRC_URI = "git://git.freescale.com/ppc/sdk/qe-ucode.git;nobranch=1"
16SRCREV= "49efc94b553de5c2a9bd28093592eff0068e161c"
17
18S = "${WORKDIR}/git"
19
20do_install () {
21 install -d ${D}/boot
22 install -m 644 ${QE_UCODE} ${D}/boot/
23}
24
25do_deploy () {
26 install -d ${DEPLOYDIR}/boot
27 install -m 644 ${QE_UCODE} ${DEPLOYDIR}/boot/
28}
29addtask deploy before do_build after do_install
30
31PACKAGES += "${PN}-image"
32FILES_${PN}-image += "/boot/*"
33ALLOW_EMPTY_${PN} = "1"
34COMPATIBLE_MACHINE = "(p1021rdb|p1025twr|t1)"
35
diff --git a/meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb b/meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb
new file mode 100644
index 00000000..5714ed0a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/rcw/rcw_git.bb
@@ -0,0 +1,47 @@
1DESCRIPTION = "Reset Control Words (RCW)"
2SECTION = "rcw"
3LICENSE = "BSD"
4PR = "r8"
5
6LIC_FILES_CHKSUM = "file://rcw.py;beginline=8;endline=28;md5=9ba0b28922dd187b06b6c8ebcfdd208e"
7
8# this package is specific to the machine itself
9INHIBIT_DEFAULT_DEPS = "1"
10PACKAGE_ARCH = "${MACHINE_ARCH}"
11
12inherit deploy
13
14SRC_URI = "git://git.freescale.com/ppc/sdk/rcw.git;nobranch=1"
15SRCREV = "3e89f378ed70e9b856756de8c3dbdfccb045fa0c"
16
17S = "${WORKDIR}/git"
18
19export PYTHON
20
21do_install () {
22 make install
23
24 M=`echo ${MACHINE} | sed s/-64b//g`
25 if [ "t1042rdb" = "${M}" ] || [ "t1042rdb-pi" = "${M}" ];then
26 M=t1042rdb_pi
27 fi
28 install -d ${D}/boot/rcw
29 cp -r ${S}/${M}/${M}/* ${D}/boot/rcw
30}
31
32do_deploy () {
33 M=`echo ${MACHINE} | sed s/-64b//g`
34 if [ "t1042rdb" = "${M}" ] || [ "t1042rdb-pi" = "${M}" ];then
35 M=t1042rdb_pi
36 fi
37 install -d ${DEPLOYDIR}/rcw
38 cp -r ${S}/${M}/${M}/* ${DEPLOYDIR}/rcw
39}
40addtask deploy after do_install
41
42PACKAGES += "${PN}-image"
43FILES_${PN}-image += "/boot"
44
45COMPATIBLE_HOST_qoriq-ppc = ".*"
46COMPATIBLE_HOST ?= "(none)"
47ALLOW_EMPTY_${PN} = "1"
diff --git a/meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch b/meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch
new file mode 100644
index 00000000..e6b8d2e5
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/u-boot/files/0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch
@@ -0,0 +1,77 @@
1From 9ba002f1b1afc7af84a352f4ecab32a30d7ba353 Mon Sep 17 00:00:00 2001
2From: Zhenhua Luo <zhenhua.luo@freescale.com>
3Date: Mon, 9 Feb 2015 18:33:56 +0800
4Subject: [PATCH] u-boot/mpc85xx/u-boot*.lds: remove _GLOBAL_OFFSET_TABLE_
5 definition
6
7In binutils-2.25, the _GLOBAL_OFFSET_TABLE_ symbols defined by PROVIDE in
8u-boot.lds overrides the linker built-in symbols
9(https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=b893397a4b1316610f49819344817715e4305de9),
10so the linker is treating _GLOBAL_OFFSET_TABLE_ as a definition into the .reloc section.
11
12To align with the change of binutils-2.25, the _GLOBAL_OFFSET_TABLE_ symbol
13should not be defined in sections, and the symbols in linker generated .got
14section should be used(https://sourceware.org/ml/binutils/2008-09/msg00122.html).
15
16Fixed the following build errors with binutils-2.25:
17| powerpc-poky-linux-gnuspe-ld.bfd: _GLOBAL_OFFSET_TABLE_ not defined in linker created .got
18
19Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
20---
21 arch/powerpc/cpu/mpc85xx/u-boot-nand.lds | 1 -
22 arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds | 1 -
23 arch/powerpc/cpu/mpc85xx/u-boot-spl.lds | 1 -
24 arch/powerpc/cpu/mpc85xx/u-boot.lds | 1 -
25 4 files changed, 4 deletions(-)
26
27diff --git a/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds b/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds
28index f933b21..0399f93 100644
29--- a/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds
30+++ b/arch/powerpc/cpu/mpc85xx/u-boot-nand.lds
31@@ -44,7 +44,6 @@ SECTIONS
32 _GOT2_TABLE_ = .;
33 KEEP(*(.got2))
34 KEEP(*(.got))
35- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4);
36 _FIXUP_TABLE_ = .;
37 KEEP(*(.fixup))
38 }
39diff --git a/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds b/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds
40index b83c553..f044564 100644
41--- a/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds
42+++ b/arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds
43@@ -22,7 +22,6 @@ SECTIONS
44 _GOT2_TABLE_ = .;
45 KEEP(*(.got2))
46 KEEP(*(.got))
47- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4);
48 _FIXUP_TABLE_ = .;
49 KEEP(*(.fixup))
50 }
51diff --git a/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds b/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds
52index 5ae7b3e..889a4c2 100644
53--- a/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds
54+++ b/arch/powerpc/cpu/mpc85xx/u-boot-spl.lds
55@@ -29,7 +29,6 @@ SECTIONS
56 _GOT2_TABLE_ = .;
57 KEEP(*(.got2))
58 KEEP(*(.got))
59- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4);
60 _FIXUP_TABLE_ = .;
61 KEEP(*(.fixup))
62 }
63diff --git a/arch/powerpc/cpu/mpc85xx/u-boot.lds b/arch/powerpc/cpu/mpc85xx/u-boot.lds
64index 2cf0b25..f15eaf3 100644
65--- a/arch/powerpc/cpu/mpc85xx/u-boot.lds
66+++ b/arch/powerpc/cpu/mpc85xx/u-boot.lds
67@@ -50,7 +50,6 @@ SECTIONS
68 _GOT2_TABLE_ = .;
69 KEEP(*(.got2))
70 KEEP(*(.got))
71- PROVIDE(_GLOBAL_OFFSET_TABLE_ = . + 4);
72 _FIXUP_TABLE_ = .;
73 KEEP(*(.fixup))
74 }
75--
762.1.0
77
diff --git a/meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch b/meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch
new file mode 100644
index 00000000..1ddc6675
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/u-boot/files/Fix-the-depend-race-issue.patch
@@ -0,0 +1,38 @@
1Upstream-Status: Pending
2
3From 301832414369b749918e0d5db850eed19b81c0fc Mon Sep 17 00:00:00 2001
4From: Zhenhua Luo <zhenhua.luo@freescale.com>
5Date: Tue, 24 Sep 2013 00:54:40 -0500
6Subject: [PATCH] Fix the depend race issue
7
8| make[3]: Entering directory `/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/arch/powerpc/cpu/mpc85xx'
9| /srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/P1022DS_NAND/spl/arch/powerpc/cpu/mpc85xx/.depend:125: *** missing separator. Stop.
10| make[3]: Leaving directory `/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/arch/powerpc/cpu/mpc85xx'
11| make[2]: *** [/srv/home/pokybuild/yocto-autobuilder-new/yocto-slave/nightly-fsl-ppc/build/build/tmp/work/p1022ds-poky-linux-gnuspe/u-boot/git-r30/git/P1022DS_NAND/spl/arch/powerpc/cpu/mpc85xx/start.o] Error 2
12| make[2]: *** Waiting for unfinished jobs....
13
14Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
15---
16 spl/Makefile | 6 +++++-
17 1 file changed, 5 insertions(+), 1 deletion(-)
18
19diff --git a/spl/Makefile b/spl/Makefile
20index 6dbb105..3156d87 100644
21--- a/spl/Makefile
22+++ b/spl/Makefile
23@@ -185,7 +185,11 @@ $(eval $(call make_u_boot_list, $(obj)u-boot.lst, $(LIBS)))
24 $(obj)u-boot-spl.lds: $(LDSCRIPT) $(obj)u-boot.lst depend
25 $(CPP) $(CPPFLAGS) $(LDPPFLAGS) -I$(obj). -ansi -D__ASSEMBLY__ -P - < $< > $@
26
27-depend: $(obj).depend
28+# Explicitly make _depend in subdirs containing multiple targets to prevent
29+# parallel sub-makes creating .depend files simultaneously.
30+depend dep: $(obj).depend
31+ for dir in $(SUBDIRS) $(CPUDIR) $(LDSCRIPT_MAKEFILE_DIR) ; do \
32+ $(MAKE) -C $(SRCTREE)/$$dir _depend ; done
33 .PHONY: depend
34
35 # defines $(obj).depend target
36--
371.8.2.1
38
diff --git a/meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb b/meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb
new file mode 100644
index 00000000..3e519e2f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-bsp/u-boot/u-boot-qoriq_2014.07.bb
@@ -0,0 +1,188 @@
1DESCRIPTION = "U-boot bootloader"
2HOMEPAGE = "http://u-boot.sf.net"
3SECTION = "bootloaders"
4PROVIDES = "virtual/bootloader u-boot"
5LICENSE = "GPLv2 & BSD-3-Clause & BSD-2-Clause & LGPL-2.0 & LGPL-2.1"
6LIC_FILES_CHKSUM = " \
7 file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
8 file://Licenses/bsd-2-clause.txt;md5=6a31f076f5773aabd8ff86191ad6fdd5 \
9 file://Licenses/bsd-3-clause.txt;md5=4a1190eac56a9db675d58ebe86eaf50c \
10 file://Licenses/lgpl-2.0.txt;md5=5f30f0716dfdd0d91eb439ebec522ec2 \
11 file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c \
12"
13
14PV = "2014.07+fslgit"
15INHIBIT_DEFAULT_DEPS = "1"
16DEPENDS = "boot-format-native libgcc ${@base_contains('TCMODE', 'external-fsl', '', 'virtual/${TARGET_PREFIX}gcc', d)}"
17
18inherit deploy
19
20SRC_URI = "git://git.freescale.com/ppc/sdk/u-boot.git;nobranch=1 \
21 file://0001-u-boot-mpc85xx-u-boot-.lds-remove-_GLOBAL_OFFSET_TAB.patch"
22SRCREV = "659b6a23a8b1f3026200bc6352dbacef53f4dcb1"
23
24python () {
25 if d.getVar("TCMODE", True) == "external-fsl":
26 return
27
28 ml = d.getVar("MULTILIB_VARIANTS", True)
29 arch = d.getVar("OVERRIDES", True)
30
31 if "e5500-64b:" in arch or "e6500-64b:" in arch:
32 if not "lib32" in ml:
33 raise bb.parse.SkipPackage("Building the u-boot for this arch requires multilib to be enabled")
34 sys_multilib = 'powerpc' + d.getVar('TARGET_VENDOR') + 'mllib32-' + d.getVar('HOST_OS')
35 d.setVar('DEPENDS_append', ' lib32-gcc-cross-powerpc lib32-libgcc')
36 d.setVar('PATH_append', ':' + d.getVar('STAGING_BINDIR_NATIVE') + '/' + sys_multilib)
37 d.setVar('TOOLCHAIN_OPTIONS_append', '/../lib32-' + d.getVar("MACHINE"))
38 d.setVar("WRAP_TARGET_PREFIX", sys_multilib + '-')
39}
40
41WRAP_TARGET_PREFIX ?= "${TARGET_PREFIX}"
42
43PACKAGE_ARCH = "${MACHINE_ARCH}"
44
45UBOOT_LOCALVERSION = "${@d.getVar('SDK_VERSION', True).partition(' ')[0]}"
46
47USRC ?= ""
48S = '${@base_conditional("USRC", "", "${WORKDIR}/git", "${USRC}", d)}'
49
50EXTRA_OEMAKE = 'CROSS_COMPILE=${WRAP_TARGET_PREFIX} CC="${WRAP_TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}"'
51
52do_compile () {
53 unset LDFLAGS
54 unset CFLAGS
55 unset CPPFLAGS
56
57 if [ ! -e ${B}/.scmversion -a ! -e ${S}/.scmversion ]
58 then
59 head=`git rev-parse --verify --short HEAD 2> /dev/null`
60 printf "%s%s%s" ${UBOOT_LOCALVERSION} +g $head > ${B}/.scmversion
61 printf "%s%s%s" ${UBOOT_LOCALVERSION} +g $head > ${S}/.scmversion
62 fi
63
64 if [ "x${UBOOT_MACHINES}" = "x" ]; then
65 UBOOT_MACHINES=${UBOOT_MACHINE}
66 fi
67
68 for board in ${UBOOT_MACHINES}; do
69 if ! grep -wq $board ${S}/boards.cfg;then
70 echo "WARNING: $board not supported in boards.cfg"
71 continue
72 fi
73
74 oe_runmake O=${board} distclean
75 oe_runmake O=${board} ${board}_config
76 oe_runmake O=${board} all
77
78 case "${board}" in
79 *SDCARD*) UBOOT_TARGET="u-boot-sd";;
80 *SPIFLASH*) UBOOT_TARGET="u-boot-spi";;
81 *NAND*) UBOOT_TARGET="u-boot-nand";;
82 *SRIO*) UBOOT_TARGET="u-boot-srio";;
83 *) UBOOT_TARGET="";;
84 esac
85
86 # deal with sd/spi/nand/srio image
87 UBOOT_SOURCE=u-boot.bin
88 if [ "x${UBOOT_TARGET}" != "x" ] && echo $board |egrep -qi "SECBOOT|SECURE"; then
89 cp ${S}/${board}/${UBOOT_SOURCE} ${S}/${board}/${UBOOT_TARGET}.bin
90 elif [ "x${UBOOT_TARGET}" != "x" ]; then
91 # some boards' final binary was not named as u-boot.bin
92 if [ "${UBOOT_TARGET}" = "u-boot-nand" ];then
93 if echo $board |egrep -q "^(BSC|C29|P10|P2020RDB)";then
94 UBOOT_SOURCE=u-boot-with-spl.bin
95 elif echo $board |egrep -q "^(B4|T1|T2|T4)";then
96 UBOOT_SOURCE=u-boot-with-spl-pbl.bin
97 elif echo $board |egrep -q "^(P2041|P3|P4|P5)";then
98 UBOOT_SOURCE=u-boot.pbl
99 fi
100 elif [ "${UBOOT_TARGET}" = "u-boot-spi" ];then
101 if echo $board |egrep -q "^(P10|P2020RDB)";then
102 UBOOT_SOURCE=u-boot-with-spl.bin
103 elif echo $board |egrep -q "^(T1|T2)";then
104 UBOOT_SOURCE=u-boot-with-spl-pbl.bin
105 elif echo $board |egrep -q "^(B4|P2041|P3|P4|P5|T4)";then
106 UBOOT_SOURCE=u-boot.pbl
107 fi
108 elif [ "${UBOOT_TARGET}" = "u-boot-sd" ];then
109 if echo $board |egrep -q "^(P10|P2020RDB)";then
110 UBOOT_SOURCE=u-boot-with-spl.bin
111 elif echo $board |egrep -q "^(B4|T1|T2|T4)";then
112 UBOOT_SOURCE=u-boot-with-spl-pbl.bin
113 elif echo $board |egrep -q "^(P2041|P3|P4|P5)";then
114 UBOOT_SOURCE=u-boot.pbl
115 fi
116 fi
117 cp ${S}/${board}/${UBOOT_SOURCE} ${S}/${board}/${UBOOT_TARGET}.bin
118
119 # use boot-format to regenerate spi image if BOOTFORMAT_CONFIG is not empty
120 if [ "${UBOOT_TARGET}" = "u-boot-spi" ] && [ -n "${BOOTFORMAT_CONFIG}" ];then
121 ${STAGING_BINDIR_NATIVE}/boot_format \
122 ${STAGING_DATADIR_NATIVE}/boot_format/${BOOTFORMAT_CONFIG} \
123 ${S}/${board}/${UBOOT_SOURCE} -spi ${S}/${board}/${UBOOT_TARGET}.bin
124 fi
125 fi
126 done
127}
128
129do_install(){
130 if [ "x${UBOOT_MACHINES}" = "x" ]; then
131 UBOOT_MACHINES=${UBOOT_MACHINE}
132 fi
133
134 for board in ${UBOOT_MACHINES}; do
135 if ! grep -wq $board ${S}/boards.cfg;then
136 continue
137 fi
138
139 case "${board}" in
140 *SDCARD*) UBOOT_TARGET="u-boot-sd";;
141 *SPIFLASH*) UBOOT_TARGET="u-boot-spi";;
142 *NAND*) UBOOT_TARGET="u-boot-nand";;
143 *SRIO*) UBOOT_TARGET="u-boot-srio";;
144 *) UBOOT_TARGET="u-boot";;
145 esac
146
147 if [ -f ${S}/${board}/${UBOOT_TARGET}.bin ]; then
148 mkdir -p ${D}/boot/
149 install ${S}/${board}/${UBOOT_TARGET}.bin ${D}/boot/${UBOOT_TARGET}-${board}-${PV}-${PR}.bin
150 ln -sf ${UBOOT_TARGET}-${board}-${PV}-${PR}.bin ${D}/boot/${UBOOT_TARGET}.bin
151 fi
152 done
153}
154
155do_deploy(){
156 if [ "x${UBOOT_MACHINES}" = "x" ]; then
157 UBOOT_MACHINES=${UBOOT_MACHINE}
158 fi
159
160 for board in ${UBOOT_MACHINES}; do
161 if ! grep -wq $board ${S}/boards.cfg;then
162 continue
163 fi
164
165 case "${board}" in
166 *SDCARD*) UBOOT_TARGET="u-boot-sd";;
167 *SPIFLASH*) UBOOT_TARGET="u-boot-spi";;
168 *NAND*) UBOOT_TARGET="u-boot-nand";;
169 *SRIO*) UBOOT_TARGET="u-boot-srio";;
170 *) UBOOT_TARGET="u-boot";;
171 esac
172
173 if [ -f ${S}/${board}/${UBOOT_TARGET}.bin ]; then
174 mkdir -p ${DEPLOYDIR}
175 install ${S}/${board}/${UBOOT_TARGET}.bin ${DEPLOYDIR}/${UBOOT_TARGET}-${board}-${PV}-${PR}.bin
176
177 cd ${DEPLOYDIR}
178 rm -f ${UBOOT_TARGET}-${board}.bin
179 ln -sf ${UBOOT_TARGET}-${board}-${PV}-${PR}.bin ${UBOOT_TARGET}-${board}.bin
180 fi
181 done
182}
183addtask deploy after do_install
184
185PACKAGES += "${PN}-images"
186FILES_${PN}-images += "/boot"
187
188ALLOW_EMPTY_${PN} = "1"
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
new file mode 100644
index 00000000..9578982d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
@@ -0,0 +1,77 @@
1test_setkey script usage
2
3The scripts in this directory may be used for testing
4native Linux IPsec with the talitos driver as a loadable module.
5
6It's assumed that these scripts have been placed in the directory
7named /test_setkey.
8
9The scripts setup_left and setup_right configure the ip addresses
10for two boards named 'left' and 'right', which are two gateways for
11an IPsec tunnel. Connect the eth1 interfaces of left and right boards together.
12For smartbits testing, connect eth0 on each board to a smartbits port.
13For other testing (ping, netperf, iperf), connect eth0 on each board to another system.
14
15The scripts named left.conf-* and right.conf-* are setkey scripts
16which configure the IPsec SA and SPD entries.
17The scripts ending in -tunnel use tunnel mode IPsec, and the scripts
18ending in -transport used transport mode IPsec.
19Transport mode is useful for quickly testing security functionality
20using ping or netperf between two boards.
21Tunnel mode can be used for testing throughput using smartbits or other
22performance test equipment.
23
24There is a top level script called 'setup' which
25is used for a one-step setup on the left and right boards.
26'setup' uses two or three parameters. The first parameter is the side, left or right.
27The second parameter is the setkey suffix for the left.conf- and right.conf- files.
28If the third parameter is supplied, the setup will modprobe that name, so
29typically you should provide talitos as the third parameter if you want to load the driver.
30If you have built the talitos driver into the kernel, omit the third parameter to setup.
31You may test software encryption if talitos is built as a module and you omit the third parameter.
32
33Below are example uses of the 'setup' script.
34
351) One-step setup for smartbits
36 Use a tunnel mode setup on each side.
37 AES-HMAC-SHA1:
38 Left side:
39 /test_setkey/setup left aes-sha1-tunnel talitos
40 Right side:
41 /test_setkey/setup right aes-sha1-tunnel talitos
42
43 3DES-HMAC-SHA1:
44 Left side:
45 /test_setkey/setup left 3des-sha1-tunnel talitos
46 Right side:
47 /test_setkey/setup right 3des-sha1-tunnel talitos
48
492) One-step setup for testing ping, netperf, or iperf between two boards.
50 Use a transport mode setup on each side.
51 AES-HMAC-SHA1:
52 Left side:
53 /test_setkey/setup left aes-sha1-transport talitos
54 Right side:
55 /test_setkey/setup right aes-sha1-transport talitos
56
57 3DES-HMAC-SHA1:
58 Left side:
59 /test_setkey/setup left 3des-sha1-transport talitos
60 Right side:
61 /test_setkey/setup right 3des-sha1-transport talitos
62
633) Testing ipv4
64 To test ipv4 (with no security) over the two gateways, use steps below.
65 Testing ipv4 is helpful to get your smartbits configuration verified
66 and also establish a baseline performance for throughput.
67
68 On the left board:
69 cd /test_setkey
70 ./setup_left
71 ./left.ipv4
72
73 On the right board:
74 cd /test_setkey
75 ./setup_right
76 ./right.ipv4
77
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..6bd6c5d8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel
@@ -0,0 +1,32 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..eebf307a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel
@@ -0,0 +1,31 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board B setup
18# Flush the SAD and SPD
19flush;
20spdflush;
21
22# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
23#
24# Security policies
25
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
new file mode 100755
index 00000000..0be30562
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey
@@ -0,0 +1,4 @@
1#!/usr/sbin/setkey -f
2
3flush;
4spdflush;
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
new file mode 100644
index 00000000..d9d6c0c6
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left
@@ -0,0 +1,29 @@
1# /etc/ipsec.conf - strongSwan IPsec configuration file
2
3config setup
4 charondebug="chd 2, knl 2"
5 crlcheckinterval=180
6 strictcrlpolicy=no
7 plutostart=no
8
9conn %default
10 ikelifetime=60m
11 keylife=20m
12 rekeymargin=3m
13 keyingtries=1
14 keyexchange=ikev2
15 type=tunnel
16 auth=esp
17 compress=no
18 mobike=no
19
20conn net-net
21 left=200.200.200.10
22 leftsubnet=192.168.1.0/24
23 leftcert=moonCert.pem
24 leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
25 leftfirewall=yes
26 right=200.200.200.20
27 rightsubnet=192.168.2.0/24
28 rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
29 auto=add
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
new file mode 100644
index 00000000..c14dee2b
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right
@@ -0,0 +1,28 @@
1# /etc/ipsec.conf - strongSwan IPsec configuration file
2
3config setup
4 charondebug="chd 2, knl 2"
5 crlcheckinterval=180
6 strictcrlpolicy=no
7 plutostart=no
8
9conn %default
10 ikelifetime=60m
11 keylife=20m
12 rekeymargin=3m
13 keyingtries=1
14 keyexchange=ikev2
15 auth=esp
16 compress=no
17 mobike=no
18
19conn net-net
20 left=200.200.200.20
21 leftcert=sunCert.pem
22 leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
23 leftsubnet=192.168.2.0/24
24 leftfirewall=yes
25 right=200.200.200.10
26 rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
27 rightsubnet=192.168.1.0/24
28 auto=add
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
new file mode 100644
index 00000000..e86d6aa5
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left
@@ -0,0 +1,3 @@
1# /etc/ipsec.secrets - strongSwan IPsec secrets file
2
3: RSA moonKey.pem
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
new file mode 100644
index 00000000..1095b74c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right
@@ -0,0 +1,8 @@
1# /etc/ipsec.secrets - strongSwan IPsec secrets file
2
3: RSA sunKey.pem
4
5
6
7
8
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
new file mode 100644
index 00000000..55025dbc
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left
@@ -0,0 +1,39 @@
1# /etc/ipsec.conf - strongSwan IPsec configuration file
2
3config setup
4 plutodebug=control
5 crlcheckinterval=180
6 strictcrlpolicy=no
7 charonstart=no
8
9conn %default
10 ikelifetime=60m
11 keylife=20m
12 rekeymargin=3m
13 keyingtries=1
14 keyexchange=ikev1
15 left=200.200.200.10
16 leftcert=moonCert.pem
17 leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
18 leftfirewall=yes
19
20conn net-net
21 left=%defaultroute
22 leftsubnet=192.168.1.0/24
23 leftcert=moonCert.pem
24 right=200.200.200.20
25 rightsubnet=192.168.2.0/24
26 rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
27 auto=add
28
29conn host-host
30 left=%defaultroute
31 leftcert=moonCert.pem
32 right=200.200.200.20
33 rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
34 auto=add
35
36conn rw
37 leftsubnet=192.168.1.0/24
38 right=%any
39 auto=add
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
new file mode 100644
index 00000000..479791ea
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right
@@ -0,0 +1,34 @@
1# /etc/ipsec.conf - strongSwan IPsec configuration file
2
3config setup
4 plutodebug=control
5 crlcheckinterval=180
6 strictcrlpolicy=no
7 charonstart=no
8
9conn %default
10 ikelifetime=60m
11 keylife=20m
12 rekeymargin=3m
13 keyingtries=1
14 keyexchange=ikev1
15 left=200.200.200.20
16 leftcert=sunCert.pem
17 leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
18 leftfirewall=yes
19
20conn net-net
21 left=%defaultroute
22 leftsubnet=192.168.2.0/24
23 leftcert=sunCert.pem
24 right=200.200.200.10
25 rightsubnet=192.168.1.0/24
26 rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
27 auto=add
28
29conn host-host
30 left=%defaultroute
31 leftcert=sunCert.pem
32 right=200.200.200.10
33 rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
34 auto=add
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
new file mode 100755
index 00000000..5422771b
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-md5 authentication using 128 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
new file mode 100755
index 00000000..52bf9c3f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-md5 authentication using 128 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
new file mode 100755
index 00000000..e5ee0054
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha1 authentication using 160 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
16
17spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
18 esp/transport//require;
19
20spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
21 esp/transport//require;
22
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..eb2881db
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-sha1 authentication using 160 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
new file mode 100755
index 00000000..b5286320
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha2-256 authentication using 256 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
new file mode 100755
index 00000000..e7726f08
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-sha2-256 authentication using 256 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
36 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
38
39add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
40 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
new file mode 100755
index 00000000..96f57837
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-md5 authentication using 128 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
new file mode 100755
index 00000000..b2cf84bf
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-md5 authentication using 128 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
new file mode 100755
index 00000000..f3ffaf5c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha1 authentication using 160 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
16
17spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
18 esp/transport//require;
19
20spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
21 esp/transport//require;
22
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
new file mode 100755
index 00000000..1ab7874f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-sha1 authentication using 160 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
new file mode 100755
index 00000000..d2645d6f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha2-256 authentication using 256 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
new file mode 100755
index 00000000..8ed697d1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-sha2-256 authentication using 256 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
36 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
38
39add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
40 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
new file mode 100755
index 00000000..84275d07
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.10
3
4flush;
5spdflush;
6
7# ESP SAs doing null encryption
8# and null authentication
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E null
11 -A null;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E null
15 -A null;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P in ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P out ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
new file mode 100755
index 00000000..478d14a8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
24#
25# Security policies
26spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.10-200.200.200.20/require;
28
29spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.20-200.200.200.10/require;
31
32
33# ESP SAs doing null encryption
34# and null authentication
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E null
37 -A null;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E null
41 -A null;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
new file mode 100755
index 00000000..e219f2ad
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4
@@ -0,0 +1,2 @@
1set -v
2route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
new file mode 100644
index 00000000..d5c970f4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem
@@ -0,0 +1,25 @@
1-----BEGIN CERTIFICATE-----
2MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE
5BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
6c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
7L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+
8SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY
9YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+
107TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3
11Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb
12A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE
13AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU
14XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
15ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
16AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr
17BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
18b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV
19jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML
20o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq
21wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz
22p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9
2325cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY
247QTufOwP
25-----END CERTIFICATE-----
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
new file mode 100644
index 00000000..4d99866f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem
@@ -0,0 +1,27 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm
3MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ
4qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1
5ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR
6fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN
72UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9
8K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7
9mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc
10ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f
11XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy
12Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx
13J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj
14zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0
158FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT
1661ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo
17PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug
18bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b
19eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1
20ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am
21DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt
22v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0
23fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw
24y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC
25h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2
26cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY
27-----END RSA PRIVATE KEY-----
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
new file mode 100755
index 00000000..faefb245
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh
@@ -0,0 +1,19 @@
1#!/bin/bash
2#
3# Usage: ./pingsizes.sh 1440 20 (or greater)
4#
5
6PINGDEST=${PINGDEST:-200.200.200.10}
7k=$1
8lim="$((k+$2))"
9((k-=1))
10while [ "$k" != "$lim" ] ; do
11 echo -n "ping -s $((k+=1)) : "
12 ping -i 1000 -c 1 -s $k $PINGDEST | grep packets &
13 sleep 1
14 PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
15 if [ -n "$PID" ] ; then
16 echo "****************** killing $PID"
17 kill $PID > /dev/null
18 fi
19done
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
new file mode 100755
index 00000000..d5ff0f7d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh
@@ -0,0 +1,19 @@
1#!/bin/bash
2#
3# Usage: ./pingsizes.sh 1440 20 (or greater)
4#
5
6PINGDEST=${PINGDEST:-200.200.200.10}
7k=$1
8lim="$((k+$2))"
9((k-=1))
10while [ "$k" != "$lim" ] ; do
11 echo ping -s $((k+=1))
12 ping -i 1000 -c 1 -s $k $PINGDEST &
13 sleep 1
14 PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2`
15 if [ -n "$PID" ] ; then
16 echo "****************** killing $PID"
17 kill $PID
18 fi
19done
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
new file mode 100644
index 00000000..46c1ff41
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt
@@ -0,0 +1,2 @@
1200.200.200.20 secretkeyracoon
2200.200.200.10 secretkeyracoon
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
new file mode 100644
index 00000000..cf561f51
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf
@@ -0,0 +1,22 @@
1path pre_shared_key "/test_setkey/psk.txt" ;
2
3 remote anonymous
4 {
5 exchange_mode main ;
6 lifetime time 1 hour ;
7 proposal {
8 encryption_algorithm 3des;
9 hash_algorithm sha1;
10 authentication_method pre_shared_key ;
11 dh_group 2 ;
12 }
13 }
14
15 sainfo anonymous
16 {
17 pfs_group 2;
18 lifetime time 1 hour ;
19 encryption_algorithm 3des ;
20 authentication_algorithm hmac_sha1 ;
21 compression_algorithm deflate ;
22 }
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
new file mode 100755
index 00000000..7f82fb46
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-md5 authentication using 128 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
new file mode 100755
index 00000000..5a752579
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board B setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
24#
25# Security policies
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-md5 authentication using 128 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
new file mode 100755
index 00000000..6ef885d4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport
@@ -0,0 +1,22 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha1 authentication using 160 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
16
17# Security policies
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
new file mode 100755
index 00000000..16c31578
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel
@@ -0,0 +1,41 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board B setup
18# Flush the SAD and SPD
19flush;
20spdflush;
21
22# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
23#
24# Security policies
25
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
33# and hmac-sha1 authentication using 160 bit long keys
34add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
35 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
36 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
37
38add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
39 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
40 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
41
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
new file mode 100755
index 00000000..b9772092
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha2-256 authentication using 256 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
new file mode 100755
index 00000000..e7c5b4e6
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
24#
25# Security policies
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-sha2-256 authentication using 256 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
36 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
38
39add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
40 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
new file mode 100755
index 00000000..5d55d001
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-md5 authentication using 128 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
new file mode 100755
index 00000000..f49bd54a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board B setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
24#
25# Security policies
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-md5 authentication using 128 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
new file mode 100755
index 00000000..d9c65a45
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport
@@ -0,0 +1,22 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha1 authentication using 160 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
16
17# Security policies
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
new file mode 100755
index 00000000..1f10136a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel
@@ -0,0 +1,41 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board B setup
18# Flush the SAD and SPD
19flush;
20spdflush;
21
22# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
23#
24# Security policies
25
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
33# and hmac-sha1 authentication using 160 bit long keys
34add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
35 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
36 -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3;
37
38add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
39 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
40 -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21;
41
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
new file mode 100755
index 00000000..817a8bd4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
8# and hmac-sha2-256 authentication using 256 bit long keys
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
11 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
15 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
new file mode 100755
index 00000000..9bca18fb
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board A setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
24#
25# Security policies
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32
33# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
34# and hmac-sha2-256 authentication using 256 bit long keys
35add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel
36 -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
37 -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198;
38
39add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel
40 -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
41 -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
new file mode 100755
index 00000000..26dfe2e1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport
@@ -0,0 +1,23 @@
1#!/usr/sbin/setkey -f
2#I am 200.200.200.20
3
4flush;
5spdflush;
6
7# ESP SAs doing null encryption
8# and null authentication
9add 200.200.200.10 200.200.200.20 esp 0x10513
10 -E null
11 -A null;
12
13add 200.200.200.20 200.200.200.10 esp 0x10514
14 -E null
15 -A null;
16
17
18spdadd 200.200.200.20 200.200.200.10 any -P out ipsec
19 esp/transport//require;
20
21spdadd 200.200.200.10 200.200.200.20 any -P in ipsec
22 esp/transport//require;
23
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
new file mode 100755
index 00000000..bc4f38eb
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel
@@ -0,0 +1,42 @@
1#!/usr/sbin/setkey -f
2#
3#
4# Example ESP Tunnel for VPN.
5#
6# ========= ESP =========
7# | |
8# Network-A Gateway-A Gateway-B Network-B
9# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24
10#
11# ====== 83xx board A ====== ===== 83xx board B =====
12# | | | |
13# eth0 eth1 eth1 eth0
14# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130
15#
16#
17# Board B setup
18#
19# Flush the SAD and SPD
20flush;
21spdflush;
22
23# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20)
24#
25# Security policies
26spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec
27 esp/tunnel/200.200.200.20-200.200.200.10/require;
28
29spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec
30 esp/tunnel/200.200.200.10-200.200.200.20/require;
31
32
33# ESP SAs doing null encryption
34# and null authentication
35add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel
36 -E null
37 -A null;
38
39add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel
40 -E null
41 -A null;
42
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
new file mode 100755
index 00000000..67cd1b2c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4
@@ -0,0 +1,2 @@
1set -v
2route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
new file mode 100755
index 00000000..9e6fa7fa
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup
@@ -0,0 +1,47 @@
1# setup - quick setup for left or right side of ipsec test
2# see README for example use.
3
4SCRIPT_HOME=/test_setkey/
5cd $SCRIPT_HOME
6
7export PATH=$SCRIPT_HOME:$PATH
8
9if [ "$1" != "left" -a "$1" != "right" ] ; then
10 echo "Usage: $0 side [config] [driver]"
11 echo " where side is either left or right."
12 echo " where config is either"
13 echo " aes-sha1-tunnel (default)"
14 echo " or 3des-sha1-tunnel"
15 echo " if driver is supplied, script does 'modprobe driver'"
16 exit 1
17fi
18
19SIDE=$1
20POLICY_CFG=$SIDE.conf
21DEFAULT_POLICY=aes-sha1-tunnel
22
23if [ -n "$2" ] ; then
24 POLICY=$2
25else
26 POLICY=$DEFAULT_POLICY
27fi
28
29SETKEY_FILE=$POLICY_CFG-$POLICY
30
31if [ ! -f $SETKEY_FILE ] ; then
32 echo "Missing setkey command file: $SETKEY_FILE"
33 exit 1
34fi
35
36# modprobe any driver name given as last parameter
37if [ -n "$3" ] ; then
38 modprobe $3
39fi
40
41SETUP_CMD_FILE=./setup_$SIDE
42. $SETUP_CMD_FILE
43
44$SETKEY_FILE
45
46setkey -D
47setkey -D -P
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
new file mode 100755
index 00000000..da769099
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left
@@ -0,0 +1,13 @@
1# board on left setup
2set -v
3ifconfig eth0 down
4ifconfig eth0 hw ether 00:04:9F:11:22:33
5ifconfig eth0 192.168.1.130 netmask 255.255.255.0
6ifconfig eth0 up
7ifconfig eth1 down
8ifconfig eth1 hw ether 00:E0:0C:00:7D:FD
9ifconfig eth1 200.200.200.10 netmask 255.255.255.0
10ifconfig eth1 up
11arp -s 192.168.1.21 00:00:00:00:00:01
12route add default dev eth1
13echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
new file mode 100755
index 00000000..f0e333ee
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right
@@ -0,0 +1,13 @@
1# board on right setup
2set -v
3ifconfig eth0 down
4ifconfig eth0 hw ether 00:E0:0C:00:01:FD
5ifconfig eth0 192.168.2.130 netmask 255.255.255.0
6ifconfig eth0 up
7ifconfig eth1 down
8ifconfig eth1 hw ether 00:E0:0C:00:00:FD
9ifconfig eth1 200.200.200.20 netmask 255.255.255.0
10ifconfig eth1 up
11arp -s 192.168.2.21 00:00:00:00:00:02
12route add default dev eth1
13echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
new file mode 100644
index 00000000..1701f4ab
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf
@@ -0,0 +1,19 @@
1# strongswan.conf - strongSwan configuration file
2
3charon {
4 load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
5 multiple_authentication = no
6}
7
8pluto {
9
10 # plugins to load in pluto
11 #load = aes des sha1 md5 sha2 hmac gmp random pubkey
12
13}
14
15libstrongswan {
16
17 # set to no, the DH exponent size is optimized
18 # dh_exponent_ansi_x9_42 = no
19}
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
new file mode 100644
index 00000000..0865ad22
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem
@@ -0,0 +1,22 @@
1-----BEGIN CERTIFICATE-----
2MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE
5BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
6Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
7X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
8FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
94YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
107P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
11gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
12K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG
13A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j
14BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw
15FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv
16b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in
17Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n
181Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y
19vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si
207luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa
21Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=
22-----END CERTIFICATE-----
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
new file mode 100755
index 00000000..e55c3e42
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left
@@ -0,0 +1,10 @@
1#strongswan on left board
2set -v
3cp -rf ipsec.conf.left /etc/ipsec.conf
4cp -rf ipsec.secrets.left /etc/ipsec.secrets
5cp -rf strongswan.conf /etc/
6cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
7cp -rf moonCert.pem /etc/ipsec.d/certs/
8mkdir /etc/ipsec.d/private
9cp -rf sunKey.pem /etc/ipsec.d/private/
10cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
new file mode 100755
index 00000000..bcdbb731
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right
@@ -0,0 +1,10 @@
1#strongswan on left board
2set -v
3cp -rf ipsec.conf.right /etc/ipsec.conf
4cp -rf ipsec.secrets.right /etc/ipsec.secrets
5cp -rf strongswan.conf /etc/
6cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/
7cp -rf sunCert.pem /etc/ipsec.d/certs/
8mkdir /etc/ipsec.d/private
9cp -rf sunKey.pem /etc/ipsec.d/private/
10cp -rf moonKey.pem /etc/ipsec.d/private/
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
new file mode 100644
index 00000000..d0937bab
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem
@@ -0,0 +1,25 @@
1-----BEGIN CERTIFICATE-----
2MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
3MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
4b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE
5BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
6dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V
7VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68
8oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y
9h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4
109YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4
11e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb
128WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
13AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd
14p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
15EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
16ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
17BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
18Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA
19FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF
200pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5
21ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat
22Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul
23fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5
24G/jGGA==
25-----END CERTIFICATE-----
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
new file mode 100644
index 00000000..d8fad9aa
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem
@@ -0,0 +1,27 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB
3eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+
4mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV
5sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK
63V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ
7mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl
8QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw
9HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH
10eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54
11/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/
12RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc
13Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY
14Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/
15Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h
16BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv
17NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF
18wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc
19JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78
205gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf
21mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi
22N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr
23r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX
24jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy
25gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV
26zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ==
27-----END RSA PRIVATE KEY-----
diff --git a/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
new file mode 100644
index 00000000..56070605
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb
@@ -0,0 +1,25 @@
1SUMMARY = "Scripts and configuration files for ipsec demo"
2LICENSE = "MIT"
3LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
4
5RDEPENDS_${PN} = "ipsec-tools"
6
7inherit allarch
8
9SRC_URI = "file://test_setkey"
10
11do_configure() {
12 :
13}
14
15do_compile() {
16 :
17}
18
19do_install(){
20 install -d ${D}${datadir}
21 cp -a ${WORKDIR}/test_setkey ${D}${datadir}/
22}
23
24FILES_${PN} = "${datadir}/*"
25
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
new file mode 100644
index 00000000..233cf6e2
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch
@@ -0,0 +1,83 @@
1From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 10 Sep 2013 12:46:46 +0300
4Subject: [PATCH 01/17] remove double initialization of cryptodev engine
5
6cryptodev engine is initialized together with the other engines in
7ENGINE_load_builtin_engines. The initialization done through
8OpenSSL_add_all_algorithms is redundant.
9
10Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
11Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
12Reviewed-on: http://git.am.freescale.net:8181/17222
13---
14 crypto/engine/eng_all.c | 11 -----------
15 crypto/engine/engine.h | 4 ----
16 crypto/evp/c_all.c | 5 -----
17 util/libeay.num | 2 +-
18 4 files changed, 1 insertion(+), 21 deletions(-)
19
20diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
21index 6093376..f16c043 100644
22--- a/crypto/engine/eng_all.c
23+++ b/crypto/engine/eng_all.c
24@@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void)
25 #endif
26 ENGINE_register_all_complete();
27 }
28-
29-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
30-void ENGINE_setup_bsd_cryptodev(void) {
31- static int bsd_cryptodev_default_loaded = 0;
32- if (!bsd_cryptodev_default_loaded) {
33- ENGINE_load_cryptodev();
34- ENGINE_register_all_complete();
35- }
36- bsd_cryptodev_default_loaded=1;
37-}
38-#endif
39diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
40index f8be497..237a6c9 100644
41--- a/crypto/engine/engine.h
42+++ b/crypto/engine/engine.h
43@@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
44 * values. */
45 void *ENGINE_get_static_state(void);
46
47-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
48-void ENGINE_setup_bsd_cryptodev(void);
49-#endif
50-
51 /* BEGIN ERROR CODES */
52 /* The following lines are auto generated by the script mkerr.pl. Any changes
53 * made after this point may be overwritten when the script is next run.
54diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
55index 766c4ce..5d6c21b 100644
56--- a/crypto/evp/c_all.c
57+++ b/crypto/evp/c_all.c
58@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
59 OPENSSL_cpuid_setup();
60 OpenSSL_add_all_ciphers();
61 OpenSSL_add_all_digests();
62-#ifndef OPENSSL_NO_ENGINE
63-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
64- ENGINE_setup_bsd_cryptodev();
65-# endif
66-#endif
67 }
68diff --git a/util/libeay.num b/util/libeay.num
69index aa86b2b..ae50040 100755
70--- a/util/libeay.num
71+++ b/util/libeay.num
72@@ -2801,7 +2801,7 @@ BIO_indent 3242 EXIST::FUNCTION:
73 BUF_strlcpy 3243 EXIST::FUNCTION:
74 OpenSSLDie 3244 EXIST::FUNCTION:
75 OPENSSL_cleanse 3245 EXIST::FUNCTION:
76-ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
77+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION:
78 ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
79 EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
80 FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
81--
821.8.3.1
83
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
new file mode 100644
index 00000000..0b77bfa8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
@@ -0,0 +1,317 @@
1From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 29 Aug 2013 16:51:18 +0300
4Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload
5
6- aes-128-cbc-hmac-sha1
7- aes-256-cbc-hmac-sha1
8
9Requires TLS patches on cryptodev and TLS algorithm support in Linux
10kernel driver.
11
12Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f
13Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
14Reviewed-on: http://git.am.freescale.net:8181/17223
15---
16 crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++---
17 1 file changed, 211 insertions(+), 11 deletions(-)
18
19diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
20index 5a715ac..7588a28 100644
21--- a/crypto/engine/eng_cryptodev.c
22+++ b/crypto/engine/eng_cryptodev.c
23@@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void)
24 struct dev_crypto_state {
25 struct session_op d_sess;
26 int d_fd;
27+ unsigned char *aad;
28+ unsigned int aad_len;
29+ unsigned int len;
30
31 #ifdef USE_CRYPTODEV_DIGESTS
32 char dummy_mac_key[HASH_MAX_LEN];
33@@ -140,17 +143,20 @@ static struct {
34 int nid;
35 int ivmax;
36 int keylen;
37+ int mackeylen;
38 } ciphers[] = {
39- { CRYPTO_ARC4, NID_rc4, 0, 16, },
40- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
41- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
42- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
43- { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
44- { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
45- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
46- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
47- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
48- { 0, NID_undef, 0, 0, },
49+ { CRYPTO_ARC4, NID_rc4, 0, 16, 0},
50+ { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0},
51+ { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0},
52+ { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0},
53+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0},
54+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0},
55+ { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0},
56+ { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0},
57+ { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
58+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
59+ { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
60+ { 0, NID_undef, 0, 0, 0},
61 };
62
63 #ifdef USE_CRYPTODEV_DIGESTS
64@@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids)
65 }
66 memset(&sess, 0, sizeof(sess));
67 sess.key = (caddr_t)"123456789abcdefghijklmno";
68+ sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO";
69
70 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
71 if (ciphers[i].nid == NID_undef)
72 continue;
73 sess.cipher = ciphers[i].id;
74 sess.keylen = ciphers[i].keylen;
75- sess.mac = 0;
76+ sess.mackeylen = ciphers[i].mackeylen;
77+
78 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
79 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
80 nids[count++] = ciphers[i].nid;
81@@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
82 return (1);
83 }
84
85+
86+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
87+ const unsigned char *in, size_t len)
88+{
89+ struct crypt_auth_op cryp;
90+ struct dev_crypto_state *state = ctx->cipher_data;
91+ struct session_op *sess = &state->d_sess;
92+ const void *iiv;
93+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
94+
95+ if (state->d_fd < 0)
96+ return (0);
97+ if (!len)
98+ return (1);
99+ if ((len % ctx->cipher->block_size) != 0)
100+ return (0);
101+
102+ memset(&cryp, 0, sizeof(cryp));
103+
104+ /* TODO: make a seamless integration with cryptodev flags */
105+ switch (ctx->cipher->nid) {
106+ case NID_aes_128_cbc_hmac_sha1:
107+ case NID_aes_256_cbc_hmac_sha1:
108+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
109+ }
110+ cryp.ses = sess->ses;
111+ cryp.len = state->len;
112+ cryp.src = (caddr_t) in;
113+ cryp.dst = (caddr_t) out;
114+ cryp.auth_src = state->aad;
115+ cryp.auth_len = state->aad_len;
116+
117+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
118+
119+ if (ctx->cipher->iv_len) {
120+ cryp.iv = (caddr_t) ctx->iv;
121+ if (!ctx->encrypt) {
122+ iiv = in + len - ctx->cipher->iv_len;
123+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
124+ }
125+ } else
126+ cryp.iv = NULL;
127+
128+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
129+ /* XXX need better errror handling
130+ * this can fail for a number of different reasons.
131+ */
132+ return (0);
133+ }
134+
135+ if (ctx->cipher->iv_len) {
136+ if (ctx->encrypt)
137+ iiv = out + len - ctx->cipher->iv_len;
138+ else
139+ iiv = save_iv;
140+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
141+ }
142+ return (1);
143+}
144+
145+
146 static int
147 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
148 const unsigned char *iv, int enc)
149@@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
150 return (1);
151 }
152
153+/* Save the encryption key provided by upper layers.
154+ *
155+ * This function is called by EVP_CipherInit_ex to initialize the algorithm's
156+ * extra data. We can't do much here because the mac key is not available.
157+ * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter
158+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
159+ * with both the crypto and hmac keys.
160+ */
161+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
162+ const unsigned char *key, const unsigned char *iv, int enc)
163+{
164+ struct dev_crypto_state *state = ctx->cipher_data;
165+ struct session_op *sess = &state->d_sess;
166+ int cipher = -1, i;
167+
168+ for (i = 0; ciphers[i].id; i++)
169+ if (ctx->cipher->nid == ciphers[i].nid &&
170+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
171+ ctx->key_len == ciphers[i].keylen) {
172+ cipher = ciphers[i].id;
173+ break;
174+ }
175+
176+ if (!ciphers[i].id) {
177+ state->d_fd = -1;
178+ return (0);
179+ }
180+
181+ memset(sess, 0, sizeof(struct session_op));
182+
183+ sess->key = (caddr_t)key;
184+ sess->keylen = ctx->key_len;
185+ sess->cipher = cipher;
186+
187+ /* for whatever reason, (1) means success */
188+ return (1);
189+}
190+
191+
192 /*
193 * free anything we allocated earlier when initting a
194 * session, and close the session.
195@@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
196 return (ret);
197 }
198
199+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
200+ void *ptr)
201+{
202+ switch (type) {
203+ case EVP_CTRL_AEAD_SET_MAC_KEY:
204+ {
205+ /* TODO: what happens with hmac keys larger than 64 bytes? */
206+ struct dev_crypto_state *state = ctx->cipher_data;
207+ struct session_op *sess = &state->d_sess;
208+
209+ if ((state->d_fd = get_dev_crypto()) < 0)
210+ return (0);
211+
212+ /* the rest should have been set in cryptodev_init_aead_key */
213+ sess->mackey = ptr;
214+ sess->mackeylen = arg;
215+
216+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
217+ put_dev_crypto(state->d_fd);
218+ state->d_fd = -1;
219+ return (0);
220+ }
221+ return (1);
222+ }
223+ case EVP_CTRL_AEAD_TLS1_AAD:
224+ {
225+ /* ptr points to the associated data buffer of 13 bytes */
226+ struct dev_crypto_state *state = ctx->cipher_data;
227+ unsigned char *p = ptr;
228+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
229+ unsigned int maclen, padlen;
230+ unsigned int bs = ctx->cipher->block_size;
231+
232+ state->aad = ptr;
233+ state->aad_len = arg;
234+ state->len = cryptlen;
235+
236+ /* TODO: this should be an extension of EVP_CIPHER struct */
237+ switch (ctx->cipher->nid) {
238+ case NID_aes_128_cbc_hmac_sha1:
239+ case NID_aes_256_cbc_hmac_sha1:
240+ maclen = SHA_DIGEST_LENGTH;
241+ }
242+
243+ /* space required for encryption (not only TLS padding) */
244+ padlen = maclen;
245+ if (ctx->encrypt) {
246+ cryptlen += maclen;
247+ padlen += bs - (cryptlen % bs);
248+ }
249+ return padlen;
250+ }
251+ default:
252+ return -1;
253+ }
254+}
255+
256 /*
257 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
258 * gets called when libcrypto requests a cipher NID.
259@@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
260 NULL
261 };
262
263+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
264+ NID_aes_128_cbc_hmac_sha1,
265+ 16, 16, 16,
266+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
267+ cryptodev_init_aead_key,
268+ cryptodev_aead_cipher,
269+ cryptodev_cleanup,
270+ sizeof(struct dev_crypto_state),
271+ EVP_CIPHER_set_asn1_iv,
272+ EVP_CIPHER_get_asn1_iv,
273+ cryptodev_cbc_hmac_sha1_ctrl,
274+ NULL
275+};
276+
277+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
278+ NID_aes_256_cbc_hmac_sha1,
279+ 16, 32, 16,
280+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
281+ cryptodev_init_aead_key,
282+ cryptodev_aead_cipher,
283+ cryptodev_cleanup,
284+ sizeof(struct dev_crypto_state),
285+ EVP_CIPHER_set_asn1_iv,
286+ EVP_CIPHER_get_asn1_iv,
287+ cryptodev_cbc_hmac_sha1_ctrl,
288+ NULL
289+};
290 /*
291 * Registered by the ENGINE when used to find out how to deal with
292 * a particular NID in the ENGINE. this says what we'll do at the
293@@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
294 case NID_aes_256_cbc:
295 *cipher = &cryptodev_aes_256_cbc;
296 break;
297+ case NID_aes_128_cbc_hmac_sha1:
298+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
299+ break;
300+ case NID_aes_256_cbc_hmac_sha1:
301+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
302+ break;
303 default:
304 *cipher = NULL;
305 break;
306@@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void)
307 }
308 put_dev_crypto(fd);
309
310+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
311+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
312 if (!ENGINE_set_id(engine, "cryptodev") ||
313 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
314 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
315--
3161.8.3.1
317
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
new file mode 100644
index 00000000..b31668e1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch
@@ -0,0 +1,64 @@
1From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 31 Jul 2014 14:06:19 +0300
4Subject: [PATCH 03/17] cryptodev: fix algorithm registration
5
6Cryptodev specific algorithms must register only if available in kernel.
7
8Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808
9Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
10Reviewed-on: http://git.am.freescale.net:8181/15326
11Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
12Reviewed-on: http://git.am.freescale.net:8181/17224
13---
14 crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
15 1 file changed, 17 insertions(+), 3 deletions(-)
16
17diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
18index 7588a28..e3eb98b 100644
19--- a/crypto/engine/eng_cryptodev.c
20+++ b/crypto/engine/eng_cryptodev.c
21@@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key,
22 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
23 void (*f)(void));
24 void ENGINE_load_cryptodev(void);
25+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
26+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
27
28 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
29 { 0, NULL, NULL, 0 }
30@@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids)
31 static int
32 cryptodev_usable_ciphers(const int **nids)
33 {
34- return (get_cryptodev_ciphers(nids));
35+ int i, count;
36+
37+ count = get_cryptodev_ciphers(nids);
38+ /* add ciphers specific to cryptodev if found in kernel */
39+ for(i = 0; i < count; i++) {
40+ switch (*(*nids + i)) {
41+ case NID_aes_128_cbc_hmac_sha1:
42+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
43+ break;
44+ case NID_aes_256_cbc_hmac_sha1:
45+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
46+ break;
47+ }
48+ }
49+ return count;
50 }
51
52 static int
53@@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void)
54 }
55 put_dev_crypto(fd);
56
57- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
58- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
59 if (!ENGINE_set_id(engine, "cryptodev") ||
60 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
61 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
62--
631.8.3.1
64
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
new file mode 100644
index 00000000..af30ad3d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch
@@ -0,0 +1,74 @@
1From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001
2From: Andy Polyakov <appro@openssl.org>
3Date: Sun, 21 Oct 2012 18:19:41 +0000
4Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize
5 KERNEL_BITS variable.
6
7(cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b)
8
9Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11---
12 config | 19 +++++++++++++------
13 crypto/ppccap.c | 7 +++++++
14 2 files changed, 20 insertions(+), 6 deletions(-)
15
16diff --git a/config b/config
17index 41fa2a6..f37b9e6 100755
18--- a/config
19+++ b/config
20@@ -587,13 +587,20 @@ case "$GUESSOS" in
21 fi
22 ;;
23 ppc64-*-linux2)
24- echo "WARNING! If you wish to build 64-bit library, then you have to"
25- echo " invoke './Configure linux-ppc64' *manually*."
26- if [ "$TEST" = "false" -a -t 1 ]; then
27- echo " You have about 5 seconds to press Ctrl-C to abort."
28- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
29+ if [ -z "$KERNEL_BITS" ]; then
30+ echo "WARNING! If you wish to build 64-bit library, then you have to"
31+ echo " invoke './Configure linux-ppc64' *manually*."
32+ if [ "$TEST" = "false" -a -t 1 ]; then
33+ echo " You have about 5 seconds to press Ctrl-C to abort."
34+ (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
35+ fi
36+ fi
37+ if [ "$KERNEL_BITS" = "64" ]; then
38+ OUT="linux-ppc64"
39+ else
40+ OUT="linux-ppc"
41+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
42 fi
43- OUT="linux-ppc"
44 ;;
45 ppc-*-linux2) OUT="linux-ppc" ;;
46 ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
47diff --git a/crypto/ppccap.c b/crypto/ppccap.c
48index f71ba66..531f1b3 100644
49--- a/crypto/ppccap.c
50+++ b/crypto/ppccap.c
51@@ -4,6 +4,9 @@
52 #include <setjmp.h>
53 #include <signal.h>
54 #include <unistd.h>
55+#ifdef __linux
56+#include <sys/utsname.h>
57+#endif
58 #include <crypto.h>
59 #include <openssl/bn.h>
60
61@@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void)
62
63 if (sizeof(size_t)==4)
64 {
65+#ifdef __linux
66+ struct utsname uts;
67+ if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0)
68+#endif
69 if (sigsetjmp(ill_jmp,1) == 0)
70 {
71 OPENSSL_ppc64_probe();
72--
731.8.3.1
74
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
new file mode 100644
index 00000000..cfcf4a66
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch
@@ -0,0 +1,318 @@
1From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 05:56:54 +0545
4Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++
11 1 file changed, 296 insertions(+)
12 create mode 100644 crypto/engine/eng_cryptodev_ec.h
13
14diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
15new file mode 100644
16index 0000000..77aee71
17--- /dev/null
18+++ b/crypto/engine/eng_cryptodev_ec.h
19@@ -0,0 +1,296 @@
20+/*
21+ * Copyright (C) 2012 Freescale Semiconductor, Inc.
22+ *
23+ * Redistribution and use in source and binary forms, with or without
24+ * modification, are permitted provided that the following conditions
25+ * are met:
26+ * 1. Redistributions of source code must retain the above copyright
27+ * notice, this list of conditions and the following disclaimer.
28+ * 2. Redistributions in binary form must reproduce the above copyright
29+ * notice, this list of conditions and the following disclaimer in the
30+ * documentation and/or other materials provided with the distribution.
31+ *
32+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
33+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
34+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
35+ * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
36+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
37+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
38+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
39+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
40+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
41+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42+ */
43+#ifndef __ENG_EC_H
44+#define __ENG_EC_H
45+
46+#define SPCF_CPARAM_INIT(X,...) \
47+static unsigned char X##_c[] = {__VA_ARGS__} \
48+
49+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
50+
51+#define SPCF_COPY_CPARAMS(NIDBUF) \
52+ do { \
53+ memcpy (buf, NIDBUF, buf_len); \
54+ } while (0)
55+
56+#define SPCF_CPARAM_CASE(X) \
57+ case NID_##X: \
58+ SPCF_COPY_CPARAMS(X##_c); \
59+ break
60+
61+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
62+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
63+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
64+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
65+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
66+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
67+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
68+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
69+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71+ 0x00, 0x00, 0x01);
72+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
73+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
74+ 0x1B, 0xE0, 0x52);
75+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
76+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
77+ 0x8B, 0xB4, 0x04);
78+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
79+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
80+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
81+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
82+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
83+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
84+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
85+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87+ 0x00, 0x01);
88+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
89+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
90+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
91+ 0x68, 0x6C);
92+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95+ 0x00, 0x01);
96+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
100+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
101+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
102+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
103+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
104+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
109+ 0x00, 0x00, 0x00, 0x01);
110+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
111+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
112+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
113+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
114+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
115+ 0x30, 0xAC, 0x63, 0xFB);
116+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
117+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
119+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
120+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
122+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
123+ 0x00, 0x00, 0x00, 0x01);
124+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
125+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
126+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
127+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
128+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
129+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
130+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
131+ 0x6F, 0xBC, 0x9A, 0x7A);
132+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
133+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
134+ 0xE7, 0xEA, 0x26, 0xEC);
135+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
136+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
137+ 0x50, 0x9D, 0x28, 0x13);
138+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
139+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
140+ 0xF6, 0x8E, 0x22, 0xC5);
141+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
142+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
143+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
144+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
145+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
146+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
147+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
148+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
149+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
150+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
151+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
152+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
153+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
154+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
155+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
156+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
157+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
158+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
159+ 0xB8, 0x4B, 0x93);
160+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
161+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
162+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
163+ 0xF7, 0xE6, 0x0A);
164+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
165+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
166+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
167+ 0xB6, 0xAC, 0xDA);
168+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
169+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
170+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
171+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
172+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
173+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
174+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
175+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
176+ 0x70, 0xC9);
177+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
178+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
179+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
180+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
181+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
182+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
183+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
184+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
185+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
186+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
187+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
188+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
189+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
190+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
191+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
192+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
193+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
194+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
195+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
196+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197+ 0x00, 0x00, 0x00, 0x00, 0x01);
198+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
199+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
200+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
201+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
202+ 0x81, 0xE7, 0xEA, 0x26, 0xEC);
203+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
204+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
205+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
206+ 0x00, 0x00, 0x00, 0x01);
207+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
208+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
209+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
210+ 0xC0, 0xF2, 0x68, 0x6C);
211+/* Oakley curve #3 over 155 bit binary filed */
212+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
213+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
214+ 0x1D);
215+/* Oakley curve #4 over 185 bit binary filed */
216+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
217+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
218+ 0x30, 0x00, 0x1C, 0x00, 0x09);
219+
220+static inline int
221+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
222+{
223+ int ret = 0;
224+ switch (nid) {
225+ SPCF_CPARAM_CASE(sect113r1);
226+ SPCF_CPARAM_CASE(sect113r2);
227+ SPCF_CPARAM_CASE(sect131r1);
228+ SPCF_CPARAM_CASE(sect131r2);
229+ SPCF_CPARAM_CASE(sect163k1);
230+ SPCF_CPARAM_CASE(sect163r1);
231+ SPCF_CPARAM_CASE(sect163r2);
232+ SPCF_CPARAM_CASE(sect193r1);
233+ SPCF_CPARAM_CASE(sect193r2);
234+ SPCF_CPARAM_CASE(sect233k1);
235+ SPCF_CPARAM_CASE(sect233r1);
236+ SPCF_CPARAM_CASE(sect239k1);
237+ SPCF_CPARAM_CASE(sect283k1);
238+ SPCF_CPARAM_CASE(sect283r1);
239+ SPCF_CPARAM_CASE(sect409k1);
240+ SPCF_CPARAM_CASE(sect409r1);
241+ SPCF_CPARAM_CASE(sect571k1);
242+ SPCF_CPARAM_CASE(sect571r1);
243+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
244+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
245+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
246+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
247+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
248+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
249+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
250+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
251+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
252+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
253+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
254+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
255+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
256+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
257+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
258+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
259+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
260+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
261+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
262+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
263+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
264+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
265+ /* Oakley curve #3 over 155 bit binary filed */
266+ SPCF_CPARAM_CASE(ipsec3);
267+ /* Oakley curve #4 over 185 bit binary filed */
268+ SPCF_CPARAM_CASE(ipsec4);
269+ default:
270+ ret = -EINVAL;
271+ break;
272+ }
273+ return ret;
274+}
275+
276+/* Copies the curve points to a flat buffer with appropriate padding */
277+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
278+ int xy_len, int crv_len)
279+{
280+ unsigned char *xy = NULL;
281+ int len1 = 0, len2 = 0;
282+
283+ len1 = BN_num_bytes(x);
284+ len2 = BN_num_bytes(y);
285+
286+ if (!(xy = malloc(xy_len))) {
287+ return NULL;
288+ }
289+
290+ memset(xy, 0, xy_len);
291+
292+ if (len1 < crv_len) {
293+ if (!BN_is_zero(x))
294+ BN_bn2bin(x, xy + (crv_len - len1));
295+ } else {
296+ BN_bn2bin(x, xy);
297+ }
298+
299+ if (len2 < crv_len) {
300+ if (!BN_is_zero(y))
301+ BN_bn2bin(y, xy+crv_len+(crv_len-len2));
302+ } else {
303+ BN_bn2bin(y, xy+crv_len);
304+ }
305+
306+ return xy;
307+}
308+
309+enum curve_t {
310+ DISCRETE_LOG,
311+ ECC_PRIME,
312+ ECC_BINARY,
313+ MAX_ECC_TYPE
314+};
315+#endif
316--
3171.8.3.1
318
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
new file mode 100644
index 00000000..41f48a2f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch
@@ -0,0 +1,33 @@
1From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 05:57:47 +0545
4Subject: [PATCH 06/17] Fixed private key support for DH
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 crypto/dh/dh_ameth.c | 7 +++++++
11 1 file changed, 7 insertions(+)
12
13diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
14index 02ec2d4..ed32004 100644
15--- a/crypto/dh/dh_ameth.c
16+++ b/crypto/dh/dh_ameth.c
17@@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
18 if (to->pkey.dh->g != NULL)
19 BN_free(to->pkey.dh->g);
20 to->pkey.dh->g=a;
21+ if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
22+ if (to->pkey.dh->q != NULL)
23+ BN_free(to->pkey.dh->q);
24+ to->pkey.dh->q=a;
25+ }
26+
27+ to->pkey.dh->length = from->pkey.dh->length;
28
29 return 1;
30 }
31--
321.8.3.1
33
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
new file mode 100644
index 00000000..f507fff7
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch
@@ -0,0 +1,35 @@
1From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 20 Mar 2014 19:55:51 -0500
4Subject: [PATCH 07/17] Fixed private key support for DH
5
6Upstream-status: Pending
7
8Required Length of the DH result is not returned in dh method in openssl
9
10Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com>
11---
12 crypto/dh/dh_ameth.c | 7 -------
13 1 file changed, 7 deletions(-)
14
15diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
16index ed32004..02ec2d4 100644
17--- a/crypto/dh/dh_ameth.c
18+++ b/crypto/dh/dh_ameth.c
19@@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
20 if (to->pkey.dh->g != NULL)
21 BN_free(to->pkey.dh->g);
22 to->pkey.dh->g=a;
23- if ((a=BN_dup(from->pkey.dh->q)) != NULL) {
24- if (to->pkey.dh->q != NULL)
25- BN_free(to->pkey.dh->q);
26- to->pkey.dh->q=a;
27- }
28-
29- to->pkey.dh->length = from->pkey.dh->length;
30
31 return 1;
32 }
33--
341.8.3.1
35
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
new file mode 100644
index 00000000..6903c88d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch
@@ -0,0 +1,1564 @@
1From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 06:29:52 +0545
4Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++-----
11 1 file changed, 1183 insertions(+), 160 deletions(-)
12
13diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
14index e3eb98b..7ee314b 100644
15--- a/crypto/engine/eng_cryptodev.c
16+++ b/crypto/engine/eng_cryptodev.c
17@@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void)
18 #else
19
20 #include <sys/types.h>
21-#include <crypto/cryptodev.h>
22 #include <crypto/dh/dh.h>
23 #include <crypto/dsa/dsa.h>
24 #include <crypto/err/err.h>
25 #include <crypto/rsa/rsa.h>
26+#include <crypto/ecdsa/ecs_locl.h>
27+#include <crypto/ecdh/ech_locl.h>
28+#include <crypto/ec/ec_lcl.h>
29+#include <crypto/ec/ec.h>
30 #include <sys/ioctl.h>
31 #include <errno.h>
32 #include <stdio.h>
33@@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void)
34 #include <syslog.h>
35 #include <errno.h>
36 #include <string.h>
37+#include "eng_cryptodev_ec.h"
38+#include <crypto/cryptodev.h>
39
40 struct dev_crypto_state {
41 struct session_op d_sess;
42@@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
43 static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
44 RSA *rsa, BN_CTX *ctx);
45 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
46-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
47- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
48-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
49- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
50- BN_CTX *ctx, BN_MONT_CTX *mont);
51 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
52 int dlen, DSA *dsa);
53 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
54 DSA_SIG *sig, DSA *dsa);
55-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
56- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
57- BN_MONT_CTX *m_ctx);
58 static int cryptodev_dh_compute_key(unsigned char *key,
59 const BIGNUM *pub_key, DH *dh);
60 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
61@@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void);
62 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
63 const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
64
65+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
66+{
67+ int len;
68+ unsigned char *p;
69+
70+ len = BN_num_bytes(bn);
71+
72+ if (!len)
73+ return -1;
74+
75+ p = malloc(len);
76+ if (!p)
77+ return -1;
78+
79+ BN_bn2bin(bn,p);
80+
81+ *bin = p;
82+ *bin_len = len;
83+
84+ return 0;
85+}
86+
87+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
88+{
89+ int len;
90+ unsigned char *p;
91+
92+ len = BN_num_bytes(bn);
93+
94+ if (!len)
95+ return -1;
96+
97+ if (len < *bin_len)
98+ p = malloc(*bin_len);
99+ else
100+ p = malloc(len);
101+
102+ if (!p)
103+ return -ENOMEM;
104+
105+ if (len < *bin_len) {
106+ /* place padding */
107+ memset(p, 0, (*bin_len - len));
108+ BN_bn2bin(bn,p+(*bin_len-len));
109+ } else {
110+ BN_bn2bin(bn,p);
111+ }
112+
113+ *bin = p;
114+ if (len >= *bin_len)
115+ *bin_len = len;
116+
117+ return 0;
118+}
119+
120+/**
121+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
122+ *Inputs:
123+ * q, the curve's modulus
124+ * b, the curve's b parameter
125+ * (a bignum for b, a buffer for c)
126+ * Output:
127+ * c, written into bin, right-adjusted to fill q_len bytes.
128+ */
129+static int
130+eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q,
131+ unsigned char **bin, int *bin_len)
132+{
133+ BIGNUM* c = BN_new();
134+ BIGNUM* exp = BN_new();
135+ BN_CTX *ctx = BN_CTX_new();
136+ int m = BN_num_bits(q) - 1;
137+ int ok = 0;
138+
139+ if (!c || !exp || !ctx || *bin)
140+ goto err;
141+
142+ /*
143+ * We have to compute c, where b = c^4, i.e., the fourth root of b.
144+ * The equation for c is c = b^(2^(m-2))
145+ * Compute exp = 2^(m-2)
146+ * (1 << x) == 2^x
147+ * and then compute c = b^exp
148+ */
149+ BN_lshift(exp, BN_value_one(), m-2);
150+ BN_GF2m_mod_exp(c, b, exp, q, ctx);
151+ /* Store c */
152+ spcf_bn2bin_ex(c, bin, bin_len);
153+ ok = 1;
154+err:
155+ if (ctx) BN_CTX_free(ctx);
156+ if (c) BN_free(c);
157+ if (exp) BN_free(exp);
158+ return ok;
159+}
160+
161 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
162 { 0, NULL, NULL, 0 }
163 };
164@@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
165 static int
166 bn2crparam(const BIGNUM *a, struct crparam *crp)
167 {
168- int i, j, k;
169 ssize_t bytes, bits;
170 u_char *b;
171
172@@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
173
174 crp->crp_p = (caddr_t) b;
175 crp->crp_nbits = bits;
176-
177- for (i = 0, j = 0; i < a->top; i++) {
178- for (k = 0; k < BN_BITS2 / 8; k++) {
179- if ((j + k) >= bytes)
180- return (0);
181- b[j + k] = a->d[i] >> (k * 8);
182- }
183- j += BN_BITS2 / 8;
184- }
185+ BN_bn2bin(a, crp->crp_p);
186 return (0);
187 }
188
189@@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
190 static int
191 crparam2bn(struct crparam *crp, BIGNUM *a)
192 {
193- u_int8_t *pd;
194- int i, bytes;
195+ int bytes;
196
197 bytes = (crp->crp_nbits + 7) / 8;
198
199 if (bytes == 0)
200 return (-1);
201
202- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
203- return (-1);
204-
205- for (i = 0; i < bytes; i++)
206- pd[i] = crp->crp_p[bytes - i - 1];
207-
208- BN_bin2bn(pd, bytes, a);
209- free(pd);
210+ BN_bin2bn(crp->crp_p, bytes, a);
211
212 return (0);
213 }
214@@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
215 return (ret);
216 }
217
218+/* Close an opened instance of cryptodev engine */
219+void cryptodev_close_instance(void *handle)
220+{
221+ int fd;
222+
223+ if (handle) {
224+ fd = *(int *)handle;
225+ close(fd);
226+ free(handle);
227+ }
228+}
229+
230+/* Create an instance of cryptodev for asynchronous interface */
231+void *cryptodev_init_instance(void)
232+{
233+ int *fd = malloc(sizeof(int));
234+
235+ if (fd) {
236+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
237+ free(fd);
238+ return NULL;
239+ }
240+ }
241+ return fd;
242+}
243+
244 static int
245 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
246 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
247@@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
248 return (ret);
249 }
250
251- memset(&kop, 0, sizeof kop);
252 kop.crk_op = CRK_MOD_EXP;
253-
254+ kop.crk_oparams = 0;
255+ kop.crk_status = 0;
256 /* inputs: a^p % m */
257 if (bn2crparam(a, &kop.crk_param[0]))
258 goto err;
259@@ -1293,28 +1395,38 @@ static int
260 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
261 {
262 struct crypt_kop kop;
263- int ret = 1;
264+ int ret = 1, f_len, p_len, q_len;
265+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
266
267 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
268 /* XXX 0 means failure?? */
269 return (0);
270 }
271
272- memset(&kop, 0, sizeof kop);
273+ kop.crk_oparams = 0;
274+ kop.crk_status = 0;
275 kop.crk_op = CRK_MOD_EXP_CRT;
276+ f_len = BN_num_bytes(rsa->n);
277+ spcf_bn2bin_ex(I, &f, &f_len);
278+ spcf_bn2bin(rsa->p, &p, &p_len);
279+ spcf_bn2bin(rsa->q, &q, &q_len);
280+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
281+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
282+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
283 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
284- if (bn2crparam(rsa->p, &kop.crk_param[0]))
285- goto err;
286- if (bn2crparam(rsa->q, &kop.crk_param[1]))
287- goto err;
288- if (bn2crparam(I, &kop.crk_param[2]))
289- goto err;
290- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
291- goto err;
292- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
293- goto err;
294- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
295- goto err;
296+ kop.crk_param[0].crp_p = p;
297+ kop.crk_param[0].crp_nbits = p_len * 8;
298+ kop.crk_param[1].crp_p = q;
299+ kop.crk_param[1].crp_nbits = q_len * 8;
300+ kop.crk_param[2].crp_p = f;
301+ kop.crk_param[2].crp_nbits = f_len * 8;
302+ kop.crk_param[3].crp_p = dp;
303+ kop.crk_param[3].crp_nbits = p_len * 8;
304+ /* dq must of length q, rest all of length p*/
305+ kop.crk_param[4].crp_p = dq;
306+ kop.crk_param[4].crp_nbits = q_len * 8;
307+ kop.crk_param[5].crp_p = c;
308+ kop.crk_param[5].crp_nbits = p_len * 8;
309 kop.crk_iparams = 6;
310
311 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
312@@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = {
313 NULL /* rsa_verify */
314 };
315
316-static int
317-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
318- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
319-{
320- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
321-}
322-
323-static int
324-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
325- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
326- BN_CTX *ctx, BN_MONT_CTX *mont)
327+static DSA_SIG *
328+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
329 {
330- BIGNUM t2;
331- int ret = 0;
332-
333- BN_init(&t2);
334-
335- /* v = ( g^u1 * y^u2 mod p ) mod q */
336- /* let t1 = g ^ u1 mod p */
337- ret = 0;
338+ struct crypt_kop kop;
339+ BIGNUM *c = NULL, *d = NULL;
340+ DSA_SIG *dsaret = NULL;
341+ int q_len = 0, r_len = 0, g_len = 0;
342+ int priv_key_len = 0, ret;
343+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
344
345- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
346+ memset(&kop, 0, sizeof kop);
347+ if ((c = BN_new()) == NULL) {
348+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
349 goto err;
350+ }
351
352- /* let t2 = y ^ u2 mod p */
353- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
354+ if ((d = BN_new()) == NULL) {
355+ BN_free(c);
356+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
357 goto err;
358- /* let u1 = t1 * t2 mod p */
359- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
360+ }
361+
362+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
363+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
364 goto err;
365+ }
366
367- BN_copy(t1,u1);
368+ /* Get order of the field of private keys into plain buffer */
369+ if (spcf_bn2bin (dsa->q, &r, &r_len)) {
370+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
371+ goto err;
372+ }
373
374- ret = 1;
375-err:
376- BN_free(&t2);
377- return(ret);
378-}
379+ /* sanity test */
380+ if (dlen > r_len) {
381+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
382+ goto err;
383+ }
384
385-static DSA_SIG *
386-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
387-{
388- struct crypt_kop kop;
389- BIGNUM *r = NULL, *s = NULL;
390- DSA_SIG *dsaret = NULL;
391+ g_len = q_len;
392+ /**
393+ * Get generator into a plain buffer. If length is less than
394+ * q_len then add leading padding bytes.
395+ */
396+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
397+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
398+ goto err;
399+ }
400
401- if ((r = BN_new()) == NULL)
402+ priv_key_len = r_len;
403+ /**
404+ * Get private key into a plain buffer. If length is less than
405+ * r_len then add leading padding bytes.
406+ */
407+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
408+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
409 goto err;
410- if ((s = BN_new()) == NULL) {
411- BN_free(r);
412+ }
413+
414+ /* Allocate memory to store hash. */
415+ f = OPENSSL_malloc (r_len);
416+ if (!f) {
417+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
418 goto err;
419 }
420
421- memset(&kop, 0, sizeof kop);
422+ /* Add padding, since SEC expects hash to of size r_len */
423+ if (dlen < r_len)
424+ memset(f, 0, r_len - dlen);
425+
426+ /* Skip leading bytes if dgst_len < r_len */
427+ memcpy(f + r_len - dlen, dgst, dlen);
428+
429 kop.crk_op = CRK_DSA_SIGN;
430
431 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
432- kop.crk_param[0].crp_p = (caddr_t)dgst;
433- kop.crk_param[0].crp_nbits = dlen * 8;
434- if (bn2crparam(dsa->p, &kop.crk_param[1]))
435- goto err;
436- if (bn2crparam(dsa->q, &kop.crk_param[2]))
437- goto err;
438- if (bn2crparam(dsa->g, &kop.crk_param[3]))
439- goto err;
440- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
441- goto err;
442+ kop.crk_param[0].crp_p = (void*)f;
443+ kop.crk_param[0].crp_nbits = r_len * 8;
444+ kop.crk_param[1].crp_p = (void*)q;
445+ kop.crk_param[1].crp_nbits = q_len * 8;
446+ kop.crk_param[2].crp_p = (void*)r;
447+ kop.crk_param[2].crp_nbits = r_len * 8;
448+ kop.crk_param[3].crp_p = (void*)g;
449+ kop.crk_param[3].crp_nbits = g_len * 8;
450+ kop.crk_param[4].crp_p = (void*)priv_key;
451+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
452 kop.crk_iparams = 5;
453
454- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
455- BN_num_bytes(dsa->q), s) == 0) {
456- dsaret = DSA_SIG_new();
457- dsaret->r = r;
458- dsaret->s = s;
459- } else {
460- const DSA_METHOD *meth = DSA_OpenSSL();
461- BN_free(r);
462- BN_free(s);
463- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
464+ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
465+
466+ if (ret) {
467+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
468+ goto err;
469 }
470-err:
471- kop.crk_param[0].crp_p = NULL;
472+
473+ dsaret = DSA_SIG_new();
474+ dsaret->r = c;
475+ dsaret->s = d;
476+
477 zapparams(&kop);
478 return (dsaret);
479+err:
480+ {
481+ const DSA_METHOD *meth = DSA_OpenSSL();
482+ if (c)
483+ BN_free(c);
484+ if (d)
485+ BN_free(d);
486+ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
487+ return (dsaret);
488+ }
489 }
490
491 static int
492@@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
493 DSA_SIG *sig, DSA *dsa)
494 {
495 struct crypt_kop kop;
496- int dsaret = 1;
497+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
498+ int w_len = 0 ,c_len = 0, d_len = 0, ret = -1;
499+ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL;
500+ unsigned char * c = NULL, * d = NULL, *f = NULL;
501
502 memset(&kop, 0, sizeof kop);
503 kop.crk_op = CRK_DSA_VERIFY;
504
505- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
506- kop.crk_param[0].crp_p = (caddr_t)dgst;
507- kop.crk_param[0].crp_nbits = dlen * 8;
508- if (bn2crparam(dsa->p, &kop.crk_param[1]))
509+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
510+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
511+ return ret;
512+ }
513+
514+ /* Get Order of field of private keys */
515+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
516+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
517 goto err;
518- if (bn2crparam(dsa->q, &kop.crk_param[2]))
519+ }
520+
521+ g_len = q_len;
522+ /**
523+ * Get generator into a plain buffer. If length is less than
524+ * q_len then add leading padding bytes.
525+ */
526+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
527+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
528 goto err;
529- if (bn2crparam(dsa->g, &kop.crk_param[3]))
530+ }
531+ w_len = q_len;
532+ /**
533+ * Get public key into a plain buffer. If length is less than
534+ * q_len then add leading padding bytes.
535+ */
536+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
537+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
538+ goto err;
539+ }
540+ /**
541+ * Get the 1st part of signature into a flat buffer with
542+ * appropriate padding
543+ */
544+ c_len = r_len;
545+
546+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
547+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
548 goto err;
549- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
550+ }
551+
552+ /**
553+ * Get the 2nd part of signature into a flat buffer with
554+ * appropriate padding
555+ */
556+ d_len = r_len;
557+
558+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
559+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
560 goto err;
561- if (bn2crparam(sig->r, &kop.crk_param[5]))
562+ }
563+
564+
565+ /* Sanity test */
566+ if (dlen > r_len) {
567+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
568 goto err;
569- if (bn2crparam(sig->s, &kop.crk_param[6]))
570+ }
571+
572+ /* Allocate memory to store hash. */
573+ f = OPENSSL_malloc (r_len);
574+ if (!f) {
575+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
576 goto err;
577+ }
578+
579+ /* Add padding, since SEC expects hash to of size r_len */
580+ if (dlen < r_len)
581+ memset(f, 0, r_len - dlen);
582+
583+ /* Skip leading bytes if dgst_len < r_len */
584+ memcpy(f + r_len - dlen, dgst, dlen);
585+
586+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
587+ kop.crk_param[0].crp_p = (void*)f;
588+ kop.crk_param[0].crp_nbits = r_len * 8;
589+ kop.crk_param[1].crp_p = q;
590+ kop.crk_param[1].crp_nbits = q_len * 8;
591+ kop.crk_param[2].crp_p = r;
592+ kop.crk_param[2].crp_nbits = r_len * 8;
593+ kop.crk_param[3].crp_p = g;
594+ kop.crk_param[3].crp_nbits = g_len * 8;
595+ kop.crk_param[4].crp_p = w;
596+ kop.crk_param[4].crp_nbits = w_len * 8;
597+ kop.crk_param[5].crp_p = c;
598+ kop.crk_param[5].crp_nbits = c_len * 8;
599+ kop.crk_param[6].crp_p = d;
600+ kop.crk_param[6].crp_nbits = d_len * 8;
601 kop.crk_iparams = 7;
602
603- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
604-/*OCF success value is 0, if not zero, change dsaret to fail*/
605- if(0 != kop.crk_status) dsaret = 0;
606- } else {
607- const DSA_METHOD *meth = DSA_OpenSSL();
608+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
609+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
610+ goto err;
611+ }
612
613- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
614+ /*OCF success value is 0, if not zero, change dsaret to fail*/
615+ if(0 != kop.crk_status) {
616+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
617+ goto err;
618 }
619-err:
620- kop.crk_param[0].crp_p = NULL;
621+
622 zapparams(&kop);
623 return (dsaret);
624+err:
625+ {
626+ const DSA_METHOD *meth = DSA_OpenSSL();
627+
628+ dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
629+ }
630+ return dsaret;
631 }
632
633+/* Cryptodev DSA Key Gen routine */
634+static int cryptodev_dsa_keygen(DSA *dsa)
635+{
636+ struct crypt_kop kop;
637+ int ret = 1, g_len;
638+ unsigned char *g = NULL;
639+
640+ if (dsa->priv_key == NULL) {
641+ if ((dsa->priv_key=BN_new()) == NULL)
642+ goto sw_try;
643+ }
644+
645+ if (dsa->pub_key == NULL) {
646+ if ((dsa->pub_key=BN_new()) == NULL)
647+ goto sw_try;
648+ }
649+
650+ g_len = BN_num_bytes(dsa->p);
651+ /**
652+ * Get generator into a plain buffer. If length is less than
653+ * p_len then add leading padding bytes.
654+ */
655+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
656+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
657+ goto sw_try;
658+ }
659+
660+ memset(&kop, 0, sizeof kop);
661+
662+ kop.crk_op = CRK_DSA_GENERATE_KEY;
663+ if (bn2crparam(dsa->p, &kop.crk_param[0]))
664+ goto sw_try;
665+ if (bn2crparam(dsa->q, &kop.crk_param[1]))
666+ goto sw_try;
667+ kop.crk_param[2].crp_p = g;
668+ kop.crk_param[2].crp_nbits = g_len * 8;
669+ kop.crk_iparams = 3;
670+
671+ /* pub_key is or prime length while priv key is of length of order */
672+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
673+ BN_num_bytes(dsa->q), dsa->priv_key))
674+ goto sw_try;
675+
676+ return ret;
677+sw_try:
678+ {
679+ const DSA_METHOD *meth = DSA_OpenSSL();
680+ ret = (meth->dsa_keygen)(dsa);
681+ }
682+ return ret;
683+}
684+
685+
686+
687 static DSA_METHOD cryptodev_dsa = {
688 "cryptodev DSA method",
689 NULL,
690@@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = {
691 NULL /* app_data */
692 };
693
694-static int
695-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
696- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
697- BN_MONT_CTX *m_ctx)
698+static ECDSA_METHOD cryptodev_ecdsa = {
699+ "cryptodev ECDSA method",
700+ NULL,
701+ NULL, /* ecdsa_sign_setup */
702+ NULL,
703+ NULL,
704+ 0, /* flags */
705+ NULL /* app_data */
706+};
707+
708+typedef enum ec_curve_s
709+{
710+ EC_PRIME,
711+ EC_BINARY
712+} ec_curve_t;
713+
714+/* ENGINE handler for ECDSA Sign */
715+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
716+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
717 {
718- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
719+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
720+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
721+ BN_CTX *ctx = NULL;
722+ ECDSA_SIG *ret = NULL;
723+ ECDSA_DATA *ecdsa = NULL;
724+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
725+ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
726+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
727+ int g_len = 0, d_len = 0, ab_len = 0;
728+ const BIGNUM *order = NULL, *priv_key=NULL;
729+ const EC_GROUP *group = NULL;
730+ struct crypt_kop kop;
731+ ec_curve_t ec_crv = EC_PRIME;
732+
733+ memset(&kop, 0, sizeof(kop));
734+ ecdsa = ecdsa_check(eckey);
735+ if (!ecdsa) {
736+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
737+ return NULL;
738+ }
739+
740+ group = EC_KEY_get0_group(eckey);
741+ priv_key = EC_KEY_get0_private_key(eckey);
742+
743+ if (!group || !priv_key) {
744+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
745+ return NULL;
746+ }
747+
748+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
749+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
750+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
751+ (y = BN_new()) == NULL) {
752+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
753+ goto err;
754+ }
755+
756+ order = &group->order;
757+ if (!order || BN_is_zero(order)) {
758+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
759+ goto err;
760+ }
761+
762+ i = BN_num_bits(order);
763+ /* Need to truncate digest if it is too long: first truncate whole
764+ bytes */
765+ if (8 * dgst_len > i)
766+ dgst_len = (i + 7)/8;
767+
768+ if (!BN_bin2bn(dgst, dgst_len, m)) {
769+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
770+ goto err;
771+ }
772+
773+ /* If still too long truncate remaining bits with a shift */
774+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
775+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
776+ goto err;
777+ }
778+
779+ /* copy the truncated bits into plain buffer */
780+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
781+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
782+ goto err;
783+ }
784+
785+ ret = ECDSA_SIG_new();
786+ if (!ret) {
787+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
788+ goto err;
789+ }
790+
791+ /* check if this is prime or binary EC request */
792+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
793+ ec_crv = EC_PRIME;
794+ /* get the generator point pair */
795+ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
796+ x, y,ctx)) {
797+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
798+ goto err;
799+ }
800+
801+ /* get the ECC curve parameters */
802+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
803+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
804+ goto err;
805+ }
806+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
807+ ec_crv = EC_BINARY;
808+ /* get the ECC curve parameters */
809+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
810+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
811+ goto err;
812+ }
813+
814+ /* get the generator point pair */
815+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
816+ EC_GROUP_get0_generator(group), x, y,ctx)) {
817+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
818+ goto err;
819+ }
820+ } else {
821+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
822+ goto err;
823+ }
824+
825+ if (spcf_bn2bin(order, &r, &r_len)) {
826+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
827+ goto err;
828+ }
829+
830+ if (spcf_bn2bin(p, &q, &q_len)) {
831+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
832+ goto err;
833+ }
834+
835+ priv_key_len = r_len;
836+
837+ /**
838+ * If BN_num_bytes of priv_key returns less then r_len then
839+ * add padding bytes before the key
840+ */
841+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
842+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
843+ goto err;
844+ }
845+
846+ /* Generation of ECC curve parameters */
847+ ab_len = 2*q_len;
848+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
849+ if (!ab) {
850+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
851+ goto err;
852+ }
853+
854+ if (ec_crv == EC_BINARY) {
855+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
856+ {
857+ unsigned char *c_temp = NULL;
858+ int c_temp_len = q_len;
859+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
860+ memcpy(ab+q_len, c_temp, q_len);
861+ else
862+ goto err;
863+ }
864+ kop.curve_type = ECC_BINARY;
865+ }
866+
867+ /* Calculation of Generator point */
868+ g_len = 2*q_len;
869+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
870+ if (!g_xy) {
871+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
872+ goto err;
873+ }
874+
875+ /* Memory allocation for first part of digital signature */
876+ c = malloc(r_len);
877+ if (!c) {
878+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
879+ goto err;
880+ }
881+
882+ d_len = r_len;
883+
884+ /* Memory allocation for second part of digital signature */
885+ d = malloc(d_len);
886+ if (!d) {
887+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
888+ goto err;
889+ }
890+
891+ /* memory for message representative */
892+ f = malloc(r_len);
893+ if (!f) {
894+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
895+ goto err;
896+ }
897+
898+ /* Add padding, since SEC expects hash to of size r_len */
899+ memset(f, 0, r_len - dgst_len);
900+
901+ /* Skip leading bytes if dgst_len < r_len */
902+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
903+
904+ dgst_len += r_len - dgst_len;
905+ kop.crk_op = CRK_DSA_SIGN;
906+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
907+ kop.crk_param[0].crp_p = f;
908+ kop.crk_param[0].crp_nbits = dgst_len * 8;
909+ kop.crk_param[1].crp_p = q;
910+ kop.crk_param[1].crp_nbits = q_len * 8;
911+ kop.crk_param[2].crp_p = r;
912+ kop.crk_param[2].crp_nbits = r_len * 8;
913+ kop.crk_param[3].crp_p = g_xy;
914+ kop.crk_param[3].crp_nbits = g_len * 8;
915+ kop.crk_param[4].crp_p = s;
916+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
917+ kop.crk_param[5].crp_p = ab;
918+ kop.crk_param[5].crp_nbits = ab_len * 8;
919+ kop.crk_iparams = 6;
920+ kop.crk_param[6].crp_p = c;
921+ kop.crk_param[6].crp_nbits = d_len * 8;
922+ kop.crk_param[7].crp_p = d;
923+ kop.crk_param[7].crp_nbits = d_len * 8;
924+ kop.crk_oparams = 2;
925+
926+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
927+ /* Check if ret->r and s needs to allocated */
928+ crparam2bn(&kop.crk_param[6], ret->r);
929+ crparam2bn(&kop.crk_param[7], ret->s);
930+ } else {
931+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
932+ ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
933+ }
934+ kop.crk_param[0].crp_p = NULL;
935+ zapparams(&kop);
936+err:
937+ if (!ret) {
938+ ECDSA_SIG_free(ret);
939+ ret = NULL;
940+ }
941+ return ret;
942+}
943+
944+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
945+ ECDSA_SIG *sig, EC_KEY *eckey)
946+{
947+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
948+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
949+ BN_CTX *ctx = NULL;
950+ ECDSA_DATA *ecdsa = NULL;
951+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
952+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
953+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
954+ int d_len = 0, ab_len = 0, ret = -1;
955+ const EC_POINT *pub_key = NULL;
956+ const BIGNUM *order = NULL;
957+ const EC_GROUP *group=NULL;
958+ ec_curve_t ec_crv = EC_PRIME;
959+ struct crypt_kop kop;
960+
961+ memset(&kop, 0, sizeof kop);
962+ ecdsa = ecdsa_check(eckey);
963+ if (!ecdsa) {
964+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
965+ return ret;
966+ }
967+
968+ group = EC_KEY_get0_group(eckey);
969+ pub_key = EC_KEY_get0_public_key(eckey);
970+
971+ if (!group || !pub_key) {
972+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
973+ return ret;
974+ }
975+
976+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
977+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
978+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
979+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
980+ (w_y = BN_new()) == NULL) {
981+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
982+ goto err;
983+ }
984+
985+ order = &group->order;
986+ if (!order || BN_is_zero(order)) {
987+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
988+ goto err;
989+ }
990+
991+ i = BN_num_bits(order);
992+ /* Need to truncate digest if it is too long: first truncate whole
993+ * bytes */
994+ if (8 * dgst_len > i)
995+ dgst_len = (i + 7)/8;
996+
997+ if (!BN_bin2bn(dgst, dgst_len, m)) {
998+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
999+ goto err;
1000+ }
1001+
1002+ /* If still too long truncate remaining bits with a shift */
1003+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
1004+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1005+ goto err;
1006+ }
1007+ /* copy the truncated bits into plain buffer */
1008+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
1009+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1010+ goto err;
1011+ }
1012+
1013+ /* check if this is prime or binary EC request */
1014+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
1015+ ec_crv = EC_PRIME;
1016+
1017+ /* get the generator point pair */
1018+ if (!EC_POINT_get_affine_coordinates_GFp (group,
1019+ EC_GROUP_get0_generator(group), x, y,ctx)) {
1020+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1021+ goto err;
1022+ }
1023+
1024+ /* get the public key pair for prime curve */
1025+ if (!EC_POINT_get_affine_coordinates_GFp (group,
1026+ pub_key, w_x, w_y,ctx)) {
1027+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1028+ goto err;
1029+ }
1030+
1031+ /* get the ECC curve parameters */
1032+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1033+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1034+ goto err;
1035+ }
1036+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
1037+ ec_crv = EC_BINARY;
1038+ /* get the ECC curve parameters */
1039+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
1040+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1041+ goto err;
1042+ }
1043+
1044+ /* get the generator point pair */
1045+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1046+ EC_GROUP_get0_generator(group),x, y,ctx)) {
1047+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1048+ goto err;
1049+ }
1050+
1051+ /* get the public key pair for binary curve */
1052+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1053+ pub_key, w_x, w_y,ctx)) {
1054+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1055+ goto err;
1056+ }
1057+ }else {
1058+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1059+ goto err;
1060+ }
1061+
1062+ /* Get the order of the subgroup of private keys */
1063+ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
1064+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1065+ goto err;
1066+ }
1067+
1068+ /* Get the irreducible polynomial that creates the field */
1069+ if (spcf_bn2bin(p, &q, &q_len)) {
1070+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1071+ goto err;
1072+ }
1073+
1074+ /* Get the public key into a flat buffer with appropriate padding */
1075+ pub_key_len = 2 * q_len;
1076+
1077+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
1078+ if (!w_xy) {
1079+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1080+ goto err;
1081+ }
1082+
1083+ /* Generation of ECC curve parameters */
1084+ ab_len = 2*q_len;
1085+
1086+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
1087+ if (!ab) {
1088+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1089+ goto err;
1090+ }
1091+
1092+ if (ec_crv == EC_BINARY) {
1093+ /* copy b' i.e c(b), instead of only b */
1094+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
1095+ {
1096+ unsigned char *c_temp = NULL;
1097+ int c_temp_len = q_len;
1098+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1099+ memcpy(ab+q_len, c_temp, q_len);
1100+ else
1101+ goto err;
1102+ }
1103+ kop.curve_type = ECC_BINARY;
1104+ }
1105+
1106+ /* Calculation of Generator point */
1107+ g_len = 2 * q_len;
1108+
1109+ g_xy = eng_copy_curve_points (x, y, g_len, q_len);
1110+ if (!g_xy) {
1111+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1112+ goto err;
1113+ }
1114+
1115+ /**
1116+ * Get the 1st part of signature into a flat buffer with
1117+ * appropriate padding
1118+ */
1119+ if (BN_num_bytes(sig->r) < r_len)
1120+ c_len = r_len;
1121+
1122+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
1123+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1124+ goto err;
1125+ }
1126+
1127+ /**
1128+ * Get the 2nd part of signature into a flat buffer with
1129+ * appropriate padding
1130+ */
1131+ if (BN_num_bytes(sig->s) < r_len)
1132+ d_len = r_len;
1133+
1134+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
1135+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1136+ goto err;
1137+ }
1138+
1139+ /* memory for message representative */
1140+ f = malloc(r_len);
1141+ if (!f) {
1142+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1143+ goto err;
1144+ }
1145+
1146+ /* Add padding, since SEC expects hash to of size r_len */
1147+ memset(f, 0, r_len-dgst_len);
1148+
1149+ /* Skip leading bytes if dgst_len < r_len */
1150+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
1151+ dgst_len += r_len-dgst_len;
1152+ kop.crk_op = CRK_DSA_VERIFY;
1153+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1154+ kop.crk_param[0].crp_p = f;
1155+ kop.crk_param[0].crp_nbits = dgst_len * 8;
1156+ kop.crk_param[1].crp_p = q;
1157+ kop.crk_param[1].crp_nbits = q_len * 8;
1158+ kop.crk_param[2].crp_p = r;
1159+ kop.crk_param[2].crp_nbits = r_len * 8;
1160+ kop.crk_param[3].crp_p = g_xy;
1161+ kop.crk_param[3].crp_nbits = g_len * 8;
1162+ kop.crk_param[4].crp_p = w_xy;
1163+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
1164+ kop.crk_param[5].crp_p = ab;
1165+ kop.crk_param[5].crp_nbits = ab_len * 8;
1166+ kop.crk_param[6].crp_p = c;
1167+ kop.crk_param[6].crp_nbits = d_len * 8;
1168+ kop.crk_param[7].crp_p = d;
1169+ kop.crk_param[7].crp_nbits = d_len * 8;
1170+ kop.crk_iparams = 8;
1171+
1172+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1173+ /*OCF success value is 0, if not zero, change ret to fail*/
1174+ if(0 == kop.crk_status)
1175+ ret = 1;
1176+ } else {
1177+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1178+
1179+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
1180+ }
1181+ kop.crk_param[0].crp_p = NULL;
1182+ zapparams(&kop);
1183+
1184+err:
1185+ return ret;
1186+}
1187+
1188+static int cryptodev_dh_keygen(DH *dh)
1189+{
1190+ struct crypt_kop kop;
1191+ int ret = 1, g_len;
1192+ unsigned char *g = NULL;
1193+
1194+ if (dh->priv_key == NULL) {
1195+ if ((dh->priv_key=BN_new()) == NULL)
1196+ goto sw_try;
1197+ }
1198+
1199+ if (dh->pub_key == NULL) {
1200+ if ((dh->pub_key=BN_new()) == NULL)
1201+ goto sw_try;
1202+ }
1203+
1204+ g_len = BN_num_bytes(dh->p);
1205+ /**
1206+ * Get generator into a plain buffer. If length is less than
1207+ * q_len then add leading padding bytes.
1208+ */
1209+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
1210+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
1211+ goto sw_try;
1212+ }
1213+
1214+ memset(&kop, 0, sizeof kop);
1215+ kop.crk_op = CRK_DH_GENERATE_KEY;
1216+ if (bn2crparam(dh->p, &kop.crk_param[0]))
1217+ goto sw_try;
1218+ if (bn2crparam(dh->q, &kop.crk_param[1]))
1219+ goto sw_try;
1220+ kop.crk_param[2].crp_p = g;
1221+ kop.crk_param[2].crp_nbits = g_len * 8;
1222+ kop.crk_iparams = 3;
1223+
1224+ /* pub_key is or prime length while priv key is of length of order */
1225+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
1226+ BN_num_bytes(dh->q), dh->priv_key))
1227+ goto sw_try;
1228+
1229+ return ret;
1230+sw_try:
1231+ {
1232+ const DH_METHOD *meth = DH_OpenSSL();
1233+ ret = (meth->generate_key)(dh);
1234+ }
1235+ return ret;
1236 }
1237
1238 static int
1239@@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1240 {
1241 struct crypt_kop kop;
1242 int dhret = 1;
1243- int fd, keylen;
1244+ int fd, p_len;
1245+ BIGNUM *temp = NULL;
1246+ unsigned char *padded_pub_key = NULL, *p = NULL;
1247+
1248+ if ((fd = get_asym_dev_crypto()) < 0)
1249+ goto sw_try;
1250+
1251+ memset(&kop, 0, sizeof kop);
1252+ kop.crk_op = CRK_DH_COMPUTE_KEY;
1253+ /* inputs: dh->priv_key pub_key dh->p key */
1254+ spcf_bn2bin(dh->p, &p, &p_len);
1255+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
1256+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1257+ goto sw_try;
1258+
1259+ kop.crk_param[1].crp_p = padded_pub_key;
1260+ kop.crk_param[1].crp_nbits = p_len * 8;
1261+ kop.crk_param[2].crp_p = p;
1262+ kop.crk_param[2].crp_nbits = p_len * 8;
1263+ kop.crk_iparams = 3;
1264+ kop.crk_param[3].crp_p = (void*) key;
1265+ kop.crk_param[3].crp_nbits = p_len * 8;
1266+ kop.crk_oparams = 1;
1267+ dhret = p_len;
1268+
1269+ if (ioctl(fd, CIOCKEY, &kop))
1270+ goto sw_try;
1271
1272- if ((fd = get_asym_dev_crypto()) < 0) {
1273+ if ((temp = BN_new())) {
1274+ if (!BN_bin2bn(key, p_len, temp)) {
1275+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
1276+ goto sw_try;
1277+ }
1278+ if (dhret > BN_num_bytes(temp))
1279+ dhret=BN_bn2bin(temp,key);
1280+ BN_free(temp);
1281+ }
1282+
1283+ kop.crk_param[3].crp_p = NULL;
1284+ zapparams(&kop);
1285+ return (dhret);
1286+sw_try:
1287+ {
1288 const DH_METHOD *meth = DH_OpenSSL();
1289
1290- return ((meth->compute_key)(key, pub_key, dh));
1291+ dhret = (meth->compute_key)(key, pub_key, dh);
1292 }
1293+ return (dhret);
1294+}
1295
1296- keylen = BN_num_bits(dh->p);
1297+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
1298+ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
1299+ void *out, size_t *outlen))
1300+{
1301+ ec_curve_t ec_crv = EC_PRIME;
1302+ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
1303+ BIGNUM * w_x = NULL, *w_y = NULL;
1304+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
1305+ BIGNUM * p = NULL, *a = NULL, *b = NULL;
1306+ BN_CTX *ctx;
1307+ EC_POINT *tmp=NULL;
1308+ BIGNUM *x=NULL, *y=NULL;
1309+ const BIGNUM *priv_key;
1310+ const EC_GROUP* group = NULL;
1311+ int ret = -1;
1312+ size_t buflen, len;
1313+ struct crypt_kop kop;
1314
1315 memset(&kop, 0, sizeof kop);
1316- kop.crk_op = CRK_DH_COMPUTE_KEY;
1317
1318- /* inputs: dh->priv_key pub_key dh->p key */
1319- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1320+ if ((ctx = BN_CTX_new()) == NULL) goto err;
1321+ BN_CTX_start(ctx);
1322+ x = BN_CTX_get(ctx);
1323+ y = BN_CTX_get(ctx);
1324+ p = BN_CTX_get(ctx);
1325+ a = BN_CTX_get(ctx);
1326+ b = BN_CTX_get(ctx);
1327+ w_x = BN_CTX_get(ctx);
1328+ w_y = BN_CTX_get(ctx);
1329+
1330+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
1331+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
1332 goto err;
1333- if (bn2crparam(pub_key, &kop.crk_param[1]))
1334+ }
1335+
1336+ priv_key = EC_KEY_get0_private_key(ecdh);
1337+ if (priv_key == NULL) {
1338+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
1339 goto err;
1340- if (bn2crparam(dh->p, &kop.crk_param[2]))
1341+ }
1342+
1343+ group = EC_KEY_get0_group(ecdh);
1344+ if ((tmp=EC_POINT_new(group)) == NULL) {
1345+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
1346 goto err;
1347- kop.crk_iparams = 3;
1348+ }
1349
1350- kop.crk_param[3].crp_p = (caddr_t) key;
1351- kop.crk_param[3].crp_nbits = keylen * 8;
1352- kop.crk_oparams = 1;
1353+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1354+ NID_X9_62_prime_field) {
1355+ ec_crv = EC_PRIME;
1356
1357- if (ioctl(fd, CIOCKEY, &kop) == -1) {
1358- const DH_METHOD *meth = DH_OpenSSL();
1359+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1360+ EC_GROUP_get0_generator(group), x, y, ctx)) {
1361+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
1362+ goto err;
1363+ }
1364
1365- dhret = (meth->compute_key)(key, pub_key, dh);
1366+ /* get the ECC curve parameters */
1367+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1368+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1369+ goto err;
1370+ }
1371+
1372+ /* get the public key pair for prime curve */
1373+ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
1374+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1375+ goto err;
1376+ }
1377+ } else {
1378+ ec_crv = EC_BINARY;
1379+
1380+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1381+ EC_GROUP_get0_generator(group), x, y, ctx)) {
1382+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
1383+ goto err;
1384+ }
1385+
1386+ /* get the ECC curve parameters */
1387+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
1388+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1389+ goto err;
1390+ }
1391+
1392+ /* get the public key pair for binary curve */
1393+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1394+ pub_key, w_x, w_y,ctx)) {
1395+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1396+ goto err;
1397+ }
1398+ }
1399+
1400+ /* irreducible polynomial that creates the field */
1401+ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
1402+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1403+ goto err;
1404+ }
1405+
1406+ /* Get the irreducible polynomial that creates the field */
1407+ if (spcf_bn2bin(p, &q, &q_len)) {
1408+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1409+ goto err;
1410 }
1411+
1412+ /* Get the public key into a flat buffer with appropriate padding */
1413+ pub_key_len = 2 * q_len;
1414+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
1415+ if (!w_xy) {
1416+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1417+ goto err;
1418+ }
1419+
1420+ /* Generation of ECC curve parameters */
1421+ ab_len = 2*q_len;
1422+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
1423+ if (!ab) {
1424+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1425+ goto err;
1426+ }
1427+
1428+ if (ec_crv == EC_BINARY) {
1429+ /* copy b' i.e c(b), instead of only b */
1430+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
1431+ {
1432+ unsigned char *c_temp = NULL;
1433+ int c_temp_len = q_len;
1434+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1435+ memcpy(ab+q_len, c_temp, q_len);
1436+ else
1437+ goto err;
1438+ }
1439+ kop.curve_type = ECC_BINARY;
1440+ } else
1441+ kop.curve_type = ECC_PRIME;
1442+
1443+ priv_key_len = r_len;
1444+
1445+ /*
1446+ * If BN_num_bytes of priv_key returns less then r_len then
1447+ * add padding bytes before the key
1448+ */
1449+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
1450+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1451+ goto err;
1452+ }
1453+
1454+ buflen = (EC_GROUP_get_degree(group) + 7)/8;
1455+ len = BN_num_bytes(x);
1456+ if (len > buflen || q_len < buflen) {
1457+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
1458+ goto err;
1459+ }
1460+
1461+ kop.crk_op = CRK_DH_COMPUTE_KEY;
1462+ kop.crk_param[0].crp_p = (void*) s;
1463+ kop.crk_param[0].crp_nbits = priv_key_len*8;
1464+ kop.crk_param[1].crp_p = (void*) w_xy;
1465+ kop.crk_param[1].crp_nbits = pub_key_len*8;
1466+ kop.crk_param[2].crp_p = (void*) q;
1467+ kop.crk_param[2].crp_nbits = q_len*8;
1468+ kop.crk_param[3].crp_p = (void*) ab;
1469+ kop.crk_param[3].crp_nbits = ab_len*8;
1470+ kop.crk_iparams = 4;
1471+ kop.crk_param[4].crp_p = (void*) out;
1472+ kop.crk_param[4].crp_nbits = q_len*8;
1473+ kop.crk_oparams = 1;
1474+ ret = q_len;
1475+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
1476+ const ECDH_METHOD *meth = ECDH_OpenSSL();
1477+ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
1478+ } else
1479+ ret = q_len;
1480 err:
1481- kop.crk_param[3].crp_p = NULL;
1482+ kop.crk_param[4].crp_p = NULL;
1483 zapparams(&kop);
1484- return (dhret);
1485+ return ret;
1486 }
1487
1488+
1489 static DH_METHOD cryptodev_dh = {
1490 "cryptodev DH method",
1491 NULL, /* cryptodev_dh_generate_key */
1492@@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = {
1493 NULL /* app_data */
1494 };
1495
1496+static ECDH_METHOD cryptodev_ecdh = {
1497+ "cryptodev ECDH method",
1498+ NULL, /* cryptodev_ecdh_compute_key */
1499+ NULL,
1500+ 0, /* flags */
1501+ NULL /* app_data */
1502+};
1503+
1504 /*
1505 * ctrl right now is just a wrapper that doesn't do much
1506 * but I expect we'll want some options soon.
1507@@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void)
1508 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1509 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1510 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1511- if (cryptodev_asymfeat & CRF_MOD_EXP) {
1512- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1513- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1514- }
1515 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1516 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1517+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
1518+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
1519 }
1520
1521 if (ENGINE_set_DH(engine, &cryptodev_dh)){
1522 const DH_METHOD *dh_meth = DH_OpenSSL();
1523+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
1524+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1525+ cryptodev_dh.compute_key =
1526+ cryptodev_dh_compute_key;
1527+ }
1528+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
1529+ cryptodev_dh.generate_key =
1530+ cryptodev_dh_keygen;
1531+ }
1532+ }
1533
1534- cryptodev_dh.generate_key = dh_meth->generate_key;
1535- cryptodev_dh.compute_key = dh_meth->compute_key;
1536- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1537- if (cryptodev_asymfeat & CRF_MOD_EXP) {
1538- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1539- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1540- cryptodev_dh.compute_key =
1541- cryptodev_dh_compute_key;
1542+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
1543+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1544+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
1545+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
1546+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
1547+ }
1548+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
1549+ cryptodev_ecdsa.ecdsa_do_verify =
1550+ cryptodev_ecdsa_verify;
1551+ }
1552+ }
1553+
1554+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
1555+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
1556+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
1557+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1558+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
1559 }
1560 }
1561
1562--
15631.8.3.1
1564
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
new file mode 100644
index 00000000..6a69c324
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch
@@ -0,0 +1,28 @@
1From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 06:42:59 +0545
4Subject: [PATCH 09/17] Added hwrng dev file as source of RNG
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 e_os.h | 2 +-
11 1 file changed, 1 insertion(+), 1 deletion(-)
12
13diff --git a/e_os.h b/e_os.h
14index 6a0aad1..57c0563 100644
15--- a/e_os.h
16+++ b/e_os.h
17@@ -79,7 +79,7 @@ extern "C" {
18 #ifndef DEVRANDOM
19 /* set this to a comma-separated list of 'random' device files to try out.
20 * My default, we will try to read at least one of these files */
21-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
22+#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
23 #endif
24 #ifndef DEVRANDOM_EGD
25 /* set this to a comma-seperated list of 'egd' sockets to try out. These
26--
271.8.3.1
28
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
new file mode 100644
index 00000000..b7702d10
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
@@ -0,0 +1,2039 @@
1From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 07:14:30 +0545
4Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev
5 interface
6
7Upstream-status: Pending
8
9Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
10---
11 crypto/crypto.h | 16 +
12 crypto/dh/dh.h | 4 +-
13 crypto/dsa/dsa.h | 5 +
14 crypto/ecdh/ech_locl.h | 3 +
15 crypto/ecdsa/ecs_locl.h | 5 +
16 crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++----
17 crypto/engine/eng_int.h | 24 +-
18 crypto/engine/eng_lib.c | 46 ++
19 crypto/engine/engine.h | 24 +
20 crypto/rsa/rsa.h | 23 +
21 10 files changed, 1582 insertions(+), 146 deletions(-)
22
23diff --git a/crypto/crypto.h b/crypto/crypto.h
24index f92fc51..ce12731 100644
25--- a/crypto/crypto.h
26+++ b/crypto/crypto.h
27@@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void);
28 #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
29 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
30
31+/* Additions for Asynchronous PKC Infrastructure */
32+struct pkc_cookie_s {
33+ void *cookie; /* To be filled by openssl library primitive method function caller */
34+ void *eng_cookie; /* To be filled by Engine */
35+ /*
36+ * Callback handler to be provided by caller. Ensure to pass a
37+ * handler which takes the crypto operation to completion.
38+ * cookie: Container cookie from library
39+ * status: Status of the crypto Job completion.
40+ * 0: Job handled without any issue
41+ * -EINVAL: Parameters Invalid
42+ */
43+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
44+ void *eng_handle;
45+};
46+
47 #ifdef __cplusplus
48 }
49 #endif
50diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
51index ea59e61..20ffad2 100644
52--- a/crypto/dh/dh.h
53+++ b/crypto/dh/dh.h
54@@ -118,7 +118,9 @@ struct dh_method
55 int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
56 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
57 BN_MONT_CTX *m_ctx); /* Can be null */
58-
59+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
60+ struct pkc_cookie_s *cookie);
61+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
62 int (*init)(DH *dh);
63 int (*finish)(DH *dh);
64 int flags;
65diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
66index a6f6d0b..b04a029 100644
67--- a/crypto/dsa/dsa.h
68+++ b/crypto/dsa/dsa.h
69@@ -140,6 +140,10 @@ struct dsa_method
70 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
71 const BIGNUM *m, BN_CTX *ctx,
72 BN_MONT_CTX *m_ctx); /* Can be null */
73+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
74+ DSA_SIG *sig, struct pkc_cookie_s *cookie);
75+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
76+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
77 int (*init)(DSA *dsa);
78 int (*finish)(DSA *dsa);
79 int flags;
80@@ -151,6 +155,7 @@ struct dsa_method
81 BN_GENCB *cb);
82 /* If this is non-NULL, it is used to generate DSA keys */
83 int (*dsa_keygen)(DSA *dsa);
84+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
85 };
86
87 struct dsa_st
88diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
89index f6cad6a..adce6b3 100644
90--- a/crypto/ecdh/ech_locl.h
91+++ b/crypto/ecdh/ech_locl.h
92@@ -67,6 +67,9 @@ struct ecdh_method
93 const char *name;
94 int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
95 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
96+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
97+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
98+ struct pkc_cookie_s *cookie);
99 #if 0
100 int (*init)(EC_KEY *eckey);
101 int (*finish)(EC_KEY *eckey);
102diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
103index cb3be13..eb0ebe0 100644
104--- a/crypto/ecdsa/ecs_locl.h
105+++ b/crypto/ecdsa/ecs_locl.h
106@@ -74,6 +74,11 @@ struct ecdsa_method
107 BIGNUM **r);
108 int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
109 const ECDSA_SIG *sig, EC_KEY *eckey);
110+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
111+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
112+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
113+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
114+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
115 #if 0
116 int (*init)(EC_KEY *eckey);
117 int (*finish)(EC_KEY *eckey);
118diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
119index 7ee314b..9f2416e 100644
120--- a/crypto/engine/eng_cryptodev.c
121+++ b/crypto/engine/eng_cryptodev.c
122@@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop)
123 }
124 }
125
126+/* Any PKC request has at max 2 output parameters and they are stored here to
127+be used while copying in the check availability */
128+struct cryptodev_cookie_s {
129+ BIGNUM *r;
130+ struct crparam r_param;
131+ BIGNUM *s;
132+ struct crparam s_param;
133+ struct crypt_kop *kop;
134+};
135+
136+static int
137+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
138+ BIGNUM *s)
139+{
140+ int fd;
141+ struct pkc_cookie_s *cookie = kop->cookie;
142+ struct cryptodev_cookie_s *eng_cookie;
143+
144+ fd = *(int *)cookie->eng_handle;
145+
146+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
147+
148+ if (eng_cookie) {
149+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
150+ if (r) {
151+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
152+ if (!kop->crk_param[kop->crk_iparams].crp_p)
153+ return -ENOMEM;
154+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
155+ kop->crk_oparams++;
156+ eng_cookie->r = r;
157+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
158+ }
159+ if (s) {
160+ kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
161+ if (!kop->crk_param[kop->crk_iparams+1].crp_p)
162+ return -ENOMEM;
163+ kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
164+ kop->crk_oparams++;
165+ eng_cookie->s = s;
166+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
167+ }
168+ } else
169+ return -ENOMEM;
170+
171+ eng_cookie->kop = kop;
172+ cookie->eng_cookie = eng_cookie;
173+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
174+}
175+
176 static int
177 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
178 {
179@@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void)
180 return fd;
181 }
182
183+#include <poll.h>
184+
185+/* Return 0 on success and 1 on failure */
186+int cryptodev_check_availability(void *eng_handle)
187+{
188+ int fd = *(int *)eng_handle;
189+ struct pkc_cookie_list_s cookie_list;
190+ struct pkc_cookie_s *cookie;
191+ int i;
192+
193+ /* FETCH COOKIE returns number of cookies extracted */
194+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
195+ return 1;
196+
197+ for (i = 0; i < cookie_list.cookie_available; i++) {
198+ cookie = cookie_list.cookie[i];
199+ if (cookie) {
200+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
201+ if (eng_cookie) {
202+ struct crypt_kop *kop = eng_cookie->kop;
203+
204+ if (eng_cookie->r)
205+ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
206+ if (eng_cookie->s)
207+ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
208+ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
209+ kop->crk_oparams = 0;
210+
211+ zapparams(eng_cookie->kop);
212+ free(eng_cookie->kop);
213+ free (eng_cookie);
214+ }
215+ cookie->pkc_callback(cookie, cookie_list.status[i]);
216+ }
217+ }
218+ return 0;
219+}
220+
221 static int
222 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
223 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
224@@ -1382,6 +1470,63 @@ err:
225 }
226
227 static int
228+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
229+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie)
230+{
231+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
232+ int ret = 1;
233+
234+ /* Currently, we know we can do mod exp iff we can do any
235+ * asymmetric operations at all.
236+ */
237+ if (cryptodev_asymfeat == 0 || !kop) {
238+ ret = BN_mod_exp(r, a, p, m, ctx);
239+ return (ret);
240+ }
241+
242+ kop->crk_oparams = 0;
243+ kop->crk_status = 0;
244+ kop->crk_op = CRK_MOD_EXP;
245+ kop->cookie = cookie;
246+ /* inputs: a^p % m */
247+ if (bn2crparam(a, &kop->crk_param[0]))
248+ goto err;
249+ if (bn2crparam(p, &kop->crk_param[1]))
250+ goto err;
251+ if (bn2crparam(m, &kop->crk_param[2]))
252+ goto err;
253+
254+ kop->crk_iparams = 3;
255+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
256+ goto err;
257+
258+ return ret;
259+err:
260+ {
261+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
262+
263+ if (kop)
264+ free(kop);
265+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
266+ if (ret)
267+ /* Call the completion handler immediately */
268+ cookie->pkc_callback(cookie, 0);
269+ }
270+ return ret;
271+}
272+
273+static int
274+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
275+ RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie)
276+{
277+ int r;
278+ ctx = BN_CTX_new();
279+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
280+ BN_CTX_free(ctx);
281+ return r;
282+}
283+
284+static int
285 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
286 {
287 int r;
288@@ -1446,6 +1591,62 @@ err:
289 return (ret);
290 }
291
292+static int
293+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx,
294+ struct pkc_cookie_s *cookie)
295+{
296+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
297+ int ret = 1, f_len, p_len, q_len;
298+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL;
299+
300+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
301+ return (0);
302+ }
303+
304+ kop->crk_oparams = 0;
305+ kop->crk_status = 0;
306+ kop->crk_op = CRK_MOD_EXP_CRT;
307+ f_len = BN_num_bytes(rsa->n);
308+ spcf_bn2bin_ex(I, &f, &f_len);
309+ spcf_bn2bin(rsa->p, &p, &p_len);
310+ spcf_bn2bin(rsa->q, &q, &q_len);
311+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
312+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
313+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
314+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
315+ kop->crk_param[0].crp_p = p;
316+ kop->crk_param[0].crp_nbits = p_len * 8;
317+ kop->crk_param[1].crp_p = q;
318+ kop->crk_param[1].crp_nbits = q_len * 8;
319+ kop->crk_param[2].crp_p = f;
320+ kop->crk_param[2].crp_nbits = f_len * 8;
321+ kop->crk_param[3].crp_p = dp;
322+ kop->crk_param[3].crp_nbits = p_len * 8;
323+ /* dq must of length q, rest all of length p*/
324+ kop->crk_param[4].crp_p = dq;
325+ kop->crk_param[4].crp_nbits = q_len * 8;
326+ kop->crk_param[5].crp_p = c;
327+ kop->crk_param[5].crp_nbits = p_len * 8;
328+ kop->crk_iparams = 6;
329+ kop->cookie = cookie;
330+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
331+ goto err;
332+
333+ return ret;
334+err:
335+ {
336+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
337+
338+ if (kop)
339+ free(kop);
340+ ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
341+ if (ret)
342+ /* Call user completion handler immediately */
343+ cookie->pkc_callback(cookie, 0);
344+ }
345+ return (ret);
346+}
347+
348 static RSA_METHOD cryptodev_rsa = {
349 "cryptodev RSA method",
350 NULL, /* rsa_pub_enc */
351@@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = {
352 NULL, /* rsa_priv_dec */
353 NULL,
354 NULL,
355+ NULL, /* rsa_pub_enc */
356+ NULL, /* rsa_pub_dec */
357+ NULL, /* rsa_priv_enc */
358+ NULL, /* rsa_priv_dec */
359+ NULL,
360+ NULL,
361 NULL, /* init */
362 NULL, /* finish */
363 0, /* flags */
364@@ -1751,126 +1958,424 @@ sw_try:
365 return ret;
366 }
367
368+/* Cryptodev DSA Key Gen routine */
369+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
370+{
371+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
372+ int ret = 1, g_len;
373+ unsigned char *g = NULL;
374
375+ if (!kop)
376+ goto sw_try;
377
378-static DSA_METHOD cryptodev_dsa = {
379- "cryptodev DSA method",
380- NULL,
381- NULL, /* dsa_sign_setup */
382- NULL,
383- NULL, /* dsa_mod_exp */
384- NULL,
385- NULL, /* init */
386- NULL, /* finish */
387- 0, /* flags */
388- NULL /* app_data */
389-};
390+ if (dsa->priv_key == NULL) {
391+ if ((dsa->priv_key=BN_new()) == NULL)
392+ goto sw_try;
393+ }
394
395-static ECDSA_METHOD cryptodev_ecdsa = {
396- "cryptodev ECDSA method",
397- NULL,
398- NULL, /* ecdsa_sign_setup */
399- NULL,
400- NULL,
401- 0, /* flags */
402- NULL /* app_data */
403-};
404+ if (dsa->pub_key == NULL) {
405+ if ((dsa->pub_key=BN_new()) == NULL)
406+ goto sw_try;
407+ }
408
409-typedef enum ec_curve_s
410-{
411- EC_PRIME,
412- EC_BINARY
413-} ec_curve_t;
414+ g_len = BN_num_bytes(dsa->p);
415+ /**
416+ * Get generator into a plain buffer. If length is less than
417+ * q_len then add leading padding bytes.
418+ */
419+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
420+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
421+ goto sw_try;
422+ }
423
424-/* ENGINE handler for ECDSA Sign */
425-static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
426- int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
427-{
428- BIGNUM *m = NULL, *p = NULL, *a = NULL;
429- BIGNUM *b = NULL, *x = NULL, *y = NULL;
430- BN_CTX *ctx = NULL;
431- ECDSA_SIG *ret = NULL;
432- ECDSA_DATA *ecdsa = NULL;
433- unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
434- unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
435- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
436- int g_len = 0, d_len = 0, ab_len = 0;
437- const BIGNUM *order = NULL, *priv_key=NULL;
438- const EC_GROUP *group = NULL;
439- struct crypt_kop kop;
440- ec_curve_t ec_crv = EC_PRIME;
441+ memset(kop, 0, sizeof(struct crypt_kop));
442+ kop->crk_op = CRK_DSA_GENERATE_KEY;
443+ if (bn2crparam(dsa->p, &kop->crk_param[0]))
444+ goto sw_try;
445+ if (bn2crparam(dsa->q, &kop->crk_param[1]))
446+ goto sw_try;
447+ kop->crk_param[2].crp_p = g;
448+ kop->crk_param[2].crp_nbits = g_len * 8;
449+ kop->crk_iparams = 3;
450+ kop->cookie = cookie;
451
452- memset(&kop, 0, sizeof(kop));
453- ecdsa = ecdsa_check(eckey);
454- if (!ecdsa) {
455- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
456- return NULL;
457+ /* pub_key is or prime length while priv key is of length of order */
458+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
459+ BN_num_bytes(dsa->q), dsa->priv_key))
460+ goto sw_try;
461+
462+ return ret;
463+sw_try:
464+ {
465+ const DSA_METHOD *meth = DSA_OpenSSL();
466+
467+ if (kop)
468+ free(kop);
469+ ret = (meth->dsa_keygen)(dsa);
470+ cookie->pkc_callback(cookie, 0);
471 }
472+ return ret;
473+}
474
475- group = EC_KEY_get0_group(eckey);
476- priv_key = EC_KEY_get0_private_key(eckey);
477+static int
478+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
479+ DSA_SIG *sig, struct pkc_cookie_s *cookie)
480+{
481+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
482+ DSA_SIG *dsaret = NULL;
483+ int q_len = 0, r_len = 0, g_len = 0;
484+ int priv_key_len = 0, ret = 1;
485+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL;
486
487- if (!group || !priv_key) {
488- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
489- return NULL;
490+ if (((sig->r = BN_new()) == NULL) || !kop) {
491+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
492+ goto err;
493 }
494
495- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
496- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
497- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
498- (y = BN_new()) == NULL) {
499- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
500+ if ((sig->s = BN_new()) == NULL) {
501+ BN_free(sig->r);
502+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
503 goto err;
504 }
505
506- order = &group->order;
507- if (!order || BN_is_zero(order)) {
508- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
509+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
510+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
511 goto err;
512 }
513
514- i = BN_num_bits(order);
515- /* Need to truncate digest if it is too long: first truncate whole
516- bytes */
517- if (8 * dgst_len > i)
518- dgst_len = (i + 7)/8;
519+ /* Get order of the field of private keys into plain buffer */
520+ if (spcf_bn2bin (dsa->q, &r, &r_len)) {
521+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
522+ goto err;
523+ }
524
525- if (!BN_bin2bn(dgst, dgst_len, m)) {
526- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
527+ /* sanity test */
528+ if (dlen > r_len) {
529+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
530 goto err;
531 }
532
533- /* If still too long truncate remaining bits with a shift */
534- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
535- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
536+ g_len = q_len;
537+ /**
538+ * Get generator into a plain buffer. If length is less than
539+ * q_len then add leading padding bytes.
540+ */
541+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
542+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
543 goto err;
544 }
545
546- /* copy the truncated bits into plain buffer */
547- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
548- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
549+ priv_key_len = r_len;
550+ /**
551+ * Get private key into a plain buffer. If length is less than
552+ * r_len then add leading padding bytes.
553+ */
554+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
555+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
556 goto err;
557 }
558
559- ret = ECDSA_SIG_new();
560- if (!ret) {
561- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
562+ /* Allocate memory to store hash. */
563+ f = OPENSSL_malloc (r_len);
564+ if (!f) {
565+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
566 goto err;
567 }
568
569- /* check if this is prime or binary EC request */
570- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
571- ec_crv = EC_PRIME;
572- /* get the generator point pair */
573- if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
574- x, y,ctx)) {
575- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
576- goto err;
577- }
578+ /* Add padding, since SEC expects hash to of size r_len */
579+ if (dlen < r_len)
580+ memset(f, 0, r_len - dlen);
581
582- /* get the ECC curve parameters */
583- if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
584- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
585+ /* Skip leading bytes if dgst_len < r_len */
586+ memcpy(f + r_len - dlen, dgst, dlen);
587+
588+ dlen = r_len;
589+
590+ memset(kop, 0, sizeof( struct crypt_kop));
591+ kop->crk_op = CRK_DSA_SIGN;
592+
593+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
594+ kop->crk_param[0].crp_p = (void*)f;
595+ kop->crk_param[0].crp_nbits = dlen * 8;
596+ kop->crk_param[1].crp_p = (void*)q;
597+ kop->crk_param[1].crp_nbits = q_len * 8;
598+ kop->crk_param[2].crp_p = (void*)r;
599+ kop->crk_param[2].crp_nbits = r_len * 8;
600+ kop->crk_param[3].crp_p = (void*)g;
601+ kop->crk_param[3].crp_nbits = g_len * 8;
602+ kop->crk_param[4].crp_p = (void*)priv_key;
603+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
604+ kop->crk_iparams = 5;
605+ kop->cookie = cookie;
606+
607+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
608+ goto err;
609+
610+ return ret;
611+err:
612+ {
613+ const DSA_METHOD *meth = DSA_OpenSSL();
614+
615+ if (kop)
616+ free(kop);
617+ BN_free(sig->r);
618+ BN_free(sig->s);
619+ dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
620+ sig->r = dsaret->r;
621+ sig->s = dsaret->s;
622+ /* Call user callback immediately */
623+ cookie->pkc_callback(cookie, 0);
624+ ret = dsaret;
625+ }
626+ return ret;
627+}
628+
629+static int
630+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
631+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie)
632+{
633+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
634+ int q_len = 0, r_len = 0, g_len = 0;
635+ int w_len = 0 ,c_len = 0, d_len = 0, ret = 1;
636+ unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL;
637+ unsigned char *c = NULL, * d = NULL, *f = NULL;
638+
639+ if (!kop)
640+ goto err;
641+
642+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
643+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
644+ return ret;
645+ }
646+
647+ /* Get Order of field of private keys */
648+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
649+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
650+ goto err;
651+ }
652+
653+ g_len = q_len;
654+ /**
655+ * Get generator into a plain buffer. If length is less than
656+ * q_len then add leading padding bytes.
657+ */
658+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
659+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
660+ goto err;
661+ }
662+ w_len = q_len;
663+ /**
664+ * Get public key into a plain buffer. If length is less than
665+ * q_len then add leading padding bytes.
666+ */
667+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
668+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
669+ goto err;
670+ }
671+ /**
672+ * Get the 1st part of signature into a flat buffer with
673+ * appropriate padding
674+ */
675+ c_len = r_len;
676+
677+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
678+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
679+ goto err;
680+ }
681+
682+ /**
683+ * Get the 2nd part of signature into a flat buffer with
684+ * appropriate padding
685+ */
686+ d_len = r_len;
687+
688+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
689+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
690+ goto err;
691+ }
692+
693+
694+ /* Sanity test */
695+ if (dlen > r_len) {
696+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
697+ goto err;
698+ }
699+
700+ /* Allocate memory to store hash. */
701+ f = OPENSSL_malloc (r_len);
702+ if (!f) {
703+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
704+ goto err;
705+ }
706+
707+ /* Add padding, since SEC expects hash to of size r_len */
708+ if (dlen < r_len)
709+ memset(f, 0, r_len - dlen);
710+
711+ /* Skip leading bytes if dgst_len < r_len */
712+ memcpy(f + r_len - dlen, dgst, dlen);
713+
714+ dlen = r_len;
715+ memset(kop, 0, sizeof(struct crypt_kop));
716+
717+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
718+ kop->crk_param[0].crp_p = (void*)f;
719+ kop->crk_param[0].crp_nbits = dlen * 8;
720+ kop->crk_param[1].crp_p = q;
721+ kop->crk_param[1].crp_nbits = q_len * 8;
722+ kop->crk_param[2].crp_p = r;
723+ kop->crk_param[2].crp_nbits = r_len * 8;
724+ kop->crk_param[3].crp_p = g;
725+ kop->crk_param[3].crp_nbits = g_len * 8;
726+ kop->crk_param[4].crp_p = w;
727+ kop->crk_param[4].crp_nbits = w_len * 8;
728+ kop->crk_param[5].crp_p = c;
729+ kop->crk_param[5].crp_nbits = c_len * 8;
730+ kop->crk_param[6].crp_p = d;
731+ kop->crk_param[6].crp_nbits = d_len * 8;
732+ kop->crk_iparams = 7;
733+ kop->crk_op = CRK_DSA_VERIFY;
734+ kop->cookie = cookie;
735+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
736+ goto err;
737+
738+ return ret;
739+err:
740+ {
741+ const DSA_METHOD *meth = DSA_OpenSSL();
742+
743+ if (kop)
744+ free(kop);
745+
746+ ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
747+ cookie->pkc_callback(cookie, 0);
748+ }
749+ return ret;
750+}
751+
752+static DSA_METHOD cryptodev_dsa = {
753+ "cryptodev DSA method",
754+ NULL,
755+ NULL, /* dsa_sign_setup */
756+ NULL,
757+ NULL, /* dsa_mod_exp */
758+ NULL,
759+ NULL,
760+ NULL,
761+ NULL,
762+ NULL, /* init */
763+ NULL, /* finish */
764+ 0, /* flags */
765+ NULL /* app_data */
766+};
767+
768+static ECDSA_METHOD cryptodev_ecdsa = {
769+ "cryptodev ECDSA method",
770+ NULL,
771+ NULL, /* ecdsa_sign_setup */
772+ NULL,
773+ NULL,
774+ NULL,
775+ NULL,
776+ 0, /* flags */
777+ NULL /* app_data */
778+};
779+
780+typedef enum ec_curve_s
781+{
782+ EC_PRIME,
783+ EC_BINARY
784+} ec_curve_t;
785+
786+/* ENGINE handler for ECDSA Sign */
787+static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
788+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
789+{
790+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
791+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
792+ BN_CTX *ctx = NULL;
793+ ECDSA_SIG *ret = NULL;
794+ ECDSA_DATA *ecdsa = NULL;
795+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
796+ unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
797+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
798+ int g_len = 0, d_len = 0, ab_len = 0;
799+ const BIGNUM *order = NULL, *priv_key=NULL;
800+ const EC_GROUP *group = NULL;
801+ struct crypt_kop kop;
802+ ec_curve_t ec_crv = EC_PRIME;
803+
804+ memset(&kop, 0, sizeof(kop));
805+ ecdsa = ecdsa_check(eckey);
806+ if (!ecdsa) {
807+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
808+ return NULL;
809+ }
810+
811+ group = EC_KEY_get0_group(eckey);
812+ priv_key = EC_KEY_get0_private_key(eckey);
813+
814+ if (!group || !priv_key) {
815+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
816+ return NULL;
817+ }
818+
819+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
820+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
821+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
822+ (y = BN_new()) == NULL) {
823+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
824+ goto err;
825+ }
826+
827+ order = &group->order;
828+ if (!order || BN_is_zero(order)) {
829+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
830+ goto err;
831+ }
832+
833+ i = BN_num_bits(order);
834+ /* Need to truncate digest if it is too long: first truncate whole
835+ bytes */
836+ if (8 * dgst_len > i)
837+ dgst_len = (i + 7)/8;
838+
839+ if (!BN_bin2bn(dgst, dgst_len, m)) {
840+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
841+ goto err;
842+ }
843+
844+ /* If still too long truncate remaining bits with a shift */
845+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
846+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
847+ goto err;
848+ }
849+
850+ /* copy the truncated bits into plain buffer */
851+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
852+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
853+ goto err;
854+ }
855+
856+ ret = ECDSA_SIG_new();
857+ if (!ret) {
858+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
859+ goto err;
860+ }
861+
862+ /* check if this is prime or binary EC request */
863+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
864+ ec_crv = EC_PRIME;
865+ /* get the generator point pair */
866+ if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group),
867+ x, y,ctx)) {
868+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
869+ goto err;
870+ }
871+
872+ /* get the ECC curve parameters */
873+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
874+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
875 goto err;
876 }
877 } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
878@@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
879 }
880
881 /**
882- * Get the 2nd part of signature into a flat buffer with
883- * appropriate padding
884+ * Get the 2nd part of signature into a flat buffer with
885+ * appropriate padding
886+ */
887+ if (BN_num_bytes(sig->s) < r_len)
888+ d_len = r_len;
889+
890+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
891+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
892+ goto err;
893+ }
894+
895+ /* memory for message representative */
896+ f = malloc(r_len);
897+ if (!f) {
898+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
899+ goto err;
900+ }
901+
902+ /* Add padding, since SEC expects hash to of size r_len */
903+ memset(f, 0, r_len-dgst_len);
904+
905+ /* Skip leading bytes if dgst_len < r_len */
906+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
907+ dgst_len += r_len-dgst_len;
908+ kop.crk_op = CRK_DSA_VERIFY;
909+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
910+ kop.crk_param[0].crp_p = f;
911+ kop.crk_param[0].crp_nbits = dgst_len * 8;
912+ kop.crk_param[1].crp_p = q;
913+ kop.crk_param[1].crp_nbits = q_len * 8;
914+ kop.crk_param[2].crp_p = r;
915+ kop.crk_param[2].crp_nbits = r_len * 8;
916+ kop.crk_param[3].crp_p = g_xy;
917+ kop.crk_param[3].crp_nbits = g_len * 8;
918+ kop.crk_param[4].crp_p = w_xy;
919+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
920+ kop.crk_param[5].crp_p = ab;
921+ kop.crk_param[5].crp_nbits = ab_len * 8;
922+ kop.crk_param[6].crp_p = c;
923+ kop.crk_param[6].crp_nbits = d_len * 8;
924+ kop.crk_param[7].crp_p = d;
925+ kop.crk_param[7].crp_nbits = d_len * 8;
926+ kop.crk_iparams = 8;
927+
928+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
929+ /*OCF success value is 0, if not zero, change ret to fail*/
930+ if(0 == kop.crk_status)
931+ ret = 1;
932+ } else {
933+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
934+
935+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
936+ }
937+ kop.crk_param[0].crp_p = NULL;
938+ zapparams(&kop);
939+
940+err:
941+ return ret;
942+}
943+
944+static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
945+ int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey,
946+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie)
947+{
948+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
949+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
950+ BN_CTX *ctx = NULL;
951+ ECDSA_SIG *sig_ret = NULL;
952+ ECDSA_DATA *ecdsa = NULL;
953+ unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
954+ unsigned char * s = NULL, *f = NULL, *tmp_dgst = NULL;
955+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
956+ int g_len = 0, ab_len = 0, ret = 1;
957+ const BIGNUM *order = NULL, *priv_key=NULL;
958+ const EC_GROUP *group = NULL;
959+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
960+ ec_curve_t ec_crv = EC_PRIME;
961+
962+ if (!(sig->r = BN_new()) || !kop)
963+ goto err;
964+ if ((sig->s = BN_new()) == NULL) {
965+ BN_free(r);
966+ goto err;
967+ }
968+
969+ memset(kop, 0, sizeof(struct crypt_kop));
970+ ecdsa = ecdsa_check(eckey);
971+ if (!ecdsa) {
972+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
973+ goto err;
974+ }
975+
976+ group = EC_KEY_get0_group(eckey);
977+ priv_key = EC_KEY_get0_private_key(eckey);
978+
979+ if (!group || !priv_key) {
980+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
981+ goto err;
982+ }
983+
984+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
985+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
986+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
987+ (y = BN_new()) == NULL) {
988+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
989+ goto err;
990+ }
991+
992+ order = &group->order;
993+ if (!order || BN_is_zero(order)) {
994+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
995+ goto err;
996+ }
997+
998+ i = BN_num_bits(order);
999+ /* Need to truncate digest if it is too long: first truncate whole
1000+ bytes */
1001+ if (8 * dgst_len > i)
1002+ dgst_len = (i + 7)/8;
1003+
1004+ if (!BN_bin2bn(dgst, dgst_len, m)) {
1005+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
1006+ goto err;
1007+ }
1008+
1009+ /* If still too long truncate remaining bits with a shift */
1010+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
1011+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
1012+ goto err;
1013+ }
1014+
1015+ /* copy the truncated bits into plain buffer */
1016+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
1017+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__);
1018+ goto err;
1019+ }
1020+
1021+ /* check if this is prime or binary EC request */
1022+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
1023+ == NID_X9_62_prime_field) {
1024+ ec_crv = EC_PRIME;
1025+ /* get the generator point pair */
1026+ if (!EC_POINT_get_affine_coordinates_GFp (group,
1027+ EC_GROUP_get0_generator(group), x, y,ctx)) {
1028+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1029+ goto err;
1030+ }
1031+
1032+ /* get the ECC curve parameters */
1033+ if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) {
1034+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1035+ goto err;
1036+ }
1037+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) {
1038+ ec_crv = EC_BINARY;
1039+ /* get the ECC curve parameters */
1040+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
1041+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1042+ goto err;
1043+ }
1044+
1045+ /* get the generator point pair */
1046+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1047+ EC_GROUP_get0_generator(group), x, y,ctx)) {
1048+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1049+ goto err;
1050+ }
1051+ } else {
1052+ printf("Unsupported Curve\n");
1053+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1054+ goto err;
1055+ }
1056+
1057+ if (spcf_bn2bin(order, &r, &r_len)) {
1058+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1059+ goto err;
1060+ }
1061+
1062+ if (spcf_bn2bin(p, &q, &q_len)) {
1063+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1064+ goto err;
1065+ }
1066+
1067+ priv_key_len = r_len;
1068+
1069+ /**
1070+ * If BN_num_bytes of priv_key returns less then r_len then
1071+ * add padding bytes before the key
1072+ */
1073+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
1074+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1075+ goto err;
1076+ }
1077+
1078+ /* Generation of ECC curve parameters */
1079+ ab_len = 2*q_len;
1080+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
1081+ if (!ab) {
1082+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1083+ goto err;
1084+ }
1085+
1086+ if (ec_crv == EC_BINARY) {
1087+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
1088+ {
1089+ unsigned char *c_temp = NULL;
1090+ int c_temp_len = q_len;
1091+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1092+ memcpy(ab+q_len, c_temp, q_len);
1093+ else
1094+ goto err;
1095+ }
1096+ kop->curve_type = ECC_BINARY;
1097+ }
1098+
1099+ /* Calculation of Generator point */
1100+ g_len = 2*q_len;
1101+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
1102+ if (!g_xy) {
1103+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1104+ goto err;
1105+ }
1106+
1107+ /* memory for message representative */
1108+ f = malloc(r_len);
1109+ if (!f) {
1110+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1111+ goto err;
1112+ }
1113+
1114+ /* Add padding, since SEC expects hash to of size r_len */
1115+ memset(f, 0, r_len - dgst_len);
1116+
1117+ /* Skip leading bytes if dgst_len < r_len */
1118+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
1119+
1120+ dgst_len += r_len - dgst_len;
1121+
1122+ kop->crk_op = CRK_DSA_SIGN;
1123+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1124+ kop->crk_param[0].crp_p = f;
1125+ kop->crk_param[0].crp_nbits = dgst_len * 8;
1126+ kop->crk_param[1].crp_p = q;
1127+ kop->crk_param[1].crp_nbits = q_len * 8;
1128+ kop->crk_param[2].crp_p = r;
1129+ kop->crk_param[2].crp_nbits = r_len * 8;
1130+ kop->crk_param[3].crp_p = g_xy;
1131+ kop->crk_param[3].crp_nbits = g_len * 8;
1132+ kop->crk_param[4].crp_p = s;
1133+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
1134+ kop->crk_param[5].crp_p = ab;
1135+ kop->crk_param[5].crp_nbits = ab_len * 8;
1136+ kop->crk_iparams = 6;
1137+ kop->cookie = cookie;
1138+
1139+ if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s))
1140+ goto err;
1141+
1142+ return ret;
1143+err:
1144+ {
1145+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1146+ BN_free(sig->r);
1147+ BN_free(sig->s);
1148+ if (kop)
1149+ free(kop);
1150+ sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey);
1151+ sig->r = sig_ret->r;
1152+ sig->s = sig_ret->s;
1153+ cookie->pkc_callback(cookie, 0);
1154+ }
1155+ return ret;
1156+}
1157+
1158+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
1159+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie)
1160+{
1161+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
1162+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
1163+ BN_CTX *ctx = NULL;
1164+ ECDSA_DATA *ecdsa = NULL;
1165+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL;
1166+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
1167+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
1168+ int d_len = 0, ab_len = 0, ret = 1;
1169+ const EC_POINT *pub_key = NULL;
1170+ const BIGNUM *order = NULL;
1171+ const EC_GROUP *group=NULL;
1172+ ec_curve_t ec_crv = EC_PRIME;
1173+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1174+
1175+ if (!kop)
1176+ goto err;
1177+
1178+ memset(kop, 0, sizeof(struct crypt_kop));
1179+ ecdsa = ecdsa_check(eckey);
1180+ if (!ecdsa) {
1181+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
1182+ goto err;
1183+ }
1184+
1185+ group = EC_KEY_get0_group(eckey);
1186+ pub_key = EC_KEY_get0_public_key(eckey);
1187+
1188+ if (!group || !pub_key) {
1189+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
1190+ goto err;
1191+ }
1192+
1193+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
1194+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
1195+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
1196+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
1197+ (w_y = BN_new()) == NULL) {
1198+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1199+ goto err;
1200+ }
1201+
1202+ order = &group->order;
1203+ if (!order || BN_is_zero(order)) {
1204+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
1205+ goto err;
1206+ }
1207+
1208+ i = BN_num_bits(order);
1209+ /* Need to truncate digest if it is too long: first truncate whole
1210+ * bytes */
1211+ if (8 * dgst_len > i)
1212+ dgst_len = (i + 7)/8;
1213+
1214+ if (!BN_bin2bn(dgst, dgst_len, m)) {
1215+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1216+ goto err;
1217+ }
1218+
1219+ /* If still too long truncate remaining bits with a shift */
1220+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
1221+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1222+ goto err;
1223+ }
1224+ /* copy the truncated bits into plain buffer */
1225+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
1226+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1227+ goto err;
1228+ }
1229+
1230+ /* check if this is prime or binary EC request */
1231+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
1232+ ec_crv = EC_PRIME;
1233+
1234+ /* get the generator point pair */
1235+ if (!EC_POINT_get_affine_coordinates_GFp (group,
1236+ EC_GROUP_get0_generator(group), x, y,ctx)) {
1237+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1238+ goto err;
1239+ }
1240+
1241+ /* get the public key pair for prime curve */
1242+ if (!EC_POINT_get_affine_coordinates_GFp (group,
1243+ pub_key, w_x, w_y,ctx)) {
1244+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1245+ goto err;
1246+ }
1247+
1248+ /* get the ECC curve parameters */
1249+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1250+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1251+ goto err;
1252+ }
1253+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){
1254+ ec_crv = EC_BINARY;
1255+ /* get the ECC curve parameters */
1256+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
1257+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1258+ goto err;
1259+ }
1260+
1261+ /* get the generator point pair */
1262+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1263+ EC_GROUP_get0_generator(group),x, y,ctx)) {
1264+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1265+ goto err;
1266+ }
1267+
1268+ /* get the public key pair for binary curve */
1269+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1270+ pub_key, w_x, w_y,ctx)) {
1271+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1272+ goto err;
1273+ }
1274+ }else {
1275+ printf("Unsupported Curve\n");
1276+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1277+ goto err;
1278+ }
1279+
1280+ /* Get the order of the subgroup of private keys */
1281+ if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) {
1282+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1283+ goto err;
1284+ }
1285+
1286+ /* Get the irreducible polynomial that creates the field */
1287+ if (spcf_bn2bin(p, &q, &q_len)) {
1288+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1289+ goto err;
1290+ }
1291+
1292+ /* Get the public key into a flat buffer with appropriate padding */
1293+ pub_key_len = 2 * q_len;
1294+
1295+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
1296+ if (!w_xy) {
1297+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1298+ goto err;
1299+ }
1300+
1301+ /* Generation of ECC curve parameters */
1302+ ab_len = 2*q_len;
1303+
1304+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
1305+ if (!ab) {
1306+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1307+ goto err;
1308+ }
1309+
1310+ if (ec_crv == EC_BINARY) {
1311+ /* copy b' i.e c(b), instead of only b */
1312+ eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
1313+ ab+q_len, q_len);
1314+ kop->curve_type = ECC_BINARY;
1315+ }
1316+
1317+ /* Calculation of Generator point */
1318+ g_len = 2 * q_len;
1319+
1320+ g_xy = eng_copy_curve_points (x, y, g_len, q_len);
1321+ if (!g_xy) {
1322+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1323+ goto err;
1324+ }
1325+
1326+ /**
1327+ * Get the 1st part of signature into a flat buffer with
1328+ * appropriate padding
1329+ */
1330+ if (BN_num_bytes(sig->r) < r_len)
1331+ c_len = r_len;
1332+
1333+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
1334+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1335+ goto err;
1336+ }
1337+
1338+ /**
1339+ * Get the 2nd part of signature into a flat buffer with
1340+ * appropriate padding
1341+ */
1342+ if (BN_num_bytes(sig->s) < r_len)
1343+ d_len = r_len;
1344+
1345+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
1346+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1347+ goto err;
1348+ }
1349+
1350+ /* memory for message representative */
1351+ f = malloc(r_len);
1352+ if (!f) {
1353+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1354+ goto err;
1355+ }
1356+
1357+ /* Add padding, since SEC expects hash to of size r_len */
1358+ memset(f, 0, r_len-dgst_len);
1359+
1360+ /* Skip leading bytes if dgst_len < r_len */
1361+ memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
1362+
1363+ dgst_len += r_len-dgst_len;
1364+
1365+ kop->crk_op = CRK_DSA_VERIFY;
1366+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1367+ kop->crk_param[0].crp_p = f;
1368+ kop->crk_param[0].crp_nbits = dgst_len * 8;
1369+ kop->crk_param[1].crp_p = q;
1370+ kop->crk_param[1].crp_nbits = q_len * 8;
1371+ kop->crk_param[2].crp_p = r;
1372+ kop->crk_param[2].crp_nbits = r_len * 8;
1373+ kop->crk_param[3].crp_p = g_xy;
1374+ kop->crk_param[3].crp_nbits = g_len * 8;
1375+ kop->crk_param[4].crp_p = w_xy;
1376+ kop->crk_param[4].crp_nbits = pub_key_len * 8;
1377+ kop->crk_param[5].crp_p = ab;
1378+ kop->crk_param[5].crp_nbits = ab_len * 8;
1379+ kop->crk_param[6].crp_p = c;
1380+ kop->crk_param[6].crp_nbits = d_len * 8;
1381+ kop->crk_param[7].crp_p = d;
1382+ kop->crk_param[7].crp_nbits = d_len * 8;
1383+ kop->crk_iparams = 8;
1384+ kop->cookie = cookie;
1385+
1386+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
1387+ goto err;
1388+
1389+ return ret;
1390+err:
1391+ {
1392+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1393+
1394+ if (kop)
1395+ free(kop);
1396+ ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
1397+ cookie->pkc_callback(cookie, 0);
1398+ }
1399+
1400+ return ret;
1401+}
1402+
1403+/* Cryptodev DH Key Gen routine */
1404+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
1405+{
1406+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1407+ int ret = 1, g_len;
1408+ unsigned char *g = NULL;
1409+
1410+ if (!kop)
1411+ goto sw_try;
1412+
1413+ if (dh->priv_key == NULL) {
1414+ if ((dh->priv_key=BN_new()) == NULL)
1415+ goto sw_try;
1416+ }
1417+
1418+ if (dh->pub_key == NULL) {
1419+ if ((dh->pub_key=BN_new()) == NULL)
1420+ goto sw_try;
1421+ }
1422+
1423+ g_len = BN_num_bytes(dh->p);
1424+ /**
1425+ * Get generator into a plain buffer. If length is less than
1426+ * q_len then add leading padding bytes.
1427 */
1428- if (BN_num_bytes(sig->s) < r_len)
1429- d_len = r_len;
1430-
1431- if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
1432- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1433- goto err;
1434- }
1435-
1436- /* memory for message representative */
1437- f = malloc(r_len);
1438- if (!f) {
1439- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1440- goto err;
1441+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
1442+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
1443+ goto sw_try;
1444 }
1445
1446- /* Add padding, since SEC expects hash to of size r_len */
1447- memset(f, 0, r_len-dgst_len);
1448+ memset(kop, 0, sizeof(struct crypt_kop));
1449+ kop->crk_op = CRK_DH_GENERATE_KEY;
1450+ if (bn2crparam(dh->p, &kop->crk_param[0]))
1451+ goto sw_try;
1452+ if (bn2crparam(dh->q, &kop->crk_param[1]))
1453+ goto sw_try;
1454+ kop->crk_param[2].crp_p = g;
1455+ kop->crk_param[2].crp_nbits = g_len * 8;
1456+ kop->crk_iparams = 3;
1457+ kop->cookie = cookie;
1458
1459- /* Skip leading bytes if dgst_len < r_len */
1460- memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len);
1461- dgst_len += r_len-dgst_len;
1462- kop.crk_op = CRK_DSA_VERIFY;
1463- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1464- kop.crk_param[0].crp_p = f;
1465- kop.crk_param[0].crp_nbits = dgst_len * 8;
1466- kop.crk_param[1].crp_p = q;
1467- kop.crk_param[1].crp_nbits = q_len * 8;
1468- kop.crk_param[2].crp_p = r;
1469- kop.crk_param[2].crp_nbits = r_len * 8;
1470- kop.crk_param[3].crp_p = g_xy;
1471- kop.crk_param[3].crp_nbits = g_len * 8;
1472- kop.crk_param[4].crp_p = w_xy;
1473- kop.crk_param[4].crp_nbits = pub_key_len * 8;
1474- kop.crk_param[5].crp_p = ab;
1475- kop.crk_param[5].crp_nbits = ab_len * 8;
1476- kop.crk_param[6].crp_p = c;
1477- kop.crk_param[6].crp_nbits = d_len * 8;
1478- kop.crk_param[7].crp_p = d;
1479- kop.crk_param[7].crp_nbits = d_len * 8;
1480- kop.crk_iparams = 8;
1481+ /* pub_key is or prime length while priv key is of length of order */
1482+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
1483+ BN_num_bytes(dh->q), dh->priv_key))
1484+ goto sw_try;
1485
1486- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1487- /*OCF success value is 0, if not zero, change ret to fail*/
1488- if(0 == kop.crk_status)
1489- ret = 1;
1490- } else {
1491- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1492+ return ret;
1493+sw_try:
1494+ {
1495+ const DH_METHOD *meth = DH_OpenSSL();
1496
1497- ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey);
1498+ if (kop)
1499+ free(kop);
1500+ ret = (meth->generate_key)(dh);
1501+ cookie->pkc_callback(cookie, 0);
1502 }
1503- kop.crk_param[0].crp_p = NULL;
1504- zapparams(&kop);
1505-
1506-err:
1507 return ret;
1508 }
1509
1510@@ -2360,6 +3383,54 @@ sw_try:
1511 return (dhret);
1512 }
1513
1514+/* Return Length if successful and 0 on failure */
1515+static int
1516+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
1517+ DH *dh, struct pkc_cookie_s *cookie)
1518+{
1519+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1520+ int ret = 1;
1521+ int fd, p_len;
1522+ unsigned char *padded_pub_key = NULL, *p = NULL;
1523+
1524+ fd = *(int *)cookie->eng_handle;
1525+
1526+ memset(kop, 0, sizeof(struct crypt_kop));
1527+ kop->crk_op = CRK_DH_COMPUTE_KEY;
1528+ /* inputs: dh->priv_key pub_key dh->p key */
1529+ spcf_bn2bin(dh->p, &p, &p_len);
1530+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
1531+
1532+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
1533+ goto err;
1534+ kop->crk_param[1].crp_p = padded_pub_key;
1535+ kop->crk_param[1].crp_nbits = p_len * 8;
1536+ kop->crk_param[2].crp_p = p;
1537+ kop->crk_param[2].crp_nbits = p_len * 8;
1538+ kop->crk_iparams = 3;
1539+
1540+ kop->cookie = cookie;
1541+ kop->crk_param[3].crp_p = (void*) key;
1542+ kop->crk_param[3].crp_nbits = p_len * 8;
1543+ kop->crk_oparams = 1;
1544+
1545+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
1546+ goto err;
1547+
1548+ return p_len;
1549+err:
1550+ {
1551+ const DH_METHOD *meth = DH_OpenSSL();
1552+
1553+ if (kop)
1554+ free(kop);
1555+ ret = (meth->compute_key)(key, pub_key, dh);
1556+ /* Call user cookie handler */
1557+ cookie->pkc_callback(cookie, 0);
1558+ }
1559+ return (ret);
1560+}
1561+
1562 int cryptodev_ecdh_compute_key(void *out, size_t outlen,
1563 const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
1564 void *out, size_t *outlen))
1565@@ -2537,6 +3608,190 @@ err:
1566 return ret;
1567 }
1568
1569+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
1570+ const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
1571+ void *out, size_t *outlen), struct pkc_cookie_s *cookie)
1572+{
1573+ ec_curve_t ec_crv = EC_PRIME;
1574+ unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
1575+ BIGNUM * w_x = NULL, *w_y = NULL;
1576+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
1577+ BIGNUM * p = NULL, *a = NULL, *b = NULL;
1578+ BN_CTX *ctx;
1579+ EC_POINT *tmp=NULL;
1580+ BIGNUM *x=NULL, *y=NULL;
1581+ const BIGNUM *priv_key;
1582+ const EC_GROUP* group = NULL;
1583+ int ret = 1;
1584+ size_t buflen, len;
1585+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1586+
1587+ if (!(ctx = BN_CTX_new()) || !kop)
1588+ goto err;
1589+
1590+ memset(kop, 0, sizeof(struct crypt_kop));
1591+
1592+ BN_CTX_start(ctx);
1593+ x = BN_CTX_get(ctx);
1594+ y = BN_CTX_get(ctx);
1595+ p = BN_CTX_get(ctx);
1596+ a = BN_CTX_get(ctx);
1597+ b = BN_CTX_get(ctx);
1598+ w_x = BN_CTX_get(ctx);
1599+ w_y = BN_CTX_get(ctx);
1600+
1601+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
1602+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
1603+ goto err;
1604+ }
1605+
1606+ priv_key = EC_KEY_get0_private_key(ecdh);
1607+ if (priv_key == NULL) {
1608+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
1609+ goto err;
1610+ }
1611+
1612+ group = EC_KEY_get0_group(ecdh);
1613+ if ((tmp=EC_POINT_new(group)) == NULL) {
1614+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
1615+ goto err;
1616+ }
1617+
1618+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1619+ NID_X9_62_prime_field) {
1620+ ec_crv = EC_PRIME;
1621+
1622+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1623+ EC_GROUP_get0_generator(group), x, y, ctx)) {
1624+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
1625+ goto err;
1626+ }
1627+
1628+ /* get the ECC curve parameters */
1629+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1630+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1631+ goto err;
1632+ }
1633+
1634+ /* get the public key pair for prime curve */
1635+ if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) {
1636+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1637+ goto err;
1638+ }
1639+ } else {
1640+ ec_crv = EC_BINARY;
1641+
1642+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1643+ EC_GROUP_get0_generator(group), x, y, ctx)) {
1644+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
1645+ goto err;
1646+ }
1647+
1648+ /* get the ECC curve parameters */
1649+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) {
1650+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1651+ goto err;
1652+ }
1653+
1654+ /* get the public key pair for binary curve */
1655+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1656+ pub_key, w_x, w_y,ctx)) {
1657+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1658+ goto err;
1659+ }
1660+ }
1661+
1662+ /* irreducible polynomial that creates the field */
1663+ if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) {
1664+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1665+ goto err;
1666+ }
1667+
1668+ /* Get the irreducible polynomial that creates the field */
1669+ if (spcf_bn2bin(p, &q, &q_len)) {
1670+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1671+ goto err;
1672+ }
1673+
1674+ /* Get the public key into a flat buffer with appropriate padding */
1675+ pub_key_len = 2 * q_len;
1676+ w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len);
1677+ if (!w_xy) {
1678+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1679+ goto err;
1680+ }
1681+
1682+ /* Generation of ECC curve parameters */
1683+ ab_len = 2*q_len;
1684+ ab = eng_copy_curve_points (a, b, ab_len, q_len);
1685+ if (!ab) {
1686+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
1687+ goto err;
1688+ }
1689+
1690+ if (ec_crv == EC_BINARY) {
1691+ /* copy b' i.e c(b), instead of only b */
1692+ if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len))
1693+ {
1694+ unsigned char *c_temp = NULL;
1695+ int c_temp_len = q_len;
1696+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1697+ memcpy(ab+q_len, c_temp, q_len);
1698+ else
1699+ goto err;
1700+ }
1701+ kop->curve_type = ECC_BINARY;
1702+ } else
1703+ kop->curve_type = ECC_PRIME;
1704+
1705+ priv_key_len = r_len;
1706+
1707+ /*
1708+ * If BN_num_bytes of priv_key returns less then r_len then
1709+ * add padding bytes before the key
1710+ */
1711+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
1712+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1713+ goto err;
1714+ }
1715+
1716+ buflen = (EC_GROUP_get_degree(group) + 7)/8;
1717+ len = BN_num_bytes(x);
1718+ if (len > buflen || q_len < buflen) {
1719+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
1720+ goto err;
1721+ }
1722+
1723+ kop->crk_op = CRK_DH_COMPUTE_KEY;
1724+ kop->crk_param[0].crp_p = (void *) s;
1725+ kop->crk_param[0].crp_nbits = priv_key_len*8;
1726+ kop->crk_param[1].crp_p = (void *) w_xy;
1727+ kop->crk_param[1].crp_nbits = pub_key_len*8;
1728+ kop->crk_param[2].crp_p = (void *) q;
1729+ kop->crk_param[2].crp_nbits = q_len*8;
1730+ kop->crk_param[3].crp_p = (void *) ab;
1731+ kop->crk_param[3].crp_nbits = ab_len*8;
1732+ kop->crk_iparams = 4;
1733+ kop->crk_param[4].crp_p = (void *) out;
1734+ kop->crk_param[4].crp_nbits = q_len*8;
1735+ kop->crk_oparams = 1;
1736+ kop->cookie = cookie;
1737+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
1738+ goto err;
1739+
1740+ return q_len;
1741+err:
1742+ {
1743+ const ECDH_METHOD *meth = ECDH_OpenSSL();
1744+
1745+ if (kop)
1746+ free(kop);
1747+ ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF);
1748+ /* Call user cookie handler */
1749+ cookie->pkc_callback(cookie, 0);
1750+ }
1751+ return ret;
1752+}
1753
1754 static DH_METHOD cryptodev_dh = {
1755 "cryptodev DH method",
1756@@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = {
1757 NULL,
1758 NULL,
1759 NULL,
1760+ NULL,
1761+ NULL,
1762 0, /* flags */
1763 NULL /* app_data */
1764 };
1765@@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = {
1766 "cryptodev ECDH method",
1767 NULL, /* cryptodev_ecdh_compute_key */
1768 NULL,
1769+ NULL,
1770 0, /* flags */
1771 NULL /* app_data */
1772 };
1773@@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void)
1774 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1775 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1776 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1777- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1778+ cryptodev_rsa.bn_mod_exp_async =
1779+ cryptodev_bn_mod_exp_async;
1780+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
1781 cryptodev_rsa.rsa_mod_exp =
1782 cryptodev_rsa_mod_exp;
1783- else
1784+ cryptodev_rsa.rsa_mod_exp_async =
1785+ cryptodev_rsa_mod_exp_async;
1786+ } else {
1787 cryptodev_rsa.rsa_mod_exp =
1788 cryptodev_rsa_nocrt_mod_exp;
1789+ cryptodev_rsa.rsa_mod_exp_async =
1790+ cryptodev_rsa_nocrt_mod_exp_async;
1791+ }
1792 }
1793 }
1794
1795@@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void)
1796 const DSA_METHOD *meth = DSA_OpenSSL();
1797
1798 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1799- if (cryptodev_asymfeat & CRF_DSA_SIGN)
1800+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
1801 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1802- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1803+ cryptodev_dsa.dsa_do_sign_async =
1804+ cryptodev_dsa_do_sign_async;
1805+ }
1806+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
1807 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1808- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
1809+ cryptodev_dsa.dsa_do_verify_async =
1810+ cryptodev_dsa_verify_async;
1811+ }
1812+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
1813 cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
1814+ cryptodev_dsa.dsa_keygen_async =
1815+ cryptodev_dsa_keygen_async;
1816+ }
1817 }
1818
1819 if (ENGINE_set_DH(engine, &cryptodev_dh)){
1820@@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void)
1821 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1822 cryptodev_dh.compute_key =
1823 cryptodev_dh_compute_key;
1824+ cryptodev_dh.compute_key_async =
1825+ cryptodev_dh_compute_key_async;
1826 }
1827 if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
1828 cryptodev_dh.generate_key =
1829 cryptodev_dh_keygen;
1830+ cryptodev_dh.generate_key_async =
1831+ cryptodev_dh_keygen_async;
1832+
1833 }
1834 }
1835
1836@@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void)
1837 memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
1838 if (cryptodev_asymfeat & CRF_DSA_SIGN) {
1839 cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
1840+ cryptodev_ecdsa.ecdsa_do_sign_async =
1841+ cryptodev_ecdsa_do_sign_async;
1842 }
1843 if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
1844 cryptodev_ecdsa.ecdsa_do_verify =
1845 cryptodev_ecdsa_verify;
1846+ cryptodev_ecdsa.ecdsa_do_verify_async =
1847+ cryptodev_ecdsa_verify_async;
1848 }
1849 }
1850
1851@@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void)
1852 memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
1853 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1854 cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
1855+ cryptodev_ecdh.compute_key_async =
1856+ cryptodev_ecdh_compute_key_async;
1857 }
1858 }
1859
1860+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
1861+ ENGINE_set_close_instance(engine, cryptodev_close_instance);
1862+ ENGINE_set_init_instance(engine, cryptodev_init_instance);
1863+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
1864+
1865 ENGINE_add(engine);
1866 ENGINE_free(engine);
1867 ERR_clear_error();
1868diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
1869index 451ef8f..8fc3077 100644
1870--- a/crypto/engine/eng_int.h
1871+++ b/crypto/engine/eng_int.h
1872@@ -181,7 +181,29 @@ struct engine_st
1873 ENGINE_LOAD_KEY_PTR load_pubkey;
1874
1875 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
1876-
1877+ /*
1878+ * Instantiate Engine handle to be passed in check_pkc_availability
1879+ * Ensure that Engine is instantiated before any pkc asynchronous call.
1880+ */
1881+ void *(*engine_init_instance)(void);
1882+ /*
1883+ * Instantiated Engine handle will be closed with this call.
1884+ * Ensure that no pkc asynchronous call is made after this call
1885+ */
1886+ void (*engine_close_instance)(void *handle);
1887+ /*
1888+ * Check availability will extract the data from kernel.
1889+ * eng_handle: This is the Engine handle corresponds to which
1890+ * the cookies needs to be polled.
1891+ * return 0 if cookie available else 1
1892+ */
1893+ int (*check_pkc_availability)(void *eng_handle);
1894+ /*
1895+ * The following map is used to check if the engine supports asynchronous implementation
1896+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
1897+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
1898+ */
1899+ int async_map;
1900 const ENGINE_CMD_DEFN *cmd_defns;
1901 int flags;
1902 /* reference count on the structure itself */
1903diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
1904index 18a6664..6fa621c 100644
1905--- a/crypto/engine/eng_lib.c
1906+++ b/crypto/engine/eng_lib.c
1907@@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e)
1908 e->ctrl = NULL;
1909 e->load_privkey = NULL;
1910 e->load_pubkey = NULL;
1911+ e->check_pkc_availability = NULL;
1912+ e->engine_init_instance = NULL;
1913+ e->engine_close_instance = NULL;
1914 e->cmd_defns = NULL;
1915+ e->async_map = 0;
1916 e->flags = 0;
1917 }
1918
1919@@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
1920 return 1;
1921 }
1922
1923+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
1924+ {
1925+ e->engine_init_instance = engine_init_instance;
1926+ }
1927+
1928+void ENGINE_set_close_instance(ENGINE *e,
1929+ void (*engine_close_instance)(void *))
1930+ {
1931+ e->engine_close_instance = engine_close_instance;
1932+ }
1933+
1934+void ENGINE_set_async_map(ENGINE *e, int async_map)
1935+ {
1936+ e->async_map = async_map;
1937+ }
1938+
1939+void *ENGINE_init_instance(ENGINE *e)
1940+ {
1941+ return e->engine_init_instance();
1942+ }
1943+
1944+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
1945+ {
1946+ e->engine_close_instance(eng_handle);
1947+ }
1948+
1949+int ENGINE_get_async_map(ENGINE *e)
1950+ {
1951+ return e->async_map;
1952+ }
1953+
1954+void ENGINE_set_check_pkc_availability(ENGINE *e,
1955+ int (*check_pkc_availability)(void *eng_handle))
1956+ {
1957+ e->check_pkc_availability = check_pkc_availability;
1958+ }
1959+
1960+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
1961+ {
1962+ return e->check_pkc_availability(eng_handle);
1963+ }
1964+
1965 int ENGINE_set_name(ENGINE *e, const char *name)
1966 {
1967 if(name == NULL)
1968diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
1969index 237a6c9..ccff86a 100644
1970--- a/crypto/engine/engine.h
1971+++ b/crypto/engine/engine.h
1972@@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void);
1973 int ENGINE_free(ENGINE *e);
1974 int ENGINE_up_ref(ENGINE *e);
1975 int ENGINE_set_id(ENGINE *e, const char *id);
1976+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
1977+void ENGINE_set_close_instance(ENGINE *e,
1978+ void (*engine_free_instance)(void *));
1979+/*
1980+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
1981+ *of the engine
1982+ */
1983+#define ENGINE_RSA_ASYNC 0x0001
1984+#define ENGINE_DSA_ASYNC 0x0002
1985+#define ENGINE_DH_ASYNC 0x0004
1986+#define ENGINE_ECDSA_ASYNC 0x0008
1987+#define ENGINE_ECDH_ASYNC 0x0010
1988+#define ENGINE_ALLPKC_ASYNC 0x001F
1989+/* Engine implementation will set the bitmap based on above flags using following API */
1990+void ENGINE_set_async_map(ENGINE *e, int async_map);
1991+ /* Application need to check the bitmap based on above flags using following API
1992+ * to confirm asynchronous methods supported
1993+ */
1994+int ENGINE_get_async_map(ENGINE *e);
1995+void *ENGINE_init_instance(ENGINE *e);
1996+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
1997+void ENGINE_set_check_pkc_availability(ENGINE *e,
1998+ int (*check_pkc_availability)(void *eng_handle));
1999+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
2000 int ENGINE_set_name(ENGINE *e, const char *name);
2001 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
2002 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
2003diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
2004index 5f269e5..6ef1b15 100644
2005--- a/crypto/rsa/rsa.h
2006+++ b/crypto/rsa/rsa.h
2007@@ -101,6 +101,29 @@ struct rsa_meth_st
2008 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
2009 const BIGNUM *m, BN_CTX *ctx,
2010 BN_MONT_CTX *m_ctx); /* Can be null */
2011+ /*
2012+ * Cookie in the following _async variant must be allocated before
2013+ * submission and can be freed once its corresponding callback
2014+ * handler is called
2015+ */
2016+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
2017+ unsigned char *to, RSA *rsa, int padding,
2018+ struct pkc_cookie_s *cookie);
2019+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
2020+ unsigned char *to, RSA *rsa, int padding,
2021+ struct pkc_cookie_s *cookie);
2022+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
2023+ unsigned char *to, RSA *rsa, int padding,
2024+ struct pkc_cookie_s *cookie);
2025+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
2026+ unsigned char *to, RSA *rsa, int padding,
2027+ struct pkc_cookie_s *cookie);
2028+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
2029+ BN_CTX *ctx, struct pkc_cookie_s *cookie);
2030+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
2031+ const BIGNUM *m, BN_CTX *ctx,
2032+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
2033+
2034 int (*init)(RSA *rsa); /* called at new */
2035 int (*finish)(RSA *rsa); /* called at free */
2036 int flags; /* RSA_METHOD_FLAG_* things */
2037--
20381.8.3.1
2039
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
new file mode 100644
index 00000000..5e742986
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
@@ -0,0 +1,153 @@
1From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001
2From: Hou Zhiqiang <B48286@freescale.com>
3Date: Wed, 2 Apr 2014 16:10:43 +0800
4Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command
5 with hardware engine
6
7Upstream-status: Pending
8
9Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
10Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
11---
12 crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++
13 1 file changed, 118 insertions(+)
14
15diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
16index 9f2416e..b2919a8 100644
17--- a/crypto/engine/eng_cryptodev.c
18+++ b/crypto/engine/eng_cryptodev.c
19@@ -1906,6 +1906,121 @@ err:
20 return dsaret;
21 }
22
23+/* Cryptodev RSA Key Gen routine */
24+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
25+{
26+ struct crypt_kop kop;
27+ int ret, fd;
28+ int p_len, q_len;
29+ int i;
30+
31+ if ((fd = get_asym_dev_crypto()) < 0)
32+ return fd;
33+
34+ if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
35+ if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
36+ if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
37+ if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
38+ if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
39+ if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
40+ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
41+ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
42+
43+ BN_copy(rsa->e, e);
44+
45+ p_len = (bits+1) / (2 * 8);
46+ q_len = (bits - p_len * 8) / 8;
47+ memset(&kop, 0, sizeof kop);
48+ kop.crk_op = CRK_RSA_GENERATE_KEY;
49+
50+ /* p length */
51+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
52+ if (!kop.crk_param[kop.crk_iparams].crp_p)
53+ goto err;
54+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
55+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
56+ kop.crk_iparams++;
57+ kop.crk_oparams++;
58+ /* q length */
59+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
60+ if (!kop.crk_param[kop.crk_iparams].crp_p)
61+ goto err;
62+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
63+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
64+ kop.crk_iparams++;
65+ kop.crk_oparams++;
66+ /* n length */
67+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
68+ if (!kop.crk_param[kop.crk_iparams].crp_p)
69+ goto err;
70+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
71+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
72+ kop.crk_iparams++;
73+ kop.crk_oparams++;
74+ /* d length */
75+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char));
76+ if (!kop.crk_param[kop.crk_iparams].crp_p)
77+ goto err;
78+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
79+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
80+ kop.crk_iparams++;
81+ kop.crk_oparams++;
82+ /* dp1 length */
83+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
84+ if (!kop.crk_param[kop.crk_iparams].crp_p)
85+ goto err;
86+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
87+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
88+ kop.crk_iparams++;
89+ kop.crk_oparams++;
90+ /* dq1 length */
91+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
92+ if (!kop.crk_param[kop.crk_iparams].crp_p)
93+ goto err;
94+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
95+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
96+ kop.crk_iparams++;
97+ kop.crk_oparams++;
98+ /* i length */
99+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
100+ if (!kop.crk_param[kop.crk_iparams].crp_p)
101+ goto err;
102+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
103+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
104+ kop.crk_iparams++;
105+ kop.crk_oparams++;
106+
107+ if (ioctl(fd, CIOCKEY, &kop) == 0) {
108+ BN_bin2bn(kop.crk_param[0].crp_p,
109+ p_len, rsa->p);
110+ BN_bin2bn(kop.crk_param[1].crp_p,
111+ q_len, rsa->q);
112+ BN_bin2bn(kop.crk_param[2].crp_p,
113+ bits / 8, rsa->n);
114+ BN_bin2bn(kop.crk_param[3].crp_p,
115+ bits / 8, rsa->d);
116+ BN_bin2bn(kop.crk_param[4].crp_p,
117+ p_len, rsa->dmp1);
118+ BN_bin2bn(kop.crk_param[5].crp_p,
119+ q_len, rsa->dmq1);
120+ BN_bin2bn(kop.crk_param[6].crp_p,
121+ p_len, rsa->iqmp);
122+ return 1;
123+ }
124+sw_try:
125+ {
126+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
127+ ret = (meth->rsa_keygen)(rsa, bits, e, cb);
128+ }
129+ return ret;
130+
131+err:
132+ for (i = 0; i < CRK_MAXPARAM; i++)
133+ free(kop.crk_param[i].crp_p);
134+ return 0;
135+
136+}
137+
138 /* Cryptodev DSA Key Gen routine */
139 static int cryptodev_dsa_keygen(DSA *dsa)
140 {
141@@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void)
142 cryptodev_rsa.rsa_mod_exp_async =
143 cryptodev_rsa_nocrt_mod_exp_async;
144 }
145+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
146+ cryptodev_rsa.rsa_keygen =
147+ cryptodev_rsa_keygen;
148 }
149 }
150
151--
1521.8.3.1
153
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
new file mode 100644
index 00000000..44899733
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch
@@ -0,0 +1,64 @@
1From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Wed, 16 Apr 2014 22:53:04 +0545
4Subject: [PATCH 12/17] RSA Keygen Fix
5
6Upstream-status: Pending
7
8If Kernel driver doesn't support RSA Keygen or same returns
9error handling the keygen operation, the keygen is gracefully
10handled by software supported rsa_keygen handler
11
12Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
13Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
14---
15 crypto/engine/eng_cryptodev.c | 12 +++++++-----
16 1 file changed, 7 insertions(+), 5 deletions(-)
17
18diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
19index b2919a8..ed5f20f 100644
20--- a/crypto/engine/eng_cryptodev.c
21+++ b/crypto/engine/eng_cryptodev.c
22@@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
23 int i;
24
25 if ((fd = get_asym_dev_crypto()) < 0)
26- return fd;
27+ goto sw_try;
28
29 if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
30 if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
31@@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
32 /* p length */
33 kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
34 if (!kop.crk_param[kop.crk_iparams].crp_p)
35- goto err;
36+ goto sw_try;
37 kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
38 memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
39 kop.crk_iparams++;
40@@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
41 /* q length */
42 kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
43 if (!kop.crk_param[kop.crk_iparams].crp_p)
44- goto err;
45+ goto sw_try;
46 kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
47 memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
48 kop.crk_iparams++;
49@@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
50 }
51 sw_try:
52 {
53- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
54- ret = (meth->rsa_keygen)(rsa, bits, e, cb);
55+ const RSA_METHOD *meth = rsa->meth;
56+ rsa->meth = RSA_PKCS1_SSLeay();
57+ ret = RSA_generate_key_ex(rsa, bits, e, cb);
58+ rsa->meth = meth;
59 }
60 return ret;
61
62--
631.8.3.1
64
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
new file mode 100644
index 00000000..183f3fbd
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch
@@ -0,0 +1,164 @@
1From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 17 Apr 2014 06:57:59 +0545
4Subject: [PATCH 13/17] Removed local copy of curve_t type
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 crypto/engine/eng_cryptodev.c | 34 ++++++++++++++--------------------
12 crypto/engine/eng_cryptodev_ec.h | 7 -------
13 2 files changed, 14 insertions(+), 27 deletions(-)
14
15diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
16index ed5f20f..5d883fa 100644
17--- a/crypto/engine/eng_cryptodev.c
18+++ b/crypto/engine/eng_cryptodev.c
19@@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
20 NULL /* app_data */
21 };
22
23-typedef enum ec_curve_s
24-{
25- EC_PRIME,
26- EC_BINARY
27-} ec_curve_t;
28-
29 /* ENGINE handler for ECDSA Sign */
30 static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
31 int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
32@@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
33 const BIGNUM *order = NULL, *priv_key=NULL;
34 const EC_GROUP *group = NULL;
35 struct crypt_kop kop;
36- ec_curve_t ec_crv = EC_PRIME;
37+ enum ec_curve_t ec_crv = EC_PRIME;
38
39 memset(&kop, 0, sizeof(kop));
40 ecdsa = ecdsa_check(eckey);
41@@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst,
42 else
43 goto err;
44 }
45- kop.curve_type = ECC_BINARY;
46+ kop.curve_type = EC_BINARY;
47 }
48
49 /* Calculation of Generator point */
50@@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
51 const EC_POINT *pub_key = NULL;
52 const BIGNUM *order = NULL;
53 const EC_GROUP *group=NULL;
54- ec_curve_t ec_crv = EC_PRIME;
55+ enum ec_curve_t ec_crv = EC_PRIME;
56 struct crypt_kop kop;
57
58 memset(&kop, 0, sizeof kop);
59@@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
60 else
61 goto err;
62 }
63- kop.curve_type = ECC_BINARY;
64+ kop.curve_type = EC_BINARY;
65 }
66
67 /* Calculation of Generator point */
68@@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
69 const BIGNUM *order = NULL, *priv_key=NULL;
70 const EC_GROUP *group = NULL;
71 struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
72- ec_curve_t ec_crv = EC_PRIME;
73+ enum ec_curve_t ec_crv = EC_PRIME;
74
75 if (!(sig->r = BN_new()) || !kop)
76 goto err;
77@@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst,
78 else
79 goto err;
80 }
81- kop->curve_type = ECC_BINARY;
82+ kop->curve_type = EC_BINARY;
83 }
84
85 /* Calculation of Generator point */
86@@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
87 const EC_POINT *pub_key = NULL;
88 const BIGNUM *order = NULL;
89 const EC_GROUP *group=NULL;
90- ec_curve_t ec_crv = EC_PRIME;
91+ enum ec_curve_t ec_crv = EC_PRIME;
92 struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
93
94 if (!kop)
95@@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len,
96 /* copy b' i.e c(b), instead of only b */
97 eng_ec_get_cparam (EC_GROUP_get_curve_name(group),
98 ab+q_len, q_len);
99- kop->curve_type = ECC_BINARY;
100+ kop->curve_type = EC_BINARY;
101 }
102
103 /* Calculation of Generator point */
104@@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
105 const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
106 void *out, size_t *outlen))
107 {
108- ec_curve_t ec_crv = EC_PRIME;
109+ enum ec_curve_t ec_crv = EC_PRIME;
110 unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
111 BIGNUM * w_x = NULL, *w_y = NULL;
112 int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
113@@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
114 else
115 goto err;
116 }
117- kop.curve_type = ECC_BINARY;
118+ kop.curve_type = EC_BINARY;
119 } else
120- kop.curve_type = ECC_PRIME;
121+ kop.curve_type = EC_PRIME;
122
123 priv_key_len = r_len;
124
125@@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
126 const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen,
127 void *out, size_t *outlen), struct pkc_cookie_s *cookie)
128 {
129- ec_curve_t ec_crv = EC_PRIME;
130+ enum ec_curve_t ec_crv = EC_PRIME;
131 unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
132 BIGNUM * w_x = NULL, *w_y = NULL;
133 int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
134@@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
135 else
136 goto err;
137 }
138- kop->curve_type = ECC_BINARY;
139+ kop->curve_type = EC_BINARY;
140 } else
141- kop->curve_type = ECC_PRIME;
142+ kop->curve_type = EC_PRIME;
143
144 priv_key_len = r_len;
145
146diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
147index 77aee71..a4b8da5 100644
148--- a/crypto/engine/eng_cryptodev_ec.h
149+++ b/crypto/engine/eng_cryptodev_ec.h
150@@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
151
152 return xy;
153 }
154-
155-enum curve_t {
156- DISCRETE_LOG,
157- ECC_PRIME,
158- ECC_BINARY,
159- MAX_ECC_TYPE
160-};
161 #endif
162--
1631.8.3.1
164
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
new file mode 100644
index 00000000..46846f8f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch
@@ -0,0 +1,43 @@
1From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 22 Apr 2014 22:58:33 +0545
4Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams
5
6Upstream-status: Pending
7
8When dhparams are created, modulus parameter required for
9private key generation is not populated. So, falling back
10to software for proper population of modulus parameters followed
11by private key generation
12
13Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
14Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
15---
16 crypto/engine/eng_cryptodev.c | 4 ++--
17 1 file changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
20index 5d883fa..6d69336 100644
21--- a/crypto/engine/eng_cryptodev.c
22+++ b/crypto/engine/eng_cryptodev.c
23@@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
24 kop->crk_op = CRK_DH_GENERATE_KEY;
25 if (bn2crparam(dh->p, &kop->crk_param[0]))
26 goto sw_try;
27- if (bn2crparam(dh->q, &kop->crk_param[1]))
28+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
29 goto sw_try;
30 kop->crk_param[2].crp_p = g;
31 kop->crk_param[2].crp_nbits = g_len * 8;
32@@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh)
33 kop.crk_op = CRK_DH_GENERATE_KEY;
34 if (bn2crparam(dh->p, &kop.crk_param[0]))
35 goto sw_try;
36- if (bn2crparam(dh->q, &kop.crk_param[1]))
37+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
38 goto sw_try;
39 kop.crk_param[2].crp_p = g;
40 kop.crk_param[2].crp_nbits = g_len * 8;
41--
421.8.3.1
43
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
new file mode 100644
index 00000000..c20f9d71
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch
@@ -0,0 +1,53 @@
1From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 24 Apr 2014 00:35:34 +0545
4Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen
5
6Upstream-status: Pending
7
8DSA Keygen is not handled in default openssl dsa method. Due to
9same null function pointer in SW DSA method, the backoff for dsa
10keygen gives segmentation fault.
11
12Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
13Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
14---
15 crypto/engine/eng_cryptodev.c | 12 ++++++++----
16 1 file changed, 8 insertions(+), 4 deletions(-)
17
18diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
19index 6d69336..dab8fea 100644
20--- a/crypto/engine/eng_cryptodev.c
21+++ b/crypto/engine/eng_cryptodev.c
22@@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
23 return ret;
24 sw_try:
25 {
26- const DSA_METHOD *meth = DSA_OpenSSL();
27- ret = (meth->dsa_keygen)(dsa);
28+ const DSA_METHOD *meth = dsa->meth;
29+ dsa->meth = DSA_OpenSSL();
30+ ret = DSA_generate_key(dsa);
31+ dsa->meth = meth;
32 }
33 return ret;
34 }
35@@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
36 return ret;
37 sw_try:
38 {
39- const DSA_METHOD *meth = DSA_OpenSSL();
40+ const DSA_METHOD *meth = dsa->meth;
41
42+ dsa->meth = DSA_OpenSSL();
43 if (kop)
44 free(kop);
45- ret = (meth->dsa_keygen)(dsa);
46+ ret = DSA_generate_key(dsa);
47+ dsa->meth = meth;
48 cookie->pkc_callback(cookie, 0);
49 }
50 return ret;
51--
521.8.3.1
53
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 00000000..abcc2efc
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
1From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 1 May 2014 06:35:45 +0545
4Subject: [PATCH 16/17] Fixed DH keygen pair generator
5
6Upstream-status: Pending
7
8Wrong Padding results into keygen length error
9
10Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
11Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
12---
13 crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
14 1 file changed, 33 insertions(+), 17 deletions(-)
15
16diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
17index dab8fea..13d924f 100644
18--- a/crypto/engine/eng_cryptodev.c
19+++ b/crypto/engine/eng_cryptodev.c
20@@ -3396,44 +3396,60 @@ sw_try:
21 static int cryptodev_dh_keygen(DH *dh)
22 {
23 struct crypt_kop kop;
24- int ret = 1, g_len;
25- unsigned char *g = NULL;
26+ int ret = 1, q_len = 0;
27+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
28+ BIGNUM *pub_key = NULL, *priv_key = NULL;
29+ int generate_new_key = 1;
30
31- if (dh->priv_key == NULL) {
32- if ((dh->priv_key=BN_new()) == NULL)
33- goto sw_try;
34- }
35+ if (dh->priv_key)
36+ priv_key = dh->priv_key;
37
38- if (dh->pub_key == NULL) {
39- if ((dh->pub_key=BN_new()) == NULL)
40- goto sw_try;
41- }
42+ if (dh->pub_key)
43+ pub_key = dh->pub_key;
44
45- g_len = BN_num_bytes(dh->p);
46+ q_len = BN_num_bytes(dh->p);
47 /**
48 * Get generator into a plain buffer. If length is less than
49 * q_len then add leading padding bytes.
50 */
51- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
52+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
53+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
54+ goto sw_try;
55+ }
56+
57+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
58 DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
59 goto sw_try;
60 }
61
62 memset(&kop, 0, sizeof kop);
63 kop.crk_op = CRK_DH_GENERATE_KEY;
64- if (bn2crparam(dh->p, &kop.crk_param[0]))
65- goto sw_try;
66+ kop.crk_param[0].crp_p = q;
67+ kop.crk_param[0].crp_nbits = q_len * 8;
68 if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
69 goto sw_try;
70 kop.crk_param[2].crp_p = g;
71- kop.crk_param[2].crp_nbits = g_len * 8;
72+ kop.crk_param[2].crp_nbits = q_len * 8;
73 kop.crk_iparams = 3;
74
75+ s = OPENSSL_malloc (q_len);
76+ if (!s) {
77+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
78+ goto sw_try;
79+ }
80+
81+ w = OPENSSL_malloc (q_len);
82+ if (!w) {
83+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
84+ goto sw_try;
85+ }
86+
87 /* pub_key is or prime length while priv key is of length of order */
88- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
89- BN_num_bytes(dh->q), dh->priv_key))
90+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
91 goto sw_try;
92
93+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
94+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
95 return ret;
96 sw_try:
97 {
98--
991.8.3.1
100
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
new file mode 100644
index 00000000..a71bb456
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
@@ -0,0 +1,309 @@
1From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 16 Jun 2014 14:06:21 +0300
4Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading
5
6Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168
7Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
8Reviewed-on: http://git.am.freescale.net:8181/17226
9---
10 apps/speed.c | 6 +-
11 crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++-
12 2 files changed, 233 insertions(+), 2 deletions(-)
13
14diff --git a/apps/speed.c b/apps/speed.c
15index 9886ca3..099dede 100644
16--- a/apps/speed.c
17+++ b/apps/speed.c
18@@ -224,7 +224,11 @@
19 #endif
20
21 #undef BUFSIZE
22-#define BUFSIZE ((long)1024*8+1)
23+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
24+ avoids buffer overflows from cryptodev since Linux kernel GCM
25+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
26+ which doesn't */
27+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
28 int run=0;
29
30 static int mr=0;
31diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
32index 13d924f..4493490 100644
33--- a/crypto/engine/eng_cryptodev.c
34+++ b/crypto/engine/eng_cryptodev.c
35@@ -78,8 +78,10 @@ struct dev_crypto_state {
36 struct session_op d_sess;
37 int d_fd;
38 unsigned char *aad;
39- unsigned int aad_len;
40+ int aad_len;
41 unsigned int len;
42+ unsigned char *iv;
43+ int ivlen;
44
45 #ifdef USE_CRYPTODEV_DIGESTS
46 char dummy_mac_key[HASH_MAX_LEN];
47@@ -251,6 +253,7 @@ static struct {
48 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0},
49 { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20},
50 { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20},
51+ { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0},
52 { 0, NID_undef, 0, 0, 0},
53 };
54
55@@ -271,6 +274,19 @@ static struct {
56 };
57 #endif
58
59+/* increment counter (64-bit int) by 1 */
60+static void ctr64_inc(unsigned char *counter) {
61+ int n=8;
62+ unsigned char c;
63+
64+ do {
65+ --n;
66+ c = counter[n];
67+ ++c;
68+ counter[n] = c;
69+ if (c) return;
70+ } while (n);
71+}
72 /*
73 * Return a fd if /dev/crypto seems usable, 0 otherwise.
74 */
75@@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
76 }
77 }
78
79+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
80+ const unsigned char *key, const unsigned char *iv, int enc)
81+{
82+ struct dev_crypto_state *state = ctx->cipher_data;
83+ struct session_op *sess = &state->d_sess;
84+ int cipher = -1, i;
85+ if (!iv && !key)
86+ return 1;
87+
88+ if (iv)
89+ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
90+
91+ for (i = 0; ciphers[i].id; i++)
92+ if (ctx->cipher->nid == ciphers[i].nid &&
93+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
94+ ctx->key_len == ciphers[i].keylen) {
95+ cipher = ciphers[i].id;
96+ break;
97+ }
98+
99+ if (!ciphers[i].id) {
100+ state->d_fd = -1;
101+ return 0;
102+ }
103+
104+ memset(sess, 0, sizeof(struct session_op));
105+
106+ if ((state->d_fd = get_dev_crypto()) < 0)
107+ return 0;
108+
109+ sess->key = (unsigned char *) key;
110+ sess->keylen = ctx->key_len;
111+ sess->cipher = cipher;
112+
113+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
114+ put_dev_crypto(state->d_fd);
115+ state->d_fd = -1;
116+ return 0;
117+ }
118+ return 1;
119+}
120+
121+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
122+ const unsigned char *in, size_t len)
123+{
124+ struct crypt_auth_op cryp = {0};
125+ struct dev_crypto_state *state = ctx->cipher_data;
126+ struct session_op *sess = &state->d_sess;
127+ int rv = len;
128+
129+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
130+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
131+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
132+ return 0;
133+
134+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
135+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
136+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
137+
138+ if (ctx->encrypt) {
139+ len -= EVP_GCM_TLS_TAG_LEN;
140+ }
141+ cryp.ses = sess->ses;
142+ cryp.len = len;
143+ cryp.src = (unsigned char*) in;
144+ cryp.dst = out;
145+ cryp.auth_src = state->aad;
146+ cryp.auth_len = state->aad_len;
147+ cryp.iv = ctx->iv;
148+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
149+
150+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
151+ return 0;
152+ }
153+
154+ if (ctx->encrypt)
155+ ctr64_inc(state->iv + state->ivlen - 8);
156+ else
157+ rv = len - EVP_GCM_TLS_TAG_LEN;
158+
159+ return rv;
160+}
161+
162+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
163+ const unsigned char *in, size_t len)
164+{
165+ struct crypt_auth_op cryp;
166+ struct dev_crypto_state *state = ctx->cipher_data;
167+ struct session_op *sess = &state->d_sess;
168+
169+ if (state->d_fd < 0)
170+ return 0;
171+
172+ if ((len % ctx->cipher->block_size) != 0)
173+ return 0;
174+
175+ if (state->aad_len >= 0)
176+ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
177+
178+ memset(&cryp, 0, sizeof(cryp));
179+
180+ cryp.ses = sess->ses;
181+ cryp.len = len;
182+ cryp.src = (unsigned char*) in;
183+ cryp.dst = out;
184+ cryp.auth_src = NULL;
185+ cryp.auth_len = 0;
186+ cryp.iv = ctx->iv;
187+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
188+
189+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
190+ return 0;
191+ }
192+
193+ return len;
194+}
195+
196+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
197+ void *ptr)
198+{
199+ struct dev_crypto_state *state = ctx->cipher_data;
200+ switch (type) {
201+ case EVP_CTRL_INIT:
202+ {
203+ state->ivlen = ctx->cipher->iv_len;
204+ state->iv = ctx->iv;
205+ state->aad_len = -1;
206+ return 1;
207+ }
208+ case EVP_CTRL_GCM_SET_IV_FIXED:
209+ {
210+ /* Special case: -1 length restores whole IV */
211+ if (arg == -1)
212+ {
213+ memcpy(state->iv, ptr, state->ivlen);
214+ return 1;
215+ }
216+ /* Fixed field must be at least 4 bytes and invocation field
217+ * at least 8.
218+ */
219+ if ((arg < 4) || (state->ivlen - arg) < 8)
220+ return 0;
221+ if (arg)
222+ memcpy(state->iv, ptr, arg);
223+ if (ctx->encrypt &&
224+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
225+ return 0;
226+ return 1;
227+ }
228+ case EVP_CTRL_AEAD_TLS1_AAD:
229+ {
230+ unsigned int len;
231+ if (arg != 13)
232+ return 0;
233+
234+ memcpy(ctx->buf, ptr, arg);
235+ len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1];
236+
237+ /* Correct length for explicit IV */
238+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
239+
240+ /* If decrypting correct for tag too */
241+ if (!ctx->encrypt)
242+ len -= EVP_GCM_TLS_TAG_LEN;
243+
244+ ctx->buf[arg-2] = len >> 8;
245+ ctx->buf[arg-1] = len & 0xff;
246+
247+ state->aad = ctx->buf;
248+ state->aad_len = arg;
249+ state->len = len;
250+
251+ /* Extra padding: tag appended to record */
252+ return EVP_GCM_TLS_TAG_LEN;
253+ }
254+ case EVP_CTRL_GCM_SET_IV_INV:
255+ {
256+ if (ctx->encrypt)
257+ return 0;
258+ memcpy(state->iv + state->ivlen - arg, ptr, arg);
259+ return 1;
260+ }
261+ case EVP_CTRL_GCM_IV_GEN:
262+ if (arg <= 0 || arg > state->ivlen)
263+ arg = state->ivlen;
264+ memcpy(ptr, state->iv + state->ivlen - arg, arg);
265+ return 1;
266+ default:
267+ return -1;
268+ }
269+}
270 /*
271 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
272 * gets called when libcrypto requests a cipher NID.
273@@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
274 cryptodev_cbc_hmac_sha1_ctrl,
275 NULL
276 };
277+
278+const EVP_CIPHER cryptodev_aes_128_gcm = {
279+ NID_aes_128_gcm,
280+ 1, 16, 12,
281+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
282+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
283+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
284+ cryptodev_init_gcm_key,
285+ cryptodev_gcm_cipher,
286+ cryptodev_cleanup,
287+ sizeof(struct dev_crypto_state),
288+ EVP_CIPHER_set_asn1_iv,
289+ EVP_CIPHER_get_asn1_iv,
290+ cryptodev_gcm_ctrl,
291+ NULL
292+};
293+
294 /*
295 * Registered by the ENGINE when used to find out how to deal with
296 * a particular NID in the ENGINE. this says what we'll do at the
297@@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
298 case NID_aes_256_cbc_hmac_sha1:
299 *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
300 break;
301+ case NID_aes_128_gcm:
302+ *cipher = &cryptodev_aes_128_gcm;
303+ break;
304 default:
305 *cipher = NULL;
306 break;
307--
3081.8.3.1
309
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc b/meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc
new file mode 100644
index 00000000..ee02fb79
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl.inc
@@ -0,0 +1,173 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7# "openssl | SSLeay" dual license
8LICENSE = "openssl"
9LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
10
11DEPENDS = "perl-native-runtime"
12
13SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
14 "
15S = "${WORKDIR}/openssl-${PV}"
16
17PACKAGECONFIG[perl] = ",,,"
18
19AR_append = " r"
20# Avoid binaries being marked as requiring an executable stack since it
21# doesn't(which causes and this causes issues with SELinux
22CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
23 -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
24
25# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
26CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
27CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
28
29export DIRS = "crypto ssl apps"
30export EX_LIBS = "-lgcc -ldl"
31export AS = "${CC} -c"
32
33inherit pkgconfig siteinfo multilib_header
34
35PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
36FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
37FILES_libssl = "${libdir}/libssl.so.*"
38FILES_${PN} =+ " ${libdir}/ssl/*"
39FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
40RDEPENDS_${PN}-misc = "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
41FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
42
43# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
44# package RRECOMMENDS on this package. This will enable the configuration
45# file to be installed for both the base openssl package and the libcrypto
46# package since the base openssl package depends on the libcrypto package.
47FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
48CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
49RRECOMMENDS_libcrypto += "openssl-conf"
50
51do_configure_prepend_darwin () {
52 sed -i -e '/version-script=openssl\.ld/d' Configure
53}
54
55do_configure () {
56 cd util
57 perl perlpath.pl ${STAGING_BINDIR_NATIVE}
58 cd ..
59 ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
60
61 os=${HOST_OS}
62 if [ "x$os" = "xlinux-uclibc" ]; then
63 os=linux
64 elif [ "x$os" = "xlinux-uclibceabi" ]; then
65 os=linux
66 elif [ "x$os" = "xlinux-uclibcspe" ]; then
67 os=linux
68 elif [ "x$os" = "xlinux-gnuspe" ]; then
69 os=linux
70 elif [ "x$os" = "xlinux-gnueabi" ]; then
71 os=linux
72 fi
73 target="$os-${HOST_ARCH}"
74 case $target in
75 linux-arm)
76 target=linux-armv4
77 ;;
78 linux-armeb)
79 target=linux-elf-armeb
80 ;;
81 linux-aarch64*)
82 target=linux-generic64
83 ;;
84 linux-sh3)
85 target=debian-sh3
86 ;;
87 linux-sh4)
88 target=debian-sh4
89 ;;
90 linux-i486)
91 target=debian-i386-i486
92 ;;
93 linux-i586 | linux-viac3)
94 target=debian-i386-i586
95 ;;
96 linux-i686)
97 target=debian-i386-i686/cmov
98 ;;
99 linux-gnux32-x86_64)
100 target=linux-x32
101 ;;
102 linux-gnu64-x86_64)
103 target=linux-x86_64
104 ;;
105 linux-mips)
106 target=debian-mips
107 ;;
108 linux-mipsel)
109 target=debian-mipsel
110 ;;
111 linux-*-mips64)
112 target=linux-mips
113 ;;
114 linux-powerpc)
115 target=linux-ppc
116 ;;
117 linux-powerpc64)
118 target=linux-ppc64
119 ;;
120 linux-supersparc)
121 target=linux-sparcv8
122 ;;
123 linux-sparc)
124 target=linux-sparcv8
125 ;;
126 darwin-i386)
127 target=darwin-i386-cc
128 ;;
129 esac
130 # inject machine-specific flags
131 sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
132 useprefix=${prefix}
133 if [ "x$useprefix" = "x" ]; then
134 useprefix=/
135 fi
136 perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
137}
138
139do_compile () {
140 oe_runmake
141}
142
143do_install () {
144 oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
145
146 oe_libinstall -so libcrypto ${D}${libdir}
147 oe_libinstall -so libssl ${D}${libdir}
148
149 # Moving libcrypto to /lib
150 if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
151 mkdir -p ${D}/${base_libdir}/
152 mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
153 sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
154 fi
155
156 install -d ${D}${includedir}
157 cp --dereference -R include/openssl ${D}${includedir}
158
159 oe_multilib_header openssl/opensslconf.h
160 if [ "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
161 install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
162 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
163 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
164 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
165 # The c_rehash utility isn't installed by the normal installation process.
166 else
167 rm -f ${D}${bindir}/c_rehash
168 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
169 fi
170}
171
172BBCLASSEXTEND = "native nativesdk"
173
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch
new file mode 100644
index 00000000..c1f3d087
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/configure-targets.patch
@@ -0,0 +1,34 @@
1Upstream-Status: Inappropriate [embedded specific]
2
3The number of colons are important :)
4
5
6---
7 Configure | 16 ++++++++++++++++
8 1 file changed, 16 insertions(+)
9
10--- a/Configure
11+++ b/Configure
12@@ -403,6 +403,22 @@ my %table=(
13 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
14 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
15
16+ # Linux on ARM
17+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
18+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
19+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
20+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
21+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
22+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
23+
24+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
25+
26+#### Linux on MIPS/MIPS64
27+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
28+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
29+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
30+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
31+
32 # Android: linux-* but without -DTERMIO and pointers to headers and libs.
33 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
34 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
new file mode 100644
index 00000000..ac1b19b9
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -0,0 +1,45 @@
1Upstream-Status: Backport [debian]
2
3From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
4From: Ludwig Nussel <ludwig.nussel@suse.de>
5Date: Wed, 21 Apr 2010 15:52:10 +0200
6Subject: [PATCH] also create old hash for compatibility
7
8---
9 tools/c_rehash.in | 8 +++++++-
10 1 files changed, 7 insertions(+), 1 deletions(-)
11
12Index: openssl-1.0.0d/tools/c_rehash.in
13===================================================================
14--- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
15+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000
16@@ -86,6 +86,7 @@
17 }
18 }
19 link_hash_cert($fname) if($cert);
20+ link_hash_cert_old($fname) if($cert);
21 link_hash_crl($fname) if($crl);
22 }
23 }
24@@ -119,8 +120,9 @@
25
26 sub link_hash_cert {
27 my $fname = $_[0];
28+ my $hashopt = $_[1] || '-subject_hash';
29 $fname =~ s/'/'\\''/g;
30- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
31+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
32 chomp $hash;
33 chomp $fprint;
34 $fprint =~ s/^.*=//;
35@@ -150,6 +152,10 @@
36 $hashlist{$hash} = $fprint;
37 }
38
39+sub link_hash_cert_old {
40+ link_hash_cert($_[0], '-subject_hash_old');
41+}
42+
43 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
44
45 sub link_hash_crl {
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch
new file mode 100644
index 00000000..aba4d429
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -0,0 +1,22 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-0.9.8m/apps/CA.pl.in
4===================================================================
5--- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
6+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
7@@ -65,6 +65,7 @@
8 foreach (@ARGV) {
9 if ( /^(-\?|-h|-help)$/ ) {
10 print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
11+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
12 exit 0;
13 } elsif (/^-newcert$/) {
14 # create a certificate
15@@ -165,6 +166,7 @@
16 } else {
17 print STDERR "Unknown arg $_\n";
18 print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
19+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
20 exit 1;
21 }
22 }
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
new file mode 100644
index 00000000..8101edf0
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
@@ -0,0 +1,66 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.1/Configure
4===================================================================
5--- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000
6+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000
7@@ -105,6 +105,10 @@
8
9 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
10
11+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
12+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
13+$debian_cflags =~ s/\n/ /g;
14+
15 my $strict_warnings = 0;
16
17 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
18@@ -338,6 +342,48 @@
19 "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
20 "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
21
22+# Debian GNU/* (various architectures)
23+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
24+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
25+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
26+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
27+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
28+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
29+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
30+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
31+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
32+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
33+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
34+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
35+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
36+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
37+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
38+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
39+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
40+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
41+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
42+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
43+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
44+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
45+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
46+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
47+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
48+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
49+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
50+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
51+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
52+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
53+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
54+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
55+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
56+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
57+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
58+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
59+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
60+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
61+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
62+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
63+
64 ####
65 #### Variety of LINUX:-)
66 ####
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch
new file mode 100644
index 00000000..ee0a62c3
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/make-targets.patch
@@ -0,0 +1,15 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.1/Makefile.org
4===================================================================
5--- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000
6+++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000
7@@ -135,7 +135,7 @@
8
9 BASEADDR=
10
11-DIRS= crypto ssl engines apps test tools
12+DIRS= crypto ssl engines apps tools
13 ENGDIRS= ccgost
14 SHLIBDIRS= crypto ssl
15
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch
new file mode 100644
index 00000000..4085e3b1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-dir.patch
@@ -0,0 +1,15 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.0c/Makefile.org
4===================================================================
5--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100
6+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
7@@ -131,7 +131,7 @@
8
9 MAKEFILE= Makefile
10
11-MANDIR=$(OPENSSLDIR)/man
12+MANDIR=/usr/share/man
13 MAN1=1
14 MAN3=3
15 MANSUFFIX=
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch
new file mode 100644
index 00000000..21c1d1a4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/man-section.patch
@@ -0,0 +1,34 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.0c/Makefile.org
4===================================================================
5--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100
6+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
7@@ -160,7 +160,8 @@
8 MANDIR=/usr/share/man
9 MAN1=1
10 MAN3=3
11-MANSUFFIX=
12+MANSUFFIX=ssl
13+MANSECTION=SSL
14 HTMLSUFFIX=html
15 HTMLDIR=$(OPENSSLDIR)/html
16 SHELL=/bin/sh
17@@ -651,7 +652,7 @@
18 echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
19 (cd `$(PERL) util/dirname.pl $$i`; \
20 sh -c "$$pod2man \
21- --section=$$sec --center=OpenSSL \
22+ --section=$${sec}$(MANSECTION) --center=OpenSSL \
23 --release=$(VERSION) `basename $$i`") \
24 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
25 $(PERL) util/extract-names.pl < $$i | \
26@@ -668,7 +669,7 @@
27 echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
28 (cd `$(PERL) util/dirname.pl $$i`; \
29 sh -c "$$pod2man \
30- --section=$$sec --center=OpenSSL \
31+ --section=$${sec}$(MANSECTION) --center=OpenSSL \
32 --release=$(VERSION) `basename $$i`") \
33 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
34 $(PERL) util/extract-names.pl < $$i | \
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
new file mode 100644
index 00000000..1ccb3b86
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
@@ -0,0 +1,15 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.0c/Makefile.shared
4===================================================================
5--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
6+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
7@@ -153,7 +153,7 @@
8 NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
9 SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
10
11-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
12+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
13
14 #This is rather special. It's a special target with which one can link
15 #applications without bothering with any features that have anything to
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
new file mode 100644
index 00000000..cc4408ab
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
@@ -0,0 +1,15 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.0c/Makefile.shared
4===================================================================
5--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
6+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100
7@@ -151,7 +151,7 @@
8 SHLIB_SUFFIX=; \
9 ALLSYMSFLAGS='-Wl,--whole-archive'; \
10 NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
11- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
12+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
13
14 DO_GNU_APP=LDFLAGS="$(CFLAGS)"
15
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch
new file mode 100644
index 00000000..bfda3888
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/pic.patch
@@ -0,0 +1,177 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
4===================================================================
5--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200
6+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200
7@@ -16,6 +16,11 @@
8
9 &push("edi");
10
11+ &call (&label("pic_point0"));
12+ &set_label("pic_point0");
13+ &blindpop("ebp");
14+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
15+
16 &comment("");
17 &comment("Load the data words");
18 &mov($L,&DWP(0,"ebx","",0));
19@@ -47,15 +52,21 @@
20 &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
21 &mov(&swtmp(1), "eax");
22 &mov(&swtmp(0), "ebx");
23- &call("DES_encrypt2");
24+ &exch("ebx", "ebp");
25+ &call("DES_encrypt2\@PLT");
26+ &exch("ebx", "ebp");
27 &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
28 &mov(&swtmp(1), "edi");
29 &mov(&swtmp(0), "ebx");
30- &call("DES_encrypt2");
31+ &exch("ebx", "ebp");
32+ &call("DES_encrypt2\@PLT");
33+ &exch("ebx", "ebp");
34 &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
35 &mov(&swtmp(1), "esi");
36 &mov(&swtmp(0), "ebx");
37- &call("DES_encrypt2");
38+ &exch("ebx", "ebp");
39+ &call("DES_encrypt2\@PLT");
40+ &exch("ebx", "ebp");
41
42 &stack_pop(3);
43 &mov($L,&DWP(0,"ebx","",0));
44Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
45===================================================================
46--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200
47+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200
48@@ -122,7 +122,11 @@
49 &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
50 &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
51
52- &call($enc_func);
53+ &call (&label("pic_point0"));
54+ &set_label("pic_point0");
55+ &blindpop("ebx");
56+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
57+ &call("$enc_func\@PLT");
58
59 &mov("eax", &DWP($data_off,"esp","",0));
60 &mov("ebx", &DWP($data_off+4,"esp","",0));
61@@ -185,7 +189,11 @@
62 &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
63 &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
64
65- &call($enc_func);
66+ &call (&label("pic_point1"));
67+ &set_label("pic_point1");
68+ &blindpop("ebx");
69+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
70+ &call("$enc_func\@PLT");
71
72 &mov("eax", &DWP($data_off,"esp","",0));
73 &mov("ebx", &DWP($data_off+4,"esp","",0));
74@@ -218,7 +226,11 @@
75 &mov(&DWP($data_off,"esp","",0), "eax"); # put back
76 &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
77
78- &call($dec_func);
79+ &call (&label("pic_point2"));
80+ &set_label("pic_point2");
81+ &blindpop("ebx");
82+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
83+ &call("$dec_func\@PLT");
84
85 &mov("eax", &DWP($data_off,"esp","",0)); # get return
86 &mov("ebx", &DWP($data_off+4,"esp","",0)); #
87@@ -261,7 +273,11 @@
88 &mov(&DWP($data_off,"esp","",0), "eax"); # put back
89 &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
90
91- &call($dec_func);
92+ &call (&label("pic_point3"));
93+ &set_label("pic_point3");
94+ &blindpop("ebx");
95+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
96+ &call("$dec_func\@PLT");
97
98 &mov("eax", &DWP($data_off,"esp","",0)); # get return
99 &mov("ebx", &DWP($data_off+4,"esp","",0)); #
100Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
101===================================================================
102--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100
103+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200
104@@ -161,6 +161,7 @@
105 if ($::macosx) { push (@out,"$tmp,2\n"); }
106 elsif ($::elf) { push (@out,"$tmp,4\n"); }
107 else { push (@out,"$tmp\n"); }
108+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
109 }
110 push(@out,$initseg) if ($initseg);
111 }
112@@ -218,8 +219,23 @@
113 elsif ($::elf)
114 { $initseg.=<<___;
115 .section .init
116+___
117+ if ($::pic)
118+ { $initseg.=<<___;
119+ pushl %ebx
120+ call .pic_point0
121+.pic_point0:
122+ popl %ebx
123+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
124+ call $f\@PLT
125+ popl %ebx
126+___
127+ }
128+ else
129+ { $initseg.=<<___;
130 call $f
131 ___
132+ }
133 }
134 elsif ($::coff)
135 { $initseg.=<<___; # applies to both Cygwin and Mingw
136Index: openssl-1.0.1c/crypto/x86cpuid.pl
137===================================================================
138--- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100
139+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200
140@@ -8,6 +8,8 @@
141
142 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
143
144+push(@out, ".hidden OPENSSL_ia32cap_P\n");
145+
146 &function_begin("OPENSSL_ia32_cpuid");
147 &xor ("edx","edx");
148 &pushf ();
149@@ -139,9 +141,7 @@
150 &set_label("nocpuid");
151 &function_end("OPENSSL_ia32_cpuid");
152
153-&external_label("OPENSSL_ia32cap_P");
154-
155-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
156+&function_begin_B("OPENSSL_rdtsc");
157 &xor ("eax","eax");
158 &xor ("edx","edx");
159 &picmeup("ecx","OPENSSL_ia32cap_P");
160@@ -155,7 +155,7 @@
161 # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
162 # but it's safe to call it on any [supported] 32-bit platform...
163 # Just check for [non-]zero return value...
164-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
165+&function_begin_B("OPENSSL_instrument_halt");
166 &picmeup("ecx","OPENSSL_ia32cap_P");
167 &bt (&DWP(0,"ecx"),4);
168 &jnc (&label("nohalt")); # no TSC
169@@ -222,7 +222,7 @@
170 &ret ();
171 &function_end_B("OPENSSL_far_spin");
172
173-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
174+&function_begin_B("OPENSSL_wipe_cpu");
175 &xor ("eax","eax");
176 &xor ("edx","edx");
177 &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch
new file mode 100644
index 00000000..ece8b9b4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -0,0 +1,4670 @@
1Upstream-Status: Backport [debian]
2
3Index: openssl-1.0.1d/Configure
4===================================================================
5--- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100
6+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100
7@@ -1621,6 +1621,8 @@
8 }
9 }
10
11+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
12+
13 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
14 unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
15 open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
16Index: openssl-1.0.1d/openssl.ld
17===================================================================
18--- /dev/null 1970-01-01 00:00:00.000000000 +0000
19+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100
20@@ -0,0 +1,4620 @@
21+OPENSSL_1.0.0 {
22+ global:
23+ BIO_f_ssl;
24+ BIO_new_buffer_ssl_connect;
25+ BIO_new_ssl;
26+ BIO_new_ssl_connect;
27+ BIO_proxy_ssl_copy_session_id;
28+ BIO_ssl_copy_session_id;
29+ BIO_ssl_shutdown;
30+ d2i_SSL_SESSION;
31+ DTLSv1_client_method;
32+ DTLSv1_method;
33+ DTLSv1_server_method;
34+ ERR_load_SSL_strings;
35+ i2d_SSL_SESSION;
36+ kssl_build_principal_2;
37+ kssl_cget_tkt;
38+ kssl_check_authent;
39+ kssl_ctx_free;
40+ kssl_ctx_new;
41+ kssl_ctx_setkey;
42+ kssl_ctx_setprinc;
43+ kssl_ctx_setstring;
44+ kssl_ctx_show;
45+ kssl_err_set;
46+ kssl_krb5_free_data_contents;
47+ kssl_sget_tkt;
48+ kssl_skip_confound;
49+ kssl_validate_times;
50+ PEM_read_bio_SSL_SESSION;
51+ PEM_read_SSL_SESSION;
52+ PEM_write_bio_SSL_SESSION;
53+ PEM_write_SSL_SESSION;
54+ SSL_accept;
55+ SSL_add_client_CA;
56+ SSL_add_dir_cert_subjects_to_stack;
57+ SSL_add_dir_cert_subjs_to_stk;
58+ SSL_add_file_cert_subjects_to_stack;
59+ SSL_add_file_cert_subjs_to_stk;
60+ SSL_alert_desc_string;
61+ SSL_alert_desc_string_long;
62+ SSL_alert_type_string;
63+ SSL_alert_type_string_long;
64+ SSL_callback_ctrl;
65+ SSL_check_private_key;
66+ SSL_CIPHER_description;
67+ SSL_CIPHER_get_bits;
68+ SSL_CIPHER_get_name;
69+ SSL_CIPHER_get_version;
70+ SSL_clear;
71+ SSL_COMP_add_compression_method;
72+ SSL_COMP_get_compression_methods;
73+ SSL_COMP_get_compress_methods;
74+ SSL_COMP_get_name;
75+ SSL_connect;
76+ SSL_copy_session_id;
77+ SSL_ctrl;
78+ SSL_CTX_add_client_CA;
79+ SSL_CTX_add_session;
80+ SSL_CTX_callback_ctrl;
81+ SSL_CTX_check_private_key;
82+ SSL_CTX_ctrl;
83+ SSL_CTX_flush_sessions;
84+ SSL_CTX_free;
85+ SSL_CTX_get_cert_store;
86+ SSL_CTX_get_client_CA_list;
87+ SSL_CTX_get_client_cert_cb;
88+ SSL_CTX_get_ex_data;
89+ SSL_CTX_get_ex_new_index;
90+ SSL_CTX_get_info_callback;
91+ SSL_CTX_get_quiet_shutdown;
92+ SSL_CTX_get_timeout;
93+ SSL_CTX_get_verify_callback;
94+ SSL_CTX_get_verify_depth;
95+ SSL_CTX_get_verify_mode;
96+ SSL_CTX_load_verify_locations;
97+ SSL_CTX_new;
98+ SSL_CTX_remove_session;
99+ SSL_CTX_sess_get_get_cb;
100+ SSL_CTX_sess_get_new_cb;
101+ SSL_CTX_sess_get_remove_cb;
102+ SSL_CTX_sessions;
103+ SSL_CTX_sess_set_get_cb;
104+ SSL_CTX_sess_set_new_cb;
105+ SSL_CTX_sess_set_remove_cb;
106+ SSL_CTX_set1_param;
107+ SSL_CTX_set_cert_store;
108+ SSL_CTX_set_cert_verify_callback;
109+ SSL_CTX_set_cert_verify_cb;
110+ SSL_CTX_set_cipher_list;
111+ SSL_CTX_set_client_CA_list;
112+ SSL_CTX_set_client_cert_cb;
113+ SSL_CTX_set_client_cert_engine;
114+ SSL_CTX_set_cookie_generate_cb;
115+ SSL_CTX_set_cookie_verify_cb;
116+ SSL_CTX_set_default_passwd_cb;
117+ SSL_CTX_set_default_passwd_cb_userdata;
118+ SSL_CTX_set_default_verify_paths;
119+ SSL_CTX_set_def_passwd_cb_ud;
120+ SSL_CTX_set_def_verify_paths;
121+ SSL_CTX_set_ex_data;
122+ SSL_CTX_set_generate_session_id;
123+ SSL_CTX_set_info_callback;
124+ SSL_CTX_set_msg_callback;
125+ SSL_CTX_set_psk_client_callback;
126+ SSL_CTX_set_psk_server_callback;
127+ SSL_CTX_set_purpose;
128+ SSL_CTX_set_quiet_shutdown;
129+ SSL_CTX_set_session_id_context;
130+ SSL_CTX_set_ssl_version;
131+ SSL_CTX_set_timeout;
132+ SSL_CTX_set_tmp_dh_callback;
133+ SSL_CTX_set_tmp_ecdh_callback;
134+ SSL_CTX_set_tmp_rsa_callback;
135+ SSL_CTX_set_trust;
136+ SSL_CTX_set_verify;
137+ SSL_CTX_set_verify_depth;
138+ SSL_CTX_use_cert_chain_file;
139+ SSL_CTX_use_certificate;
140+ SSL_CTX_use_certificate_ASN1;
141+ SSL_CTX_use_certificate_chain_file;
142+ SSL_CTX_use_certificate_file;
143+ SSL_CTX_use_PrivateKey;
144+ SSL_CTX_use_PrivateKey_ASN1;
145+ SSL_CTX_use_PrivateKey_file;
146+ SSL_CTX_use_psk_identity_hint;
147+ SSL_CTX_use_RSAPrivateKey;
148+ SSL_CTX_use_RSAPrivateKey_ASN1;
149+ SSL_CTX_use_RSAPrivateKey_file;
150+ SSL_do_handshake;
151+ SSL_dup;
152+ SSL_dup_CA_list;
153+ SSLeay_add_ssl_algorithms;
154+ SSL_free;
155+ SSL_get1_session;
156+ SSL_get_certificate;
157+ SSL_get_cipher_list;
158+ SSL_get_ciphers;
159+ SSL_get_client_CA_list;
160+ SSL_get_current_cipher;
161+ SSL_get_current_compression;
162+ SSL_get_current_expansion;
163+ SSL_get_default_timeout;
164+ SSL_get_error;
165+ SSL_get_ex_data;
166+ SSL_get_ex_data_X509_STORE_CTX_idx;
167+ SSL_get_ex_d_X509_STORE_CTX_idx;
168+ SSL_get_ex_new_index;
169+ SSL_get_fd;
170+ SSL_get_finished;
171+ SSL_get_info_callback;
172+ SSL_get_peer_cert_chain;
173+ SSL_get_peer_certificate;
174+ SSL_get_peer_finished;
175+ SSL_get_privatekey;
176+ SSL_get_psk_identity;
177+ SSL_get_psk_identity_hint;
178+ SSL_get_quiet_shutdown;
179+ SSL_get_rbio;
180+ SSL_get_read_ahead;
181+ SSL_get_rfd;
182+ SSL_get_servername;
183+ SSL_get_servername_type;
184+ SSL_get_session;
185+ SSL_get_shared_ciphers;
186+ SSL_get_shutdown;
187+ SSL_get_SSL_CTX;
188+ SSL_get_ssl_method;
189+ SSL_get_verify_callback;
190+ SSL_get_verify_depth;
191+ SSL_get_verify_mode;
192+ SSL_get_verify_result;
193+ SSL_get_version;
194+ SSL_get_wbio;
195+ SSL_get_wfd;
196+ SSL_has_matching_session_id;
197+ SSL_library_init;
198+ SSL_load_client_CA_file;
199+ SSL_load_error_strings;
200+ SSL_new;
201+ SSL_peek;
202+ SSL_pending;
203+ SSL_read;
204+ SSL_renegotiate;
205+ SSL_renegotiate_pending;
206+ SSL_rstate_string;
207+ SSL_rstate_string_long;
208+ SSL_SESSION_cmp;
209+ SSL_SESSION_free;
210+ SSL_SESSION_get_ex_data;
211+ SSL_SESSION_get_ex_new_index;
212+ SSL_SESSION_get_id;
213+ SSL_SESSION_get_time;
214+ SSL_SESSION_get_timeout;
215+ SSL_SESSION_hash;
216+ SSL_SESSION_new;
217+ SSL_SESSION_print;
218+ SSL_SESSION_print_fp;
219+ SSL_SESSION_set_ex_data;
220+ SSL_SESSION_set_time;
221+ SSL_SESSION_set_timeout;
222+ SSL_set1_param;
223+ SSL_set_accept_state;
224+ SSL_set_bio;
225+ SSL_set_cipher_list;
226+ SSL_set_client_CA_list;
227+ SSL_set_connect_state;
228+ SSL_set_ex_data;
229+ SSL_set_fd;
230+ SSL_set_generate_session_id;
231+ SSL_set_info_callback;
232+ SSL_set_msg_callback;
233+ SSL_set_psk_client_callback;
234+ SSL_set_psk_server_callback;
235+ SSL_set_purpose;
236+ SSL_set_quiet_shutdown;
237+ SSL_set_read_ahead;
238+ SSL_set_rfd;
239+ SSL_set_session;
240+ SSL_set_session_id_context;
241+ SSL_set_session_secret_cb;
242+ SSL_set_session_ticket_ext;
243+ SSL_set_session_ticket_ext_cb;
244+ SSL_set_shutdown;
245+ SSL_set_SSL_CTX;
246+ SSL_set_ssl_method;
247+ SSL_set_tmp_dh_callback;
248+ SSL_set_tmp_ecdh_callback;
249+ SSL_set_tmp_rsa_callback;
250+ SSL_set_trust;
251+ SSL_set_verify;
252+ SSL_set_verify_depth;
253+ SSL_set_verify_result;
254+ SSL_set_wfd;
255+ SSL_shutdown;
256+ SSL_state;
257+ SSL_state_string;
258+ SSL_state_string_long;
259+ SSL_use_certificate;
260+ SSL_use_certificate_ASN1;
261+ SSL_use_certificate_file;
262+ SSL_use_PrivateKey;
263+ SSL_use_PrivateKey_ASN1;
264+ SSL_use_PrivateKey_file;
265+ SSL_use_psk_identity_hint;
266+ SSL_use_RSAPrivateKey;
267+ SSL_use_RSAPrivateKey_ASN1;
268+ SSL_use_RSAPrivateKey_file;
269+ SSLv23_client_method;
270+ SSLv23_method;
271+ SSLv23_server_method;
272+ SSLv2_client_method;
273+ SSLv2_method;
274+ SSLv2_server_method;
275+ SSLv3_client_method;
276+ SSLv3_method;
277+ SSLv3_server_method;
278+ SSL_version;
279+ SSL_want;
280+ SSL_write;
281+ TLSv1_client_method;
282+ TLSv1_method;
283+ TLSv1_server_method;
284+
285+
286+ SSLeay;
287+ SSLeay_version;
288+ ASN1_BIT_STRING_asn1_meth;
289+ ASN1_HEADER_free;
290+ ASN1_HEADER_new;
291+ ASN1_IA5STRING_asn1_meth;
292+ ASN1_INTEGER_get;
293+ ASN1_INTEGER_set;
294+ ASN1_INTEGER_to_BN;
295+ ASN1_OBJECT_create;
296+ ASN1_OBJECT_free;
297+ ASN1_OBJECT_new;
298+ ASN1_PRINTABLE_type;
299+ ASN1_STRING_cmp;
300+ ASN1_STRING_dup;
301+ ASN1_STRING_free;
302+ ASN1_STRING_new;
303+ ASN1_STRING_print;
304+ ASN1_STRING_set;
305+ ASN1_STRING_type_new;
306+ ASN1_TYPE_free;
307+ ASN1_TYPE_new;
308+ ASN1_UNIVERSALSTRING_to_string;
309+ ASN1_UTCTIME_check;
310+ ASN1_UTCTIME_print;
311+ ASN1_UTCTIME_set;
312+ ASN1_check_infinite_end;
313+ ASN1_d2i_bio;
314+ ASN1_d2i_fp;
315+ ASN1_digest;
316+ ASN1_dup;
317+ ASN1_get_object;
318+ ASN1_i2d_bio;
319+ ASN1_i2d_fp;
320+ ASN1_object_size;
321+ ASN1_parse;
322+ ASN1_put_object;
323+ ASN1_sign;
324+ ASN1_verify;
325+ BF_cbc_encrypt;
326+ BF_cfb64_encrypt;
327+ BF_ecb_encrypt;
328+ BF_encrypt;
329+ BF_ofb64_encrypt;
330+ BF_options;
331+ BF_set_key;
332+ BIO_CONNECT_free;
333+ BIO_CONNECT_new;
334+ BIO_accept;
335+ BIO_ctrl;
336+ BIO_int_ctrl;
337+ BIO_debug_callback;
338+ BIO_dump;
339+ BIO_dup_chain;
340+ BIO_f_base64;
341+ BIO_f_buffer;
342+ BIO_f_cipher;
343+ BIO_f_md;
344+ BIO_f_null;
345+ BIO_f_proxy_server;
346+ BIO_fd_non_fatal_error;
347+ BIO_fd_should_retry;
348+ BIO_find_type;
349+ BIO_free;
350+ BIO_free_all;
351+ BIO_get_accept_socket;
352+ BIO_get_filter_bio;
353+ BIO_get_host_ip;
354+ BIO_get_port;
355+ BIO_get_retry_BIO;
356+ BIO_get_retry_reason;
357+ BIO_gethostbyname;
358+ BIO_gets;
359+ BIO_new;
360+ BIO_new_accept;
361+ BIO_new_connect;
362+ BIO_new_fd;
363+ BIO_new_file;
364+ BIO_new_fp;
365+ BIO_new_socket;
366+ BIO_pop;
367+ BIO_printf;
368+ BIO_push;
369+ BIO_puts;
370+ BIO_read;
371+ BIO_s_accept;
372+ BIO_s_connect;
373+ BIO_s_fd;
374+ BIO_s_file;
375+ BIO_s_mem;
376+ BIO_s_null;
377+ BIO_s_proxy_client;
378+ BIO_s_socket;
379+ BIO_set;
380+ BIO_set_cipher;
381+ BIO_set_tcp_ndelay;
382+ BIO_sock_cleanup;
383+ BIO_sock_error;
384+ BIO_sock_init;
385+ BIO_sock_non_fatal_error;
386+ BIO_sock_should_retry;
387+ BIO_socket_ioctl;
388+ BIO_write;
389+ BN_CTX_free;
390+ BN_CTX_new;
391+ BN_MONT_CTX_free;
392+ BN_MONT_CTX_new;
393+ BN_MONT_CTX_set;
394+ BN_add;
395+ BN_add_word;
396+ BN_hex2bn;
397+ BN_bin2bn;
398+ BN_bn2hex;
399+ BN_bn2bin;
400+ BN_clear;
401+ BN_clear_bit;
402+ BN_clear_free;
403+ BN_cmp;
404+ BN_copy;
405+ BN_div;
406+ BN_div_word;
407+ BN_dup;
408+ BN_free;
409+ BN_from_montgomery;
410+ BN_gcd;
411+ BN_generate_prime;
412+ BN_get_word;
413+ BN_is_bit_set;
414+ BN_is_prime;
415+ BN_lshift;
416+ BN_lshift1;
417+ BN_mask_bits;
418+ BN_mod;
419+ BN_mod_exp;
420+ BN_mod_exp_mont;
421+ BN_mod_exp_simple;
422+ BN_mod_inverse;
423+ BN_mod_mul;
424+ BN_mod_mul_montgomery;
425+ BN_mod_word;
426+ BN_mul;
427+ BN_new;
428+ BN_num_bits;
429+ BN_num_bits_word;
430+ BN_options;
431+ BN_print;
432+ BN_print_fp;
433+ BN_rand;
434+ BN_reciprocal;
435+ BN_rshift;
436+ BN_rshift1;
437+ BN_set_bit;
438+ BN_set_word;
439+ BN_sqr;
440+ BN_sub;
441+ BN_to_ASN1_INTEGER;
442+ BN_ucmp;
443+ BN_value_one;
444+ BUF_MEM_free;
445+ BUF_MEM_grow;
446+ BUF_MEM_new;
447+ BUF_strdup;
448+ CONF_free;
449+ CONF_get_number;
450+ CONF_get_section;
451+ CONF_get_string;
452+ CONF_load;
453+ CRYPTO_add_lock;
454+ CRYPTO_dbg_free;
455+ CRYPTO_dbg_malloc;
456+ CRYPTO_dbg_realloc;
457+ CRYPTO_dbg_remalloc;
458+ CRYPTO_free;
459+ CRYPTO_get_add_lock_callback;
460+ CRYPTO_get_id_callback;
461+ CRYPTO_get_lock_name;
462+ CRYPTO_get_locking_callback;
463+ CRYPTO_get_mem_functions;
464+ CRYPTO_lock;
465+ CRYPTO_malloc;
466+ CRYPTO_mem_ctrl;
467+ CRYPTO_mem_leaks;
468+ CRYPTO_mem_leaks_cb;
469+ CRYPTO_mem_leaks_fp;
470+ CRYPTO_realloc;
471+ CRYPTO_remalloc;
472+ CRYPTO_set_add_lock_callback;
473+ CRYPTO_set_id_callback;
474+ CRYPTO_set_locking_callback;
475+ CRYPTO_set_mem_functions;
476+ CRYPTO_thread_id;
477+ DH_check;
478+ DH_compute_key;
479+ DH_free;
480+ DH_generate_key;
481+ DH_generate_parameters;
482+ DH_new;
483+ DH_size;
484+ DHparams_print;
485+ DHparams_print_fp;
486+ DSA_free;
487+ DSA_generate_key;
488+ DSA_generate_parameters;
489+ DSA_is_prime;
490+ DSA_new;
491+ DSA_print;
492+ DSA_print_fp;
493+ DSA_sign;
494+ DSA_sign_setup;
495+ DSA_size;
496+ DSA_verify;
497+ DSAparams_print;
498+ DSAparams_print_fp;
499+ ERR_clear_error;
500+ ERR_error_string;
501+ ERR_free_strings;
502+ ERR_func_error_string;
503+ ERR_get_err_state_table;
504+ ERR_get_error;
505+ ERR_get_error_line;
506+ ERR_get_state;
507+ ERR_get_string_table;
508+ ERR_lib_error_string;
509+ ERR_load_ASN1_strings;
510+ ERR_load_BIO_strings;
511+ ERR_load_BN_strings;
512+ ERR_load_BUF_strings;
513+ ERR_load_CONF_strings;
514+ ERR_load_DH_strings;
515+ ERR_load_DSA_strings;
516+ ERR_load_ERR_strings;
517+ ERR_load_EVP_strings;
518+ ERR_load_OBJ_strings;
519+ ERR_load_PEM_strings;
520+ ERR_load_PROXY_strings;
521+ ERR_load_RSA_strings;
522+ ERR_load_X509_strings;
523+ ERR_load_crypto_strings;
524+ ERR_load_strings;
525+ ERR_peek_error;
526+ ERR_peek_error_line;
527+ ERR_print_errors;
528+ ERR_print_errors_fp;
529+ ERR_put_error;
530+ ERR_reason_error_string;
531+ ERR_remove_state;
532+ EVP_BytesToKey;
533+ EVP_CIPHER_CTX_cleanup;
534+ EVP_CipherFinal;
535+ EVP_CipherInit;
536+ EVP_CipherUpdate;
537+ EVP_DecodeBlock;
538+ EVP_DecodeFinal;
539+ EVP_DecodeInit;
540+ EVP_DecodeUpdate;
541+ EVP_DecryptFinal;
542+ EVP_DecryptInit;
543+ EVP_DecryptUpdate;
544+ EVP_DigestFinal;
545+ EVP_DigestInit;
546+ EVP_DigestUpdate;
547+ EVP_EncodeBlock;
548+ EVP_EncodeFinal;
549+ EVP_EncodeInit;
550+ EVP_EncodeUpdate;
551+ EVP_EncryptFinal;
552+ EVP_EncryptInit;
553+ EVP_EncryptUpdate;
554+ EVP_OpenFinal;
555+ EVP_OpenInit;
556+ EVP_PKEY_assign;
557+ EVP_PKEY_copy_parameters;
558+ EVP_PKEY_free;
559+ EVP_PKEY_missing_parameters;
560+ EVP_PKEY_new;
561+ EVP_PKEY_save_parameters;
562+ EVP_PKEY_size;
563+ EVP_PKEY_type;
564+ EVP_SealFinal;
565+ EVP_SealInit;
566+ EVP_SignFinal;
567+ EVP_VerifyFinal;
568+ EVP_add_alias;
569+ EVP_add_cipher;
570+ EVP_add_digest;
571+ EVP_bf_cbc;
572+ EVP_bf_cfb64;
573+ EVP_bf_ecb;
574+ EVP_bf_ofb;
575+ EVP_cleanup;
576+ EVP_des_cbc;
577+ EVP_des_cfb64;
578+ EVP_des_ecb;
579+ EVP_des_ede;
580+ EVP_des_ede3;
581+ EVP_des_ede3_cbc;
582+ EVP_des_ede3_cfb64;
583+ EVP_des_ede3_ofb;
584+ EVP_des_ede_cbc;
585+ EVP_des_ede_cfb64;
586+ EVP_des_ede_ofb;
587+ EVP_des_ofb;
588+ EVP_desx_cbc;
589+ EVP_dss;
590+ EVP_dss1;
591+ EVP_enc_null;
592+ EVP_get_cipherbyname;
593+ EVP_get_digestbyname;
594+ EVP_get_pw_prompt;
595+ EVP_idea_cbc;
596+ EVP_idea_cfb64;
597+ EVP_idea_ecb;
598+ EVP_idea_ofb;
599+ EVP_md2;
600+ EVP_md5;
601+ EVP_md_null;
602+ EVP_rc2_cbc;
603+ EVP_rc2_cfb64;
604+ EVP_rc2_ecb;
605+ EVP_rc2_ofb;
606+ EVP_rc4;
607+ EVP_read_pw_string;
608+ EVP_set_pw_prompt;
609+ EVP_sha;
610+ EVP_sha1;
611+ MD2;
612+ MD2_Final;
613+ MD2_Init;
614+ MD2_Update;
615+ MD2_options;
616+ MD5;
617+ MD5_Final;
618+ MD5_Init;
619+ MD5_Update;
620+ MDC2;
621+ MDC2_Final;
622+ MDC2_Init;
623+ MDC2_Update;
624+ NETSCAPE_SPKAC_free;
625+ NETSCAPE_SPKAC_new;
626+ NETSCAPE_SPKI_free;
627+ NETSCAPE_SPKI_new;
628+ NETSCAPE_SPKI_sign;
629+ NETSCAPE_SPKI_verify;
630+ OBJ_add_object;
631+ OBJ_bsearch;
632+ OBJ_cleanup;
633+ OBJ_cmp;
634+ OBJ_create;
635+ OBJ_dup;
636+ OBJ_ln2nid;
637+ OBJ_new_nid;
638+ OBJ_nid2ln;
639+ OBJ_nid2obj;
640+ OBJ_nid2sn;
641+ OBJ_obj2nid;
642+ OBJ_sn2nid;
643+ OBJ_txt2nid;
644+ PEM_ASN1_read;
645+ PEM_ASN1_read_bio;
646+ PEM_ASN1_write;
647+ PEM_ASN1_write_bio;
648+ PEM_SealFinal;
649+ PEM_SealInit;
650+ PEM_SealUpdate;
651+ PEM_SignFinal;
652+ PEM_SignInit;
653+ PEM_SignUpdate;
654+ PEM_X509_INFO_read;
655+ PEM_X509_INFO_read_bio;
656+ PEM_X509_INFO_write_bio;
657+ PEM_dek_info;
658+ PEM_do_header;
659+ PEM_get_EVP_CIPHER_INFO;
660+ PEM_proc_type;
661+ PEM_read;
662+ PEM_read_DHparams;
663+ PEM_read_DSAPrivateKey;
664+ PEM_read_DSAparams;
665+ PEM_read_PKCS7;
666+ PEM_read_PrivateKey;
667+ PEM_read_RSAPrivateKey;
668+ PEM_read_X509;
669+ PEM_read_X509_CRL;
670+ PEM_read_X509_REQ;
671+ PEM_read_bio;
672+ PEM_read_bio_DHparams;
673+ PEM_read_bio_DSAPrivateKey;
674+ PEM_read_bio_DSAparams;
675+ PEM_read_bio_PKCS7;
676+ PEM_read_bio_PrivateKey;
677+ PEM_read_bio_RSAPrivateKey;
678+ PEM_read_bio_X509;
679+ PEM_read_bio_X509_CRL;
680+ PEM_read_bio_X509_REQ;
681+ PEM_write;
682+ PEM_write_DHparams;
683+ PEM_write_DSAPrivateKey;
684+ PEM_write_DSAparams;
685+ PEM_write_PKCS7;
686+ PEM_write_PrivateKey;
687+ PEM_write_RSAPrivateKey;
688+ PEM_write_X509;
689+ PEM_write_X509_CRL;
690+ PEM_write_X509_REQ;
691+ PEM_write_bio;
692+ PEM_write_bio_DHparams;
693+ PEM_write_bio_DSAPrivateKey;
694+ PEM_write_bio_DSAparams;
695+ PEM_write_bio_PKCS7;
696+ PEM_write_bio_PrivateKey;
697+ PEM_write_bio_RSAPrivateKey;
698+ PEM_write_bio_X509;
699+ PEM_write_bio_X509_CRL;
700+ PEM_write_bio_X509_REQ;
701+ PKCS7_DIGEST_free;
702+ PKCS7_DIGEST_new;
703+ PKCS7_ENCRYPT_free;
704+ PKCS7_ENCRYPT_new;
705+ PKCS7_ENC_CONTENT_free;
706+ PKCS7_ENC_CONTENT_new;
707+ PKCS7_ENVELOPE_free;
708+ PKCS7_ENVELOPE_new;
709+ PKCS7_ISSUER_AND_SERIAL_digest;
710+ PKCS7_ISSUER_AND_SERIAL_free;
711+ PKCS7_ISSUER_AND_SERIAL_new;
712+ PKCS7_RECIP_INFO_free;
713+ PKCS7_RECIP_INFO_new;
714+ PKCS7_SIGNED_free;
715+ PKCS7_SIGNED_new;
716+ PKCS7_SIGNER_INFO_free;
717+ PKCS7_SIGNER_INFO_new;
718+ PKCS7_SIGN_ENVELOPE_free;
719+ PKCS7_SIGN_ENVELOPE_new;
720+ PKCS7_dup;
721+ PKCS7_free;
722+ PKCS7_new;
723+ PROXY_ENTRY_add_noproxy;
724+ PROXY_ENTRY_clear_noproxy;
725+ PROXY_ENTRY_free;
726+ PROXY_ENTRY_get_noproxy;
727+ PROXY_ENTRY_new;
728+ PROXY_ENTRY_set_server;
729+ PROXY_add_noproxy;
730+ PROXY_add_server;
731+ PROXY_check_by_host;
732+ PROXY_check_url;
733+ PROXY_clear_noproxy;
734+ PROXY_free;
735+ PROXY_get_noproxy;
736+ PROXY_get_proxies;
737+ PROXY_get_proxy_entry;
738+ PROXY_load_conf;
739+ PROXY_new;
740+ PROXY_print;
741+ RAND_bytes;
742+ RAND_cleanup;
743+ RAND_file_name;
744+ RAND_load_file;
745+ RAND_screen;
746+ RAND_seed;
747+ RAND_write_file;
748+ RC2_cbc_encrypt;
749+ RC2_cfb64_encrypt;
750+ RC2_ecb_encrypt;
751+ RC2_encrypt;
752+ RC2_ofb64_encrypt;
753+ RC2_set_key;
754+ RC4;
755+ RC4_options;
756+ RC4_set_key;
757+ RSAPrivateKey_asn1_meth;
758+ RSAPrivateKey_dup;
759+ RSAPublicKey_dup;
760+ RSA_PKCS1_SSLeay;
761+ RSA_free;
762+ RSA_generate_key;
763+ RSA_new;
764+ RSA_new_method;
765+ RSA_print;
766+ RSA_print_fp;
767+ RSA_private_decrypt;
768+ RSA_private_encrypt;
769+ RSA_public_decrypt;
770+ RSA_public_encrypt;
771+ RSA_set_default_method;
772+ RSA_sign;
773+ RSA_sign_ASN1_OCTET_STRING;
774+ RSA_size;
775+ RSA_verify;
776+ RSA_verify_ASN1_OCTET_STRING;
777+ SHA;
778+ SHA1;
779+ SHA1_Final;
780+ SHA1_Init;
781+ SHA1_Update;
782+ SHA_Final;
783+ SHA_Init;
784+ SHA_Update;
785+ OpenSSL_add_all_algorithms;
786+ OpenSSL_add_all_ciphers;
787+ OpenSSL_add_all_digests;
788+ TXT_DB_create_index;
789+ TXT_DB_free;
790+ TXT_DB_get_by_index;
791+ TXT_DB_insert;
792+ TXT_DB_read;
793+ TXT_DB_write;
794+ X509_ALGOR_free;
795+ X509_ALGOR_new;
796+ X509_ATTRIBUTE_free;
797+ X509_ATTRIBUTE_new;
798+ X509_CINF_free;
799+ X509_CINF_new;
800+ X509_CRL_INFO_free;
801+ X509_CRL_INFO_new;
802+ X509_CRL_add_ext;
803+ X509_CRL_cmp;
804+ X509_CRL_delete_ext;
805+ X509_CRL_dup;
806+ X509_CRL_free;
807+ X509_CRL_get_ext;
808+ X509_CRL_get_ext_by_NID;
809+ X509_CRL_get_ext_by_OBJ;
810+ X509_CRL_get_ext_by_critical;
811+ X509_CRL_get_ext_count;
812+ X509_CRL_new;
813+ X509_CRL_sign;
814+ X509_CRL_verify;
815+ X509_EXTENSION_create_by_NID;
816+ X509_EXTENSION_create_by_OBJ;
817+ X509_EXTENSION_dup;
818+ X509_EXTENSION_free;
819+ X509_EXTENSION_get_critical;
820+ X509_EXTENSION_get_data;
821+ X509_EXTENSION_get_object;
822+ X509_EXTENSION_new;
823+ X509_EXTENSION_set_critical;
824+ X509_EXTENSION_set_data;
825+ X509_EXTENSION_set_object;
826+ X509_INFO_free;
827+ X509_INFO_new;
828+ X509_LOOKUP_by_alias;
829+ X509_LOOKUP_by_fingerprint;
830+ X509_LOOKUP_by_issuer_serial;
831+ X509_LOOKUP_by_subject;
832+ X509_LOOKUP_ctrl;
833+ X509_LOOKUP_file;
834+ X509_LOOKUP_free;
835+ X509_LOOKUP_hash_dir;
836+ X509_LOOKUP_init;
837+ X509_LOOKUP_new;
838+ X509_LOOKUP_shutdown;
839+ X509_NAME_ENTRY_create_by_NID;
840+ X509_NAME_ENTRY_create_by_OBJ;
841+ X509_NAME_ENTRY_dup;
842+ X509_NAME_ENTRY_free;
843+ X509_NAME_ENTRY_get_data;
844+ X509_NAME_ENTRY_get_object;
845+ X509_NAME_ENTRY_new;
846+ X509_NAME_ENTRY_set_data;
847+ X509_NAME_ENTRY_set_object;
848+ X509_NAME_add_entry;
849+ X509_NAME_cmp;
850+ X509_NAME_delete_entry;
851+ X509_NAME_digest;
852+ X509_NAME_dup;
853+ X509_NAME_entry_count;
854+ X509_NAME_free;
855+ X509_NAME_get_entry;
856+ X509_NAME_get_index_by_NID;
857+ X509_NAME_get_index_by_OBJ;
858+ X509_NAME_get_text_by_NID;
859+ X509_NAME_get_text_by_OBJ;
860+ X509_NAME_hash;
861+ X509_NAME_new;
862+ X509_NAME_oneline;
863+ X509_NAME_print;
864+ X509_NAME_set;
865+ X509_OBJECT_free_contents;
866+ X509_OBJECT_retrieve_by_subject;
867+ X509_OBJECT_up_ref_count;
868+ X509_PKEY_free;
869+ X509_PKEY_new;
870+ X509_PUBKEY_free;
871+ X509_PUBKEY_get;
872+ X509_PUBKEY_new;
873+ X509_PUBKEY_set;
874+ X509_REQ_INFO_free;
875+ X509_REQ_INFO_new;
876+ X509_REQ_dup;
877+ X509_REQ_free;
878+ X509_REQ_get_pubkey;
879+ X509_REQ_new;
880+ X509_REQ_print;
881+ X509_REQ_print_fp;
882+ X509_REQ_set_pubkey;
883+ X509_REQ_set_subject_name;
884+ X509_REQ_set_version;
885+ X509_REQ_sign;
886+ X509_REQ_to_X509;
887+ X509_REQ_verify;
888+ X509_REVOKED_add_ext;
889+ X509_REVOKED_delete_ext;
890+ X509_REVOKED_free;
891+ X509_REVOKED_get_ext;
892+ X509_REVOKED_get_ext_by_NID;
893+ X509_REVOKED_get_ext_by_OBJ;
894+ X509_REVOKED_get_ext_by_critical;
895+ X509_REVOKED_get_ext_by_critic;
896+ X509_REVOKED_get_ext_count;
897+ X509_REVOKED_new;
898+ X509_SIG_free;
899+ X509_SIG_new;
900+ X509_STORE_CTX_cleanup;
901+ X509_STORE_CTX_init;
902+ X509_STORE_add_cert;
903+ X509_STORE_add_lookup;
904+ X509_STORE_free;
905+ X509_STORE_get_by_subject;
906+ X509_STORE_load_locations;
907+ X509_STORE_new;
908+ X509_STORE_set_default_paths;
909+ X509_VAL_free;
910+ X509_VAL_new;
911+ X509_add_ext;
912+ X509_asn1_meth;
913+ X509_certificate_type;
914+ X509_check_private_key;
915+ X509_cmp_current_time;
916+ X509_delete_ext;
917+ X509_digest;
918+ X509_dup;
919+ X509_free;
920+ X509_get_default_cert_area;
921+ X509_get_default_cert_dir;
922+ X509_get_default_cert_dir_env;
923+ X509_get_default_cert_file;
924+ X509_get_default_cert_file_env;
925+ X509_get_default_private_dir;
926+ X509_get_ext;
927+ X509_get_ext_by_NID;
928+ X509_get_ext_by_OBJ;
929+ X509_get_ext_by_critical;
930+ X509_get_ext_count;
931+ X509_get_issuer_name;
932+ X509_get_pubkey;
933+ X509_get_pubkey_parameters;
934+ X509_get_serialNumber;
935+ X509_get_subject_name;
936+ X509_gmtime_adj;
937+ X509_issuer_and_serial_cmp;
938+ X509_issuer_and_serial_hash;
939+ X509_issuer_name_cmp;
940+ X509_issuer_name_hash;
941+ X509_load_cert_file;
942+ X509_new;
943+ X509_print;
944+ X509_print_fp;
945+ X509_set_issuer_name;
946+ X509_set_notAfter;
947+ X509_set_notBefore;
948+ X509_set_pubkey;
949+ X509_set_serialNumber;
950+ X509_set_subject_name;
951+ X509_set_version;
952+ X509_sign;
953+ X509_subject_name_cmp;
954+ X509_subject_name_hash;
955+ X509_to_X509_REQ;
956+ X509_verify;
957+ X509_verify_cert;
958+ X509_verify_cert_error_string;
959+ X509v3_add_ext;
960+ X509v3_add_extension;
961+ X509v3_add_netscape_extensions;
962+ X509v3_add_standard_extensions;
963+ X509v3_cleanup_extensions;
964+ X509v3_data_type_by_NID;
965+ X509v3_data_type_by_OBJ;
966+ X509v3_delete_ext;
967+ X509v3_get_ext;
968+ X509v3_get_ext_by_NID;
969+ X509v3_get_ext_by_OBJ;
970+ X509v3_get_ext_by_critical;
971+ X509v3_get_ext_count;
972+ X509v3_pack_string;
973+ X509v3_pack_type_by_NID;
974+ X509v3_pack_type_by_OBJ;
975+ X509v3_unpack_string;
976+ _des_crypt;
977+ a2d_ASN1_OBJECT;
978+ a2i_ASN1_INTEGER;
979+ a2i_ASN1_STRING;
980+ asn1_Finish;
981+ asn1_GetSequence;
982+ bn_div_words;
983+ bn_expand2;
984+ bn_mul_add_words;
985+ bn_mul_words;
986+ BN_uadd;
987+ BN_usub;
988+ bn_sqr_words;
989+ _ossl_old_crypt;
990+ d2i_ASN1_BIT_STRING;
991+ d2i_ASN1_BOOLEAN;
992+ d2i_ASN1_HEADER;
993+ d2i_ASN1_IA5STRING;
994+ d2i_ASN1_INTEGER;
995+ d2i_ASN1_OBJECT;
996+ d2i_ASN1_OCTET_STRING;
997+ d2i_ASN1_PRINTABLE;
998+ d2i_ASN1_PRINTABLESTRING;
999+ d2i_ASN1_SET;
1000+ d2i_ASN1_T61STRING;
1001+ d2i_ASN1_TYPE;
1002+ d2i_ASN1_UTCTIME;
1003+ d2i_ASN1_bytes;
1004+ d2i_ASN1_type_bytes;
1005+ d2i_DHparams;
1006+ d2i_DSAPrivateKey;
1007+ d2i_DSAPrivateKey_bio;
1008+ d2i_DSAPrivateKey_fp;
1009+ d2i_DSAPublicKey;
1010+ d2i_DSAparams;
1011+ d2i_NETSCAPE_SPKAC;
1012+ d2i_NETSCAPE_SPKI;
1013+ d2i_Netscape_RSA;
1014+ d2i_PKCS7;
1015+ d2i_PKCS7_DIGEST;
1016+ d2i_PKCS7_ENCRYPT;
1017+ d2i_PKCS7_ENC_CONTENT;
1018+ d2i_PKCS7_ENVELOPE;
1019+ d2i_PKCS7_ISSUER_AND_SERIAL;
1020+ d2i_PKCS7_RECIP_INFO;
1021+ d2i_PKCS7_SIGNED;
1022+ d2i_PKCS7_SIGNER_INFO;
1023+ d2i_PKCS7_SIGN_ENVELOPE;
1024+ d2i_PKCS7_bio;
1025+ d2i_PKCS7_fp;
1026+ d2i_PrivateKey;
1027+ d2i_PublicKey;
1028+ d2i_RSAPrivateKey;
1029+ d2i_RSAPrivateKey_bio;
1030+ d2i_RSAPrivateKey_fp;
1031+ d2i_RSAPublicKey;
1032+ d2i_X509;
1033+ d2i_X509_ALGOR;
1034+ d2i_X509_ATTRIBUTE;
1035+ d2i_X509_CINF;
1036+ d2i_X509_CRL;
1037+ d2i_X509_CRL_INFO;
1038+ d2i_X509_CRL_bio;
1039+ d2i_X509_CRL_fp;
1040+ d2i_X509_EXTENSION;
1041+ d2i_X509_NAME;
1042+ d2i_X509_NAME_ENTRY;
1043+ d2i_X509_PKEY;
1044+ d2i_X509_PUBKEY;
1045+ d2i_X509_REQ;
1046+ d2i_X509_REQ_INFO;
1047+ d2i_X509_REQ_bio;
1048+ d2i_X509_REQ_fp;
1049+ d2i_X509_REVOKED;
1050+ d2i_X509_SIG;
1051+ d2i_X509_VAL;
1052+ d2i_X509_bio;
1053+ d2i_X509_fp;
1054+ DES_cbc_cksum;
1055+ DES_cbc_encrypt;
1056+ DES_cblock_print_file;
1057+ DES_cfb64_encrypt;
1058+ DES_cfb_encrypt;
1059+ DES_decrypt3;
1060+ DES_ecb3_encrypt;
1061+ DES_ecb_encrypt;
1062+ DES_ede3_cbc_encrypt;
1063+ DES_ede3_cfb64_encrypt;
1064+ DES_ede3_ofb64_encrypt;
1065+ DES_enc_read;
1066+ DES_enc_write;
1067+ DES_encrypt1;
1068+ DES_encrypt2;
1069+ DES_encrypt3;
1070+ DES_fcrypt;
1071+ DES_is_weak_key;
1072+ DES_key_sched;
1073+ DES_ncbc_encrypt;
1074+ DES_ofb64_encrypt;
1075+ DES_ofb_encrypt;
1076+ DES_options;
1077+ DES_pcbc_encrypt;
1078+ DES_quad_cksum;
1079+ DES_random_key;
1080+ _ossl_old_des_random_seed;
1081+ _ossl_old_des_read_2passwords;
1082+ _ossl_old_des_read_password;
1083+ _ossl_old_des_read_pw;
1084+ _ossl_old_des_read_pw_string;
1085+ DES_set_key;
1086+ DES_set_odd_parity;
1087+ DES_string_to_2keys;
1088+ DES_string_to_key;
1089+ DES_xcbc_encrypt;
1090+ DES_xwhite_in2out;
1091+ fcrypt_body;
1092+ i2a_ASN1_INTEGER;
1093+ i2a_ASN1_OBJECT;
1094+ i2a_ASN1_STRING;
1095+ i2d_ASN1_BIT_STRING;
1096+ i2d_ASN1_BOOLEAN;
1097+ i2d_ASN1_HEADER;
1098+ i2d_ASN1_IA5STRING;
1099+ i2d_ASN1_INTEGER;
1100+ i2d_ASN1_OBJECT;
1101+ i2d_ASN1_OCTET_STRING;
1102+ i2d_ASN1_PRINTABLE;
1103+ i2d_ASN1_SET;
1104+ i2d_ASN1_TYPE;
1105+ i2d_ASN1_UTCTIME;
1106+ i2d_ASN1_bytes;
1107+ i2d_DHparams;
1108+ i2d_DSAPrivateKey;
1109+ i2d_DSAPrivateKey_bio;
1110+ i2d_DSAPrivateKey_fp;
1111+ i2d_DSAPublicKey;
1112+ i2d_DSAparams;
1113+ i2d_NETSCAPE_SPKAC;
1114+ i2d_NETSCAPE_SPKI;
1115+ i2d_Netscape_RSA;
1116+ i2d_PKCS7;
1117+ i2d_PKCS7_DIGEST;
1118+ i2d_PKCS7_ENCRYPT;
1119+ i2d_PKCS7_ENC_CONTENT;
1120+ i2d_PKCS7_ENVELOPE;
1121+ i2d_PKCS7_ISSUER_AND_SERIAL;
1122+ i2d_PKCS7_RECIP_INFO;
1123+ i2d_PKCS7_SIGNED;
1124+ i2d_PKCS7_SIGNER_INFO;
1125+ i2d_PKCS7_SIGN_ENVELOPE;
1126+ i2d_PKCS7_bio;
1127+ i2d_PKCS7_fp;
1128+ i2d_PrivateKey;
1129+ i2d_PublicKey;
1130+ i2d_RSAPrivateKey;
1131+ i2d_RSAPrivateKey_bio;
1132+ i2d_RSAPrivateKey_fp;
1133+ i2d_RSAPublicKey;
1134+ i2d_X509;
1135+ i2d_X509_ALGOR;
1136+ i2d_X509_ATTRIBUTE;
1137+ i2d_X509_CINF;
1138+ i2d_X509_CRL;
1139+ i2d_X509_CRL_INFO;
1140+ i2d_X509_CRL_bio;
1141+ i2d_X509_CRL_fp;
1142+ i2d_X509_EXTENSION;
1143+ i2d_X509_NAME;
1144+ i2d_X509_NAME_ENTRY;
1145+ i2d_X509_PKEY;
1146+ i2d_X509_PUBKEY;
1147+ i2d_X509_REQ;
1148+ i2d_X509_REQ_INFO;
1149+ i2d_X509_REQ_bio;
1150+ i2d_X509_REQ_fp;
1151+ i2d_X509_REVOKED;
1152+ i2d_X509_SIG;
1153+ i2d_X509_VAL;
1154+ i2d_X509_bio;
1155+ i2d_X509_fp;
1156+ idea_cbc_encrypt;
1157+ idea_cfb64_encrypt;
1158+ idea_ecb_encrypt;
1159+ idea_encrypt;
1160+ idea_ofb64_encrypt;
1161+ idea_options;
1162+ idea_set_decrypt_key;
1163+ idea_set_encrypt_key;
1164+ lh_delete;
1165+ lh_doall;
1166+ lh_doall_arg;
1167+ lh_free;
1168+ lh_insert;
1169+ lh_new;
1170+ lh_node_stats;
1171+ lh_node_stats_bio;
1172+ lh_node_usage_stats;
1173+ lh_node_usage_stats_bio;
1174+ lh_retrieve;
1175+ lh_stats;
1176+ lh_stats_bio;
1177+ lh_strhash;
1178+ sk_delete;
1179+ sk_delete_ptr;
1180+ sk_dup;
1181+ sk_find;
1182+ sk_free;
1183+ sk_insert;
1184+ sk_new;
1185+ sk_pop;
1186+ sk_pop_free;
1187+ sk_push;
1188+ sk_set_cmp_func;
1189+ sk_shift;
1190+ sk_unshift;
1191+ sk_zero;
1192+ BIO_f_nbio_test;
1193+ ASN1_TYPE_get;
1194+ ASN1_TYPE_set;
1195+ PKCS7_content_free;
1196+ ERR_load_PKCS7_strings;
1197+ X509_find_by_issuer_and_serial;
1198+ X509_find_by_subject;
1199+ PKCS7_ctrl;
1200+ PKCS7_set_type;
1201+ PKCS7_set_content;
1202+ PKCS7_SIGNER_INFO_set;
1203+ PKCS7_add_signer;
1204+ PKCS7_add_certificate;
1205+ PKCS7_add_crl;
1206+ PKCS7_content_new;
1207+ PKCS7_dataSign;
1208+ PKCS7_dataVerify;
1209+ PKCS7_dataInit;
1210+ PKCS7_add_signature;
1211+ PKCS7_cert_from_signer_info;
1212+ PKCS7_get_signer_info;
1213+ EVP_delete_alias;
1214+ EVP_mdc2;
1215+ PEM_read_bio_RSAPublicKey;
1216+ PEM_write_bio_RSAPublicKey;
1217+ d2i_RSAPublicKey_bio;
1218+ i2d_RSAPublicKey_bio;
1219+ PEM_read_RSAPublicKey;
1220+ PEM_write_RSAPublicKey;
1221+ d2i_RSAPublicKey_fp;
1222+ i2d_RSAPublicKey_fp;
1223+ BIO_copy_next_retry;
1224+ RSA_flags;
1225+ X509_STORE_add_crl;
1226+ X509_load_crl_file;
1227+ EVP_rc2_40_cbc;
1228+ EVP_rc4_40;
1229+ EVP_CIPHER_CTX_init;
1230+ HMAC;
1231+ HMAC_Init;
1232+ HMAC_Update;
1233+ HMAC_Final;
1234+ ERR_get_next_error_library;
1235+ EVP_PKEY_cmp_parameters;
1236+ HMAC_cleanup;
1237+ BIO_ptr_ctrl;
1238+ BIO_new_file_internal;
1239+ BIO_new_fp_internal;
1240+ BIO_s_file_internal;
1241+ BN_BLINDING_convert;
1242+ BN_BLINDING_invert;
1243+ BN_BLINDING_update;
1244+ RSA_blinding_on;
1245+ RSA_blinding_off;
1246+ i2t_ASN1_OBJECT;
1247+ BN_BLINDING_new;
1248+ BN_BLINDING_free;
1249+ EVP_cast5_cbc;
1250+ EVP_cast5_cfb64;
1251+ EVP_cast5_ecb;
1252+ EVP_cast5_ofb;
1253+ BF_decrypt;
1254+ CAST_set_key;
1255+ CAST_encrypt;
1256+ CAST_decrypt;
1257+ CAST_ecb_encrypt;
1258+ CAST_cbc_encrypt;
1259+ CAST_cfb64_encrypt;
1260+ CAST_ofb64_encrypt;
1261+ RC2_decrypt;
1262+ OBJ_create_objects;
1263+ BN_exp;
1264+ BN_mul_word;
1265+ BN_sub_word;
1266+ BN_dec2bn;
1267+ BN_bn2dec;
1268+ BIO_ghbn_ctrl;
1269+ CRYPTO_free_ex_data;
1270+ CRYPTO_get_ex_data;
1271+ CRYPTO_set_ex_data;
1272+ ERR_load_CRYPTO_strings;
1273+ ERR_load_CRYPTOlib_strings;
1274+ EVP_PKEY_bits;
1275+ MD5_Transform;
1276+ SHA1_Transform;
1277+ SHA_Transform;
1278+ X509_STORE_CTX_get_chain;
1279+ X509_STORE_CTX_get_current_cert;
1280+ X509_STORE_CTX_get_error;
1281+ X509_STORE_CTX_get_error_depth;
1282+ X509_STORE_CTX_get_ex_data;
1283+ X509_STORE_CTX_set_cert;
1284+ X509_STORE_CTX_set_chain;
1285+ X509_STORE_CTX_set_error;
1286+ X509_STORE_CTX_set_ex_data;
1287+ CRYPTO_dup_ex_data;
1288+ CRYPTO_get_new_lockid;
1289+ CRYPTO_new_ex_data;
1290+ RSA_set_ex_data;
1291+ RSA_get_ex_data;
1292+ RSA_get_ex_new_index;
1293+ RSA_padding_add_PKCS1_type_1;
1294+ RSA_padding_add_PKCS1_type_2;
1295+ RSA_padding_add_SSLv23;
1296+ RSA_padding_add_none;
1297+ RSA_padding_check_PKCS1_type_1;
1298+ RSA_padding_check_PKCS1_type_2;
1299+ RSA_padding_check_SSLv23;
1300+ RSA_padding_check_none;
1301+ bn_add_words;
1302+ d2i_Netscape_RSA_2;
1303+ CRYPTO_get_ex_new_index;
1304+ RIPEMD160_Init;
1305+ RIPEMD160_Update;
1306+ RIPEMD160_Final;
1307+ RIPEMD160;
1308+ RIPEMD160_Transform;
1309+ RC5_32_set_key;
1310+ RC5_32_ecb_encrypt;
1311+ RC5_32_encrypt;
1312+ RC5_32_decrypt;
1313+ RC5_32_cbc_encrypt;
1314+ RC5_32_cfb64_encrypt;
1315+ RC5_32_ofb64_encrypt;
1316+ BN_bn2mpi;
1317+ BN_mpi2bn;
1318+ ASN1_BIT_STRING_get_bit;
1319+ ASN1_BIT_STRING_set_bit;
1320+ BIO_get_ex_data;
1321+ BIO_get_ex_new_index;
1322+ BIO_set_ex_data;
1323+ X509v3_get_key_usage;
1324+ X509v3_set_key_usage;
1325+ a2i_X509v3_key_usage;
1326+ i2a_X509v3_key_usage;
1327+ EVP_PKEY_decrypt;
1328+ EVP_PKEY_encrypt;
1329+ PKCS7_RECIP_INFO_set;
1330+ PKCS7_add_recipient;
1331+ PKCS7_add_recipient_info;
1332+ PKCS7_set_cipher;
1333+ ASN1_TYPE_get_int_octetstring;
1334+ ASN1_TYPE_get_octetstring;
1335+ ASN1_TYPE_set_int_octetstring;
1336+ ASN1_TYPE_set_octetstring;
1337+ ASN1_UTCTIME_set_string;
1338+ ERR_add_error_data;
1339+ ERR_set_error_data;
1340+ EVP_CIPHER_asn1_to_param;
1341+ EVP_CIPHER_param_to_asn1;
1342+ EVP_CIPHER_get_asn1_iv;
1343+ EVP_CIPHER_set_asn1_iv;
1344+ EVP_rc5_32_12_16_cbc;
1345+ EVP_rc5_32_12_16_cfb64;
1346+ EVP_rc5_32_12_16_ecb;
1347+ EVP_rc5_32_12_16_ofb;
1348+ asn1_add_error;
1349+ d2i_ASN1_BMPSTRING;
1350+ i2d_ASN1_BMPSTRING;
1351+ BIO_f_ber;
1352+ BN_init;
1353+ COMP_CTX_new;
1354+ COMP_CTX_free;
1355+ COMP_CTX_compress_block;
1356+ COMP_CTX_expand_block;
1357+ X509_STORE_CTX_get_ex_new_index;
1358+ OBJ_NAME_add;
1359+ BIO_socket_nbio;
1360+ EVP_rc2_64_cbc;
1361+ OBJ_NAME_cleanup;
1362+ OBJ_NAME_get;
1363+ OBJ_NAME_init;
1364+ OBJ_NAME_new_index;
1365+ OBJ_NAME_remove;
1366+ BN_MONT_CTX_copy;
1367+ BIO_new_socks4a_connect;
1368+ BIO_s_socks4a_connect;
1369+ PROXY_set_connect_mode;
1370+ RAND_SSLeay;
1371+ RAND_set_rand_method;
1372+ RSA_memory_lock;
1373+ bn_sub_words;
1374+ bn_mul_normal;
1375+ bn_mul_comba8;
1376+ bn_mul_comba4;
1377+ bn_sqr_normal;
1378+ bn_sqr_comba8;
1379+ bn_sqr_comba4;
1380+ bn_cmp_words;
1381+ bn_mul_recursive;
1382+ bn_mul_part_recursive;
1383+ bn_sqr_recursive;
1384+ bn_mul_low_normal;
1385+ BN_RECP_CTX_init;
1386+ BN_RECP_CTX_new;
1387+ BN_RECP_CTX_free;
1388+ BN_RECP_CTX_set;
1389+ BN_mod_mul_reciprocal;
1390+ BN_mod_exp_recp;
1391+ BN_div_recp;
1392+ BN_CTX_init;
1393+ BN_MONT_CTX_init;
1394+ RAND_get_rand_method;
1395+ PKCS7_add_attribute;
1396+ PKCS7_add_signed_attribute;
1397+ PKCS7_digest_from_attributes;
1398+ PKCS7_get_attribute;
1399+ PKCS7_get_issuer_and_serial;
1400+ PKCS7_get_signed_attribute;
1401+ COMP_compress_block;
1402+ COMP_expand_block;
1403+ COMP_rle;
1404+ COMP_zlib;
1405+ ms_time_diff;
1406+ ms_time_new;
1407+ ms_time_free;
1408+ ms_time_cmp;
1409+ ms_time_get;
1410+ PKCS7_set_attributes;
1411+ PKCS7_set_signed_attributes;
1412+ X509_ATTRIBUTE_create;
1413+ X509_ATTRIBUTE_dup;
1414+ ASN1_GENERALIZEDTIME_check;
1415+ ASN1_GENERALIZEDTIME_print;
1416+ ASN1_GENERALIZEDTIME_set;
1417+ ASN1_GENERALIZEDTIME_set_string;
1418+ ASN1_TIME_print;
1419+ BASIC_CONSTRAINTS_free;
1420+ BASIC_CONSTRAINTS_new;
1421+ ERR_load_X509V3_strings;
1422+ NETSCAPE_CERT_SEQUENCE_free;
1423+ NETSCAPE_CERT_SEQUENCE_new;
1424+ OBJ_txt2obj;
1425+ PEM_read_NETSCAPE_CERT_SEQUENCE;
1426+ PEM_read_NS_CERT_SEQ;
1427+ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
1428+ PEM_read_bio_NS_CERT_SEQ;
1429+ PEM_write_NETSCAPE_CERT_SEQUENCE;
1430+ PEM_write_NS_CERT_SEQ;
1431+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
1432+ PEM_write_bio_NS_CERT_SEQ;
1433+ X509V3_EXT_add;
1434+ X509V3_EXT_add_alias;
1435+ X509V3_EXT_add_conf;
1436+ X509V3_EXT_cleanup;
1437+ X509V3_EXT_conf;
1438+ X509V3_EXT_conf_nid;
1439+ X509V3_EXT_get;
1440+ X509V3_EXT_get_nid;
1441+ X509V3_EXT_print;
1442+ X509V3_EXT_print_fp;
1443+ X509V3_add_standard_extensions;
1444+ X509V3_add_value;
1445+ X509V3_add_value_bool;
1446+ X509V3_add_value_int;
1447+ X509V3_conf_free;
1448+ X509V3_get_value_bool;
1449+ X509V3_get_value_int;
1450+ X509V3_parse_list;
1451+ d2i_ASN1_GENERALIZEDTIME;
1452+ d2i_ASN1_TIME;
1453+ d2i_BASIC_CONSTRAINTS;
1454+ d2i_NETSCAPE_CERT_SEQUENCE;
1455+ d2i_ext_ku;
1456+ ext_ku_free;
1457+ ext_ku_new;
1458+ i2d_ASN1_GENERALIZEDTIME;
1459+ i2d_ASN1_TIME;
1460+ i2d_BASIC_CONSTRAINTS;
1461+ i2d_NETSCAPE_CERT_SEQUENCE;
1462+ i2d_ext_ku;
1463+ EVP_MD_CTX_copy;
1464+ i2d_ASN1_ENUMERATED;
1465+ d2i_ASN1_ENUMERATED;
1466+ ASN1_ENUMERATED_set;
1467+ ASN1_ENUMERATED_get;
1468+ BN_to_ASN1_ENUMERATED;
1469+ ASN1_ENUMERATED_to_BN;
1470+ i2a_ASN1_ENUMERATED;
1471+ a2i_ASN1_ENUMERATED;
1472+ i2d_GENERAL_NAME;
1473+ d2i_GENERAL_NAME;
1474+ GENERAL_NAME_new;
1475+ GENERAL_NAME_free;
1476+ GENERAL_NAMES_new;
1477+ GENERAL_NAMES_free;
1478+ d2i_GENERAL_NAMES;
1479+ i2d_GENERAL_NAMES;
1480+ i2v_GENERAL_NAMES;
1481+ i2s_ASN1_OCTET_STRING;
1482+ s2i_ASN1_OCTET_STRING;
1483+ X509V3_EXT_check_conf;
1484+ hex_to_string;
1485+ string_to_hex;
1486+ DES_ede3_cbcm_encrypt;
1487+ RSA_padding_add_PKCS1_OAEP;
1488+ RSA_padding_check_PKCS1_OAEP;
1489+ X509_CRL_print_fp;
1490+ X509_CRL_print;
1491+ i2v_GENERAL_NAME;
1492+ v2i_GENERAL_NAME;
1493+ i2d_PKEY_USAGE_PERIOD;
1494+ d2i_PKEY_USAGE_PERIOD;
1495+ PKEY_USAGE_PERIOD_new;
1496+ PKEY_USAGE_PERIOD_free;
1497+ v2i_GENERAL_NAMES;
1498+ i2s_ASN1_INTEGER;
1499+ X509V3_EXT_d2i;
1500+ name_cmp;
1501+ str_dup;
1502+ i2s_ASN1_ENUMERATED;
1503+ i2s_ASN1_ENUMERATED_TABLE;
1504+ BIO_s_log;
1505+ BIO_f_reliable;
1506+ PKCS7_dataFinal;
1507+ PKCS7_dataDecode;
1508+ X509V3_EXT_CRL_add_conf;
1509+ BN_set_params;
1510+ BN_get_params;
1511+ BIO_get_ex_num;
1512+ BIO_set_ex_free_func;
1513+ EVP_ripemd160;
1514+ ASN1_TIME_set;
1515+ i2d_AUTHORITY_KEYID;
1516+ d2i_AUTHORITY_KEYID;
1517+ AUTHORITY_KEYID_new;
1518+ AUTHORITY_KEYID_free;
1519+ ASN1_seq_unpack;
1520+ ASN1_seq_pack;
1521+ ASN1_unpack_string;
1522+ ASN1_pack_string;
1523+ PKCS12_pack_safebag;
1524+ PKCS12_MAKE_KEYBAG;
1525+ PKCS8_encrypt;
1526+ PKCS12_MAKE_SHKEYBAG;
1527+ PKCS12_pack_p7data;
1528+ PKCS12_pack_p7encdata;
1529+ PKCS12_add_localkeyid;
1530+ PKCS12_add_friendlyname_asc;
1531+ PKCS12_add_friendlyname_uni;
1532+ PKCS12_get_friendlyname;
1533+ PKCS12_pbe_crypt;
1534+ PKCS12_decrypt_d2i;
1535+ PKCS12_i2d_encrypt;
1536+ PKCS12_init;
1537+ PKCS12_key_gen_asc;
1538+ PKCS12_key_gen_uni;
1539+ PKCS12_gen_mac;
1540+ PKCS12_verify_mac;
1541+ PKCS12_set_mac;
1542+ PKCS12_setup_mac;
1543+ OPENSSL_asc2uni;
1544+ OPENSSL_uni2asc;
1545+ i2d_PKCS12_BAGS;
1546+ PKCS12_BAGS_new;
1547+ d2i_PKCS12_BAGS;
1548+ PKCS12_BAGS_free;
1549+ i2d_PKCS12;
1550+ d2i_PKCS12;
1551+ PKCS12_new;
1552+ PKCS12_free;
1553+ i2d_PKCS12_MAC_DATA;
1554+ PKCS12_MAC_DATA_new;
1555+ d2i_PKCS12_MAC_DATA;
1556+ PKCS12_MAC_DATA_free;
1557+ i2d_PKCS12_SAFEBAG;
1558+ PKCS12_SAFEBAG_new;
1559+ d2i_PKCS12_SAFEBAG;
1560+ PKCS12_SAFEBAG_free;
1561+ ERR_load_PKCS12_strings;
1562+ PKCS12_PBE_add;
1563+ PKCS8_add_keyusage;
1564+ PKCS12_get_attr_gen;
1565+ PKCS12_parse;
1566+ PKCS12_create;
1567+ i2d_PKCS12_bio;
1568+ i2d_PKCS12_fp;
1569+ d2i_PKCS12_bio;
1570+ d2i_PKCS12_fp;
1571+ i2d_PBEPARAM;
1572+ PBEPARAM_new;
1573+ d2i_PBEPARAM;
1574+ PBEPARAM_free;
1575+ i2d_PKCS8_PRIV_KEY_INFO;
1576+ PKCS8_PRIV_KEY_INFO_new;
1577+ d2i_PKCS8_PRIV_KEY_INFO;
1578+ PKCS8_PRIV_KEY_INFO_free;
1579+ EVP_PKCS82PKEY;
1580+ EVP_PKEY2PKCS8;
1581+ PKCS8_set_broken;
1582+ EVP_PBE_ALGOR_CipherInit;
1583+ EVP_PBE_alg_add;
1584+ PKCS5_pbe_set;
1585+ EVP_PBE_cleanup;
1586+ i2d_SXNET;
1587+ d2i_SXNET;
1588+ SXNET_new;
1589+ SXNET_free;
1590+ i2d_SXNETID;
1591+ d2i_SXNETID;
1592+ SXNETID_new;
1593+ SXNETID_free;
1594+ DSA_SIG_new;
1595+ DSA_SIG_free;
1596+ DSA_do_sign;
1597+ DSA_do_verify;
1598+ d2i_DSA_SIG;
1599+ i2d_DSA_SIG;
1600+ i2d_ASN1_VISIBLESTRING;
1601+ d2i_ASN1_VISIBLESTRING;
1602+ i2d_ASN1_UTF8STRING;
1603+ d2i_ASN1_UTF8STRING;
1604+ i2d_DIRECTORYSTRING;
1605+ d2i_DIRECTORYSTRING;
1606+ i2d_DISPLAYTEXT;
1607+ d2i_DISPLAYTEXT;
1608+ d2i_ASN1_SET_OF_X509;
1609+ i2d_ASN1_SET_OF_X509;
1610+ i2d_PBKDF2PARAM;
1611+ PBKDF2PARAM_new;
1612+ d2i_PBKDF2PARAM;
1613+ PBKDF2PARAM_free;
1614+ i2d_PBE2PARAM;
1615+ PBE2PARAM_new;
1616+ d2i_PBE2PARAM;
1617+ PBE2PARAM_free;
1618+ d2i_ASN1_SET_OF_GENERAL_NAME;
1619+ i2d_ASN1_SET_OF_GENERAL_NAME;
1620+ d2i_ASN1_SET_OF_SXNETID;
1621+ i2d_ASN1_SET_OF_SXNETID;
1622+ d2i_ASN1_SET_OF_POLICYQUALINFO;
1623+ i2d_ASN1_SET_OF_POLICYQUALINFO;
1624+ d2i_ASN1_SET_OF_POLICYINFO;
1625+ i2d_ASN1_SET_OF_POLICYINFO;
1626+ SXNET_add_id_asc;
1627+ SXNET_add_id_ulong;
1628+ SXNET_add_id_INTEGER;
1629+ SXNET_get_id_asc;
1630+ SXNET_get_id_ulong;
1631+ SXNET_get_id_INTEGER;
1632+ X509V3_set_conf_lhash;
1633+ i2d_CERTIFICATEPOLICIES;
1634+ CERTIFICATEPOLICIES_new;
1635+ CERTIFICATEPOLICIES_free;
1636+ d2i_CERTIFICATEPOLICIES;
1637+ i2d_POLICYINFO;
1638+ POLICYINFO_new;
1639+ d2i_POLICYINFO;
1640+ POLICYINFO_free;
1641+ i2d_POLICYQUALINFO;
1642+ POLICYQUALINFO_new;
1643+ d2i_POLICYQUALINFO;
1644+ POLICYQUALINFO_free;
1645+ i2d_USERNOTICE;
1646+ USERNOTICE_new;
1647+ d2i_USERNOTICE;
1648+ USERNOTICE_free;
1649+ i2d_NOTICEREF;
1650+ NOTICEREF_new;
1651+ d2i_NOTICEREF;
1652+ NOTICEREF_free;
1653+ X509V3_get_string;
1654+ X509V3_get_section;
1655+ X509V3_string_free;
1656+ X509V3_section_free;
1657+ X509V3_set_ctx;
1658+ s2i_ASN1_INTEGER;
1659+ CRYPTO_set_locked_mem_functions;
1660+ CRYPTO_get_locked_mem_functions;
1661+ CRYPTO_malloc_locked;
1662+ CRYPTO_free_locked;
1663+ BN_mod_exp2_mont;
1664+ ERR_get_error_line_data;
1665+ ERR_peek_error_line_data;
1666+ PKCS12_PBE_keyivgen;
1667+ X509_ALGOR_dup;
1668+ d2i_ASN1_SET_OF_DIST_POINT;
1669+ i2d_ASN1_SET_OF_DIST_POINT;
1670+ i2d_CRL_DIST_POINTS;
1671+ CRL_DIST_POINTS_new;
1672+ CRL_DIST_POINTS_free;
1673+ d2i_CRL_DIST_POINTS;
1674+ i2d_DIST_POINT;
1675+ DIST_POINT_new;
1676+ d2i_DIST_POINT;
1677+ DIST_POINT_free;
1678+ i2d_DIST_POINT_NAME;
1679+ DIST_POINT_NAME_new;
1680+ DIST_POINT_NAME_free;
1681+ d2i_DIST_POINT_NAME;
1682+ X509V3_add_value_uchar;
1683+ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
1684+ i2d_ASN1_SET_OF_ASN1_TYPE;
1685+ d2i_ASN1_SET_OF_X509_EXTENSION;
1686+ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
1687+ d2i_ASN1_SET_OF_ASN1_TYPE;
1688+ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
1689+ i2d_ASN1_SET_OF_X509_EXTENSION;
1690+ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
1691+ X509V3_EXT_i2d;
1692+ X509V3_EXT_val_prn;
1693+ X509V3_EXT_add_list;
1694+ EVP_CIPHER_type;
1695+ EVP_PBE_CipherInit;
1696+ X509V3_add_value_bool_nf;
1697+ d2i_ASN1_UINTEGER;
1698+ sk_value;
1699+ sk_num;
1700+ sk_set;
1701+ i2d_ASN1_SET_OF_X509_REVOKED;
1702+ sk_sort;
1703+ d2i_ASN1_SET_OF_X509_REVOKED;
1704+ i2d_ASN1_SET_OF_X509_ALGOR;
1705+ i2d_ASN1_SET_OF_X509_CRL;
1706+ d2i_ASN1_SET_OF_X509_ALGOR;
1707+ d2i_ASN1_SET_OF_X509_CRL;
1708+ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
1709+ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
1710+ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
1711+ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
1712+ PKCS5_PBE_add;
1713+ PEM_write_bio_PKCS8;
1714+ i2d_PKCS8_fp;
1715+ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
1716+ PEM_read_bio_P8_PRIV_KEY_INFO;
1717+ d2i_PKCS8_bio;
1718+ d2i_PKCS8_PRIV_KEY_INFO_fp;
1719+ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
1720+ PEM_write_bio_P8_PRIV_KEY_INFO;
1721+ PEM_read_PKCS8;
1722+ d2i_PKCS8_PRIV_KEY_INFO_bio;
1723+ d2i_PKCS8_fp;
1724+ PEM_write_PKCS8;
1725+ PEM_read_PKCS8_PRIV_KEY_INFO;
1726+ PEM_read_P8_PRIV_KEY_INFO;
1727+ PEM_read_bio_PKCS8;
1728+ PEM_write_PKCS8_PRIV_KEY_INFO;
1729+ PEM_write_P8_PRIV_KEY_INFO;
1730+ PKCS5_PBE_keyivgen;
1731+ i2d_PKCS8_bio;
1732+ i2d_PKCS8_PRIV_KEY_INFO_fp;
1733+ i2d_PKCS8_PRIV_KEY_INFO_bio;
1734+ BIO_s_bio;
1735+ PKCS5_pbe2_set;
1736+ PKCS5_PBKDF2_HMAC_SHA1;
1737+ PKCS5_v2_PBE_keyivgen;
1738+ PEM_write_bio_PKCS8PrivateKey;
1739+ PEM_write_PKCS8PrivateKey;
1740+ BIO_ctrl_get_read_request;
1741+ BIO_ctrl_pending;
1742+ BIO_ctrl_wpending;
1743+ BIO_new_bio_pair;
1744+ BIO_ctrl_get_write_guarantee;
1745+ CRYPTO_num_locks;
1746+ CONF_load_bio;
1747+ CONF_load_fp;
1748+ i2d_ASN1_SET_OF_ASN1_OBJECT;
1749+ d2i_ASN1_SET_OF_ASN1_OBJECT;
1750+ PKCS7_signatureVerify;
1751+ RSA_set_method;
1752+ RSA_get_method;
1753+ RSA_get_default_method;
1754+ RSA_check_key;
1755+ OBJ_obj2txt;
1756+ DSA_dup_DH;
1757+ X509_REQ_get_extensions;
1758+ X509_REQ_set_extension_nids;
1759+ BIO_nwrite;
1760+ X509_REQ_extension_nid;
1761+ BIO_nread;
1762+ X509_REQ_get_extension_nids;
1763+ BIO_nwrite0;
1764+ X509_REQ_add_extensions_nid;
1765+ BIO_nread0;
1766+ X509_REQ_add_extensions;
1767+ BIO_new_mem_buf;
1768+ DH_set_ex_data;
1769+ DH_set_method;
1770+ DSA_OpenSSL;
1771+ DH_get_ex_data;
1772+ DH_get_ex_new_index;
1773+ DSA_new_method;
1774+ DH_new_method;
1775+ DH_OpenSSL;
1776+ DSA_get_ex_new_index;
1777+ DH_get_default_method;
1778+ DSA_set_ex_data;
1779+ DH_set_default_method;
1780+ DSA_get_ex_data;
1781+ X509V3_EXT_REQ_add_conf;
1782+ NETSCAPE_SPKI_print;
1783+ NETSCAPE_SPKI_set_pubkey;
1784+ NETSCAPE_SPKI_b64_encode;
1785+ NETSCAPE_SPKI_get_pubkey;
1786+ NETSCAPE_SPKI_b64_decode;
1787+ UTF8_putc;
1788+ UTF8_getc;
1789+ RSA_null_method;
1790+ ASN1_tag2str;
1791+ BIO_ctrl_reset_read_request;
1792+ DISPLAYTEXT_new;
1793+ ASN1_GENERALIZEDTIME_free;
1794+ X509_REVOKED_get_ext_d2i;
1795+ X509_set_ex_data;
1796+ X509_reject_set_bit_asc;
1797+ X509_NAME_add_entry_by_txt;
1798+ X509_NAME_add_entry_by_NID;
1799+ X509_PURPOSE_get0;
1800+ PEM_read_X509_AUX;
1801+ d2i_AUTHORITY_INFO_ACCESS;
1802+ PEM_write_PUBKEY;
1803+ ACCESS_DESCRIPTION_new;
1804+ X509_CERT_AUX_free;
1805+ d2i_ACCESS_DESCRIPTION;
1806+ X509_trust_clear;
1807+ X509_TRUST_add;
1808+ ASN1_VISIBLESTRING_new;
1809+ X509_alias_set1;
1810+ ASN1_PRINTABLESTRING_free;
1811+ EVP_PKEY_get1_DSA;
1812+ ASN1_BMPSTRING_new;
1813+ ASN1_mbstring_copy;
1814+ ASN1_UTF8STRING_new;
1815+ DSA_get_default_method;
1816+ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
1817+ ASN1_T61STRING_free;
1818+ DSA_set_method;
1819+ X509_get_ex_data;
1820+ ASN1_STRING_type;
1821+ X509_PURPOSE_get_by_sname;
1822+ ASN1_TIME_free;
1823+ ASN1_OCTET_STRING_cmp;
1824+ ASN1_BIT_STRING_new;
1825+ X509_get_ext_d2i;
1826+ PEM_read_bio_X509_AUX;
1827+ ASN1_STRING_set_default_mask_asc;
1828+ ASN1_STRING_set_def_mask_asc;
1829+ PEM_write_bio_RSA_PUBKEY;
1830+ ASN1_INTEGER_cmp;
1831+ d2i_RSA_PUBKEY_fp;
1832+ X509_trust_set_bit_asc;
1833+ PEM_write_bio_DSA_PUBKEY;
1834+ X509_STORE_CTX_free;
1835+ EVP_PKEY_set1_DSA;
1836+ i2d_DSA_PUBKEY_fp;
1837+ X509_load_cert_crl_file;
1838+ ASN1_TIME_new;
1839+ i2d_RSA_PUBKEY;
1840+ X509_STORE_CTX_purpose_inherit;
1841+ PEM_read_RSA_PUBKEY;
1842+ d2i_X509_AUX;
1843+ i2d_DSA_PUBKEY;
1844+ X509_CERT_AUX_print;
1845+ PEM_read_DSA_PUBKEY;
1846+ i2d_RSA_PUBKEY_bio;
1847+ ASN1_BIT_STRING_num_asc;
1848+ i2d_PUBKEY;
1849+ ASN1_UTCTIME_free;
1850+ DSA_set_default_method;
1851+ X509_PURPOSE_get_by_id;
1852+ ACCESS_DESCRIPTION_free;
1853+ PEM_read_bio_PUBKEY;
1854+ ASN1_STRING_set_by_NID;
1855+ X509_PURPOSE_get_id;
1856+ DISPLAYTEXT_free;
1857+ OTHERNAME_new;
1858+ X509_CERT_AUX_new;
1859+ X509_TRUST_cleanup;
1860+ X509_NAME_add_entry_by_OBJ;
1861+ X509_CRL_get_ext_d2i;
1862+ X509_PURPOSE_get0_name;
1863+ PEM_read_PUBKEY;
1864+ i2d_DSA_PUBKEY_bio;
1865+ i2d_OTHERNAME;
1866+ ASN1_OCTET_STRING_free;
1867+ ASN1_BIT_STRING_set_asc;
1868+ X509_get_ex_new_index;
1869+ ASN1_STRING_TABLE_cleanup;
1870+ X509_TRUST_get_by_id;
1871+ X509_PURPOSE_get_trust;
1872+ ASN1_STRING_length;
1873+ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
1874+ ASN1_PRINTABLESTRING_new;
1875+ X509V3_get_d2i;
1876+ ASN1_ENUMERATED_free;
1877+ i2d_X509_CERT_AUX;
1878+ X509_STORE_CTX_set_trust;
1879+ ASN1_STRING_set_default_mask;
1880+ X509_STORE_CTX_new;
1881+ EVP_PKEY_get1_RSA;
1882+ DIRECTORYSTRING_free;
1883+ PEM_write_X509_AUX;
1884+ ASN1_OCTET_STRING_set;
1885+ d2i_DSA_PUBKEY_fp;
1886+ d2i_RSA_PUBKEY;
1887+ X509_TRUST_get0_name;
1888+ X509_TRUST_get0;
1889+ AUTHORITY_INFO_ACCESS_free;
1890+ ASN1_IA5STRING_new;
1891+ d2i_DSA_PUBKEY;
1892+ X509_check_purpose;
1893+ ASN1_ENUMERATED_new;
1894+ d2i_RSA_PUBKEY_bio;
1895+ d2i_PUBKEY;
1896+ X509_TRUST_get_trust;
1897+ X509_TRUST_get_flags;
1898+ ASN1_BMPSTRING_free;
1899+ ASN1_T61STRING_new;
1900+ ASN1_UTCTIME_new;
1901+ i2d_AUTHORITY_INFO_ACCESS;
1902+ EVP_PKEY_set1_RSA;
1903+ X509_STORE_CTX_set_purpose;
1904+ ASN1_IA5STRING_free;
1905+ PEM_write_bio_X509_AUX;
1906+ X509_PURPOSE_get_count;
1907+ CRYPTO_add_info;
1908+ X509_NAME_ENTRY_create_by_txt;
1909+ ASN1_STRING_get_default_mask;
1910+ X509_alias_get0;
1911+ ASN1_STRING_data;
1912+ i2d_ACCESS_DESCRIPTION;
1913+ X509_trust_set_bit;
1914+ ASN1_BIT_STRING_free;
1915+ PEM_read_bio_RSA_PUBKEY;
1916+ X509_add1_reject_object;
1917+ X509_check_trust;
1918+ PEM_read_bio_DSA_PUBKEY;
1919+ X509_PURPOSE_add;
1920+ ASN1_STRING_TABLE_get;
1921+ ASN1_UTF8STRING_free;
1922+ d2i_DSA_PUBKEY_bio;
1923+ PEM_write_RSA_PUBKEY;
1924+ d2i_OTHERNAME;
1925+ X509_reject_set_bit;
1926+ PEM_write_DSA_PUBKEY;
1927+ X509_PURPOSE_get0_sname;
1928+ EVP_PKEY_set1_DH;
1929+ ASN1_OCTET_STRING_dup;
1930+ ASN1_BIT_STRING_set;
1931+ X509_TRUST_get_count;
1932+ ASN1_INTEGER_free;
1933+ OTHERNAME_free;
1934+ i2d_RSA_PUBKEY_fp;
1935+ ASN1_INTEGER_dup;
1936+ d2i_X509_CERT_AUX;
1937+ PEM_write_bio_PUBKEY;
1938+ ASN1_VISIBLESTRING_free;
1939+ X509_PURPOSE_cleanup;
1940+ ASN1_mbstring_ncopy;
1941+ ASN1_GENERALIZEDTIME_new;
1942+ EVP_PKEY_get1_DH;
1943+ ASN1_OCTET_STRING_new;
1944+ ASN1_INTEGER_new;
1945+ i2d_X509_AUX;
1946+ ASN1_BIT_STRING_name_print;
1947+ X509_cmp;
1948+ ASN1_STRING_length_set;
1949+ DIRECTORYSTRING_new;
1950+ X509_add1_trust_object;
1951+ PKCS12_newpass;
1952+ SMIME_write_PKCS7;
1953+ SMIME_read_PKCS7;
1954+ DES_set_key_checked;
1955+ PKCS7_verify;
1956+ PKCS7_encrypt;
1957+ DES_set_key_unchecked;
1958+ SMIME_crlf_copy;
1959+ i2d_ASN1_PRINTABLESTRING;
1960+ PKCS7_get0_signers;
1961+ PKCS7_decrypt;
1962+ SMIME_text;
1963+ PKCS7_simple_smimecap;
1964+ PKCS7_get_smimecap;
1965+ PKCS7_sign;
1966+ PKCS7_add_attrib_smimecap;
1967+ CRYPTO_dbg_set_options;
1968+ CRYPTO_remove_all_info;
1969+ CRYPTO_get_mem_debug_functions;
1970+ CRYPTO_is_mem_check_on;
1971+ CRYPTO_set_mem_debug_functions;
1972+ CRYPTO_pop_info;
1973+ CRYPTO_push_info_;
1974+ CRYPTO_set_mem_debug_options;
1975+ PEM_write_PKCS8PrivateKey_nid;
1976+ PEM_write_bio_PKCS8PrivateKey_nid;
1977+ PEM_write_bio_PKCS8PrivKey_nid;
1978+ d2i_PKCS8PrivateKey_bio;
1979+ ASN1_NULL_free;
1980+ d2i_ASN1_NULL;
1981+ ASN1_NULL_new;
1982+ i2d_PKCS8PrivateKey_bio;
1983+ i2d_PKCS8PrivateKey_fp;
1984+ i2d_ASN1_NULL;
1985+ i2d_PKCS8PrivateKey_nid_fp;
1986+ d2i_PKCS8PrivateKey_fp;
1987+ i2d_PKCS8PrivateKey_nid_bio;
1988+ i2d_PKCS8PrivateKeyInfo_fp;
1989+ i2d_PKCS8PrivateKeyInfo_bio;
1990+ PEM_cb;
1991+ i2d_PrivateKey_fp;
1992+ d2i_PrivateKey_bio;
1993+ d2i_PrivateKey_fp;
1994+ i2d_PrivateKey_bio;
1995+ X509_reject_clear;
1996+ X509_TRUST_set_default;
1997+ d2i_AutoPrivateKey;
1998+ X509_ATTRIBUTE_get0_type;
1999+ X509_ATTRIBUTE_set1_data;
2000+ X509at_get_attr;
2001+ X509at_get_attr_count;
2002+ X509_ATTRIBUTE_create_by_NID;
2003+ X509_ATTRIBUTE_set1_object;
2004+ X509_ATTRIBUTE_count;
2005+ X509_ATTRIBUTE_create_by_OBJ;
2006+ X509_ATTRIBUTE_get0_object;
2007+ X509at_get_attr_by_NID;
2008+ X509at_add1_attr;
2009+ X509_ATTRIBUTE_get0_data;
2010+ X509at_delete_attr;
2011+ X509at_get_attr_by_OBJ;
2012+ RAND_add;
2013+ BIO_number_written;
2014+ BIO_number_read;
2015+ X509_STORE_CTX_get1_chain;
2016+ ERR_load_RAND_strings;
2017+ RAND_pseudo_bytes;
2018+ X509_REQ_get_attr_by_NID;
2019+ X509_REQ_get_attr;
2020+ X509_REQ_add1_attr_by_NID;
2021+ X509_REQ_get_attr_by_OBJ;
2022+ X509at_add1_attr_by_NID;
2023+ X509_REQ_add1_attr_by_OBJ;
2024+ X509_REQ_get_attr_count;
2025+ X509_REQ_add1_attr;
2026+ X509_REQ_delete_attr;
2027+ X509at_add1_attr_by_OBJ;
2028+ X509_REQ_add1_attr_by_txt;
2029+ X509_ATTRIBUTE_create_by_txt;
2030+ X509at_add1_attr_by_txt;
2031+ BN_pseudo_rand;
2032+ BN_is_prime_fasttest;
2033+ BN_CTX_end;
2034+ BN_CTX_start;
2035+ BN_CTX_get;
2036+ EVP_PKEY2PKCS8_broken;
2037+ ASN1_STRING_TABLE_add;
2038+ CRYPTO_dbg_get_options;
2039+ AUTHORITY_INFO_ACCESS_new;
2040+ CRYPTO_get_mem_debug_options;
2041+ DES_crypt;
2042+ PEM_write_bio_X509_REQ_NEW;
2043+ PEM_write_X509_REQ_NEW;
2044+ BIO_callback_ctrl;
2045+ RAND_egd;
2046+ RAND_status;
2047+ bn_dump1;
2048+ DES_check_key_parity;
2049+ lh_num_items;
2050+ RAND_event;
2051+ DSO_new;
2052+ DSO_new_method;
2053+ DSO_free;
2054+ DSO_flags;
2055+ DSO_up;
2056+ DSO_set_default_method;
2057+ DSO_get_default_method;
2058+ DSO_get_method;
2059+ DSO_set_method;
2060+ DSO_load;
2061+ DSO_bind_var;
2062+ DSO_METHOD_null;
2063+ DSO_METHOD_openssl;
2064+ DSO_METHOD_dlfcn;
2065+ DSO_METHOD_win32;
2066+ ERR_load_DSO_strings;
2067+ DSO_METHOD_dl;
2068+ NCONF_load;
2069+ NCONF_load_fp;
2070+ NCONF_new;
2071+ NCONF_get_string;
2072+ NCONF_free;
2073+ NCONF_get_number;
2074+ CONF_dump_fp;
2075+ NCONF_load_bio;
2076+ NCONF_dump_fp;
2077+ NCONF_get_section;
2078+ NCONF_dump_bio;
2079+ CONF_dump_bio;
2080+ NCONF_free_data;
2081+ CONF_set_default_method;
2082+ ERR_error_string_n;
2083+ BIO_snprintf;
2084+ DSO_ctrl;
2085+ i2d_ASN1_SET_OF_ASN1_INTEGER;
2086+ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
2087+ i2d_ASN1_SET_OF_PKCS7;
2088+ BIO_vfree;
2089+ d2i_ASN1_SET_OF_ASN1_INTEGER;
2090+ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
2091+ ASN1_UTCTIME_get;
2092+ X509_REQ_digest;
2093+ X509_CRL_digest;
2094+ d2i_ASN1_SET_OF_PKCS7;
2095+ EVP_CIPHER_CTX_set_key_length;
2096+ EVP_CIPHER_CTX_ctrl;
2097+ BN_mod_exp_mont_word;
2098+ RAND_egd_bytes;
2099+ X509_REQ_get1_email;
2100+ X509_get1_email;
2101+ X509_email_free;
2102+ i2d_RSA_NET;
2103+ d2i_RSA_NET_2;
2104+ d2i_RSA_NET;
2105+ DSO_bind_func;
2106+ CRYPTO_get_new_dynlockid;
2107+ sk_new_null;
2108+ CRYPTO_set_dynlock_destroy_callback;
2109+ CRYPTO_set_dynlock_destroy_cb;
2110+ CRYPTO_destroy_dynlockid;
2111+ CRYPTO_set_dynlock_size;
2112+ CRYPTO_set_dynlock_create_callback;
2113+ CRYPTO_set_dynlock_create_cb;
2114+ CRYPTO_set_dynlock_lock_callback;
2115+ CRYPTO_set_dynlock_lock_cb;
2116+ CRYPTO_get_dynlock_lock_callback;
2117+ CRYPTO_get_dynlock_lock_cb;
2118+ CRYPTO_get_dynlock_destroy_callback;
2119+ CRYPTO_get_dynlock_destroy_cb;
2120+ CRYPTO_get_dynlock_value;
2121+ CRYPTO_get_dynlock_create_callback;
2122+ CRYPTO_get_dynlock_create_cb;
2123+ c2i_ASN1_BIT_STRING;
2124+ i2c_ASN1_BIT_STRING;
2125+ RAND_poll;
2126+ c2i_ASN1_INTEGER;
2127+ i2c_ASN1_INTEGER;
2128+ BIO_dump_indent;
2129+ ASN1_parse_dump;
2130+ c2i_ASN1_OBJECT;
2131+ X509_NAME_print_ex_fp;
2132+ ASN1_STRING_print_ex_fp;
2133+ X509_NAME_print_ex;
2134+ ASN1_STRING_print_ex;
2135+ MD4;
2136+ MD4_Transform;
2137+ MD4_Final;
2138+ MD4_Update;
2139+ MD4_Init;
2140+ EVP_md4;
2141+ i2d_PUBKEY_bio;
2142+ i2d_PUBKEY_fp;
2143+ d2i_PUBKEY_bio;
2144+ ASN1_STRING_to_UTF8;
2145+ BIO_vprintf;
2146+ BIO_vsnprintf;
2147+ d2i_PUBKEY_fp;
2148+ X509_cmp_time;
2149+ X509_STORE_CTX_set_time;
2150+ X509_STORE_CTX_get1_issuer;
2151+ X509_OBJECT_retrieve_match;
2152+ X509_OBJECT_idx_by_subject;
2153+ X509_STORE_CTX_set_flags;
2154+ X509_STORE_CTX_trusted_stack;
2155+ X509_time_adj;
2156+ X509_check_issued;
2157+ ASN1_UTCTIME_cmp_time_t;
2158+ DES_set_weak_key_flag;
2159+ DES_check_key;
2160+ DES_rw_mode;
2161+ RSA_PKCS1_RSAref;
2162+ X509_keyid_set1;
2163+ BIO_next;
2164+ DSO_METHOD_vms;
2165+ BIO_f_linebuffer;
2166+ BN_bntest_rand;
2167+ OPENSSL_issetugid;
2168+ BN_rand_range;
2169+ ERR_load_ENGINE_strings;
2170+ ENGINE_set_DSA;
2171+ ENGINE_get_finish_function;
2172+ ENGINE_get_default_RSA;
2173+ ENGINE_get_BN_mod_exp;
2174+ DSA_get_default_openssl_method;
2175+ ENGINE_set_DH;
2176+ ENGINE_set_def_BN_mod_exp_crt;
2177+ ENGINE_set_default_BN_mod_exp_crt;
2178+ ENGINE_init;
2179+ DH_get_default_openssl_method;
2180+ RSA_set_default_openssl_method;
2181+ ENGINE_finish;
2182+ ENGINE_load_public_key;
2183+ ENGINE_get_DH;
2184+ ENGINE_ctrl;
2185+ ENGINE_get_init_function;
2186+ ENGINE_set_init_function;
2187+ ENGINE_set_default_DSA;
2188+ ENGINE_get_name;
2189+ ENGINE_get_last;
2190+ ENGINE_get_prev;
2191+ ENGINE_get_default_DH;
2192+ ENGINE_get_RSA;
2193+ ENGINE_set_default;
2194+ ENGINE_get_RAND;
2195+ ENGINE_get_first;
2196+ ENGINE_by_id;
2197+ ENGINE_set_finish_function;
2198+ ENGINE_get_def_BN_mod_exp_crt;
2199+ ENGINE_get_default_BN_mod_exp_crt;
2200+ RSA_get_default_openssl_method;
2201+ ENGINE_set_RSA;
2202+ ENGINE_load_private_key;
2203+ ENGINE_set_default_RAND;
2204+ ENGINE_set_BN_mod_exp;
2205+ ENGINE_remove;
2206+ ENGINE_free;
2207+ ENGINE_get_BN_mod_exp_crt;
2208+ ENGINE_get_next;
2209+ ENGINE_set_name;
2210+ ENGINE_get_default_DSA;
2211+ ENGINE_set_default_BN_mod_exp;
2212+ ENGINE_set_default_RSA;
2213+ ENGINE_get_default_RAND;
2214+ ENGINE_get_default_BN_mod_exp;
2215+ ENGINE_set_RAND;
2216+ ENGINE_set_id;
2217+ ENGINE_set_BN_mod_exp_crt;
2218+ ENGINE_set_default_DH;
2219+ ENGINE_new;
2220+ ENGINE_get_id;
2221+ DSA_set_default_openssl_method;
2222+ ENGINE_add;
2223+ DH_set_default_openssl_method;
2224+ ENGINE_get_DSA;
2225+ ENGINE_get_ctrl_function;
2226+ ENGINE_set_ctrl_function;
2227+ BN_pseudo_rand_range;
2228+ X509_STORE_CTX_set_verify_cb;
2229+ ERR_load_COMP_strings;
2230+ PKCS12_item_decrypt_d2i;
2231+ ASN1_UTF8STRING_it;
2232+ ASN1_UTF8STRING_it;
2233+ ENGINE_unregister_ciphers;
2234+ ENGINE_get_ciphers;
2235+ d2i_OCSP_BASICRESP;
2236+ KRB5_CHECKSUM_it;
2237+ KRB5_CHECKSUM_it;
2238+ EC_POINT_add;
2239+ ASN1_item_ex_i2d;
2240+ OCSP_CERTID_it;
2241+ OCSP_CERTID_it;
2242+ d2i_OCSP_RESPBYTES;
2243+ X509V3_add1_i2d;
2244+ PKCS7_ENVELOPE_it;
2245+ PKCS7_ENVELOPE_it;
2246+ UI_add_input_boolean;
2247+ ENGINE_unregister_RSA;
2248+ X509V3_EXT_nconf;
2249+ ASN1_GENERALSTRING_free;
2250+ d2i_OCSP_CERTSTATUS;
2251+ X509_REVOKED_set_serialNumber;
2252+ X509_print_ex;
2253+ OCSP_ONEREQ_get1_ext_d2i;
2254+ ENGINE_register_all_RAND;
2255+ ENGINE_load_dynamic;
2256+ PBKDF2PARAM_it;
2257+ PBKDF2PARAM_it;
2258+ EXTENDED_KEY_USAGE_new;
2259+ EC_GROUP_clear_free;
2260+ OCSP_sendreq_bio;
2261+ ASN1_item_digest;
2262+ OCSP_BASICRESP_delete_ext;
2263+ OCSP_SIGNATURE_it;
2264+ OCSP_SIGNATURE_it;
2265+ X509_CRL_it;
2266+ X509_CRL_it;
2267+ OCSP_BASICRESP_add_ext;
2268+ KRB5_ENCKEY_it;
2269+ KRB5_ENCKEY_it;
2270+ UI_method_set_closer;
2271+ X509_STORE_set_purpose;
2272+ i2d_ASN1_GENERALSTRING;
2273+ OCSP_response_status;
2274+ i2d_OCSP_SERVICELOC;
2275+ ENGINE_get_digest_engine;
2276+ EC_GROUP_set_curve_GFp;
2277+ OCSP_REQUEST_get_ext_by_OBJ;
2278+ _ossl_old_des_random_key;
2279+ ASN1_T61STRING_it;
2280+ ASN1_T61STRING_it;
2281+ EC_GROUP_method_of;
2282+ i2d_KRB5_APREQ;
2283+ _ossl_old_des_encrypt;
2284+ ASN1_PRINTABLE_new;
2285+ HMAC_Init_ex;
2286+ d2i_KRB5_AUTHENT;
2287+ OCSP_archive_cutoff_new;
2288+ EC_POINT_set_Jprojective_coordinates_GFp;
2289+ EC_POINT_set_Jproj_coords_GFp;
2290+ _ossl_old_des_is_weak_key;
2291+ OCSP_BASICRESP_get_ext_by_OBJ;
2292+ EC_POINT_oct2point;
2293+ OCSP_SINGLERESP_get_ext_count;
2294+ UI_ctrl;
2295+ _shadow_DES_rw_mode;
2296+ _shadow_DES_rw_mode;
2297+ asn1_do_adb;
2298+ ASN1_template_i2d;
2299+ ENGINE_register_DH;
2300+ UI_construct_prompt;
2301+ X509_STORE_set_trust;
2302+ UI_dup_input_string;
2303+ d2i_KRB5_APREQ;
2304+ EVP_MD_CTX_copy_ex;
2305+ OCSP_request_is_signed;
2306+ i2d_OCSP_REQINFO;
2307+ KRB5_ENCKEY_free;
2308+ OCSP_resp_get0;
2309+ GENERAL_NAME_it;
2310+ GENERAL_NAME_it;
2311+ ASN1_GENERALIZEDTIME_it;
2312+ ASN1_GENERALIZEDTIME_it;
2313+ X509_STORE_set_flags;
2314+ EC_POINT_set_compressed_coordinates_GFp;
2315+ EC_POINT_set_compr_coords_GFp;
2316+ OCSP_response_status_str;
2317+ d2i_OCSP_REVOKEDINFO;
2318+ OCSP_basic_add1_cert;
2319+ ERR_get_implementation;
2320+ EVP_CipherFinal_ex;
2321+ OCSP_CERTSTATUS_new;
2322+ CRYPTO_cleanup_all_ex_data;
2323+ OCSP_resp_find;
2324+ BN_nnmod;
2325+ X509_CRL_sort;
2326+ X509_REVOKED_set_revocationDate;
2327+ ENGINE_register_RAND;
2328+ OCSP_SERVICELOC_new;
2329+ EC_POINT_set_affine_coordinates_GFp;
2330+ EC_POINT_set_affine_coords_GFp;
2331+ _ossl_old_des_options;
2332+ SXNET_it;
2333+ SXNET_it;
2334+ UI_dup_input_boolean;
2335+ PKCS12_add_CSPName_asc;
2336+ EC_POINT_is_at_infinity;
2337+ ENGINE_load_cryptodev;
2338+ DSO_convert_filename;
2339+ POLICYQUALINFO_it;
2340+ POLICYQUALINFO_it;
2341+ ENGINE_register_ciphers;
2342+ BN_mod_lshift_quick;
2343+ DSO_set_filename;
2344+ ASN1_item_free;
2345+ KRB5_TKTBODY_free;
2346+ AUTHORITY_KEYID_it;
2347+ AUTHORITY_KEYID_it;
2348+ KRB5_APREQBODY_new;
2349+ X509V3_EXT_REQ_add_nconf;
2350+ ENGINE_ctrl_cmd_string;
2351+ i2d_OCSP_RESPDATA;
2352+ EVP_MD_CTX_init;
2353+ EXTENDED_KEY_USAGE_free;
2354+ PKCS7_ATTR_SIGN_it;
2355+ PKCS7_ATTR_SIGN_it;
2356+ UI_add_error_string;
2357+ KRB5_CHECKSUM_free;
2358+ OCSP_REQUEST_get_ext;
2359+ ENGINE_load_ubsec;
2360+ ENGINE_register_all_digests;
2361+ PKEY_USAGE_PERIOD_it;
2362+ PKEY_USAGE_PERIOD_it;
2363+ PKCS12_unpack_authsafes;
2364+ ASN1_item_unpack;
2365+ NETSCAPE_SPKAC_it;
2366+ NETSCAPE_SPKAC_it;
2367+ X509_REVOKED_it;
2368+ X509_REVOKED_it;
2369+ ASN1_STRING_encode;
2370+ EVP_aes_128_ecb;
2371+ KRB5_AUTHENT_free;
2372+ OCSP_BASICRESP_get_ext_by_critical;
2373+ OCSP_BASICRESP_get_ext_by_crit;
2374+ OCSP_cert_status_str;
2375+ d2i_OCSP_REQUEST;
2376+ UI_dup_info_string;
2377+ _ossl_old_des_xwhite_in2out;
2378+ PKCS12_it;
2379+ PKCS12_it;
2380+ OCSP_SINGLERESP_get_ext_by_critical;
2381+ OCSP_SINGLERESP_get_ext_by_crit;
2382+ OCSP_CERTSTATUS_free;
2383+ _ossl_old_des_crypt;
2384+ ASN1_item_i2d;
2385+ EVP_DecryptFinal_ex;
2386+ ENGINE_load_openssl;
2387+ ENGINE_get_cmd_defns;
2388+ ENGINE_set_load_privkey_function;
2389+ ENGINE_set_load_privkey_fn;
2390+ EVP_EncryptFinal_ex;
2391+ ENGINE_set_default_digests;
2392+ X509_get0_pubkey_bitstr;
2393+ asn1_ex_i2c;
2394+ ENGINE_register_RSA;
2395+ ENGINE_unregister_DSA;
2396+ _ossl_old_des_key_sched;
2397+ X509_EXTENSION_it;
2398+ X509_EXTENSION_it;
2399+ i2d_KRB5_AUTHENT;
2400+ SXNETID_it;
2401+ SXNETID_it;
2402+ d2i_OCSP_SINGLERESP;
2403+ EDIPARTYNAME_new;
2404+ PKCS12_certbag2x509;
2405+ _ossl_old_des_ofb64_encrypt;
2406+ d2i_EXTENDED_KEY_USAGE;
2407+ ERR_print_errors_cb;
2408+ ENGINE_set_ciphers;
2409+ d2i_KRB5_APREQBODY;
2410+ UI_method_get_flusher;
2411+ X509_PUBKEY_it;
2412+ X509_PUBKEY_it;
2413+ _ossl_old_des_enc_read;
2414+ PKCS7_ENCRYPT_it;
2415+ PKCS7_ENCRYPT_it;
2416+ i2d_OCSP_RESPONSE;
2417+ EC_GROUP_get_cofactor;
2418+ PKCS12_unpack_p7data;
2419+ d2i_KRB5_AUTHDATA;
2420+ OCSP_copy_nonce;
2421+ KRB5_AUTHDATA_new;
2422+ OCSP_RESPDATA_new;
2423+ EC_GFp_mont_method;
2424+ OCSP_REVOKEDINFO_free;
2425+ UI_get_ex_data;
2426+ KRB5_APREQBODY_free;
2427+ EC_GROUP_get0_generator;
2428+ UI_get_default_method;
2429+ X509V3_set_nconf;
2430+ PKCS12_item_i2d_encrypt;
2431+ X509_add1_ext_i2d;
2432+ PKCS7_SIGNER_INFO_it;
2433+ PKCS7_SIGNER_INFO_it;
2434+ KRB5_PRINCNAME_new;
2435+ PKCS12_SAFEBAG_it;
2436+ PKCS12_SAFEBAG_it;
2437+ EC_GROUP_get_order;
2438+ d2i_OCSP_RESPID;
2439+ OCSP_request_verify;
2440+ NCONF_get_number_e;
2441+ _ossl_old_des_decrypt3;
2442+ X509_signature_print;
2443+ OCSP_SINGLERESP_free;
2444+ ENGINE_load_builtin_engines;
2445+ i2d_OCSP_ONEREQ;
2446+ OCSP_REQUEST_add_ext;
2447+ OCSP_RESPBYTES_new;
2448+ EVP_MD_CTX_create;
2449+ OCSP_resp_find_status;
2450+ X509_ALGOR_it;
2451+ X509_ALGOR_it;
2452+ ASN1_TIME_it;
2453+ ASN1_TIME_it;
2454+ OCSP_request_set1_name;
2455+ OCSP_ONEREQ_get_ext_count;
2456+ UI_get0_result;
2457+ PKCS12_AUTHSAFES_it;
2458+ PKCS12_AUTHSAFES_it;
2459+ EVP_aes_256_ecb;
2460+ PKCS12_pack_authsafes;
2461+ ASN1_IA5STRING_it;
2462+ ASN1_IA5STRING_it;
2463+ UI_get_input_flags;
2464+ EC_GROUP_set_generator;
2465+ _ossl_old_des_string_to_2keys;
2466+ OCSP_CERTID_free;
2467+ X509_CERT_AUX_it;
2468+ X509_CERT_AUX_it;
2469+ CERTIFICATEPOLICIES_it;
2470+ CERTIFICATEPOLICIES_it;
2471+ _ossl_old_des_ede3_cbc_encrypt;
2472+ RAND_set_rand_engine;
2473+ DSO_get_loaded_filename;
2474+ X509_ATTRIBUTE_it;
2475+ X509_ATTRIBUTE_it;
2476+ OCSP_ONEREQ_get_ext_by_NID;
2477+ PKCS12_decrypt_skey;
2478+ KRB5_AUTHENT_it;
2479+ KRB5_AUTHENT_it;
2480+ UI_dup_error_string;
2481+ RSAPublicKey_it;
2482+ RSAPublicKey_it;
2483+ i2d_OCSP_REQUEST;
2484+ PKCS12_x509crl2certbag;
2485+ OCSP_SERVICELOC_it;
2486+ OCSP_SERVICELOC_it;
2487+ ASN1_item_sign;
2488+ X509_CRL_set_issuer_name;
2489+ OBJ_NAME_do_all_sorted;
2490+ i2d_OCSP_BASICRESP;
2491+ i2d_OCSP_RESPBYTES;
2492+ PKCS12_unpack_p7encdata;
2493+ HMAC_CTX_init;
2494+ ENGINE_get_digest;
2495+ OCSP_RESPONSE_print;
2496+ KRB5_TKTBODY_it;
2497+ KRB5_TKTBODY_it;
2498+ ACCESS_DESCRIPTION_it;
2499+ ACCESS_DESCRIPTION_it;
2500+ PKCS7_ISSUER_AND_SERIAL_it;
2501+ PKCS7_ISSUER_AND_SERIAL_it;
2502+ PBE2PARAM_it;
2503+ PBE2PARAM_it;
2504+ PKCS12_certbag2x509crl;
2505+ PKCS7_SIGNED_it;
2506+ PKCS7_SIGNED_it;
2507+ ENGINE_get_cipher;
2508+ i2d_OCSP_CRLID;
2509+ OCSP_SINGLERESP_new;
2510+ ENGINE_cmd_is_executable;
2511+ RSA_up_ref;
2512+ ASN1_GENERALSTRING_it;
2513+ ASN1_GENERALSTRING_it;
2514+ ENGINE_register_DSA;
2515+ X509V3_EXT_add_nconf_sk;
2516+ ENGINE_set_load_pubkey_function;
2517+ PKCS8_decrypt;
2518+ PEM_bytes_read_bio;
2519+ DIRECTORYSTRING_it;
2520+ DIRECTORYSTRING_it;
2521+ d2i_OCSP_CRLID;
2522+ EC_POINT_is_on_curve;
2523+ CRYPTO_set_locked_mem_ex_functions;
2524+ CRYPTO_set_locked_mem_ex_funcs;
2525+ d2i_KRB5_CHECKSUM;
2526+ ASN1_item_dup;
2527+ X509_it;
2528+ X509_it;
2529+ BN_mod_add;
2530+ KRB5_AUTHDATA_free;
2531+ _ossl_old_des_cbc_cksum;
2532+ ASN1_item_verify;
2533+ CRYPTO_set_mem_ex_functions;
2534+ EC_POINT_get_Jprojective_coordinates_GFp;
2535+ EC_POINT_get_Jproj_coords_GFp;
2536+ ZLONG_it;
2537+ ZLONG_it;
2538+ CRYPTO_get_locked_mem_ex_functions;
2539+ CRYPTO_get_locked_mem_ex_funcs;
2540+ ASN1_TIME_check;
2541+ UI_get0_user_data;
2542+ HMAC_CTX_cleanup;
2543+ DSA_up_ref;
2544+ _ossl_old_des_ede3_cfb64_encrypt;
2545+ _ossl_odes_ede3_cfb64_encrypt;
2546+ ASN1_BMPSTRING_it;
2547+ ASN1_BMPSTRING_it;
2548+ ASN1_tag2bit;
2549+ UI_method_set_flusher;
2550+ X509_ocspid_print;
2551+ KRB5_ENCDATA_it;
2552+ KRB5_ENCDATA_it;
2553+ ENGINE_get_load_pubkey_function;
2554+ UI_add_user_data;
2555+ OCSP_REQUEST_delete_ext;
2556+ UI_get_method;
2557+ OCSP_ONEREQ_free;
2558+ ASN1_PRINTABLESTRING_it;
2559+ ASN1_PRINTABLESTRING_it;
2560+ X509_CRL_set_nextUpdate;
2561+ OCSP_REQUEST_it;
2562+ OCSP_REQUEST_it;
2563+ OCSP_BASICRESP_it;
2564+ OCSP_BASICRESP_it;
2565+ AES_ecb_encrypt;
2566+ BN_mod_sqr;
2567+ NETSCAPE_CERT_SEQUENCE_it;
2568+ NETSCAPE_CERT_SEQUENCE_it;
2569+ GENERAL_NAMES_it;
2570+ GENERAL_NAMES_it;
2571+ AUTHORITY_INFO_ACCESS_it;
2572+ AUTHORITY_INFO_ACCESS_it;
2573+ ASN1_FBOOLEAN_it;
2574+ ASN1_FBOOLEAN_it;
2575+ UI_set_ex_data;
2576+ _ossl_old_des_string_to_key;
2577+ ENGINE_register_all_RSA;
2578+ d2i_KRB5_PRINCNAME;
2579+ OCSP_RESPBYTES_it;
2580+ OCSP_RESPBYTES_it;
2581+ X509_CINF_it;
2582+ X509_CINF_it;
2583+ ENGINE_unregister_digests;
2584+ d2i_EDIPARTYNAME;
2585+ d2i_OCSP_SERVICELOC;
2586+ ENGINE_get_digests;
2587+ _ossl_old_des_set_odd_parity;
2588+ OCSP_RESPDATA_free;
2589+ d2i_KRB5_TICKET;
2590+ OTHERNAME_it;
2591+ OTHERNAME_it;
2592+ EVP_MD_CTX_cleanup;
2593+ d2i_ASN1_GENERALSTRING;
2594+ X509_CRL_set_version;
2595+ BN_mod_sub;
2596+ OCSP_SINGLERESP_get_ext_by_NID;
2597+ ENGINE_get_ex_new_index;
2598+ OCSP_REQUEST_free;
2599+ OCSP_REQUEST_add1_ext_i2d;
2600+ X509_VAL_it;
2601+ X509_VAL_it;
2602+ EC_POINTs_make_affine;
2603+ EC_POINT_mul;
2604+ X509V3_EXT_add_nconf;
2605+ X509_TRUST_set;
2606+ X509_CRL_add1_ext_i2d;
2607+ _ossl_old_des_fcrypt;
2608+ DISPLAYTEXT_it;
2609+ DISPLAYTEXT_it;
2610+ X509_CRL_set_lastUpdate;
2611+ OCSP_BASICRESP_free;
2612+ OCSP_BASICRESP_add1_ext_i2d;
2613+ d2i_KRB5_AUTHENTBODY;
2614+ CRYPTO_set_ex_data_implementation;
2615+ CRYPTO_set_ex_data_impl;
2616+ KRB5_ENCDATA_new;
2617+ DSO_up_ref;
2618+ OCSP_crl_reason_str;
2619+ UI_get0_result_string;
2620+ ASN1_GENERALSTRING_new;
2621+ X509_SIG_it;
2622+ X509_SIG_it;
2623+ ERR_set_implementation;
2624+ ERR_load_EC_strings;
2625+ UI_get0_action_string;
2626+ OCSP_ONEREQ_get_ext;
2627+ EC_POINT_method_of;
2628+ i2d_KRB5_APREQBODY;
2629+ _ossl_old_des_ecb3_encrypt;
2630+ CRYPTO_get_mem_ex_functions;
2631+ ENGINE_get_ex_data;
2632+ UI_destroy_method;
2633+ ASN1_item_i2d_bio;
2634+ OCSP_ONEREQ_get_ext_by_OBJ;
2635+ ASN1_primitive_new;
2636+ ASN1_PRINTABLE_it;
2637+ ASN1_PRINTABLE_it;
2638+ EVP_aes_192_ecb;
2639+ OCSP_SIGNATURE_new;
2640+ LONG_it;
2641+ LONG_it;
2642+ ASN1_VISIBLESTRING_it;
2643+ ASN1_VISIBLESTRING_it;
2644+ OCSP_SINGLERESP_add1_ext_i2d;
2645+ d2i_OCSP_CERTID;
2646+ ASN1_item_d2i_fp;
2647+ CRL_DIST_POINTS_it;
2648+ CRL_DIST_POINTS_it;
2649+ GENERAL_NAME_print;
2650+ OCSP_SINGLERESP_delete_ext;
2651+ PKCS12_SAFEBAGS_it;
2652+ PKCS12_SAFEBAGS_it;
2653+ d2i_OCSP_SIGNATURE;
2654+ OCSP_request_add1_nonce;
2655+ ENGINE_set_cmd_defns;
2656+ OCSP_SERVICELOC_free;
2657+ EC_GROUP_free;
2658+ ASN1_BIT_STRING_it;
2659+ ASN1_BIT_STRING_it;
2660+ X509_REQ_it;
2661+ X509_REQ_it;
2662+ _ossl_old_des_cbc_encrypt;
2663+ ERR_unload_strings;
2664+ PKCS7_SIGN_ENVELOPE_it;
2665+ PKCS7_SIGN_ENVELOPE_it;
2666+ EDIPARTYNAME_free;
2667+ OCSP_REQINFO_free;
2668+ EC_GROUP_new_curve_GFp;
2669+ OCSP_REQUEST_get1_ext_d2i;
2670+ PKCS12_item_pack_safebag;
2671+ asn1_ex_c2i;
2672+ ENGINE_register_digests;
2673+ i2d_OCSP_REVOKEDINFO;
2674+ asn1_enc_restore;
2675+ UI_free;
2676+ UI_new_method;
2677+ EVP_EncryptInit_ex;
2678+ X509_pubkey_digest;
2679+ EC_POINT_invert;
2680+ OCSP_basic_sign;
2681+ i2d_OCSP_RESPID;
2682+ OCSP_check_nonce;
2683+ ENGINE_ctrl_cmd;
2684+ d2i_KRB5_ENCKEY;
2685+ OCSP_parse_url;
2686+ OCSP_SINGLERESP_get_ext;
2687+ OCSP_CRLID_free;
2688+ OCSP_BASICRESP_get1_ext_d2i;
2689+ RSAPrivateKey_it;
2690+ RSAPrivateKey_it;
2691+ ENGINE_register_all_DH;
2692+ i2d_EDIPARTYNAME;
2693+ EC_POINT_get_affine_coordinates_GFp;
2694+ EC_POINT_get_affine_coords_GFp;
2695+ OCSP_CRLID_new;
2696+ ENGINE_get_flags;
2697+ OCSP_ONEREQ_it;
2698+ OCSP_ONEREQ_it;
2699+ UI_process;
2700+ ASN1_INTEGER_it;
2701+ ASN1_INTEGER_it;
2702+ EVP_CipherInit_ex;
2703+ UI_get_string_type;
2704+ ENGINE_unregister_DH;
2705+ ENGINE_register_all_DSA;
2706+ OCSP_ONEREQ_get_ext_by_critical;
2707+ bn_dup_expand;
2708+ OCSP_cert_id_new;
2709+ BASIC_CONSTRAINTS_it;
2710+ BASIC_CONSTRAINTS_it;
2711+ BN_mod_add_quick;
2712+ EC_POINT_new;
2713+ EVP_MD_CTX_destroy;
2714+ OCSP_RESPBYTES_free;
2715+ EVP_aes_128_cbc;
2716+ OCSP_SINGLERESP_get1_ext_d2i;
2717+ EC_POINT_free;
2718+ DH_up_ref;
2719+ X509_NAME_ENTRY_it;
2720+ X509_NAME_ENTRY_it;
2721+ UI_get_ex_new_index;
2722+ BN_mod_sub_quick;
2723+ OCSP_ONEREQ_add_ext;
2724+ OCSP_request_sign;
2725+ EVP_DigestFinal_ex;
2726+ ENGINE_set_digests;
2727+ OCSP_id_issuer_cmp;
2728+ OBJ_NAME_do_all;
2729+ EC_POINTs_mul;
2730+ ENGINE_register_complete;
2731+ X509V3_EXT_nconf_nid;
2732+ ASN1_SEQUENCE_it;
2733+ ASN1_SEQUENCE_it;
2734+ UI_set_default_method;
2735+ RAND_query_egd_bytes;
2736+ UI_method_get_writer;
2737+ UI_OpenSSL;
2738+ PEM_def_callback;
2739+ ENGINE_cleanup;
2740+ DIST_POINT_it;
2741+ DIST_POINT_it;
2742+ OCSP_SINGLERESP_it;
2743+ OCSP_SINGLERESP_it;
2744+ d2i_KRB5_TKTBODY;
2745+ EC_POINT_cmp;
2746+ OCSP_REVOKEDINFO_new;
2747+ i2d_OCSP_CERTSTATUS;
2748+ OCSP_basic_add1_nonce;
2749+ ASN1_item_ex_d2i;
2750+ BN_mod_lshift1_quick;
2751+ UI_set_method;
2752+ OCSP_id_get0_info;
2753+ BN_mod_sqrt;
2754+ EC_GROUP_copy;
2755+ KRB5_ENCDATA_free;
2756+ _ossl_old_des_cfb_encrypt;
2757+ OCSP_SINGLERESP_get_ext_by_OBJ;
2758+ OCSP_cert_to_id;
2759+ OCSP_RESPID_new;
2760+ OCSP_RESPDATA_it;
2761+ OCSP_RESPDATA_it;
2762+ d2i_OCSP_RESPDATA;
2763+ ENGINE_register_all_complete;
2764+ OCSP_check_validity;
2765+ PKCS12_BAGS_it;
2766+ PKCS12_BAGS_it;
2767+ OCSP_url_svcloc_new;
2768+ ASN1_template_free;
2769+ OCSP_SINGLERESP_add_ext;
2770+ KRB5_AUTHENTBODY_it;
2771+ KRB5_AUTHENTBODY_it;
2772+ X509_supported_extension;
2773+ i2d_KRB5_AUTHDATA;
2774+ UI_method_get_opener;
2775+ ENGINE_set_ex_data;
2776+ OCSP_REQUEST_print;
2777+ CBIGNUM_it;
2778+ CBIGNUM_it;
2779+ KRB5_TICKET_new;
2780+ KRB5_APREQ_new;
2781+ EC_GROUP_get_curve_GFp;
2782+ KRB5_ENCKEY_new;
2783+ ASN1_template_d2i;
2784+ _ossl_old_des_quad_cksum;
2785+ OCSP_single_get0_status;
2786+ BN_swap;
2787+ POLICYINFO_it;
2788+ POLICYINFO_it;
2789+ ENGINE_set_destroy_function;
2790+ asn1_enc_free;
2791+ OCSP_RESPID_it;
2792+ OCSP_RESPID_it;
2793+ EC_GROUP_new;
2794+ EVP_aes_256_cbc;
2795+ i2d_KRB5_PRINCNAME;
2796+ _ossl_old_des_encrypt2;
2797+ _ossl_old_des_encrypt3;
2798+ PKCS8_PRIV_KEY_INFO_it;
2799+ PKCS8_PRIV_KEY_INFO_it;
2800+ OCSP_REQINFO_it;
2801+ OCSP_REQINFO_it;
2802+ PBEPARAM_it;
2803+ PBEPARAM_it;
2804+ KRB5_AUTHENTBODY_new;
2805+ X509_CRL_add0_revoked;
2806+ EDIPARTYNAME_it;
2807+ EDIPARTYNAME_it;
2808+ NETSCAPE_SPKI_it;
2809+ NETSCAPE_SPKI_it;
2810+ UI_get0_test_string;
2811+ ENGINE_get_cipher_engine;
2812+ ENGINE_register_all_ciphers;
2813+ EC_POINT_copy;
2814+ BN_kronecker;
2815+ _ossl_old_des_ede3_ofb64_encrypt;
2816+ _ossl_odes_ede3_ofb64_encrypt;
2817+ UI_method_get_reader;
2818+ OCSP_BASICRESP_get_ext_count;
2819+ ASN1_ENUMERATED_it;
2820+ ASN1_ENUMERATED_it;
2821+ UI_set_result;
2822+ i2d_KRB5_TICKET;
2823+ X509_print_ex_fp;
2824+ EVP_CIPHER_CTX_set_padding;
2825+ d2i_OCSP_RESPONSE;
2826+ ASN1_UTCTIME_it;
2827+ ASN1_UTCTIME_it;
2828+ _ossl_old_des_enc_write;
2829+ OCSP_RESPONSE_new;
2830+ AES_set_encrypt_key;
2831+ OCSP_resp_count;
2832+ KRB5_CHECKSUM_new;
2833+ ENGINE_load_cswift;
2834+ OCSP_onereq_get0_id;
2835+ ENGINE_set_default_ciphers;
2836+ NOTICEREF_it;
2837+ NOTICEREF_it;
2838+ X509V3_EXT_CRL_add_nconf;
2839+ OCSP_REVOKEDINFO_it;
2840+ OCSP_REVOKEDINFO_it;
2841+ AES_encrypt;
2842+ OCSP_REQUEST_new;
2843+ ASN1_ANY_it;
2844+ ASN1_ANY_it;
2845+ CRYPTO_ex_data_new_class;
2846+ _ossl_old_des_ncbc_encrypt;
2847+ i2d_KRB5_TKTBODY;
2848+ EC_POINT_clear_free;
2849+ AES_decrypt;
2850+ asn1_enc_init;
2851+ UI_get_result_maxsize;
2852+ OCSP_CERTID_new;
2853+ ENGINE_unregister_RAND;
2854+ UI_method_get_closer;
2855+ d2i_KRB5_ENCDATA;
2856+ OCSP_request_onereq_count;
2857+ OCSP_basic_verify;
2858+ KRB5_AUTHENTBODY_free;
2859+ ASN1_item_d2i;
2860+ ASN1_primitive_free;
2861+ i2d_EXTENDED_KEY_USAGE;
2862+ i2d_OCSP_SIGNATURE;
2863+ asn1_enc_save;
2864+ ENGINE_load_nuron;
2865+ _ossl_old_des_pcbc_encrypt;
2866+ PKCS12_MAC_DATA_it;
2867+ PKCS12_MAC_DATA_it;
2868+ OCSP_accept_responses_new;
2869+ asn1_do_lock;
2870+ PKCS7_ATTR_VERIFY_it;
2871+ PKCS7_ATTR_VERIFY_it;
2872+ KRB5_APREQBODY_it;
2873+ KRB5_APREQBODY_it;
2874+ i2d_OCSP_SINGLERESP;
2875+ ASN1_item_ex_new;
2876+ UI_add_verify_string;
2877+ _ossl_old_des_set_key;
2878+ KRB5_PRINCNAME_it;
2879+ KRB5_PRINCNAME_it;
2880+ EVP_DecryptInit_ex;
2881+ i2d_OCSP_CERTID;
2882+ ASN1_item_d2i_bio;
2883+ EC_POINT_dbl;
2884+ asn1_get_choice_selector;
2885+ i2d_KRB5_CHECKSUM;
2886+ ENGINE_set_table_flags;
2887+ AES_options;
2888+ ENGINE_load_chil;
2889+ OCSP_id_cmp;
2890+ OCSP_BASICRESP_new;
2891+ OCSP_REQUEST_get_ext_by_NID;
2892+ KRB5_APREQ_it;
2893+ KRB5_APREQ_it;
2894+ ENGINE_get_destroy_function;
2895+ CONF_set_nconf;
2896+ ASN1_PRINTABLE_free;
2897+ OCSP_BASICRESP_get_ext_by_NID;
2898+ DIST_POINT_NAME_it;
2899+ DIST_POINT_NAME_it;
2900+ X509V3_extensions_print;
2901+ _ossl_old_des_cfb64_encrypt;
2902+ X509_REVOKED_add1_ext_i2d;
2903+ _ossl_old_des_ofb_encrypt;
2904+ KRB5_TKTBODY_new;
2905+ ASN1_OCTET_STRING_it;
2906+ ASN1_OCTET_STRING_it;
2907+ ERR_load_UI_strings;
2908+ i2d_KRB5_ENCKEY;
2909+ ASN1_template_new;
2910+ OCSP_SIGNATURE_free;
2911+ ASN1_item_i2d_fp;
2912+ KRB5_PRINCNAME_free;
2913+ PKCS7_RECIP_INFO_it;
2914+ PKCS7_RECIP_INFO_it;
2915+ EXTENDED_KEY_USAGE_it;
2916+ EXTENDED_KEY_USAGE_it;
2917+ EC_GFp_simple_method;
2918+ EC_GROUP_precompute_mult;
2919+ OCSP_request_onereq_get0;
2920+ UI_method_set_writer;
2921+ KRB5_AUTHENT_new;
2922+ X509_CRL_INFO_it;
2923+ X509_CRL_INFO_it;
2924+ DSO_set_name_converter;
2925+ AES_set_decrypt_key;
2926+ PKCS7_DIGEST_it;
2927+ PKCS7_DIGEST_it;
2928+ PKCS12_x5092certbag;
2929+ EVP_DigestInit_ex;
2930+ i2a_ACCESS_DESCRIPTION;
2931+ OCSP_RESPONSE_it;
2932+ OCSP_RESPONSE_it;
2933+ PKCS7_ENC_CONTENT_it;
2934+ PKCS7_ENC_CONTENT_it;
2935+ OCSP_request_add0_id;
2936+ EC_POINT_make_affine;
2937+ DSO_get_filename;
2938+ OCSP_CERTSTATUS_it;
2939+ OCSP_CERTSTATUS_it;
2940+ OCSP_request_add1_cert;
2941+ UI_get0_output_string;
2942+ UI_dup_verify_string;
2943+ BN_mod_lshift;
2944+ KRB5_AUTHDATA_it;
2945+ KRB5_AUTHDATA_it;
2946+ asn1_set_choice_selector;
2947+ OCSP_basic_add1_status;
2948+ OCSP_RESPID_free;
2949+ asn1_get_field_ptr;
2950+ UI_add_input_string;
2951+ OCSP_CRLID_it;
2952+ OCSP_CRLID_it;
2953+ i2d_KRB5_AUTHENTBODY;
2954+ OCSP_REQUEST_get_ext_count;
2955+ ENGINE_load_atalla;
2956+ X509_NAME_it;
2957+ X509_NAME_it;
2958+ USERNOTICE_it;
2959+ USERNOTICE_it;
2960+ OCSP_REQINFO_new;
2961+ OCSP_BASICRESP_get_ext;
2962+ CRYPTO_get_ex_data_implementation;
2963+ CRYPTO_get_ex_data_impl;
2964+ ASN1_item_pack;
2965+ i2d_KRB5_ENCDATA;
2966+ X509_PURPOSE_set;
2967+ X509_REQ_INFO_it;
2968+ X509_REQ_INFO_it;
2969+ UI_method_set_opener;
2970+ ASN1_item_ex_free;
2971+ ASN1_BOOLEAN_it;
2972+ ASN1_BOOLEAN_it;
2973+ ENGINE_get_table_flags;
2974+ UI_create_method;
2975+ OCSP_ONEREQ_add1_ext_i2d;
2976+ _shadow_DES_check_key;
2977+ _shadow_DES_check_key;
2978+ d2i_OCSP_REQINFO;
2979+ UI_add_info_string;
2980+ UI_get_result_minsize;
2981+ ASN1_NULL_it;
2982+ ASN1_NULL_it;
2983+ BN_mod_lshift1;
2984+ d2i_OCSP_ONEREQ;
2985+ OCSP_ONEREQ_new;
2986+ KRB5_TICKET_it;
2987+ KRB5_TICKET_it;
2988+ EVP_aes_192_cbc;
2989+ KRB5_TICKET_free;
2990+ UI_new;
2991+ OCSP_response_create;
2992+ _ossl_old_des_xcbc_encrypt;
2993+ PKCS7_it;
2994+ PKCS7_it;
2995+ OCSP_REQUEST_get_ext_by_critical;
2996+ OCSP_REQUEST_get_ext_by_crit;
2997+ ENGINE_set_flags;
2998+ _ossl_old_des_ecb_encrypt;
2999+ OCSP_response_get1_basic;
3000+ EVP_Digest;
3001+ OCSP_ONEREQ_delete_ext;
3002+ ASN1_TBOOLEAN_it;
3003+ ASN1_TBOOLEAN_it;
3004+ ASN1_item_new;
3005+ ASN1_TIME_to_generalizedtime;
3006+ BIGNUM_it;
3007+ BIGNUM_it;
3008+ AES_cbc_encrypt;
3009+ ENGINE_get_load_privkey_function;
3010+ ENGINE_get_load_privkey_fn;
3011+ OCSP_RESPONSE_free;
3012+ UI_method_set_reader;
3013+ i2d_ASN1_T61STRING;
3014+ EC_POINT_set_to_infinity;
3015+ ERR_load_OCSP_strings;
3016+ EC_POINT_point2oct;
3017+ KRB5_APREQ_free;
3018+ ASN1_OBJECT_it;
3019+ ASN1_OBJECT_it;
3020+ OCSP_crlID_new;
3021+ OCSP_crlID2_new;
3022+ CONF_modules_load_file;
3023+ CONF_imodule_set_usr_data;
3024+ ENGINE_set_default_string;
3025+ CONF_module_get_usr_data;
3026+ ASN1_add_oid_module;
3027+ CONF_modules_finish;
3028+ OPENSSL_config;
3029+ CONF_modules_unload;
3030+ CONF_imodule_get_value;
3031+ CONF_module_set_usr_data;
3032+ CONF_parse_list;
3033+ CONF_module_add;
3034+ CONF_get1_default_config_file;
3035+ CONF_imodule_get_flags;
3036+ CONF_imodule_get_module;
3037+ CONF_modules_load;
3038+ CONF_imodule_get_name;
3039+ ERR_peek_top_error;
3040+ CONF_imodule_get_usr_data;
3041+ CONF_imodule_set_flags;
3042+ ENGINE_add_conf_module;
3043+ ERR_peek_last_error_line;
3044+ ERR_peek_last_error_line_data;
3045+ ERR_peek_last_error;
3046+ DES_read_2passwords;
3047+ DES_read_password;
3048+ UI_UTIL_read_pw;
3049+ UI_UTIL_read_pw_string;
3050+ ENGINE_load_aep;
3051+ ENGINE_load_sureware;
3052+ OPENSSL_add_all_algorithms_noconf;
3053+ OPENSSL_add_all_algo_noconf;
3054+ OPENSSL_add_all_algorithms_conf;
3055+ OPENSSL_add_all_algo_conf;
3056+ OPENSSL_load_builtin_modules;
3057+ AES_ofb128_encrypt;
3058+ AES_ctr128_encrypt;
3059+ AES_cfb128_encrypt;
3060+ ENGINE_load_4758cca;
3061+ _ossl_096_des_random_seed;
3062+ EVP_aes_256_ofb;
3063+ EVP_aes_192_ofb;
3064+ EVP_aes_128_cfb128;
3065+ EVP_aes_256_cfb128;
3066+ EVP_aes_128_ofb;
3067+ EVP_aes_192_cfb128;
3068+ CONF_modules_free;
3069+ NCONF_default;
3070+ OPENSSL_no_config;
3071+ NCONF_WIN32;
3072+ ASN1_UNIVERSALSTRING_new;
3073+ EVP_des_ede_ecb;
3074+ i2d_ASN1_UNIVERSALSTRING;
3075+ ASN1_UNIVERSALSTRING_free;
3076+ ASN1_UNIVERSALSTRING_it;
3077+ ASN1_UNIVERSALSTRING_it;
3078+ d2i_ASN1_UNIVERSALSTRING;
3079+ EVP_des_ede3_ecb;
3080+ X509_REQ_print_ex;
3081+ ENGINE_up_ref;
3082+ BUF_MEM_grow_clean;
3083+ CRYPTO_realloc_clean;
3084+ BUF_strlcat;
3085+ BIO_indent;
3086+ BUF_strlcpy;
3087+ OpenSSLDie;
3088+ OPENSSL_cleanse;
3089+ ENGINE_setup_bsd_cryptodev;
3090+ ERR_release_err_state_table;
3091+ EVP_aes_128_cfb8;
3092+ FIPS_corrupt_rsa;
3093+ FIPS_selftest_des;
3094+ EVP_aes_128_cfb1;
3095+ EVP_aes_192_cfb8;
3096+ FIPS_mode_set;
3097+ FIPS_selftest_dsa;
3098+ EVP_aes_256_cfb8;
3099+ FIPS_allow_md5;
3100+ DES_ede3_cfb_encrypt;
3101+ EVP_des_ede3_cfb8;
3102+ FIPS_rand_seeded;
3103+ AES_cfbr_encrypt_block;
3104+ AES_cfb8_encrypt;
3105+ FIPS_rand_seed;
3106+ FIPS_corrupt_des;
3107+ EVP_aes_192_cfb1;
3108+ FIPS_selftest_aes;
3109+ FIPS_set_prng_key;
3110+ EVP_des_cfb8;
3111+ FIPS_corrupt_dsa;
3112+ FIPS_test_mode;
3113+ FIPS_rand_method;
3114+ EVP_aes_256_cfb1;
3115+ ERR_load_FIPS_strings;
3116+ FIPS_corrupt_aes;
3117+ FIPS_selftest_sha1;
3118+ FIPS_selftest_rsa;
3119+ FIPS_corrupt_sha1;
3120+ EVP_des_cfb1;
3121+ FIPS_dsa_check;
3122+ AES_cfb1_encrypt;
3123+ EVP_des_ede3_cfb1;
3124+ FIPS_rand_check;
3125+ FIPS_md5_allowed;
3126+ FIPS_mode;
3127+ FIPS_selftest_failed;
3128+ sk_is_sorted;
3129+ X509_check_ca;
3130+ HMAC_CTX_set_flags;
3131+ d2i_PROXY_CERT_INFO_EXTENSION;
3132+ PROXY_POLICY_it;
3133+ PROXY_POLICY_it;
3134+ i2d_PROXY_POLICY;
3135+ i2d_PROXY_CERT_INFO_EXTENSION;
3136+ d2i_PROXY_POLICY;
3137+ PROXY_CERT_INFO_EXTENSION_new;
3138+ PROXY_CERT_INFO_EXTENSION_free;
3139+ PROXY_CERT_INFO_EXTENSION_it;
3140+ PROXY_CERT_INFO_EXTENSION_it;
3141+ PROXY_POLICY_free;
3142+ PROXY_POLICY_new;
3143+ BN_MONT_CTX_set_locked;
3144+ FIPS_selftest_rng;
3145+ EVP_sha384;
3146+ EVP_sha512;
3147+ EVP_sha224;
3148+ EVP_sha256;
3149+ FIPS_selftest_hmac;
3150+ FIPS_corrupt_rng;
3151+ BN_mod_exp_mont_consttime;
3152+ RSA_X931_hash_id;
3153+ RSA_padding_check_X931;
3154+ RSA_verify_PKCS1_PSS;
3155+ RSA_padding_add_X931;
3156+ RSA_padding_add_PKCS1_PSS;
3157+ PKCS1_MGF1;
3158+ BN_X931_generate_Xpq;
3159+ RSA_X931_generate_key;
3160+ BN_X931_derive_prime;
3161+ BN_X931_generate_prime;
3162+ RSA_X931_derive;
3163+ BIO_new_dgram;
3164+ BN_get0_nist_prime_384;
3165+ ERR_set_mark;
3166+ X509_STORE_CTX_set0_crls;
3167+ ENGINE_set_STORE;
3168+ ENGINE_register_ECDSA;
3169+ STORE_meth_set_list_start_fn;
3170+ STORE_method_set_list_start_function;
3171+ BN_BLINDING_invert_ex;
3172+ NAME_CONSTRAINTS_free;
3173+ STORE_ATTR_INFO_set_number;
3174+ BN_BLINDING_get_thread_id;
3175+ X509_STORE_CTX_set0_param;
3176+ POLICY_MAPPING_it;
3177+ POLICY_MAPPING_it;
3178+ STORE_parse_attrs_start;
3179+ POLICY_CONSTRAINTS_free;
3180+ EVP_PKEY_add1_attr_by_NID;
3181+ BN_nist_mod_192;
3182+ EC_GROUP_get_trinomial_basis;
3183+ STORE_set_method;
3184+ GENERAL_SUBTREE_free;
3185+ NAME_CONSTRAINTS_it;
3186+ NAME_CONSTRAINTS_it;
3187+ ECDH_get_default_method;
3188+ PKCS12_add_safe;
3189+ EC_KEY_new_by_curve_name;
3190+ STORE_meth_get_update_store_fn;
3191+ STORE_method_get_update_store_function;
3192+ ENGINE_register_ECDH;
3193+ SHA512_Update;
3194+ i2d_ECPrivateKey;
3195+ BN_get0_nist_prime_192;
3196+ STORE_modify_certificate;
3197+ EC_POINT_set_affine_coordinates_GF2m;
3198+ EC_POINT_set_affine_coords_GF2m;
3199+ BN_GF2m_mod_exp_arr;
3200+ STORE_ATTR_INFO_modify_number;
3201+ X509_keyid_get0;
3202+ ENGINE_load_gmp;
3203+ pitem_new;
3204+ BN_GF2m_mod_mul_arr;
3205+ STORE_list_public_key_endp;
3206+ o2i_ECPublicKey;
3207+ EC_KEY_copy;
3208+ BIO_dump_fp;
3209+ X509_policy_node_get0_parent;
3210+ EC_GROUP_check_discriminant;
3211+ i2o_ECPublicKey;
3212+ EC_KEY_precompute_mult;
3213+ a2i_IPADDRESS;
3214+ STORE_meth_set_initialise_fn;
3215+ STORE_method_set_initialise_function;
3216+ X509_STORE_CTX_set_depth;
3217+ X509_VERIFY_PARAM_inherit;
3218+ EC_POINT_point2bn;
3219+ STORE_ATTR_INFO_set_dn;
3220+ X509_policy_tree_get0_policies;
3221+ EC_GROUP_new_curve_GF2m;
3222+ STORE_destroy_method;
3223+ ENGINE_unregister_STORE;
3224+ EVP_PKEY_get1_EC_KEY;
3225+ STORE_ATTR_INFO_get0_number;
3226+ ENGINE_get_default_ECDH;
3227+ EC_KEY_get_conv_form;
3228+ ASN1_OCTET_STRING_NDEF_it;
3229+ ASN1_OCTET_STRING_NDEF_it;
3230+ STORE_delete_public_key;
3231+ STORE_get_public_key;
3232+ STORE_modify_arbitrary;
3233+ ENGINE_get_static_state;
3234+ pqueue_iterator;
3235+ ECDSA_SIG_new;
3236+ OPENSSL_DIR_end;
3237+ BN_GF2m_mod_sqr;
3238+ EC_POINT_bn2point;
3239+ X509_VERIFY_PARAM_set_depth;
3240+ EC_KEY_set_asn1_flag;
3241+ STORE_get_method;
3242+ EC_KEY_get_key_method_data;
3243+ ECDSA_sign_ex;
3244+ STORE_parse_attrs_end;
3245+ EC_GROUP_get_point_conversion_form;
3246+ EC_GROUP_get_point_conv_form;
3247+ STORE_method_set_store_function;
3248+ STORE_ATTR_INFO_in;
3249+ PEM_read_bio_ECPKParameters;
3250+ EC_GROUP_get_pentanomial_basis;
3251+ EVP_PKEY_add1_attr_by_txt;
3252+ BN_BLINDING_set_flags;
3253+ X509_VERIFY_PARAM_set1_policies;
3254+ X509_VERIFY_PARAM_set1_name;
3255+ X509_VERIFY_PARAM_set_purpose;
3256+ STORE_get_number;
3257+ ECDSA_sign_setup;
3258+ BN_GF2m_mod_solve_quad_arr;
3259+ EC_KEY_up_ref;
3260+ POLICY_MAPPING_free;
3261+ BN_GF2m_mod_div;
3262+ X509_VERIFY_PARAM_set_flags;
3263+ EC_KEY_free;
3264+ STORE_meth_set_list_next_fn;
3265+ STORE_method_set_list_next_function;
3266+ PEM_write_bio_ECPrivateKey;
3267+ d2i_EC_PUBKEY;
3268+ STORE_meth_get_generate_fn;
3269+ STORE_method_get_generate_function;
3270+ STORE_meth_set_list_end_fn;
3271+ STORE_method_set_list_end_function;
3272+ pqueue_print;
3273+ EC_GROUP_have_precompute_mult;
3274+ EC_KEY_print_fp;
3275+ BN_GF2m_mod_arr;
3276+ PEM_write_bio_X509_CERT_PAIR;
3277+ EVP_PKEY_cmp;
3278+ X509_policy_level_node_count;
3279+ STORE_new_engine;
3280+ STORE_list_public_key_start;
3281+ X509_VERIFY_PARAM_new;
3282+ ECDH_get_ex_data;
3283+ EVP_PKEY_get_attr;
3284+ ECDSA_do_sign;
3285+ ENGINE_unregister_ECDH;
3286+ ECDH_OpenSSL;
3287+ EC_KEY_set_conv_form;
3288+ EC_POINT_dup;
3289+ GENERAL_SUBTREE_new;
3290+ STORE_list_crl_endp;
3291+ EC_get_builtin_curves;
3292+ X509_policy_node_get0_qualifiers;
3293+ X509_pcy_node_get0_qualifiers;
3294+ STORE_list_crl_end;
3295+ EVP_PKEY_set1_EC_KEY;
3296+ BN_GF2m_mod_sqrt_arr;
3297+ i2d_ECPrivateKey_bio;
3298+ ECPKParameters_print_fp;
3299+ pqueue_find;
3300+ ECDSA_SIG_free;
3301+ PEM_write_bio_ECPKParameters;
3302+ STORE_method_set_ctrl_function;
3303+ STORE_list_public_key_end;
3304+ EC_KEY_set_private_key;
3305+ pqueue_peek;
3306+ STORE_get_arbitrary;
3307+ STORE_store_crl;
3308+ X509_policy_node_get0_policy;
3309+ PKCS12_add_safes;
3310+ BN_BLINDING_convert_ex;
3311+ X509_policy_tree_free;
3312+ OPENSSL_ia32cap_loc;
3313+ BN_GF2m_poly2arr;
3314+ STORE_ctrl;
3315+ STORE_ATTR_INFO_compare;
3316+ BN_get0_nist_prime_224;
3317+ i2d_ECParameters;
3318+ i2d_ECPKParameters;
3319+ BN_GENCB_call;
3320+ d2i_ECPKParameters;
3321+ STORE_meth_set_generate_fn;
3322+ STORE_method_set_generate_function;
3323+ ENGINE_set_ECDH;
3324+ NAME_CONSTRAINTS_new;
3325+ SHA256_Init;
3326+ EC_KEY_get0_public_key;
3327+ PEM_write_bio_EC_PUBKEY;
3328+ STORE_ATTR_INFO_set_cstr;
3329+ STORE_list_crl_next;
3330+ STORE_ATTR_INFO_in_range;
3331+ ECParameters_print;
3332+ STORE_meth_set_delete_fn;
3333+ STORE_method_set_delete_function;
3334+ STORE_list_certificate_next;
3335+ ASN1_generate_nconf;
3336+ BUF_memdup;
3337+ BN_GF2m_mod_mul;
3338+ STORE_meth_get_list_next_fn;
3339+ STORE_method_get_list_next_function;
3340+ STORE_ATTR_INFO_get0_dn;
3341+ STORE_list_private_key_next;
3342+ EC_GROUP_set_seed;
3343+ X509_VERIFY_PARAM_set_trust;
3344+ STORE_ATTR_INFO_free;
3345+ STORE_get_private_key;
3346+ EVP_PKEY_get_attr_count;
3347+ STORE_ATTR_INFO_new;
3348+ EC_GROUP_get_curve_GF2m;
3349+ STORE_meth_set_revoke_fn;
3350+ STORE_method_set_revoke_function;
3351+ STORE_store_number;
3352+ BN_is_prime_ex;
3353+ STORE_revoke_public_key;
3354+ X509_STORE_CTX_get0_param;
3355+ STORE_delete_arbitrary;
3356+ PEM_read_X509_CERT_PAIR;
3357+ X509_STORE_set_depth;
3358+ ECDSA_get_ex_data;
3359+ SHA224;
3360+ BIO_dump_indent_fp;
3361+ EC_KEY_set_group;
3362+ BUF_strndup;
3363+ STORE_list_certificate_start;
3364+ BN_GF2m_mod;
3365+ X509_REQ_check_private_key;
3366+ EC_GROUP_get_seed_len;
3367+ ERR_load_STORE_strings;
3368+ PEM_read_bio_EC_PUBKEY;
3369+ STORE_list_private_key_end;
3370+ i2d_EC_PUBKEY;
3371+ ECDSA_get_default_method;
3372+ ASN1_put_eoc;
3373+ X509_STORE_CTX_get_explicit_policy;
3374+ X509_STORE_CTX_get_expl_policy;
3375+ X509_VERIFY_PARAM_table_cleanup;
3376+ STORE_modify_private_key;
3377+ X509_VERIFY_PARAM_free;
3378+ EC_METHOD_get_field_type;
3379+ EC_GFp_nist_method;
3380+ STORE_meth_set_modify_fn;
3381+ STORE_method_set_modify_function;
3382+ STORE_parse_attrs_next;
3383+ ENGINE_load_padlock;
3384+ EC_GROUP_set_curve_name;
3385+ X509_CERT_PAIR_it;
3386+ X509_CERT_PAIR_it;
3387+ STORE_meth_get_revoke_fn;
3388+ STORE_method_get_revoke_function;
3389+ STORE_method_set_get_function;
3390+ STORE_modify_number;
3391+ STORE_method_get_store_function;
3392+ STORE_store_private_key;
3393+ BN_GF2m_mod_sqr_arr;
3394+ RSA_setup_blinding;
3395+ BIO_s_datagram;
3396+ STORE_Memory;
3397+ sk_find_ex;
3398+ EC_GROUP_set_curve_GF2m;
3399+ ENGINE_set_default_ECDSA;
3400+ POLICY_CONSTRAINTS_new;
3401+ BN_GF2m_mod_sqrt;
3402+ ECDH_set_default_method;
3403+ EC_KEY_generate_key;
3404+ SHA384_Update;
3405+ BN_GF2m_arr2poly;
3406+ STORE_method_get_get_function;
3407+ STORE_meth_set_cleanup_fn;
3408+ STORE_method_set_cleanup_function;
3409+ EC_GROUP_check;
3410+ d2i_ECPrivateKey_bio;
3411+ EC_KEY_insert_key_method_data;
3412+ STORE_meth_get_lock_store_fn;
3413+ STORE_method_get_lock_store_function;
3414+ X509_VERIFY_PARAM_get_depth;
3415+ SHA224_Final;
3416+ STORE_meth_set_update_store_fn;
3417+ STORE_method_set_update_store_function;
3418+ SHA224_Update;
3419+ d2i_ECPrivateKey;
3420+ ASN1_item_ndef_i2d;
3421+ STORE_delete_private_key;
3422+ ERR_pop_to_mark;
3423+ ENGINE_register_all_STORE;
3424+ X509_policy_level_get0_node;
3425+ i2d_PKCS7_NDEF;
3426+ EC_GROUP_get_degree;
3427+ ASN1_generate_v3;
3428+ STORE_ATTR_INFO_modify_cstr;
3429+ X509_policy_tree_level_count;
3430+ BN_GF2m_add;
3431+ EC_KEY_get0_group;
3432+ STORE_generate_crl;
3433+ STORE_store_public_key;
3434+ X509_CERT_PAIR_free;
3435+ STORE_revoke_private_key;
3436+ BN_nist_mod_224;
3437+ SHA512_Final;
3438+ STORE_ATTR_INFO_modify_dn;
3439+ STORE_meth_get_initialise_fn;
3440+ STORE_method_get_initialise_function;
3441+ STORE_delete_number;
3442+ i2d_EC_PUBKEY_bio;
3443+ BIO_dgram_non_fatal_error;
3444+ EC_GROUP_get_asn1_flag;
3445+ STORE_ATTR_INFO_in_ex;
3446+ STORE_list_crl_start;
3447+ ECDH_get_ex_new_index;
3448+ STORE_meth_get_modify_fn;
3449+ STORE_method_get_modify_function;
3450+ v2i_ASN1_BIT_STRING;
3451+ STORE_store_certificate;
3452+ OBJ_bsearch_ex;
3453+ X509_STORE_CTX_set_default;
3454+ STORE_ATTR_INFO_set_sha1str;
3455+ BN_GF2m_mod_inv;
3456+ BN_GF2m_mod_exp;
3457+ STORE_modify_public_key;
3458+ STORE_meth_get_list_start_fn;
3459+ STORE_method_get_list_start_function;
3460+ EC_GROUP_get0_seed;
3461+ STORE_store_arbitrary;
3462+ STORE_meth_set_unlock_store_fn;
3463+ STORE_method_set_unlock_store_function;
3464+ BN_GF2m_mod_div_arr;
3465+ ENGINE_set_ECDSA;
3466+ STORE_create_method;
3467+ ECPKParameters_print;
3468+ EC_KEY_get0_private_key;
3469+ PEM_write_EC_PUBKEY;
3470+ X509_VERIFY_PARAM_set1;
3471+ ECDH_set_method;
3472+ v2i_GENERAL_NAME_ex;
3473+ ECDH_set_ex_data;
3474+ STORE_generate_key;
3475+ BN_nist_mod_521;
3476+ X509_policy_tree_get0_level;
3477+ EC_GROUP_set_point_conversion_form;
3478+ EC_GROUP_set_point_conv_form;
3479+ PEM_read_EC_PUBKEY;
3480+ i2d_ECDSA_SIG;
3481+ ECDSA_OpenSSL;
3482+ STORE_delete_crl;
3483+ EC_KEY_get_enc_flags;
3484+ ASN1_const_check_infinite_end;
3485+ EVP_PKEY_delete_attr;
3486+ ECDSA_set_default_method;
3487+ EC_POINT_set_compressed_coordinates_GF2m;
3488+ EC_POINT_set_compr_coords_GF2m;
3489+ EC_GROUP_cmp;
3490+ STORE_revoke_certificate;
3491+ BN_get0_nist_prime_256;
3492+ STORE_meth_get_delete_fn;
3493+ STORE_method_get_delete_function;
3494+ SHA224_Init;
3495+ PEM_read_ECPrivateKey;
3496+ SHA512_Init;
3497+ STORE_parse_attrs_endp;
3498+ BN_set_negative;
3499+ ERR_load_ECDSA_strings;
3500+ EC_GROUP_get_basis_type;
3501+ STORE_list_public_key_next;
3502+ i2v_ASN1_BIT_STRING;
3503+ STORE_OBJECT_free;
3504+ BN_nist_mod_384;
3505+ i2d_X509_CERT_PAIR;
3506+ PEM_write_ECPKParameters;
3507+ ECDH_compute_key;
3508+ STORE_ATTR_INFO_get0_sha1str;
3509+ ENGINE_register_all_ECDH;
3510+ pqueue_pop;
3511+ STORE_ATTR_INFO_get0_cstr;
3512+ POLICY_CONSTRAINTS_it;
3513+ POLICY_CONSTRAINTS_it;
3514+ STORE_get_ex_new_index;
3515+ EVP_PKEY_get_attr_by_OBJ;
3516+ X509_VERIFY_PARAM_add0_policy;
3517+ BN_GF2m_mod_solve_quad;
3518+ SHA256;
3519+ i2d_ECPrivateKey_fp;
3520+ X509_policy_tree_get0_user_policies;
3521+ X509_pcy_tree_get0_usr_policies;
3522+ OPENSSL_DIR_read;
3523+ ENGINE_register_all_ECDSA;
3524+ X509_VERIFY_PARAM_lookup;
3525+ EC_POINT_get_affine_coordinates_GF2m;
3526+ EC_POINT_get_affine_coords_GF2m;
3527+ EC_GROUP_dup;
3528+ ENGINE_get_default_ECDSA;
3529+ EC_KEY_new;
3530+ SHA256_Transform;
3531+ EC_KEY_set_enc_flags;
3532+ ECDSA_verify;
3533+ EC_POINT_point2hex;
3534+ ENGINE_get_STORE;
3535+ SHA512;
3536+ STORE_get_certificate;
3537+ ECDSA_do_sign_ex;
3538+ ECDSA_do_verify;
3539+ d2i_ECPrivateKey_fp;
3540+ STORE_delete_certificate;
3541+ SHA512_Transform;
3542+ X509_STORE_set1_param;
3543+ STORE_method_get_ctrl_function;
3544+ STORE_free;
3545+ PEM_write_ECPrivateKey;
3546+ STORE_meth_get_unlock_store_fn;
3547+ STORE_method_get_unlock_store_function;
3548+ STORE_get_ex_data;
3549+ EC_KEY_set_public_key;
3550+ PEM_read_ECPKParameters;
3551+ X509_CERT_PAIR_new;
3552+ ENGINE_register_STORE;
3553+ RSA_generate_key_ex;
3554+ DSA_generate_parameters_ex;
3555+ ECParameters_print_fp;
3556+ X509V3_NAME_from_section;
3557+ EVP_PKEY_add1_attr;
3558+ STORE_modify_crl;
3559+ STORE_list_private_key_start;
3560+ POLICY_MAPPINGS_it;
3561+ POLICY_MAPPINGS_it;
3562+ GENERAL_SUBTREE_it;
3563+ GENERAL_SUBTREE_it;
3564+ EC_GROUP_get_curve_name;
3565+ PEM_write_X509_CERT_PAIR;
3566+ BIO_dump_indent_cb;
3567+ d2i_X509_CERT_PAIR;
3568+ STORE_list_private_key_endp;
3569+ asn1_const_Finish;
3570+ i2d_EC_PUBKEY_fp;
3571+ BN_nist_mod_256;
3572+ X509_VERIFY_PARAM_add0_table;
3573+ pqueue_free;
3574+ BN_BLINDING_create_param;
3575+ ECDSA_size;
3576+ d2i_EC_PUBKEY_bio;
3577+ BN_get0_nist_prime_521;
3578+ STORE_ATTR_INFO_modify_sha1str;
3579+ BN_generate_prime_ex;
3580+ EC_GROUP_new_by_curve_name;
3581+ SHA256_Final;
3582+ DH_generate_parameters_ex;
3583+ PEM_read_bio_ECPrivateKey;
3584+ STORE_meth_get_cleanup_fn;
3585+ STORE_method_get_cleanup_function;
3586+ ENGINE_get_ECDH;
3587+ d2i_ECDSA_SIG;
3588+ BN_is_prime_fasttest_ex;
3589+ ECDSA_sign;
3590+ X509_policy_check;
3591+ EVP_PKEY_get_attr_by_NID;
3592+ STORE_set_ex_data;
3593+ ENGINE_get_ECDSA;
3594+ EVP_ecdsa;
3595+ BN_BLINDING_get_flags;
3596+ PKCS12_add_cert;
3597+ STORE_OBJECT_new;
3598+ ERR_load_ECDH_strings;
3599+ EC_KEY_dup;
3600+ EVP_CIPHER_CTX_rand_key;
3601+ ECDSA_set_method;
3602+ a2i_IPADDRESS_NC;
3603+ d2i_ECParameters;
3604+ STORE_list_certificate_end;
3605+ STORE_get_crl;
3606+ X509_POLICY_NODE_print;
3607+ SHA384_Init;
3608+ EC_GF2m_simple_method;
3609+ ECDSA_set_ex_data;
3610+ SHA384_Final;
3611+ PKCS7_set_digest;
3612+ EC_KEY_print;
3613+ STORE_meth_set_lock_store_fn;
3614+ STORE_method_set_lock_store_function;
3615+ ECDSA_get_ex_new_index;
3616+ SHA384;
3617+ POLICY_MAPPING_new;
3618+ STORE_list_certificate_endp;
3619+ X509_STORE_CTX_get0_policy_tree;
3620+ EC_GROUP_set_asn1_flag;
3621+ EC_KEY_check_key;
3622+ d2i_EC_PUBKEY_fp;
3623+ PKCS7_set0_type_other;
3624+ PEM_read_bio_X509_CERT_PAIR;
3625+ pqueue_next;
3626+ STORE_meth_get_list_end_fn;
3627+ STORE_method_get_list_end_function;
3628+ EVP_PKEY_add1_attr_by_OBJ;
3629+ X509_VERIFY_PARAM_set_time;
3630+ pqueue_new;
3631+ ENGINE_set_default_ECDH;
3632+ STORE_new_method;
3633+ PKCS12_add_key;
3634+ DSO_merge;
3635+ EC_POINT_hex2point;
3636+ BIO_dump_cb;
3637+ SHA256_Update;
3638+ pqueue_insert;
3639+ pitem_free;
3640+ BN_GF2m_mod_inv_arr;
3641+ ENGINE_unregister_ECDSA;
3642+ BN_BLINDING_set_thread_id;
3643+ get_rfc3526_prime_8192;
3644+ X509_VERIFY_PARAM_clear_flags;
3645+ get_rfc2409_prime_1024;
3646+ DH_check_pub_key;
3647+ get_rfc3526_prime_2048;
3648+ get_rfc3526_prime_6144;
3649+ get_rfc3526_prime_1536;
3650+ get_rfc3526_prime_3072;
3651+ get_rfc3526_prime_4096;
3652+ get_rfc2409_prime_768;
3653+ X509_VERIFY_PARAM_get_flags;
3654+ EVP_CIPHER_CTX_new;
3655+ EVP_CIPHER_CTX_free;
3656+ Camellia_cbc_encrypt;
3657+ Camellia_cfb128_encrypt;
3658+ Camellia_cfb1_encrypt;
3659+ Camellia_cfb8_encrypt;
3660+ Camellia_ctr128_encrypt;
3661+ Camellia_cfbr_encrypt_block;
3662+ Camellia_decrypt;
3663+ Camellia_ecb_encrypt;
3664+ Camellia_encrypt;
3665+ Camellia_ofb128_encrypt;
3666+ Camellia_set_key;
3667+ EVP_camellia_128_cbc;
3668+ EVP_camellia_128_cfb128;
3669+ EVP_camellia_128_cfb1;
3670+ EVP_camellia_128_cfb8;
3671+ EVP_camellia_128_ecb;
3672+ EVP_camellia_128_ofb;
3673+ EVP_camellia_192_cbc;
3674+ EVP_camellia_192_cfb128;
3675+ EVP_camellia_192_cfb1;
3676+ EVP_camellia_192_cfb8;
3677+ EVP_camellia_192_ecb;
3678+ EVP_camellia_192_ofb;
3679+ EVP_camellia_256_cbc;
3680+ EVP_camellia_256_cfb128;
3681+ EVP_camellia_256_cfb1;
3682+ EVP_camellia_256_cfb8;
3683+ EVP_camellia_256_ecb;
3684+ EVP_camellia_256_ofb;
3685+ a2i_ipadd;
3686+ ASIdentifiers_free;
3687+ i2d_ASIdOrRange;
3688+ EVP_CIPHER_block_size;
3689+ v3_asid_is_canonical;
3690+ IPAddressChoice_free;
3691+ EVP_CIPHER_CTX_set_app_data;
3692+ BIO_set_callback_arg;
3693+ v3_addr_add_prefix;
3694+ IPAddressOrRange_it;
3695+ IPAddressOrRange_it;
3696+ BIO_set_flags;
3697+ ASIdentifiers_it;
3698+ ASIdentifiers_it;
3699+ v3_addr_get_range;
3700+ BIO_method_type;
3701+ v3_addr_inherits;
3702+ IPAddressChoice_it;
3703+ IPAddressChoice_it;
3704+ AES_ige_encrypt;
3705+ v3_addr_add_range;
3706+ EVP_CIPHER_CTX_nid;
3707+ d2i_ASRange;
3708+ v3_addr_add_inherit;
3709+ v3_asid_add_id_or_range;
3710+ v3_addr_validate_resource_set;
3711+ EVP_CIPHER_iv_length;
3712+ EVP_MD_type;
3713+ v3_asid_canonize;
3714+ IPAddressRange_free;
3715+ v3_asid_add_inherit;
3716+ EVP_CIPHER_CTX_key_length;
3717+ IPAddressRange_new;
3718+ ASIdOrRange_new;
3719+ EVP_MD_size;
3720+ EVP_MD_CTX_test_flags;
3721+ BIO_clear_flags;
3722+ i2d_ASRange;
3723+ IPAddressRange_it;
3724+ IPAddressRange_it;
3725+ IPAddressChoice_new;
3726+ ASIdentifierChoice_new;
3727+ ASRange_free;
3728+ EVP_MD_pkey_type;
3729+ EVP_MD_CTX_clear_flags;
3730+ IPAddressFamily_free;
3731+ i2d_IPAddressFamily;
3732+ IPAddressOrRange_new;
3733+ EVP_CIPHER_flags;
3734+ v3_asid_validate_resource_set;
3735+ d2i_IPAddressRange;
3736+ AES_bi_ige_encrypt;
3737+ BIO_get_callback;
3738+ IPAddressOrRange_free;
3739+ v3_addr_subset;
3740+ d2i_IPAddressFamily;
3741+ v3_asid_subset;
3742+ BIO_test_flags;
3743+ i2d_ASIdentifierChoice;
3744+ ASRange_it;
3745+ ASRange_it;
3746+ d2i_ASIdentifiers;
3747+ ASRange_new;
3748+ d2i_IPAddressChoice;
3749+ v3_addr_get_afi;
3750+ EVP_CIPHER_key_length;
3751+ EVP_Cipher;
3752+ i2d_IPAddressOrRange;
3753+ ASIdOrRange_it;
3754+ ASIdOrRange_it;
3755+ EVP_CIPHER_nid;
3756+ i2d_IPAddressChoice;
3757+ EVP_CIPHER_CTX_block_size;
3758+ ASIdentifiers_new;
3759+ v3_addr_validate_path;
3760+ IPAddressFamily_new;
3761+ EVP_MD_CTX_set_flags;
3762+ v3_addr_is_canonical;
3763+ i2d_IPAddressRange;
3764+ IPAddressFamily_it;
3765+ IPAddressFamily_it;
3766+ v3_asid_inherits;
3767+ EVP_CIPHER_CTX_cipher;
3768+ EVP_CIPHER_CTX_get_app_data;
3769+ EVP_MD_block_size;
3770+ EVP_CIPHER_CTX_flags;
3771+ v3_asid_validate_path;
3772+ d2i_IPAddressOrRange;
3773+ v3_addr_canonize;
3774+ ASIdentifierChoice_it;
3775+ ASIdentifierChoice_it;
3776+ EVP_MD_CTX_md;
3777+ d2i_ASIdentifierChoice;
3778+ BIO_method_name;
3779+ EVP_CIPHER_CTX_iv_length;
3780+ ASIdOrRange_free;
3781+ ASIdentifierChoice_free;
3782+ BIO_get_callback_arg;
3783+ BIO_set_callback;
3784+ d2i_ASIdOrRange;
3785+ i2d_ASIdentifiers;
3786+ SEED_decrypt;
3787+ SEED_encrypt;
3788+ SEED_cbc_encrypt;
3789+ EVP_seed_ofb;
3790+ SEED_cfb128_encrypt;
3791+ SEED_ofb128_encrypt;
3792+ EVP_seed_cbc;
3793+ SEED_ecb_encrypt;
3794+ EVP_seed_ecb;
3795+ SEED_set_key;
3796+ EVP_seed_cfb128;
3797+ X509_EXTENSIONS_it;
3798+ X509_EXTENSIONS_it;
3799+ X509_get1_ocsp;
3800+ OCSP_REQ_CTX_free;
3801+ i2d_X509_EXTENSIONS;
3802+ OCSP_sendreq_nbio;
3803+ OCSP_sendreq_new;
3804+ d2i_X509_EXTENSIONS;
3805+ X509_ALGORS_it;
3806+ X509_ALGORS_it;
3807+ X509_ALGOR_get0;
3808+ X509_ALGOR_set0;
3809+ AES_unwrap_key;
3810+ AES_wrap_key;
3811+ X509at_get0_data_by_OBJ;
3812+ ASN1_TYPE_set1;
3813+ ASN1_STRING_set0;
3814+ i2d_X509_ALGORS;
3815+ BIO_f_zlib;
3816+ COMP_zlib_cleanup;
3817+ d2i_X509_ALGORS;
3818+ CMS_ReceiptRequest_free;
3819+ PEM_write_CMS;
3820+ CMS_add0_CertificateChoices;
3821+ CMS_unsigned_add1_attr_by_OBJ;
3822+ ERR_load_CMS_strings;
3823+ CMS_sign_receipt;
3824+ i2d_CMS_ContentInfo;
3825+ CMS_signed_delete_attr;
3826+ d2i_CMS_bio;
3827+ CMS_unsigned_get_attr_by_NID;
3828+ CMS_verify;
3829+ SMIME_read_CMS;
3830+ CMS_decrypt_set1_key;
3831+ CMS_SignerInfo_get0_algs;
3832+ CMS_add1_cert;
3833+ CMS_set_detached;
3834+ CMS_encrypt;
3835+ CMS_EnvelopedData_create;
3836+ CMS_uncompress;
3837+ CMS_add0_crl;
3838+ CMS_SignerInfo_verify_content;
3839+ CMS_unsigned_get0_data_by_OBJ;
3840+ PEM_write_bio_CMS;
3841+ CMS_unsigned_get_attr;
3842+ CMS_RecipientInfo_ktri_cert_cmp;
3843+ CMS_RecipientInfo_ktri_get0_algs;
3844+ CMS_RecipInfo_ktri_get0_algs;
3845+ CMS_ContentInfo_free;
3846+ CMS_final;
3847+ CMS_add_simple_smimecap;
3848+ CMS_SignerInfo_verify;
3849+ CMS_data;
3850+ CMS_ContentInfo_it;
3851+ CMS_ContentInfo_it;
3852+ d2i_CMS_ReceiptRequest;
3853+ CMS_compress;
3854+ CMS_digest_create;
3855+ CMS_SignerInfo_cert_cmp;
3856+ CMS_SignerInfo_sign;
3857+ CMS_data_create;
3858+ i2d_CMS_bio;
3859+ CMS_EncryptedData_set1_key;
3860+ CMS_decrypt;
3861+ int_smime_write_ASN1;
3862+ CMS_unsigned_delete_attr;
3863+ CMS_unsigned_get_attr_count;
3864+ CMS_add_smimecap;
3865+ PEM_read_CMS;
3866+ CMS_signed_get_attr_by_OBJ;
3867+ d2i_CMS_ContentInfo;
3868+ CMS_add_standard_smimecap;
3869+ CMS_ContentInfo_new;
3870+ CMS_RecipientInfo_type;
3871+ CMS_get0_type;
3872+ CMS_is_detached;
3873+ CMS_sign;
3874+ CMS_signed_add1_attr;
3875+ CMS_unsigned_get_attr_by_OBJ;
3876+ SMIME_write_CMS;
3877+ CMS_EncryptedData_decrypt;
3878+ CMS_get0_RecipientInfos;
3879+ CMS_add0_RevocationInfoChoice;
3880+ CMS_decrypt_set1_pkey;
3881+ CMS_SignerInfo_set1_signer_cert;
3882+ CMS_get0_signers;
3883+ CMS_ReceiptRequest_get0_values;
3884+ CMS_signed_get0_data_by_OBJ;
3885+ CMS_get0_SignerInfos;
3886+ CMS_add0_cert;
3887+ CMS_EncryptedData_encrypt;
3888+ CMS_digest_verify;
3889+ CMS_set1_signers_certs;
3890+ CMS_signed_get_attr;
3891+ CMS_RecipientInfo_set0_key;
3892+ CMS_SignedData_init;
3893+ CMS_RecipientInfo_kekri_get0_id;
3894+ CMS_verify_receipt;
3895+ CMS_ReceiptRequest_it;
3896+ CMS_ReceiptRequest_it;
3897+ PEM_read_bio_CMS;
3898+ CMS_get1_crls;
3899+ CMS_add0_recipient_key;
3900+ SMIME_read_ASN1;
3901+ CMS_ReceiptRequest_new;
3902+ CMS_get0_content;
3903+ CMS_get1_ReceiptRequest;
3904+ CMS_signed_add1_attr_by_OBJ;
3905+ CMS_RecipientInfo_kekri_id_cmp;
3906+ CMS_add1_ReceiptRequest;
3907+ CMS_SignerInfo_get0_signer_id;
3908+ CMS_unsigned_add1_attr_by_NID;
3909+ CMS_unsigned_add1_attr;
3910+ CMS_signed_get_attr_by_NID;
3911+ CMS_get1_certs;
3912+ CMS_signed_add1_attr_by_NID;
3913+ CMS_unsigned_add1_attr_by_txt;
3914+ CMS_dataFinal;
3915+ CMS_RecipientInfo_ktri_get0_signer_id;
3916+ CMS_RecipInfo_ktri_get0_sigr_id;
3917+ i2d_CMS_ReceiptRequest;
3918+ CMS_add1_recipient_cert;
3919+ CMS_dataInit;
3920+ CMS_signed_add1_attr_by_txt;
3921+ CMS_RecipientInfo_decrypt;
3922+ CMS_signed_get_attr_count;
3923+ CMS_get0_eContentType;
3924+ CMS_set1_eContentType;
3925+ CMS_ReceiptRequest_create0;
3926+ CMS_add1_signer;
3927+ CMS_RecipientInfo_set0_pkey;
3928+ ENGINE_set_load_ssl_client_cert_function;
3929+ ENGINE_set_ld_ssl_clnt_cert_fn;
3930+ ENGINE_get_ssl_client_cert_function;
3931+ ENGINE_get_ssl_client_cert_fn;
3932+ ENGINE_load_ssl_client_cert;
3933+ ENGINE_load_capi;
3934+ OPENSSL_isservice;
3935+ FIPS_dsa_sig_decode;
3936+ EVP_CIPHER_CTX_clear_flags;
3937+ FIPS_rand_status;
3938+ FIPS_rand_set_key;
3939+ CRYPTO_set_mem_info_functions;
3940+ RSA_X931_generate_key_ex;
3941+ int_ERR_set_state_func;
3942+ int_EVP_MD_set_engine_callbacks;
3943+ int_CRYPTO_set_do_dynlock_callback;
3944+ FIPS_rng_stick;
3945+ EVP_CIPHER_CTX_set_flags;
3946+ BN_X931_generate_prime_ex;
3947+ FIPS_selftest_check;
3948+ FIPS_rand_set_dt;
3949+ CRYPTO_dbg_pop_info;
3950+ FIPS_dsa_free;
3951+ RSA_X931_derive_ex;
3952+ FIPS_rsa_new;
3953+ FIPS_rand_bytes;
3954+ fips_cipher_test;
3955+ EVP_CIPHER_CTX_test_flags;
3956+ CRYPTO_malloc_debug_init;
3957+ CRYPTO_dbg_push_info;
3958+ FIPS_corrupt_rsa_keygen;
3959+ FIPS_dh_new;
3960+ FIPS_corrupt_dsa_keygen;
3961+ FIPS_dh_free;
3962+ fips_pkey_signature_test;
3963+ EVP_add_alg_module;
3964+ int_RAND_init_engine_callbacks;
3965+ int_EVP_CIPHER_set_engine_callbacks;
3966+ int_EVP_MD_init_engine_callbacks;
3967+ FIPS_rand_test_mode;
3968+ FIPS_rand_reset;
3969+ FIPS_dsa_new;
3970+ int_RAND_set_callbacks;
3971+ BN_X931_derive_prime_ex;
3972+ int_ERR_lib_init;
3973+ int_EVP_CIPHER_init_engine_callbacks;
3974+ FIPS_rsa_free;
3975+ FIPS_dsa_sig_encode;
3976+ CRYPTO_dbg_remove_all_info;
3977+ OPENSSL_init;
3978+ CRYPTO_strdup;
3979+ JPAKE_STEP3A_process;
3980+ JPAKE_STEP1_release;
3981+ JPAKE_get_shared_key;
3982+ JPAKE_STEP3B_init;
3983+ JPAKE_STEP1_generate;
3984+ JPAKE_STEP1_init;
3985+ JPAKE_STEP3B_process;
3986+ JPAKE_STEP2_generate;
3987+ JPAKE_CTX_new;
3988+ JPAKE_CTX_free;
3989+ JPAKE_STEP3B_release;
3990+ JPAKE_STEP3A_release;
3991+ JPAKE_STEP2_process;
3992+ JPAKE_STEP3B_generate;
3993+ JPAKE_STEP1_process;
3994+ JPAKE_STEP3A_generate;
3995+ JPAKE_STEP2_release;
3996+ JPAKE_STEP3A_init;
3997+ ERR_load_JPAKE_strings;
3998+ JPAKE_STEP2_init;
3999+ pqueue_size;
4000+ i2d_TS_ACCURACY;
4001+ i2d_TS_MSG_IMPRINT_fp;
4002+ i2d_TS_MSG_IMPRINT;
4003+ EVP_PKEY_print_public;
4004+ EVP_PKEY_CTX_new;
4005+ i2d_TS_TST_INFO;
4006+ EVP_PKEY_asn1_find;
4007+ DSO_METHOD_beos;
4008+ TS_CONF_load_cert;
4009+ TS_REQ_get_ext;
4010+ EVP_PKEY_sign_init;
4011+ ASN1_item_print;
4012+ TS_TST_INFO_set_nonce;
4013+ TS_RESP_dup;
4014+ ENGINE_register_pkey_meths;
4015+ EVP_PKEY_asn1_add0;
4016+ PKCS7_add0_attrib_signing_time;
4017+ i2d_TS_TST_INFO_fp;
4018+ BIO_asn1_get_prefix;
4019+ TS_TST_INFO_set_time;
4020+ EVP_PKEY_meth_set_decrypt;
4021+ EVP_PKEY_set_type_str;
4022+ EVP_PKEY_CTX_get_keygen_info;
4023+ TS_REQ_set_policy_id;
4024+ d2i_TS_RESP_fp;
4025+ ENGINE_get_pkey_asn1_meth_engine;
4026+ ENGINE_get_pkey_asn1_meth_eng;
4027+ WHIRLPOOL_Init;
4028+ TS_RESP_set_status_info;
4029+ EVP_PKEY_keygen;
4030+ EVP_DigestSignInit;
4031+ TS_ACCURACY_set_millis;
4032+ TS_REQ_dup;
4033+ GENERAL_NAME_dup;
4034+ ASN1_SEQUENCE_ANY_it;
4035+ ASN1_SEQUENCE_ANY_it;
4036+ WHIRLPOOL;
4037+ X509_STORE_get1_crls;
4038+ ENGINE_get_pkey_asn1_meth;
4039+ EVP_PKEY_asn1_new;
4040+ BIO_new_NDEF;
4041+ ENGINE_get_pkey_meth;
4042+ TS_MSG_IMPRINT_set_algo;
4043+ i2d_TS_TST_INFO_bio;
4044+ TS_TST_INFO_set_ordering;
4045+ TS_TST_INFO_get_ext_by_OBJ;
4046+ CRYPTO_THREADID_set_pointer;
4047+ TS_CONF_get_tsa_section;
4048+ SMIME_write_ASN1;
4049+ TS_RESP_CTX_set_signer_key;
4050+ EVP_PKEY_encrypt_old;
4051+ EVP_PKEY_encrypt_init;
4052+ CRYPTO_THREADID_cpy;
4053+ ASN1_PCTX_get_cert_flags;
4054+ i2d_ESS_SIGNING_CERT;
4055+ TS_CONF_load_key;
4056+ i2d_ASN1_SEQUENCE_ANY;
4057+ d2i_TS_MSG_IMPRINT_bio;
4058+ EVP_PKEY_asn1_set_public;
4059+ b2i_PublicKey_bio;
4060+ BIO_asn1_set_prefix;
4061+ EVP_PKEY_new_mac_key;
4062+ BIO_new_CMS;
4063+ CRYPTO_THREADID_cmp;
4064+ TS_REQ_ext_free;
4065+ EVP_PKEY_asn1_set_free;
4066+ EVP_PKEY_get0_asn1;
4067+ d2i_NETSCAPE_X509;
4068+ EVP_PKEY_verify_recover_init;
4069+ EVP_PKEY_CTX_set_data;
4070+ EVP_PKEY_keygen_init;
4071+ TS_RESP_CTX_set_status_info;
4072+ TS_MSG_IMPRINT_get_algo;
4073+ TS_REQ_print_bio;
4074+ EVP_PKEY_CTX_ctrl_str;
4075+ EVP_PKEY_get_default_digest_nid;
4076+ PEM_write_bio_PKCS7_stream;
4077+ TS_MSG_IMPRINT_print_bio;
4078+ BN_asc2bn;
4079+ TS_REQ_get_policy_id;
4080+ ENGINE_set_default_pkey_asn1_meths;
4081+ ENGINE_set_def_pkey_asn1_meths;
4082+ d2i_TS_ACCURACY;
4083+ DSO_global_lookup;
4084+ TS_CONF_set_tsa_name;
4085+ i2d_ASN1_SET_ANY;
4086+ ENGINE_load_gost;
4087+ WHIRLPOOL_BitUpdate;
4088+ ASN1_PCTX_get_flags;
4089+ TS_TST_INFO_get_ext_by_NID;
4090+ TS_RESP_new;
4091+ ESS_CERT_ID_dup;
4092+ TS_STATUS_INFO_dup;
4093+ TS_REQ_delete_ext;
4094+ EVP_DigestVerifyFinal;
4095+ EVP_PKEY_print_params;
4096+ i2d_CMS_bio_stream;
4097+ TS_REQ_get_msg_imprint;
4098+ OBJ_find_sigid_by_algs;
4099+ TS_TST_INFO_get_serial;
4100+ TS_REQ_get_nonce;
4101+ X509_PUBKEY_set0_param;
4102+ EVP_PKEY_CTX_set0_keygen_info;
4103+ DIST_POINT_set_dpname;
4104+ i2d_ISSUING_DIST_POINT;
4105+ ASN1_SET_ANY_it;
4106+ ASN1_SET_ANY_it;
4107+ EVP_PKEY_CTX_get_data;
4108+ TS_STATUS_INFO_print_bio;
4109+ EVP_PKEY_derive_init;
4110+ d2i_TS_TST_INFO;
4111+ EVP_PKEY_asn1_add_alias;
4112+ d2i_TS_RESP_bio;
4113+ OTHERNAME_cmp;
4114+ GENERAL_NAME_set0_value;
4115+ PKCS7_RECIP_INFO_get0_alg;
4116+ TS_RESP_CTX_new;
4117+ TS_RESP_set_tst_info;
4118+ PKCS7_final;
4119+ EVP_PKEY_base_id;
4120+ TS_RESP_CTX_set_signer_cert;
4121+ TS_REQ_set_msg_imprint;
4122+ EVP_PKEY_CTX_ctrl;
4123+ TS_CONF_set_digests;
4124+ d2i_TS_MSG_IMPRINT;
4125+ EVP_PKEY_meth_set_ctrl;
4126+ TS_REQ_get_ext_by_NID;
4127+ PKCS5_pbe_set0_algor;
4128+ BN_BLINDING_thread_id;
4129+ TS_ACCURACY_new;
4130+ X509_CRL_METHOD_free;
4131+ ASN1_PCTX_get_nm_flags;
4132+ EVP_PKEY_meth_set_sign;
4133+ CRYPTO_THREADID_current;
4134+ EVP_PKEY_decrypt_init;
4135+ NETSCAPE_X509_free;
4136+ i2b_PVK_bio;
4137+ EVP_PKEY_print_private;
4138+ GENERAL_NAME_get0_value;
4139+ b2i_PVK_bio;
4140+ ASN1_UTCTIME_adj;
4141+ TS_TST_INFO_new;
4142+ EVP_MD_do_all_sorted;
4143+ TS_CONF_set_default_engine;
4144+ TS_ACCURACY_set_seconds;
4145+ TS_TST_INFO_get_time;
4146+ PKCS8_pkey_get0;
4147+ EVP_PKEY_asn1_get0;
4148+ OBJ_add_sigid;
4149+ PKCS7_SIGNER_INFO_sign;
4150+ EVP_PKEY_paramgen_init;
4151+ EVP_PKEY_sign;
4152+ OBJ_sigid_free;
4153+ EVP_PKEY_meth_set_init;
4154+ d2i_ESS_ISSUER_SERIAL;
4155+ ISSUING_DIST_POINT_new;
4156+ ASN1_TIME_adj;
4157+ TS_OBJ_print_bio;
4158+ EVP_PKEY_meth_set_verify_recover;
4159+ EVP_PKEY_meth_set_vrfy_recover;
4160+ TS_RESP_get_status_info;
4161+ CMS_stream;
4162+ EVP_PKEY_CTX_set_cb;
4163+ PKCS7_to_TS_TST_INFO;
4164+ ASN1_PCTX_get_oid_flags;
4165+ TS_TST_INFO_add_ext;
4166+ EVP_PKEY_meth_set_derive;
4167+ i2d_TS_RESP_fp;
4168+ i2d_TS_MSG_IMPRINT_bio;
4169+ TS_RESP_CTX_set_accuracy;
4170+ TS_REQ_set_nonce;
4171+ ESS_CERT_ID_new;
4172+ ENGINE_pkey_asn1_find_str;
4173+ TS_REQ_get_ext_count;
4174+ BUF_reverse;
4175+ TS_TST_INFO_print_bio;
4176+ d2i_ISSUING_DIST_POINT;
4177+ ENGINE_get_pkey_meths;
4178+ i2b_PrivateKey_bio;
4179+ i2d_TS_RESP;
4180+ b2i_PublicKey;
4181+ TS_VERIFY_CTX_cleanup;
4182+ TS_STATUS_INFO_free;
4183+ TS_RESP_verify_token;
4184+ OBJ_bsearch_ex_;
4185+ ASN1_bn_print;
4186+ EVP_PKEY_asn1_get_count;
4187+ ENGINE_register_pkey_asn1_meths;
4188+ ASN1_PCTX_set_nm_flags;
4189+ EVP_DigestVerifyInit;
4190+ ENGINE_set_default_pkey_meths;
4191+ TS_TST_INFO_get_policy_id;
4192+ TS_REQ_get_cert_req;
4193+ X509_CRL_set_meth_data;
4194+ PKCS8_pkey_set0;
4195+ ASN1_STRING_copy;
4196+ d2i_TS_TST_INFO_fp;
4197+ X509_CRL_match;
4198+ EVP_PKEY_asn1_set_private;
4199+ TS_TST_INFO_get_ext_d2i;
4200+ TS_RESP_CTX_add_policy;
4201+ d2i_TS_RESP;
4202+ TS_CONF_load_certs;
4203+ TS_TST_INFO_get_msg_imprint;
4204+ ERR_load_TS_strings;
4205+ TS_TST_INFO_get_version;
4206+ EVP_PKEY_CTX_dup;
4207+ EVP_PKEY_meth_set_verify;
4208+ i2b_PublicKey_bio;
4209+ TS_CONF_set_certs;
4210+ EVP_PKEY_asn1_get0_info;
4211+ TS_VERIFY_CTX_free;
4212+ TS_REQ_get_ext_by_critical;
4213+ TS_RESP_CTX_set_serial_cb;
4214+ X509_CRL_get_meth_data;
4215+ TS_RESP_CTX_set_time_cb;
4216+ TS_MSG_IMPRINT_get_msg;
4217+ TS_TST_INFO_ext_free;
4218+ TS_REQ_get_version;
4219+ TS_REQ_add_ext;
4220+ EVP_PKEY_CTX_set_app_data;
4221+ OBJ_bsearch_;
4222+ EVP_PKEY_meth_set_verifyctx;
4223+ i2d_PKCS7_bio_stream;
4224+ CRYPTO_THREADID_set_numeric;
4225+ PKCS7_sign_add_signer;
4226+ d2i_TS_TST_INFO_bio;
4227+ TS_TST_INFO_get_ordering;
4228+ TS_RESP_print_bio;
4229+ TS_TST_INFO_get_exts;
4230+ HMAC_CTX_copy;
4231+ PKCS5_pbe2_set_iv;
4232+ ENGINE_get_pkey_asn1_meths;
4233+ b2i_PrivateKey;
4234+ EVP_PKEY_CTX_get_app_data;
4235+ TS_REQ_set_cert_req;
4236+ CRYPTO_THREADID_set_callback;
4237+ TS_CONF_set_serial;
4238+ TS_TST_INFO_free;
4239+ d2i_TS_REQ_fp;
4240+ TS_RESP_verify_response;
4241+ i2d_ESS_ISSUER_SERIAL;
4242+ TS_ACCURACY_get_seconds;
4243+ EVP_CIPHER_do_all;
4244+ b2i_PrivateKey_bio;
4245+ OCSP_CERTID_dup;
4246+ X509_PUBKEY_get0_param;
4247+ TS_MSG_IMPRINT_dup;
4248+ PKCS7_print_ctx;
4249+ i2d_TS_REQ_bio;
4250+ EVP_whirlpool;
4251+ EVP_PKEY_asn1_set_param;
4252+ EVP_PKEY_meth_set_encrypt;
4253+ ASN1_PCTX_set_flags;
4254+ i2d_ESS_CERT_ID;
4255+ TS_VERIFY_CTX_new;
4256+ TS_RESP_CTX_set_extension_cb;
4257+ ENGINE_register_all_pkey_meths;
4258+ TS_RESP_CTX_set_status_info_cond;
4259+ TS_RESP_CTX_set_stat_info_cond;
4260+ EVP_PKEY_verify;
4261+ WHIRLPOOL_Final;
4262+ X509_CRL_METHOD_new;
4263+ EVP_DigestSignFinal;
4264+ TS_RESP_CTX_set_def_policy;
4265+ NETSCAPE_X509_it;
4266+ NETSCAPE_X509_it;
4267+ TS_RESP_create_response;
4268+ PKCS7_SIGNER_INFO_get0_algs;
4269+ TS_TST_INFO_get_nonce;
4270+ EVP_PKEY_decrypt_old;
4271+ TS_TST_INFO_set_policy_id;
4272+ TS_CONF_set_ess_cert_id_chain;
4273+ EVP_PKEY_CTX_get0_pkey;
4274+ d2i_TS_REQ;
4275+ EVP_PKEY_asn1_find_str;
4276+ BIO_f_asn1;
4277+ ESS_SIGNING_CERT_new;
4278+ EVP_PBE_find;
4279+ X509_CRL_get0_by_cert;
4280+ EVP_PKEY_derive;
4281+ i2d_TS_REQ;
4282+ TS_TST_INFO_delete_ext;
4283+ ESS_ISSUER_SERIAL_free;
4284+ ASN1_PCTX_set_str_flags;
4285+ ENGINE_get_pkey_asn1_meth_str;
4286+ TS_CONF_set_signer_key;
4287+ TS_ACCURACY_get_millis;
4288+ TS_RESP_get_token;
4289+ TS_ACCURACY_dup;
4290+ ENGINE_register_all_pkey_asn1_meths;
4291+ ENGINE_reg_all_pkey_asn1_meths;
4292+ X509_CRL_set_default_method;
4293+ CRYPTO_THREADID_hash;
4294+ CMS_ContentInfo_print_ctx;
4295+ TS_RESP_free;
4296+ ISSUING_DIST_POINT_free;
4297+ ESS_ISSUER_SERIAL_new;
4298+ CMS_add1_crl;
4299+ PKCS7_add1_attrib_digest;
4300+ TS_RESP_CTX_add_md;
4301+ TS_TST_INFO_dup;
4302+ ENGINE_set_pkey_asn1_meths;
4303+ PEM_write_bio_Parameters;
4304+ TS_TST_INFO_get_accuracy;
4305+ X509_CRL_get0_by_serial;
4306+ TS_TST_INFO_set_version;
4307+ TS_RESP_CTX_get_tst_info;
4308+ TS_RESP_verify_signature;
4309+ CRYPTO_THREADID_get_callback;
4310+ TS_TST_INFO_get_tsa;
4311+ TS_STATUS_INFO_new;
4312+ EVP_PKEY_CTX_get_cb;
4313+ TS_REQ_get_ext_d2i;
4314+ GENERAL_NAME_set0_othername;
4315+ TS_TST_INFO_get_ext_count;
4316+ TS_RESP_CTX_get_request;
4317+ i2d_NETSCAPE_X509;
4318+ ENGINE_get_pkey_meth_engine;
4319+ EVP_PKEY_meth_set_signctx;
4320+ EVP_PKEY_asn1_copy;
4321+ ASN1_TYPE_cmp;
4322+ EVP_CIPHER_do_all_sorted;
4323+ EVP_PKEY_CTX_free;
4324+ ISSUING_DIST_POINT_it;
4325+ ISSUING_DIST_POINT_it;
4326+ d2i_TS_MSG_IMPRINT_fp;
4327+ X509_STORE_get1_certs;
4328+ EVP_PKEY_CTX_get_operation;
4329+ d2i_ESS_SIGNING_CERT;
4330+ TS_CONF_set_ordering;
4331+ EVP_PBE_alg_add_type;
4332+ TS_REQ_set_version;
4333+ EVP_PKEY_get0;
4334+ BIO_asn1_set_suffix;
4335+ i2d_TS_STATUS_INFO;
4336+ EVP_MD_do_all;
4337+ TS_TST_INFO_set_accuracy;
4338+ PKCS7_add_attrib_content_type;
4339+ ERR_remove_thread_state;
4340+ EVP_PKEY_meth_add0;
4341+ TS_TST_INFO_set_tsa;
4342+ EVP_PKEY_meth_new;
4343+ WHIRLPOOL_Update;
4344+ TS_CONF_set_accuracy;
4345+ ASN1_PCTX_set_oid_flags;
4346+ ESS_SIGNING_CERT_dup;
4347+ d2i_TS_REQ_bio;
4348+ X509_time_adj_ex;
4349+ TS_RESP_CTX_add_flags;
4350+ d2i_TS_STATUS_INFO;
4351+ TS_MSG_IMPRINT_set_msg;
4352+ BIO_asn1_get_suffix;
4353+ TS_REQ_free;
4354+ EVP_PKEY_meth_free;
4355+ TS_REQ_get_exts;
4356+ TS_RESP_CTX_set_clock_precision_digits;
4357+ TS_RESP_CTX_set_clk_prec_digits;
4358+ TS_RESP_CTX_add_failure_info;
4359+ i2d_TS_RESP_bio;
4360+ EVP_PKEY_CTX_get0_peerkey;
4361+ PEM_write_bio_CMS_stream;
4362+ TS_REQ_new;
4363+ TS_MSG_IMPRINT_new;
4364+ EVP_PKEY_meth_find;
4365+ EVP_PKEY_id;
4366+ TS_TST_INFO_set_serial;
4367+ a2i_GENERAL_NAME;
4368+ TS_CONF_set_crypto_device;
4369+ EVP_PKEY_verify_init;
4370+ TS_CONF_set_policies;
4371+ ASN1_PCTX_new;
4372+ ESS_CERT_ID_free;
4373+ ENGINE_unregister_pkey_meths;
4374+ TS_MSG_IMPRINT_free;
4375+ TS_VERIFY_CTX_init;
4376+ PKCS7_stream;
4377+ TS_RESP_CTX_set_certs;
4378+ TS_CONF_set_def_policy;
4379+ ASN1_GENERALIZEDTIME_adj;
4380+ NETSCAPE_X509_new;
4381+ TS_ACCURACY_free;
4382+ TS_RESP_get_tst_info;
4383+ EVP_PKEY_derive_set_peer;
4384+ PEM_read_bio_Parameters;
4385+ TS_CONF_set_clock_precision_digits;
4386+ TS_CONF_set_clk_prec_digits;
4387+ ESS_ISSUER_SERIAL_dup;
4388+ TS_ACCURACY_get_micros;
4389+ ASN1_PCTX_get_str_flags;
4390+ NAME_CONSTRAINTS_check;
4391+ ASN1_BIT_STRING_check;
4392+ X509_check_akid;
4393+ ENGINE_unregister_pkey_asn1_meths;
4394+ ENGINE_unreg_pkey_asn1_meths;
4395+ ASN1_PCTX_free;
4396+ PEM_write_bio_ASN1_stream;
4397+ i2d_ASN1_bio_stream;
4398+ TS_X509_ALGOR_print_bio;
4399+ EVP_PKEY_meth_set_cleanup;
4400+ EVP_PKEY_asn1_free;
4401+ ESS_SIGNING_CERT_free;
4402+ TS_TST_INFO_set_msg_imprint;
4403+ GENERAL_NAME_cmp;
4404+ d2i_ASN1_SET_ANY;
4405+ ENGINE_set_pkey_meths;
4406+ i2d_TS_REQ_fp;
4407+ d2i_ASN1_SEQUENCE_ANY;
4408+ GENERAL_NAME_get0_otherName;
4409+ d2i_ESS_CERT_ID;
4410+ OBJ_find_sigid_algs;
4411+ EVP_PKEY_meth_set_keygen;
4412+ PKCS5_PBKDF2_HMAC;
4413+ EVP_PKEY_paramgen;
4414+ EVP_PKEY_meth_set_paramgen;
4415+ BIO_new_PKCS7;
4416+ EVP_PKEY_verify_recover;
4417+ TS_ext_print_bio;
4418+ TS_ASN1_INTEGER_print_bio;
4419+ check_defer;
4420+ DSO_pathbyaddr;
4421+ EVP_PKEY_set_type;
4422+ TS_ACCURACY_set_micros;
4423+ TS_REQ_to_TS_VERIFY_CTX;
4424+ EVP_PKEY_meth_set_copy;
4425+ ASN1_PCTX_set_cert_flags;
4426+ TS_TST_INFO_get_ext;
4427+ EVP_PKEY_asn1_set_ctrl;
4428+ TS_TST_INFO_get_ext_by_critical;
4429+ EVP_PKEY_CTX_new_id;
4430+ TS_REQ_get_ext_by_OBJ;
4431+ TS_CONF_set_signer_cert;
4432+ X509_NAME_hash_old;
4433+ ASN1_TIME_set_string;
4434+ EVP_MD_flags;
4435+ TS_RESP_CTX_free;
4436+ DSAparams_dup;
4437+ DHparams_dup;
4438+ OCSP_REQ_CTX_add1_header;
4439+ OCSP_REQ_CTX_set1_req;
4440+ X509_STORE_set_verify_cb;
4441+ X509_STORE_CTX_get0_current_crl;
4442+ X509_STORE_CTX_get0_parent_ctx;
4443+ X509_STORE_CTX_get0_current_issuer;
4444+ X509_STORE_CTX_get0_cur_issuer;
4445+ X509_issuer_name_hash_old;
4446+ X509_subject_name_hash_old;
4447+ EVP_CIPHER_CTX_copy;
4448+ UI_method_get_prompt_constructor;
4449+ UI_method_get_prompt_constructr;
4450+ UI_method_set_prompt_constructor;
4451+ UI_method_set_prompt_constructr;
4452+ EVP_read_pw_string_min;
4453+ CRYPTO_cts128_encrypt;
4454+ CRYPTO_cts128_decrypt_block;
4455+ CRYPTO_cfb128_1_encrypt;
4456+ CRYPTO_cbc128_encrypt;
4457+ CRYPTO_ctr128_encrypt;
4458+ CRYPTO_ofb128_encrypt;
4459+ CRYPTO_cts128_decrypt;
4460+ CRYPTO_cts128_encrypt_block;
4461+ CRYPTO_cbc128_decrypt;
4462+ CRYPTO_cfb128_encrypt;
4463+ CRYPTO_cfb128_8_encrypt;
4464+
4465+ local:
4466+ *;
4467+};
4468+
4469+
4470+OPENSSL_1.0.1 {
4471+ global:
4472+ SSL_renegotiate_abbreviated;
4473+ TLSv1_1_method;
4474+ TLSv1_1_client_method;
4475+ TLSv1_1_server_method;
4476+ SSL_CTX_set_srp_client_pwd_callback;
4477+ SSL_CTX_set_srp_client_pwd_cb;
4478+ SSL_get_srp_g;
4479+ SSL_CTX_set_srp_username_callback;
4480+ SSL_CTX_set_srp_un_cb;
4481+ SSL_get_srp_userinfo;
4482+ SSL_set_srp_server_param;
4483+ SSL_set_srp_server_param_pw;
4484+ SSL_get_srp_N;
4485+ SSL_get_srp_username;
4486+ SSL_CTX_set_srp_password;
4487+ SSL_CTX_set_srp_strength;
4488+ SSL_CTX_set_srp_verify_param_callback;
4489+ SSL_CTX_set_srp_vfy_param_cb;
4490+ SSL_CTX_set_srp_cb_arg;
4491+ SSL_CTX_set_srp_username;
4492+ SSL_CTX_SRP_CTX_init;
4493+ SSL_SRP_CTX_init;
4494+ SRP_Calc_A_param;
4495+ SRP_generate_server_master_secret;
4496+ SRP_gen_server_master_secret;
4497+ SSL_CTX_SRP_CTX_free;
4498+ SRP_generate_client_master_secret;
4499+ SRP_gen_client_master_secret;
4500+ SSL_srp_server_param_with_username;
4501+ SSL_srp_server_param_with_un;
4502+ SSL_SRP_CTX_free;
4503+ SSL_set_debug;
4504+ SSL_SESSION_get0_peer;
4505+ TLSv1_2_client_method;
4506+ SSL_SESSION_set1_id_context;
4507+ TLSv1_2_server_method;
4508+ SSL_cache_hit;
4509+ SSL_get0_kssl_ctx;
4510+ SSL_set0_kssl_ctx;
4511+ SSL_set_state;
4512+ SSL_CIPHER_get_id;
4513+ TLSv1_2_method;
4514+ kssl_ctx_get0_client_princ;
4515+ SSL_export_keying_material;
4516+ SSL_set_tlsext_use_srtp;
4517+ SSL_CTX_set_next_protos_advertised_cb;
4518+ SSL_CTX_set_next_protos_adv_cb;
4519+ SSL_get0_next_proto_negotiated;
4520+ SSL_get_selected_srtp_profile;
4521+ SSL_CTX_set_tlsext_use_srtp;
4522+ SSL_select_next_proto;
4523+ SSL_get_srtp_profiles;
4524+ SSL_CTX_set_next_proto_select_cb;
4525+ SSL_CTX_set_next_proto_sel_cb;
4526+ SSL_SESSION_get_compress_id;
4527+
4528+ SRP_VBASE_get_by_user;
4529+ SRP_Calc_server_key;
4530+ SRP_create_verifier;
4531+ SRP_create_verifier_BN;
4532+ SRP_Calc_u;
4533+ SRP_VBASE_free;
4534+ SRP_Calc_client_key;
4535+ SRP_get_default_gN;
4536+ SRP_Calc_x;
4537+ SRP_Calc_B;
4538+ SRP_VBASE_new;
4539+ SRP_check_known_gN_param;
4540+ SRP_Calc_A;
4541+ SRP_Verify_A_mod_N;
4542+ SRP_VBASE_init;
4543+ SRP_Verify_B_mod_N;
4544+ EC_KEY_set_public_key_affine_coordinates;
4545+ EC_KEY_set_pub_key_aff_coords;
4546+ EVP_aes_192_ctr;
4547+ EVP_PKEY_meth_get0_info;
4548+ EVP_PKEY_meth_copy;
4549+ ERR_add_error_vdata;
4550+ EVP_aes_128_ctr;
4551+ EVP_aes_256_ctr;
4552+ EC_GFp_nistp224_method;
4553+ EC_KEY_get_flags;
4554+ RSA_padding_add_PKCS1_PSS_mgf1;
4555+ EVP_aes_128_xts;
4556+ EVP_aes_256_xts;
4557+ EVP_aes_128_gcm;
4558+ EC_KEY_clear_flags;
4559+ EC_KEY_set_flags;
4560+ EVP_aes_256_ccm;
4561+ RSA_verify_PKCS1_PSS_mgf1;
4562+ EVP_aes_128_ccm;
4563+ EVP_aes_192_gcm;
4564+ X509_ALGOR_set_md;
4565+ RAND_init_fips;
4566+ EVP_aes_256_gcm;
4567+ EVP_aes_192_ccm;
4568+ CMAC_CTX_copy;
4569+ CMAC_CTX_free;
4570+ CMAC_CTX_get0_cipher_ctx;
4571+ CMAC_CTX_cleanup;
4572+ CMAC_Init;
4573+ CMAC_Update;
4574+ CMAC_resume;
4575+ CMAC_CTX_new;
4576+ CMAC_Final;
4577+ CRYPTO_ctr128_encrypt_ctr32;
4578+ CRYPTO_gcm128_release;
4579+ CRYPTO_ccm128_decrypt_ccm64;
4580+ CRYPTO_ccm128_encrypt;
4581+ CRYPTO_gcm128_encrypt;
4582+ CRYPTO_xts128_encrypt;
4583+ EVP_rc4_hmac_md5;
4584+ CRYPTO_nistcts128_decrypt_block;
4585+ CRYPTO_gcm128_setiv;
4586+ CRYPTO_nistcts128_encrypt;
4587+ EVP_aes_128_cbc_hmac_sha1;
4588+ CRYPTO_gcm128_tag;
4589+ CRYPTO_ccm128_encrypt_ccm64;
4590+ ENGINE_load_rdrand;
4591+ CRYPTO_ccm128_setiv;
4592+ CRYPTO_nistcts128_encrypt_block;
4593+ CRYPTO_gcm128_aad;
4594+ CRYPTO_ccm128_init;
4595+ CRYPTO_nistcts128_decrypt;
4596+ CRYPTO_gcm128_new;
4597+ CRYPTO_ccm128_tag;
4598+ CRYPTO_ccm128_decrypt;
4599+ CRYPTO_ccm128_aad;
4600+ CRYPTO_gcm128_init;
4601+ CRYPTO_gcm128_decrypt;
4602+ ENGINE_load_rsax;
4603+ CRYPTO_gcm128_decrypt_ctr32;
4604+ CRYPTO_gcm128_encrypt_ctr32;
4605+ CRYPTO_gcm128_finish;
4606+ EVP_aes_256_cbc_hmac_sha1;
4607+ PKCS5_pbkdf2_set;
4608+ CMS_add0_recipient_password;
4609+ CMS_decrypt_set1_password;
4610+ CMS_RecipientInfo_set0_password;
4611+ RAND_set_fips_drbg_type;
4612+ X509_REQ_sign_ctx;
4613+ RSA_PSS_PARAMS_new;
4614+ X509_CRL_sign_ctx;
4615+ X509_signature_dump;
4616+ d2i_RSA_PSS_PARAMS;
4617+ RSA_PSS_PARAMS_it;
4618+ RSA_PSS_PARAMS_it;
4619+ RSA_PSS_PARAMS_free;
4620+ X509_sign_ctx;
4621+ i2d_RSA_PSS_PARAMS;
4622+ ASN1_item_sign_ctx;
4623+ EC_GFp_nistp521_method;
4624+ EC_GFp_nistp256_method;
4625+ OPENSSL_stderr;
4626+ OPENSSL_cpuid_setup;
4627+ OPENSSL_showfatal;
4628+ BIO_new_dgram_sctp;
4629+ BIO_dgram_sctp_msg_waiting;
4630+ BIO_dgram_sctp_wait_for_dry;
4631+ BIO_s_datagram_sctp;
4632+ BIO_dgram_is_sctp;
4633+ BIO_dgram_sctp_notification_cb;
4634+} OPENSSL_1.0.0;
4635+
4636+OPENSSL_1.0.1d {
4637+ global:
4638+ CRYPTO_memcmp;
4639+} OPENSSL_1.0.1;
4640+
4641Index: openssl-1.0.1d/engines/openssl.ld
4642===================================================================
4643--- /dev/null 1970-01-01 00:00:00.000000000 +0000
4644+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100
4645@@ -0,0 +1,10 @@
4646+OPENSSL_1.0.0 {
4647+ global:
4648+ bind_engine;
4649+ v_check;
4650+ OPENSSL_init;
4651+ OPENSSL_finish;
4652+ local:
4653+ *;
4654+};
4655+
4656Index: openssl-1.0.1d/engines/ccgost/openssl.ld
4657===================================================================
4658--- /dev/null 1970-01-01 00:00:00.000000000 +0000
4659+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100
4660@@ -0,0 +1,10 @@
4661+OPENSSL_1.0.0 {
4662+ global:
4663+ bind_engine;
4664+ v_check;
4665+ OPENSSL_init;
4666+ OPENSSL_finish;
4667+ local:
4668+ *;
4669+};
4670+
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
new file mode 100644
index 00000000..d8a6f1a2
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,56 @@
1Upstream-Status: Inappropriate [configuration]
2
3
4Index: openssl-1.0.0/engines/Makefile
5===================================================================
6--- openssl-1.0.0.orig/engines/Makefile
7+++ openssl-1.0.0/engines/Makefile
8@@ -107,7 +107,7 @@
9 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
10 @if [ -n "$(SHARED_LIBS)" ]; then \
11 set -e; \
12- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
13+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
14 for l in $(LIBNAMES); do \
15 ( echo installing $$l; \
16 pfx=lib; \
17@@ -119,13 +119,13 @@
18 *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
19 *) sfx=".bad";; \
20 esac; \
21- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
22+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
23 else \
24 sfx=".so"; \
25- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
26+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
27 fi; \
28- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
29- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
30+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
31+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
32 done; \
33 fi
34 @target=install; $(RECURSIVE_MAKE)
35Index: openssl-1.0.0/engines/ccgost/Makefile
36===================================================================
37--- openssl-1.0.0.orig/engines/ccgost/Makefile
38+++ openssl-1.0.0/engines/ccgost/Makefile
39@@ -53,13 +53,13 @@
40 *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
41 *) sfx=".bad";; \
42 esac; \
43- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
44+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
45 else \
46 sfx=".so"; \
47- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
48+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
49 fi; \
50- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
51- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
52+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
53+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
54 fi
55
56 links:
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl
new file mode 100644
index 00000000..8e1b42c8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/find.pl
@@ -0,0 +1,54 @@
1warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
2
3# This library is deprecated and unmaintained. It is included for
4# compatibility with Perl 4 scripts which may use it, but it will be
5# removed in a future version of Perl. Please use the File::Find module
6# instead.
7
8# Usage:
9# require "find.pl";
10#
11# &find('/foo','/bar');
12#
13# sub wanted { ... }
14# where wanted does whatever you want. $dir contains the
15# current directory name, and $_ the current filename within
16# that directory. $name contains "$dir/$_". You are cd'ed
17# to $dir when the function is called. The function may
18# set $prune to prune the tree.
19#
20# For example,
21#
22# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
23#
24# corresponds to this
25#
26# sub wanted {
27# /^\.nfs.*$/ &&
28# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
29# int(-M _) > 7 &&
30# unlink($_)
31# ||
32# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
33# $dev < 0 &&
34# ($prune = 1);
35# }
36#
37# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
38
39use File::Find ();
40
41*name = *File::Find::name;
42*prune = *File::Find::prune;
43*dir = *File::Find::dir;
44*topdir = *File::Find::topdir;
45*topdev = *File::Find::topdev;
46*topino = *File::Find::topino;
47*topmode = *File::Find::topmode;
48*topnlink = *File::Find::topnlink;
49
50sub find {
51 &File::Find::find(\&wanted, @_);
52}
53
541;
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
new file mode 100644
index 00000000..f0e17784
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -0,0 +1,22 @@
1Upstream-Status: Submitted
2
3This patch adds the fix for one of the ciphers used in openssl, namely
4the cipher des-ede3-cfb1. Complete bug log and patch is present here:
5http://rt.openssl.org/Ticket/Display.html?id=2867
6
7Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
8
9diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
10index 3232cfe..df84922 100644
11===================================================================
12--- a/crypto/evp/e_des3.c
13+++ b/crypto/evp/e_des3.c
14@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
15 size_t n;
16 unsigned char c[1],d[1];
17
18- for(n=0 ; n < inl ; ++n)
19+ for(n=0 ; n < inl*8 ; ++n)
20 {
21 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
22 DES_ede3_cfb_encrypt(c,d,1,1,
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
new file mode 100644
index 00000000..2185ff8a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -0,0 +1,119 @@
1From: Andy Polyakov <appro@openssl.org>
2Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
3Subject: Initial aarch64 bits.
4X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
5
6Initial aarch64 bits.
7---
8 crypto/bn/bn_lcl.h | 9 +++++++++
9 crypto/md32_common.h | 18 ++++++++++++++++++
10 crypto/modes/modes_lcl.h | 8 ++++++++
11 crypto/sha/sha512.c | 13 +++++++++++++
12 4 files changed, 48 insertions(+)
13
14Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
15===================================================================
16--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
17+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
18@@ -300,6 +300,15 @@
19 : "r"(a), "r"(b));
20 # endif
21 # endif
22+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
23+# if defined(__GNUC__) && __GNUC__>=2
24+# define BN_UMULT_HIGH(a,b) ({ \
25+ register BN_ULONG ret; \
26+ asm ("umulh %0,%1,%2" \
27+ : "=r"(ret) \
28+ : "r"(a), "r"(b)); \
29+ ret; })
30+# endif
31 # endif /* cpu */
32 #endif /* OPENSSL_NO_ASM */
33
34Index: openssl-1.0.1f/crypto/md32_common.h
35===================================================================
36--- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
37+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
38@@ -213,6 +213,24 @@
39 asm ("bswapl %0":"=r"(r):"0"(r)); \
40 *((unsigned int *)(c))=r; (c)+=4; r; })
41 # endif
42+# elif defined(__aarch64__)
43+# if defined(__BYTE_ORDER__)
44+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
45+# define HOST_c2l(c,l) ({ unsigned int r; \
46+ asm ("rev %w0,%w1" \
47+ :"=r"(r) \
48+ :"r"(*((const unsigned int *)(c))));\
49+ (c)+=4; (l)=r; })
50+# define HOST_l2c(l,c) ({ unsigned int r; \
51+ asm ("rev %w0,%w1" \
52+ :"=r"(r) \
53+ :"r"((unsigned int)(l)));\
54+ *((unsigned int *)(c))=r; (c)+=4; r; })
55+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
56+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
57+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
58+# endif
59+# endif
60 # endif
61 # endif
62 #endif
63Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
64===================================================================
65--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
66+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
67@@ -29,6 +29,7 @@
68 #if defined(__i386) || defined(__i386__) || \
69 defined(__x86_64) || defined(__x86_64__) || \
70 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
71+ defined(__aarch64__) || \
72 defined(__s390__) || defined(__s390x__)
73 # undef STRICT_ALIGNMENT
74 #endif
75@@ -50,6 +51,13 @@
76 # define BSWAP4(x) ({ u32 ret=(x); \
77 asm ("bswapl %0" \
78 : "+r"(ret)); ret; })
79+# elif defined(__aarch64__)
80+# define BSWAP8(x) ({ u64 ret; \
81+ asm ("rev %0,%1" \
82+ : "=r"(ret) : "r"(x)); ret; })
83+# define BSWAP4(x) ({ u32 ret; \
84+ asm ("rev %w0,%w1" \
85+ : "=r"(ret) : "r"(x)); ret; })
86 # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
87 # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
88 asm ("rev %0,%0; rev %1,%1" \
89Index: openssl-1.0.1f/crypto/sha/sha512.c
90===================================================================
91--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
92+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
93@@ -55,6 +55,7 @@
94 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
95 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
96 defined(__s390__) || defined(__s390x__) || \
97+ defined(__aarch64__) || \
98 defined(SHA512_ASM)
99 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
100 #endif
101@@ -347,6 +348,18 @@
102 asm ("rotrdi %0,%1,%2" \
103 : "=r"(ret) \
104 : "r"(a),"K"(n)); ret; })
105+# elif defined(__aarch64__)
106+# define ROTR(a,n) ({ SHA_LONG64 ret; \
107+ asm ("ror %0,%1,%2" \
108+ : "=r"(ret) \
109+ : "r"(a),"I"(n)); ret; })
110+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
111+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
112+# define PULL64(x) ({ SHA_LONG64 ret; \
113+ asm ("rev %0,%1" \
114+ : "=r"(ret) \
115+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
116+# endif
117 # endif
118 # elif defined(_MSC_VER)
119 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch
new file mode 100644
index 00000000..292e13dc
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/oe-ldflags.patch
@@ -0,0 +1,24 @@
1Upstream-Status: Inappropriate [open-embedded]
2
3Index: openssl-1.0.0/Makefile.shared
4===================================================================
5--- openssl-1.0.0.orig/Makefile.shared
6+++ openssl-1.0.0/Makefile.shared
7@@ -92,7 +92,7 @@
8 LINK_APP= \
9 ( $(SET_X); \
10 LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
11- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
12+ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
13 LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
14 LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
15 LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
16@@ -102,7 +102,7 @@
17 ( $(SET_X); \
18 LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
19 SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
20- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
21+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
22 LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
23 LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
24 LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
new file mode 100644
index 00000000..c161e62f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,21 @@
1openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
2
3We should avoid accessing the type pointer if it's NULL,
4this could happen if ctx->digest is not NULL.
5
6Upstream-Status: Submitted
7http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10---
11--- a/crypto/evp/digest.c
12+++ b/crypto/evp/digest.c
13@@ -199,7 +199,7 @@
14 return 0;
15 }
16 #endif
17- if (ctx->digest != type)
18+ if (type && (ctx->digest != type))
19 {
20 if (ctx->digest && ctx->digest->ctx_size)
21 OPENSSL_free(ctx->md_data);
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
new file mode 100644
index 00000000..3e93fe4e
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -0,0 +1,39 @@
1openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
2
3We should avoid accessing the pointer if ASN1_STRING_new()
4allocates memory failed.
5
6Upstream-Status: Submitted
7http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10---
11--- a/crypto/dh/dh_ameth.c
12+++ b/crypto/dh/dh_ameth.c
13@@ -139,6 +139,12 @@
14 dh=pkey->pkey.dh;
15
16 str = ASN1_STRING_new();
17+ if (!str)
18+ {
19+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
20+ goto err;
21+ }
22+
23 str->length = i2d_DHparams(dh, &str->data);
24 if (str->length <= 0)
25 {
26--- a/crypto/dsa/dsa_ameth.c
27+++ b/crypto/dsa/dsa_ameth.c
28@@ -148,6 +148,11 @@
29 {
30 ASN1_STRING *str;
31 str = ASN1_STRING_new();
32+ if (!str)
33+ {
34+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
35+ goto err;
36+ }
37 str->length = i2d_DSAparams(dsa, &str->data);
38 if (str->length <= 0)
39 {
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
new file mode 100644
index 00000000..de49729e
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
@@ -0,0 +1,19 @@
1openssl: Fix pod2man des.pod error on Ubuntu 12.04
2
3This is a formatting fix, '=back' is required before
4'=head1' on Ubuntu 12.04.
5
6Upstream-Status: Pending
7Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
8diff -urpN a_origin/des.pod b_modify/des.pod
9--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
10+++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
11@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
12 output. If there is no name specified after the B<-u>, the name text.des
13 will be embedded in the header.
14
15+=back
16+
17 =head1 SEE ALSO
18
19 ps(1),
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
new file mode 100644
index 00000000..154106cb
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
@@ -0,0 +1,35 @@
1From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001
2From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
3Date: Thu, 22 Sep 2011 08:55:26 +0200
4Subject: [PATCH] fix the parallel build regarding shared libraries.
5
6Upstream-Status: Pending
7---
8 .../openssl-1.0.0e/Makefile.org | 8 ++++----
9 1 files changed, 4 insertions(+), 4 deletions(-)
10
11diff --git a/Makefile.org
12index 3c7aea1..6326cd6 100644
13--- a/Makefile.org
14+++ b/Makefile.org
15@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines
16
17 build_crypto:
18 @dir=crypto; target=all; $(BUILD_ONE_CMD)
19-build_ssl:
20+build_ssl: build_crypto
21 @dir=ssl; target=all; $(BUILD_ONE_CMD)
22-build_engines:
23+build_engines: build_crypto
24 @dir=engines; target=all; $(BUILD_ONE_CMD)
25-build_apps:
26+build_apps: build_crypto build_ssl
27 @dir=apps; target=all; $(BUILD_ONE_CMD)
28-build_tests:
29+build_tests: build_crypto build_ssl
30 @dir=test; target=all; $(BUILD_ONE_CMD)
31 build_tools:
32 @dir=tools; target=all; $(BUILD_ONE_CMD)
33--
341.6.6.1
35
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
new file mode 100644
index 00000000..93ce0343
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -0,0 +1,90 @@
1Upstream-Status: Pending
2
3Received from H J Liu @ Intel
4Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
5Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
6
7ported the patch to the 1.0.0e version
8Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
9Index: openssl-1.0.1e/Configure
10===================================================================
11--- openssl-1.0.1e.orig/Configure
12+++ openssl-1.0.1e/Configure
13@@ -402,6 +402,7 @@ my %table=(
14 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
15 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
16 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
17+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
18 "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
19 #### So called "highgprs" target for z/Architecture CPUs
20 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
21Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
22===================================================================
23--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
24+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
25@@ -55,7 +55,7 @@
26 * machine.
27 */
28
29-#ifdef _WIN64
30+#if defined _WIN64 || !defined __LP64__
31 #define BN_ULONG unsigned long long
32 #else
33 #define BN_ULONG unsigned long
34@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
35 asm (
36 " subq %2,%2 \n"
37 ".p2align 4 \n"
38- "1: movq (%4,%2,8),%0 \n"
39- " adcq (%5,%2,8),%0 \n"
40- " movq %0,(%3,%2,8) \n"
41+ "1: movq (%q4,%2,8),%0 \n"
42+ " adcq (%q5,%2,8),%0 \n"
43+ " movq %0,(%q3,%2,8) \n"
44 " leaq 1(%2),%2 \n"
45 " loop 1b \n"
46 " sbbq %0,%0 \n"
47@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
48 asm (
49 " subq %2,%2 \n"
50 ".p2align 4 \n"
51- "1: movq (%4,%2,8),%0 \n"
52- " sbbq (%5,%2,8),%0 \n"
53- " movq %0,(%3,%2,8) \n"
54+ "1: movq (%q4,%2,8),%0 \n"
55+ " sbbq (%q5,%2,8),%0 \n"
56+ " movq %0,(%q3,%2,8) \n"
57 " leaq 1(%2),%2 \n"
58 " loop 1b \n"
59 " sbbq %0,%0 \n"
60Index: openssl-1.0.1e/crypto/bn/bn.h
61===================================================================
62--- openssl-1.0.1e.orig/crypto/bn/bn.h
63+++ openssl-1.0.1e/crypto/bn/bn.h
64@@ -172,6 +172,13 @@ extern "C" {
65 # endif
66 #endif
67
68+/* Address type. */
69+#ifdef _WIN64
70+#define BN_ADDR unsigned long long
71+#else
72+#define BN_ADDR unsigned long
73+#endif
74+
75 /* assuming long is 64bit - this is the DEC Alpha
76 * unsigned long long is only 64 bits :-(, don't define
77 * BN_LLONG for the DEC Alpha */
78Index: openssl-1.0.1e/crypto/bn/bn_exp.c
79===================================================================
80--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
81+++ openssl-1.0.1e/crypto/bn/bn_exp.c
82@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
83
84 /* Given a pointer value, compute the next address that is a cache line multiple. */
85 #define MOD_EXP_CTIME_ALIGN(x_) \
86- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
87+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
88
89 /* This variant of BN_mod_exp_mont() uses fixed windows and the special
90 * precomputation memory layout to limit data-dependency to a minimum
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch
new file mode 100644
index 00000000..a7ca0a30
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl/shared-libs.patch
@@ -0,0 +1,41 @@
1Upstream-Status: Inappropriate [configuration]
2
3Index: openssl-1.0.1e/crypto/Makefile
4===================================================================
5--- openssl-1.0.1e.orig/crypto/Makefile
6+++ openssl-1.0.1e/crypto/Makefile
7@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ)
8
9 shared: buildinf.h lib subdirs
10 if [ -n "$(SHARED_LIBS)" ]; then \
11- (cd ..; $(MAKE) $(SHARED_LIB)); \
12+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
13 fi
14
15 libs:
16Index: openssl-1.0.1e/Makefile.org
17===================================================================
18--- openssl-1.0.1e.orig/Makefile.org
19+++ openssl-1.0.1e/Makefile.org
20@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
21
22 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
23 @if [ "$(SHLIB_TARGET)" != "" ]; then \
24- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
25+ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
26 else \
27 echo "There's no support for shared libraries on this platform" >&2; \
28 exit 1; \
29Index: openssl-1.0.1e/ssl/Makefile
30===================================================================
31--- openssl-1.0.1e.orig/ssl/Makefile
32+++ openssl-1.0.1e/ssl/Makefile
33@@ -62,7 +62,7 @@ lib: $(LIBOBJ)
34
35 shared: lib
36 if [ -n "$(SHARED_LIBS)" ]; then \
37- (cd ..; $(MAKE) $(SHARED_LIB)); \
38+ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
39 fi
40
41 files:
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb
new file mode 100644
index 00000000..f3c20e8c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bb
@@ -0,0 +1,55 @@
1require openssl.inc
2
3# For target side versions of openssl enable support for OCF Linux driver
4# if they are available.
5DEPENDS += "cryptodev-linux"
6
7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
8
9LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
10
11export DIRS = "crypto ssl apps engines"
12export OE_LDFLAGS="${LDFLAGS}"
13
14SRC_URI += "file://configure-targets.patch \
15 file://shared-libs.patch \
16 file://oe-ldflags.patch \
17 file://engines-install-in-libdir-ssl.patch \
18 file://openssl-fix-link.patch \
19 file://debian/version-script.patch \
20 file://debian/pic.patch \
21 file://debian/c_rehash-compat.patch \
22 file://debian/ca.patch \
23 file://debian/make-targets.patch \
24 file://debian/no-rpath.patch \
25 file://debian/man-dir.patch \
26 file://debian/man-section.patch \
27 file://debian/no-symbolic.patch \
28 file://debian/debian-targets.patch \
29 file://openssl_fix_for_x32.patch \
30 file://openssl-fix-doc.patch \
31 file://fix-cipher-des-ede3-cfb1.patch \
32 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
33 file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
34 file://initial-aarch64-bits.patch \
35 file://find.pl \
36 file://openssl-fix-des.pod-error.patch \
37 "
38
39SRC_URI[md5sum] = "de62b43dfcd858e66a74bee1c834e959"
40SRC_URI[sha256sum] = "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028"
41
42PACKAGES =+ " \
43 ${PN}-engines \
44 ${PN}-engines-dbg \
45 "
46
47FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
48FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
49
50PARALLEL_MAKE = ""
51PARALLEL_MAKEINST = ""
52
53do_configure_prepend() {
54 cp ${WORKDIR}/find.pl ${S}/util/find.pl
55}
diff --git a/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
new file mode 100644
index 00000000..89d7339a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-connectivity/openssl/openssl_1.0.1i.bbappend
@@ -0,0 +1,60 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/openssl-fsl:"
2
3RDEPENDS_${PN}_class-target += "cryptodev-module"
4
5# base package is taken from Freescale repository
6SRCBRANCH = "OpenSSL_1_0_1-stable"
7SRC_URI = "git://git.openssl.org/openssl.git;branch=${SRCBRANCH} \
8 file://0001-remove-double-initialization-of-cryptodev-engine.patch \
9 file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
10 file://0003-cryptodev-fix-algorithm-registration.patch \
11 file://0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \
12 file://0005-ECC-Support-header-for-Cryptodev-Engine.patch \
13 file://0006-Fixed-private-key-support-for-DH.patch \
14 file://0007-Fixed-private-key-support-for-DH.patch \
15 file://0008-Initial-support-for-PKC-in-cryptodev-engine.patch \
16 file://0009-Added-hwrng-dev-file-as-source-of-RNG.patch \
17 file://0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \
18 file://0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \
19 file://0012-RSA-Keygen-Fix.patch \
20 file://0013-Removed-local-copy-of-curve_t-type.patch \
21 file://0014-Modulus-parameter-is-not-populated-by-dhparams.patch \
22 file://0015-SW-Backoff-mechanism-for-dsa-keygen.patch \
23 file://0016-Fixed-DH-keygen-pair-generator.patch \
24 file://0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \
25"
26SRCREV = "2b456034457b58454aae3998a2765b6a5b9bc837"
27
28SRC_URI += "file://configure-targets.patch \
29 file://shared-libs.patch \
30 file://oe-ldflags.patch \
31 file://engines-install-in-libdir-ssl.patch \
32 file://openssl-fix-link.patch \
33 file://debian/version-script.patch \
34 file://debian/pic.patch \
35 file://debian/c_rehash-compat.patch \
36 file://debian/ca.patch \
37 file://debian/make-targets.patch \
38 file://debian/no-rpath.patch \
39 file://debian/man-dir.patch \
40 file://debian/man-section.patch \
41 file://debian/no-symbolic.patch \
42 file://debian/debian-targets.patch \
43 file://openssl_fix_for_x32.patch \
44 file://fix-cipher-des-ede3-cfb1.patch \
45 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
46 file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
47 file://initial-aarch64-bits.patch \
48 file://find.pl \
49 file://openssl-fix-des.pod-error.patch \
50 "
51S = "${WORKDIR}/git"
52
53# Digest offloading through cryptodev is not recommended because of the
54# performance penalty of the Openssl engine interface. Openssl generates a huge
55# number of calls to digest functions for even a small amount of work data.
56# For example there are 70 calls to cipher code and over 10000 to digest code
57# when downloading only 10 files of 700 bytes each.
58# Do not build OpenSSL with cryptodev digest support until engine digest
59# interface gets some rework:
60CFLAG := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"
diff --git a/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces
new file mode 100644
index 00000000..3737c8b2
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown/qoriq-ppc/interfaces
@@ -0,0 +1,6 @@
1# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
2
3# The loopback interface
4auto lo
5iface lo inet loopback
6
diff --git a/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend
new file mode 100644
index 00000000..00057874
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/init-ifupdown/init-ifupdown_%.bbappend
@@ -0,0 +1,2 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
2
diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb
new file mode 100644
index 00000000..546f9e8d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq.bb
@@ -0,0 +1,23 @@
1DESCRIPTION = "udev rules for Freescale QorIQ SOCs"
2LICENSE = "MIT"
3LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690"
4
5SRC_URI = "\
6 file://71-fsl-dpaa-persistent-networking.rules \
7 file://72-fsl-dpaa-persistent-networking.rules \
8"
9RULE ?= "71-fsl-dpaa-persistent-networking.rules"
10RULE_e6500 = "72-fsl-dpaa-persistent-networking.rules"
11RULE_e6500-64b = "72-fsl-dpaa-persistent-networking.rules"
12RULE_t1024 = "72-fsl-dpaa-persistent-networking.rules"
13
14do_install () {
15 install -d ${D}${sysconfdir}/udev/rules.d/
16 install -m 0644 ${WORKDIR}/${RULE} ${D}${sysconfdir}/udev/rules.d/
17
18 # skip mmc rpmb partitions
19 echo "/dev/mmcblk.*rpmb" >>${D}${sysconfdir}/udev/mount.blacklist
20 # skip nbd (network block device)
21 echo "/dev/nbd*" >>${D}${sysconfdir}/udev/mount.blacklist
22}
23
diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules
new file mode 100644
index 00000000..6c6dc354
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/71-fsl-dpaa-persistent-networking.rules
@@ -0,0 +1,20 @@
1# Rules for handling naming the DPAA FMan ethernet ports in a consistent way
2SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e0000", NAME="fm1-gb0"
3SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e2000", NAME="fm1-gb1"
4SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e4000", NAME="fm1-gb2"
5SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e6000", NAME="fm1-gb3"
6SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e8000", NAME="fm1-gb4"
7SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f0000", NAME="fm1-10g"
8SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e0000", NAME="fm2-gb0"
9SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e2000", NAME="fm2-gb1"
10SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e4000", NAME="fm2-gb2"
11SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e6000", NAME="fm2-gb3"
12SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e8000", NAME="fm2-gb4"
13SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f0000", NAME="fm2-10g"
14
15# P1023 has its Fman @ different offsets
16SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ff7e0000", NAME="fm1-gb0"
17SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ff7e2000", NAME="fm1-gb1"
18
19# Rename macless0 port to "macless0"
20SUBSYSTEM=="net", ATTR{device_type}=="macless0", NAME="macless0"
diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules
new file mode 100644
index 00000000..d0eec9ce
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/72-fsl-dpaa-persistent-networking.rules
@@ -0,0 +1,24 @@
1# Rules for handling naming the DPAA FMan ethernet ports in a consistent way
2SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e0000", NAME="fm1-mac1"
3SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e2000", NAME="fm1-mac2"
4SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e4000", NAME="fm1-mac3"
5SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e6000", NAME="fm1-mac4"
6SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4e8000", NAME="fm1-mac5"
7SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ea000", NAME="fm1-mac6"
8SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ec000", NAME="fm1-mac7"
9SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4ee000", NAME="fm1-mac8"
10SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f0000", NAME="fm1-mac9"
11SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe4f2000", NAME="fm1-mac10"
12SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e0000", NAME="fm2-mac1"
13SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e2000", NAME="fm2-mac2"
14SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e4000", NAME="fm2-mac3"
15SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e6000", NAME="fm2-mac4"
16SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5e8000", NAME="fm2-mac5"
17SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ea000", NAME="fm2-mac6"
18SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ec000", NAME="fm2-mac7"
19SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5ee000", NAME="fm2-mac8"
20SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f0000", NAME="fm2-mac9"
21SUBSYSTEM=="net", DRIVERS=="fsl_dpa*", ATTR{device_addr}=="ffe5f2000", NAME="fm2-mac10"
22
23# Rename macless0 to "macless0"
24SUBSYSTEM=="net", ATTR{device_type}=="macless0", NAME="macless0"
diff --git a/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules
new file mode 100644
index 00000000..a47efdab
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/udev/udev-rules-qoriq/qoriq-ppc/automount.rules
@@ -0,0 +1,23 @@
1# There are a number of modifiers that are allowed to be used in some
2# of the different fields. They provide the following subsitutions:
3#
4# %n the "kernel number" of the device.
5# For example, 'sda3' has a "kernel number" of '3'
6# %e the smallest number for that name which does not matches an existing node
7# %k the kernel name for the device
8# %M the kernel major number for the device
9# %m the kernel minor number for the device
10# %b the bus id for the device
11# %c the string returned by the PROGRAM
12# %s{filename} the content of a sysfs attribute
13# %% the '%' char itself
14#
15
16SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", GOTO="automount_end"
17
18# Media automounting
19SUBSYSTEM=="block", ACTION=="add" RUN+="/etc/udev/scripts/mount.sh"
20SUBSYSTEM=="block", ACTION=="remove" RUN+="/etc/udev/scripts/mount.sh"
21
22LABEL="automount_end"
23
diff --git a/meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch b/meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch
new file mode 100644
index 00000000..edbc0b3d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/udev/udev/skip-rules-for-mmc-rpmb-partition.patch
@@ -0,0 +1,41 @@
1From 68a780f4cbba18c01d8409faafb1f7904afa86a9 Mon Sep 17 00:00:00 2001
2From: Ting Liu <ting.liu@freescale.com>
3Date: Thu, 31 Jul 2014 16:12:32 +0800
4Subject: [PATCH] skip rules for mmc rpmb partition
5
6Upstream-status: Pending
7
8In FSL SDK 1.6 Kernel, mmc driver has created a new partition
9with "mmcblkXrpmb" if device expresses it support of RPMB.
10
11RPMB (Replay Protected Memory Block), A signed access to a Replay
12Protected Memory Block is provided. This function provides means
13for the system to store data to the specific memory area in an
14authenticated and replay protected manner.
15
16In that case, any read/write access to this partition device will
17report errors which will not impact any fuction.
18
19add rules to skip it.
20
21Signed-off-by: Ting Liu <ting.liu@freescale.com>
22---
23 rules/60-persistent-storage.rules | 2 +-
24 1 file changed, 1 insertion(+), 1 deletion(-)
25
26diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
27index fa687f2..bb3f8f9 100644
28--- a/rules/60-persistent-storage.rules
29+++ b/rules/60-persistent-storage.rules
30@@ -14,7 +14,7 @@ ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_
31 SUBSYSTEM!="block", GOTO="persistent_storage_end"
32
33 # skip rules for inappropriate block devices
34-KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*", GOTO="persistent_storage_end"
35+KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*|mmcblk*rpmb", GOTO="persistent_storage_end"
36
37 # ignore partitions that span the entire disk
38 TEST=="whole_disk", GOTO="persistent_storage_end"
39--
401.8.3.2
41
diff --git a/meta-fsl-ppc/recipes-core/udev/udev_182.bbappend b/meta-fsl-ppc/recipes-core/udev/udev_182.bbappend
new file mode 100644
index 00000000..4eedfd89
--- /dev/null
+++ b/meta-fsl-ppc/recipes-core/udev/udev_182.bbappend
@@ -0,0 +1,6 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
2
3SRC_URI_append_qoriq-ppc = " \
4 file://skip-rules-for-mmc-rpmb-partition.patch \
5"
6
diff --git a/meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb b/meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb
new file mode 100644
index 00000000..32e738e9
--- /dev/null
+++ b/meta-fsl-ppc/recipes-devtools/qemu/qemu_fslgit.bb
@@ -0,0 +1,57 @@
1require recipes-devtools/qemu/qemu.inc
2
3LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
4 file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
5
6# This means QEMU v1.7 with FSL specific patches applied
7PV = "1.7+fsl"
8
9# NOTE: these options are note available in qemu 1.7, but qemu.inc assumes
10# version 2.0+ where they are available. For now we unset them, but we should
11# remove the following lines when upgrading to qemu 2.0+:
12PACKAGECONFIG[quorum] = ""
13PACKAGECONFIG[lzo] = ""
14PACKAGECONFIG[numa] = ""
15PACKAGECONFIG[gtk+] = ""
16
17SRC_URI = "git://git.freescale.com/ppc/sdk/qemu.git;nobranch=1"
18SRCREV = "6ac4597c059d35e2737b234747243e56d340f4db"
19
20S = "${WORKDIR}/git"
21
22QEMU_TARGETS = "ppc"
23PPC_OECONF = '${SDL} --cross-prefix=${TARGET_PREFIX} --disable-werror --disable-vnc --disable-bluez --disable-curl --enable-libusb'
24EXTRA_OECONF_e5500-64b = "--target-list=ppc64-softmmu ${PPC_OECONF}"
25EXTRA_OECONF_e6500-64b = "--target-list=ppc64-softmmu ${PPC_OECONF}"
26EXTRA_OECONF_e6500 = "--target-list=ppc64-softmmu ${PPC_OECONF}"
27EXTRA_OECONF_e5500 = "--target-list=ppc64-softmmu ${PPC_OECONF}"
28EXTRA_OECONF_e500v2 = "--target-list=ppc-softmmu ${PPC_OECONF}"
29EXTRA_OECONF_e500mc = "--target-list=ppc-softmmu ${PPC_OECONF}"
30
31do_configure_prepend() {
32 export PKG_CONFIG=${STAGING_DIR_NATIVE}${bindir_native}/pkg-config
33}
34
35do_configure_append () {
36 grep 'CONFIG_FDT=y' config-host.mak
37}
38
39# gets around qemu.inc trying to install powerpc_rom.bin
40do_install_prepend() {
41 touch ${WORKDIR}/powerpc_rom.bin
42}
43
44do_install_append() {
45 rm ${WORKDIR}/powerpc_rom.bin
46 # Prevent QA warnings about installed ${localstatedir}/run
47 if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
48}
49
50INSANE_SKIP_${PN} += "dev-deps"
51
52# This is only meant to be build to run on the target
53# for the given arch types listed, otherwise don't let
54# the package get built. COMPATIBLE_HOST would not work
55# because it was too generic
56COMPATIBLE_MACHINE = "a^"
57COMPATIBLE_MACHINE_libc-glibc_qoriq-ppc = ".*"
diff --git a/meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb b/meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb
new file mode 100644
index 00000000..878121f2
--- /dev/null
+++ b/meta-fsl-ppc/recipes-dpaa/eth-config/eth-config_git.bb
@@ -0,0 +1,17 @@
1DESCRIPTION = "Ethernet Configuration Files"
2SECTION = "eth-config"
3LICENSE = "BSD & GPLv2+"
4LIC_FILES_CHKSUM = "file://COPYING;md5=8ed5eddbfbb84af5089ea94c382d423c"
5
6PR = "r2"
7
8SRC_URI = "git://git.freescale.com/ppc/sdk/eth-config.git;branch=sdk-v1.7.x"
9SRCREV = "8040e0b1a7cb18cecfe0c7657d42f59f222b7930"
10
11S = "${WORKDIR}/git"
12
13EXTRA_OEMAKE = "D=${D}"
14
15do_install() {
16 oe_runmake install
17}
diff --git a/meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb b/meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb
new file mode 100644
index 00000000..3ac7886b
--- /dev/null
+++ b/meta-fsl-ppc/recipes-dpaa/flib/flib_git.bb
@@ -0,0 +1,15 @@
1DESCRIPTION = "Foundation Library"
2SECTION = "flib"
3LICENSE = "BSD & GPLv2"
4LIC_FILES_CHKSUM = "file://COPYING;md5=75d2f6a74299640c05ae6c69ed7a4ad6"
5
6SRC_URI = "git://git.freescale.com/ppc/sdk/flib.git;nobranch=1"
7SRCREV = "4bd48d4d6dbb1bd57c3c608fe66e97f4eb8e05b9"
8
9S = "${WORKDIR}/git"
10
11do_install(){
12 oe_runmake install DESTDIR=${D}
13}
14
15ALLOW_EMPTY_${PN} = "1"
diff --git a/meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb b/meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb
new file mode 100644
index 00000000..1bb70988
--- /dev/null
+++ b/meta-fsl-ppc/recipes-dpaa/fm-ucode/fm-ucode_git.bb
@@ -0,0 +1,37 @@
1DESCRIPTION = "Fman microcode binary"
2SECTION = "fm-ucode"
3LICENSE = "Freescale-EULA"
4LIC_FILES_CHKSUM = "file://EULA;md5=60037ccba533a5995e8d1a838d85799c"
5
6PR = "r1"
7
8inherit deploy
9
10SRC_URI = "git://git.freescale.com/ppc/sdk/fm-ucode.git;nobranch=1"
11SRCREV = "4cda2e3f36408ded79022cf599260add07769786"
12
13S = "${WORKDIR}/git"
14
15REGLEX ?= "${MACHINE}"
16REGLEX_t1042 = "t1040"
17REGLEX_b4420 = "b4860"
18REGLEX_t4160 = "t4240"
19
20do_install () {
21 UCODE=`echo ${REGLEX} | sed -e 's,-.*$,,' -e 's,[a-zA-Z]*$,,'`
22 install -d ${D}/boot
23 install -m 644 fsl_fman_ucode_${UCODE}*.bin ${D}/boot/
24}
25
26do_deploy () {
27 UCODE=`echo ${REGLEX} | sed -e 's,-.*$,,' -e 's,[a-zA-Z]*$,,'`
28 install -d ${DEPLOYDIR}/
29 install -m 644 fsl_fman_ucode_${UCODE}*.bin ${DEPLOYDIR}/
30}
31addtask deploy before do_build after do_install
32
33PACKAGES += "${PN}-image"
34FILES_${PN}-image += "/boot"
35ALLOW_EMPTY_${PN} = "1"
36COMPATIBLE_MACHINE = "(p1023rdb|e500mc|e5500|e5500-64b|e6500|e6500-64b)"
37
diff --git a/meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb b/meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb
new file mode 100644
index 00000000..a9da96f8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-dpaa/fmc/fmc_git.bb
@@ -0,0 +1,53 @@
1DESCRIPTION = "Frame Manager Configuration tool"
2SECTION = "fmc"
3LICENSE = "MIT"
4LIC_FILES_CHKSUM = "file://COPYING;md5=a504ab5a8ff235e67c7301214749346c"
5
6PR = "r2"
7
8SRC_URI = "git://git.freescale.com/ppc/sdk/fmc.git;nobranch=1"
9SRCREV = "4f4a3ebe447c3c982d453596a82af7b40ac3a28a"
10
11DEPENDS = "libxml2 fmlib tclap"
12
13PACKAGE_ARCH = "${MACHINE_ARCH}"
14COMPATIBLE_HOST_qoriq-ppc = ".*"
15COMPATIBLE_HOST ?= "(none)"
16
17S = "${WORKDIR}/git"
18
19EXTRA_OEMAKE = 'FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \
20 FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \
21 TCLAP_HEADER_PATH="${STAGING_INCDIR}" '
22EXTRA_OEMAKE_virtclass-native = 'FMCHOSTMODE=1 FMD_USPACE_HEADER_PATH="${STAGING_INCDIR}/fmd" \
23 FMD_USPACE_LIB_PATH="${STAGING_LIBDIR}" LIBXML2_HEADER_PATH="${STAGING_INCDIR}/libxml2" \
24 TCLAP_HEADER_PATH="${STAGING_INCDIR}" '
25
26PARALLEL_MAKE = ""
27
28do_compile () {
29 if echo ${MACHINE} | egrep -q "^(b4|t1|t2|t4)"; then
30 EXTRA_OEMAKE_PLATFORM="b4860qds"
31 elif [ "p1023rds" = "${MACHINE}" ];then
32 EXTRA_OEMAKE_PLATFORM="p1023rds"
33 else
34 EXTRA_OEMAKE_PLATFORM=""
35 fi
36 oe_runmake MACHINE=${EXTRA_OEMAKE_PLATFORM} -C source
37}
38
39do_install () {
40 install -d ${D}/${bindir}
41 install -m 755 ${S}/source/fmc ${D}/${bindir}/fmc
42
43 install -d ${D}/etc/fmc/config
44 install -m 644 ${S}/etc/fmc/config/hxs_pdl_v3.xml ${D}/etc/fmc/config
45
46 install -d ${D}/${includedir}/fmc
47 install ${S}/source/fmc.h ${D}/${includedir}/fmc
48
49 install -d ${D}/${libdir}
50 install ${S}/source/libfmc.a ${D}/${libdir}
51}
52
53BBCLASSEXTEND = "native"
diff --git a/meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb b/meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb
new file mode 100644
index 00000000..4d394a5d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-dpaa/fmlib/fmlib_git.bb
@@ -0,0 +1,45 @@
1DESCRIPTION = "Frame Manager User Space Library"
2SECTION = "fman"
3LICENSE = "BSD & GPLv2"
4LIC_FILES_CHKSUM = "file://COPYING;md5=3f16fa8e677e45af3127c5c4bafc3c00"
5
6PR = "r1"
7
8DEPENDS += "virtual/kernel"
9DEPENDS_virtclass-native = ""
10
11SRC_URI = "git://git.freescale.com/ppc/sdk/fmlib.git;nobranch=1"
12SRCREV = "661d7822aa182f720029134008d7e1db07b0d504"
13
14S = "${WORKDIR}/git"
15
16TARGET_ARCH_FMLIB = "${DEFAULTTUNE}"
17TARGET_ARCH_FMLIB_e5500 = "ppc32e5500"
18TARGET_ARCH_FMLIB_e6500 = "ppc32e6500"
19COMPATIBLE_HOST_qoriq-ppc = ".*"
20COMPATIBLE_HOST ?= "(none)"
21
22EXTRA_OEMAKE = "DESTDIR=${D} PREFIX=${prefix} LIB_DEST_DIR=${libdir} \
23 CROSS_COMPILE=${TARGET_PREFIX} KERNEL_SRC=${STAGING_KERNEL_DIR}"
24
25FMLIB_TARGET = "libfm-${TARGET_ARCH_FMLIB}"
26FMLIB_TARGET_t1 = "libfm-${TARGET_ARCH_FMLIB}-fmv3"
27do_compile () {
28 oe_runmake ${FMLIB_TARGET}.a
29}
30
31do_compile_virtclass-native () {
32}
33
34do_install () {
35 oe_runmake install-${FMLIB_TARGET}
36}
37
38do_install_virtclass-native () {
39 install -d ${D}/${includedir}
40 cp -rf ${S}/include/* ${D}/${includedir}
41}
42
43ALLOW_EMPTY_${PN} = "1"
44
45BBCLASSEXTEND = "native"
diff --git a/meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb b/meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb
new file mode 100644
index 00000000..e6bf5f6c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-dpaa/usdpaa/usdpaa_git.bb
@@ -0,0 +1,62 @@
1DESCRIPTION = "User-Space Data-Path Acceleration Architecture drivers"
2LICENSE = "BSD & GPLv2"
3LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=39e58bedc879163c9338596e52df5b1f"
4PR = "r4"
5
6inherit pkgconfig
7
8PACKAGE_ARCH = "${MACHINE_ARCH}"
9
10DEPENDS = "libxml2 libedit ncurses readline flib fmc"
11DEPENDS_append_b4860qds = " ipc-ust"
12DEPENDS_append_b4420qds = " ipc-ust"
13
14RDEPENDS_${PN} = "libgcc bash"
15
16SRC_URI = "git://git.freescale.com/ppc/sdk/usdpaa.git;nobranch=1"
17SRCREV = "d9975948bb6bf9fdcec189c0f1c31ce45f74961c"
18
19S = "${WORKDIR}/git"
20
21EXTRA_OEMAKE = 'CC="${CC}" LD="${LD}" AR="${AR}"'
22export ARCH="${TARGET_ARCH}"
23
24SOC ?= "P4080"
25SOC_b4 = "B4860"
26SOC_t1 = "T1040"
27SOC_t2 = "T2080"
28SOC_t4 = "T4240"
29SOC_p1023rdb = "P1023"
30
31FMAN_VARIANT ?= "P4080"
32FMAN_VARIANT_b4 = "B4860"
33FMAN_VARIANT_t1 = "B4860"
34FMAN_VARIANT_t2 = "B4860"
35FMAN_VARIANT_t4 = "B4860"
36FMAN_VARIANT_p1023rdb = "P1023"
37
38do_compile_prepend () {
39 export SOC=${SOC}
40 export FMC_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmc"
41 export FMLIB_EXTRA_CFLAGS="-I ${STAGING_INCDIR}/fmd \
42 -I ${STAGING_INCDIR}/fmd/Peripherals \
43 -I ${STAGING_INCDIR}/fmd/integrations \
44 -D${FMAN_VARIANT}"
45
46 export LIBXML2_CFLAGS="$(pkg-config --cflags libxml-2.0)"
47 export LIBXML2_LDFLAGS="$(pkg-config --libs --static libxml-2.0)"
48 export LIBEDIT_CFLAGS="$(pkg-config --cflags libedit)"
49 export LIBEDIT_LDFLAGS="$(pkg-config --libs --static libedit)"
50}
51
52do_install () {
53 export SOC=${SOC}
54 oe_runmake install DESTDIR=${D}
55}
56
57PARALLEL_MAKE_pn-${PN} = ""
58FILES_${PN} += "/root/SOURCE_THIS /usr/etc/"
59
60COMPATIBLE_HOST_qoriq-ppc = ".*"
61COMPATIBLE_HOST ?= "(none)"
62
diff --git a/meta-fsl-ppc/recipes-extended/cst/cst_git.bb b/meta-fsl-ppc/recipes-extended/cst/cst_git.bb
new file mode 100644
index 00000000..e9f1b6f0
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/cst/cst_git.bb
@@ -0,0 +1,26 @@
1SUMMARY = "utility for security boot"
2SECTION = "cst"
3LICENSE = "BSD"
4
5# TODO: fix license - this file is not a license
6LIC_FILES_CHKSUM = "file://RELEASENOTES;beginline=8;endline=43;md5=5a7b22a2c96b5f94e0498c5f413aa8d3"
7
8DEPENDS += "openssl"
9
10inherit kernel-arch
11
12SRC_URI = "git://git.freescale.com/ppc/sdk/cst.git;nobranch=1"
13SRCREV = "2d35e98539c0daa2bc8049e3bd44994d3d93bbe7"
14
15S = "${WORKDIR}/git"
16
17EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}"'
18
19PARALLEL_MAKE = ""
20
21do_install () {
22 oe_runmake install DESTDIR=${D} BIN_DEST_DIR=${bindir}
23}
24
25FILES_${PN}-dbg += "${bindir}/cst/.debug"
26BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README b/meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README
new file mode 100644
index 00000000..8f0d85af
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/merge-files/merge-files/merge/README
@@ -0,0 +1,7 @@
1This package is used to merge specified files into rootfs.
2
3Steps:
41> copy files to recipes-*/merge-files/merge-files/merge/
52> add 'IMAGE_INSTALL += "merge-files"' into rootfs recipe
63> bitbake <rootfs_image_type>
7
diff --git a/meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb b/meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb
new file mode 100644
index 00000000..f64b909f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/merge-files/merge-files_1.0.bb
@@ -0,0 +1,25 @@
1DESCRIPTION = "Merge prebuilt/extra files into rootfs"
2LICENSE = "MIT"
3LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
4 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
5
6inherit allarch
7
8SRC_URI = "file://merge"
9
10MERGED_DST ?= "${ROOT_HOME}"
11do_install () {
12 install -d ${D}/${MERGED_DST}
13 find ${WORKDIR}/merge/ -maxdepth 1 -mindepth 1 -not -name README \
14 -exec cp -fr '{}' ${D}/${MERGED_DST}/ \;
15 find ${WORKDIR}/merge/ -maxdepth 1 -mindepth 1 -exec rm -fr '{}' \;
16}
17do_unpack[nostamp] = "1"
18do_install[nostamp] = "1"
19do_configure[noexec] = "1"
20do_compile[noexec] = "1"
21
22FILES_${PN} = "/*"
23ALLOW_EMPTY_${PN} = "1"
24INSANE_SKIP_${PN} = "debug-files dev-so"
25
diff --git a/meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend b/meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend
new file mode 100644
index 00000000..face0ccc
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/procps/procps_%.bbappend
@@ -0,0 +1,9 @@
1do_install_append_qoriq-ppc() {
2 for keyword in \
3 net.ipv4.conf.default.rp_filter \
4 net.ipv4.conf.all.rp_filter \
5 ; do
6 sed -i 's,'"$keyword"'=.*,'"$keyword"'=0,' ${D}${sysconfdir}/sysctl.conf
7 done
8}
9
diff --git a/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch
new file mode 100644
index 00000000..2a7bb9f2
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep/add-two-missing-header-files.patch
@@ -0,0 +1,660 @@
1add two missing header files
2
3Upstream-status: Pending
4
5---
6 include/linux/fsl_pci_ep_vfio.h | 79 ++++++
7 include/linux/vfio.h | 555 ++++++++++++++++++++++++++++++++++++++++
8 2 files changed, 634 insertions(+)
9 create mode 100644 include/linux/fsl_pci_ep_vfio.h
10 create mode 100644 include/linux/vfio.h
11
12diff --git a/include/linux/fsl_pci_ep_vfio.h b/include/linux/fsl_pci_ep_vfio.h
13new file mode 100644
14index 0000000..8960157
15--- /dev/null
16+++ b/include/linux/fsl_pci_ep_vfio.h
17@@ -0,0 +1,79 @@
18+/*
19+ * Copyright 2013 Freescale Semiconductor, Inc.
20+ *
21+ * Author: Minghuan Lian <Minghuan.Lian@freescale.com>
22+ *
23+ * This program is free software; you can redistribute it and/or modify
24+ * it under the terms of the GNU General Public License, version 2, as
25+ * published by the Free Software Foundation.
26+ *
27+ * This program is distributed in the hope that it will be useful,
28+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
29+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30+ * GNU General Public License for more details.
31+ *
32+ * You should have received a copy of the GNU General Public License
33+ * along with this program; if not, write to the Free Software
34+ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
35+ *
36+ */
37+
38+#ifndef _FSL_PCI_EP_VFIO_H
39+#define _FSL_PCI_EP_VFIO_H
40+
41+#include <linux/vfio.h>
42+
43+enum {
44+ PCI_EP_TYPE_PF,
45+ PCI_EP_TYPE_VF,
46+};
47+
48+enum PCI_EP_REGION_TYPE {
49+ PCI_EP_REGION_IBWIN,
50+ PCI_EP_REGION_OBWIN,
51+ PCI_EP_REGION_VF_IBWIN,
52+ PCI_EP_REGION_VF_OBWIN,
53+ PCI_EP_REGION_REGS,
54+ PCI_EP_REGION_CONFIG,
55+ PCI_EP_REGION_MEM,
56+ PCI_EP_REGION_MSIX_OBWIN
57+};
58+
59+enum PCI_EP_REGION_INDEX {
60+ PCI_EP_WIN0_INDEX,
61+ PCI_EP_WIN1_INDEX,
62+ PCI_EP_WIN2_INDEX,
63+ PCI_EP_WIN3_INDEX,
64+ PCI_EP_WIN4_INDEX,
65+ PCI_EP_WIN5_INDEX,
66+};
67+
68+#define PCI_EP_MSI_WIN_INDEX PCI_EP_WIN1_INDEX
69+#define PCI_EP_CCSR_WIN_INDEX PCI_EP_WIN0_INDEX
70+#define PCI_EP_DEFAULT_OW_INDEX PCI_EP_WIN0_INDEX
71+
72+struct pci_ep_win {
73+ uint64_t pci_addr;
74+ uint64_t cpu_addr;
75+ uint64_t size;
76+ uint64_t offset;
77+ uint32_t attr;
78+ uint32_t type;
79+ uint32_t idx;
80+};
81+
82+#define VFIO_DEVICE_SET_WIN_INFO _IO(VFIO_TYPE, VFIO_BASE + 20)
83+#define VFIO_DEVICE_GET_WIN_INFO _IO(VFIO_TYPE, VFIO_BASE + 21)
84+
85+struct pci_ep_info {
86+ uint32_t type;
87+ uint32_t pf_idx;
88+ uint32_t vf_idx;
89+ uint32_t iw_num;
90+ uint32_t ow_num;
91+ uint32_t vf_iw_num;
92+ uint32_t vf_ow_num;
93+ bool msix_enable;
94+};
95+
96+#endif
97diff --git a/include/linux/vfio.h b/include/linux/vfio.h
98new file mode 100644
99index 0000000..44578d2
100--- /dev/null
101+++ b/include/linux/vfio.h
102@@ -0,0 +1,555 @@
103+/*
104+ * VFIO API definition
105+ *
106+ * Copyright (C) 2012 Red Hat, Inc. All rights reserved.
107+ * Author: Alex Williamson <alex.williamson@redhat.com>
108+ *
109+ * This program is free software; you can redistribute it and/or modify
110+ * it under the terms of the GNU General Public License version 2 as
111+ * published by the Free Software Foundation.
112+ */
113+#ifndef _UAPIVFIO_H
114+#define _UAPIVFIO_H
115+
116+#include <linux/types.h>
117+#include <linux/ioctl.h>
118+
119+#define VFIO_API_VERSION 0
120+
121+
122+/* Kernel & User level defines for VFIO IOCTLs. */
123+
124+/* Extensions */
125+
126+#define VFIO_TYPE1_IOMMU 1
127+#define VFIO_SPAPR_TCE_IOMMU 2
128+#define VFIO_FSL_PAMU_IOMMU 1000
129+#define VFIO_IOMMU_DUMMY 1001
130+
131+/*
132+ * The IOCTL interface is designed for extensibility by embedding the
133+ * structure length (argsz) and flags into structures passed between
134+ * kernel and userspace. We therefore use the _IO() macro for these
135+ * defines to avoid implicitly embedding a size into the ioctl request.
136+ * As structure fields are added, argsz will increase to match and flag
137+ * bits will be defined to indicate additional fields with valid data.
138+ * It's *always* the caller's responsibility to indicate the size of
139+ * the structure passed by setting argsz appropriately.
140+ */
141+
142+#define VFIO_TYPE (';')
143+#define VFIO_BASE 100
144+
145+/* -------- IOCTLs for VFIO file descriptor (/dev/vfio/vfio) -------- */
146+
147+/**
148+ * VFIO_GET_API_VERSION - _IO(VFIO_TYPE, VFIO_BASE + 0)
149+ *
150+ * Report the version of the VFIO API. This allows us to bump the entire
151+ * API version should we later need to add or change features in incompatible
152+ * ways.
153+ * Return: VFIO_API_VERSION
154+ * Availability: Always
155+ */
156+#define VFIO_GET_API_VERSION _IO(VFIO_TYPE, VFIO_BASE + 0)
157+
158+/**
159+ * VFIO_CHECK_EXTENSION - _IOW(VFIO_TYPE, VFIO_BASE + 1, __u32)
160+ *
161+ * Check whether an extension is supported.
162+ * Return: 0 if not supported, 1 (or some other positive integer) if supported.
163+ * Availability: Always
164+ */
165+#define VFIO_CHECK_EXTENSION _IO(VFIO_TYPE, VFIO_BASE + 1)
166+
167+/**
168+ * VFIO_SET_IOMMU - _IOW(VFIO_TYPE, VFIO_BASE + 2, __s32)
169+ *
170+ * Set the iommu to the given type. The type must be supported by an
171+ * iommu driver as verified by calling CHECK_EXTENSION using the same
172+ * type. A group must be set to this file descriptor before this
173+ * ioctl is available. The IOMMU interfaces enabled by this call are
174+ * specific to the value set.
175+ * Return: 0 on success, -errno on failure
176+ * Availability: When VFIO group attached
177+ */
178+#define VFIO_SET_IOMMU _IO(VFIO_TYPE, VFIO_BASE + 2)
179+
180+/* -------- IOCTLs for GROUP file descriptors (/dev/vfio/$GROUP) -------- */
181+
182+/**
183+ * VFIO_GROUP_GET_STATUS - _IOR(VFIO_TYPE, VFIO_BASE + 3,
184+ * struct vfio_group_status)
185+ *
186+ * Retrieve information about the group. Fills in provided
187+ * struct vfio_group_info. Caller sets argsz.
188+ * Return: 0 on succes, -errno on failure.
189+ * Availability: Always
190+ */
191+struct vfio_group_status {
192+ __u32 argsz;
193+ __u32 flags;
194+#define VFIO_GROUP_FLAGS_VIABLE (1 << 0)
195+#define VFIO_GROUP_FLAGS_CONTAINER_SET (1 << 1)
196+};
197+#define VFIO_GROUP_GET_STATUS _IO(VFIO_TYPE, VFIO_BASE + 3)
198+
199+/**
200+ * VFIO_GROUP_SET_CONTAINER - _IOW(VFIO_TYPE, VFIO_BASE + 4, __s32)
201+ *
202+ * Set the container for the VFIO group to the open VFIO file
203+ * descriptor provided. Groups may only belong to a single
204+ * container. Containers may, at their discretion, support multiple
205+ * groups. Only when a container is set are all of the interfaces
206+ * of the VFIO file descriptor and the VFIO group file descriptor
207+ * available to the user.
208+ * Return: 0 on success, -errno on failure.
209+ * Availability: Always
210+ */
211+#define VFIO_GROUP_SET_CONTAINER _IO(VFIO_TYPE, VFIO_BASE + 4)
212+
213+/**
214+ * VFIO_GROUP_UNSET_CONTAINER - _IO(VFIO_TYPE, VFIO_BASE + 5)
215+ *
216+ * Remove the group from the attached container. This is the
217+ * opposite of the SET_CONTAINER call and returns the group to
218+ * an initial state. All device file descriptors must be released
219+ * prior to calling this interface. When removing the last group
220+ * from a container, the IOMMU will be disabled and all state lost,
221+ * effectively also returning the VFIO file descriptor to an initial
222+ * state.
223+ * Return: 0 on success, -errno on failure.
224+ * Availability: When attached to container
225+ */
226+#define VFIO_GROUP_UNSET_CONTAINER _IO(VFIO_TYPE, VFIO_BASE + 5)
227+
228+/**
229+ * VFIO_GROUP_GET_DEVICE_FD - _IOW(VFIO_TYPE, VFIO_BASE + 6, char)
230+ *
231+ * Return a new file descriptor for the device object described by
232+ * the provided string. The string should match a device listed in
233+ * the devices subdirectory of the IOMMU group sysfs entry. The
234+ * group containing the device must already be added to this context.
235+ * Return: new file descriptor on success, -errno on failure.
236+ * Availability: When attached to container
237+ */
238+#define VFIO_GROUP_GET_DEVICE_FD _IO(VFIO_TYPE, VFIO_BASE + 6)
239+
240+/* --------------- IOCTLs for DEVICE file descriptors --------------- */
241+
242+/**
243+ * VFIO_DEVICE_GET_INFO - _IOR(VFIO_TYPE, VFIO_BASE + 7,
244+ * struct vfio_device_info)
245+ *
246+ * Retrieve information about the device. Fills in provided
247+ * struct vfio_device_info. Caller sets argsz.
248+ * Return: 0 on success, -errno on failure.
249+ */
250+struct vfio_device_info {
251+ __u32 argsz;
252+ __u32 flags;
253+#define VFIO_DEVICE_FLAGS_RESET (1 << 0) /* Device supports reset */
254+#define VFIO_DEVICE_FLAGS_PCI (1 << 1) /* vfio-pci device */
255+ __u32 num_regions; /* Max region index + 1 */
256+ __u32 num_irqs; /* Max IRQ index + 1 */
257+};
258+#define VFIO_DEVICE_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 7)
259+
260+/**
261+ * VFIO_DEVICE_GET_REGION_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 8,
262+ * struct vfio_region_info)
263+ *
264+ * Retrieve information about a device region. Caller provides
265+ * struct vfio_region_info with index value set. Caller sets argsz.
266+ * Implementation of region mapping is bus driver specific. This is
267+ * intended to describe MMIO, I/O port, as well as bus specific
268+ * regions (ex. PCI config space). Zero sized regions may be used
269+ * to describe unimplemented regions (ex. unimplemented PCI BARs).
270+ * Return: 0 on success, -errno on failure.
271+ */
272+struct vfio_region_info {
273+ __u32 argsz;
274+ __u32 flags;
275+#define VFIO_REGION_INFO_FLAG_READ (1 << 0) /* Region supports read */
276+#define VFIO_REGION_INFO_FLAG_WRITE (1 << 1) /* Region supports write */
277+#define VFIO_REGION_INFO_FLAG_MMAP (1 << 2) /* Region supports mmap */
278+ __u32 index; /* Region index */
279+ __u32 resv; /* Reserved for alignment */
280+ __u64 size; /* Region size (bytes) */
281+ __u64 offset; /* Region offset from start of device fd */
282+};
283+#define VFIO_DEVICE_GET_REGION_INFO _IO(VFIO_TYPE, VFIO_BASE + 8)
284+
285+/**
286+ * VFIO_DEVICE_GET_IRQ_INFO - _IOWR(VFIO_TYPE, VFIO_BASE + 9,
287+ * struct vfio_irq_info)
288+ *
289+ * Retrieve information about a device IRQ. Caller provides
290+ * struct vfio_irq_info with index value set. Caller sets argsz.
291+ * Implementation of IRQ mapping is bus driver specific. Indexes
292+ * using multiple IRQs are primarily intended to support MSI-like
293+ * interrupt blocks. Zero count irq blocks may be used to describe
294+ * unimplemented interrupt types.
295+ *
296+ * The EVENTFD flag indicates the interrupt index supports eventfd based
297+ * signaling.
298+ *
299+ * The MASKABLE flags indicates the index supports MASK and UNMASK
300+ * actions described below.
301+ *
302+ * AUTOMASKED indicates that after signaling, the interrupt line is
303+ * automatically masked by VFIO and the user needs to unmask the line
304+ * to receive new interrupts. This is primarily intended to distinguish
305+ * level triggered interrupts.
306+ *
307+ * The NORESIZE flag indicates that the interrupt lines within the index
308+ * are setup as a set and new subindexes cannot be enabled without first
309+ * disabling the entire index. This is used for interrupts like PCI MSI
310+ * and MSI-X where the driver may only use a subset of the available
311+ * indexes, but VFIO needs to enable a specific number of vectors
312+ * upfront. In the case of MSI-X, where the user can enable MSI-X and
313+ * then add and unmask vectors, it's up to userspace to make the decision
314+ * whether to allocate the maximum supported number of vectors or tear
315+ * down setup and incrementally increase the vectors as each is enabled.
316+ */
317+struct vfio_irq_info {
318+ __u32 argsz;
319+ __u32 flags;
320+#define VFIO_IRQ_INFO_EVENTFD (1 << 0)
321+#define VFIO_IRQ_INFO_MASKABLE (1 << 1)
322+#define VFIO_IRQ_INFO_AUTOMASKED (1 << 2)
323+#define VFIO_IRQ_INFO_NORESIZE (1 << 3)
324+ __u32 index; /* IRQ index */
325+ __u32 count; /* Number of IRQs within this index */
326+};
327+#define VFIO_DEVICE_GET_IRQ_INFO _IO(VFIO_TYPE, VFIO_BASE + 9)
328+
329+/**
330+ * VFIO_DEVICE_SET_IRQS - _IOW(VFIO_TYPE, VFIO_BASE + 10, struct vfio_irq_set)
331+ *
332+ * Set signaling, masking, and unmasking of interrupts. Caller provides
333+ * struct vfio_irq_set with all fields set. 'start' and 'count' indicate
334+ * the range of subindexes being specified.
335+ *
336+ * The DATA flags specify the type of data provided. If DATA_NONE, the
337+ * operation performs the specified action immediately on the specified
338+ * interrupt(s). For example, to unmask AUTOMASKED interrupt [0,0]:
339+ * flags = (DATA_NONE|ACTION_UNMASK), index = 0, start = 0, count = 1.
340+ *
341+ * DATA_BOOL allows sparse support for the same on arrays of interrupts.
342+ * For example, to mask interrupts [0,1] and [0,3] (but not [0,2]):
343+ * flags = (DATA_BOOL|ACTION_MASK), index = 0, start = 1, count = 3,
344+ * data = {1,0,1}
345+ *
346+ * DATA_EVENTFD binds the specified ACTION to the provided __s32 eventfd.
347+ * A value of -1 can be used to either de-assign interrupts if already
348+ * assigned or skip un-assigned interrupts. For example, to set an eventfd
349+ * to be trigger for interrupts [0,0] and [0,2]:
350+ * flags = (DATA_EVENTFD|ACTION_TRIGGER), index = 0, start = 0, count = 3,
351+ * data = {fd1, -1, fd2}
352+ * If index [0,1] is previously set, two count = 1 ioctls calls would be
353+ * required to set [0,0] and [0,2] without changing [0,1].
354+ *
355+ * Once a signaling mechanism is set, DATA_BOOL or DATA_NONE can be used
356+ * with ACTION_TRIGGER to perform kernel level interrupt loopback testing
357+ * from userspace (ie. simulate hardware triggering).
358+ *
359+ * Setting of an event triggering mechanism to userspace for ACTION_TRIGGER
360+ * enables the interrupt index for the device. Individual subindex interrupts
361+ * can be disabled using the -1 value for DATA_EVENTFD or the index can be
362+ * disabled as a whole with: flags = (DATA_NONE|ACTION_TRIGGER), count = 0.
363+ *
364+ * Note that ACTION_[UN]MASK specify user->kernel signaling (irqfds) while
365+ * ACTION_TRIGGER specifies kernel->user signaling.
366+ */
367+struct vfio_irq_set {
368+ __u32 argsz;
369+ __u32 flags;
370+#define VFIO_IRQ_SET_DATA_NONE (1 << 0) /* Data not present */
371+#define VFIO_IRQ_SET_DATA_BOOL (1 << 1) /* Data is bool (u8) */
372+#define VFIO_IRQ_SET_DATA_EVENTFD (1 << 2) /* Data is eventfd (s32) */
373+#define VFIO_IRQ_SET_ACTION_MASK (1 << 3) /* Mask interrupt */
374+#define VFIO_IRQ_SET_ACTION_UNMASK (1 << 4) /* Unmask interrupt */
375+#define VFIO_IRQ_SET_ACTION_TRIGGER (1 << 5) /* Trigger interrupt */
376+ __u32 index;
377+ __u32 start;
378+ __u32 count;
379+ __u8 data[];
380+};
381+#define VFIO_DEVICE_SET_IRQS _IO(VFIO_TYPE, VFIO_BASE + 10)
382+
383+#define VFIO_IRQ_SET_DATA_TYPE_MASK (VFIO_IRQ_SET_DATA_NONE | \
384+ VFIO_IRQ_SET_DATA_BOOL | \
385+ VFIO_IRQ_SET_DATA_EVENTFD)
386+#define VFIO_IRQ_SET_ACTION_TYPE_MASK (VFIO_IRQ_SET_ACTION_MASK | \
387+ VFIO_IRQ_SET_ACTION_UNMASK | \
388+ VFIO_IRQ_SET_ACTION_TRIGGER)
389+/**
390+ * VFIO_DEVICE_RESET - _IO(VFIO_TYPE, VFIO_BASE + 11)
391+ *
392+ * Reset a device.
393+ */
394+#define VFIO_DEVICE_RESET _IO(VFIO_TYPE, VFIO_BASE + 11)
395+
396+/*
397+ * The VFIO-PCI bus driver makes use of the following fixed region and
398+ * IRQ index mapping. Unimplemented regions return a size of zero.
399+ * Unimplemented IRQ types return a count of zero.
400+ */
401+
402+enum {
403+ VFIO_PCI_BAR0_REGION_INDEX,
404+ VFIO_PCI_BAR1_REGION_INDEX,
405+ VFIO_PCI_BAR2_REGION_INDEX,
406+ VFIO_PCI_BAR3_REGION_INDEX,
407+ VFIO_PCI_BAR4_REGION_INDEX,
408+ VFIO_PCI_BAR5_REGION_INDEX,
409+ VFIO_PCI_ROM_REGION_INDEX,
410+ VFIO_PCI_CONFIG_REGION_INDEX,
411+ /*
412+ * Expose VGA regions defined for PCI base class 03, subclass 00.
413+ * This includes I/O port ranges 0x3b0 to 0x3bb and 0x3c0 to 0x3df
414+ * as well as the MMIO range 0xa0000 to 0xbffff. Each implemented
415+ * range is found at it's identity mapped offset from the region
416+ * offset, for example 0x3b0 is region_info.offset + 0x3b0. Areas
417+ * between described ranges are unimplemented.
418+ */
419+ VFIO_PCI_VGA_REGION_INDEX,
420+ VFIO_PCI_NUM_REGIONS
421+};
422+
423+enum {
424+ VFIO_PCI_INTX_IRQ_INDEX,
425+ VFIO_PCI_MSI_IRQ_INDEX,
426+ VFIO_PCI_MSIX_IRQ_INDEX,
427+ VFIO_PCI_ERR_IRQ_INDEX,
428+ VFIO_PCI_NUM_IRQS
429+};
430+
431+/**
432+ * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IORW(VFIO_TYPE, VFIO_BASE + 12,
433+ * struct vfio_pci_hot_reset_info)
434+ *
435+ * Return: 0 on success, -errno on failure:
436+ * -enospc = insufficient buffer, -enodev = unsupported for device.
437+ */
438+struct vfio_pci_dependent_device {
439+ __u32 group_id;
440+ __u16 segment;
441+ __u8 bus;
442+ __u8 devfn; /* Use PCI_SLOT/PCI_FUNC */
443+};
444+
445+struct vfio_pci_hot_reset_info {
446+ __u32 argsz;
447+ __u32 flags;
448+ __u32 count;
449+ struct vfio_pci_dependent_device devices[];
450+};
451+
452+#define VFIO_DEVICE_GET_PCI_HOT_RESET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
453+
454+/**
455+ * VFIO_DEVICE_PCI_HOT_RESET - _IOW(VFIO_TYPE, VFIO_BASE + 13,
456+ * struct vfio_pci_hot_reset)
457+ *
458+ * Return: 0 on success, -errno on failure.
459+ */
460+struct vfio_pci_hot_reset {
461+ __u32 argsz;
462+ __u32 flags;
463+ __u32 count;
464+ __s32 group_fds[];
465+};
466+
467+#define VFIO_DEVICE_PCI_HOT_RESET _IO(VFIO_TYPE, VFIO_BASE + 13)
468+
469+/* -------- API for Type1 VFIO IOMMU -------- */
470+
471+/**
472+ * VFIO_IOMMU_GET_INFO - _IOR(VFIO_TYPE, VFIO_BASE + 12, struct vfio_iommu_info)
473+ *
474+ * Retrieve information about the IOMMU object. Fills in provided
475+ * struct vfio_iommu_info. Caller sets argsz.
476+ *
477+ * XXX Should we do these by CHECK_EXTENSION too?
478+ */
479+struct vfio_iommu_type1_info {
480+ __u32 argsz;
481+ __u32 flags;
482+#define VFIO_IOMMU_INFO_PGSIZES (1 << 0) /* supported page sizes info */
483+ __u64 iova_pgsizes; /* Bitmap of supported page sizes */
484+};
485+
486+#define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
487+
488+/**
489+ * VFIO_IOMMU_MAP_DMA - _IOW(VFIO_TYPE, VFIO_BASE + 13, struct vfio_dma_map)
490+ *
491+ * Map process virtual addresses to IO virtual addresses using the
492+ * provided struct vfio_dma_map. Caller sets argsz. READ &/ WRITE required.
493+ */
494+struct vfio_iommu_type1_dma_map {
495+ __u32 argsz;
496+ __u32 flags;
497+#define VFIO_DMA_MAP_FLAG_READ (1 << 0) /* readable from device */
498+#define VFIO_DMA_MAP_FLAG_WRITE (1 << 1) /* writable from device */
499+ __u64 vaddr; /* Process virtual address */
500+ __u64 iova; /* IO virtual address */
501+ __u64 size; /* Size of mapping (bytes) */
502+};
503+
504+#define VFIO_IOMMU_MAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 13)
505+
506+/**
507+ * VFIO_IOMMU_UNMAP_DMA - _IOWR(VFIO_TYPE, VFIO_BASE + 14,
508+ * struct vfio_dma_unmap)
509+ *
510+ * Unmap IO virtual addresses using the provided struct vfio_dma_unmap.
511+ * Caller sets argsz. The actual unmapped size is returned in the size
512+ * field. No guarantee is made to the user that arbitrary unmaps of iova
513+ * or size different from those used in the original mapping call will
514+ * succeed.
515+ */
516+struct vfio_iommu_type1_dma_unmap {
517+ __u32 argsz;
518+ __u32 flags;
519+ __u64 iova; /* IO virtual address */
520+ __u64 size; /* Size of mapping (bytes) */
521+};
522+
523+#define VFIO_IOMMU_UNMAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 14)
524+
525+/*********** APIs for VFIO_PAMU type only ****************/
526+/*
527+ * VFIO_IOMMU_PAMU_GET_ATTR - _IO(VFIO_TYPE, VFIO_BASE + 15,
528+ * struct vfio_pamu_attr)
529+ *
530+ * Gets the iommu attributes for the current vfio container.
531+ * Caller sets argsz and attribute. The ioctl fills in
532+ * the provided struct vfio_pamu_attr based on the attribute
533+ * value that was set.
534+ * Return: 0 on success, -errno on failure
535+ */
536+struct vfio_pamu_attr {
537+ __u32 argsz;
538+ __u32 flags; /* no flags currently */
539+#define VFIO_ATTR_GEOMETRY 0
540+#define VFIO_ATTR_WINDOWS 1
541+#define VFIO_ATTR_PAMU_STASH 2
542+ __u32 attribute;
543+
544+ union {
545+ /* VFIO_ATTR_GEOMETRY */
546+ struct {
547+ /* first addr that can be mapped */
548+ __u64 aperture_start;
549+ /* last addr that can be mapped */
550+ __u64 aperture_end;
551+ } attr;
552+
553+ /* VFIO_ATTR_WINDOWS */
554+ __u32 windows; /* number of windows in the aperture
555+ * initially this will be the max number
556+ * of windows that can be set
557+ */
558+ /* VFIO_ATTR_PAMU_STASH */
559+ struct {
560+ __u32 cpu; /* CPU number for stashing */
561+ __u32 cache; /* cache ID for stashing */
562+ } stash;
563+ } attr_info;
564+};
565+#define VFIO_IOMMU_PAMU_GET_ATTR _IO(VFIO_TYPE, VFIO_BASE + 15)
566+
567+/*
568+ * VFIO_IOMMU_PAMU_SET_ATTR - _IO(VFIO_TYPE, VFIO_BASE + 16,
569+ * struct vfio_pamu_attr)
570+ *
571+ * Sets the iommu attributes for the current vfio container.
572+ * Caller sets struct vfio_pamu attr, including argsz and attribute and
573+ * setting any fields that are valid for the attribute.
574+ * Return: 0 on success, -errno on failure
575+ */
576+#define VFIO_IOMMU_PAMU_SET_ATTR _IO(VFIO_TYPE, VFIO_BASE + 16)
577+
578+/*
579+ * VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT - _IO(VFIO_TYPE, VFIO_BASE + 17, __u32)
580+ *
581+ * Returns the number of MSI banks for this platform. This tells user space
582+ * how many aperture windows should be reserved for MSI banks when setting
583+ * the PAMU geometry and window count.
584+ * Return: __u32 bank count on success, -errno on failure
585+ */
586+#define VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT _IO(VFIO_TYPE, VFIO_BASE + 17)
587+
588+/*
589+ * VFIO_IOMMU_PAMU_MAP_MSI_BANK - _IO(VFIO_TYPE, VFIO_BASE + 18,
590+ * struct vfio_pamu_msi_bank_map)
591+ *
592+ * Maps the MSI bank at the specified index and iova. User space must
593+ * call this ioctl once for each MSI bank (count of banks is returned by
594+ * VFIO_IOMMU_PAMU_GET_MSI_BANK_COUNT).
595+ * Caller provides struct vfio_pamu_msi_bank_map with all fields set.
596+ * Return: 0 on success, -errno on failure
597+ */
598+
599+struct vfio_pamu_msi_bank_map {
600+ __u32 argsz;
601+ __u32 flags; /* no flags currently */
602+ __u32 msi_bank_index; /* the index of the MSI bank */
603+ __u64 iova; /* the iova the bank is to be mapped to */
604+};
605+#define VFIO_IOMMU_PAMU_MAP_MSI_BANK _IO(VFIO_TYPE, VFIO_BASE + 18)
606+
607+/*
608+ * VFIO_IOMMU_PAMU_UNMAP_MSI_BANK - _IO(VFIO_TYPE, VFIO_BASE + 19,
609+ * struct vfio_pamu_msi_bank_unmap)
610+ *
611+ * Unmaps the MSI bank at the specified iova.
612+ * Caller provides struct vfio_pamu_msi_bank_unmap with all fields set.
613+ * Operates on VFIO file descriptor (/dev/vfio/vfio).
614+ * Return: 0 on success, -errno on failure
615+ */
616+
617+struct vfio_pamu_msi_bank_unmap {
618+ __u32 argsz;
619+ __u32 flags; /* no flags currently */
620+ __u64 iova; /* the iova to be unmapped to */
621+};
622+#define VFIO_IOMMU_PAMU_UNMAP_MSI_BANK _IO(VFIO_TYPE, VFIO_BASE + 19)
623+
624+/*
625+ * IOCTLs to enable/disable IOMMU container usage.
626+ * No parameters are supported.
627+ */
628+#define VFIO_IOMMU_ENABLE _IO(VFIO_TYPE, VFIO_BASE + 15)
629+#define VFIO_IOMMU_DISABLE _IO(VFIO_TYPE, VFIO_BASE + 16)
630+
631+/* -------- Additional API for SPAPR TCE (Server POWERPC) IOMMU -------- */
632+
633+/*
634+ * The SPAPR TCE info struct provides the information about the PCI bus
635+ * address ranges available for DMA, these values are programmed into
636+ * the hardware so the guest has to know that information.
637+ *
638+ * The DMA 32 bit window start is an absolute PCI bus address.
639+ * The IOVA address passed via map/unmap ioctls are absolute PCI bus
640+ * addresses too so the window works as a filter rather than an offset
641+ * for IOVA addresses.
642+ *
643+ * A flag will need to be added if other page sizes are supported,
644+ * so as defined here, it is always 4k.
645+ */
646+struct vfio_iommu_spapr_tce_info {
647+ __u32 argsz;
648+ __u32 flags; /* reserved for future use */
649+ __u32 dma32_window_start; /* 32 bit window start (bytes) */
650+ __u32 dma32_window_size; /* 32 bit window size (bytes) */
651+};
652+
653+#define VFIO_IOMMU_SPAPR_TCE_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
654+
655+/* ***************************************************************** */
656+
657+#endif /* _UAPIVFIO_H */
658--
6591.8.3.2
660
diff --git a/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb
new file mode 100644
index 00000000..ca5d6734
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/skmm-ep/skmm-ep_git.bb
@@ -0,0 +1,31 @@
1DESCRIPTION = "SKMM application for PCIe endpoint"
2SECTION = "skmm-ep"
3LICENSE = "BSD & GPLv2"
4LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=39e58bedc879163c9338596e52df5b1f"
5
6DEPENDS = "libedit openssl virtual/kernel"
7
8PACKAGE_ARCH = "${MACHINE_ARCH}"
9
10SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-ep.git;nobranch=1 \
11 file://add-two-missing-header-files.patch \
12"
13SRCREV = "27156a6621c8f6d7f98210b1ca5cd97bde926875"
14
15COMPATIBLE_MACHINE = "(p4080ds|t4240qds|c293pcie)"
16
17S = "${WORKDIR}/git"
18
19EXTRA_OEMAKE = 'MACHINE=${MACHINE}'
20
21export LIBEDIT_CFLAGS = "`pkg-config --cflags libedit`"
22export LIBEDIT_LDFLAGS = "`pkg-config --libs --static libedit`"
23
24do_compile () {
25 export ARCH=${TARGET_ARCH}
26 oe_runmake
27}
28
29do_install () {
30 oe_runmake ARCH=${TARGET_ARCH} install DESTDIR=${D}
31}
diff --git a/meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch b/meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch
new file mode 100644
index 00000000..b6db2de2
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/testfloat/files/SoftFloat-powerpc-1.patch
@@ -0,0 +1,1427 @@
1This patch adds PowerPC support in SoftFloat.
2
3Signed-off-by: Ebony Zhu <ebony.zhu@freescale.com>
4Signed-off-by: Liu Yu <Yu.Liu@freescale.com>
5---
6 SoftFloat-2b/processors/powerpc-GCC.h | 87 ++++
7 SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile | 26 ++
8 SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h | 55 +++
9 .../bits32/powerpc-GCC/softfloat-specialize | 252 ++++++++++++
10 .../softfloat/bits32/powerpc-GCC/softfloat.h | 155 +++++++
11 SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile | 24 ++
12 SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h | 55 +++
13 .../bits64/powerpc-GCC/softfloat-specialize | 422 ++++++++++++++++++++
14 .../softfloat/bits64/powerpc-GCC/softfloat.h | 269 +++++++++++++
15 9 files changed, 1345 insertions(+), 0 deletions(-)
16 create mode 100644 SoftFloat-2b/processors/powerpc-GCC.h
17 create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
18 create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h
19 create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize
20 create mode 100644 SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h
21 create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
22 create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h
23 create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize
24 create mode 100644 SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h
25
26diff --git a/SoftFloat-2b/processors/powerpc-GCC.h b/SoftFloat-2b/processors/powerpc-GCC.h
27new file mode 100644
28index 0000000..002a786
29--- /dev/null
30+++ b/SoftFloat-2b/processors/powerpc-GCC.h
31@@ -0,0 +1,87 @@
32+/*
33+ * This file is derived from processors/386-gcc.h,
34+ * the copyright for that material belongs to the original owners.
35+ *
36+ * Additional material and changes where applicable is:
37+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
38+ *
39+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
40+ * Yu Liu, <yu.liu@freescale.com>
41+ *
42+ * THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
43+ * been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
44+ * RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
45+ * AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
46+ * COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
47+ * EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
48+ * INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
49+ * OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
50+ */
51+
52+/*----------------------------------------------------------------------------
53+| One of the macros `BIGENDIAN' or `LITTLEENDIAN' must be defined.
54+*----------------------------------------------------------------------------*/
55+#define BIGENDIAN
56+
57+/*----------------------------------------------------------------------------
58+| The macro `BITS64' can be defined to indicate that 64-bit integer types are
59+| supported by the compiler.
60+*----------------------------------------------------------------------------*/
61+#define BITS32
62+
63+/*----------------------------------------------------------------------------
64+| Each of the following `typedef's defines the most convenient type that holds
65+| integers of at least as many bits as specified. For example, `uint8' should
66+| be the most convenient type that can hold unsigned integers of as many as
67+| 8 bits. The `flag' type must be able to hold either a 0 or 1. For most
68+| implementations of C, `flag', `uint8', and `int8' should all be `typedef'ed
69+| to the same as `int'.
70+*----------------------------------------------------------------------------*/
71+typedef int flag;
72+typedef int uint8;
73+typedef int int8;
74+typedef int uint16;
75+typedef int int16;
76+typedef unsigned int uint32;
77+typedef signed int int32;
78+#ifdef BITS64
79+typedef unsigned long long int uint64;
80+typedef signed long long int int64;
81+#endif
82+
83+/*----------------------------------------------------------------------------
84+| Each of the following `typedef's defines a type that holds integers
85+| of _exactly_ the number of bits specified. For instance, for most
86+| implementation of C, `bits16' and `sbits16' should be `typedef'ed to
87+| `unsigned short int' and `signed short int' (or `short int'), respectively.
88+*----------------------------------------------------------------------------*/
89+typedef unsigned char bits8;
90+typedef signed char sbits8;
91+typedef unsigned short int bits16;
92+typedef signed short int sbits16;
93+typedef unsigned int bits32;
94+typedef signed int sbits32;
95+#ifdef BITS64
96+typedef unsigned long long int bits64;
97+typedef signed long long int sbits64;
98+#endif
99+
100+#ifdef BITS64
101+/*----------------------------------------------------------------------------
102+| The `LIT64' macro takes as its argument a textual integer literal and
103+| if necessary ``marks'' the literal as having a 64-bit integer type.
104+| For example, the GNU C Compiler (`gcc') requires that 64-bit literals be
105+| appended with the letters `LL' standing for `long long', which is `gcc's
106+| name for the 64-bit integer type. Some compilers may allow `LIT64' to be
107+| defined as the identity macro: `#define LIT64( a ) a'.
108+*----------------------------------------------------------------------------*/
109+#define LIT64( a ) a##LL
110+#endif
111+
112+/*----------------------------------------------------------------------------
113+| The macro `INLINE' can be used before functions that should be inlined. If
114+| a compiler does not support explicit inlining, this macro should be defined
115+| to be `static'.
116+*----------------------------------------------------------------------------*/
117+#define INLINE extern inline
118+
119diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
120new file mode 100644
121index 0000000..28f1e33
122--- /dev/null
123+++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
124@@ -0,0 +1,26 @@
125+
126+PROCESSOR_H = ../../../processors/powerpc-GCC.h
127+SOFTFLOAT_MACROS = ../softfloat-macros
128+
129+OBJ = .o
130+EXE =
131+INCLUDES = -I. -I..
132+COMPILE_C = $(COMPILE_PREFIX)gcc -msoft-float -c -o $@ $(INCLUDES) -I- -O2
133+LINK = $(COMPILE_PREFIX)gcc -o $@
134+
135+ALL: softfloat$(OBJ) timesoftfloat$(EXE)
136+
137+milieu.h: $(PROCESSOR_H)
138+ touch milieu.h
139+
140+softfloat$(OBJ): milieu.h softfloat.h softfloat-specialize $(SOFTFLOAT_MACROS) ../softfloat.c
141+ $(COMPILE_C) ../softfloat.c
142+
143+timesoftfloat$(OBJ): milieu.h softfloat.h ../timesoftfloat.c
144+ $(COMPILE_C) ../timesoftfloat.c
145+
146+timesoftfloat$(EXE): softfloat$(OBJ) timesoftfloat$(OBJ)
147+ $(LINK) softfloat$(OBJ) timesoftfloat$(OBJ)
148+
149+clean:
150+ rm -f *.o timesoftfloat$(EXE)
151diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h
152new file mode 100644
153index 0000000..d8b6012
154--- /dev/null
155+++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/milieu.h
156@@ -0,0 +1,55 @@
157+/*
158+ * This file is derived from softfloat/bits32/386-Win32-GCC/milieu.h,
159+ * the copyright for that material belongs to the original owners.
160+ *
161+ * Additional material and changes where applicable is:
162+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
163+ *
164+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
165+ * Yu Liu, <yu.liu@freescale.com>
166+ */
167+
168+/*============================================================================
169+
170+This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
171+Package, Release 2b.
172+
173+Written by John R. Hauser. This work was made possible in part by the
174+International Computer Science Institute, located at Suite 600, 1947 Center
175+Street, Berkeley, California 94704. Funding was partially provided by the
176+National Science Foundation under grant MIP-9311980. The original version
177+of this code was written as part of a project to build a fixed-point vector
178+processor in collaboration with the University of California at Berkeley,
179+overseen by Profs. Nelson Morgan and John Wawrzynek. More information
180+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
181+arithmetic/SoftFloat.html'.
182+
183+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
184+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
185+RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
186+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
187+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
188+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
189+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
190+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
191+
192+Derivative works are acceptable, even for commercial purposes, so long as
193+(1) the source code for the derivative work includes prominent notice that
194+the work is derivative, and (2) the source code includes prominent notice with
195+these four paragraphs for those parts of this code that are retained.
196+
197+=============================================================================*/
198+
199+/*----------------------------------------------------------------------------
200+| Include common integer types and flags.
201+*----------------------------------------------------------------------------*/
202+#include "../../../processors/powerpc-GCC.h"
203+
204+/*----------------------------------------------------------------------------
205+| Symbolic Boolean literals.
206+*----------------------------------------------------------------------------*/
207+enum {
208+ FALSE = 0,
209+ TRUE = 1
210+};
211+
212diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize
213new file mode 100644
214index 0000000..fd2caa4
215--- /dev/null
216+++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat-specialize
217@@ -0,0 +1,252 @@
218+/*
219+ * This file is derived from softfloat/bits32/386-Win32-GCC/softfloat-specialize,
220+ * the copyright for that material belongs to the original owners.
221+ *
222+ * Additional material and changes where applicable is:
223+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
224+ *
225+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
226+ * Yu Liu, <yu.liu@freescale.com>
227+ */
228+
229+/*============================================================================
230+
231+This C source fragment is part of the SoftFloat IEC/IEEE Floating-point
232+Arithmetic Package, Release 2b.
233+
234+Written by John R. Hauser. This work was made possible in part by the
235+International Computer Science Institute, located at Suite 600, 1947 Center
236+Street, Berkeley, California 94704. Funding was partially provided by the
237+National Science Foundation under grant MIP-9311980. The original version
238+of this code was written as part of a project to build a fixed-point vector
239+processor in collaboration with the University of California at Berkeley,
240+overseen by Profs. Nelson Morgan and John Wawrzynek. More information
241+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
242+arithmetic/SoftFloat.html'.
243+
244+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
245+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
246+RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
247+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
248+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
249+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
250+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
251+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
252+
253+Derivative works are acceptable, even for commercial purposes, so long as
254+(1) the source code for the derivative work includes prominent notice that
255+the work is derivative, and (2) the source code includes prominent notice with
256+these four paragraphs for those parts of this code that are retained.
257+
258+=============================================================================*/
259+
260+/*----------------------------------------------------------------------------
261+| Underflow tininess-detection mode, statically initialized to default value.
262+| (The declaration in `softfloat.h' must match the `int8' type here.)
263+*----------------------------------------------------------------------------*/
264+int8 float_detect_tininess = float_tininess_after_rounding;
265+
266+/*----------------------------------------------------------------------------
267+| Raises the exceptions specified by `flags'. Floating-point traps can be
268+| defined here if desired. It is currently not possible for such a trap
269+| to substitute a result value. If traps are not implemented, this routine
270+| should be simply `float_exception_flags |= flags;'.
271+*----------------------------------------------------------------------------*/
272+
273+void float_raise( int8 flags )
274+{
275+
276+ float_exception_flags |= flags;
277+
278+}
279+
280+/*----------------------------------------------------------------------------
281+| Internal canonical NaN format.
282+*----------------------------------------------------------------------------*/
283+typedef struct {
284+ flag sign;
285+ bits32 high, low;
286+} commonNaNT;
287+
288+/*----------------------------------------------------------------------------
289+| The pattern for a default generated single-precision NaN.
290+*----------------------------------------------------------------------------*/
291+enum {
292+ float32_default_nan = 0xFFFFFFFF
293+};
294+
295+/*----------------------------------------------------------------------------
296+| Returns 1 if the single-precision floating-point value `a' is a NaN;
297+| otherwise returns 0.
298+*----------------------------------------------------------------------------*/
299+
300+flag float32_is_nan( float32 a )
301+{
302+
303+ return ( 0xFF000000 < (bits32) ( a<<1 ) );
304+
305+}
306+
307+/*----------------------------------------------------------------------------
308+| Returns 1 if the single-precision floating-point value `a' is a signaling
309+| NaN; otherwise returns 0.
310+*----------------------------------------------------------------------------*/
311+
312+flag float32_is_signaling_nan( float32 a )
313+{
314+
315+ return ( ( ( a>>22 ) & 0x1FF ) == 0x1FE ) && ( a & 0x003FFFFF );
316+
317+}
318+
319+/*----------------------------------------------------------------------------
320+| Returns the result of converting the single-precision floating-point NaN
321+| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid
322+| exception is raised.
323+*----------------------------------------------------------------------------*/
324+
325+static commonNaNT float32ToCommonNaN( float32 a )
326+{
327+ commonNaNT z;
328+
329+ if ( float32_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
330+ z.sign = a>>31;
331+ z.low = 0;
332+ z.high = a<<9;
333+ return z;
334+
335+}
336+
337+/*----------------------------------------------------------------------------
338+| Returns the result of converting the canonical NaN `a' to the single-
339+| precision floating-point format.
340+*----------------------------------------------------------------------------*/
341+
342+static float32 commonNaNToFloat32( commonNaNT a )
343+{
344+
345+ return ( ( (bits32) a.sign )<<31 ) | 0x7FC00000 | ( a.high>>9 );
346+
347+}
348+
349+/*----------------------------------------------------------------------------
350+| Takes two single-precision floating-point values `a' and `b', one of which
351+| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a
352+| signaling NaN, the invalid exception is raised.
353+*----------------------------------------------------------------------------*/
354+
355+static float32 propagateFloat32NaN( float32 a, float32 b )
356+{
357+ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
358+
359+ aIsNaN = float32_is_nan( a );
360+ aIsSignalingNaN = float32_is_signaling_nan( a );
361+ bIsNaN = float32_is_nan( b );
362+ bIsSignalingNaN = float32_is_signaling_nan( b );
363+ a |= 0x00400000;
364+ b |= 0x00400000;
365+ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
366+ if ( aIsNaN ) {
367+ return ( aIsSignalingNaN & bIsNaN ) ? b : a;
368+ }
369+ else {
370+ return b;
371+ }
372+
373+}
374+
375+/*----------------------------------------------------------------------------
376+| The pattern for a default generated double-precision NaN. The `high' and
377+| `low' values hold the most- and least-significant bits, respectively.
378+*----------------------------------------------------------------------------*/
379+enum {
380+ float64_default_nan_high = 0xFFFFFFFF,
381+ float64_default_nan_low = 0xFFFFFFFF
382+};
383+
384+/*----------------------------------------------------------------------------
385+| Returns 1 if the double-precision floating-point value `a' is a NaN;
386+| otherwise returns 0.
387+*----------------------------------------------------------------------------*/
388+
389+flag float64_is_nan( float64 a )
390+{
391+
392+ return
393+ ( 0xFFE00000 <= (bits32) ( a.high<<1 ) )
394+ && ( a.low || ( a.high & 0x000FFFFF ) );
395+
396+}
397+
398+/*----------------------------------------------------------------------------
399+| Returns 1 if the double-precision floating-point value `a' is a signaling
400+| NaN; otherwise returns 0.
401+*----------------------------------------------------------------------------*/
402+
403+flag float64_is_signaling_nan( float64 a )
404+{
405+
406+ return
407+ ( ( ( a.high>>19 ) & 0xFFF ) == 0xFFE )
408+ && ( a.low || ( a.high & 0x0007FFFF ) );
409+
410+}
411+
412+/*----------------------------------------------------------------------------
413+| Returns the result of converting the double-precision floating-point NaN
414+| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid
415+| exception is raised.
416+*----------------------------------------------------------------------------*/
417+
418+static commonNaNT float64ToCommonNaN( float64 a )
419+{
420+ commonNaNT z;
421+
422+ if ( float64_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
423+ z.sign = a.high>>31;
424+ shortShift64Left( a.high, a.low, 12, &z.high, &z.low );
425+ return z;
426+
427+}
428+
429+/*----------------------------------------------------------------------------
430+| Returns the result of converting the canonical NaN `a' to the double-
431+| precision floating-point format.
432+*----------------------------------------------------------------------------*/
433+
434+static float64 commonNaNToFloat64( commonNaNT a )
435+{
436+ float64 z;
437+
438+ shift64Right( a.high, a.low, 12, &z.high, &z.low );
439+ z.high |= ( ( (bits32) a.sign )<<31 ) | 0x7FF80000;
440+ return z;
441+
442+}
443+
444+/*----------------------------------------------------------------------------
445+| Takes two double-precision floating-point values `a' and `b', one of which
446+| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a
447+| signaling NaN, the invalid exception is raised.
448+*----------------------------------------------------------------------------*/
449+
450+static float64 propagateFloat64NaN( float64 a, float64 b )
451+{
452+ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
453+
454+ aIsNaN = float64_is_nan( a );
455+ aIsSignalingNaN = float64_is_signaling_nan( a );
456+ bIsNaN = float64_is_nan( b );
457+ bIsSignalingNaN = float64_is_signaling_nan( b );
458+ a.high |= 0x00080000;
459+ b.high |= 0x00080000;
460+ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
461+ if ( aIsNaN ) {
462+ return ( aIsSignalingNaN & bIsNaN ) ? b : a;
463+ }
464+ else {
465+ return b;
466+ }
467+
468+}
469+
470diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h
471new file mode 100644
472index 0000000..0015b8e
473--- /dev/null
474+++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/softfloat.h
475@@ -0,0 +1,155 @@
476+/*
477+ * This file is derived from softfloat/bits32/386-Win32-GCC/softfloat.h,
478+ * the copyright for that material belongs to the original owners.
479+ *
480+ * Additional material and changes where applicable is:
481+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
482+ *
483+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
484+ * Yu Liu, <yu.liu@freescale.com>
485+ */
486+
487+/*============================================================================
488+
489+This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
490+Package, Release 2b.
491+
492+Written by John R. Hauser. This work was made possible in part by the
493+International Computer Science Institute, located at Suite 600, 1947 Center
494+Street, Berkeley, California 94704. Funding was partially provided by the
495+National Science Foundation under grant MIP-9311980. The original version
496+of this code was written as part of a project to build a fixed-point vector
497+processor in collaboration with the University of California at Berkeley,
498+overseen by Profs. Nelson Morgan and John Wawrzynek. More information
499+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
500+arithmetic/SoftFloat.html'.
501+
502+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
503+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
504+RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
505+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
506+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
507+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
508+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
509+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
510+
511+Derivative works are acceptable, even for commercial purposes, so long as
512+(1) the source code for the derivative work includes prominent notice that
513+the work is derivative, and (2) the source code includes prominent notice with
514+these four paragraphs for those parts of this code that are retained.
515+
516+=============================================================================*/
517+
518+/*----------------------------------------------------------------------------
519+| Software IEC/IEEE floating-point types.
520+*----------------------------------------------------------------------------*/
521+typedef bits32 float32;
522+typedef struct {
523+ bits32 high, low;
524+} float64;
525+
526+/*----------------------------------------------------------------------------
527+| Software IEC/IEEE floating-point underflow tininess-detection mode.
528+*----------------------------------------------------------------------------*/
529+extern int8 float_detect_tininess;
530+enum {
531+ float_tininess_after_rounding = 0,
532+ float_tininess_before_rounding = 1
533+};
534+
535+/*----------------------------------------------------------------------------
536+| Software IEC/IEEE floating-point rounding mode.
537+*----------------------------------------------------------------------------*/
538+extern int8 float_rounding_mode;
539+enum {
540+ float_round_nearest_even = 0,
541+ float_round_to_zero = 1,
542+ float_round_up = 2,
543+ float_round_down = 3
544+};
545+
546+/*----------------------------------------------------------------------------
547+| Software IEC/IEEE floating-point exception flags.
548+*----------------------------------------------------------------------------*/
549+/*
550+extern int8 float_exception_flags;
551+enum {
552+ float_flag_inexact = 1,
553+ float_flag_underflow = 2,
554+ float_flag_overflow = 4,
555+ float_flag_divbyzero = 8,
556+ float_flag_invalid = 16
557+};
558+*/
559+
560+extern int8 float_exception_flags;
561+enum {
562+ float_flag_inexact = 16,
563+ float_flag_underflow = 2,
564+ float_flag_overflow = 1,
565+ float_flag_divbyzero = 4,
566+ float_flag_invalid = 8
567+};
568+
569+/*----------------------------------------------------------------------------
570+| Routine to raise any or all of the software IEC/IEEE floating-point
571+| exception flags.
572+*----------------------------------------------------------------------------*/
573+void float_raise( int8 );
574+
575+/*----------------------------------------------------------------------------
576+| Software IEC/IEEE integer-to-floating-point conversion routines.
577+*----------------------------------------------------------------------------*/
578+float32 int32_to_float32( int32 );
579+float64 int32_to_float64( int32 );
580+
581+/*----------------------------------------------------------------------------
582+| Software IEC/IEEE single-precision conversion routines.
583+*----------------------------------------------------------------------------*/
584+int32 float32_to_int32( float32 );
585+int32 float32_to_int32_round_to_zero( float32 );
586+float64 float32_to_float64( float32 );
587+
588+/*----------------------------------------------------------------------------
589+| Software IEC/IEEE single-precision operations.
590+*----------------------------------------------------------------------------*/
591+float32 float32_round_to_int( float32 );
592+float32 float32_add( float32, float32 );
593+float32 float32_sub( float32, float32 );
594+float32 float32_mul( float32, float32 );
595+float32 float32_div( float32, float32 );
596+float32 float32_rem( float32, float32 );
597+float32 float32_sqrt( float32 );
598+flag float32_eq( float32, float32 );
599+flag float32_le( float32, float32 );
600+flag float32_lt( float32, float32 );
601+flag float32_eq_signaling( float32, float32 );
602+flag float32_le_quiet( float32, float32 );
603+flag float32_lt_quiet( float32, float32 );
604+flag float32_is_signaling_nan( float32 );
605+
606+/*----------------------------------------------------------------------------
607+| Software IEC/IEEE double-precision conversion routines.
608+*----------------------------------------------------------------------------*/
609+int32 float64_to_int32( float64 );
610+int32 float64_to_int32_round_to_zero( float64 );
611+float32 float64_to_float32( float64 );
612+
613+/*----------------------------------------------------------------------------
614+| Software IEC/IEEE double-precision operations.
615+*----------------------------------------------------------------------------*/
616+float64 float64_round_to_int( float64 );
617+float64 float64_add( float64, float64 );
618+float64 float64_sub( float64, float64 );
619+float64 float64_mul( float64, float64 );
620+float64 float64_div( float64, float64 );
621+float64 float64_rem( float64, float64 );
622+float64 float64_sqrt( float64 );
623+flag float64_eq( float64, float64 );
624+flag float64_le( float64, float64 );
625+flag float64_lt( float64, float64 );
626+flag float64_eq_signaling( float64, float64 );
627+flag float64_le_quiet( float64, float64 );
628+flag float64_lt_quiet( float64, float64 );
629+flag float64_is_signaling_nan( float64 );
630+
631diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
632new file mode 100644
633index 0000000..a5e2cc7
634--- /dev/null
635+++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
636@@ -0,0 +1,24 @@
637+
638+PROCESSOR_H = ../../../processors/powerpc-GCC.h
639+SOFTFLOAT_MACROS = ../softfloat-macros
640+
641+OBJ = .o
642+EXE =
643+INCLUDES = -I. -I..
644+COMPILE_C = $(COMPILE_PREFIX) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2
645+LINK = $(COMPILE_PREFIX) -o $@
646+
647+ALL: softfloat$(OBJ) timesoftfloat$(EXE)
648+
649+milieu.h: $(PROCESSOR_H)
650+ touch milieu.h
651+
652+softfloat$(OBJ): milieu.h softfloat.h softfloat-specialize $(SOFTFLOAT_MACROS) ../softfloat.c
653+ $(COMPILE_C) ../softfloat.c
654+
655+timesoftfloat$(OBJ): milieu.h softfloat.h ../timesoftfloat.c
656+ $(COMPILE_C) ../timesoftfloat.c
657+
658+timesoftfloat$(EXE): softfloat$(OBJ) timesoftfloat$(OBJ)
659+ $(LINK) softfloat$(OBJ) timesoftfloat$(OBJ)
660+
661diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h
662new file mode 100644
663index 0000000..1b66490
664--- /dev/null
665+++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/milieu.h
666@@ -0,0 +1,55 @@
667+/*
668+ * This file is derived from softfloat/bits64/386-Win32-GCC/milieu.h,
669+ * the copyright for that material belongs to the original owners.
670+ *
671+ * Additional material and changes where applicable is:
672+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
673+ *
674+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
675+ * Yu Liu, <yu.liu@freescale.com>
676+ */
677+
678+/*============================================================================
679+
680+This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
681+Package, Release 2b.
682+
683+Written by John R. Hauser. This work was made possible in part by the
684+International Computer Science Institute, located at Suite 600, 1947 Center
685+Street, Berkeley, California 94704. Funding was partially provided by the
686+National Science Foundation under grant MIP-9311980. The original version
687+of this code was written as part of a project to build a fixed-point vector
688+processor in collaboration with the University of California at Berkeley,
689+overseen by Profs. Nelson Morgan and John Wawrzynek. More information
690+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
691+arithmetic/SoftFloat.html'.
692+
693+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
694+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
695+RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
696+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
697+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
698+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
699+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
700+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
701+
702+Derivative works are acceptable, even for commercial purposes, so long as
703+(1) the source code for the derivative work includes prominent notice that
704+the work is derivative, and (2) the source code includes prominent notice with
705+these four paragraphs for those parts of this code that are retained.
706+
707+=============================================================================*/
708+
709+/*----------------------------------------------------------------------------
710+| Include common integer types and flags.
711+*----------------------------------------------------------------------------*/
712+#include "../../../processors/SPARC-GCC.h"
713+
714+/*----------------------------------------------------------------------------
715+| Symbolic Boolean literals.
716+*----------------------------------------------------------------------------*/
717+enum {
718+ FALSE = 0,
719+ TRUE = 1
720+};
721+
722diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize
723new file mode 100644
724index 0000000..b1d0bc8
725--- /dev/null
726+++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat-specialize
727@@ -0,0 +1,422 @@
728+/*
729+ * This file is derived from softfloat/bits64/386-Win32-GCC/softfloat-specialize,
730+ * the copyright for that material belongs to the original owners.
731+ *
732+ * Additional material and changes where applicable is:
733+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
734+ *
735+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
736+ * Yu Liu, <yu.liu@freescale.com>
737+ */
738+
739+/*============================================================================
740+
741+This C source fragment is part of the SoftFloat IEC/IEEE Floating-point
742+Arithmetic Package, Release 2b.
743+
744+Written by John R. Hauser. This work was made possible in part by the
745+International Computer Science Institute, located at Suite 600, 1947 Center
746+Street, Berkeley, California 94704. Funding was partially provided by the
747+National Science Foundation under grant MIP-9311980. The original version
748+of this code was written as part of a project to build a fixed-point vector
749+processor in collaboration with the University of California at Berkeley,
750+overseen by Profs. Nelson Morgan and John Wawrzynek. More information
751+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
752+arithmetic/SoftFloat.html'.
753+
754+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
755+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
756+RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
757+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
758+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
759+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
760+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
761+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
762+
763+Derivative works are acceptable, even for commercial purposes, so long as
764+(1) the source code for the derivative work includes prominent notice that
765+the work is derivative, and (2) the source code includes prominent notice with
766+these four paragraphs for those parts of this code that are retained.
767+
768+=============================================================================*/
769+
770+/*----------------------------------------------------------------------------
771+| Underflow tininess-detection mode, statically initialized to default value.
772+| (The declaration in `softfloat.h' must match the `int8' type here.)
773+*----------------------------------------------------------------------------*/
774+int8 float_detect_tininess = float_tininess_before_rounding;
775+
776+/*----------------------------------------------------------------------------
777+| Raises the exceptions specified by `flags'. Floating-point traps can be
778+| defined here if desired. It is currently not possible for such a trap
779+| to substitute a result value. If traps are not implemented, this routine
780+| should be simply `float_exception_flags |= flags;'.
781+*----------------------------------------------------------------------------*/
782+
783+void float_raise( int8 flags )
784+{
785+
786+ float_exception_flags |= flags;
787+
788+}
789+
790+/*----------------------------------------------------------------------------
791+| Internal canonical NaN format.
792+*----------------------------------------------------------------------------*/
793+typedef struct {
794+ flag sign;
795+ bits64 high, low;
796+} commonNaNT;
797+
798+/*----------------------------------------------------------------------------
799+| The pattern for a default generated single-precision NaN.
800+*----------------------------------------------------------------------------*/
801+#define float32_default_nan 0x7FFFFFFF
802+
803+/*----------------------------------------------------------------------------
804+| Returns 1 if the single-precision floating-point value `a' is a NaN;
805+| otherwise returns 0.
806+*----------------------------------------------------------------------------*/
807+
808+flag float32_is_nan( float32 a )
809+{
810+
811+ return ( 0xFF000000 < (bits32) ( a<<1 ) );
812+
813+}
814+
815+/*----------------------------------------------------------------------------
816+| Returns 1 if the single-precision floating-point value `a' is a signaling
817+| NaN; otherwise returns 0.
818+*----------------------------------------------------------------------------*/
819+
820+flag float32_is_signaling_nan( float32 a )
821+{
822+
823+ return ( ( ( a>>22 ) & 0x1FF ) == 0x1FE ) && ( a & 0x003FFFFF );
824+
825+}
826+
827+/*----------------------------------------------------------------------------
828+| Returns the result of converting the single-precision floating-point NaN
829+| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid
830+| exception is raised.
831+*----------------------------------------------------------------------------*/
832+
833+static commonNaNT float32ToCommonNaN( float32 a )
834+{
835+ commonNaNT z;
836+
837+ if ( float32_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
838+ z.sign = a>>31;
839+ z.low = 0;
840+ z.high = ( (bits64) a )<<41;
841+ return z;
842+
843+}
844+
845+/*----------------------------------------------------------------------------
846+| Returns the result of converting the canonical NaN `a' to the single-
847+| precision floating-point format.
848+*----------------------------------------------------------------------------*/
849+
850+static float32 commonNaNToFloat32( commonNaNT a )
851+{
852+
853+ return ( ( (bits32) a.sign )<<31 ) | 0x7FC00000 | ( a.high>>41 );
854+
855+}
856+
857+/*----------------------------------------------------------------------------
858+| Takes two single-precision floating-point values `a' and `b', one of which
859+| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a
860+| signaling NaN, the invalid exception is raised.
861+*----------------------------------------------------------------------------*/
862+
863+static float32 propagateFloat32NaN( float32 a, float32 b )
864+{
865+ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
866+
867+ aIsNaN = float32_is_nan( a );
868+ aIsSignalingNaN = float32_is_signaling_nan( a );
869+ bIsNaN = float32_is_nan( b );
870+ bIsSignalingNaN = float32_is_signaling_nan( b );
871+ a |= 0x00400000;
872+ b |= 0x00400000;
873+ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
874+ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
875+
876+}
877+
878+/*----------------------------------------------------------------------------
879+| The pattern for a default generated double-precision NaN.
880+*----------------------------------------------------------------------------*/
881+#define float64_default_nan LIT64( 0x7FFFFFFFFFFFFFFF )
882+
883+/*----------------------------------------------------------------------------
884+| Returns 1 if the double-precision floating-point value `a' is a NaN;
885+| otherwise returns 0.
886+*----------------------------------------------------------------------------*/
887+
888+flag float64_is_nan( float64 a )
889+{
890+
891+ return ( LIT64( 0xFFE0000000000000 ) < (bits64) ( a<<1 ) );
892+
893+}
894+
895+/*----------------------------------------------------------------------------
896+| Returns 1 if the double-precision floating-point value `a' is a signaling
897+| NaN; otherwise returns 0.
898+*----------------------------------------------------------------------------*/
899+
900+flag float64_is_signaling_nan( float64 a )
901+{
902+
903+ return
904+ ( ( ( a>>51 ) & 0xFFF ) == 0xFFE )
905+ && ( a & LIT64( 0x0007FFFFFFFFFFFF ) );
906+
907+}
908+
909+/*----------------------------------------------------------------------------
910+| Returns the result of converting the double-precision floating-point NaN
911+| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid
912+| exception is raised.
913+*----------------------------------------------------------------------------*/
914+
915+static commonNaNT float64ToCommonNaN( float64 a )
916+{
917+ commonNaNT z;
918+
919+ if ( float64_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
920+ z.sign = a>>63;
921+ z.low = 0;
922+ z.high = a<<12;
923+ return z;
924+
925+}
926+
927+/*----------------------------------------------------------------------------
928+| Returns the result of converting the canonical NaN `a' to the double-
929+| precision floating-point format.
930+*----------------------------------------------------------------------------*/
931+
932+static float64 commonNaNToFloat64( commonNaNT a )
933+{
934+
935+ return
936+ ( ( (bits64) a.sign )<<63 )
937+ | LIT64( 0x7FF8000000000000 )
938+ | ( a.high>>12 );
939+
940+}
941+
942+/*----------------------------------------------------------------------------
943+| Takes two double-precision floating-point values `a' and `b', one of which
944+| is a NaN, and returns the appropriate NaN result. If either `a' or `b' is a
945+| signaling NaN, the invalid exception is raised.
946+*----------------------------------------------------------------------------*/
947+
948+static float64 propagateFloat64NaN( float64 a, float64 b )
949+{
950+ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
951+
952+ aIsNaN = float64_is_nan( a );
953+ aIsSignalingNaN = float64_is_signaling_nan( a );
954+ bIsNaN = float64_is_nan( b );
955+ bIsSignalingNaN = float64_is_signaling_nan( b );
956+ a |= LIT64( 0x0008000000000000 );
957+ b |= LIT64( 0x0008000000000000 );
958+ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
959+ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
960+
961+}
962+
963+#ifdef FLOATX80
964+
965+/*----------------------------------------------------------------------------
966+| The pattern for a default generated extended double-precision NaN. The
967+| `high' and `low' values hold the most- and least-significant bits,
968+| respectively.
969+*----------------------------------------------------------------------------*/
970+#define floatx80_default_nan_high 0x7FFF
971+#define floatx80_default_nan_low LIT64( 0xFFFFFFFFFFFFFFFF )
972+
973+/*----------------------------------------------------------------------------
974+| Returns 1 if the extended double-precision floating-point value `a' is a
975+| NaN; otherwise returns 0.
976+*----------------------------------------------------------------------------*/
977+
978+flag floatx80_is_nan( floatx80 a )
979+{
980+
981+ return ( ( a.high & 0x7FFF ) == 0x7FFF ) && (bits64) ( a.low<<1 );
982+
983+}
984+
985+/*----------------------------------------------------------------------------
986+| Returns 1 if the extended double-precision floating-point value `a' is a
987+| signaling NaN; otherwise returns 0.
988+*----------------------------------------------------------------------------*/
989+
990+flag floatx80_is_signaling_nan( floatx80 a )
991+{
992+ bits64 aLow;
993+
994+ aLow = a.low & ~ LIT64( 0x4000000000000000 );
995+ return
996+ ( ( a.high & 0x7FFF ) == 0x7FFF )
997+ && (bits64) ( aLow<<1 )
998+ && ( a.low == aLow );
999+
1000+}
1001+
1002+/*----------------------------------------------------------------------------
1003+| Returns the result of converting the extended double-precision floating-
1004+| point NaN `a' to the canonical NaN format. If `a' is a signaling NaN, the
1005+| invalid exception is raised.
1006+*----------------------------------------------------------------------------*/
1007+
1008+static commonNaNT floatx80ToCommonNaN( floatx80 a )
1009+{
1010+ commonNaNT z;
1011+
1012+ if ( floatx80_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
1013+ z.sign = a.high>>15;
1014+ z.low = 0;
1015+ z.high = a.low<<1;
1016+ return z;
1017+
1018+}
1019+
1020+/*----------------------------------------------------------------------------
1021+| Returns the result of converting the canonical NaN `a' to the extended
1022+| double-precision floating-point format.
1023+*----------------------------------------------------------------------------*/
1024+
1025+static floatx80 commonNaNToFloatx80( commonNaNT a )
1026+{
1027+ floatx80 z;
1028+
1029+ z.low = LIT64( 0xC000000000000000 ) | ( a.high>>1 );
1030+ z.high = ( ( (bits16) a.sign )<<15 ) | 0x7FFF;
1031+ return z;
1032+
1033+}
1034+
1035+/*----------------------------------------------------------------------------
1036+| Takes two extended double-precision floating-point values `a' and `b', one
1037+| of which is a NaN, and returns the appropriate NaN result. If either `a' or
1038+| `b' is a signaling NaN, the invalid exception is raised.
1039+*----------------------------------------------------------------------------*/
1040+
1041+static floatx80 propagateFloatx80NaN( floatx80 a, floatx80 b )
1042+{
1043+ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
1044+
1045+ aIsNaN = floatx80_is_nan( a );
1046+ aIsSignalingNaN = floatx80_is_signaling_nan( a );
1047+ bIsNaN = floatx80_is_nan( b );
1048+ bIsSignalingNaN = floatx80_is_signaling_nan( b );
1049+ a.low |= LIT64( 0xC000000000000000 );
1050+ b.low |= LIT64( 0xC000000000000000 );
1051+ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
1052+ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
1053+
1054+}
1055+
1056+#endif
1057+
1058+#ifdef FLOAT128
1059+
1060+/*----------------------------------------------------------------------------
1061+| The pattern for a default generated quadruple-precision NaN. The `high' and
1062+| `low' values hold the most- and least-significant bits, respectively.
1063+*----------------------------------------------------------------------------*/
1064+#define float128_default_nan_high LIT64( 0x7FFFFFFFFFFFFFFF )
1065+#define float128_default_nan_low LIT64( 0xFFFFFFFFFFFFFFFF )
1066+
1067+/*----------------------------------------------------------------------------
1068+| Returns 1 if the quadruple-precision floating-point value `a' is a NaN;
1069+| otherwise returns 0.
1070+*----------------------------------------------------------------------------*/
1071+
1072+flag float128_is_nan( float128 a )
1073+{
1074+
1075+ return
1076+ ( LIT64( 0xFFFE000000000000 ) <= (bits64) ( a.high<<1 ) )
1077+ && ( a.low || ( a.high & LIT64( 0x0000FFFFFFFFFFFF ) ) );
1078+
1079+}
1080+
1081+/*----------------------------------------------------------------------------
1082+| Returns 1 if the quadruple-precision floating-point value `a' is a
1083+| signaling NaN; otherwise returns 0.
1084+*----------------------------------------------------------------------------*/
1085+
1086+flag float128_is_signaling_nan( float128 a )
1087+{
1088+
1089+ return
1090+ ( ( ( a.high>>47 ) & 0xFFFF ) == 0xFFFE )
1091+ && ( a.low || ( a.high & LIT64( 0x00007FFFFFFFFFFF ) ) );
1092+
1093+}
1094+
1095+/*----------------------------------------------------------------------------
1096+| Returns the result of converting the quadruple-precision floating-point NaN
1097+| `a' to the canonical NaN format. If `a' is a signaling NaN, the invalid
1098+| exception is raised.
1099+*----------------------------------------------------------------------------*/
1100+
1101+static commonNaNT float128ToCommonNaN( float128 a )
1102+{
1103+ commonNaNT z;
1104+
1105+ if ( float128_is_signaling_nan( a ) ) float_raise( float_flag_invalid );
1106+ z.sign = a.high>>63;
1107+ shortShift128Left( a.high, a.low, 16, &z.high, &z.low );
1108+ return z;
1109+
1110+}
1111+
1112+/*----------------------------------------------------------------------------
1113+| Returns the result of converting the canonical NaN `a' to the quadruple-
1114+| precision floating-point format.
1115+*----------------------------------------------------------------------------*/
1116+
1117+static float128 commonNaNToFloat128( commonNaNT a )
1118+{
1119+ float128 z;
1120+
1121+ shift128Right( a.high, a.low, 16, &z.high, &z.low );
1122+ z.high |= ( ( (bits64) a.sign )<<63 ) | LIT64( 0x7FFF800000000000 );
1123+ return z;
1124+
1125+}
1126+
1127+/*----------------------------------------------------------------------------
1128+| Takes two quadruple-precision floating-point values `a' and `b', one of
1129+| which is a NaN, and returns the appropriate NaN result. If either `a' or
1130+| `b' is a signaling NaN, the invalid exception is raised.
1131+*----------------------------------------------------------------------------*/
1132+
1133+static float128 propagateFloat128NaN( float128 a, float128 b )
1134+{
1135+ flag aIsNaN, aIsSignalingNaN, bIsNaN, bIsSignalingNaN;
1136+
1137+ aIsNaN = float128_is_nan( a );
1138+ aIsSignalingNaN = float128_is_signaling_nan( a );
1139+ bIsNaN = float128_is_nan( b );
1140+ bIsSignalingNaN = float128_is_signaling_nan( b );
1141+ a.high |= LIT64( 0x0000800000000000 );
1142+ b.high |= LIT64( 0x0000800000000000 );
1143+ if ( aIsSignalingNaN | bIsSignalingNaN ) float_raise( float_flag_invalid );
1144+ return bIsSignalingNaN ? b : aIsSignalingNaN ? a : bIsNaN ? b : a;
1145+
1146+}
1147+
1148+#endif
1149+
1150diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h
1151new file mode 100644
1152index 0000000..5b7cb1c
1153--- /dev/null
1154+++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/softfloat.h
1155@@ -0,0 +1,269 @@
1156+/*
1157+ * This file is derived from softfloat/bits64/386-Win32-GCC/softfloat.h,
1158+ * the copyright for that material belongs to the original owners.
1159+ *
1160+ * Additional material and changes where applicable is:
1161+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
1162+ *
1163+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
1164+ * Yu Liu, <yu.liu@freescale.com>
1165+ */
1166+
1167+/*============================================================================
1168+
1169+This C header file is part of the SoftFloat IEC/IEEE Floating-point Arithmetic
1170+Package, Release 2b.
1171+
1172+Written by John R. Hauser. This work was made possible in part by the
1173+International Computer Science Institute, located at Suite 600, 1947 Center
1174+Street, Berkeley, California 94704. Funding was partially provided by the
1175+National Science Foundation under grant MIP-9311980. The original version
1176+of this code was written as part of a project to build a fixed-point vector
1177+processor in collaboration with the University of California at Berkeley,
1178+overseen by Profs. Nelson Morgan and John Wawrzynek. More information
1179+is available through the Web page `http://www.cs.berkeley.edu/~jhauser/
1180+arithmetic/SoftFloat.html'.
1181+
1182+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
1183+been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
1184+RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
1185+AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
1186+COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
1187+EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
1188+INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
1189+OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
1190+
1191+Derivative works are acceptable, even for commercial purposes, so long as
1192+(1) the source code for the derivative work includes prominent notice that
1193+the work is derivative, and (2) the source code includes prominent notice with
1194+these four paragraphs for those parts of this code that are retained.
1195+
1196+=============================================================================*/
1197+
1198+/*----------------------------------------------------------------------------
1199+| The macro `FLOATX80' must be defined to enable the extended double-precision
1200+| floating-point format `floatx80'. If this macro is not defined, the
1201+| `floatx80' type will not be defined, and none of the functions that either
1202+| input or output the `floatx80' type will be defined. The same applies to
1203+| the `FLOAT128' macro and the quadruple-precision format `float128'.
1204+*----------------------------------------------------------------------------*/
1205+#define FLOATX80
1206+#define FLOAT128
1207+
1208+/*----------------------------------------------------------------------------
1209+| Software IEC/IEEE floating-point types.
1210+*----------------------------------------------------------------------------*/
1211+typedef unsigned int float32;
1212+typedef unsigned long long float64;
1213+#ifdef FLOATX80
1214+typedef struct {
1215+ unsigned short high;
1216+ unsigned long long low;
1217+} floatx80;
1218+#endif
1219+#ifdef FLOAT128
1220+typedef struct {
1221+ unsigned long long high, low;
1222+} float128;
1223+#endif
1224+
1225+/*----------------------------------------------------------------------------
1226+| Software IEC/IEEE floating-point underflow tininess-detection mode.
1227+*----------------------------------------------------------------------------*/
1228+extern int float_detect_tininess;
1229+enum {
1230+ float_tininess_after_rounding = 0,
1231+ float_tininess_before_rounding = 1
1232+};
1233+
1234+/*----------------------------------------------------------------------------
1235+| Software IEC/IEEE floating-point rounding mode.
1236+*----------------------------------------------------------------------------*/
1237+extern int float_rounding_mode;
1238+enum {
1239+ float_round_nearest_even = 0,
1240+ float_round_to_zero = 1,
1241+ float_round_up = 2,
1242+ float_round_down = 3
1243+};
1244+
1245+/*----------------------------------------------------------------------------
1246+| Software IEC/IEEE floating-point exception flags.
1247+*----------------------------------------------------------------------------*/
1248+extern int float_exception_flags;
1249+enum {
1250+ float_flag_inexact = 1,
1251+ float_flag_divbyzero = 2,
1252+ float_flag_underflow = 4,
1253+ float_flag_overflow = 8,
1254+ float_flag_invalid = 16
1255+};
1256+
1257+/*----------------------------------------------------------------------------
1258+| Routine to raise any or all of the software IEC/IEEE floating-point
1259+| exception flags.
1260+*----------------------------------------------------------------------------*/
1261+void float_raise( int );
1262+
1263+/*----------------------------------------------------------------------------
1264+| Software IEC/IEEE integer-to-floating-point conversion routines.
1265+*----------------------------------------------------------------------------*/
1266+float32 int32_to_float32( int );
1267+float64 int32_to_float64( int );
1268+#ifdef FLOATX80
1269+floatx80 int32_to_floatx80( int );
1270+#endif
1271+#ifdef FLOAT128
1272+float128 int32_to_float128( int );
1273+#endif
1274+float32 int64_to_float32( long long );
1275+float64 int64_to_float64( long long );
1276+#ifdef FLOATX80
1277+floatx80 int64_to_floatx80( long long );
1278+#endif
1279+#ifdef FLOAT128
1280+float128 int64_to_float128( long long );
1281+#endif
1282+
1283+/*----------------------------------------------------------------------------
1284+| Software IEC/IEEE single-precision conversion routines.
1285+*----------------------------------------------------------------------------*/
1286+int float32_to_int32( float32 );
1287+int float32_to_int32_round_to_zero( float32 );
1288+long long float32_to_int64( float32 );
1289+long long float32_to_int64_round_to_zero( float32 );
1290+float64 float32_to_float64( float32 );
1291+#ifdef FLOATX80
1292+floatx80 float32_to_floatx80( float32 );
1293+#endif
1294+#ifdef FLOAT128
1295+float128 float32_to_float128( float32 );
1296+#endif
1297+
1298+/*----------------------------------------------------------------------------
1299+| Software IEC/IEEE single-precision operations.
1300+*----------------------------------------------------------------------------*/
1301+float32 float32_round_to_int( float32 );
1302+float32 float32_add( float32, float32 );
1303+float32 float32_sub( float32, float32 );
1304+float32 float32_mul( float32, float32 );
1305+float32 float32_div( float32, float32 );
1306+float32 float32_rem( float32, float32 );
1307+float32 float32_sqrt( float32 );
1308+int float32_eq( float32, float32 );
1309+int float32_le( float32, float32 );
1310+int float32_lt( float32, float32 );
1311+int float32_eq_signaling( float32, float32 );
1312+int float32_le_quiet( float32, float32 );
1313+int float32_lt_quiet( float32, float32 );
1314+int float32_is_signaling_nan( float32 );
1315+
1316+/*----------------------------------------------------------------------------
1317+| Software IEC/IEEE double-precision conversion routines.
1318+*----------------------------------------------------------------------------*/
1319+int float64_to_int32( float64 );
1320+int float64_to_int32_round_to_zero( float64 );
1321+long long float64_to_int64( float64 );
1322+long long float64_to_int64_round_to_zero( float64 );
1323+float32 float64_to_float32( float64 );
1324+#ifdef FLOATX80
1325+floatx80 float64_to_floatx80( float64 );
1326+#endif
1327+#ifdef FLOAT128
1328+float128 float64_to_float128( float64 );
1329+#endif
1330+
1331+/*----------------------------------------------------------------------------
1332+| Software IEC/IEEE double-precision operations.
1333+*----------------------------------------------------------------------------*/
1334+float64 float64_round_to_int( float64 );
1335+float64 float64_add( float64, float64 );
1336+float64 float64_sub( float64, float64 );
1337+float64 float64_mul( float64, float64 );
1338+float64 float64_div( float64, float64 );
1339+float64 float64_rem( float64, float64 );
1340+float64 float64_sqrt( float64 );
1341+int float64_eq( float64, float64 );
1342+int float64_le( float64, float64 );
1343+int float64_lt( float64, float64 );
1344+int float64_eq_signaling( float64, float64 );
1345+int float64_le_quiet( float64, float64 );
1346+int float64_lt_quiet( float64, float64 );
1347+int float64_is_signaling_nan( float64 );
1348+
1349+#ifdef FLOATX80
1350+
1351+/*----------------------------------------------------------------------------
1352+| Software IEC/IEEE extended double-precision conversion routines.
1353+*----------------------------------------------------------------------------*/
1354+int floatx80_to_int32( floatx80 );
1355+int floatx80_to_int32_round_to_zero( floatx80 );
1356+long long floatx80_to_int64( floatx80 );
1357+long long floatx80_to_int64_round_to_zero( floatx80 );
1358+float32 floatx80_to_float32( floatx80 );
1359+float64 floatx80_to_float64( floatx80 );
1360+#ifdef FLOAT128
1361+float128 floatx80_to_float128( floatx80 );
1362+#endif
1363+
1364+/*----------------------------------------------------------------------------
1365+| Software IEC/IEEE extended double-precision rounding precision. Valid
1366+| values are 32, 64, and 80.
1367+*----------------------------------------------------------------------------*/
1368+extern int floatx80_rounding_precision;
1369+
1370+/*----------------------------------------------------------------------------
1371+| Software IEC/IEEE extended double-precision operations.
1372+*----------------------------------------------------------------------------*/
1373+floatx80 floatx80_round_to_int( floatx80 );
1374+floatx80 floatx80_add( floatx80, floatx80 );
1375+floatx80 floatx80_sub( floatx80, floatx80 );
1376+floatx80 floatx80_mul( floatx80, floatx80 );
1377+floatx80 floatx80_div( floatx80, floatx80 );
1378+floatx80 floatx80_rem( floatx80, floatx80 );
1379+floatx80 floatx80_sqrt( floatx80 );
1380+int floatx80_eq( floatx80, floatx80 );
1381+int floatx80_le( floatx80, floatx80 );
1382+int floatx80_lt( floatx80, floatx80 );
1383+int floatx80_eq_signaling( floatx80, floatx80 );
1384+int floatx80_le_quiet( floatx80, floatx80 );
1385+int floatx80_lt_quiet( floatx80, floatx80 );
1386+int floatx80_is_signaling_nan( floatx80 );
1387+
1388+#endif
1389+
1390+#ifdef FLOAT128
1391+
1392+/*----------------------------------------------------------------------------
1393+| Software IEC/IEEE quadruple-precision conversion routines.
1394+*----------------------------------------------------------------------------*/
1395+int float128_to_int32( float128 );
1396+int float128_to_int32_round_to_zero( float128 );
1397+long long float128_to_int64( float128 );
1398+long long float128_to_int64_round_to_zero( float128 );
1399+float32 float128_to_float32( float128 );
1400+float64 float128_to_float64( float128 );
1401+#ifdef FLOATX80
1402+floatx80 float128_to_floatx80( float128 );
1403+#endif
1404+
1405+/*----------------------------------------------------------------------------
1406+| Software IEC/IEEE quadruple-precision operations.
1407+*----------------------------------------------------------------------------*/
1408+float128 float128_round_to_int( float128 );
1409+float128 float128_add( float128, float128 );
1410+float128 float128_sub( float128, float128 );
1411+float128 float128_mul( float128, float128 );
1412+float128 float128_div( float128, float128 );
1413+float128 float128_rem( float128, float128 );
1414+float128 float128_sqrt( float128 );
1415+int float128_eq( float128, float128 );
1416+int float128_le( float128, float128 );
1417+int float128_lt( float128, float128 );
1418+int float128_eq_signaling( float128, float128 );
1419+int float128_le_quiet( float128, float128 );
1420+int float128_lt_quiet( float128, float128 );
1421+int float128_is_signaling_nan( float128 );
1422+
1423+#endif
1424+
1425--
14261.5.4
1427
diff --git a/meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch b/meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch
new file mode 100644
index 00000000..c34421cf
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/testfloat/files/TestFloat-powerpc-E500v2-SPE-1.patch
@@ -0,0 +1,1644 @@
1This patch adds PowerPC E500v2 SPE support in TestFloat.
2And it disables the testing for hardware that can not trigger SPE interrupt.
3
4Signed-off-by: Ebony Zhu <ebony.zhu@freescale.com>
5Signed-off-by: Liu Yu <Yu.Liu@freescale.com>
6---
7 processors/POWERPC-gcc.h | 99 +++++
8 testfloat/powerpc-linux-gcc/Makefile | 83 +++++
9 testfloat/powerpc-linux-gcc/milieu.h | 71 ++++
10 testfloat/powerpc-linux-gcc/systflags.c | 107 ++++++
11 testfloat/powerpc-linux-gcc/systfloat.c | 595 +++++++++++++++++++++++++++++++
12 testfloat/powerpc-linux-gcc/systmodes.c | 67 ++++
13 testfloat/templates/Makefile | 18 +-
14 testfloat/templates/milieu.h | 2 +-
15 testfloat/testFunction.h | 2 +-
16 testfloat/testLoops.c | 216 +++++++++++
17 10 files changed, 1252 insertions(+), 8 deletions(-)
18 create mode 100644 processors/POWERPC-gcc.h
19 create mode 100644 testfloat/powerpc-linux-gcc/Makefile
20 create mode 100644 testfloat/powerpc-linux-gcc/milieu.h
21 create mode 100644 testfloat/powerpc-linux-gcc/systflags.c
22 create mode 100644 testfloat/powerpc-linux-gcc/systfloat.c
23 create mode 100644 testfloat/powerpc-linux-gcc/systmodes.c
24
25diff --git a/processors/POWERPC-gcc.h b/processors/POWERPC-gcc.h
26new file mode 100644
27index 0000000..4201faa
28--- /dev/null
29+++ b/processors/POWERPC-gcc.h
30@@ -0,0 +1,99 @@
31+/*
32+ * This file is derived from processors/i386-GCC.h,
33+ * the copyright for that material belongs to the original owners.
34+ *
35+ * Additional material and changes where applicable is:
36+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
37+ *
38+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
39+ * Yu Liu, <yu.liu@freescale.com>
40+ *
41+ * THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort has
42+ * been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT TIMES
43+ * RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO PERSONS
44+ * AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ALL LOSSES,
45+ * COSTS, OR OTHER PROBLEMS THEY INCUR DUE TO THE SOFTWARE, AND WHO FURTHERMORE
46+ * EFFECTIVELY INDEMNIFY JOHN HAUSER AND THE INTERNATIONAL COMPUTER SCIENCE
47+ * INSTITUTE (possibly via similar legal warning) AGAINST ALL LOSSES, COSTS, OR
48+ * OTHER PROBLEMS INCURRED BY THEIR CUSTOMERS AND CLIENTS DUE TO THE SOFTWARE.
49+ */
50+
51+/*
52+-------------------------------------------------------------------------------
53+One of the macros `BIGENDIAN' or `LITTLEENDIAN' must be defined.
54+-------------------------------------------------------------------------------
55+*/
56+#define BIGENDIAN
57+
58+/*
59+-------------------------------------------------------------------------------
60+The macro `BITS64' can be defined to indicate that 64-bit integer types are
61+supported by the compiler.
62+-------------------------------------------------------------------------------
63+*/
64+#undef BITS64
65+
66+/*
67+-------------------------------------------------------------------------------
68+Each of the following `typedef's defines the most convenient type that holds
69+integers of at least as many bits as specified. For example, `uint8' should
70+be the most convenient type that can hold unsigned integers of as many as
71+8 bits. The `flag' type must be able to hold either a 0 or 1. For most
72+implementations of C, `flag', `uint8', and `int8' should all be `typedef'ed
73+to the same as `int'.
74+-------------------------------------------------------------------------------
75+*/
76+typedef int flag;
77+typedef int uint8;
78+typedef int int8;
79+typedef int uint16;
80+typedef int int16;
81+typedef unsigned int uint32;
82+typedef signed int int32;
83+#ifdef BITS64
84+typedef unsigned long long int uint64;
85+typedef signed long long int int64;
86+#endif
87+
88+/*
89+-------------------------------------------------------------------------------
90+Each of the following `typedef's defines a type that holds integers
91+of _exactly_ the number of bits specified. For instance, for most
92+implementation of C, `bits16' and `sbits16' should be `typedef'ed to
93+`unsigned short int' and `signed short int' (or `short int'), respectively.
94+-------------------------------------------------------------------------------
95+*/
96+typedef unsigned char bits8;
97+typedef signed char sbits8;
98+typedef unsigned short int bits16;
99+typedef signed short int sbits16;
100+typedef unsigned int bits32;
101+typedef signed int sbits32;
102+#ifdef BITS64
103+typedef unsigned long long int bits64;
104+typedef signed long long int sbits64;
105+#endif
106+
107+#ifdef BITS64
108+/*
109+-------------------------------------------------------------------------------
110+The `LIT64' macro takes as its argument a textual integer literal and
111+if necessary ``marks'' the literal as having a 64-bit integer type.
112+For example, the GNU C Compiler (`gcc') requires that 64-bit literals be
113+appended with the letters `LL' standing for `long long', which is `gcc's
114+name for the 64-bit integer type. Some compilers may allow `LIT64' to be
115+defined as the identity macro: `#define LIT64( a ) a'.
116+-------------------------------------------------------------------------------
117+*/
118+#define LIT64( a ) a##LL
119+#endif
120+
121+/*
122+-------------------------------------------------------------------------------
123+The macro `INLINE' can be used before functions that should be inlined. If
124+a compiler does not support explicit inlining, this macro should be defined
125+to be `static'.
126+-------------------------------------------------------------------------------
127+*/
128+#define INLINE extern inline
129+
130diff --git a/testfloat/powerpc-linux-gcc/Makefile b/testfloat/powerpc-linux-gcc/Makefile
131new file mode 100644
132index 0000000..de50aad
133--- /dev/null
134+++ b/testfloat/powerpc-linux-gcc/Makefile
135@@ -0,0 +1,83 @@
136+
137+PROCESSOR_H = ../../processors/POWERPC-gcc.h
138+SOFTFLOAT_VERSION = bits32
139+TARGET = powerpc-GCC
140+SOFTFLOAT_DIR = ../../SoftFloat-2b/softfloat/$(SOFTFLOAT_VERSION)/$(TARGET)
141+
142+OBJ = .o
143+EXE =
144+INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR)
145+
146+COMPILE_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS)
147+
148+COMPILE_C_HARD = $(COMPILE_PREFIX)gcc -c -te500v2 -o $@ $(INCLUDES)
149+
150+COMPILE_SLOWFLOAT_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O
151+
152+LINK = $(COMPILE_PREFIX)gcc -lm -o $@
153+
154+SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h
155+SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ)
156+
157+ALL: testsoftfloat$(EXE) testfloat$(EXE)
158+
159+systmodes$(OBJ): milieu.h systmodes.c
160+ $(COMPILE_C) systmodes.c
161+
162+systflags$(OBJ): milieu.h ../systflags.h systflags.c
163+ $(COMPILE_C) systflags.c
164+
165+systfloat$(OBJ): milieu.h $(SOFTFLOAT_H) ../systfloat.h systfloat.c
166+ $(COMPILE_C_HARD) systfloat.c
167+
168+#------------------------------------------------------------------------------
169+# Probably O.K. below here.
170+#------------------------------------------------------------------------------
171+
172+milieu.h: $(PROCESSOR_H)
173+ touch milieu.h
174+
175+fail$(OBJ): milieu.h ../fail.h
176+ $(COMPILE_C) ../fail.c
177+
178+random$(OBJ): milieu.h ../random.h
179+ $(COMPILE_C) ../random.c
180+
181+testCases$(OBJ): milieu.h ../fail.h ../random.h $(SOFTFLOAT_H) ../testCases.h ../testCases.c
182+ $(COMPILE_C) ../testCases.c
183+
184+writeHex$(OBJ): milieu.h $(SOFTFLOAT_H) ../writeHex.h ../writeHex.c
185+ $(COMPILE_C) ../writeHex.c
186+
187+testLoops$(OBJ): milieu.h $(SOFTFLOAT_H) ../testCases.h ../writeHex.h ../testLoops.h ../testLoops.c
188+ $(COMPILE_C) ../testLoops.c
189+
190+slowfloat$(OBJ): milieu.h $(SOFTFLOAT_H) ../slowfloat.h ../slowfloat-32.c ../slowfloat-64.c ../slowfloat.c
191+ $(COMPILE_SLOWFLOAT_C) ../slowfloat.c
192+
193+testsoftfloat$(OBJ): milieu.h ../fail.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../slowfloat.h ../testsoftfloat.c
194+ $(COMPILE_C) ../testsoftfloat.c
195+
196+testsoftfloat$(EXE): fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) slowfloat$(OBJ) testsoftfloat$(OBJ) systflags$(OBJ) systmodes$(OBJ)
197+ $(LINK) fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) slowfloat$(OBJ) testsoftfloat$(OBJ) systflags$(OBJ) systmodes$(OBJ)
198+
199+testFunction$(OBJ): milieu.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../systmodes.h ../systflags.h ../systfloat.h ../testFunction.h ../testFunction.c
200+ $(COMPILE_C) ../testFunction.c
201+
202+testfloat$(OBJ): milieu.h ../fail.h $(SOFTFLOAT_H) ../testCases.h ../testLoops.h ../systflags.h ../testFunction.h ../testfloat.c
203+ $(COMPILE_C) ../testfloat.c
204+
205+testfloat$(EXE): fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) systmodes$(OBJ) systflags$(OBJ) systfloat$(OBJ) testFunction$(OBJ) testfloat$(OBJ)
206+ $(LINK) fail$(OBJ) random$(OBJ) $(SOFTFLOAT_OBJ) testCases$(OBJ) writeHex$(OBJ) testLoops$(OBJ) systmodes$(OBJ) systflags$(OBJ) systfloat$(OBJ) testFunction$(OBJ) testfloat$(OBJ)
207+
208+$(SOFTFLOAT_OBJ):
209+ make -C $(SOFTFLOAT_DIR)
210+
211+cp: ALL
212+ cp testsoftfloat$(EXE) ../../test_softfloat$(EXE)
213+ cp testfloat$(EXE) ../../test_float$(EXE)
214+
215+clean:
216+ make -C $(SOFTFLOAT_DIR) clean
217+ rm -f *.o testfloat$(EXE) testsoftfloat$(EXE)
218+ rm -f ../../test_softfloat$(EXE) ../../test_float$(EXE)
219diff --git a/testfloat/powerpc-linux-gcc/milieu.h b/testfloat/powerpc-linux-gcc/milieu.h
220new file mode 100644
221index 0000000..29d2b18
222--- /dev/null
223+++ b/testfloat/powerpc-linux-gcc/milieu.h
224@@ -0,0 +1,71 @@
225+/*
226+ * This file is derived from testfloat/386-Win32-gcc/milieu.h,
227+ * the copyright for that material belongs to the original owners.
228+ *
229+ * Additional material and changes where applicable is:
230+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
231+ *
232+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
233+ * Yu Liu, <yu.liu@freescale.com>
234+ */
235+
236+/*
237+===============================================================================
238+
239+This C header file is part of TestFloat, Release 2a, a package of programs
240+for testing the correctness of floating-point arithmetic complying to the
241+IEC/IEEE Standard for Floating-Point.
242+
243+Written by John R. Hauser. More information is available through the Web
244+page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
245+
246+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort
247+has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
248+TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO
249+PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
250+AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
251+
252+Derivative works are acceptable, even for commercial purposes, so long as
253+(1) they include prominent notice that the work is derivative, and (2) they
254+include prominent notice akin to these four paragraphs for those parts of
255+this code that are retained.
256+
257+===============================================================================
258+*/
259+
260+/*
261+-------------------------------------------------------------------------------
262+Include common integer types and flags.
263+-------------------------------------------------------------------------------
264+*/
265+#include "../../processors/POWERPC-gcc.h"
266+/*
267+-------------------------------------------------------------------------------
268+If the `BITS64' macro is defined by the processor header file but the
269+version of SoftFloat being used/tested is the 32-bit one (`bits32'), the
270+`BITS64' macro must be undefined here.
271+-------------------------------------------------------------------------------
272+*/
273+
274+#undef BITS64
275+/*
276+-------------------------------------------------------------------------------
277+The macro `LONG_DOUBLE_IS_FLOATX80' can be defined to indicate that the
278+C compiler supports the type `long double' as an extended double-precision
279+format. Alternatively, the macro `LONG_DOUBLE_IS_FLOAT128' can be defined
280+to indicate that `long double' is a quadruple-precision format. If neither
281+of these macros is defined, `long double' will be ignored.
282+-------------------------------------------------------------------------------
283+#define LONG_DOUBLE_IS_FLOATX80
284+*/
285+
286+/*
287+-------------------------------------------------------------------------------
288+Symbolic Boolean literals.
289+-------------------------------------------------------------------------------
290+*/
291+enum {
292+ FALSE = 0,
293+ TRUE = 1
294+};
295+
296diff --git a/testfloat/powerpc-linux-gcc/systflags.c b/testfloat/powerpc-linux-gcc/systflags.c
297new file mode 100644
298index 0000000..c382442
299--- /dev/null
300+++ b/testfloat/powerpc-linux-gcc/systflags.c
301@@ -0,0 +1,107 @@
302+/*
303+ * This file is derived from testfloat/386-Win32-gcc/systflags.c,
304+ * the copyright for that material belongs to the original owners.
305+ *
306+ * Additional material and changes where applicable is:
307+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
308+ *
309+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
310+ * Yu Liu, <yu.liu@freescale.com>
311+ */
312+
313+/*
314+===============================================================================
315+
316+This C source file is part of TestFloat, Release 2a, a package of programs
317+for testing the correctness of floating-point arithmetic complying to the
318+IEC/IEEE Standard for Floating-Point.
319+
320+Written by John R. Hauser. More information is available through the Web
321+page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
322+
323+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort
324+has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
325+TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO
326+PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
327+AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
328+
329+Derivative works are acceptable, even for commercial purposes, so long as
330+(1) they include prominent notice that the work is derivative, and (2) they
331+include prominent notice akin to these four paragraphs for those parts of
332+this code that are retained.
333+
334+===============================================================================
335+*/
336+
337+#include "milieu.h"
338+#include "systflags.h"
339+#include <fenv.h>
340+#include <stdio.h>
341+#include <math.h>
342+#include <bits/nan.h>
343+#include <bits/inf.h>
344+
345+#ifdef __SPE__
346+
347+#include <spe.h>
348+
349+
350+#define SPE_FINV_ENABLE (1UL << 5)
351+#define SPE_FDBZ_ENABLE (1UL << 4)
352+#define SPE_FUNF_ENABLE (1UL << 3)
353+#define SPE_FOVF_ENABLE (1UL << 2)
354+
355+#define SPE_FG (1UL << 13)
356+#define SPE_FX (1UL << 12)
357+#define SPE_FINV (1UL << 11)
358+#define SPE_FDBZ (1UL << 10)
359+#define SPE_FUNF (1UL << 9)
360+#define SPE_FOVF (1UL << 8)
361+
362+#define SPE_FG_H (1UL << 29)
363+#define SPE_FX_H (1UL << 28)
364+#define SPE_FINV_H (1UL << 27)
365+#define SPE_FDBZ_H (1UL << 26)
366+#define SPE_FUNF_H (1UL << 25)
367+#define SPE_FOVF_H (1UL << 24)
368+
369+static int is_soft_emu = 0;
370+
371+#endif
372+/*
373+-------------------------------------------------------------------------------
374+Clears the system's IEC/IEEE floating-point exception flags. Returns the
375+previous value of the flags.
376+-------------------------------------------------------------------------------
377+*/
378+extern int rounding;
379+unsigned int spefscr = 0;
380+
381+int8 syst_float_flags_clear( void )
382+{
383+#ifdef TEST_KERNEL_EMU
384+ if( (spefscr & (SPE_FINV | SPE_FINV_H))
385+ || (spefscr & (SPE_FDBZ | SPE_FDBZ_H))
386+ || (spefscr & (SPE_FUNF | SPE_FUNF_H))
387+ || (spefscr & (SPE_FOVF | SPE_FOVF_H))
388+ || (spefscr & (SPE_FX | SPE_FG | SPE_FX_H | SPE_FG_H))){
389+ is_soft_emu = 1;
390+ } else {
391+ is_soft_emu = 0;
392+ }
393+#endif
394+ __builtin_spe_mtspefscr(0x3c|(rounding & 0x3));
395+
396+ return ((spefscr>>17) & 0x1f);
397+}
398+
399+int syst_float_is_soft_emu(void)
400+{
401+ int ret = 0;
402+#ifdef TEST_KERNEL_EMU
403+ ret = is_soft_emu;
404+#endif
405+ return ret;
406+}
407+
408+
409diff --git a/testfloat/powerpc-linux-gcc/systfloat.c b/testfloat/powerpc-linux-gcc/systfloat.c
410new file mode 100644
411index 0000000..8d06f9f
412--- /dev/null
413+++ b/testfloat/powerpc-linux-gcc/systfloat.c
414@@ -0,0 +1,595 @@
415+/*
416+ * This file is derived from testfloat/systfloat.c,
417+ * the copyright for that material belongs to the original owners.
418+ *
419+ * Additional material and changes where applicable is:
420+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
421+ *
422+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
423+ * Yu Liu, <yu.liu@freescale.com>
424+ */
425+
426+/*
427+===============================================================================
428+
429+This C source file is part of TestFloat, Release 2a, a package of programs
430+for testing the correctness of floating-point arithmetic complying to the
431+IEC/IEEE Standard for Floating-Point.
432+
433+Written by John R. Hauser. More information is available through the Web
434+page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
435+
436+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort
437+has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
438+TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO
439+PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
440+AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
441+
442+Derivative works are acceptable, even for commercial purposes, so long as
443+(1) they include prominent notice that the work is derivative, and (2) they
444+include prominent notice akin to these four paragraphs for those parts of
445+this code that are retained.
446+
447+===============================================================================
448+*/
449+
450+#include <math.h>
451+#include "milieu.h"
452+#include "softfloat.h"
453+#include "systfloat.h"
454+
455+extern unsigned int spefscr;
456+
457+float32 syst_int32_to_float32( int32 a )
458+{
459+ float32 z;
460+
461+ *( (float *) &z ) = a;
462+ spefscr = __builtin_spe_mfspefscr();
463+ return z;
464+
465+}
466+
467+float64 syst_int32_to_float64( int32 a )
468+{
469+ float64 z;
470+
471+ *( (double *) &z ) = a;
472+ spefscr = __builtin_spe_mfspefscr();
473+ return z;
474+
475+}
476+
477+#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
478+
479+floatx80 syst_int32_to_floatx80( int32 a )
480+{
481+ floatx80 z;
482+
483+ *( (long double *) &z ) = a;
484+ return z;
485+
486+}
487+
488+#endif
489+
490+#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
491+
492+float128 syst_int32_to_float128( int32 a )
493+{
494+ float128 z;
495+
496+ *( (long double *) &z ) = a;
497+ return z;
498+
499+}
500+
501+#endif
502+
503+#ifdef BITS64
504+
505+float32 syst_int64_to_float32( int64 a )
506+{
507+ float32 z;
508+
509+ *( (float *) &z ) = a;
510+ spefscr = __builtin_spe_mfspefscr();
511+ return z;
512+
513+}
514+
515+float64 syst_int64_to_float64( int64 a )
516+{
517+ float64 z;
518+
519+ *( (double *) &z ) = a;
520+ spefscr = __builtin_spe_mfspefscr();
521+ return z;
522+
523+}
524+
525+#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
526+
527+floatx80 syst_int64_to_floatx80( int64 a )
528+{
529+ floatx80 z;
530+
531+ *( (long double *) &z ) = a;
532+ return z;
533+
534+}
535+
536+#endif
537+
538+#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
539+
540+float128 syst_int64_to_float128( int64 a )
541+{
542+ float128 z;
543+
544+ *( (long double *) &z ) = a;
545+ return z;
546+
547+}
548+
549+#endif
550+
551+#endif
552+
553+int32 syst_float32_to_int32_round_to_zero( float32 a )
554+{
555+ int32 z = *( (float *) &a );
556+ spefscr = __builtin_spe_mfspefscr();
557+
558+ return z;
559+
560+}
561+
562+#ifdef BITS64
563+
564+int64 syst_float32_to_int64_round_to_zero( float32 a )
565+{
566+ int64 z = *( (float *) &a );
567+ spefscr = __builtin_spe_mfspefscr();
568+ return z;
569+
570+}
571+
572+#endif
573+
574+float64 syst_float32_to_float64( float32 a )
575+{
576+ float64 z;
577+
578+ *( (double *) &z ) = *( (float *) &a );
579+ spefscr = __builtin_spe_mfspefscr();
580+ return z;
581+
582+}
583+
584+#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
585+
586+floatx80 syst_float32_to_floatx80( float32 a )
587+{
588+ floatx80 z;
589+
590+ *( (long double *) &z ) = *( (float *) &a );
591+ return z;
592+
593+}
594+
595+#endif
596+
597+#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
598+
599+float128 syst_float32_to_float128( float32 a )
600+{
601+ float128 z;
602+
603+ *( (long double *) &z ) = *( (float *) &a );
604+ return z;
605+
606+}
607+
608+#endif
609+
610+float32 syst_float32_add( float32 a, float32 b )
611+{
612+ float32 z;
613+
614+ *( (float *) &z ) = *( (float *) &a ) + *( (float *) &b );
615+ spefscr = __builtin_spe_mfspefscr();
616+ return z;
617+
618+}
619+
620+float32 syst_float32_sub( float32 a, float32 b )
621+{
622+ float32 z;
623+
624+ *( (float *) &z ) = *( (float *) &a ) - *( (float *) &b );
625+ spefscr = __builtin_spe_mfspefscr();
626+ return z;
627+
628+}
629+
630+float32 syst_float32_mul( float32 a, float32 b )
631+{
632+ float32 z;
633+
634+ *( (float *) &z ) = *( (float *) &a ) * *( (float *) &b );
635+ spefscr = __builtin_spe_mfspefscr();
636+ return z;
637+
638+}
639+
640+float32 syst_float32_div( float32 a, float32 b )
641+{
642+ float32 z;
643+
644+ *( (float *) &z ) = *( (float *) &a ) / *( (float *) &b );
645+ spefscr = __builtin_spe_mfspefscr();
646+ return z;
647+
648+}
649+
650+flag syst_float32_eq( float32 a, float32 b )
651+{
652+ flag f = ( *( (float *) &a ) == *( (float *) &b ) );
653+ spefscr = __builtin_spe_mfspefscr();
654+ return f;
655+
656+}
657+
658+flag syst_float32_le( float32 a, float32 b )
659+{
660+ flag f = ( *( (float *) &a ) <= *( (float *) &b ) );
661+ spefscr = __builtin_spe_mfspefscr();
662+ return f;
663+
664+}
665+
666+flag syst_float32_lt( float32 a, float32 b )
667+{
668+ flag f = ( *( (float *) &a ) < *( (float *) &b ) );
669+ spefscr = __builtin_spe_mfspefscr();
670+ return f;
671+
672+}
673+
674+int32 syst_float64_to_int32_round_to_zero( float64 a )
675+{
676+ int32 z = *( (double *) &a );
677+ spefscr = __builtin_spe_mfspefscr();
678+ return z;
679+
680+}
681+
682+#ifdef BITS64
683+
684+int64 syst_float64_to_int64_round_to_zero( float64 a )
685+{
686+ int64 z = *( (double *) &a );
687+ spefscr = __builtin_spe_mfspefscr();
688+ return z;
689+
690+}
691+
692+#endif
693+
694+float32 syst_float64_to_float32( float64 a )
695+{
696+ float32 z;
697+
698+ *( (float *) &z ) = *( (double *) &a );
699+ spefscr = __builtin_spe_mfspefscr();
700+ return z;
701+
702+}
703+
704+#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
705+
706+floatx80 syst_float64_to_floatx80( float64 a )
707+{
708+ floatx80 z;
709+
710+ *( (long double *) &z ) = *( (double *) &a );
711+ return z;
712+
713+}
714+
715+#endif
716+
717+#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
718+
719+float128 syst_float64_to_float128( float64 a )
720+{
721+ float128 z;
722+
723+ *( (long double *) &z ) = *( (double *) &a );
724+ return z;
725+
726+}
727+
728+#endif
729+
730+float64 syst_float64_add( float64 a, float64 b )
731+{
732+ float64 z;
733+
734+ *( (double *) &z ) = *( (double *) &a ) + *( (double *) &b );
735+ spefscr = __builtin_spe_mfspefscr();
736+ return z;
737+
738+}
739+
740+float64 syst_float64_sub( float64 a, float64 b )
741+{
742+ float64 z;
743+
744+ *( (double *) &z ) = *( (double *) &a ) - *( (double *) &b );
745+ spefscr = __builtin_spe_mfspefscr();
746+ return z;
747+
748+}
749+
750+float64 syst_float64_mul( float64 a, float64 b )
751+{
752+ float64 z;
753+
754+ *( (double *) &z ) = *( (double *) &a ) * *( (double *) &b );
755+ spefscr = __builtin_spe_mfspefscr();
756+ return z;
757+
758+}
759+
760+float64 syst_float64_div( float64 a, float64 b )
761+{
762+ float64 z;
763+
764+ *( (double *) &z ) = *( (double *) &a ) / *( (double *) &b );
765+ spefscr = __builtin_spe_mfspefscr();
766+ return z;
767+
768+}
769+
770+float64 syst_float64_sqrt( float64 a )
771+{
772+ /* Ebony
773+ float64 z;
774+
775+ *( (double *) &z ) = sqrt( *( (double *) &a ) );
776+ spefscr = __builtin_spe_mfspefscr();
777+ return z;
778+ */
779+
780+}
781+
782+flag syst_float64_eq( float64 a, float64 b )
783+{
784+ flag f = ( *( (double *) &a ) == *( (double *) &b ) );
785+ spefscr = __builtin_spe_mfspefscr();
786+ return f;
787+
788+}
789+
790+flag syst_float64_le( float64 a, float64 b )
791+{
792+ flag f = ( *( (double *) &a ) <= *( (double *) &b ) );
793+ spefscr = __builtin_spe_mfspefscr();
794+ return f;
795+
796+}
797+
798+flag syst_float64_lt( float64 a, float64 b )
799+{
800+ flag f = ( *( (double *) &a ) < *( (double *) &b ) );
801+ spefscr = __builtin_spe_mfspefscr();
802+ return f;
803+
804+}
805+
806+#if defined( FLOATX80 ) && defined( LONG_DOUBLE_IS_FLOATX80 )
807+
808+int32 syst_floatx80_to_int32_round_to_zero( floatx80 a )
809+{
810+
811+ return *( (long double *) &a );
812+
813+}
814+
815+#ifdef BITS64
816+
817+int64 syst_floatx80_to_int64_round_to_zero( floatx80 a )
818+{
819+
820+ return *( (long double *) &a );
821+
822+}
823+
824+#endif
825+
826+float32 syst_floatx80_to_float32( floatx80 a )
827+{
828+ float32 z;
829+
830+ *( (float *) &z ) = *( (long double *) &a );
831+ return z;
832+
833+}
834+
835+float64 syst_floatx80_to_float64( floatx80 a )
836+{
837+ float64 z;
838+
839+ *( (double *) &z ) = *( (long double *) &a );
840+ return z;
841+
842+}
843+
844+floatx80 syst_floatx80_add( floatx80 a, floatx80 b )
845+{
846+ floatx80 z;
847+
848+ *( (long double *) &z ) =
849+ *( (long double *) &a ) + *( (long double *) &b );
850+ return z;
851+
852+}
853+
854+floatx80 syst_floatx80_sub( floatx80 a, floatx80 b )
855+{
856+ floatx80 z;
857+
858+ *( (long double *) &z ) =
859+ *( (long double *) &a ) - *( (long double *) &b );
860+ return z;
861+
862+}
863+
864+floatx80 syst_floatx80_mul( floatx80 a, floatx80 b )
865+{
866+ floatx80 z;
867+
868+ *( (long double *) &z ) =
869+ *( (long double *) &a ) * *( (long double *) &b );
870+ return z;
871+
872+}
873+
874+floatx80 syst_floatx80_div( floatx80 a, floatx80 b )
875+{
876+ floatx80 z;
877+
878+ *( (long double *) &z ) =
879+ *( (long double *) &a ) / *( (long double *) &b );
880+ spefscr = __builtin_spe_mfspefscr();
881+ return z;
882+
883+}
884+
885+flag syst_floatx80_eq( floatx80 a, floatx80 b )
886+{
887+
888+ return ( *( (long double *) &a ) == *( (long double *) &b ) );
889+
890+}
891+
892+flag syst_floatx80_le( floatx80 a, floatx80 b )
893+{
894+
895+ return ( *( (long double *) &a ) <= *( (long double *) &b ) );
896+
897+}
898+
899+flag syst_floatx80_lt( floatx80 a, floatx80 b )
900+{
901+
902+ return ( *( (long double *) &a ) < *( (long double *) &b ) );
903+
904+}
905+
906+#endif
907+
908+#if defined( FLOAT128 ) && defined( LONG_DOUBLE_IS_FLOAT128 )
909+
910+int32 syst_float128_to_int32_round_to_zero( float128 a )
911+{
912+
913+ return *( (long double *) &a );
914+
915+}
916+
917+#ifdef BITS64
918+
919+int64 syst_float128_to_int64_round_to_zero( float128 a )
920+{
921+
922+ return *( (long double *) &a );
923+
924+}
925+
926+#endif
927+
928+float32 syst_float128_to_float32( float128 a )
929+{
930+ float32 z;
931+
932+ *( (float *) &z ) = *( (long double *) &a );
933+ return z;
934+
935+}
936+
937+float64 syst_float128_to_float64( float128 a )
938+{
939+ float64 z;
940+
941+ *( (double *) &z ) = *( (long double *) &a );
942+ return z;
943+
944+}
945+
946+float128 syst_float128_add( float128 a, float128 b )
947+{
948+ float128 z;
949+
950+ *( (long double *) &z ) =
951+ *( (long double *) &a ) + *( (long double *) &b );
952+ return z;
953+
954+}
955+
956+float128 syst_float128_sub( float128 a, float128 b )
957+{
958+ float128 z;
959+
960+ *( (long double *) &z ) =
961+ *( (long double *) &a ) - *( (long double *) &b );
962+ return z;
963+
964+}
965+
966+float128 syst_float128_mul( float128 a, float128 b )
967+{
968+ float128 z;
969+
970+ *( (long double *) &z ) =
971+ *( (long double *) &a ) * *( (long double *) &b );
972+ return z;
973+
974+}
975+
976+float128 syst_float128_div( float128 a, float128 b )
977+{
978+ float128 z;
979+
980+ *( (long double *) &z ) =
981+ *( (long double *) &a ) / *( (long double *) &b );
982+ spefscr = __builtin_spe_mfspefscr();
983+ return z;
984+
985+}
986+
987+flag syst_float128_eq( float128 a, float128 b )
988+{
989+
990+ return ( *( (long double *) &a ) == *( (long double *) &b ) );
991+
992+}
993+
994+flag syst_float128_le( float128 a, float128 b )
995+{
996+
997+ return ( *( (long double *) &a ) <= *( (long double *) &b ) );
998+
999+}
1000+
1001+flag syst_float128_lt( float128 a, float128 b )
1002+{
1003+
1004+ return ( *( (long double *) &a ) < *( (long double *) &b ) );
1005+
1006+}
1007+
1008+#endif
1009+
1010diff --git a/testfloat/powerpc-linux-gcc/systmodes.c b/testfloat/powerpc-linux-gcc/systmodes.c
1011new file mode 100644
1012index 0000000..143cdea
1013--- /dev/null
1014+++ b/testfloat/powerpc-linux-gcc/systmodes.c
1015@@ -0,0 +1,67 @@
1016+/*
1017+ * This file is derived from testfloat/386-Win32-gcc/systmodes.S,
1018+ * the copyright for that material belongs to the original owners.
1019+ *
1020+ * Additional material and changes where applicable is:
1021+ * Copyright (C) 2008 Freescale Semiconductor, Inc. All rights reserved.
1022+ *
1023+ * Author: Ebony Zhu, <ebony.zhu@freescale.com>
1024+ * Yu Liu, <yu.liu@freescale.com>
1025+ */
1026+
1027+/*
1028+===============================================================================
1029+
1030+This C source file is part of TestFloat, Release 2a, a package of programs
1031+for testing the correctness of floating-point arithmetic complying to the
1032+IEC/IEEE Standard for Floating-Point.
1033+
1034+Written by John R. Hauser. More information is available through the Web
1035+page `http://HTTP.CS.Berkeley.EDU/~jhauser/arithmetic/TestFloat.html'.
1036+
1037+THIS SOFTWARE IS DISTRIBUTED AS IS, FOR FREE. Although reasonable effort
1038+has been made to avoid it, THIS SOFTWARE MAY CONTAIN FAULTS THAT WILL AT
1039+TIMES RESULT IN INCORRECT BEHAVIOR. USE OF THIS SOFTWARE IS RESTRICTED TO
1040+PERSONS AND ORGANIZATIONS WHO CAN AND WILL TAKE FULL RESPONSIBILITY FOR ANY
1041+AND ALL LOSSES, COSTS, OR OTHER PROBLEMS ARISING FROM ITS USE.
1042+
1043+Derivative works are acceptable, even for commercial purposes, so long as
1044+(1) they include prominent notice that the work is derivative, and (2) they
1045+include prominent notice akin to these four paragraphs for those parts of
1046+this code that are retained.
1047+
1048+===============================================================================
1049+*/
1050+
1051+#include <fenv.h>
1052+#include "milieu.h"
1053+#include "systmodes.h"
1054+/*
1055+-------------------------------------------------------------------------------
1056+Sets the system's IEC/IEEE floating-point rounding mode. Also disables all
1057+system exception traps.
1058+-------------------------------------------------------------------------------
1059+*/
1060+int rounding;
1061+
1062+void syst_float_set_rounding_mode( int8 roundingMode )
1063+{
1064+ (void) fesetround ( roundingMode );
1065+ rounding = roundingMode;
1066+}
1067+
1068+/*
1069+-------------------------------------------------------------------------------
1070+Sets the rounding precision of subsequent extended double-precision
1071+operations. The `precision' argument should be one of 0, 32, 64, or 80.
1072+If `precision' is 32, the rounding precision is set equivalent to single
1073+precision; else if `precision' is 64, the rounding precision is set
1074+equivalent to double precision; else the rounding precision is set to full
1075+extended double precision.
1076+-------------------------------------------------------------------------------
1077+*/
1078+void syst_float_set_rounding_precision( int8 precision )
1079+{
1080+
1081+}
1082+
1083diff --git a/testfloat/templates/Makefile b/testfloat/templates/Makefile
1084index f5f3cde..18cffe0 100644
1085--- a/testfloat/templates/Makefile
1086+++ b/testfloat/templates/Makefile
1087@@ -1,15 +1,21 @@
1088
1089-PROCESSOR_H = ../../processors/!!!processor.h
1090+#PROCESSOR_H = ../../processors/!!!processor.h
1091+PROCESSOR_H = ../../processors/POWERPC-gcc.h
1092 SOFTFLOAT_VERSION = bits64
1093-TARGET = !!!target
1094-SOFTFLOAT_DIR = ../../softfloat/$(SOFTFLOAT_VERSION)/$(TARGET)
1095+
1096+#TARGET = !!!target
1097+TARGET = powerpc-GCC
1098+SOFTFLOAT_DIR = ../../../SoftFloat-2b/softfloat/$(SOFTFLOAT_VERSION)/$(TARGET)
1099
1100 OBJ = .o
1101 EXE =
1102 INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR)
1103-COMPILE_C = gcc -c -o $@ $(INCLUDES) -I- -O2
1104-COMPILE_SLOWFLOAT_C = gcc -c -o $@ $(INCLUDES) -I- -O3
1105-LINK = gcc -o $@
1106+#COMPILE_C = gcc -c -o $@ $(INCLUDES) -I- -O2
1107+#COMPILE_SLOWFLOAT_C = gcc -c -o $@ $(INCLUDES) -I- -O3
1108+#LINK = gcc -o $@
1109+COMPILE_C = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -c -o $@ $(INCLUDES) -I- -O2
1110+COMPILE_SLOWFLOAT_C = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -c -o $@ $(INCLUDES) -I- -O3
1111+LINK = /opt/mtwk/usr/local/gcc-3_4-e500-glibc-2.3.4-dp/powerpc-linux-gnuspe/bin/powerpc-linux-gnuspe-gcc -o $@
1112
1113 SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h
1114 SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ)
1115diff --git a/testfloat/templates/milieu.h b/testfloat/templates/milieu.h
1116index 56d3ac4..3214ca8 100644
1117--- a/testfloat/templates/milieu.h
1118+++ b/testfloat/templates/milieu.h
1119@@ -28,7 +28,7 @@ this code that are retained.
1120 Include common integer types and flags.
1121 -------------------------------------------------------------------------------
1122 */
1123-#include "../../processors/!!!processor.h"
1124+#include "../../processors/SPARC-gcc.h"
1125
1126 /*
1127 -------------------------------------------------------------------------------
1128diff --git a/testfloat/testFunction.h b/testfloat/testFunction.h
1129index 04bf856..00139a7 100644
1130--- a/testfloat/testFunction.h
1131+++ b/testfloat/testFunction.h
1132@@ -126,8 +126,8 @@ extern const flag functionExists[ NUM_FUNCTIONS ];
1133 enum {
1134 ROUND_NEAREST_EVEN = 1,
1135 ROUND_TO_ZERO,
1136- ROUND_DOWN,
1137 ROUND_UP,
1138+ ROUND_DOWN,
1139 NUM_ROUNDINGMODES
1140 };
1141
1142diff --git a/testfloat/testLoops.c b/testfloat/testLoops.c
1143index 8ba92f3..ba05548 100644
1144--- a/testfloat/testLoops.c
1145+++ b/testfloat/testLoops.c
1146@@ -488,6 +488,11 @@ void
1147 (void) testFlagsFunctionPtr();
1148 testZ = testFunction( testCases_a_int32 );
1149 testFlags = testFlagsFunctionPtr();
1150+#ifdef TEST_KERNEL_EMU
1151+ if (! syst_float_is_soft_emu()){
1152+ continue;
1153+ }
1154+#endif
1155 --count;
1156 if ( count == 0 ) {
1157 checkEarlyExit();
1158@@ -539,6 +544,11 @@ void
1159 (void) testFlagsFunctionPtr();
1160 testZ = testFunction( testCases_a_int32 );
1161 testFlags = testFlagsFunctionPtr();
1162+#ifdef TEST_KERNEL_EMU
1163+ if (! syst_float_is_soft_emu()){
1164+ continue;
1165+ }
1166+#endif
1167 --count;
1168 if ( count == 0 ) {
1169 checkEarlyExit();
1170@@ -592,6 +602,11 @@ void
1171 (void) testFlagsFunctionPtr();
1172 testZ = testFunction( testCases_a_int32 );
1173 testFlags = testFlagsFunctionPtr();
1174+#ifdef TEST_KERNEL_EMU
1175+ if (! syst_float_is_soft_emu()){
1176+ continue;
1177+ }
1178+#endif
1179 --count;
1180 if ( count == 0 ) {
1181 checkEarlyExit();
1182@@ -647,6 +662,11 @@ void
1183 (void) testFlagsFunctionPtr();
1184 testZ = testFunction( testCases_a_int32 );
1185 testFlags = testFlagsFunctionPtr();
1186+#ifdef TEST_KERNEL_EMU
1187+ if (! syst_float_is_soft_emu()){
1188+ continue;
1189+ }
1190+#endif
1191 --count;
1192 if ( count == 0 ) {
1193 checkEarlyExit();
1194@@ -702,6 +722,11 @@ void
1195 (void) testFlagsFunctionPtr();
1196 testZ = testFunction( testCases_a_int64 );
1197 testFlags = testFlagsFunctionPtr();
1198+#ifdef TEST_KERNEL_EMU
1199+ if (! syst_float_is_soft_emu()){
1200+ continue;
1201+ }
1202+#endif
1203 --count;
1204 if ( count == 0 ) {
1205 checkEarlyExit();
1206@@ -753,6 +778,11 @@ void
1207 (void) testFlagsFunctionPtr();
1208 testZ = testFunction( testCases_a_int64 );
1209 testFlags = testFlagsFunctionPtr();
1210+#ifdef TEST_KERNEL_EMU
1211+ if (! syst_float_is_soft_emu()){
1212+ continue;
1213+ }
1214+#endif
1215 --count;
1216 if ( count == 0 ) {
1217 checkEarlyExit();
1218@@ -806,6 +836,11 @@ void
1219 (void) testFlagsFunctionPtr();
1220 testZ = testFunction( testCases_a_int64 );
1221 testFlags = testFlagsFunctionPtr();
1222+#ifdef TEST_KERNEL_EMU
1223+ if (! syst_float_is_soft_emu()){
1224+ continue;
1225+ }
1226+#endif
1227 --count;
1228 if ( count == 0 ) {
1229 checkEarlyExit();
1230@@ -861,6 +896,11 @@ void
1231 (void) testFlagsFunctionPtr();
1232 testZ = testFunction( testCases_a_int64 );
1233 testFlags = testFlagsFunctionPtr();
1234+#ifdef TEST_KERNEL_EMU
1235+ if (! syst_float_is_soft_emu()){
1236+ continue;
1237+ }
1238+#endif
1239 --count;
1240 if ( count == 0 ) {
1241 checkEarlyExit();
1242@@ -916,6 +956,11 @@ void
1243 (void) testFlagsFunctionPtr();
1244 testZ = testFunction( testCases_a_float32 );
1245 testFlags = testFlagsFunctionPtr();
1246+#ifdef TEST_KERNEL_EMU
1247+ if (! syst_float_is_soft_emu()){
1248+ continue;
1249+ }
1250+#endif
1251 --count;
1252 if ( count == 0 ) {
1253 checkEarlyExit();
1254@@ -973,6 +1018,11 @@ void
1255 (void) testFlagsFunctionPtr();
1256 testZ = testFunction( testCases_a_float32 );
1257 testFlags = testFlagsFunctionPtr();
1258+#ifdef TEST_KERNEL_EMU
1259+ if (! syst_float_is_soft_emu()){
1260+ continue;
1261+ }
1262+#endif
1263 --count;
1264 if ( count == 0 ) {
1265 checkEarlyExit();
1266@@ -1030,6 +1080,11 @@ void
1267 (void) testFlagsFunctionPtr();
1268 testZ = testFunction( testCases_a_float32 );
1269 testFlags = testFlagsFunctionPtr();
1270+#ifdef TEST_KERNEL_EMU
1271+ if (! syst_float_is_soft_emu()){
1272+ continue;
1273+ }
1274+#endif
1275 --count;
1276 if ( count == 0 ) {
1277 checkEarlyExit();
1278@@ -1087,6 +1142,11 @@ void
1279 (void) testFlagsFunctionPtr();
1280 testZ = testFunction( testCases_a_float32 );
1281 testFlags = testFlagsFunctionPtr();
1282+#ifdef TEST_KERNEL_EMU
1283+ if (! syst_float_is_soft_emu()){
1284+ continue;
1285+ }
1286+#endif
1287 --count;
1288 if ( count == 0 ) {
1289 checkEarlyExit();
1290@@ -1146,6 +1206,11 @@ void
1291 (void) testFlagsFunctionPtr();
1292 testZ = testFunction( testCases_a_float32 );
1293 testFlags = testFlagsFunctionPtr();
1294+#ifdef TEST_KERNEL_EMU
1295+ if (! syst_float_is_soft_emu()){
1296+ continue;
1297+ }
1298+#endif
1299 --count;
1300 if ( count == 0 ) {
1301 checkEarlyExit();
1302@@ -1203,6 +1268,11 @@ void
1303 (void) testFlagsFunctionPtr();
1304 testZ = testFunction( testCases_a_float32 );
1305 testFlags = testFlagsFunctionPtr();
1306+#ifdef TEST_KERNEL_EMU
1307+ if (! syst_float_is_soft_emu()){
1308+ continue;
1309+ }
1310+#endif
1311 --count;
1312 if ( count == 0 ) {
1313 checkEarlyExit();
1314@@ -1260,6 +1330,11 @@ void
1315 (void) testFlagsFunctionPtr();
1316 testZ = testFunction( testCases_a_float32, testCases_b_float32 );
1317 testFlags = testFlagsFunctionPtr();
1318+#ifdef TEST_KERNEL_EMU
1319+ if (! syst_float_is_soft_emu()){
1320+ continue;
1321+ }
1322+#endif
1323 --count;
1324 if ( count == 0 ) {
1325 checkEarlyExit();
1326@@ -1312,6 +1387,25 @@ void
1327 (void) testFlagsFunctionPtr();
1328 testZ = testFunction( testCases_a_float32, testCases_b_float32 );
1329 testFlags = testFlagsFunctionPtr();
1330+
1331+if(testCases_a_float32 == 0x7ffffe && testCases_b_float32 == 0x3f7ffffe)
1332+{
1333+
1334+ writeErrorFound( 10000 - count );
1335+ writeInputs_ab_float32();
1336+ fputs( " ", stdout );
1337+ writeOutputs_z_float32( trueZ, trueFlags, testZ, testFlags );
1338+ fflush( stdout );
1339+ if (! syst_float_is_soft_emu()){
1340+ exit(-1);
1341+ }
1342+}
1343+#ifdef TEST_KERNEL_EMU
1344+ if (! syst_float_is_soft_emu()){
1345+ continue;
1346+ }
1347+#endif
1348+
1349 --count;
1350 if ( count == 0 ) {
1351 checkEarlyExit();
1352@@ -1370,6 +1464,11 @@ void
1353 (void) testFlagsFunctionPtr();
1354 testZ = testFunction( testCases_a_float64 );
1355 testFlags = testFlagsFunctionPtr();
1356+#ifdef TEST_KERNEL_EMU
1357+ if (! syst_float_is_soft_emu()){
1358+ continue;
1359+ }
1360+#endif
1361 --count;
1362 if ( count == 0 ) {
1363 checkEarlyExit();
1364@@ -1427,6 +1526,11 @@ void
1365 (void) testFlagsFunctionPtr();
1366 testZ = testFunction( testCases_a_float64 );
1367 testFlags = testFlagsFunctionPtr();
1368+#ifdef TEST_KERNEL_EMU
1369+ if (! syst_float_is_soft_emu()){
1370+ continue;
1371+ }
1372+#endif
1373 --count;
1374 if ( count == 0 ) {
1375 checkEarlyExit();
1376@@ -1484,6 +1588,11 @@ void
1377 (void) testFlagsFunctionPtr();
1378 testZ = testFunction( testCases_a_float64 );
1379 testFlags = testFlagsFunctionPtr();
1380+#ifdef TEST_KERNEL_EMU
1381+ if (! syst_float_is_soft_emu()){
1382+ continue;
1383+ }
1384+#endif
1385 --count;
1386 if ( count == 0 ) {
1387 checkEarlyExit();
1388@@ -1541,6 +1650,11 @@ void
1389 (void) testFlagsFunctionPtr();
1390 testZ = testFunction( testCases_a_float64 );
1391 testFlags = testFlagsFunctionPtr();
1392+#ifdef TEST_KERNEL_EMU
1393+ if (! syst_float_is_soft_emu()){
1394+ continue;
1395+ }
1396+#endif
1397 --count;
1398 if ( count == 0 ) {
1399 checkEarlyExit();
1400@@ -1600,6 +1714,11 @@ void
1401 (void) testFlagsFunctionPtr();
1402 testZ = testFunction( testCases_a_float64 );
1403 testFlags = testFlagsFunctionPtr();
1404+#ifdef TEST_KERNEL_EMU
1405+ if (! syst_float_is_soft_emu()){
1406+ continue;
1407+ }
1408+#endif
1409 --count;
1410 if ( count == 0 ) {
1411 checkEarlyExit();
1412@@ -1657,6 +1776,11 @@ void
1413 (void) testFlagsFunctionPtr();
1414 testZ = testFunction( testCases_a_float64 );
1415 testFlags = testFlagsFunctionPtr();
1416+#ifdef TEST_KERNEL_EMU
1417+ if (! syst_float_is_soft_emu()){
1418+ continue;
1419+ }
1420+#endif
1421 --count;
1422 if ( count == 0 ) {
1423 checkEarlyExit();
1424@@ -1714,6 +1838,11 @@ void
1425 (void) testFlagsFunctionPtr();
1426 testZ = testFunction( testCases_a_float64, testCases_b_float64 );
1427 testFlags = testFlagsFunctionPtr();
1428+#ifdef TEST_KERNEL_EMU
1429+ if (! syst_float_is_soft_emu()){
1430+ continue;
1431+ }
1432+#endif
1433 --count;
1434 if ( count == 0 ) {
1435 checkEarlyExit();
1436@@ -1766,6 +1895,13 @@ void
1437 (void) testFlagsFunctionPtr();
1438 testZ = testFunction( testCases_a_float64, testCases_b_float64 );
1439 testFlags = testFlagsFunctionPtr();
1440+
1441+#ifdef TEST_KERNEL_EMU
1442+ if (! syst_float_is_soft_emu()){
1443+ continue;
1444+ }
1445+#endif
1446+
1447 --count;
1448 if ( count == 0 ) {
1449 checkEarlyExit();
1450@@ -1826,6 +1962,11 @@ void
1451 (void) testFlagsFunctionPtr();
1452 testZ = testFunction( testCases_a_floatx80 );
1453 testFlags = testFlagsFunctionPtr();
1454+#ifdef TEST_KERNEL_EMU
1455+ if (! syst_float_is_soft_emu()){
1456+ continue;
1457+ }
1458+#endif
1459 --count;
1460 if ( count == 0 ) {
1461 checkEarlyExit();
1462@@ -1883,6 +2024,11 @@ void
1463 (void) testFlagsFunctionPtr();
1464 testZ = testFunction( testCases_a_floatx80 );
1465 testFlags = testFlagsFunctionPtr();
1466+#ifdef TEST_KERNEL_EMU
1467+ if (! syst_float_is_soft_emu()){
1468+ continue;
1469+ }
1470+#endif
1471 --count;
1472 if ( count == 0 ) {
1473 checkEarlyExit();
1474@@ -1940,6 +2086,11 @@ void
1475 (void) testFlagsFunctionPtr();
1476 testZ = testFunction( testCases_a_floatx80 );
1477 testFlags = testFlagsFunctionPtr();
1478+#ifdef TEST_KERNEL_EMU
1479+ if (! syst_float_is_soft_emu()){
1480+ continue;
1481+ }
1482+#endif
1483 --count;
1484 if ( count == 0 ) {
1485 checkEarlyExit();
1486@@ -1995,6 +2146,11 @@ void
1487 (void) testFlagsFunctionPtr();
1488 testZ = testFunction( testCases_a_floatx80 );
1489 testFlags = testFlagsFunctionPtr();
1490+#ifdef TEST_KERNEL_EMU
1491+ if (! syst_float_is_soft_emu()){
1492+ continue;
1493+ }
1494+#endif
1495 --count;
1496 if ( count == 0 ) {
1497 checkEarlyExit();
1498@@ -2052,6 +2208,11 @@ void
1499 (void) testFlagsFunctionPtr();
1500 testZ = testFunction( testCases_a_floatx80 );
1501 testFlags = testFlagsFunctionPtr();
1502+#ifdef TEST_KERNEL_EMU
1503+ if (! syst_float_is_soft_emu()){
1504+ continue;
1505+ }
1506+#endif
1507 --count;
1508 if ( count == 0 ) {
1509 checkEarlyExit();
1510@@ -2109,6 +2270,11 @@ void
1511 (void) testFlagsFunctionPtr();
1512 testZ = testFunction( testCases_a_floatx80 );
1513 testFlags = testFlagsFunctionPtr();
1514+#ifdef TEST_KERNEL_EMU
1515+ if (! syst_float_is_soft_emu()){
1516+ continue;
1517+ }
1518+#endif
1519 --count;
1520 if ( count == 0 ) {
1521 checkEarlyExit();
1522@@ -2166,6 +2332,11 @@ void
1523 (void) testFlagsFunctionPtr();
1524 testZ = testFunction( testCases_a_floatx80, testCases_b_floatx80 );
1525 testFlags = testFlagsFunctionPtr();
1526+#ifdef TEST_KERNEL_EMU
1527+ if (! syst_float_is_soft_emu()){
1528+ continue;
1529+ }
1530+#endif
1531 --count;
1532 if ( count == 0 ) {
1533 checkEarlyExit();
1534@@ -2218,6 +2389,11 @@ void
1535 (void) testFlagsFunctionPtr();
1536 testZ = testFunction( testCases_a_floatx80, testCases_b_floatx80 );
1537 testFlags = testFlagsFunctionPtr();
1538+#ifdef TEST_KERNEL_EMU
1539+ if (! syst_float_is_soft_emu()){
1540+ continue;
1541+ }
1542+#endif
1543 --count;
1544 if ( count == 0 ) {
1545 checkEarlyExit();
1546@@ -2280,6 +2456,11 @@ void
1547 (void) testFlagsFunctionPtr();
1548 testZ = testFunction( testCases_a_float128 );
1549 testFlags = testFlagsFunctionPtr();
1550+#ifdef TEST_KERNEL_EMU
1551+ if (! syst_float_is_soft_emu()){
1552+ continue;
1553+ }
1554+#endif
1555 --count;
1556 if ( count == 0 ) {
1557 checkEarlyExit();
1558@@ -2337,6 +2518,11 @@ void
1559 (void) testFlagsFunctionPtr();
1560 testZ = testFunction( testCases_a_float128 );
1561 testFlags = testFlagsFunctionPtr();
1562+#ifdef TEST_KERNEL_EMU
1563+ if (! syst_float_is_soft_emu()){
1564+ continue;
1565+ }
1566+#endif
1567 --count;
1568 if ( count == 0 ) {
1569 checkEarlyExit();
1570@@ -2394,6 +2580,11 @@ void
1571 (void) testFlagsFunctionPtr();
1572 testZ = testFunction( testCases_a_float128 );
1573 testFlags = testFlagsFunctionPtr();
1574+#ifdef TEST_KERNEL_EMU
1575+ if (! syst_float_is_soft_emu()){
1576+ continue;
1577+ }
1578+#endif
1579 --count;
1580 if ( count == 0 ) {
1581 checkEarlyExit();
1582@@ -2449,6 +2640,11 @@ void
1583 (void) testFlagsFunctionPtr();
1584 testZ = testFunction( testCases_a_float128 );
1585 testFlags = testFlagsFunctionPtr();
1586+#ifdef TEST_KERNEL_EMU
1587+ if (! syst_float_is_soft_emu()){
1588+ continue;
1589+ }
1590+#endif
1591 --count;
1592 if ( count == 0 ) {
1593 checkEarlyExit();
1594@@ -2506,6 +2702,11 @@ void
1595 (void) testFlagsFunctionPtr();
1596 testZ = testFunction( testCases_a_float128 );
1597 testFlags = testFlagsFunctionPtr();
1598+#ifdef TEST_KERNEL_EMU
1599+ if (! syst_float_is_soft_emu()){
1600+ continue;
1601+ }
1602+#endif
1603 --count;
1604 if ( count == 0 ) {
1605 checkEarlyExit();
1606@@ -2563,6 +2764,11 @@ void
1607 (void) testFlagsFunctionPtr();
1608 testZ = testFunction( testCases_a_float128 );
1609 testFlags = testFlagsFunctionPtr();
1610+#ifdef TEST_KERNEL_EMU
1611+ if (! syst_float_is_soft_emu()){
1612+ continue;
1613+ }
1614+#endif
1615 --count;
1616 if ( count == 0 ) {
1617 checkEarlyExit();
1618@@ -2620,6 +2826,11 @@ void
1619 (void) testFlagsFunctionPtr();
1620 testZ = testFunction( testCases_a_float128, testCases_b_float128 );
1621 testFlags = testFlagsFunctionPtr();
1622+#ifdef TEST_KERNEL_EMU
1623+ if (! syst_float_is_soft_emu()){
1624+ continue;
1625+ }
1626+#endif
1627 --count;
1628 if ( count == 0 ) {
1629 checkEarlyExit();
1630@@ -2672,6 +2883,11 @@ void
1631 (void) testFlagsFunctionPtr();
1632 testZ = testFunction( testCases_a_float128, testCases_b_float128 );
1633 testFlags = testFlagsFunctionPtr();
1634+#ifdef TEST_KERNEL_EMU
1635+ if (! syst_float_is_soft_emu()){
1636+ continue;
1637+ }
1638+#endif
1639 --count;
1640 if ( count == 0 ) {
1641 checkEarlyExit();
1642--
16431.5.4
1644
diff --git a/meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch b/meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch
new file mode 100644
index 00000000..42de56d3
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/testfloat/files/Yocto-replace-COMPILE_PREFIX-gcc.patch
@@ -0,0 +1,67 @@
1From 6c7567e05c28b8cb6c7dc68c278950a32feb6f64 Mon Sep 17 00:00:00 2001
2From: Ting Liu <b28495@freescale.com>
3Date: Wed, 9 May 2012 02:42:57 -0500
4Subject: [PATCH] Yocto: replace $(COMPILE_PREFIX)gcc with $(CC) and remove -te500v2 flags
5
6Signed-off-by: Ting Liu <b28495@freescale.com>
7---
8 SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile | 4 ++--
9 SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile | 4 ++--
10 testfloat/powerpc-linux-gcc/Makefile | 8 ++++----
11 3 files changed, 8 insertions(+), 8 deletions(-)
12
13diff --git a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
14index 28f1e33..4098048 100644
15--- a/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
16+++ b/SoftFloat-2b/softfloat/bits32/powerpc-GCC/Makefile
17@@ -5,8 +5,8 @@ SOFTFLOAT_MACROS = ../softfloat-macros
18 OBJ = .o
19 EXE =
20 INCLUDES = -I. -I..
21-COMPILE_C = $(COMPILE_PREFIX)gcc -msoft-float -c -o $@ $(INCLUDES) -I- -O2
22-LINK = $(COMPILE_PREFIX)gcc -o $@
23+COMPILE_C = $(CC) -msoft-float -c -o $@ $(INCLUDES) -I- -O2
24+LINK = $(CC) -o $@
25
26 ALL: softfloat$(OBJ) timesoftfloat$(EXE)
27
28diff --git a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
29index a5e2cc7..c34e16e 100644
30--- a/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
31+++ b/SoftFloat-2b/softfloat/bits64/powerpc-GCC/Makefile
32@@ -5,8 +5,8 @@ SOFTFLOAT_MACROS = ../softfloat-macros
33 OBJ = .o
34 EXE =
35 INCLUDES = -I. -I..
36-COMPILE_C = $(COMPILE_PREFIX) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2
37-LINK = $(COMPILE_PREFIX) -o $@
38+COMPILE_C = $(CC) -mcpu=8548 -mhard-float -mfloat-gprs=double -o $@ $(INCLUDES) -I- -O2
39+LINK = $(CC) -o $@
40
41 ALL: softfloat$(OBJ) timesoftfloat$(EXE)
42
43diff --git a/testfloat/powerpc-linux-gcc/Makefile b/testfloat/powerpc-linux-gcc/Makefile
44index de50aad..1a8b5f7 100644
45--- a/testfloat/powerpc-linux-gcc/Makefile
46+++ b/testfloat/powerpc-linux-gcc/Makefile
47@@ -8,13 +8,13 @@ OBJ = .o
48 EXE =
49 INCLUDES = -I. -I.. -I$(SOFTFLOAT_DIR)
50
51-COMPILE_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS)
52+COMPILE_C = $(CC) -c -o $@ $(INCLUDES) -I- -O $(EXTRA_CFLAGS)
53
54-COMPILE_C_HARD = $(COMPILE_PREFIX)gcc -c -te500v2 -o $@ $(INCLUDES)
55+COMPILE_C_HARD = $(CC) -c -o $@ $(INCLUDES)
56
57-COMPILE_SLOWFLOAT_C = $(COMPILE_PREFIX)gcc -c -o $@ $(INCLUDES) -I- -O
58+COMPILE_SLOWFLOAT_C = $(CC) -c -o $@ $(INCLUDES) -I- -O
59
60-LINK = $(COMPILE_PREFIX)gcc -lm -o $@
61+LINK = $(CC) -lm -o $@
62
63 SOFTFLOAT_H = $(SOFTFLOAT_DIR)/softfloat.h
64 SOFTFLOAT_OBJ = $(SOFTFLOAT_DIR)/softfloat$(OBJ)
65--
661.7.3.4
67
diff --git a/meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb b/meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb
new file mode 100644
index 00000000..800cef3d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/testfloat/testfloat_2a.bb
@@ -0,0 +1,45 @@
1DESCRIPTION = "A program for testing floating-point implementation"
2LICENSE = "TestFloat"
3
4LIC_FILES_CHKSUM = "file://testfloat/testfloat.txt;beginline=87;endline=95;md5=bdb2e8111838a48015c29bd97f5b6145"
5
6SRC_URI = " http://www.jhauser.us/arithmetic/TestFloat-2a.tar.Z;name=TestFloat \
7 http://www.jhauser.us/arithmetic/SoftFloat-2b.tar.Z;name=SoftFloat \
8 "
9SRC_URI_append_qoriq-ppc = " file://SoftFloat-powerpc-1.patch \
10 file://TestFloat-powerpc-E500v2-SPE-1.patch \
11 file://Yocto-replace-COMPILE_PREFIX-gcc.patch \
12 "
13SRC_URI[TestFloat.md5sum] = "4dc889319ae1e0c5381ec511f784553a"
14SRC_URI[TestFloat.sha256sum] = "84d14aa42adefbda2ec9708b42946f7fa59f93689b042684bd027863481f8e4e"
15SRC_URI[SoftFloat.md5sum] = "b4a58b5c941f1a2317e4c2500086e3fa"
16SRC_URI[SoftFloat.sha256sum] = "89d14b55113a2ba8cbda7011443ba1d298d381c89d939515d56c5f18f2febf81"
17
18S = "${WORKDIR}/TestFloat-2a"
19
20do_unpack2(){
21 mv ${WORKDIR}/SoftFloat-2b ${S}/SoftFloat-2b
22 cd ${S}
23 if [ -n "$(which fromdos)" ];then
24 find -type f -exec fromdos {} \;
25 elif [ -n "$(which dos2unix)" ];then
26 find -type f -exec dos2unix {} \;
27 else
28 echo -e "\nERROR: command dos2unix or fromdos not found\n" && return 1
29 fi
30}
31addtask do_unpack2 after do_unpack before do_patch
32
33do_compile(){
34 oe_runmake -C testfloat/powerpc-linux-gcc/ CC="${CC}" EXTRA_CFLAGS="-DTEST_KERNEL_EMU"
35}
36
37do_install(){
38 install -d ${D}/${bindir}
39 install testfloat/powerpc-linux-gcc/testfloat ${D}/${bindir}
40 install testfloat/powerpc-linux-gcc/testsoftfloat ${D}/${bindir}
41}
42
43COMPATIBLE_HOST_e500v2 = ".*"
44COMPATIBLE_HOST ?= "(none)"
45
diff --git a/meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb b/meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb
new file mode 100644
index 00000000..84f60d51
--- /dev/null
+++ b/meta-fsl-ppc/recipes-extended/web-sysmon/web-sysmon_git.bb
@@ -0,0 +1,23 @@
1DESCRIPTION = "Web System Monitor Files"
2SECTION = "web-sysmon"
3LICENSE = "GPLv2"
4LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
5
6SRC_URI = "git://git.freescale.com/ppc/sdk/web-sysmon-dev.git;nobranch=1"
7SRCREV = "8d0c6eca1113832fabe917fd0cb25abe2d4d7157"
8
9inherit update-rc.d
10
11S = "${WORKDIR}/git"
12
13RDEPENDS_${PN} = "lighttpd"
14
15EXTRA_OEMAKE += "D=${D}"
16do_install () {
17 oe_runmake install
18}
19
20FILES_${PN} += "/"
21
22INITSCRIPT_NAME = "web-sysmon.sh"
23INITSCRIPT_PARAMS = "defaults 99 20"
diff --git a/meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb b/meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb
new file mode 100644
index 00000000..038c421d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-graphics/xorg-driver/xf86-video-fbdev_0.4.2.bb
@@ -0,0 +1,11 @@
1require xorg-driver-video.inc
2LIC_FILES_CHKSUM = "file://COPYING;md5=d8cbd99fff773f92e844948f74ef0df8"
3
4DESCRIPTION = "X.Org X server -- fbdev display driver"
5PE = "1"
6PR = "${INC_PR}.1"
7
8DEPENDS += "virtual/xserver"
9
10SRC_URI[md5sum] = "53a533d9e0c2da50962282526bace074"
11SRC_URI[sha256sum] = "93b271b4b41d7e5ca108849a583b9523e96c51813d046282285355b7001f82d5"
diff --git a/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc
new file mode 100644
index 00000000..c0f4a15a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-common.inc
@@ -0,0 +1,40 @@
1DESCRIPTION = "X driver"
2HOMEPAGE = "http://www.x.org"
3SECTION = "x11/drivers"
4LICENSE = "MIT-X"
5INC_PR = "r15"
6
7DEPENDS = "randrproto virtual/xserver-xf86 xproto"
8
9SRC_URI = "${XORG_MIRROR}/individual/driver/${BPN}-${PV}.tar.bz2"
10
11S = "${WORKDIR}/${BPN}-${PV}"
12
13FILES_${PN} += " ${libdir}/xorg/modules"
14FILES_${PN}-dbg += "${libdir}/xorg/modules/*/.debug"
15
16inherit autotools pkgconfig
17
18TARGET_CPPFLAGS += "-I${STAGING_DIR_HOST}/usr/include/xorg"
19
20# Another sucky behavor from Xorg configure scripts.
21# They use AC_CHECK_FILE to check for DRI headers. Yuck!
22# Of course this will blow up when cross compiling.
23
24do_configure_prepend() {
25 incdir=${layout_includedir}/xorg
26 for f in dri.h sarea.h dristruct.h exa.h damage.h xf86Module.h; do
27 path="$incdir/$f"
28 if [ -f "${STAGING_DIR_HOST}/$path" ]; then
29 p=`echo "$path" | sed 'y%*+%pp%;s%[^_[:alnum:]]%_%g'`
30 eval "export ac_cv_file_$p=yes"
31 fi
32 done
33}
34
35# FIXME: We don't want to include the libtool archives (*.la) from modules
36# directory, as they serve no useful purpose. Upstream should fix Makefile.am
37do_install_append() {
38 find ${D}${libdir}/xorg/modules -regex ".*\.la$" | xargs rm -f --
39}
40
diff --git a/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc
new file mode 100644
index 00000000..bce8c9a7
--- /dev/null
+++ b/meta-fsl-ppc/recipes-graphics/xorg-driver/xorg-driver-video.inc
@@ -0,0 +1,4 @@
1include xorg-driver-common.inc
2
3DEPENDS = "randrproto renderproto videoproto xextproto fontsproto xproto"
4
diff --git a/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf
new file mode 100644
index 00000000..57f284e8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config/p1022ds/xorg.conf
@@ -0,0 +1,27 @@
1Section "Screen"
2 Identifier "Builtin Default fbdev Screen 0"
3 Device "Builtin Default fbdev Device 0"
4EndSection
5
6Section "ServerLayout"
7 Identifier "Builtin Default Layout"
8 Screen "Builtin Default fbdev Screen 0"
9EndSection
10
11Section "ServerFlags"
12 Option "DontZap" "0"
13EndSection
14
15Section "InputClass"
16 Identifier "keyboard-all"
17 Driver "evdev"
18 MatchIsKeyboard "on"
19EndSection
20
21
22Section "InputClass"
23 Identifier "mouse-all"
24 Driver "evdev"
25 MatchIsPointer "on"
26EndSection
27
diff --git a/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend
new file mode 100644
index 00000000..6d4804d1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-graphics/xorg-xserver/xserver-xf86-config_%.bbappend
@@ -0,0 +1,2 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
2
diff --git a/meta-fsl-ppc/recipes-kernel/asf/asf_git.bb b/meta-fsl-ppc/recipes-kernel/asf/asf_git.bb
new file mode 100644
index 00000000..1ca4c8ea
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/asf/asf_git.bb
@@ -0,0 +1,33 @@
1DESCRIPTION = "Non-DPAA software Application Specific Fast-path"
2SECTION = "asf"
3LICENSE = "GPLv2 & GPLv2+ & BSD"
4LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
5
6SRC_URI = "git://git.freescale.com/ppc/sdk/asf.git;nobranch=1"
7SRCREV = "16eb472d6b2b34c8b605a86c469611bc8ddec1c9"
8
9inherit module qoriq_build_64bit_kernel
10
11S = "${WORKDIR}/git/asfmodule"
12
13EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX}"
14export KERNEL_PATH = "${STAGING_KERNEL_DIR}"
15
16INHIBIT_PACKAGE_STRIP = "1"
17
18do_configure[depends] += "virtual/kernel:do_shared_workdir"
19do_configure_prepend () {
20 sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/Makefile
21}
22
23do_install(){
24 install -d ${D}/${libexecdir}
25 install -d ${D}/lib/modules/${KERNEL_VERSION}/asf
26 cp -rf ${S}/bin/full ${D}/lib/modules/${KERNEL_VERSION}/asf
27 cp -rf ${S}/bin/min ${D}/lib/modules/${KERNEL_VERSION}/asf
28 cp -rf ${S}/../scripts ${D}/${libexecdir}/
29}
30
31FILES_${PN} += "${libexecdir} /lib/modules/${KERNEL_VERSION}/asf"
32RDEPENDS_${PN} += "ipsec-tools"
33
diff --git a/meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb b/meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb
new file mode 100644
index 00000000..52d9f57d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/auto-resp/ar_git.bb
@@ -0,0 +1,29 @@
1SUMMARY = "Auto Response Control Module"
2LICENSE = "GPLv2 & BSD"
3LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
4
5inherit module
6
7SRC_URI = "git://git.freescale.com/ppc/sdk/auto-resp.git;branch=sdk-v1.7.x"
8SRCREV = "dbede76fb4020a370baa393f7c53af4c0db8f175"
9
10S = "${WORKDIR}/git"
11
12EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}"
13export KERNEL_PATH
14
15INHIBIT_PACKAGE_STRIP = "1"
16
17do_compile_prepend() {
18 sed -i -e 's,EXTRA_CFLAGS += -I$(PWD),EXTRA_CFLAGS += -I${S},' ${S}/armodule/source/Makefile
19}
20
21do_install(){
22 install -d ${D}/lib/modules/${KERNEL_VERSION}
23 install -d ${D}${bindir}
24 install -m 644 ${B}/bin/ar.ko ${D}/lib/modules/${KERNEL_VERSION}/
25 cp -f ${S}/bin/ar_* ${D}${bindir}/
26}
27
28FILES_${PN} += "${bindir}/"
29
diff --git a/meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb b/meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb
new file mode 100644
index 00000000..beaed31e
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/ceetm/ceetm_git.bb
@@ -0,0 +1,30 @@
1DESCRIPTION = "CEETM TC QDISC"
2LICENSE = "GPLv2 & BSD"
3LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287"
4
5DEPENDS="virtual/kernel"
6
7inherit module qoriq_build_64bit_kernel
8
9SRC_URI = "git://git.freescale.com/ppc/sdk/ceetm.git;nobranch=1"
10SRCREV = "ecf55c9ca0cd42a212653e1f99c19cd611e3a008"
11
12S = "${WORKDIR}/git"
13
14EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}"
15export KERNEL_PATH = "${STAGING_KERNEL_DIR}"
16
17do_configure[depends] += "virtual/kernel:do_shared_workdir"
18do_configure_prepend () {
19 sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/ceetm_module/Makefile
20}
21
22do_install(){
23 mkdir -p ${D}/usr/driver/ceetm
24 mkdir -p ${D}/${libdir}/tc
25 cp ${S}/bin/ceetm.ko ${D}/usr/driver/ceetm
26 cp ${S}/bin/q_ceetm.so ${D}/${libdir}/tc/.
27}
28
29FILES_${PN} += "/usr/driver/ceetm ${libdir}/tc"
30INHIBIT_PACKAGE_STRIP = "1"
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc
new file mode 100644
index 00000000..e32e3502
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc
@@ -0,0 +1,17 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/cryptodev-fsl:"
2
3SRC_URI_qoriq-ppc = "git://github.com/cryptodev-linux/cryptodev-linux.git \
4 file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
5 file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \
6 file://0003-PKC-support-added-in-cryptodev-module.patch \
7 file://0004-Compat-versions-of-PKC-IOCTLs.patch \
8 file://0005-Asynchronous-interface-changes-in-cryptodev.patch \
9 file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \
10 file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \
11 file://0008-Add-RSA-Key-generation-offloading.patch \
12 file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \
13"
14SRCREV_qoriq-ppc = "6aa62a2c320b04f55fdfe0ed015c3d9b48997239"
15
16S_qoriq-ppc = "${WORKDIR}/git"
17
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
new file mode 100644
index 00000000..796e5484
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
@@ -0,0 +1,52 @@
1From 715ade8236f40cf811c39f9538dfd60803967fcd Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 29 Aug 2013 16:52:30 +0300
4Subject: [PATCH 1/9] add support for composite TLS10(SHA1,AES) algorithm
5 offload
6
7This adds support for composite algorithm offload as a primitive
8crypto (cipher + hmac) operation.
9
10It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
11provided either in software or accelerated by hardware such as
12Freescale B*, P* and T* platforms.
13
14Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf
15Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
16Reviewed-on: http://git.am.freescale.net:8181/17218
17---
18 crypto/cryptodev.h | 1 +
19 ioctl.c | 5 +++++
20 2 files changed, 6 insertions(+)
21
22diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
23index 7fb9c7d..c0e8cd4 100644
24--- a/crypto/cryptodev.h
25+++ b/crypto/cryptodev.h
26@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
27 CRYPTO_SHA2_384,
28 CRYPTO_SHA2_512,
29 CRYPTO_SHA2_224_HMAC,
30+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
31 CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
32 };
33
34diff --git a/ioctl.c b/ioctl.c
35index 5a55a76..f9b9b2e 100644
36--- a/ioctl.c
37+++ b/ioctl.c
38@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
39 stream = 1;
40 aead = 1;
41 break;
42+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
43+ alg_name = "tls10(hmac(sha1),cbc(aes))";
44+ stream = 0;
45+ aead = 1;
46+ break;
47 case CRYPTO_NULL:
48 alg_name = "ecb(cipher_null)";
49 stream = 1;
50--
511.8.3.1
52
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch
new file mode 100644
index 00000000..3d7c6086
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch
@@ -0,0 +1,32 @@
1From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 9 Dec 2014 16:41:25 +0200
4Subject: [PATCH] don't advertise RSA keygen
5
6This is supposed to avoid RSA keygen operations when they are not
7available. Since no testing can be done, the patch should be applied
8selectively (for example when offloading through pkc driver on C293)
9
10Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a
11Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
12---
13 ioctl.c | 3 +--
14 1 file changed, 1 insertion(+), 2 deletions(-)
15
16diff --git a/ioctl.c b/ioctl.c
17index e907167..3239093 100644
18--- a/ioctl.c
19+++ b/ioctl.c
20@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
21 case CIOCASYMFEAT:
22 return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
23 CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
24- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
25- CRF_RSA_GENERATE_KEY, p);
26+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
27 case CRIOGET:
28 fd = clonefd(filp);
29 ret = put_user(fd, p);
30--
312.2.0
32
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
new file mode 100644
index 00000000..086a97f8
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
@@ -0,0 +1,207 @@
1From 4b766c93e4ee19248dd66bbebb61fb5cc9c8a012 Mon Sep 17 00:00:00 2001
2From: Horia Geanta <horia.geanta@freescale.com>
3Date: Wed, 4 Dec 2013 15:43:41 +0200
4Subject: [PATCH 2/9] add support for COMPAT_CIOCAUTHCRYPT ioctl()
5
6Upstream-status: Pending
7
8Needed for 64b kernel with 32b user space.
9
10Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1
11Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
12Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
13---
14 authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
15 cryptodev_int.h | 40 +++++++++++++++++++++++++++++
16 ioctl.c | 16 ++++++++++++
17 3 files changed, 134 insertions(+)
18
19diff --git a/authenc.c b/authenc.c
20index 1bd7377..ef0d3db 100644
21--- a/authenc.c
22+++ b/authenc.c
23@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp
24 return 0;
25 }
26
27+/* compatibility code for 32bit userlands */
28+#ifdef CONFIG_COMPAT
29+
30+static inline void
31+compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat,
32+ struct crypt_auth_op *caop)
33+{
34+ caop->ses = compat->ses;
35+ caop->op = compat->op;
36+ caop->flags = compat->flags;
37+ caop->len = compat->len;
38+ caop->auth_len = compat->auth_len;
39+ caop->tag_len = compat->tag_len;
40+ caop->iv_len = compat->iv_len;
41+
42+ caop->auth_src = compat_ptr(compat->auth_src);
43+ caop->src = compat_ptr(compat->src);
44+ caop->dst = compat_ptr(compat->dst);
45+ caop->tag = compat_ptr(compat->tag);
46+ caop->iv = compat_ptr(compat->iv);
47+}
48+
49+static inline void
50+crypt_auth_op_to_compat(struct crypt_auth_op *caop,
51+ struct compat_crypt_auth_op *compat)
52+{
53+ compat->ses = caop->ses;
54+ compat->op = caop->op;
55+ compat->flags = caop->flags;
56+ compat->len = caop->len;
57+ compat->auth_len = caop->auth_len;
58+ compat->tag_len = caop->tag_len;
59+ compat->iv_len = caop->iv_len;
60+
61+ compat->auth_src = ptr_to_compat(caop->auth_src);
62+ compat->src = ptr_to_compat(caop->src);
63+ compat->dst = ptr_to_compat(caop->dst);
64+ compat->tag = ptr_to_compat(caop->tag);
65+ compat->iv = ptr_to_compat(caop->iv);
66+}
67+
68+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
69+ struct fcrypt *fcr, void __user *arg)
70+{
71+ struct compat_crypt_auth_op compat_caop;
72+
73+ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) {
74+ dprintk(1, KERN_ERR, "Error in copying from userspace\n");
75+ return -EFAULT;
76+ }
77+
78+ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop);
79+
80+ return fill_kcaop_from_caop(kcaop, fcr);
81+}
82+
83+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
84+ struct fcrypt *fcr, void __user *arg)
85+{
86+ int ret;
87+ struct compat_crypt_auth_op compat_caop;
88+
89+ ret = fill_caop_from_kcaop(kcaop, fcr);
90+ if (unlikely(ret)) {
91+ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n");
92+ return ret;
93+ }
94+
95+ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop);
96+
97+ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) {
98+ dprintk(1, KERN_ERR, "Error in copying to userspace\n");
99+ return -EFAULT;
100+ }
101+ return 0;
102+}
103+
104+#endif /* CONFIG_COMPAT */
105
106 int kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
107 struct fcrypt *fcr, void __user *arg)
108diff --git a/cryptodev_int.h b/cryptodev_int.h
109index d7660fa..8e687e7 100644
110--- a/cryptodev_int.h
111+++ b/cryptodev_int.h
112@@ -73,11 +73,42 @@ struct compat_crypt_op {
113 compat_uptr_t iv;/* initialization vector for encryption operations */
114 };
115
116+ /* input of CIOCAUTHCRYPT */
117+struct compat_crypt_auth_op {
118+ uint32_t ses; /* session identifier */
119+ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */
120+ uint16_t flags; /* see COP_FLAG_AEAD_* */
121+ uint32_t len; /* length of source data */
122+ uint32_t auth_len; /* length of auth data */
123+ compat_uptr_t auth_src; /* authenticated-only data */
124+
125+ /* The current implementation is more efficient if data are
126+ * encrypted in-place (src==dst). */
127+ compat_uptr_t src; /* data to be encrypted and
128+ authenticated */
129+ compat_uptr_t dst; /* pointer to output data. Must have
130+ * space for tag. For TLS this should be
131+ * at least len + tag_size + block_size
132+ * for padding */
133+
134+ compat_uptr_t tag; /* where the tag will be copied to. TLS
135+ * mode doesn't use that as tag is
136+ * copied to dst.
137+ * SRTP mode copies tag there. */
138+ uint32_t tag_len; /* the length of the tag. Use zero for
139+ * digest size or max tag. */
140+
141+ /* initialization vector for encryption operations */
142+ compat_uptr_t iv;
143+ uint32_t iv_len;
144+};
145+
146 /* compat ioctls, defined for the above structs */
147 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
148 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
149 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
150 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
151+#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
152
153 #endif /* CONFIG_COMPAT */
154
155@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op {
156
157 /* auth */
158
159+#ifdef CONFIG_COMPAT
160+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
161+ struct fcrypt *fcr, void __user *arg);
162+
163+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
164+ struct fcrypt *fcr, void __user *arg);
165+#endif /* CONFIG_COMPAT */
166+
167+
168 int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
169 struct fcrypt *fcr, void __user *arg);
170 int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
171diff --git a/ioctl.c b/ioctl.c
172index f9b9b2e..1563c75 100644
173--- a/ioctl.c
174+++ b/ioctl.c
175@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
176 struct session_op sop;
177 struct compat_session_op compat_sop;
178 struct kernel_crypt_op kcop;
179+ struct kernel_crypt_auth_op kcaop;
180 int ret;
181
182 if (unlikely(!pcr))
183@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
184 return ret;
185
186 return compat_kcop_to_user(&kcop, fcr, arg);
187+
188+ case COMPAT_CIOCAUTHCRYPT:
189+ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
190+ dprintk(1, KERN_WARNING, "Error copying from user\n");
191+ return ret;
192+ }
193+
194+ ret = crypto_auth_run(fcr, &kcaop);
195+ if (unlikely(ret)) {
196+ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n");
197+ return ret;
198+ }
199+
200+ return compat_kcaop_to_user(&kcaop, fcr, arg);
201+
202 #ifdef ENABLE_ASYNC
203 case COMPAT_CIOCASYNCCRYPT:
204 if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg)))
205--
2061.8.3.1
207
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch
new file mode 100644
index 00000000..a4f7816b
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch
@@ -0,0 +1,898 @@
1From 5b57fc2124cef0acc3c7e8de376ebd9aa4f1fdd3 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 06:16:09 +0545
4Subject: [PATCH 3/9] PKC support added in cryptodev module
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptlib.c | 66 +++++++++-
11 cryptlib.h | 28 ++++
12 crypto/cryptodev.h | 15 ++-
13 cryptodev_int.h | 20 ++-
14 ioctl.c | 196 +++++++++++++++++++++++++--
15 main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++
16 6 files changed, 685 insertions(+), 18 deletions(-)
17
18diff --git a/cryptlib.c b/cryptlib.c
19index 44ce763..6900028 100644
20--- a/cryptlib.c
21+++ b/cryptlib.c
22@@ -5,6 +5,8 @@
23 * Portions Copyright (c) 2010 Michael Weiser
24 * Portions Copyright (c) 2010 Phil Sutter
25 *
26+ * Copyright 2012 Freescale Semiconductor, Inc.
27+ *
28 * This file is part of linux cryptodev.
29 *
30 * This program is free software; you can redistribute it and/or
31@@ -39,11 +41,6 @@
32 #include "cryptodev_int.h"
33
34
35-struct cryptodev_result {
36- struct completion completion;
37- int err;
38-};
39-
40 static void cryptodev_complete(struct crypto_async_request *req, int err)
41 {
42 struct cryptodev_result *res = req->data;
43@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret)
44 case 0:
45 break;
46 case -EINPROGRESS:
47- case -EBUSY:
48 wait_for_completion(&cr->completion);
49 /* At this point we known for sure the request has finished,
50 * because wait_for_completion above was not interruptible.
51@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
52 return waitfor(hdata->async.result, ret);
53 }
54
55+int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
56+{
57+ int ret = 0;
58+ struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
59+
60+ switch (pkc_req->type) {
61+ case RSA_PUB:
62+ case RSA_PRIV_FORM1:
63+ case RSA_PRIV_FORM2:
64+ case RSA_PRIV_FORM3:
65+ pkc->s = crypto_alloc_pkc("pkc(rsa)",
66+ CRYPTO_ALG_TYPE_PKC_RSA, 0);
67+ break;
68+ case DSA_SIGN:
69+ case DSA_VERIFY:
70+ case ECDSA_SIGN:
71+ case ECDSA_VERIFY:
72+ pkc->s = crypto_alloc_pkc("pkc(dsa)",
73+ CRYPTO_ALG_TYPE_PKC_DSA, 0);
74+ break;
75+ case DH_COMPUTE_KEY:
76+ case ECDH_COMPUTE_KEY:
77+ pkc->s = crypto_alloc_pkc("pkc(dh)",
78+ CRYPTO_ALG_TYPE_PKC_DH, 0);
79+ break;
80+ default:
81+ return -EINVAL;
82+ }
83+
84+ if (IS_ERR_OR_NULL(pkc->s))
85+ return -EINVAL;
86+
87+ init_completion(&pkc->result.completion);
88+ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
89+
90+ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
91+ ret = -ENOMEM;
92+ goto error;
93+ }
94+ pkc_requested->type = pkc_req->type;
95+ pkc_requested->curve_type = pkc_req->curve_type;
96+ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
97+ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
98+ cryptodev_complete_asym, pkc);
99+ ret = crypto_pkc_op(pkc_requested);
100+ if (ret != -EINPROGRESS && ret != 0)
101+ goto error2;
102+
103+ if (pkc->type == SYNCHRONOUS)
104+ ret = waitfor(&pkc->result, ret);
105+
106+ return ret;
107+error2:
108+ kfree(pkc_requested);
109+error:
110+ crypto_free_pkc(pkc->s);
111+ return ret;
112+}
113diff --git a/cryptlib.h b/cryptlib.h
114index a0a8a63..56d325a 100644
115--- a/cryptlib.h
116+++ b/cryptlib.h
117@@ -1,3 +1,6 @@
118+/*
119+ * Copyright 2012 Freescale Semiconductor, Inc.
120+ */
121 #ifndef CRYPTLIB_H
122 # define CRYPTLIB_H
123
124@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata);
125 int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
126 int hmac_mode, void *mackey, size_t mackeylen);
127
128+/* Operation Type */
129+enum offload_type {
130+ SYNCHRONOUS,
131+ ASYNCHRONOUS
132+};
133+
134+struct cryptodev_result {
135+ struct completion completion;
136+ int err;
137+};
138+
139+struct cryptodev_pkc {
140+ struct list_head list; /* To maintain the Jobs in completed
141+ cryptodev lists */
142+ struct kernel_crypt_kop kop;
143+ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */
144+ struct cryptodev_result result; /* Result to be updated by
145+ completion handler */
146+ struct pkc_request req; /* PKC request structure allocated
147+ from CryptoAPI */
148+ enum offload_type type; /* Synchronous Vs Asynchronous request */
149+ void *cookie; /*Additional opaque cookie to be used in future */
150+ struct crypt_priv *priv;
151+};
152
153+int cryptodev_pkc_offload(struct cryptodev_pkc *);
154 #endif
155diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
156index c0e8cd4..96675fe 100644
157--- a/crypto/cryptodev.h
158+++ b/crypto/cryptodev.h
159@@ -1,6 +1,10 @@
160-/* This is a source compatible implementation with the original API of
161+/*
162+ * Copyright 2012 Freescale Semiconductor, Inc.
163+ *
164+ * This is a source compatible implementation with the original API of
165 * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
166- * Placed under public domain */
167+ * Placed under public domain
168+ */
169
170 #ifndef L_CRYPTODEV_H
171 #define L_CRYPTODEV_H
172@@ -245,6 +249,9 @@ struct crypt_kop {
173 __u16 crk_oparams;
174 __u32 crk_pad1;
175 struct crparam crk_param[CRK_MAXPARAM];
176+ enum curve_t curve_type; /* 0 == Discrete Log,
177+ 1 = EC_PRIME, 2 = EC_BINARY */
178+ void *cookie;
179 };
180
181 enum cryptodev_crk_op_t {
182@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t {
183 */
184 #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
185 #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
186-
187+/* additional ioctls for asynchronous operation for asymmetric ciphers*/
188+#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
189+#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop)
190 #endif /* L_CRYPTODEV_H */
191diff --git a/cryptodev_int.h b/cryptodev_int.h
192index 8e687e7..fdbcc61 100644
193--- a/cryptodev_int.h
194+++ b/cryptodev_int.h
195@@ -1,4 +1,6 @@
196-/* cipher stuff */
197+/* cipher stuff
198+ * Copyright 2012 Freescale Semiconductor, Inc.
199+ */
200 #ifndef CRYPTODEV_INT_H
201 # define CRYPTODEV_INT_H
202
203@@ -112,6 +114,14 @@ struct compat_crypt_auth_op {
204
205 #endif /* CONFIG_COMPAT */
206
207+/* kernel-internal extension to struct crypt_kop */
208+struct kernel_crypt_kop {
209+ struct crypt_kop kop;
210+
211+ struct task_struct *task;
212+ struct mm_struct *mm;
213+};
214+
215 /* kernel-internal extension to struct crypt_op */
216 struct kernel_crypt_op {
217 struct crypt_op cop;
218@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
219
220 #include <cryptlib.h>
221
222+/* Cryptodev Key operation handler */
223+int crypto_bn_modexp(struct cryptodev_pkc *);
224+int crypto_modexp_crt(struct cryptodev_pkc *);
225+int crypto_kop_dsasign(struct cryptodev_pkc *);
226+int crypto_kop_dsaverify(struct cryptodev_pkc *);
227+int crypto_run_asym(struct cryptodev_pkc *);
228+void cryptodev_complete_asym(struct crypto_async_request *, int);
229+
230 /* other internal structs */
231 struct csession {
232 struct list_head entry;
233diff --git a/ioctl.c b/ioctl.c
234index 1563c75..782d7fe 100644
235--- a/ioctl.c
236+++ b/ioctl.c
237@@ -4,6 +4,7 @@
238 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
239 * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
240 * Copyright (c) 2010 Phil Sutter
241+ * Copyright 2012 Freescale Semiconductor, Inc.
242 *
243 * This file is part of linux cryptodev.
244 *
245@@ -89,8 +90,37 @@ struct crypt_priv {
246 int itemcount;
247 struct work_struct cryptask;
248 wait_queue_head_t user_waiter;
249+ /* List of pending cryptodev_pkc asym requests */
250+ struct list_head asym_completed_list;
251+ /* For addition/removal of entry in pending list of asymmetric request*/
252+ spinlock_t completion_lock;
253 };
254
255+/* Asymmetric request Completion handler */
256+void cryptodev_complete_asym(struct crypto_async_request *req, int err)
257+{
258+ struct cryptodev_pkc *pkc = req->data;
259+ struct cryptodev_result *res = &pkc->result;
260+
261+ crypto_free_pkc(pkc->s);
262+ res->err = err;
263+ if (pkc->type == SYNCHRONOUS) {
264+ if (err == -EINPROGRESS)
265+ return;
266+ complete(&res->completion);
267+ } else {
268+ struct crypt_priv *pcr = pkc->priv;
269+ unsigned long flags;
270+ spin_lock_irqsave(&pcr->completion_lock, flags);
271+ list_add_tail(&pkc->list, &pcr->asym_completed_list);
272+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
273+ /* wake for POLLIN */
274+ wake_up_interruptible(&pcr->user_waiter);
275+ }
276+
277+ kfree(req);
278+}
279+
280 #define FILL_SG(sg, ptr, len) \
281 do { \
282 (sg)->page = virt_to_page(ptr); \
283@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp)
284 INIT_LIST_HEAD(&pcr->free.list);
285 INIT_LIST_HEAD(&pcr->todo.list);
286 INIT_LIST_HEAD(&pcr->done.list);
287-
288+ INIT_LIST_HEAD(&pcr->asym_completed_list);
289+ spin_lock_init(&pcr->completion_lock);
290 INIT_WORK(&pcr->cryptask, cryptask_routine);
291
292 init_waitqueue_head(&pcr->user_waiter);
293@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr,
294 }
295 #endif
296
297+/* get the first asym cipher completed job from the "done" queue
298+ *
299+ * returns:
300+ * -EBUSY if no completed jobs are ready (yet)
301+ * the return value otherwise */
302+static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
303+{
304+ int ret = 0;
305+ struct kernel_crypt_kop *kop = &pkc->kop;
306+ struct crypt_kop *ckop = &kop->kop;
307+ struct pkc_request *pkc_req = &pkc->req;
308+
309+ switch (ckop->crk_op) {
310+ case CRK_MOD_EXP:
311+ {
312+ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
313+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
314+ rsa_req->g_len);
315+ }
316+ break;
317+ case CRK_MOD_EXP_CRT:
318+ {
319+ struct rsa_priv_frm3_req_s *rsa_req =
320+ &pkc_req->req_u.rsa_priv_f3;
321+ copy_to_user(ckop->crk_param[6].crp_p,
322+ rsa_req->f, rsa_req->f_len);
323+ }
324+ break;
325+ case CRK_DSA_SIGN:
326+ {
327+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
328+
329+ if (pkc_req->type == ECDSA_SIGN) {
330+ copy_to_user(ckop->crk_param[6].crp_p,
331+ dsa_req->c, dsa_req->d_len);
332+ copy_to_user(ckop->crk_param[7].crp_p,
333+ dsa_req->d, dsa_req->d_len);
334+ } else {
335+ copy_to_user(ckop->crk_param[5].crp_p,
336+ dsa_req->c, dsa_req->d_len);
337+ copy_to_user(ckop->crk_param[6].crp_p,
338+ dsa_req->d, dsa_req->d_len);
339+ }
340+ }
341+ break;
342+ case CRK_DSA_VERIFY:
343+ break;
344+ case CRK_DH_COMPUTE_KEY:
345+ {
346+ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
347+ if (pkc_req->type == ECDH_COMPUTE_KEY)
348+ copy_to_user(ckop->crk_param[4].crp_p,
349+ dh_req->z, dh_req->z_len);
350+ else
351+ copy_to_user(ckop->crk_param[3].crp_p,
352+ dh_req->z, dh_req->z_len);
353+ }
354+ break;
355+ default:
356+ ret = -EINVAL;
357+ }
358+ kfree(pkc->cookie);
359+ return ret;
360+}
361+
362+/* this function has to be called from process context */
363+static int fill_kop_from_cop(struct kernel_crypt_kop *kop)
364+{
365+ kop->task = current;
366+ kop->mm = current->mm;
367+ return 0;
368+}
369+
370 /* this function has to be called from process context */
371 static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
372 {
373@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
374
375 if (cop->iv) {
376 rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
377- if (unlikely(rc)) {
378- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
379- kcop->ivlen, rc, cop->iv);
380+ if (unlikely(rc))
381 return -EFAULT;
382- }
383 }
384
385 return 0;
386@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
387 return 0;
388 }
389
390+static int kop_from_user(struct kernel_crypt_kop *kop,
391+ void __user *arg)
392+{
393+ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop))))
394+ return -EFAULT;
395+
396+ return fill_kop_from_cop(kop);
397+}
398+
399+static int kop_to_user(struct kernel_crypt_kop *kop,
400+ void __user *arg)
401+{
402+ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
403+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
404+ return -EFAULT;
405+ }
406+ return 0;
407+}
408+
409 static int kcop_from_user(struct kernel_crypt_op *kcop,
410 struct fcrypt *fcr, void __user *arg)
411 {
412@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
413
414 switch (cmd) {
415 case CIOCASYMFEAT:
416- return put_user(0, p);
417+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP |
418+ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
419 case CRIOGET:
420 fd = clonefd(filp);
421 ret = put_user(fd, p);
422@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
423 if (unlikely(ret))
424 return ret;
425 return copy_to_user(arg, &siop, sizeof(siop));
426+ case CIOCKEY:
427+ {
428+ struct cryptodev_pkc *pkc =
429+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
430+
431+ if (!pkc)
432+ return -ENOMEM;
433+
434+ ret = kop_from_user(&pkc->kop, arg);
435+ if (unlikely(ret)) {
436+ kfree(pkc);
437+ return ret;
438+ }
439+ pkc->type = SYNCHRONOUS;
440+ ret = crypto_run_asym(pkc);
441+ kfree(pkc);
442+ }
443+ return ret;
444 case CIOCCRYPT:
445 if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
446 dwarning(1, "Error copying from user");
447@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
448
449 return kcop_to_user(&kcop, fcr, arg);
450 #endif
451+ case CIOCASYMASYNCRYPT:
452+ {
453+ struct cryptodev_pkc *pkc =
454+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
455+ ret = kop_from_user(&pkc->kop, arg);
456+
457+ if (unlikely(ret))
458+ return -EINVAL;
459+
460+ /* Store associated FD priv data with asymmetric request */
461+ pkc->priv = pcr;
462+ pkc->type = ASYNCHRONOUS;
463+ ret = crypto_run_asym(pkc);
464+ if (ret == -EINPROGRESS)
465+ ret = 0;
466+ }
467+ return ret;
468+ case CIOCASYMASYNFETCH:
469+ {
470+ struct cryptodev_pkc *pkc;
471+ unsigned long flags;
472+
473+ spin_lock_irqsave(&pcr->completion_lock, flags);
474+ if (list_empty(&pcr->asym_completed_list)) {
475+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
476+ return -ENOMEM;
477+ }
478+ pkc = list_first_entry(&pcr->asym_completed_list,
479+ struct cryptodev_pkc, list);
480+ list_del(&pkc->list);
481+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
482+ ret = crypto_async_fetch_asym(pkc);
483+
484+ /* Reflect the updated request to user-space */
485+ if (!ret)
486+ kop_to_user(&pkc->kop, arg);
487+ kfree(pkc);
488+ }
489+ return ret;
490 default:
491 return -EINVAL;
492 }
493@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
494
495 poll_wait(file, &pcr->user_waiter, wait);
496
497- if (!list_empty_careful(&pcr->done.list))
498+ if (!list_empty_careful(&pcr->done.list) ||
499+ !list_empty_careful(&pcr->asym_completed_list))
500 ret |= POLLIN | POLLRDNORM;
501- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE)
502+ if (!list_empty_careful(&pcr->free.list) ||
503+ pcr->itemcount < MAX_COP_RINGSIZE)
504 ret |= POLLOUT | POLLWRNORM;
505
506 return ret;
507diff --git a/main.c b/main.c
508index 57e5c38..0b7951e 100644
509--- a/main.c
510+++ b/main.c
511@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop)
512 return ret;
513 }
514
515+int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
516+{
517+ struct kernel_crypt_kop *kop = &pkc->kop;
518+ struct crypt_kop *cop = &kop->kop;
519+ struct pkc_request *pkc_req = &pkc->req;
520+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
521+ int rc, buf_size;
522+ uint8_t *buf;
523+
524+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
525+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
526+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
527+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 &&
528+ !cop->crk_param[7].crp_nbits))
529+ return -EINVAL;
530+
531+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
532+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
533+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
534+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
535+ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
536+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
537+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
538+ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len +
539+ dsa_req->d_len;
540+ if (cop->crk_iparams == 6) {
541+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
542+ buf_size += dsa_req->ab_len;
543+ pkc_req->type = ECDSA_SIGN;
544+ pkc_req->curve_type = cop->curve_type;
545+ } else {
546+ pkc_req->type = DSA_SIGN;
547+ }
548+
549+ buf = kzalloc(buf_size, GFP_DMA);
550+
551+ dsa_req->q = buf;
552+ dsa_req->r = dsa_req->q + dsa_req->q_len;
553+ dsa_req->g = dsa_req->r + dsa_req->r_len;
554+ dsa_req->priv_key = dsa_req->g + dsa_req->g_len;
555+ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
556+ dsa_req->c = dsa_req->m + dsa_req->m_len;
557+ dsa_req->d = dsa_req->c + dsa_req->d_len;
558+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
559+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
560+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
561+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
562+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
563+ dsa_req->priv_key_len);
564+ if (cop->crk_iparams == 6) {
565+ dsa_req->ab = dsa_req->d + dsa_req->d_len;
566+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
567+ dsa_req->ab_len);
568+ }
569+ rc = cryptodev_pkc_offload(pkc);
570+ if (pkc->type == SYNCHRONOUS) {
571+ if (rc)
572+ goto err;
573+ if (cop->crk_iparams == 6) {
574+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
575+ dsa_req->d_len);
576+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
577+ dsa_req->d_len);
578+ } else {
579+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
580+ dsa_req->d_len);
581+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
582+ dsa_req->d_len);
583+ }
584+ } else {
585+ if (rc != -EINPROGRESS && rc != 0)
586+ goto err;
587+
588+ pkc->cookie = buf;
589+ return rc;
590+ }
591+err:
592+ kfree(buf);
593+ return rc;
594+}
595+
596+int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
597+{
598+ struct kernel_crypt_kop *kop = &pkc->kop;
599+ struct crypt_kop *cop = &kop->kop;
600+ struct pkc_request *pkc_req;
601+ struct dsa_verify_req_s *dsa_req;
602+ int rc, buf_size;
603+ uint8_t *buf;
604+
605+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
606+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
607+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
608+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 &&
609+ !cop->crk_param[7].crp_nbits))
610+ return -EINVAL;
611+
612+ pkc_req = &pkc->req;
613+ dsa_req = &pkc_req->req_u.dsa_verify;
614+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
615+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
616+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
617+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
618+ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
619+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
620+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
621+ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len +
622+ dsa_req->d_len;
623+ if (cop->crk_iparams == 8) {
624+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
625+ buf_size += dsa_req->ab_len;
626+ pkc_req->type = ECDSA_VERIFY;
627+ pkc_req->curve_type = cop->curve_type;
628+ } else {
629+ pkc_req->type = DSA_VERIFY;
630+ }
631+
632+ buf = kzalloc(buf_size, GFP_DMA);
633+
634+ dsa_req->q = buf;
635+ dsa_req->r = dsa_req->q + dsa_req->q_len;
636+ dsa_req->g = dsa_req->r + dsa_req->r_len;
637+ dsa_req->pub_key = dsa_req->g + dsa_req->g_len;
638+ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
639+ dsa_req->c = dsa_req->m + dsa_req->m_len;
640+ dsa_req->d = dsa_req->c + dsa_req->d_len;
641+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
642+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
643+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
644+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
645+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
646+ dsa_req->pub_key_len);
647+ if (cop->crk_iparams == 8) {
648+ dsa_req->ab = dsa_req->d + dsa_req->d_len;
649+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
650+ dsa_req->ab_len);
651+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
652+ dsa_req->d_len);
653+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
654+ dsa_req->d_len);
655+ } else {
656+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
657+ dsa_req->d_len);
658+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
659+ dsa_req->d_len);
660+ }
661+ rc = cryptodev_pkc_offload(pkc);
662+ if (pkc->type == SYNCHRONOUS) {
663+ if (rc)
664+ goto err;
665+ } else {
666+ if (rc != -EINPROGRESS && !rc)
667+ goto err;
668+ pkc->cookie = buf;
669+ return rc;
670+ }
671+err:
672+ kfree(buf);
673+ return rc;
674+}
675+
676+int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
677+{
678+ struct kernel_crypt_kop *kop = &pkc->kop;
679+ struct crypt_kop *cop = &kop->kop;
680+ struct pkc_request *pkc_req;
681+ struct dh_key_req_s *dh_req;
682+ int buf_size;
683+ uint8_t *buf;
684+ int rc = -EINVAL;
685+
686+ pkc_req = &pkc->req;
687+ dh_req = &pkc_req->req_u.dh_req;
688+ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
689+ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
690+ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
691+ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
692+ if (cop->crk_iparams == 4) {
693+ pkc_req->type = ECDH_COMPUTE_KEY;
694+ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
695+ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
696+ buf_size += dh_req->ab_len;
697+ } else {
698+ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
699+ pkc_req->type = DH_COMPUTE_KEY;
700+ }
701+ buf_size += dh_req->z_len;
702+ buf = kzalloc(buf_size, GFP_DMA);
703+ dh_req->q = buf;
704+ dh_req->s = dh_req->q + dh_req->q_len;
705+ dh_req->pub_key = dh_req->s + dh_req->s_len;
706+ dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
707+ if (cop->crk_iparams == 4) {
708+ dh_req->ab = dh_req->z + dh_req->z_len;
709+ pkc_req->curve_type = cop->curve_type;
710+ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
711+ dh_req->ab_len);
712+ }
713+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
714+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
715+ dh_req->pub_key_len);
716+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
717+ rc = cryptodev_pkc_offload(pkc);
718+ if (pkc->type == SYNCHRONOUS) {
719+ if (rc)
720+ goto err;
721+ if (cop->crk_iparams == 4)
722+ copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
723+ dh_req->z_len);
724+ else
725+ copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
726+ dh_req->z_len);
727+ } else {
728+ if (rc != -EINPROGRESS && rc != 0)
729+ goto err;
730+
731+ pkc->cookie = buf;
732+ return rc;
733+ }
734+err:
735+ kfree(buf);
736+ return rc;
737+}
738+
739+int crypto_modexp_crt(struct cryptodev_pkc *pkc)
740+{
741+ struct kernel_crypt_kop *kop = &pkc->kop;
742+ struct crypt_kop *cop = &kop->kop;
743+ struct pkc_request *pkc_req;
744+ struct rsa_priv_frm3_req_s *rsa_req;
745+ int rc;
746+ uint8_t *buf;
747+
748+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
749+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
750+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
751+ return -EINVAL;
752+
753+ pkc_req = &pkc->req;
754+ pkc_req->type = RSA_PRIV_FORM3;
755+ rsa_req = &pkc_req->req_u.rsa_priv_f3;
756+ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
757+ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
758+ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
759+ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8;
760+ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
761+ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
762+ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
763+ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
764+ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
765+ rsa_req->g_len, GFP_DMA);
766+ rsa_req->p = buf;
767+ rsa_req->q = rsa_req->p + rsa_req->p_len;
768+ rsa_req->g = rsa_req->q + rsa_req->q_len;
769+ rsa_req->dp = rsa_req->g + rsa_req->g_len;
770+ rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
771+ rsa_req->c = rsa_req->dq + rsa_req->dq_len;
772+ rsa_req->f = rsa_req->c + rsa_req->c_len;
773+ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
774+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
775+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
776+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
777+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
778+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
779+ rc = cryptodev_pkc_offload(pkc);
780+
781+ if (pkc->type == SYNCHRONOUS) {
782+ if (rc)
783+ goto err;
784+ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
785+ rsa_req->f_len);
786+ } else {
787+ if (rc != -EINPROGRESS && rc != 0)
788+ goto err;
789+
790+ pkc->cookie = buf;
791+ return rc;
792+ }
793+err:
794+ kfree(buf);
795+ return rc;
796+}
797+
798+int crypto_bn_modexp(struct cryptodev_pkc *pkc)
799+{
800+ struct pkc_request *pkc_req;
801+ struct rsa_pub_req_s *rsa_req;
802+ int rc;
803+ struct kernel_crypt_kop *kop = &pkc->kop;
804+ struct crypt_kop *cop = &kop->kop;
805+ uint8_t *buf;
806+
807+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
808+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
809+ return -EINVAL;
810+
811+ pkc_req = &pkc->req;
812+ pkc_req->type = RSA_PUB;
813+ rsa_req = &pkc_req->req_u.rsa_pub_req;
814+ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
815+ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
816+ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
817+ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
818+ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
819+ + rsa_req->g_len, GFP_DMA);
820+ if (!buf)
821+ return -ENOMEM;
822+
823+ rsa_req->e = buf;
824+ rsa_req->f = rsa_req->e + rsa_req->e_len;
825+ rsa_req->g = rsa_req->f + rsa_req->f_len;
826+ rsa_req->n = rsa_req->g + rsa_req->g_len;
827+ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
828+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
829+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
830+ rc = cryptodev_pkc_offload(pkc);
831+ if (pkc->type == SYNCHRONOUS) {
832+ if (rc)
833+ goto err;
834+
835+ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
836+ rsa_req->g_len);
837+ } else {
838+ if (rc != -EINPROGRESS && rc != 0)
839+ goto err;
840+
841+ /* This one will be freed later in fetch handler */
842+ pkc->cookie = buf;
843+ return rc;
844+ }
845+err:
846+ kfree(buf);
847+ return rc;
848+}
849+
850+int crypto_run_asym(struct cryptodev_pkc *pkc)
851+{
852+ int ret = -EINVAL;
853+ struct kernel_crypt_kop *kop = &pkc->kop;
854+
855+ switch (kop->kop.crk_op) {
856+ case CRK_MOD_EXP:
857+ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
858+ goto err;
859+
860+ ret = crypto_bn_modexp(pkc);
861+ break;
862+ case CRK_MOD_EXP_CRT:
863+ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
864+ goto err;
865+
866+ ret = crypto_modexp_crt(pkc);
867+ break;
868+ case CRK_DSA_SIGN:
869+ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
870+ kop->kop.crk_oparams != 2)
871+ goto err;
872+
873+ ret = crypto_kop_dsasign(pkc);
874+ break;
875+ case CRK_DSA_VERIFY:
876+ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
877+ kop->kop.crk_oparams != 0)
878+ goto err;
879+
880+ ret = crypto_kop_dsaverify(pkc);
881+ break;
882+ case CRK_DH_COMPUTE_KEY:
883+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
884+ kop->kop.crk_oparams != 1)
885+ goto err;
886+ ret = crypto_kop_dh_key(pkc);
887+ break;
888+ }
889+err:
890+ return ret;
891+}
892+
893 int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
894 {
895 struct csession *ses_ptr;
896--
8971.8.3.1
898
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch
new file mode 100644
index 00000000..2eedcc72
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch
@@ -0,0 +1,200 @@
1From 5435dfd329cd90837ce36c6dadc26166c7906cab Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 06:52:13 +0545
4Subject: [PATCH 4/9] Compat versions of PKC IOCTLs
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptodev_int.h | 20 ++++++++++
11 ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 140 insertions(+)
13
14diff --git a/cryptodev_int.h b/cryptodev_int.h
15index fdbcc61..cf54dac 100644
16--- a/cryptodev_int.h
17+++ b/cryptodev_int.h
18@@ -75,6 +75,24 @@ struct compat_crypt_op {
19 compat_uptr_t iv;/* initialization vector for encryption operations */
20 };
21
22+/* input of CIOCKEY */
23+struct compat_crparam {
24+ compat_uptr_t crp_p;
25+ uint32_t crp_nbits;
26+};
27+
28+struct compat_crypt_kop {
29+ uint32_t crk_op; /* cryptodev_crk_ot_t */
30+ uint32_t crk_status;
31+ uint16_t crk_iparams;
32+ uint16_t crk_oparams;
33+ uint32_t crk_pad1;
34+ struct compat_crparam crk_param[CRK_MAXPARAM];
35+ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
36+ 2 = EC_BINARY */
37+ compat_uptr_t cookie;
38+};
39+
40 /* input of CIOCAUTHCRYPT */
41 struct compat_crypt_auth_op {
42 uint32_t ses; /* session identifier */
43@@ -111,6 +129,8 @@ struct compat_crypt_auth_op {
44 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
45 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
46 #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
47+#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
48+#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop)
49
50 #endif /* CONFIG_COMPAT */
51
52diff --git a/ioctl.c b/ioctl.c
53index 782d7fe..3baf3e6 100644
54--- a/ioctl.c
55+++ b/ioctl.c
56@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
57 /* compatibility code for 32bit userlands */
58 #ifdef CONFIG_COMPAT
59
60+static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
61+ struct crypt_kop *kop)
62+{
63+ int i;
64+ kop->crk_op = compat->crk_op;
65+ kop->crk_status = compat->crk_status;
66+ kop->crk_iparams = compat->crk_iparams;
67+ kop->crk_oparams = compat->crk_oparams;
68+
69+ for (i = 0; i < CRK_MAXPARAM; i++) {
70+ kop->crk_param[i].crp_p =
71+ compat_ptr(compat->crk_param[i].crp_p);
72+ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits;
73+ }
74+
75+ kop->curve_type = compat->curve_type;
76+ kop->cookie = compat->cookie;
77+}
78+
79+static int compat_kop_from_user(struct kernel_crypt_kop *kop,
80+ void __user *arg)
81+{
82+ struct compat_crypt_kop compat_kop;
83+
84+ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop))))
85+ return -EFAULT;
86+
87+ compat_to_crypt_kop(&compat_kop, &kop->kop);
88+ return fill_kop_from_cop(kop);
89+}
90+
91+static inline void crypt_kop_to_compat(struct crypt_kop *kop,
92+ struct compat_crypt_kop *compat)
93+{
94+ int i;
95+
96+ compat->crk_op = kop->crk_op;
97+ compat->crk_status = kop->crk_status;
98+ compat->crk_iparams = kop->crk_iparams;
99+ compat->crk_oparams = kop->crk_oparams;
100+
101+ for (i = 0; i < CRK_MAXPARAM; i++) {
102+ compat->crk_param[i].crp_p =
103+ ptr_to_compat(kop->crk_param[i].crp_p);
104+ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
105+ }
106+ compat->cookie = kop->cookie;
107+ compat->curve_type = kop->curve_type;
108+}
109+
110+static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
111+{
112+ struct compat_crypt_kop compat_kop;
113+
114+ crypt_kop_to_compat(&kop->kop, &compat_kop);
115+ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
116+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
117+ return -EFAULT;
118+ }
119+ return 0;
120+}
121+
122 static inline void
123 compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
124 {
125@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
126 return -EFAULT;
127 }
128 return ret;
129+ case COMPAT_CIOCKEY:
130+ {
131+ struct cryptodev_pkc *pkc =
132+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
133+
134+ if (!pkc)
135+ return -ENOMEM;
136+
137+ ret = compat_kop_from_user(&pkc->kop, arg);
138+
139+ if (unlikely(ret)) {
140+ kfree(pkc);
141+ return ret;
142+ }
143
144+ pkc->type = SYNCHRONOUS;
145+ ret = crypto_run_asym(pkc);
146+ kfree(pkc);
147+ }
148+ return ret;
149 case COMPAT_CIOCCRYPT:
150 ret = compat_kcop_from_user(&kcop, fcr, arg);
151 if (unlikely(ret))
152@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
153
154 return compat_kcop_to_user(&kcop, fcr, arg);
155 #endif
156+ case COMPAT_CIOCASYMASYNCRYPT:
157+ {
158+ struct cryptodev_pkc *pkc =
159+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
160+
161+ ret = compat_kop_from_user(&pkc->kop, arg);
162+ if (unlikely(ret))
163+ return -EINVAL;
164+
165+ /* Store associated FD priv data with asymmetric request */
166+ pkc->priv = pcr;
167+ pkc->type = ASYNCHRONOUS;
168+ ret = crypto_run_asym(pkc);
169+ if (ret == -EINPROGRESS)
170+ ret = 0;
171+ }
172+ return ret;
173+ case COMPAT_CIOCASYMASYNFETCH:
174+ {
175+ struct cryptodev_pkc *pkc;
176+ unsigned long flags;
177+
178+ spin_lock_irqsave(&pcr->completion_lock, flags);
179+ if (list_empty(&pcr->asym_completed_list)) {
180+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
181+ return -ENOMEM;
182+ }
183+ pkc = list_first_entry(&pcr->asym_completed_list,
184+ struct cryptodev_pkc, list);
185+ list_del(&pkc->list);
186+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
187+ ret = crypto_async_fetch_asym(pkc);
188+
189+ /* Reflect the updated request to user-space */
190+ if (!ret)
191+ compat_kop_to_user(&pkc->kop, arg);
192+ kfree(pkc);
193+ }
194+ return ret;
195 default:
196 return -EINVAL;
197 }
198--
1991.8.3.1
200
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch
new file mode 100644
index 00000000..2f88eda3
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch
@@ -0,0 +1,213 @@
1From ddc4179a454cea79c8385fd6756d20cbf3c6dcb5 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 07:24:00 +0545
4Subject: [PATCH 5/9] Asynchronous interface changes in cryptodev
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptlib.h | 7 ++++-
11 crypto/cryptodev.h | 10 ++++++-
12 cryptodev_int.h | 10 ++++++-
13 ioctl.c | 76 +++++++++++++++++++++++++++++++++++++-----------------
14 4 files changed, 76 insertions(+), 27 deletions(-)
15
16diff --git a/cryptlib.h b/cryptlib.h
17index 56d325a..7ffa54c 100644
18--- a/cryptlib.h
19+++ b/cryptlib.h
20@@ -113,7 +113,12 @@ struct cryptodev_pkc {
21 struct pkc_request req; /* PKC request structure allocated
22 from CryptoAPI */
23 enum offload_type type; /* Synchronous Vs Asynchronous request */
24- void *cookie; /*Additional opaque cookie to be used in future */
25+ /*
26+ * cookie used for transfering tranparent information from async
27+ * submission to async fetch. Currently some dynamic allocated
28+ * buffers are maintained which will be freed later during fetch
29+ */
30+ void *cookie;
31 struct crypt_priv *priv;
32 };
33
34diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
35index 96675fe..4436fbf 100644
36--- a/crypto/cryptodev.h
37+++ b/crypto/cryptodev.h
38@@ -254,6 +254,14 @@ struct crypt_kop {
39 void *cookie;
40 };
41
42+#define MAX_COOKIES 4
43+
44+struct pkc_cookie_list_s {
45+ int cookie_available;
46+ void *cookie[MAX_COOKIES];
47+ int status[MAX_COOKIES];
48+};
49+
50 enum cryptodev_crk_op_t {
51 CRK_MOD_EXP = 0,
52 CRK_MOD_EXP_CRT = 1,
53@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t {
54 #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
55 /* additional ioctls for asynchronous operation for asymmetric ciphers*/
56 #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
57-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop)
58+#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s)
59 #endif /* L_CRYPTODEV_H */
60diff --git a/cryptodev_int.h b/cryptodev_int.h
61index cf54dac..5347cae 100644
62--- a/cryptodev_int.h
63+++ b/cryptodev_int.h
64@@ -93,6 +93,12 @@ struct compat_crypt_kop {
65 compat_uptr_t cookie;
66 };
67
68+struct compat_pkc_cookie_list_s {
69+ int cookie_available;
70+ compat_uptr_t cookie[MAX_COOKIES];
71+ int status[MAX_COOKIES];
72+};
73+
74 /* input of CIOCAUTHCRYPT */
75 struct compat_crypt_auth_op {
76 uint32_t ses; /* session identifier */
77@@ -126,11 +132,13 @@ struct compat_crypt_auth_op {
78 /* compat ioctls, defined for the above structs */
79 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
80 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
81+#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop)
82 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
83 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
84 #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
85 #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
86-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop)
87+#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \
88+ struct compat_pkc_cookie_list_s)
89
90 #endif /* CONFIG_COMPAT */
91
92diff --git a/ioctl.c b/ioctl.c
93index 3baf3e6..2eb7f03 100644
94--- a/ioctl.c
95+++ b/ioctl.c
96@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
97 crypto_free_pkc(pkc->s);
98 res->err = err;
99 if (pkc->type == SYNCHRONOUS) {
100- if (err == -EINPROGRESS)
101- return;
102 complete(&res->completion);
103 } else {
104 struct crypt_priv *pcr = pkc->priv;
105@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
106 ret = 0;
107 }
108 return ret;
109- case CIOCASYMASYNFETCH:
110+ case CIOCASYMFETCHCOOKIE:
111 {
112 struct cryptodev_pkc *pkc;
113 unsigned long flags;
114+ int i;
115+ struct pkc_cookie_list_s cookie_list;
116
117 spin_lock_irqsave(&pcr->completion_lock, flags);
118- if (list_empty(&pcr->asym_completed_list)) {
119- spin_unlock_irqrestore(&pcr->completion_lock, flags);
120- return -ENOMEM;
121+ cookie_list.cookie_available = 0;
122+ for (i = 0; i < MAX_COOKIES; i++) {
123+ if (!list_empty(&pcr->asym_completed_list)) {
124+ /* Run a loop in the list for upto elements
125+ and copy their response back */
126+ pkc =
127+ list_first_entry(&pcr->asym_completed_list,
128+ struct cryptodev_pkc, list);
129+ list_del(&pkc->list);
130+ ret = crypto_async_fetch_asym(pkc);
131+ if (!ret) {
132+ cookie_list.cookie_available++;
133+ cookie_list.cookie[i] =
134+ pkc->kop.kop.cookie;
135+ cookie_list.status[i] = pkc->result.err;
136+ }
137+ kfree(pkc);
138+ } else {
139+ break;
140+ }
141 }
142- pkc = list_first_entry(&pcr->asym_completed_list,
143- struct cryptodev_pkc, list);
144- list_del(&pkc->list);
145 spin_unlock_irqrestore(&pcr->completion_lock, flags);
146- ret = crypto_async_fetch_asym(pkc);
147
148 /* Reflect the updated request to user-space */
149- if (!ret)
150- kop_to_user(&pkc->kop, arg);
151- kfree(pkc);
152+ if (cookie_list.cookie_available)
153+ copy_to_user(arg, &cookie_list,
154+ sizeof(struct pkc_cookie_list_s));
155 }
156 return ret;
157 default:
158@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
159 ret = 0;
160 }
161 return ret;
162- case COMPAT_CIOCASYMASYNFETCH:
163+ case COMPAT_CIOCASYMFETCHCOOKIE:
164 {
165 struct cryptodev_pkc *pkc;
166 unsigned long flags;
167+ int i = 0;
168+ struct compat_pkc_cookie_list_s cookie_list;
169
170 spin_lock_irqsave(&pcr->completion_lock, flags);
171- if (list_empty(&pcr->asym_completed_list)) {
172- spin_unlock_irqrestore(&pcr->completion_lock, flags);
173- return -ENOMEM;
174+ cookie_list.cookie_available = 0;
175+
176+ for (i = 0; i < MAX_COOKIES; i++) {
177+ if (!list_empty(&pcr->asym_completed_list)) {
178+ /* Run a loop in the list for upto elements
179+ and copy their response back */
180+ pkc =
181+ list_first_entry(&pcr->asym_completed_list,
182+ struct cryptodev_pkc, list);
183+ list_del(&pkc->list);
184+ ret = crypto_async_fetch_asym(pkc);
185+ if (!ret) {
186+ cookie_list.cookie_available++;
187+ cookie_list.cookie[i] =
188+ pkc->kop.kop.cookie;
189+ }
190+ kfree(pkc);
191+ } else {
192+ break;
193+ }
194 }
195- pkc = list_first_entry(&pcr->asym_completed_list,
196- struct cryptodev_pkc, list);
197- list_del(&pkc->list);
198 spin_unlock_irqrestore(&pcr->completion_lock, flags);
199- ret = crypto_async_fetch_asym(pkc);
200
201 /* Reflect the updated request to user-space */
202- if (!ret)
203- compat_kop_to_user(&pkc->kop, arg);
204- kfree(pkc);
205+ if (cookie_list.cookie_available)
206+ copy_to_user(arg, &cookie_list,
207+ sizeof(struct compat_pkc_cookie_list_s));
208 }
209 return ret;
210 default:
211--
2121.8.3.1
213
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
new file mode 100644
index 00000000..e70a057b
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
@@ -0,0 +1,212 @@
1From 30fc86a09109f169815befc2cd8bbfcae79fe7e0 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 07:53:53 +0545
4Subject: [PATCH 6/9] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptlib.c | 2 ++
11 crypto/cryptodev.h | 5 +++-
12 ioctl.c | 29 +++++++++++++++++--
13 main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
14 4 files changed, 118 insertions(+), 3 deletions(-)
15
16diff --git a/cryptlib.c b/cryptlib.c
17index 6900028..47cd568 100644
18--- a/cryptlib.c
19+++ b/cryptlib.c
20@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
21 case DSA_VERIFY:
22 case ECDSA_SIGN:
23 case ECDSA_VERIFY:
24+ case DLC_KEYGEN:
25+ case ECC_KEYGEN:
26 pkc->s = crypto_alloc_pkc("pkc(dsa)",
27 CRYPTO_ALG_TYPE_PKC_DSA, 0);
28 break;
29diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
30index 4436fbf..275a55c 100644
31--- a/crypto/cryptodev.h
32+++ b/crypto/cryptodev.h
33@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t {
34 CRK_DSA_SIGN = 2,
35 CRK_DSA_VERIFY = 3,
36 CRK_DH_COMPUTE_KEY = 4,
37+ CRK_DSA_GENERATE_KEY = 5,
38+ CRK_DH_GENERATE_KEY = 6,
39 CRK_ALGORITHM_ALL
40 };
41
42@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t {
43 #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
44 #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
45 #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
46-
47+#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY)
48+#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY)
49
50 /* ioctl's. Compatible with old linux cryptodev.h
51 */
52diff --git a/ioctl.c b/ioctl.c
53index 2eb7f03..c813c8c 100644
54--- a/ioctl.c
55+++ b/ioctl.c
56@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
57 dh_req->z, dh_req->z_len);
58 }
59 break;
60+ case CRK_DSA_GENERATE_KEY:
61+ case CRK_DH_GENERATE_KEY:
62+ {
63+ struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
64+
65+ if (pkc_req->type == ECC_KEYGEN) {
66+ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
67+ key_req->pub_key_len);
68+ copy_to_user(ckop->crk_param[5].crp_p,
69+ key_req->priv_key, key_req->priv_key_len);
70+ } else {
71+ copy_to_user(ckop->crk_param[3].crp_p,
72+ key_req->pub_key, key_req->pub_key_len);
73+ copy_to_user(ckop->crk_param[4].crp_p,
74+ key_req->priv_key, key_req->priv_key_len);
75+ }
76+ }
77 default:
78 ret = -EINVAL;
79 }
80@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
81
82 switch (cmd) {
83 case CIOCASYMFEAT:
84- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP |
85- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
86+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
87+ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
88+ CRF_DSA_GENERATE_KEY, p);
89 case CRIOGET:
90 fd = clonefd(filp);
91 ret = put_user(fd, p);
92@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
93 if (cookie_list.cookie_available)
94 copy_to_user(arg, &cookie_list,
95 sizeof(struct pkc_cookie_list_s));
96+ else {
97+ struct pkc_cookie_list_s *user_ck_list = (void *)arg;
98+
99+ put_user(0, &(user_ck_list->cookie_available));
100+ }
101+ ret = cookie_list.cookie_available;
102 }
103+
104 return ret;
105 default:
106 return -EINVAL;
107diff --git a/main.c b/main.c
108index 0b7951e..c901bc7 100644
109--- a/main.c
110+++ b/main.c
111@@ -342,6 +342,85 @@ err:
112 return rc;
113 }
114
115+int crypto_kop_keygen(struct cryptodev_pkc *pkc)
116+{
117+ struct kernel_crypt_kop *kop = &pkc->kop;
118+ struct crypt_kop *cop = &kop->kop;
119+ struct pkc_request *pkc_req;
120+ struct keygen_req_s *key_req;
121+ int rc, buf_size;
122+ uint8_t *buf;
123+
124+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
125+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
126+ !cop->crk_param[4].crp_nbits)
127+ return -EINVAL;
128+
129+ pkc_req = &pkc->req;
130+ key_req = &pkc_req->req_u.keygen;
131+ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
132+ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
133+ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
134+ if (cop->crk_iparams == 3) {
135+ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8;
136+ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
137+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
138+ key_req->pub_key_len + key_req->priv_key_len;
139+ pkc_req->type = DLC_KEYGEN;
140+ } else {
141+ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
142+ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
143+ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8;
144+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
145+ key_req->pub_key_len + key_req->priv_key_len +
146+ key_req->ab_len;
147+ pkc_req->type = ECC_KEYGEN;
148+ pkc_req->curve_type = cop->curve_type;
149+ }
150+
151+ buf = kzalloc(buf_size, GFP_DMA);
152+ if (!buf)
153+ return -ENOMEM;
154+
155+ key_req->q = buf;
156+ key_req->r = key_req->q + key_req->q_len;
157+ key_req->g = key_req->r + key_req->r_len;
158+ key_req->pub_key = key_req->g + key_req->g_len;
159+ key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
160+ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
161+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
162+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
163+ if (cop->crk_iparams == 3) {
164+ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
165+ key_req->pub_key_len);
166+ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
167+ key_req->priv_key_len);
168+ } else {
169+ key_req->ab = key_req->priv_key + key_req->priv_key_len;
170+ copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
171+ key_req->ab_len);
172+ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
173+ key_req->pub_key_len);
174+ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
175+ key_req->priv_key_len);
176+ }
177+
178+ rc = cryptodev_pkc_offload(pkc);
179+ if (pkc->type == SYNCHRONOUS) {
180+ if (rc)
181+ goto err;
182+ } else {
183+ if (rc != -EINPROGRESS && !rc)
184+ goto err;
185+
186+ pkc->cookie = buf;
187+ return rc;
188+ }
189+err:
190+ kfree(buf);
191+ return rc;
192+}
193+
194 int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
195 {
196 struct kernel_crypt_kop *kop = &pkc->kop;
197@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
198 goto err;
199 ret = crypto_kop_dh_key(pkc);
200 break;
201+ case CRK_DH_GENERATE_KEY:
202+ case CRK_DSA_GENERATE_KEY:
203+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
204+ goto err;
205+ ret = crypto_kop_keygen(pkc);
206+ break;
207 }
208 err:
209 return ret;
210--
2111.8.3.1
212
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
new file mode 100644
index 00000000..93a2248c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
@@ -0,0 +1,238 @@
1From d60b9dbf53d63092fd292c00bb03c250c26703cf Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 08:49:15 +0545
4Subject: [PATCH 7/9] RCU stall fixed in PKC asynchronous interface
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 ioctl.c | 23 +++++++++++------------
11 main.c | 43 +++++++++++++++++++++++++++----------------
12 2 files changed, 38 insertions(+), 28 deletions(-)
13
14diff --git a/ioctl.c b/ioctl.c
15index c813c8c..7e4c671 100644
16--- a/ioctl.c
17+++ b/ioctl.c
18@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
19 complete(&res->completion);
20 } else {
21 struct crypt_priv *pcr = pkc->priv;
22- unsigned long flags;
23- spin_lock_irqsave(&pcr->completion_lock, flags);
24+ spin_lock_bh(&pcr->completion_lock);
25 list_add_tail(&pkc->list, &pcr->asym_completed_list);
26- spin_unlock_irqrestore(&pcr->completion_lock, flags);
27+ spin_unlock_bh(&pcr->completion_lock);
28 /* wake for POLLIN */
29 wake_up_interruptible(&pcr->user_waiter);
30 }
31@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
32 case CIOCASYMFEAT:
33 return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
34 CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
35- CRF_DSA_GENERATE_KEY, p);
36+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
37 case CRIOGET:
38 fd = clonefd(filp);
39 ret = put_user(fd, p);
40@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
41 case CIOCKEY:
42 {
43 struct cryptodev_pkc *pkc =
44- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
45+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
46
47 if (!pkc)
48 return -ENOMEM;
49@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
50 case CIOCASYMASYNCRYPT:
51 {
52 struct cryptodev_pkc *pkc =
53- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
54+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
55 ret = kop_from_user(&pkc->kop, arg);
56
57 if (unlikely(ret))
58@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
59 case CIOCASYMFETCHCOOKIE:
60 {
61 struct cryptodev_pkc *pkc;
62- unsigned long flags;
63 int i;
64 struct pkc_cookie_list_s cookie_list;
65
66- spin_lock_irqsave(&pcr->completion_lock, flags);
67 cookie_list.cookie_available = 0;
68 for (i = 0; i < MAX_COOKIES; i++) {
69+ spin_lock_bh(&pcr->completion_lock);
70 if (!list_empty(&pcr->asym_completed_list)) {
71 /* Run a loop in the list for upto elements
72 and copy their response back */
73@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
74 list_first_entry(&pcr->asym_completed_list,
75 struct cryptodev_pkc, list);
76 list_del(&pkc->list);
77+ spin_unlock_bh(&pcr->completion_lock);
78 ret = crypto_async_fetch_asym(pkc);
79 if (!ret) {
80 cookie_list.cookie_available++;
81@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
82 }
83 kfree(pkc);
84 } else {
85+ spin_unlock_bh(&pcr->completion_lock);
86 break;
87 }
88 }
89- spin_unlock_irqrestore(&pcr->completion_lock, flags);
90
91 /* Reflect the updated request to user-space */
92 if (cookie_list.cookie_available)
93@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
94 case COMPAT_CIOCASYMFETCHCOOKIE:
95 {
96 struct cryptodev_pkc *pkc;
97- unsigned long flags;
98 int i = 0;
99 struct compat_pkc_cookie_list_s cookie_list;
100
101- spin_lock_irqsave(&pcr->completion_lock, flags);
102 cookie_list.cookie_available = 0;
103
104 for (i = 0; i < MAX_COOKIES; i++) {
105+ spin_lock_bh(&pcr->completion_lock);
106 if (!list_empty(&pcr->asym_completed_list)) {
107 /* Run a loop in the list for upto elements
108 and copy their response back */
109@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
110 list_first_entry(&pcr->asym_completed_list,
111 struct cryptodev_pkc, list);
112 list_del(&pkc->list);
113+ spin_unlock_bh(&pcr->completion_lock);
114 ret = crypto_async_fetch_asym(pkc);
115 if (!ret) {
116 cookie_list.cookie_available++;
117@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
118 }
119 kfree(pkc);
120 } else {
121+ spin_unlock_bh(&pcr->completion_lock);
122 break;
123 }
124 }
125- spin_unlock_irqrestore(&pcr->completion_lock, flags);
126
127 /* Reflect the updated request to user-space */
128 if (cookie_list.cookie_available)
129diff --git a/main.c b/main.c
130index c901bc7..2747706 100644
131--- a/main.c
132+++ b/main.c
133@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
134 pkc_req->type = DSA_SIGN;
135 }
136
137- buf = kzalloc(buf_size, GFP_DMA);
138+ buf = kmalloc(buf_size, GFP_DMA);
139+ if (!buf)
140+ return -ENOMEM;
141
142 dsa_req->q = buf;
143 dsa_req->r = dsa_req->q + dsa_req->q_len;
144@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
145 pkc_req->type = DSA_VERIFY;
146 }
147
148- buf = kzalloc(buf_size, GFP_DMA);
149+ buf = kmalloc(buf_size, GFP_DMA);
150+ if (!buf)
151+ return -ENOMEM;
152
153 dsa_req->q = buf;
154 dsa_req->r = dsa_req->q + dsa_req->q_len;
155@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
156 pkc_req->curve_type = cop->curve_type;
157 }
158
159- buf = kzalloc(buf_size, GFP_DMA);
160+ buf = kmalloc(buf_size, GFP_DMA);
161 if (!buf)
162 return -ENOMEM;
163
164@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
165 copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
166 copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
167 copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
168- if (cop->crk_iparams == 3) {
169- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
170- key_req->pub_key_len);
171- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
172- key_req->priv_key_len);
173- } else {
174+ if (cop->crk_iparams == 4) {
175 key_req->ab = key_req->priv_key + key_req->priv_key_len;
176 copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
177 key_req->ab_len);
178- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
179- key_req->pub_key_len);
180- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
181- key_req->priv_key_len);
182 }
183
184 rc = cryptodev_pkc_offload(pkc);
185 if (pkc->type == SYNCHRONOUS) {
186 if (rc)
187 goto err;
188+
189+ if (cop->crk_iparams == 4) {
190+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
191+ key_req->pub_key_len);
192+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
193+ key_req->priv_key_len);
194+ } else {
195+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
196+ key_req->pub_key_len);
197+ copy_to_user(cop->crk_param[4].crp_p,
198+ key_req->priv_key, key_req->priv_key_len);
199+ }
200 } else {
201 if (rc != -EINPROGRESS && !rc)
202 goto err;
203@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
204 pkc_req->type = DH_COMPUTE_KEY;
205 }
206 buf_size += dh_req->z_len;
207- buf = kzalloc(buf_size, GFP_DMA);
208+ buf = kmalloc(buf_size, GFP_DMA);
209+ if (!buf)
210+ return -ENOMEM;
211 dh_req->q = buf;
212 dh_req->s = dh_req->q + dh_req->q_len;
213 dh_req->pub_key = dh_req->s + dh_req->s_len;
214@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
215 rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
216 rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
217 rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
218- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
219+ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
220 rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
221 rsa_req->g_len, GFP_DMA);
222+ if (!buf)
223+ return -ENOMEM;
224 rsa_req->p = buf;
225 rsa_req->q = rsa_req->p + rsa_req->p_len;
226 rsa_req->g = rsa_req->q + rsa_req->q_len;
227@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
228 rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
229 rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
230 rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
231- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
232+ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
233 + rsa_req->g_len, GFP_DMA);
234 if (!buf)
235 return -ENOMEM;
236--
2371.8.3.1
238
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch
new file mode 100644
index 00000000..affb2e72
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch
@@ -0,0 +1,170 @@
1From af5e4289f60c38ab17adab14c82d6204d155f25f Mon Sep 17 00:00:00 2001
2From: Hou Zhiqiang <B48286@freescale.com>
3Date: Wed, 19 Mar 2014 14:02:46 +0800
4Subject: [PATCH 8/9] Add RSA Key generation offloading
5
6Upstream-status: Pending
7
8Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
9Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 cryptlib.c | 1 +
12 crypto/cryptodev.h | 2 ++
13 ioctl.c | 3 +-
14 main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
15 4 files changed, 84 insertions(+), 2 deletions(-)
16
17diff --git a/cryptlib.c b/cryptlib.c
18index 47cd568..4dd1847 100644
19--- a/cryptlib.c
20+++ b/cryptlib.c
21@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
22 struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
23
24 switch (pkc_req->type) {
25+ case RSA_KEYGEN:
26 case RSA_PUB:
27 case RSA_PRIV_FORM1:
28 case RSA_PRIV_FORM2:
29diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
30index 275a55c..d0cc542 100644
31--- a/crypto/cryptodev.h
32+++ b/crypto/cryptodev.h
33@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t {
34 CRK_DH_COMPUTE_KEY = 4,
35 CRK_DSA_GENERATE_KEY = 5,
36 CRK_DH_GENERATE_KEY = 6,
37+ CRK_RSA_GENERATE_KEY = 7,
38 CRK_ALGORITHM_ALL
39 };
40
41@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t {
42 */
43 #define CRF_MOD_EXP (1 << CRK_MOD_EXP)
44 #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
45+#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY)
46 #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
47 #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
48 #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
49diff --git a/ioctl.c b/ioctl.c
50index 7e4c671..14888d6 100644
51--- a/ioctl.c
52+++ b/ioctl.c
53@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
54 case CIOCASYMFEAT:
55 return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
56 CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
57- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
58+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
59+ CRF_RSA_GENERATE_KEY, p);
60 case CRIOGET:
61 fd = clonefd(filp);
62 ret = put_user(fd, p);
63diff --git a/main.c b/main.c
64index 2747706..14dcf40 100644
65--- a/main.c
66+++ b/main.c
67@@ -346,6 +346,82 @@ err:
68 return rc;
69 }
70
71+int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
72+{
73+ struct kernel_crypt_kop *kop = &pkc->kop;
74+ struct crypt_kop *cop = &kop->kop;
75+ struct pkc_request *pkc_req;
76+ struct rsa_keygen_req_s *key_req;
77+ int rc, buf_size;
78+ uint8_t *buf;
79+
80+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
81+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
82+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
83+ !cop->crk_param[6].crp_nbits)
84+ return -EINVAL;
85+
86+ pkc_req = &pkc->req;
87+ pkc_req->type = RSA_KEYGEN;
88+ key_req = &pkc_req->req_u.rsa_keygen;
89+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
90+ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
91+ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
92+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8;
93+ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8;
94+ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8;
95+ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8;
96+ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8;
97+
98+ buf_size = key_req->p_len + key_req->q_len + key_req->n_len +
99+ key_req->d_len + key_req->dp_len +
100+ key_req->dq_len + key_req->c_len;
101+
102+ buf = kmalloc(buf_size, GFP_DMA);
103+ if (!buf)
104+ return -ENOMEM;
105+ key_req->p = buf;
106+ key_req->q = key_req->p + key_req->p_len;
107+ key_req->n = key_req->q + key_req->q_len;
108+ key_req->d = key_req->n + key_req->n_len;
109+ key_req->dp = key_req->d + key_req->d_len;
110+ key_req->dq = key_req->dp + key_req->dp_len;
111+ key_req->c = key_req->dq + key_req->dq_len;
112+
113+ rc = cryptodev_pkc_offload(pkc);
114+
115+ if (pkc->type == SYNCHRONOUS) {
116+ if (rc)
117+ goto err;
118+
119+ copy_to_user(cop->crk_param[0].crp_p,
120+ key_req->p, key_req->p_len);
121+ copy_to_user(cop->crk_param[1].crp_p,
122+ key_req->q, key_req->q_len);
123+ copy_to_user(cop->crk_param[2].crp_p,
124+ key_req->n, key_req->n_len);
125+ copy_to_user(cop->crk_param[3].crp_p,
126+ key_req->d, key_req->d_len);
127+ copy_to_user(cop->crk_param[4].crp_p,
128+ key_req->dp, key_req->dp_len);
129+ copy_to_user(cop->crk_param[5].crp_p,
130+ key_req->dq, key_req->dq_len);
131+ copy_to_user(cop->crk_param[6].crp_p,
132+ key_req->c, key_req->c_len);
133+ } else {
134+ if (rc != -EINPROGRESS && !rc) {
135+ printk("%s: Failed\n", __func__);
136+ goto err;
137+ }
138+ pkc->cookie = buf;
139+ return rc;
140+ }
141+err:
142+ kfree(buf);
143+ return rc;
144+
145+}
146+
147 int crypto_kop_keygen(struct cryptodev_pkc *pkc)
148 {
149 struct kernel_crypt_kop *kop = &pkc->kop;
150@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
151 buf = kmalloc(buf_size, GFP_DMA);
152 if (!buf)
153 return -ENOMEM;
154-
155 key_req->q = buf;
156 key_req->r = key_req->q + key_req->q_len;
157 key_req->g = key_req->r + key_req->r_len;
158@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
159 goto err;
160 ret = crypto_kop_keygen(pkc);
161 break;
162+ case CRK_RSA_GENERATE_KEY:
163+ ret = crypto_kop_rsa_keygen(pkc);
164+ break;
165 }
166 err:
167 return ret;
168--
1691.8.3.1
170
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
new file mode 100644
index 00000000..32757ca9
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
@@ -0,0 +1,160 @@
1From e791b55b03d295ee11476382a7bd93ab131e2e52 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 17 Apr 2014 07:08:47 +0545
4Subject: [PATCH 9/9] Fixed compilation error of openssl with fsl cryptodev
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 authenc.c | 1 +
12 cryptlib.c | 9 ++++-----
13 crypto/cryptodev.h | 9 ++++++++-
14 cryptodev_int.h | 2 +-
15 ioctl.c | 8 ++++++--
16 main.c | 1 +
17 6 files changed, 21 insertions(+), 9 deletions(-)
18
19diff --git a/authenc.c b/authenc.c
20index ef0d3db..2aa4d38 100644
21--- a/authenc.c
22+++ b/authenc.c
23@@ -2,6 +2,7 @@
24 * Driver for /dev/crypto device (aka CryptoDev)
25 *
26 * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc.
27+ * Copyright (c) 2014 Freescale Semiconductor, Inc.
28 *
29 * Author: Nikos Mavrogiannopoulos
30 *
31diff --git a/cryptlib.c b/cryptlib.c
32index 4dd1847..ec6693e 100644
33--- a/cryptlib.c
34+++ b/cryptlib.c
35@@ -4,8 +4,7 @@
36 * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
37 * Portions Copyright (c) 2010 Michael Weiser
38 * Portions Copyright (c) 2010 Phil Sutter
39- *
40- * Copyright 2012 Freescale Semiconductor, Inc.
41+ * Copyright 2012-2014 Freescale Semiconductor, Inc.
42 *
43 * This file is part of linux cryptodev.
44 *
45@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
46 if (alg->max_keysize > 0 &&
47 unlikely((keylen < alg->min_keysize) ||
48 (keylen > alg->max_keysize))) {
49- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
50+ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
51 keylen, alg_name, alg->min_keysize, alg->max_keysize);
52 ret = -EINVAL;
53 goto error;
54@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
55 }
56
57 if (unlikely(ret)) {
58- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
59+ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
60 ret = -EINVAL;
61 goto error;
62 }
63@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
64 if (hmac_mode != 0) {
65 ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
66 if (unlikely(ret)) {
67- ddebug(1, "Setting hmac key failed for %s-%zu.",
68+ ddebug(1, "Setting hmac key failed for %s-%u.",
69 alg_name, mackeylen*8);
70 ret = -EINVAL;
71 goto error;
72diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
73index d0cc542..e7edd97 100644
74--- a/crypto/cryptodev.h
75+++ b/crypto/cryptodev.h
76@@ -234,6 +234,13 @@ struct crypt_auth_op {
77 #define CRYPTO_ALG_FLAG_RNG_ENABLE 2
78 #define CRYPTO_ALG_FLAG_DSA_SHA 4
79
80+enum ec_curve_t {
81+ EC_DISCRETE_LOG,
82+ EC_PRIME,
83+ EC_BINARY,
84+ MAX_EC_TYPE
85+};
86+
87 struct crparam {
88 __u8 *crp_p;
89 __u32 crp_nbits;
90@@ -249,7 +256,7 @@ struct crypt_kop {
91 __u16 crk_oparams;
92 __u32 crk_pad1;
93 struct crparam crk_param[CRK_MAXPARAM];
94- enum curve_t curve_type; /* 0 == Discrete Log,
95+ enum ec_curve_t curve_type; /* 0 == Discrete Log,
96 1 = EC_PRIME, 2 = EC_BINARY */
97 void *cookie;
98 };
99diff --git a/cryptodev_int.h b/cryptodev_int.h
100index 5347cae..c83c885 100644
101--- a/cryptodev_int.h
102+++ b/cryptodev_int.h
103@@ -88,7 +88,7 @@ struct compat_crypt_kop {
104 uint16_t crk_oparams;
105 uint32_t crk_pad1;
106 struct compat_crparam crk_param[CRK_MAXPARAM];
107- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
108+ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
109 2 = EC_BINARY */
110 compat_uptr_t cookie;
111 };
112diff --git a/ioctl.c b/ioctl.c
113index 14888d6..20ab4ca 100644
114--- a/ioctl.c
115+++ b/ioctl.c
116@@ -4,7 +4,7 @@
117 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
118 * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
119 * Copyright (c) 2010 Phil Sutter
120- * Copyright 2012 Freescale Semiconductor, Inc.
121+ * Copyright 2012-2014 Freescale Semiconductor, Inc.
122 *
123 * This file is part of linux cryptodev.
124 *
125@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp)
126 INIT_LIST_HEAD(&pcr->done.list);
127 INIT_LIST_HEAD(&pcr->asym_completed_list);
128 spin_lock_init(&pcr->completion_lock);
129+
130 INIT_WORK(&pcr->cryptask, cryptask_routine);
131
132 init_waitqueue_head(&pcr->user_waiter);
133@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
134
135 if (cop->iv) {
136 rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
137- if (unlikely(rc))
138+ if (unlikely(rc)) {
139+ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
140+ kcop->ivlen, rc, cop->iv);
141 return -EFAULT;
142+ }
143 }
144
145 return 0;
146diff --git a/main.c b/main.c
147index 14dcf40..6365911 100644
148--- a/main.c
149+++ b/main.c
150@@ -3,6 +3,7 @@
151 *
152 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
153 * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org>
154+ * Copyright (c) 2014 Freescale Semiconductor, Inc.
155 *
156 * This file is part of linux cryptodev.
157 *
158--
1592.2.0
160
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend
new file mode 100644
index 00000000..3cbbb3dd
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend
@@ -0,0 +1,2 @@
1require recipes-kernel/cryptodev/cryptodev-fsl.inc
2
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend
new file mode 100644
index 00000000..2bf012c1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend
@@ -0,0 +1,12 @@
1require recipes-kernel/cryptodev/cryptodev-fsl.inc
2
3inherit qoriq_build_64bit_kernel
4
5do_install_append_qoriq-ppc () {
6 rm -fr ${D}/usr
7}
8
9# Currently pkc-host does not support RSA_KEYGEN, remove this
10# if it is fixed.
11SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
12
diff --git a/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb
new file mode 100644
index 00000000..e5dc1151
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-multi_git.bb
@@ -0,0 +1,11 @@
1require ipc-modules.inc
2
3EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1 CONFIG_MULTI_RAT=1"
4
5do_install(){
6 install -d ${D}/usr/driver/IPC/multi_rat
7 install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/multi_rat
8}
9
10FILES_${PN} += "/usr/driver/IPC/multi_rat/*.ko"
11FILES_${PN}-dbg += "/usr/driver/IPC/multi_rat/.debug"
diff --git a/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb
new file mode 100644
index 00000000..03817e0e
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules-single_git.bb
@@ -0,0 +1,11 @@
1require ipc-modules.inc
2
3EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1"
4
5do_install(){
6 install -d ${D}/usr/driver/IPC/single_rat
7 install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/single_rat
8}
9
10FILES_${PN} += "/usr/driver/IPC/single_rat/*.ko"
11FILES_${PN}-dbg += "/usr/driver/IPC/single_rat/.debug"
diff --git a/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc
new file mode 100644
index 00000000..79ba7ef1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/ipc/ipc-modules.inc
@@ -0,0 +1,26 @@
1SUMMARY = "Linux IPC KERNEL MODULE "
2DESCRIPTION = "DSP boot application and ipc test application"
3LICENSE = "BSD"
4LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10"
5
6require recipes-bsp/ipc/ipc.inc
7
8inherit module qoriq_build_64bit_kernel
9
10S = "${WORKDIR}/git"
11
12do_configure[depends] += "virtual/kernel:do_shared_workdir"
13do_configure_prepend() {
14 sed -i 's,$(KERNEL_DIR)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/kernel/Makefile
15}
16
17do_compile_prepend () {
18 cd ${S}/kernel
19 case ${MACHINE} in
20 bsc9132qds|bsc9131rdb) SOC=B913x;;
21 b4860qds|b4420qds) SOC=B4860;;
22 esac
23}
24
25INHIBIT_PACKAGE_STRIP = "1"
26
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch
new file mode 100644
index 00000000..01307688
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4652.patch
@@ -0,0 +1,140 @@
1From ed81e6b21790b717cda5f5bab2bdb07d2ce17ab1 Mon Sep 17 00:00:00 2001
2From: Lars-Peter Clausen <lars@metafoo.de>
3Date: Wed, 18 Jun 2014 13:32:31 +0200
4Subject: [PATCH] ALSA: control: Protect user controls against concurrent
5 access
6
7commit 07f4d9d74a04aa7c72c5dae0ef97565f28f17b92 upstream.
8
9The user-control put and get handlers as well as the tlv do not protect against
10concurrent access from multiple threads. Since the state of the control is not
11updated atomically it is possible that either two write operations or a write
12and a read operation race against each other. Both can lead to arbitrary memory
13disclosure. This patch introduces a new lock that protects user-controls from
14concurrent access. Since applications typically access controls sequentially
15than in parallel a single lock per card should be fine.
16
17This fixes CVE-2014-4652
18Upstream-Status: Backport
19
20Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
21Acked-by: Jaroslav Kysela <perex@perex.cz>
22Signed-off-by: Takashi Iwai <tiwai@suse.de>
23Signed-off-by: Jiri Slaby <jslaby@suse.cz>
24Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
25---
26 include/sound/core.h | 2 ++
27 sound/core/control.c | 31 +++++++++++++++++++++++++------
28 sound/core/init.c | 1 +
29 3 files changed, 28 insertions(+), 6 deletions(-)
30
31diff --git a/include/sound/core.h b/include/sound/core.h
32index 2a14f1f..d6bc961 100644
33--- a/include/sound/core.h
34+++ b/include/sound/core.h
35@@ -121,6 +121,8 @@ struct snd_card {
36 int user_ctl_count; /* count of all user controls */
37 struct list_head controls; /* all controls for this card */
38 struct list_head ctl_files; /* active control files */
39+ struct mutex user_ctl_lock; /* protects user controls against
40+ concurrent access */
41
42 struct snd_info_entry *proc_root; /* root for soundcard specific files */
43 struct snd_info_entry *proc_id; /* the card id */
44diff --git a/sound/core/control.c b/sound/core/control.c
45index d8aa206..183fab2 100644
46--- a/sound/core/control.c
47+++ b/sound/core/control.c
48@@ -992,6 +992,7 @@ static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
49
50 struct user_element {
51 struct snd_ctl_elem_info info;
52+ struct snd_card *card;
53 void *elem_data; /* element data */
54 unsigned long elem_data_size; /* size of element data in bytes */
55 void *tlv_data; /* TLV data */
56@@ -1035,7 +1036,9 @@ static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
57 {
58 struct user_element *ue = kcontrol->private_data;
59
60+ mutex_lock(&ue->card->user_ctl_lock);
61 memcpy(&ucontrol->value, ue->elem_data, ue->elem_data_size);
62+ mutex_unlock(&ue->card->user_ctl_lock);
63 return 0;
64 }
65
66@@ -1044,10 +1047,12 @@ static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
67 {
68 int change;
69 struct user_element *ue = kcontrol->private_data;
70-
71+
72+ mutex_lock(&ue->card->user_ctl_lock);
73 change = memcmp(&ucontrol->value, ue->elem_data, ue->elem_data_size) != 0;
74 if (change)
75 memcpy(ue->elem_data, &ucontrol->value, ue->elem_data_size);
76+ mutex_unlock(&ue->card->user_ctl_lock);
77 return change;
78 }
79
80@@ -1067,19 +1072,32 @@ static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol,
81 new_data = memdup_user(tlv, size);
82 if (IS_ERR(new_data))
83 return PTR_ERR(new_data);
84+ mutex_lock(&ue->card->user_ctl_lock);
85 change = ue->tlv_data_size != size;
86 if (!change)
87 change = memcmp(ue->tlv_data, new_data, size);
88 kfree(ue->tlv_data);
89 ue->tlv_data = new_data;
90 ue->tlv_data_size = size;
91+ mutex_unlock(&ue->card->user_ctl_lock);
92 } else {
93- if (! ue->tlv_data_size || ! ue->tlv_data)
94- return -ENXIO;
95- if (size < ue->tlv_data_size)
96- return -ENOSPC;
97+ int ret = 0;
98+
99+ mutex_lock(&ue->card->user_ctl_lock);
100+ if (!ue->tlv_data_size || !ue->tlv_data) {
101+ ret = -ENXIO;
102+ goto err_unlock;
103+ }
104+ if (size < ue->tlv_data_size) {
105+ ret = -ENOSPC;
106+ goto err_unlock;
107+ }
108 if (copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size))
109- return -EFAULT;
110+ ret = -EFAULT;
111+err_unlock:
112+ mutex_unlock(&ue->card->user_ctl_lock);
113+ if (ret)
114+ return ret;
115 }
116 return change;
117 }
118@@ -1211,6 +1229,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
119 ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL);
120 if (ue == NULL)
121 return -ENOMEM;
122+ ue->card = card;
123 ue->info = *info;
124 ue->info.access = 0;
125 ue->elem_data = (char *)ue + sizeof(*ue);
126diff --git a/sound/core/init.c b/sound/core/init.c
127index d047851..b9268a5 100644
128--- a/sound/core/init.c
129+++ b/sound/core/init.c
130@@ -215,6 +215,7 @@ int snd_card_create(int idx, const char *xid,
131 INIT_LIST_HEAD(&card->devices);
132 init_rwsem(&card->controls_rwsem);
133 rwlock_init(&card->ctl_files_rwlock);
134+ mutex_init(&card->user_ctl_lock);
135 INIT_LIST_HEAD(&card->controls);
136 INIT_LIST_HEAD(&card->ctl_files);
137 spin_lock_init(&card->files_lock);
138--
1391.9.1
140
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch
new file mode 100644
index 00000000..98590252
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-ALSA-CVE-2014-4656.patch
@@ -0,0 +1,43 @@
1From 7ee7663da07717a1b31ce60d2ebf12d2058ee975 Mon Sep 17 00:00:00 2001
2From: Lars-Peter Clausen <lars@metafoo.de>
3Date: Wed, 18 Jun 2014 13:32:35 +0200
4Subject: [PATCH] ALSA: control: Make sure that id->index does not overflow
5
6commit 883a1d49f0d77d30012f114b2e19fc141beb3e8e upstream.
7
8The ALSA control code expects that the range of assigned indices to a control is
9continuous and does not overflow. Currently there are no checks to enforce this.
10If a control with a overflowing index range is created that control becomes
11effectively inaccessible and unremovable since snd_ctl_find_id() will not be
12able to find it. This patch adds a check that makes sure that controls with a
13overflowing index range can not be created.
14
15Fixes CVE-2014-4656
16Upstream-Status: Backport
17
18Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
19Acked-by: Jaroslav Kysela <perex@perex.cz>
20Signed-off-by: Takashi Iwai <tiwai@suse.de>
21Signed-off-by: Jiri Slaby <jslaby@suse.cz>
22Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23---
24 sound/core/control.c | 3 +++
25 1 file changed, 3 insertions(+)
26
27diff --git a/sound/core/control.c b/sound/core/control.c
28index 93215b4..98a29b2 100644
29--- a/sound/core/control.c
30+++ b/sound/core/control.c
31@@ -343,6 +343,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
32 if (snd_BUG_ON(!card || !kcontrol->info))
33 goto error;
34 id = kcontrol->id;
35+ if (id.index > UINT_MAX - kcontrol->count)
36+ goto error;
37+
38 down_write(&card->controls_rwsem);
39 if (snd_ctl_find_id(card, &id)) {
40 up_write(&card->controls_rwsem);
41--
421.9.1
43
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch
new file mode 100644
index 00000000..4355c68f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-HID-CVE-2014-3181.patch
@@ -0,0 +1,52 @@
1From c54def7bd64d7c0b6993336abcffb8444795bf38 Mon Sep 17 00:00:00 2001
2From: Jiri Kosina <jkosina@suse.cz>
3Date: Wed, 27 Aug 2014 09:12:24 +0200
4Subject: [PATCH] HID: magicmouse: sanity check report size in raw_event()
5 callback
6
7The report passed to us from transport driver could potentially be
8arbitrarily large, therefore we better sanity-check it so that
9magicmouse_emit_touch() gets only valid values of raw_id.
10
11This fixes CVE-2014-3181
12Upstream-Status: Backport
13
14Cc: stable@vger.kernel.org
15Reported-by: Steven Vittitoe <scvitti@google.com>
16Signed-off-by: Jiri Kosina <jkosina@suse.cz>
17Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
18---
19 drivers/hid/hid-magicmouse.c | 10 ++++++++++
20 1 file changed, 10 insertions(+)
21
22diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
23index ecc2cbf..29a74c1 100644
24--- a/drivers/hid/hid-magicmouse.c
25+++ b/drivers/hid/hid-magicmouse.c
26@@ -290,6 +290,11 @@ static int magicmouse_raw_event(struct hid_device *hdev,
27 if (size < 4 || ((size - 4) % 9) != 0)
28 return 0;
29 npoints = (size - 4) / 9;
30+ if (npoints > 15) {
31+ hid_warn(hdev, "invalid size value (%d) for TRACKPAD_REPORT_ID\n",
32+ size);
33+ return 0;
34+ }
35 msc->ntouches = 0;
36 for (ii = 0; ii < npoints; ii++)
37 magicmouse_emit_touch(msc, ii, data + ii * 9 + 4);
38@@ -307,6 +312,11 @@ static int magicmouse_raw_event(struct hid_device *hdev,
39 if (size < 6 || ((size - 6) % 8) != 0)
40 return 0;
41 npoints = (size - 6) / 8;
42+ if (npoints > 15) {
43+ hid_warn(hdev, "invalid size value (%d) for MOUSE_REPORT_ID\n",
44+ size);
45+ return 0;
46+ }
47 msc->ntouches = 0;
48 for (ii = 0; ii < npoints; ii++)
49 magicmouse_emit_touch(msc, ii, data + ii * 8 + 6);
50--
511.9.1
52
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch
new file mode 100644
index 00000000..e19a3c10
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-kvm-iommu-CVE-2014-3601.patch
@@ -0,0 +1,94 @@
1From e35b1e9f17e0567f96502f3a2a31dace727ed3da Mon Sep 17 00:00:00 2001
2From: "Michael S. Tsirkin" <mst@redhat.com>
3Date: Tue, 19 Aug 2014 19:14:50 +0800
4Subject: [PATCH] kvm: iommu: fix the third parameter of kvm_iommu_put_pages
5 (CVE-2014-3601)
6
7commit 350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 upstream.
8
9The third parameter of kvm_iommu_put_pages is wrong,
10It should be 'gfn - slot->base_gfn'.
11
12By making gfn very large, malicious guest or userspace can cause kvm to
13go to this error path, and subsequently to pass a huge value as size.
14Alternatively if gfn is small, then pages would be pinned but never
15unpinned, causing host memory leak and local DOS.
16
17Passing a reasonable but large value could be the most dangerous case,
18because it would unpin a page that should have stayed pinned, and thus
19allow the device to DMA into arbitrary memory. However, this cannot
20happen because of the condition that can trigger the error:
21
22- out of memory (where you can't allocate even a single page)
23 should not be possible for the attacker to trigger
24
25- when exceeding the iommu's address space, guest pages after gfn
26 will also exceed the iommu's address space, and inside
27 kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The
28 page thus would not be unpinned at all.
29
30Upstream-Status: Backport
31
32Reported-by: Jack Morgenstein <jackm@mellanox.com>
33Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
34Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
35Signed-off-by: Jiri Slaby <jslaby@suse.cz>
36Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
37---
38 virt/kvm/iommu.c | 19 ++++++++++---------
39 1 file changed, 10 insertions(+), 9 deletions(-)
40
41diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
42index c329c8f..dec9971 100644
43--- a/virt/kvm/iommu.c
44+++ b/virt/kvm/iommu.c
45@@ -61,6 +61,14 @@ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
46 return pfn;
47 }
48
49+static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
50+{
51+ unsigned long i;
52+
53+ for (i = 0; i < npages; ++i)
54+ kvm_release_pfn_clean(pfn + i);
55+}
56+
57 int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
58 {
59 gfn_t gfn, end_gfn;
60@@ -123,6 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
61 if (r) {
62 printk(KERN_ERR "kvm_iommu_map_address:"
63 "iommu failed to map pfn=%llx\n", pfn);
64+ kvm_unpin_pages(kvm, pfn, page_size);
65 goto unmap_pages;
66 }
67
68@@ -134,7 +143,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
69 return 0;
70
71 unmap_pages:
72- kvm_iommu_put_pages(kvm, slot->base_gfn, gfn);
73+ kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn);
74 return r;
75 }
76
77@@ -272,14 +281,6 @@ out_unlock:
78 return r;
79 }
80
81-static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages)
82-{
83- unsigned long i;
84-
85- for (i = 0; i < npages; ++i)
86- kvm_release_pfn_clean(pfn + i);
87-}
88-
89 static void kvm_iommu_put_pages(struct kvm *kvm,
90 gfn_t base_gfn, unsigned long npages)
91 {
92--
931.9.1
94
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 00000000..aec89301
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,62 @@
1From 25c1def33a2f74079f3062b7afdf98fcf9f34e6d Mon Sep 17 00:00:00 2001
2From: "Eric W. Biederman" <ebiederm@xmission.com>
3Date: Mon, 28 Jul 2014 16:26:53 -0700
4Subject: [PATCH] mnt: Only change user settable mount flags in remount
5
6commit a6138db815df5ee542d848318e5dae681590fccd upstream.
7
8Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
9read-only bind mount read-only in a user namespace the
10MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
11to the remount a read-only mount read-write.
12
13Correct this by replacing the mask of mount flags to preserve
14with a mask of mount flags that may be changed, and preserve
15all others. This ensures that any future bugs with this mask and
16remount will fail in an easy to detect way where new mount flags
17simply won't change.
18
19Fix for CVE-2014-5206 and CVE-2014-5207
20Upstream-Status: backport
21
22Cc: stable@vger.kernel.org
23Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
24Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
25Signed-off-by: Jiri Slaby <jslaby@suse.cz>
26Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
27---
28 fs/namespace.c | 2 +-
29 include/linux/mount.h | 4 +++-
30 2 files changed, 4 insertions(+), 2 deletions(-)
31
32diff --git a/fs/namespace.c b/fs/namespace.c
33index 84447db..34fa7a5 100644
34--- a/fs/namespace.c
35+++ b/fs/namespace.c
36@@ -1847,7 +1847,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
37 err = do_remount_sb(sb, flags, data, 0);
38 if (!err) {
39 br_write_lock(&vfsmount_lock);
40- mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
41+ mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
42 mnt->mnt.mnt_flags = mnt_flags;
43 br_write_unlock(&vfsmount_lock);
44 }
45diff --git a/include/linux/mount.h b/include/linux/mount.h
46index 38cd98f..8707c9e 100644
47--- a/include/linux/mount.h
48+++ b/include/linux/mount.h
49@@ -42,7 +42,9 @@ struct mnt_namespace;
50 * flag, consider how it interacts with shared mounts.
51 */
52 #define MNT_SHARED_MASK (MNT_UNBINDABLE)
53-#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE)
54+#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
55+ | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
56+ | MNT_READONLY)
57
58
59 #define MNT_INTERNAL 0x4000
60--
611.9.1
62
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch
new file mode 100644
index 00000000..68289f28
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-net-sctp-CVE-2014-3673.patch
@@ -0,0 +1,348 @@
1From bbd951a21e0fd555cd9ede44c7196af09d04d171 Mon Sep 17 00:00:00 2001
2From: Daniel Borkmann <dborkman@redhat.com>
3Date: Thu, 9 Oct 2014 22:55:31 +0200
4Subject: [PATCH] net: sctp: fix skb_over_panic when receiving malformed ASCONF
5 chunks
6
7commit 9de7922bc709eee2f609cd01d98aaedc4cf5ea74 upstream.
8
9Commit 6f4c618ddb0 ("SCTP : Add paramters validity check for
10ASCONF chunk") added basic verification of ASCONF chunks, however,
11it is still possible to remotely crash a server by sending a
12special crafted ASCONF chunk, even up to pre 2.6.12 kernels:
13
14skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768
15 head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950
16 end:0x440 dev:<NULL>
17 ------------[ cut here ]------------
18kernel BUG at net/core/skbuff.c:129!
19[...]
20Call Trace:
21 <IRQ>
22 [<ffffffff8144fb1c>] skb_put+0x5c/0x70
23 [<ffffffffa01ea1c3>] sctp_addto_chunk+0x63/0xd0 [sctp]
24 [<ffffffffa01eadaf>] sctp_process_asconf+0x1af/0x540 [sctp]
25 [<ffffffff8152d025>] ? _read_unlock_bh+0x15/0x20
26 [<ffffffffa01e0038>] sctp_sf_do_asconf+0x168/0x240 [sctp]
27 [<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp]
28 [<ffffffff8147645d>] ? fib_rules_lookup+0xad/0xf0
29 [<ffffffffa01e6b22>] ? sctp_cmp_addr_exact+0x32/0x40 [sctp]
30 [<ffffffffa01e8393>] sctp_assoc_bh_rcv+0xd3/0x180 [sctp]
31 [<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp]
32 [<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp]
33 [<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
34 [<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0
35 [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
36 [<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120
37 [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
38 [<ffffffff81496ded>] ip_local_deliver_finish+0xdd/0x2d0
39 [<ffffffff81497078>] ip_local_deliver+0x98/0xa0
40 [<ffffffff8149653d>] ip_rcv_finish+0x12d/0x440
41 [<ffffffff81496ac5>] ip_rcv+0x275/0x350
42 [<ffffffff8145c88b>] __netif_receive_skb+0x4ab/0x750
43 [<ffffffff81460588>] netif_receive_skb+0x58/0x60
44
45This can be triggered e.g., through a simple scripted nmap
46connection scan injecting the chunk after the handshake, for
47example, ...
48
49 -------------- INIT[ASCONF; ASCONF_ACK] ------------->
50 <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
51 -------------------- COOKIE-ECHO -------------------->
52 <-------------------- COOKIE-ACK ---------------------
53 ------------------ ASCONF; UNKNOWN ------------------>
54
55... where ASCONF chunk of length 280 contains 2 parameters ...
56
57 1) Add IP address parameter (param length: 16)
58 2) Add/del IP address parameter (param length: 255)
59
60... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the
61Address Parameter in the ASCONF chunk is even missing, too.
62This is just an example and similarly-crafted ASCONF chunks
63could be used just as well.
64
65The ASCONF chunk passes through sctp_verify_asconf() as all
66parameters passed sanity checks, and after walking, we ended
67up successfully at the chunk end boundary, and thus may invoke
68sctp_process_asconf(). Parameter walking is done with
69WORD_ROUND() to take padding into account.
70
71In sctp_process_asconf()'s TLV processing, we may fail in
72sctp_process_asconf_param() e.g., due to removal of the IP
73address that is also the source address of the packet containing
74the ASCONF chunk, and thus we need to add all TLVs after the
75failure to our ASCONF response to remote via helper function
76sctp_add_asconf_response(), which basically invokes a
77sctp_addto_chunk() adding the error parameters to the given
78skb.
79
80When walking to the next parameter this time, we proceed
81with ...
82
83 length = ntohs(asconf_param->param_hdr.length);
84 asconf_param = (void *)asconf_param + length;
85
86... instead of the WORD_ROUND()'ed length, thus resulting here
87in an off-by-one that leads to reading the follow-up garbage
88parameter length of 12336, and thus throwing an skb_over_panic
89for the reply when trying to sctp_addto_chunk() next time,
90which implicitly calls the skb_put() with that length.
91
92Fix it by using sctp_walk_params() [ which is also used in
93INIT parameter processing ] macro in the verification *and*
94in ASCONF processing: it will make sure we don't spill over,
95that we walk parameters WORD_ROUND()'ed. Moreover, we're being
96more defensive and guard against unknown parameter types and
97missized addresses.
98
99Joint work with Vlad Yasevich.
100
101Fixes CVE-2014-3673
102Upstream-Status: Backport
103
104Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.")
105Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
106Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
107Acked-by: Neil Horman <nhorman@tuxdriver.com>
108Signed-off-by: David S. Miller <davem@davemloft.net>
109Cc: Josh Boyer <jwboyer@fedoraproject.org>
110Signed-off-by: Jiri Slaby <jslaby@suse.cz>
111Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
112---
113 include/net/sctp/sm.h | 6 +--
114 net/sctp/sm_make_chunk.c | 99 +++++++++++++++++++++++++++---------------------
115 net/sctp/sm_statefuns.c | 18 +--------
116 3 files changed, 60 insertions(+), 63 deletions(-)
117
118diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
119index 4ef75af..c91b6f5 100644
120--- a/include/net/sctp/sm.h
121+++ b/include/net/sctp/sm.h
122@@ -249,9 +249,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *,
123 int, __be16);
124 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
125 union sctp_addr *addr);
126-int sctp_verify_asconf(const struct sctp_association *asoc,
127- struct sctp_paramhdr *param_hdr, void *chunk_end,
128- struct sctp_paramhdr **errp);
129+bool sctp_verify_asconf(const struct sctp_association *asoc,
130+ struct sctp_chunk *chunk, bool addr_param_needed,
131+ struct sctp_paramhdr **errp);
132 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
133 struct sctp_chunk *asconf);
134 int sctp_process_asconf_ack(struct sctp_association *asoc,
135diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
136index e342387..d800160 100644
137--- a/net/sctp/sm_make_chunk.c
138+++ b/net/sctp/sm_make_chunk.c
139@@ -3126,50 +3126,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
140 return SCTP_ERROR_NO_ERROR;
141 }
142
143-/* Verify the ASCONF packet before we process it. */
144-int sctp_verify_asconf(const struct sctp_association *asoc,
145- struct sctp_paramhdr *param_hdr, void *chunk_end,
146- struct sctp_paramhdr **errp) {
147- sctp_addip_param_t *asconf_param;
148+/* Verify the ASCONF packet before we process it. */
149+bool sctp_verify_asconf(const struct sctp_association *asoc,
150+ struct sctp_chunk *chunk, bool addr_param_needed,
151+ struct sctp_paramhdr **errp)
152+{
153+ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr;
154 union sctp_params param;
155- int length, plen;
156-
157- param.v = (sctp_paramhdr_t *) param_hdr;
158- while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
159- length = ntohs(param.p->length);
160- *errp = param.p;
161+ bool addr_param_seen = false;
162
163- if (param.v > chunk_end - length ||
164- length < sizeof(sctp_paramhdr_t))
165- return 0;
166+ sctp_walk_params(param, addip, addip_hdr.params) {
167+ size_t length = ntohs(param.p->length);
168
169+ *errp = param.p;
170 switch (param.p->type) {
171+ case SCTP_PARAM_ERR_CAUSE:
172+ break;
173+ case SCTP_PARAM_IPV4_ADDRESS:
174+ if (length != sizeof(sctp_ipv4addr_param_t))
175+ return false;
176+ addr_param_seen = true;
177+ break;
178+ case SCTP_PARAM_IPV6_ADDRESS:
179+ if (length != sizeof(sctp_ipv6addr_param_t))
180+ return false;
181+ addr_param_seen = true;
182+ break;
183 case SCTP_PARAM_ADD_IP:
184 case SCTP_PARAM_DEL_IP:
185 case SCTP_PARAM_SET_PRIMARY:
186- asconf_param = (sctp_addip_param_t *)param.v;
187- plen = ntohs(asconf_param->param_hdr.length);
188- if (plen < sizeof(sctp_addip_param_t) +
189- sizeof(sctp_paramhdr_t))
190- return 0;
191+ /* In ASCONF chunks, these need to be first. */
192+ if (addr_param_needed && !addr_param_seen)
193+ return false;
194+ length = ntohs(param.addip->param_hdr.length);
195+ if (length < sizeof(sctp_addip_param_t) +
196+ sizeof(sctp_paramhdr_t))
197+ return false;
198 break;
199 case SCTP_PARAM_SUCCESS_REPORT:
200 case SCTP_PARAM_ADAPTATION_LAYER_IND:
201 if (length != sizeof(sctp_addip_param_t))
202- return 0;
203-
204+ return false;
205 break;
206 default:
207- break;
208+ /* This is unkown to us, reject! */
209+ return false;
210 }
211-
212- param.v += WORD_ROUND(length);
213 }
214
215- if (param.v != chunk_end)
216- return 0;
217+ /* Remaining sanity checks. */
218+ if (addr_param_needed && !addr_param_seen)
219+ return false;
220+ if (!addr_param_needed && addr_param_seen)
221+ return false;
222+ if (param.v != chunk->chunk_end)
223+ return false;
224
225- return 1;
226+ return true;
227 }
228
229 /* Process an incoming ASCONF chunk with the next expected serial no. and
230@@ -3178,16 +3191,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc,
231 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
232 struct sctp_chunk *asconf)
233 {
234+ sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr;
235+ bool all_param_pass = true;
236+ union sctp_params param;
237 sctp_addiphdr_t *hdr;
238 union sctp_addr_param *addr_param;
239 sctp_addip_param_t *asconf_param;
240 struct sctp_chunk *asconf_ack;
241-
242 __be16 err_code;
243 int length = 0;
244 int chunk_len;
245 __u32 serial;
246- int all_param_pass = 1;
247
248 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
249 hdr = (sctp_addiphdr_t *)asconf->skb->data;
250@@ -3215,9 +3229,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
251 goto done;
252
253 /* Process the TLVs contained within the ASCONF chunk. */
254- while (chunk_len > 0) {
255+ sctp_walk_params(param, addip, addip_hdr.params) {
256+ /* Skip preceeding address parameters. */
257+ if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
258+ param.p->type == SCTP_PARAM_IPV6_ADDRESS)
259+ continue;
260+
261 err_code = sctp_process_asconf_param(asoc, asconf,
262- asconf_param);
263+ param.addip);
264 /* ADDIP 4.1 A7)
265 * If an error response is received for a TLV parameter,
266 * all TLVs with no response before the failed TLV are
267@@ -3225,28 +3244,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
268 * the failed response are considered unsuccessful unless
269 * a specific success indication is present for the parameter.
270 */
271- if (SCTP_ERROR_NO_ERROR != err_code)
272- all_param_pass = 0;
273-
274+ if (err_code != SCTP_ERROR_NO_ERROR)
275+ all_param_pass = false;
276 if (!all_param_pass)
277- sctp_add_asconf_response(asconf_ack,
278- asconf_param->crr_id, err_code,
279- asconf_param);
280+ sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
281+ err_code, param.addip);
282
283 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
284 * an IP address sends an 'Out of Resource' in its response, it
285 * MUST also fail any subsequent add or delete requests bundled
286 * in the ASCONF.
287 */
288- if (SCTP_ERROR_RSRC_LOW == err_code)
289+ if (err_code == SCTP_ERROR_RSRC_LOW)
290 goto done;
291-
292- /* Move to the next ASCONF param. */
293- length = ntohs(asconf_param->param_hdr.length);
294- asconf_param = (void *)asconf_param + length;
295- chunk_len -= length;
296 }
297-
298 done:
299 asoc->peer.addip_serial++;
300
301diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
302index 62623cc..bf12098 100644
303--- a/net/sctp/sm_statefuns.c
304+++ b/net/sctp/sm_statefuns.c
305@@ -3595,9 +3595,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
306 struct sctp_chunk *asconf_ack = NULL;
307 struct sctp_paramhdr *err_param = NULL;
308 sctp_addiphdr_t *hdr;
309- union sctp_addr_param *addr_param;
310 __u32 serial;
311- int length;
312
313 if (!sctp_vtag_verify(chunk, asoc)) {
314 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
315@@ -3622,17 +3620,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net,
316 hdr = (sctp_addiphdr_t *)chunk->skb->data;
317 serial = ntohl(hdr->serial);
318
319- addr_param = (union sctp_addr_param *)hdr->params;
320- length = ntohs(addr_param->p.length);
321- if (length < sizeof(sctp_paramhdr_t))
322- return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
323- (void *)addr_param, commands);
324-
325 /* Verify the ASCONF chunk before processing it. */
326- if (!sctp_verify_asconf(asoc,
327- (sctp_paramhdr_t *)((void *)addr_param + length),
328- (void *)chunk->chunk_end,
329- &err_param))
330+ if (!sctp_verify_asconf(asoc, chunk, true, &err_param))
331 return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
332 (void *)err_param, commands);
333
334@@ -3750,10 +3739,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net,
335 rcvd_serial = ntohl(addip_hdr->serial);
336
337 /* Verify the ASCONF-ACK chunk before processing it. */
338- if (!sctp_verify_asconf(asoc,
339- (sctp_paramhdr_t *)addip_hdr->params,
340- (void *)asconf_ack->chunk_end,
341- &err_param))
342+ if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param))
343 return sctp_sf_violation_paramlen(net, ep, asoc, type, arg,
344 (void *)err_param, commands);
345
346--
3471.9.1
348
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch
new file mode 100644
index 00000000..00ead602
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0001-shmem-CVE-2014-4171.patch
@@ -0,0 +1,141 @@
1From 8685789bd8ec12a02b07ea76df4527b055efbf20 Mon Sep 17 00:00:00 2001
2From: Hugh Dickins <hughd@google.com>
3Date: Mon, 23 Jun 2014 13:22:06 -0700
4Subject: [PATCH 1/3] shmem: fix faulting into a hole while it's punched
5
6commit f00cdc6df7d7cfcabb5b740911e6788cb0802bdb upstream.
7
8Trinity finds that mmap access to a hole while it's punched from shmem
9can prevent the madvise(MADV_REMOVE) or fallocate(FALLOC_FL_PUNCH_HOLE)
10from completing, until the reader chooses to stop; with the puncher's
11hold on i_mutex locking out all other writers until it can complete.
12
13It appears that the tmpfs fault path is too light in comparison with its
14hole-punching path, lacking an i_data_sem to obstruct it; but we don't
15want to slow down the common case.
16
17Extend shmem_fallocate()'s existing range notification mechanism, so
18shmem_fault() can refrain from faulting pages into the hole while it's
19punched, waiting instead on i_mutex (when safe to sleep; or repeatedly
20faulting when not).
21
22Upstream-Status: Backport
23
24[akpm@linux-foundation.org: coding-style fixes]
25Signed-off-by: Hugh Dickins <hughd@google.com>
26Reported-by: Sasha Levin <sasha.levin@oracle.com>
27Tested-by: Sasha Levin <sasha.levin@oracle.com>
28Cc: Dave Jones <davej@redhat.com>
29Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
30Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
31
32Signed-off-by: Jiri Slaby <jslaby@suse.cz>
33Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
34---
35 mm/shmem.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
36 1 file changed, 52 insertions(+), 4 deletions(-)
37
38diff --git a/mm/shmem.c b/mm/shmem.c
39index 8297623..00d412f 100644
40--- a/mm/shmem.c
41+++ b/mm/shmem.c
42@@ -80,11 +80,12 @@ static struct vfsmount *shm_mnt;
43 #define SHORT_SYMLINK_LEN 128
44
45 /*
46- * shmem_fallocate and shmem_writepage communicate via inode->i_private
47- * (with i_mutex making sure that it has only one user at a time):
48- * we would prefer not to enlarge the shmem inode just for that.
49+ * shmem_fallocate communicates with shmem_fault or shmem_writepage via
50+ * inode->i_private (with i_mutex making sure that it has only one user at
51+ * a time): we would prefer not to enlarge the shmem inode just for that.
52 */
53 struct shmem_falloc {
54+ int mode; /* FALLOC_FL mode currently operating */
55 pgoff_t start; /* start of range currently being fallocated */
56 pgoff_t next; /* the next page offset to be fallocated */
57 pgoff_t nr_falloced; /* how many new pages have been fallocated */
58@@ -826,6 +827,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
59 spin_lock(&inode->i_lock);
60 shmem_falloc = inode->i_private;
61 if (shmem_falloc &&
62+ !shmem_falloc->mode &&
63 index >= shmem_falloc->start &&
64 index < shmem_falloc->next)
65 shmem_falloc->nr_unswapped++;
66@@ -1300,6 +1302,44 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
67 int error;
68 int ret = VM_FAULT_LOCKED;
69
70+ /*
71+ * Trinity finds that probing a hole which tmpfs is punching can
72+ * prevent the hole-punch from ever completing: which in turn
73+ * locks writers out with its hold on i_mutex. So refrain from
74+ * faulting pages into the hole while it's being punched, and
75+ * wait on i_mutex to be released if vmf->flags permits.
76+ */
77+ if (unlikely(inode->i_private)) {
78+ struct shmem_falloc *shmem_falloc;
79+
80+ spin_lock(&inode->i_lock);
81+ shmem_falloc = inode->i_private;
82+ if (!shmem_falloc ||
83+ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
84+ vmf->pgoff < shmem_falloc->start ||
85+ vmf->pgoff >= shmem_falloc->next)
86+ shmem_falloc = NULL;
87+ spin_unlock(&inode->i_lock);
88+ /*
89+ * i_lock has protected us from taking shmem_falloc seriously
90+ * once return from shmem_fallocate() went back up that stack.
91+ * i_lock does not serialize with i_mutex at all, but it does
92+ * not matter if sometimes we wait unnecessarily, or sometimes
93+ * miss out on waiting: we just need to make those cases rare.
94+ */
95+ if (shmem_falloc) {
96+ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
97+ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
98+ up_read(&vma->vm_mm->mmap_sem);
99+ mutex_lock(&inode->i_mutex);
100+ mutex_unlock(&inode->i_mutex);
101+ return VM_FAULT_RETRY;
102+ }
103+ /* cond_resched? Leave that to GUP or return to user */
104+ return VM_FAULT_NOPAGE;
105+ }
106+ }
107+
108 error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
109 if (error)
110 return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
111@@ -1815,18 +1855,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
112
113 mutex_lock(&inode->i_mutex);
114
115+ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE;
116+
117 if (mode & FALLOC_FL_PUNCH_HOLE) {
118 struct address_space *mapping = file->f_mapping;
119 loff_t unmap_start = round_up(offset, PAGE_SIZE);
120 loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
121
122+ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
123+ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
124+ spin_lock(&inode->i_lock);
125+ inode->i_private = &shmem_falloc;
126+ spin_unlock(&inode->i_lock);
127+
128 if ((u64)unmap_end > (u64)unmap_start)
129 unmap_mapping_range(mapping, unmap_start,
130 1 + unmap_end - unmap_start, 0);
131 shmem_truncate_range(inode, offset, offset + len - 1);
132 /* No need to unmap again: hole-punching leaves COWed pages */
133 error = 0;
134- goto out;
135+ goto undone;
136 }
137
138 /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
139--
1401.9.1
141
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch
new file mode 100644
index 00000000..8612d74a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4653.patch
@@ -0,0 +1,92 @@
1From 0bf595fd311aa4d6e82c43879f2c0d0650e83271 Mon Sep 17 00:00:00 2001
2From: Lars-Peter Clausen <lars@metafoo.de>
3Date: Wed, 18 Jun 2014 13:32:33 +0200
4Subject: [PATCH] ALSA: control: Don't access controls outside of protected
5 regions
6
7commit fd9f26e4eca5d08a27d12c0933fceef76ed9663d upstream.
8
9A control that is visible on the card->controls list can be freed at any time.
10This means we must not access any of its memory while not holding the
11controls_rw_lock. Otherwise we risk a use after free access.
12
13This fixes CVE-2014-4653
14Upstream-Status: Backport
15
16Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
17Acked-by: Jaroslav Kysela <perex@perex.cz>
18Signed-off-by: Takashi Iwai <tiwai@suse.de>
19Signed-off-by: Jiri Slaby <jslaby@suse.cz>
20Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
21---
22 sound/core/control.c | 15 ++++++++++-----
23 1 file changed, 10 insertions(+), 5 deletions(-)
24
25diff --git a/sound/core/control.c b/sound/core/control.c
26index 15bc844..d4a597f 100644
27--- a/sound/core/control.c
28+++ b/sound/core/control.c
29@@ -331,6 +331,7 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
30 {
31 struct snd_ctl_elem_id id;
32 unsigned int idx;
33+ unsigned int count;
34 int err = -EINVAL;
35
36 if (! kcontrol)
37@@ -359,8 +360,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
38 card->controls_count += kcontrol->count;
39 kcontrol->id.numid = card->last_numid + 1;
40 card->last_numid += kcontrol->count;
41+ count = kcontrol->count;
42 up_write(&card->controls_rwsem);
43- for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
44+ for (idx = 0; idx < count; idx++, id.index++, id.numid++)
45 snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
46 return 0;
47
48@@ -389,6 +391,7 @@ int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
49 bool add_on_replace)
50 {
51 struct snd_ctl_elem_id id;
52+ unsigned int count;
53 unsigned int idx;
54 struct snd_kcontrol *old;
55 int ret;
56@@ -424,8 +427,9 @@ add:
57 card->controls_count += kcontrol->count;
58 kcontrol->id.numid = card->last_numid + 1;
59 card->last_numid += kcontrol->count;
60+ count = kcontrol->count;
61 up_write(&card->controls_rwsem);
62- for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
63+ for (idx = 0; idx < count; idx++, id.index++, id.numid++)
64 snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
65 return 0;
66
67@@ -898,9 +902,9 @@ static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
68 result = kctl->put(kctl, control);
69 }
70 if (result > 0) {
71+ struct snd_ctl_elem_id id = control->id;
72 up_read(&card->controls_rwsem);
73- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE,
74- &control->id);
75+ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id);
76 return 0;
77 }
78 }
79@@ -1334,8 +1338,9 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
80 }
81 err = kctl->tlv.c(kctl, op_flag, tlv.length, _tlv->tlv);
82 if (err > 0) {
83+ struct snd_ctl_elem_id id = kctl->id;
84 up_read(&card->controls_rwsem);
85- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &kctl->id);
86+ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &id);
87 return 0;
88 }
89 } else {
90--
911.9.1
92
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch
new file mode 100644
index 00000000..2065780f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-ALSA-CVE-2014-4656.patch
@@ -0,0 +1,46 @@
1From 669982364299f6f22bea4324f0f7ee8f8a361b87 Mon Sep 17 00:00:00 2001
2From: Lars-Peter Clausen <lars@metafoo.de>
3Date: Wed, 18 Jun 2014 13:32:34 +0200
4Subject: [PATCH] ALSA: control: Handle numid overflow
5
6commit ac902c112d90a89e59916f751c2745f4dbdbb4bd upstream.
7
8Each control gets automatically assigned its numids when the control is created.
9The allocation is done by incrementing the numid by the amount of allocated
10numids per allocation. This means that excessive creation and destruction of
11controls (e.g. via SNDRV_CTL_IOCTL_ELEM_ADD/REMOVE) can cause the id to
12eventually overflow. Currently when this happens for the control that caused the
13overflow kctl->id.numid + kctl->count will also over flow causing it to be
14smaller than kctl->id.numid. Most of the code assumes that this is something
15that can not happen, so we need to make sure that it won't happen
16
17Fixes CVE-2014-4656
18Upstream-Status: Backport
19
20Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
21Acked-by: Jaroslav Kysela <perex@perex.cz>
22Signed-off-by: Takashi Iwai <tiwai@suse.de>
23Signed-off-by: Jiri Slaby <jslaby@suse.cz>
24Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
25---
26 sound/core/control.c | 4 ++++
27 1 file changed, 4 insertions(+)
28
29diff --git a/sound/core/control.c b/sound/core/control.c
30index d4a597f..93215b4 100644
31--- a/sound/core/control.c
32+++ b/sound/core/control.c
33@@ -289,6 +289,10 @@ static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
34 {
35 struct snd_kcontrol *kctl;
36
37+ /* Make sure that the ids assigned to the control do not wrap around */
38+ if (card->last_numid >= UINT_MAX - count)
39+ card->last_numid = 0;
40+
41 list_for_each_entry(kctl, &card->controls, list) {
42 if (kctl->id.numid < card->last_numid + 1 + count &&
43 kctl->id.numid + kctl->count > card->last_numid + 1) {
44--
451.9.1
46
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch
new file mode 100644
index 00000000..a90d0799
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-HID-CVE-2014-3182.patch
@@ -0,0 +1,65 @@
1From ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 Mon Sep 17 00:00:00 2001
2From: Jiri Kosina <jkosina@suse.cz>
3Date: Thu, 21 Aug 2014 09:57:17 -0500
4Subject: [PATCH] HID: logitech: perform bounds checking on device_id early
5 enough
6
7device_index is a char type and the size of paired_dj_deivces is 7
8elements, therefore proper bounds checking has to be applied to
9device_index before it is used.
10
11We are currently performing the bounds checking in
12logi_dj_recv_add_djhid_device(), which is too late, as malicious device
13could send REPORT_TYPE_NOTIF_DEVICE_UNPAIRED early enough and trigger the
14problem in one of the report forwarding functions called from
15logi_dj_raw_event().
16
17Fix this by performing the check at the earliest possible ocasion in
18logi_dj_raw_event().
19
20This fixes CVE-2014-3182
21Upstream-Status: Backport
22
23Cc: stable@vger.kernel.org
24Reported-by: Ben Hawkes <hawkes@google.com>
25Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
26Signed-off-by: Jiri Kosina <jkosina@suse.cz>
27Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
28---
29 drivers/hid/hid-logitech-dj.c | 13 ++++++-------
30 1 file changed, 6 insertions(+), 7 deletions(-)
31
32diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
33index ca0ab51..b7ba829 100644
34--- a/drivers/hid/hid-logitech-dj.c
35+++ b/drivers/hid/hid-logitech-dj.c
36@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
37 return;
38 }
39
40- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
41- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
42- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
43- __func__, dj_report->device_index);
44- return;
45- }
46-
47 if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
48 /* The device is already known. No need to reallocate it. */
49 dbg_hid("%s: device is already known\n", __func__);
50@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
51 * device (via hid_input_report() ) and return 1 so hid-core does not do
52 * anything else with it.
53 */
54+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
55+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
56+ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
57+ __func__, dj_report->device_index);
58+ return false;
59+ }
60
61 spin_lock_irqsave(&djrcv_dev->lock, flags);
62 if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
63--
641.9.1
65
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch
new file mode 100644
index 00000000..e43771cc
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-kvm-iommu-CVE-2014-8369.patch
@@ -0,0 +1,86 @@
1From 248541357433e3035d954435dafcdb9e70afee4e Mon Sep 17 00:00:00 2001
2From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
3Date: Fri, 17 Oct 2014 22:55:59 +0200
4Subject: [PATCH] kvm: fix excessive pages un-pinning in kvm_iommu_map error
5 path.
6
7commit 3d32e4dbe71374a6780eaf51d719d76f9a9bf22f upstream.
8
9The third parameter of kvm_unpin_pages() when called from
10kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin
11and not the page size.
12
13This error was facilitated with an inconsistent API: kvm_pin_pages() takes
14a size, but kvn_unpin_pages() takes a number of pages, so fix the problem
15by matching the two.
16
17This was introduced by commit 350b8bd ("kvm: iommu: fix the third parameter
18of kvm_iommu_put_pages (CVE-2014-3601)"), which fixes the lack of
19un-pinning for pages intended to be un-pinned (i.e. memory leak) but
20unfortunately potentially aggravated the number of pages we un-pin that
21should have stayed pinned. As far as I understand though, the same
22practical mitigations apply.
23
24This issue was found during review of Red Hat 6.6 patches to prepare
25Ksplice rebootless updates.
26
27Thanks to Vegard for his time on a late Friday evening to help me in
28understanding this code.
29
30Fix for CVE-2014-8369
31
32Upstream-Status: Backport
33
34Fixes: 350b8bd ("kvm: iommu: fix the third parameter of... (CVE-2014-3601)")
35Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
36Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
37Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
38Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
39Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
40Signed-off-by: Jiri Slaby <jslaby@suse.cz>
41Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
42---
43 virt/kvm/iommu.c | 8 ++++----
44 1 file changed, 4 insertions(+), 4 deletions(-)
45
46diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
47index dec9971..a650aa4 100644
48--- a/virt/kvm/iommu.c
49+++ b/virt/kvm/iommu.c
50@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
51 gfn_t base_gfn, unsigned long npages);
52
53 static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
54- unsigned long size)
55+ unsigned long npages)
56 {
57 gfn_t end_gfn;
58 pfn_t pfn;
59
60 pfn = gfn_to_pfn_memslot(slot, gfn);
61- end_gfn = gfn + (size >> PAGE_SHIFT);
62+ end_gfn = gfn + npages;
63 gfn += 1;
64
65 if (is_error_noslot_pfn(pfn))
66@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
67 * Pin all pages we are about to map in memory. This is
68 * important because we unmap and unpin in 4kb steps later.
69 */
70- pfn = kvm_pin_pages(slot, gfn, page_size);
71+ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
72 if (is_error_noslot_pfn(pfn)) {
73 gfn += 1;
74 continue;
75@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
76 if (r) {
77 printk(KERN_ERR "kvm_iommu_map_address:"
78 "iommu failed to map pfn=%llx\n", pfn);
79- kvm_unpin_pages(kvm, pfn, page_size);
80+ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
81 goto unmap_pages;
82 }
83
84--
851.9.1
86
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 00000000..b08f2179
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,62 @@
1From cab259f821fad20afa688d3fbeb47356447ac20b Mon Sep 17 00:00:00 2001
2From: "Eric W. Biederman" <ebiederm@xmission.com>
3Date: Mon, 28 Jul 2014 17:10:56 -0700
4Subject: [PATCH] mnt: Move the test for MNT_LOCK_READONLY from
5 change_mount_flags into do_remount
6
7commit 07b645589dcda8b7a5249e096fece2a67556f0f4 upstream.
8
9There are no races as locked mount flags are guaranteed to never change.
10
11Moving the test into do_remount makes it more visible, and ensures all
12filesystem remounts pass the MNT_LOCK_READONLY permission check. This
13second case is not an issue today as filesystem remounts are guarded
14by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged
15mount namespaces, but it could become an issue in the future.
16
17Fix for CVE-2014-5206 and CVE-2014-5207
18Upstream-Status: backport
19
20Cc: stable@vger.kernel.org
21Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
22Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
23Signed-off-by: Jiri Slaby <jslaby@suse.cz>
24Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
25---
26 fs/namespace.c | 13 ++++++++++---
27 1 file changed, 10 insertions(+), 3 deletions(-)
28
29diff --git a/fs/namespace.c b/fs/namespace.c
30index 34fa7a5..8e90b03 100644
31--- a/fs/namespace.c
32+++ b/fs/namespace.c
33@@ -1806,9 +1806,6 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
34 if (readonly_request == __mnt_is_readonly(mnt))
35 return 0;
36
37- if (mnt->mnt_flags & MNT_LOCK_READONLY)
38- return -EPERM;
39-
40 if (readonly_request)
41 error = mnt_make_readonly(real_mount(mnt));
42 else
43@@ -1834,6 +1831,16 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
44 if (path->dentry != path->mnt->mnt_root)
45 return -EINVAL;
46
47+ /* Don't allow changing of locked mnt flags.
48+ *
49+ * No locks need to be held here while testing the various
50+ * MNT_LOCK flags because those flags can never be cleared
51+ * once they are set.
52+ */
53+ if ((mnt->mnt.mnt_flags & MNT_LOCK_READONLY) &&
54+ !(mnt_flags & MNT_READONLY)) {
55+ return -EPERM;
56+ }
57 err = security_sb_remount(sb, data);
58 if (err)
59 return err;
60--
611.9.1
62
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch
new file mode 100644
index 00000000..b05aaf2b
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-net-sctp-CVE-2014-3687.patch
@@ -0,0 +1,102 @@
1From a723db0be941b8aebaa1a98b33d17a91b16603e4 Mon Sep 17 00:00:00 2001
2From: Daniel Borkmann <dborkman@redhat.com>
3Date: Thu, 9 Oct 2014 22:55:32 +0200
4Subject: [PATCH] net: sctp: fix panic on duplicate ASCONF chunks
5
6commit b69040d8e39f20d5215a03502a8e8b4c6ab78395 upstream.
7
8When receiving a e.g. semi-good formed connection scan in the
9form of ...
10
11 -------------- INIT[ASCONF; ASCONF_ACK] ------------->
12 <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
13 -------------------- COOKIE-ECHO -------------------->
14 <-------------------- COOKIE-ACK ---------------------
15 ---------------- ASCONF_a; ASCONF_b ----------------->
16
17... where ASCONF_a equals ASCONF_b chunk (at least both serials
18need to be equal), we panic an SCTP server!
19
20The problem is that good-formed ASCONF chunks that we reply with
21ASCONF_ACK chunks are cached per serial. Thus, when we receive a
22same ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do
23not need to process them again on the server side (that was the
24idea, also proposed in the RFC). Instead, we know it was cached
25and we just resend the cached chunk instead. So far, so good.
26
27Where things get nasty is in SCTP's side effect interpreter, that
28is, sctp_cmd_interpreter():
29
30While incoming ASCONF_a (chunk = event_arg) is being marked
31!end_of_packet and !singleton, and we have an association context,
32we do not flush the outqueue the first time after processing the
33ASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it
34queued up, although we set local_cork to 1. Commit 2e3216cd54b1
35changed the precedence, so that as long as we get bundled, incoming
36chunks we try possible bundling on outgoing queue as well. Before
37this commit, we would just flush the output queue.
38
39Now, while ASCONF_a's ASCONF_ACK sits in the corked outq, we
40continue to process the same ASCONF_b chunk from the packet. As
41we have cached the previous ASCONF_ACK, we find it, grab it and
42do another SCTP_CMD_REPLY command on it. So, effectively, we rip
43the chunk->list pointers and requeue the same ASCONF_ACK chunk
44another time. Since we process ASCONF_b, it's correctly marked
45with end_of_packet and we enforce an uncork, and thus flush, thus
46crashing the kernel.
47
48Fix it by testing if the ASCONF_ACK is currently pending and if
49that is the case, do not requeue it. When flushing the output
50queue we may relink the chunk for preparing an outgoing packet,
51but eventually unlink it when it's copied into the skb right
52before transmission.
53
54Joint work with Vlad Yasevich.
55
56Fixes CVE-2014-3687
57Upstream-Status: Backport
58
59Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
60Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
61Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
62Signed-off-by: David S. Miller <davem@davemloft.net>
63Cc: Josh Boyer <jwboyer@fedoraproject.org>
64Signed-off-by: Jiri Slaby <jslaby@suse.cz>
65Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
66---
67 include/net/sctp/sctp.h | 5 +++++
68 net/sctp/associola.c | 2 ++
69 2 files changed, 7 insertions(+)
70
71diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
72index 3794c5a..3848934 100644
73--- a/include/net/sctp/sctp.h
74+++ b/include/net/sctp/sctp.h
75@@ -454,6 +454,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat
76 asoc->pmtu_pending = 0;
77 }
78
79+static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk)
80+{
81+ return !list_empty(&chunk->list);
82+}
83+
84 /* Walk through a list of TLV parameters. Don't trust the
85 * individual parameter lengths and instead depend on
86 * the chunk length to indicate when to stop. Make sure
87diff --git a/net/sctp/associola.c b/net/sctp/associola.c
88index ad5cd6f..737050f 100644
89--- a/net/sctp/associola.c
90+++ b/net/sctp/associola.c
91@@ -1645,6 +1645,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
92 * ack chunk whose serial number matches that of the request.
93 */
94 list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) {
95+ if (sctp_chunk_pending(ack))
96+ continue;
97 if (ack->subh.addip_hdr->serial == serial) {
98 sctp_chunk_hold(ack);
99 return ack;
100--
1011.9.1
102
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch
new file mode 100644
index 00000000..a43b8956
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0002-shmem-CVE-2014-4171.patch
@@ -0,0 +1,200 @@
1From 38d05809df1ea5272a658e7f4d5f2a3027ad2fd2 Mon Sep 17 00:00:00 2001
2From: Hugh Dickins <hughd@google.com>
3Date: Wed, 23 Jul 2014 14:00:10 -0700
4Subject: [PATCH 2/3] shmem: fix faulting into a hole, not taking i_mutex
5
6commit 8e205f779d1443a94b5ae81aa359cb535dd3021e upstream.
7
8Commit f00cdc6df7d7 ("shmem: fix faulting into a hole while it's
9punched") was buggy: Sasha sent a lockdep report to remind us that
10grabbing i_mutex in the fault path is a no-no (write syscall may already
11hold i_mutex while faulting user buffer).
12
13We tried a completely different approach (see following patch) but that
14proved inadequate: good enough for a rational workload, but not good
15enough against trinity - which forks off so many mappings of the object
16that contention on i_mmap_mutex while hole-puncher holds i_mutex builds
17into serious starvation when concurrent faults force the puncher to fall
18back to single-page unmap_mapping_range() searches of the i_mmap tree.
19
20So return to the original umbrella approach, but keep away from i_mutex
21this time. We really don't want to bloat every shmem inode with a new
22mutex or completion, just to protect this unlikely case from trinity.
23So extend the original with wait_queue_head on stack at the hole-punch
24end, and wait_queue item on the stack at the fault end.
25
26This involves further use of i_lock to guard against the races: lockdep
27has been happy so far, and I see fs/inode.c:unlock_new_inode() holds
28i_lock around wake_up_bit(), which is comparable to what we do here.
29i_lock is more convenient, but we could switch to shmem's info->lock.
30
31This issue has been tagged with CVE-2014-4171, which will require commit
32f00cdc6df7d7 and this and the following patch to be backported: we
33suggest to 3.1+, though in fact the trinity forkbomb effect might go
34back as far as 2.6.16, when madvise(,,MADV_REMOVE) came in - or might
35not, since much has changed, with i_mmap_mutex a spinlock before 3.0.
36Anyone running trinity on 3.0 and earlier? I don't think we need care.
37
38Upstream-Status: Backport
39
40Signed-off-by: Hugh Dickins <hughd@google.com>
41Reported-by: Sasha Levin <sasha.levin@oracle.com>
42Tested-by: Sasha Levin <sasha.levin@oracle.com>
43Cc: Vlastimil Babka <vbabka@suse.cz>
44Cc: Konstantin Khlebnikov <koct9i@gmail.com>
45Cc: Johannes Weiner <hannes@cmpxchg.org>
46Cc: Lukas Czerner <lczerner@redhat.com>
47Cc: Dave Jones <davej@redhat.com>
48Cc: <stable@vger.kernel.org> [3.1+]
49Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
50Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
51Signed-off-by: Jiri Slaby <jslaby@suse.cz>
52Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
53---
54 mm/shmem.c | 78 +++++++++++++++++++++++++++++++++++++++++---------------------
55 1 file changed, 52 insertions(+), 26 deletions(-)
56
57diff --git a/mm/shmem.c b/mm/shmem.c
58index 00d412f..6f5626f 100644
59--- a/mm/shmem.c
60+++ b/mm/shmem.c
61@@ -85,7 +85,7 @@ static struct vfsmount *shm_mnt;
62 * a time): we would prefer not to enlarge the shmem inode just for that.
63 */
64 struct shmem_falloc {
65- int mode; /* FALLOC_FL mode currently operating */
66+ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
67 pgoff_t start; /* start of range currently being fallocated */
68 pgoff_t next; /* the next page offset to be fallocated */
69 pgoff_t nr_falloced; /* how many new pages have been fallocated */
70@@ -827,7 +827,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
71 spin_lock(&inode->i_lock);
72 shmem_falloc = inode->i_private;
73 if (shmem_falloc &&
74- !shmem_falloc->mode &&
75+ !shmem_falloc->waitq &&
76 index >= shmem_falloc->start &&
77 index < shmem_falloc->next)
78 shmem_falloc->nr_unswapped++;
79@@ -1306,38 +1306,58 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
80 * Trinity finds that probing a hole which tmpfs is punching can
81 * prevent the hole-punch from ever completing: which in turn
82 * locks writers out with its hold on i_mutex. So refrain from
83- * faulting pages into the hole while it's being punched, and
84- * wait on i_mutex to be released if vmf->flags permits.
85+ * faulting pages into the hole while it's being punched. Although
86+ * shmem_undo_range() does remove the additions, it may be unable to
87+ * keep up, as each new page needs its own unmap_mapping_range() call,
88+ * and the i_mmap tree grows ever slower to scan if new vmas are added.
89+ *
90+ * It does not matter if we sometimes reach this check just before the
91+ * hole-punch begins, so that one fault then races with the punch:
92+ * we just need to make racing faults a rare case.
93+ *
94+ * The implementation below would be much simpler if we just used a
95+ * standard mutex or completion: but we cannot take i_mutex in fault,
96+ * and bloating every shmem inode for this unlikely case would be sad.
97 */
98 if (unlikely(inode->i_private)) {
99 struct shmem_falloc *shmem_falloc;
100
101 spin_lock(&inode->i_lock);
102 shmem_falloc = inode->i_private;
103- if (!shmem_falloc ||
104- shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
105- vmf->pgoff < shmem_falloc->start ||
106- vmf->pgoff >= shmem_falloc->next)
107- shmem_falloc = NULL;
108- spin_unlock(&inode->i_lock);
109- /*
110- * i_lock has protected us from taking shmem_falloc seriously
111- * once return from shmem_fallocate() went back up that stack.
112- * i_lock does not serialize with i_mutex at all, but it does
113- * not matter if sometimes we wait unnecessarily, or sometimes
114- * miss out on waiting: we just need to make those cases rare.
115- */
116- if (shmem_falloc) {
117+ if (shmem_falloc &&
118+ shmem_falloc->waitq &&
119+ vmf->pgoff >= shmem_falloc->start &&
120+ vmf->pgoff < shmem_falloc->next) {
121+ wait_queue_head_t *shmem_falloc_waitq;
122+ DEFINE_WAIT(shmem_fault_wait);
123+
124+ ret = VM_FAULT_NOPAGE;
125 if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
126 !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
127+ /* It's polite to up mmap_sem if we can */
128 up_read(&vma->vm_mm->mmap_sem);
129- mutex_lock(&inode->i_mutex);
130- mutex_unlock(&inode->i_mutex);
131- return VM_FAULT_RETRY;
132+ ret = VM_FAULT_RETRY;
133 }
134- /* cond_resched? Leave that to GUP or return to user */
135- return VM_FAULT_NOPAGE;
136+
137+ shmem_falloc_waitq = shmem_falloc->waitq;
138+ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
139+ TASK_UNINTERRUPTIBLE);
140+ spin_unlock(&inode->i_lock);
141+ schedule();
142+
143+ /*
144+ * shmem_falloc_waitq points into the shmem_fallocate()
145+ * stack of the hole-punching task: shmem_falloc_waitq
146+ * is usually invalid by the time we reach here, but
147+ * finish_wait() does not dereference it in that case;
148+ * though i_lock needed lest racing with wake_up_all().
149+ */
150+ spin_lock(&inode->i_lock);
151+ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
152+ spin_unlock(&inode->i_lock);
153+ return ret;
154 }
155+ spin_unlock(&inode->i_lock);
156 }
157
158 error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
159@@ -1855,13 +1875,13 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
160
161 mutex_lock(&inode->i_mutex);
162
163- shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE;
164-
165 if (mode & FALLOC_FL_PUNCH_HOLE) {
166 struct address_space *mapping = file->f_mapping;
167 loff_t unmap_start = round_up(offset, PAGE_SIZE);
168 loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
169+ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
170
171+ shmem_falloc.waitq = &shmem_falloc_waitq;
172 shmem_falloc.start = unmap_start >> PAGE_SHIFT;
173 shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
174 spin_lock(&inode->i_lock);
175@@ -1873,8 +1893,13 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
176 1 + unmap_end - unmap_start, 0);
177 shmem_truncate_range(inode, offset, offset + len - 1);
178 /* No need to unmap again: hole-punching leaves COWed pages */
179+
180+ spin_lock(&inode->i_lock);
181+ inode->i_private = NULL;
182+ wake_up_all(&shmem_falloc_waitq);
183+ spin_unlock(&inode->i_lock);
184 error = 0;
185- goto undone;
186+ goto out;
187 }
188
189 /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
190@@ -1890,6 +1915,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
191 goto out;
192 }
193
194+ shmem_falloc.waitq = NULL;
195 shmem_falloc.start = start;
196 shmem_falloc.next = start;
197 shmem_falloc.nr_falloced = 0;
198--
1991.9.1
200
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch
new file mode 100644
index 00000000..f58b2f0e
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-HID-CVE-2014-3184.patch
@@ -0,0 +1,114 @@
1From 4ab25786c87eb20857bbb715c3ae34ec8fd6a214 Mon Sep 17 00:00:00 2001
2From: Jiri Kosina <jkosina@suse.cz>
3Date: Thu, 21 Aug 2014 09:57:48 -0500
4Subject: [PATCH] HID: fix a couple of off-by-ones
5
6There are a few very theoretical off-by-one bugs in report descriptor size
7checking when performing a pre-parsing fixup. Fix those.
8
9This fixes CVE-2014-3184
10Upstream-Status: Backport
11
12Cc: stable@vger.kernel.org
13Reported-by: Ben Hawkes <hawkes@google.com>
14Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
15Signed-off-by: Jiri Kosina <jkosina@suse.cz>
16Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
17---
18 drivers/hid/hid-cherry.c | 2 +-
19 drivers/hid/hid-kye.c | 2 +-
20 drivers/hid/hid-lg.c | 4 ++--
21 drivers/hid/hid-monterey.c | 2 +-
22 drivers/hid/hid-petalynx.c | 2 +-
23 drivers/hid/hid-sunplus.c | 2 +-
24 6 files changed, 7 insertions(+), 7 deletions(-)
25
26diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
27index 1bdcccc..f745d2c 100644
28--- a/drivers/hid/hid-cherry.c
29+++ b/drivers/hid/hid-cherry.c
30@@ -28,7 +28,7 @@
31 static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
32 unsigned int *rsize)
33 {
34- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
35+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
36 hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
37 rdesc[11] = rdesc[16] = 0xff;
38 rdesc[12] = rdesc[17] = 0x03;
39diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
40index e776963..b92bf01 100644
41--- a/drivers/hid/hid-kye.c
42+++ b/drivers/hid/hid-kye.c
43@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
44 * - change the button usage range to 4-7 for the extra
45 * buttons
46 */
47- if (*rsize >= 74 &&
48+ if (*rsize >= 75 &&
49 rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
50 rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
51 rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
52diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
53index a976f48..f91ff14 100644
54--- a/drivers/hid/hid-lg.c
55+++ b/drivers/hid/hid-lg.c
56@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
57 struct usb_device_descriptor *udesc;
58 __u16 bcdDevice, rev_maj, rev_min;
59
60- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
61+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
62 rdesc[84] == 0x8c && rdesc[85] == 0x02) {
63 hid_info(hdev,
64 "fixing up Logitech keyboard report descriptor\n");
65 rdesc[84] = rdesc[89] = 0x4d;
66 rdesc[85] = rdesc[90] = 0x10;
67 }
68- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
69+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
70 rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
71 rdesc[49] == 0x81 && rdesc[50] == 0x06) {
72 hid_info(hdev,
73diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
74index 9e14c00..25daf28 100644
75--- a/drivers/hid/hid-monterey.c
76+++ b/drivers/hid/hid-monterey.c
77@@ -24,7 +24,7 @@
78 static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
79 unsigned int *rsize)
80 {
81- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
82+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
83 hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
84 rdesc[30] = 0x0c;
85 }
86diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
87index 736b250..6aca4f2 100644
88--- a/drivers/hid/hid-petalynx.c
89+++ b/drivers/hid/hid-petalynx.c
90@@ -25,7 +25,7 @@
91 static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
92 unsigned int *rsize)
93 {
94- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
95+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
96 rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
97 rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
98 hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
99diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
100index 87fc91e..91072fa 100644
101--- a/drivers/hid/hid-sunplus.c
102+++ b/drivers/hid/hid-sunplus.c
103@@ -24,7 +24,7 @@
104 static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
105 unsigned int *rsize)
106 {
107- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
108+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
109 rdesc[106] == 0x03) {
110 hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
111 rdesc[105] = rdesc[110] = 0x03;
112--
1131.9.1
114
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 00000000..aa5ca1bc
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,137 @@
1From 8b18c0adbc5d0cb1530692e72bcfb88fd7bb77bb Mon Sep 17 00:00:00 2001
2From: "Eric W. Biederman" <ebiederm@xmission.com>
3Date: Mon, 28 Jul 2014 17:26:07 -0700
4Subject: [PATCH] mnt: Correct permission checks in do_remount
5
6commit 9566d6742852c527bf5af38af5cbb878dad75705 upstream.
7
8While invesgiating the issue where in "mount --bind -oremount,ro ..."
9would result in later "mount --bind -oremount,rw" succeeding even if
10the mount started off locked I realized that there are several
11additional mount flags that should be locked and are not.
12
13In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime
14flags in addition to MNT_READONLY should all be locked. These
15flags are all per superblock, can all be changed with MS_BIND,
16and should not be changable if set by a more privileged user.
17
18The following additions to the current logic are added in this patch.
19- nosuid may not be clearable by a less privileged user.
20- nodev may not be clearable by a less privielged user.
21- noexec may not be clearable by a less privileged user.
22- atime flags may not be changeable by a less privileged user.
23
24The logic with atime is that always setting atime on access is a
25global policy and backup software and auditing software could break if
26atime bits are not updated (when they are configured to be updated),
27and serious performance degradation could result (DOS attack) if atime
28updates happen when they have been explicitly disabled. Therefore an
29unprivileged user should not be able to mess with the atime bits set
30by a more privileged user.
31
32The additional restrictions are implemented with the addition of
33MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME
34mnt flags.
35
36Taken together these changes and the fixes for MNT_LOCK_READONLY
37should make it safe for an unprivileged user to create a user
38namespace and to call "mount --bind -o remount,... ..." without
39the danger of mount flags being changed maliciously.
40
41Fix for CVE-2014-5206 and CVE-2014-5207
42Upstream-Status: backport
43
44Cc: stable@vger.kernel.org
45Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
46Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
47Signed-off-by: Jiri Slaby <jslaby@suse.cz>
48Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
49---
50 fs/namespace.c | 36 +++++++++++++++++++++++++++++++++---
51 include/linux/mount.h | 5 +++++
52 2 files changed, 38 insertions(+), 3 deletions(-)
53
54diff --git a/fs/namespace.c b/fs/namespace.c
55index 8e90b03..7c67de8 100644
56--- a/fs/namespace.c
57+++ b/fs/namespace.c
58@@ -827,8 +827,21 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root,
59
60 mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD;
61 /* Don't allow unprivileged users to change mount flags */
62- if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY))
63- mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
64+ if (flag & CL_UNPRIVILEGED) {
65+ mnt->mnt.mnt_flags |= MNT_LOCK_ATIME;
66+
67+ if (mnt->mnt.mnt_flags & MNT_READONLY)
68+ mnt->mnt.mnt_flags |= MNT_LOCK_READONLY;
69+
70+ if (mnt->mnt.mnt_flags & MNT_NODEV)
71+ mnt->mnt.mnt_flags |= MNT_LOCK_NODEV;
72+
73+ if (mnt->mnt.mnt_flags & MNT_NOSUID)
74+ mnt->mnt.mnt_flags |= MNT_LOCK_NOSUID;
75+
76+ if (mnt->mnt.mnt_flags & MNT_NOEXEC)
77+ mnt->mnt.mnt_flags |= MNT_LOCK_NOEXEC;
78+ }
79
80 /* Don't allow unprivileged users to reveal what is under a mount */
81 if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire))
82@@ -1841,6 +1854,23 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
83 !(mnt_flags & MNT_READONLY)) {
84 return -EPERM;
85 }
86+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NODEV) &&
87+ !(mnt_flags & MNT_NODEV)) {
88+ return -EPERM;
89+ }
90+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOSUID) &&
91+ !(mnt_flags & MNT_NOSUID)) {
92+ return -EPERM;
93+ }
94+ if ((mnt->mnt.mnt_flags & MNT_LOCK_NOEXEC) &&
95+ !(mnt_flags & MNT_NOEXEC)) {
96+ return -EPERM;
97+ }
98+ if ((mnt->mnt.mnt_flags & MNT_LOCK_ATIME) &&
99+ ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (mnt_flags & MNT_ATIME_MASK))) {
100+ return -EPERM;
101+ }
102+
103 err = security_sb_remount(sb, data);
104 if (err)
105 return err;
106@@ -2043,7 +2073,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
107 */
108 if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) {
109 flags |= MS_NODEV;
110- mnt_flags |= MNT_NODEV;
111+ mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
112 }
113 }
114
115diff --git a/include/linux/mount.h b/include/linux/mount.h
116index 8707c9e..22e5b96 100644
117--- a/include/linux/mount.h
118+++ b/include/linux/mount.h
119@@ -45,10 +45,15 @@ struct mnt_namespace;
120 #define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
121 | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
122 | MNT_READONLY)
123+#define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME )
124
125
126 #define MNT_INTERNAL 0x4000
127
128+#define MNT_LOCK_ATIME 0x040000
129+#define MNT_LOCK_NOEXEC 0x080000
130+#define MNT_LOCK_NOSUID 0x100000
131+#define MNT_LOCK_NODEV 0x200000
132 #define MNT_LOCK_READONLY 0x400000
133 #define MNT_LOCKED 0x800000
134
135--
1361.9.1
137
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch
new file mode 100644
index 00000000..1b4716d0
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-net-sctp-CVE-2014-3688.patch
@@ -0,0 +1,160 @@
1From e476841415c1b7b54e4118d8a219f5db71878675 Mon Sep 17 00:00:00 2001
2From: Daniel Borkmann <dborkman@redhat.com>
3Date: Thu, 9 Oct 2014 22:55:33 +0200
4Subject: [PATCH] net: sctp: fix remote memory pressure from excessive queueing
5
6commit 26b87c7881006311828bb0ab271a551a62dcceb4 upstream.
7
8This scenario is not limited to ASCONF, just taken as one
9example triggering the issue. When receiving ASCONF probes
10in the form of ...
11
12 -------------- INIT[ASCONF; ASCONF_ACK] ------------->
13 <----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
14 -------------------- COOKIE-ECHO -------------------->
15 <-------------------- COOKIE-ACK ---------------------
16 ---- ASCONF_a; [ASCONF_b; ...; ASCONF_n;] JUNK ------>
17 [...]
18 ---- ASCONF_m; [ASCONF_o; ...; ASCONF_z;] JUNK ------>
19
20... where ASCONF_a, ASCONF_b, ..., ASCONF_z are good-formed
21ASCONFs and have increasing serial numbers, we process such
22ASCONF chunk(s) marked with !end_of_packet and !singleton,
23since we have not yet reached the SCTP packet end. SCTP does
24only do verification on a chunk by chunk basis, as an SCTP
25packet is nothing more than just a container of a stream of
26chunks which it eats up one by one.
27
28We could run into the case that we receive a packet with a
29malformed tail, above marked as trailing JUNK. All previous
30chunks are here goodformed, so the stack will eat up all
31previous chunks up to this point. In case JUNK does not fit
32into a chunk header and there are no more other chunks in
33the input queue, or in case JUNK contains a garbage chunk
34header, but the encoded chunk length would exceed the skb
35tail, or we came here from an entirely different scenario
36and the chunk has pdiscard=1 mark (without having had a flush
37point), it will happen, that we will excessively queue up
38the association's output queue (a correct final chunk may
39then turn it into a response flood when flushing the
40queue ;)): I ran a simple script with incremental ASCONF
41serial numbers and could see the server side consuming
42excessive amount of RAM [before/after: up to 2GB and more].
43
44The issue at heart is that the chunk train basically ends
45with !end_of_packet and !singleton markers and since commit
462e3216cd54b1 ("sctp: Follow security requirement of responding
47with 1 packet") therefore preventing an output queue flush
48point in sctp_do_sm() -> sctp_cmd_interpreter() on the input
49chunk (chunk = event_arg) even though local_cork is set,
50but its precedence has changed since then. In the normal
51case, the last chunk with end_of_packet=1 would trigger the
52queue flush to accommodate possible outgoing bundling.
53
54In the input queue, sctp_inq_pop() seems to do the right thing
55in terms of discarding invalid chunks. So, above JUNK will
56not enter the state machine and instead be released and exit
57the sctp_assoc_bh_rcv() chunk processing loop. It's simply
58the flush point being missing at loop exit. Adding a try-flush
59approach on the output queue might not work as the underlying
60infrastructure might be long gone at this point due to the
61side-effect interpreter run.
62
63One possibility, albeit a bit of a kludge, would be to defer
64invalid chunk freeing into the state machine in order to
65possibly trigger packet discards and thus indirectly a queue
66flush on error. It would surely be better to discard chunks
67as in the current, perhaps better controlled environment, but
68going back and forth, it's simply architecturally not possible.
69I tried various trailing JUNK attack cases and it seems to
70look good now.
71
72Joint work with Vlad Yasevich.
73
74Fixes CVE-2014-3688
75Upstream-Status: Backport
76
77Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
78Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
79Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
80Signed-off-by: David S. Miller <davem@davemloft.net>
81Cc: Josh Boyer <jwboyer@fedoraproject.org>
82Signed-off-by: Jiri Slaby <jslaby@suse.cz>
83Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
84---
85 net/sctp/inqueue.c | 33 +++++++--------------------------
86 net/sctp/sm_statefuns.c | 3 +++
87 2 files changed, 10 insertions(+), 26 deletions(-)
88
89diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
90index 5856932..560cd41 100644
91--- a/net/sctp/inqueue.c
92+++ b/net/sctp/inqueue.c
93@@ -141,18 +141,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
94 } else {
95 /* Nothing to do. Next chunk in the packet, please. */
96 ch = (sctp_chunkhdr_t *) chunk->chunk_end;
97-
98 /* Force chunk->skb->data to chunk->chunk_end. */
99- skb_pull(chunk->skb,
100- chunk->chunk_end - chunk->skb->data);
101-
102- /* Verify that we have at least chunk headers
103- * worth of buffer left.
104- */
105- if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) {
106- sctp_chunk_free(chunk);
107- chunk = queue->in_progress = NULL;
108- }
109+ skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data);
110+ /* We are guaranteed to pull a SCTP header. */
111 }
112 }
113
114@@ -188,24 +179,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
115 skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t));
116 chunk->subh.v = NULL; /* Subheader is no longer valid. */
117
118- if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) {
119+ if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) <
120+ skb_tail_pointer(chunk->skb)) {
121 /* This is not a singleton */
122 chunk->singleton = 0;
123 } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
124- /* RFC 2960, Section 6.10 Bundling
125- *
126- * Partial chunks MUST NOT be placed in an SCTP packet.
127- * If the receiver detects a partial chunk, it MUST drop
128- * the chunk.
129- *
130- * Since the end of the chunk is past the end of our buffer
131- * (which contains the whole packet, we can freely discard
132- * the whole packet.
133- */
134- sctp_chunk_free(chunk);
135- chunk = queue->in_progress = NULL;
136-
137- return NULL;
138+ /* Discard inside state machine. */
139+ chunk->pdiscard = 1;
140+ chunk->chunk_end = skb_tail_pointer(chunk->skb);
141 } else {
142 /* We are at the end of the packet, so mark the chunk
143 * in case we need to send a SACK.
144diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
145index 1dbcc6a..62623cc 100644
146--- a/net/sctp/sm_statefuns.c
147+++ b/net/sctp/sm_statefuns.c
148@@ -171,6 +171,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk,
149 {
150 __u16 chunk_length = ntohs(chunk->chunk_hdr->length);
151
152+ /* Previously already marked? */
153+ if (unlikely(chunk->pdiscard))
154+ return 0;
155 if (unlikely(chunk_length < required_length))
156 return 0;
157
158--
1591.9.1
160
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch
new file mode 100644
index 00000000..2b70ec1d
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0003-shmem-CVE-2014-4171.patch
@@ -0,0 +1,134 @@
1From a428dc008e435c5a36b1288fb5b8c4b58472e28c Mon Sep 17 00:00:00 2001
2From: Hugh Dickins <hughd@google.com>
3Date: Wed, 23 Jul 2014 14:00:13 -0700
4Subject: [PATCH 3/3] shmem: fix splicing from a hole while it's punched
5
6commit b1a366500bd537b50c3aad26dc7df083ec03a448 upstream.
7
8shmem_fault() is the actual culprit in trinity's hole-punch starvation,
9and the most significant cause of such problems: since a page faulted is
10one that then appears page_mapped(), needing unmap_mapping_range() and
11i_mmap_mutex to be unmapped again.
12
13But it is not the only way in which a page can be brought into a hole in
14the radix_tree while that hole is being punched; and Vlastimil's testing
15implies that if enough other processors are busy filling in the hole,
16then shmem_undo_range() can be kept from completing indefinitely.
17
18shmem_file_splice_read() is the main other user of SGP_CACHE, which can
19instantiate shmem pagecache pages in the read-only case (without holding
20i_mutex, so perhaps concurrently with a hole-punch). Probably it's
21silly not to use SGP_READ already (using the ZERO_PAGE for holes): which
22ought to be safe, but might bring surprises - not a change to be rushed.
23
24shmem_read_mapping_page_gfp() is an internal interface used by
25drivers/gpu/drm GEM (and next by uprobes): it should be okay. And
26shmem_file_read_iter() uses the SGP_DIRTY variant of SGP_CACHE, when
27called internally by the kernel (perhaps for a stacking filesystem,
28which might rely on holes to be reserved): it's unclear whether it could
29be provoked to keep hole-punch busy or not.
30
31We could apply the same umbrella as now used in shmem_fault() to
32shmem_file_splice_read() and the others; but it looks ugly, and use over
33a range raises questions - should it actually be per page? can these get
34starved themselves?
35
36The origin of this part of the problem is my v3.1 commit d0823576bf4b
37("mm: pincer in truncate_inode_pages_range"), once it was duplicated
38into shmem.c. It seemed like a nice idea at the time, to ensure
39(barring RCU lookup fuzziness) that there's an instant when the entire
40hole is empty; but the indefinitely repeated scans to ensure that make
41it vulnerable.
42
43Revert that "enhancement" to hole-punch from shmem_undo_range(), but
44retain the unproblematic rescanning when it's truncating; add a couple
45of comments there.
46
47Remove the "indices[0] >= end" test: that is now handled satisfactorily
48by the inner loop, and mem_cgroup_uncharge_start()/end() are too light
49to be worth avoiding here.
50
51But if we do not always loop indefinitely, we do need to handle the case
52of swap swizzled back to page before shmem_free_swap() gets it: add a
53retry for that case, as suggested by Konstantin Khlebnikov; and for the
54case of page swizzled back to swap, as suggested by Johannes Weiner.
55
56Upstream-Status: Backport
57
58Signed-off-by: Hugh Dickins <hughd@google.com>
59Reported-by: Sasha Levin <sasha.levin@oracle.com>
60Suggested-by: Vlastimil Babka <vbabka@suse.cz>
61Cc: Konstantin Khlebnikov <koct9i@gmail.com>
62Cc: Johannes Weiner <hannes@cmpxchg.org>
63Cc: Lukas Czerner <lczerner@redhat.com>
64Cc: Dave Jones <davej@redhat.com>
65Cc: <stable@vger.kernel.org> [3.1+]
66Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
67Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
68Signed-off-by: Jiri Slaby <jslaby@suse.cz>
69Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
70---
71 mm/shmem.c | 24 +++++++++++++++---------
72 1 file changed, 15 insertions(+), 9 deletions(-)
73
74diff --git a/mm/shmem.c b/mm/shmem.c
75index 6f5626f..0da81aa 100644
76--- a/mm/shmem.c
77+++ b/mm/shmem.c
78@@ -534,22 +534,19 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
79 return;
80
81 index = start;
82- for ( ; ; ) {
83+ while (index < end) {
84 cond_resched();
85 pvec.nr = shmem_find_get_pages_and_swap(mapping, index,
86 min(end - index, (pgoff_t)PAGEVEC_SIZE),
87 pvec.pages, indices);
88 if (!pvec.nr) {
89- if (index == start || unfalloc)
90+ /* If all gone or hole-punch or unfalloc, we're done */
91+ if (index == start || end != -1)
92 break;
93+ /* But if truncating, restart to make sure all gone */
94 index = start;
95 continue;
96 }
97- if ((index == start || unfalloc) && indices[0] >= end) {
98- shmem_deswap_pagevec(&pvec);
99- pagevec_release(&pvec);
100- break;
101- }
102 mem_cgroup_uncharge_start();
103 for (i = 0; i < pagevec_count(&pvec); i++) {
104 struct page *page = pvec.pages[i];
105@@ -561,8 +558,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
106 if (radix_tree_exceptional_entry(page)) {
107 if (unfalloc)
108 continue;
109- nr_swaps_freed += !shmem_free_swap(mapping,
110- index, page);
111+ if (shmem_free_swap(mapping, index, page)) {
112+ /* Swap was replaced by page: retry */
113+ index--;
114+ break;
115+ }
116+ nr_swaps_freed++;
117 continue;
118 }
119
120@@ -571,6 +572,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
121 if (page->mapping == mapping) {
122 VM_BUG_ON(PageWriteback(page));
123 truncate_inode_page(mapping, page);
124+ } else {
125+ /* Page was replaced by swap: retry */
126+ unlock_page(page);
127+ index--;
128+ break;
129 }
130 }
131 unlock_page(page);
132--
1331.9.1
134
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch
new file mode 100644
index 00000000..08208076
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0004-USB-CVE-2014-3185.patch
@@ -0,0 +1,51 @@
1From 6817ae225cd650fb1c3295d769298c38b1eba818 Mon Sep 17 00:00:00 2001
2From: James Forshaw <forshaw@google.com>
3Date: Sat, 23 Aug 2014 14:39:48 -0700
4Subject: [PATCH] USB: whiteheat: Added bounds checking for bulk command
5 response
6
7This patch fixes a potential security issue in the whiteheat USB driver
8which might allow a local attacker to cause kernel memory corrpution. This
9is due to an unchecked memcpy into a fixed size buffer (of 64 bytes). On
10EHCI and XHCI busses it's possible to craft responses greater than 64
11bytes leading a buffer overflow.
12
13This fixes CVE-2014-3185
14Upstream-Status: Backport
15
16Signed-off-by: James Forshaw <forshaw@google.com>
17Cc: stable <stable@vger.kernel.org>
18Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
20---
21 drivers/usb/serial/whiteheat.c | 7 ++++++-
22 1 file changed, 6 insertions(+), 1 deletion(-)
23
24diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
25index e62f2df..6c3734d 100644
26--- a/drivers/usb/serial/whiteheat.c
27+++ b/drivers/usb/serial/whiteheat.c
28@@ -514,6 +514,10 @@ static void command_port_read_callback(struct urb *urb)
29 dev_dbg(&urb->dev->dev, "%s - command_info is NULL, exiting.\n", __func__);
30 return;
31 }
32+ if (!urb->actual_length) {
33+ dev_dbg(&urb->dev->dev, "%s - empty response, exiting.\n", __func__);
34+ return;
35+ }
36 if (status) {
37 dev_dbg(&urb->dev->dev, "%s - nonzero urb status: %d\n", __func__, status);
38 if (status != -ENOENT)
39@@ -534,7 +538,8 @@ static void command_port_read_callback(struct urb *urb)
40 /* These are unsolicited reports from the firmware, hence no
41 waiting command to wakeup */
42 dev_dbg(&urb->dev->dev, "%s - event received\n", __func__);
43- } else if (data[0] == WHITEHEAT_GET_DTR_RTS) {
44+ } else if ((data[0] == WHITEHEAT_GET_DTR_RTS) &&
45+ (urb->actual_length - 1 <= sizeof(command_info->result_buffer))) {
46 memcpy(command_info->result_buffer, &data[1],
47 urb->actual_length - 1);
48 command_info->command_finished = WHITEHEAT_CMD_COMPLETE;
49--
501.9.1
51
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 00000000..8cd4b130
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0004-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,64 @@
1From fafbc9412b8f2dae04bc3ca233ae7b49482c8df8 Mon Sep 17 00:00:00 2001
2From: "Eric W. Biederman" <ebiederm@xmission.com>
3Date: Mon, 28 Jul 2014 17:36:04 -0700
4Subject: [PATCH] mnt: Change the default remount atime from relatime to the
5 existing value
6
7commit ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e upstream.
8
9Since March 2009 the kernel has treated the state that if no
10MS_..ATIME flags are passed then the kernel defaults to relatime.
11
12Defaulting to relatime instead of the existing atime state during a
13remount is silly, and causes problems in practice for people who don't
14specify any MS_...ATIME flags and to get the default filesystem atime
15setting. Those users may encounter a permission error because the
16default atime setting does not work.
17
18A default that does not work and causes permission problems is
19ridiculous, so preserve the existing value to have a default
20atime setting that is always guaranteed to work.
21
22Using the default atime setting in this way is particularly
23interesting for applications built to run in restricted userspace
24environments without /proc mounted, as the existing atime mount
25options of a filesystem can not be read from /proc/mounts.
26
27In practice this fixes user space that uses the default atime
28setting on remount that are broken by the permission checks
29keeping less privileged users from changing more privileged users
30atime settings.
31
32Fix for CVE-2014-5206 and CVE-2014-5207
33Upstream-Status: backport
34
35Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
36Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
37Signed-off-by: Jiri Slaby <jslaby@suse.cz>
38Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
39---
40 fs/namespace.c | 8 ++++++++
41 1 file changed, 8 insertions(+)
42
43diff --git a/fs/namespace.c b/fs/namespace.c
44index 7c67de8..4ea2b73 100644
45--- a/fs/namespace.c
46+++ b/fs/namespace.c
47@@ -2391,6 +2391,14 @@ long do_mount(const char *dev_name, const char *dir_name,
48 if (flags & MS_RDONLY)
49 mnt_flags |= MNT_READONLY;
50
51+ /* The default atime for remount is preservation */
52+ if ((flags & MS_REMOUNT) &&
53+ ((flags & (MS_NOATIME | MS_NODIRATIME | MS_RELATIME |
54+ MS_STRICTATIME)) == 0)) {
55+ mnt_flags &= ~MNT_ATIME_MASK;
56+ mnt_flags |= path.mnt->mnt_flags & MNT_ATIME_MASK;
57+ }
58+
59 flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_BORN |
60 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
61 MS_STRICTATIME);
62--
631.9.1
64
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch b/meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch
new file mode 100644
index 00000000..caa89db4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/0005-mnt-CVE-2014-5206_CVE-2014-5207.patch
@@ -0,0 +1,324 @@
1From 4194b9700ce41ff2f7031aa0c6108c2539028ab5 Mon Sep 17 00:00:00 2001
2From: "Eric W. Biederman" <ebiederm@xmission.com>
3Date: Tue, 29 Jul 2014 15:50:44 -0700
4Subject: [PATCH] mnt: Add tests for unprivileged remount cases that have found
5 to be faulty
6
7commit db181ce011e3c033328608299cd6fac06ea50130 upstream.
8
9Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
10read-only bind mount read-only in a user namespace the
11MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
12to the remount a read-only mount read-write.
13
14Upon review of the code in remount it was discovered that the code allowed
15nosuid, noexec, and nodev to be cleared. It was also discovered that
16the code was allowing the per mount atime flags to be changed.
17
18The first naive patch to fix these issues contained the flaw that using
19default atime settings when remounting a filesystem could be disallowed.
20
21To avoid this problems in the future add tests to ensure unprivileged
22remounts are succeeding and failing at the appropriate times.
23
24Fix for CVE-2014-5206 and CVE-2014-5207
25Upstream-Status: backport
26
27Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
28Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
29Signed-off-by: Jiri Slaby <jslaby@suse.cz>
30Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
31---
32 tools/testing/selftests/Makefile | 1 +
33 tools/testing/selftests/mount/Makefile | 17 ++
34 .../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
35 3 files changed, 260 insertions(+)
36 create mode 100644 tools/testing/selftests/mount/Makefile
37 create mode 100644 tools/testing/selftests/mount/unprivileged-remount-test.c
38
39diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
40index 9f3eae2..2d9ab94 100644
41--- a/tools/testing/selftests/Makefile
42+++ b/tools/testing/selftests/Makefile
43@@ -4,6 +4,7 @@ TARGETS += efivarfs
44 TARGETS += kcmp
45 TARGETS += memory-hotplug
46 TARGETS += mqueue
47+TARGETS += mount
48 TARGETS += net
49 TARGETS += ptrace
50 TARGETS += timers
51diff --git a/tools/testing/selftests/mount/Makefile b/tools/testing/selftests/mount/Makefile
52new file mode 100644
53index 0000000..337d853
54--- /dev/null
55+++ b/tools/testing/selftests/mount/Makefile
56@@ -0,0 +1,17 @@
57+# Makefile for mount selftests.
58+
59+all: unprivileged-remount-test
60+
61+unprivileged-remount-test: unprivileged-remount-test.c
62+ gcc -Wall -O2 unprivileged-remount-test.c -o unprivileged-remount-test
63+
64+# Allow specific tests to be selected.
65+test_unprivileged_remount: unprivileged-remount-test
66+ @if [ -f /proc/self/uid_map ] ; then ./unprivileged-remount-test ; fi
67+
68+run_tests: all test_unprivileged_remount
69+
70+clean:
71+ rm -f unprivileged-remount-test
72+
73+.PHONY: all test_unprivileged_remount
74diff --git a/tools/testing/selftests/mount/unprivileged-remount-test.c b/tools/testing/selftests/mount/unprivileged-remount-test.c
75new file mode 100644
76index 0000000..1b3ff2f
77--- /dev/null
78+++ b/tools/testing/selftests/mount/unprivileged-remount-test.c
79@@ -0,0 +1,242 @@
80+#define _GNU_SOURCE
81+#include <sched.h>
82+#include <stdio.h>
83+#include <errno.h>
84+#include <string.h>
85+#include <sys/types.h>
86+#include <sys/mount.h>
87+#include <sys/wait.h>
88+#include <stdlib.h>
89+#include <unistd.h>
90+#include <fcntl.h>
91+#include <grp.h>
92+#include <stdbool.h>
93+#include <stdarg.h>
94+
95+#ifndef CLONE_NEWNS
96+# define CLONE_NEWNS 0x00020000
97+#endif
98+#ifndef CLONE_NEWUTS
99+# define CLONE_NEWUTS 0x04000000
100+#endif
101+#ifndef CLONE_NEWIPC
102+# define CLONE_NEWIPC 0x08000000
103+#endif
104+#ifndef CLONE_NEWNET
105+# define CLONE_NEWNET 0x40000000
106+#endif
107+#ifndef CLONE_NEWUSER
108+# define CLONE_NEWUSER 0x10000000
109+#endif
110+#ifndef CLONE_NEWPID
111+# define CLONE_NEWPID 0x20000000
112+#endif
113+
114+#ifndef MS_RELATIME
115+#define MS_RELATIME (1 << 21)
116+#endif
117+#ifndef MS_STRICTATIME
118+#define MS_STRICTATIME (1 << 24)
119+#endif
120+
121+static void die(char *fmt, ...)
122+{
123+ va_list ap;
124+ va_start(ap, fmt);
125+ vfprintf(stderr, fmt, ap);
126+ va_end(ap);
127+ exit(EXIT_FAILURE);
128+}
129+
130+static void write_file(char *filename, char *fmt, ...)
131+{
132+ char buf[4096];
133+ int fd;
134+ ssize_t written;
135+ int buf_len;
136+ va_list ap;
137+
138+ va_start(ap, fmt);
139+ buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
140+ va_end(ap);
141+ if (buf_len < 0) {
142+ die("vsnprintf failed: %s\n",
143+ strerror(errno));
144+ }
145+ if (buf_len >= sizeof(buf)) {
146+ die("vsnprintf output truncated\n");
147+ }
148+
149+ fd = open(filename, O_WRONLY);
150+ if (fd < 0) {
151+ die("open of %s failed: %s\n",
152+ filename, strerror(errno));
153+ }
154+ written = write(fd, buf, buf_len);
155+ if (written != buf_len) {
156+ if (written >= 0) {
157+ die("short write to %s\n", filename);
158+ } else {
159+ die("write to %s failed: %s\n",
160+ filename, strerror(errno));
161+ }
162+ }
163+ if (close(fd) != 0) {
164+ die("close of %s failed: %s\n",
165+ filename, strerror(errno));
166+ }
167+}
168+
169+static void create_and_enter_userns(void)
170+{
171+ uid_t uid;
172+ gid_t gid;
173+
174+ uid = getuid();
175+ gid = getgid();
176+
177+ if (unshare(CLONE_NEWUSER) !=0) {
178+ die("unshare(CLONE_NEWUSER) failed: %s\n",
179+ strerror(errno));
180+ }
181+
182+ write_file("/proc/self/uid_map", "0 %d 1", uid);
183+ write_file("/proc/self/gid_map", "0 %d 1", gid);
184+
185+ if (setgroups(0, NULL) != 0) {
186+ die("setgroups failed: %s\n",
187+ strerror(errno));
188+ }
189+ if (setgid(0) != 0) {
190+ die ("setgid(0) failed %s\n",
191+ strerror(errno));
192+ }
193+ if (setuid(0) != 0) {
194+ die("setuid(0) failed %s\n",
195+ strerror(errno));
196+ }
197+}
198+
199+static
200+bool test_unpriv_remount(int mount_flags, int remount_flags, int invalid_flags)
201+{
202+ pid_t child;
203+
204+ child = fork();
205+ if (child == -1) {
206+ die("fork failed: %s\n",
207+ strerror(errno));
208+ }
209+ if (child != 0) { /* parent */
210+ pid_t pid;
211+ int status;
212+ pid = waitpid(child, &status, 0);
213+ if (pid == -1) {
214+ die("waitpid failed: %s\n",
215+ strerror(errno));
216+ }
217+ if (pid != child) {
218+ die("waited for %d got %d\n",
219+ child, pid);
220+ }
221+ if (!WIFEXITED(status)) {
222+ die("child did not terminate cleanly\n");
223+ }
224+ return WEXITSTATUS(status) == EXIT_SUCCESS ? true : false;
225+ }
226+
227+ create_and_enter_userns();
228+ if (unshare(CLONE_NEWNS) != 0) {
229+ die("unshare(CLONE_NEWNS) failed: %s\n",
230+ strerror(errno));
231+ }
232+
233+ if (mount("testing", "/tmp", "ramfs", mount_flags, NULL) != 0) {
234+ die("mount of /tmp failed: %s\n",
235+ strerror(errno));
236+ }
237+
238+ create_and_enter_userns();
239+
240+ if (unshare(CLONE_NEWNS) != 0) {
241+ die("unshare(CLONE_NEWNS) failed: %s\n",
242+ strerror(errno));
243+ }
244+
245+ if (mount("/tmp", "/tmp", "none",
246+ MS_REMOUNT | MS_BIND | remount_flags, NULL) != 0) {
247+ /* system("cat /proc/self/mounts"); */
248+ die("remount of /tmp failed: %s\n",
249+ strerror(errno));
250+ }
251+
252+ if (mount("/tmp", "/tmp", "none",
253+ MS_REMOUNT | MS_BIND | invalid_flags, NULL) == 0) {
254+ /* system("cat /proc/self/mounts"); */
255+ die("remount of /tmp with invalid flags "
256+ "succeeded unexpectedly\n");
257+ }
258+ exit(EXIT_SUCCESS);
259+}
260+
261+static bool test_unpriv_remount_simple(int mount_flags)
262+{
263+ return test_unpriv_remount(mount_flags, mount_flags, 0);
264+}
265+
266+static bool test_unpriv_remount_atime(int mount_flags, int invalid_flags)
267+{
268+ return test_unpriv_remount(mount_flags, mount_flags, invalid_flags);
269+}
270+
271+int main(int argc, char **argv)
272+{
273+ if (!test_unpriv_remount_simple(MS_RDONLY|MS_NODEV)) {
274+ die("MS_RDONLY malfunctions\n");
275+ }
276+ if (!test_unpriv_remount_simple(MS_NODEV)) {
277+ die("MS_NODEV malfunctions\n");
278+ }
279+ if (!test_unpriv_remount_simple(MS_NOSUID|MS_NODEV)) {
280+ die("MS_NOSUID malfunctions\n");
281+ }
282+ if (!test_unpriv_remount_simple(MS_NOEXEC|MS_NODEV)) {
283+ die("MS_NOEXEC malfunctions\n");
284+ }
285+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODEV,
286+ MS_NOATIME|MS_NODEV))
287+ {
288+ die("MS_RELATIME malfunctions\n");
289+ }
290+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODEV,
291+ MS_NOATIME|MS_NODEV))
292+ {
293+ die("MS_STRICTATIME malfunctions\n");
294+ }
295+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODEV,
296+ MS_STRICTATIME|MS_NODEV))
297+ {
298+ die("MS_RELATIME malfunctions\n");
299+ }
300+ if (!test_unpriv_remount_atime(MS_RELATIME|MS_NODIRATIME|MS_NODEV,
301+ MS_NOATIME|MS_NODEV))
302+ {
303+ die("MS_RELATIME malfunctions\n");
304+ }
305+ if (!test_unpriv_remount_atime(MS_STRICTATIME|MS_NODIRATIME|MS_NODEV,
306+ MS_NOATIME|MS_NODEV))
307+ {
308+ die("MS_RELATIME malfunctions\n");
309+ }
310+ if (!test_unpriv_remount_atime(MS_NOATIME|MS_NODIRATIME|MS_NODEV,
311+ MS_STRICTATIME|MS_NODEV))
312+ {
313+ die("MS_RELATIME malfunctions\n");
314+ }
315+ if (!test_unpriv_remount(MS_STRICTATIME|MS_NODEV, MS_NODEV,
316+ MS_NOATIME|MS_NODEV))
317+ {
318+ die("Default atime malfunctions\n");
319+ }
320+ return EXIT_SUCCESS;
321+}
322--
3231.9.1
324
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
new file mode 100644
index 00000000..7d165356
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch
@@ -0,0 +1,41 @@
1CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
2
3A NULL pointer dereference flaw was found in the way the
4Linux kernel's Stream Control Transmission Protocol
5(SCTP) implementation handled simultaneous connections
6between the same hosts. A remote attacker could use this
7flaw to crash the system.
8
9Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
10
11References:
12 - https://access.redhat.com/security/cve/CVE-2014-5077
13 - http://patchwork.ozlabs.org/patch/372475/
14
15Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
16Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
17Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
18Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
19Cc: Vlad Yasevich <vyasevich@gmail.com>
20Acked-by: Vlad Yasevich <vyasevich@gmail.com>
21Signed-off-by: David S. Miller <davem@davemloft.net>
22Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
23---
24 net/sctp/associola.c | 1 +
25 1 file changed, 1 insertion(+)
26
27diff --git a/net/sctp/associola.c b/net/sctp/associola.c
28index 9de23a2..06a9ee6 100644
29--- a/net/sctp/associola.c
30+++ b/net/sctp/associola.c
31@@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
32 asoc->c = new->c;
33 asoc->peer.rwnd = new->peer.rwnd;
34 asoc->peer.sack_needed = new->peer.sack_needed;
35+ asoc->peer.auth_capable = new->peer.auth_capable;
36 asoc->peer.i = new->peer.i;
37 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
38 asoc->peer.i.initial_tsn, GFP_ATOMIC);
39--
401.9.1
41
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch
new file mode 100644
index 00000000..65107d63
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-CVE-2014-5471_CVE-2014-5472.patch
@@ -0,0 +1,212 @@
1From 4488e1f5ef40441c9846b1d0a29152c208a05e66 Mon Sep 17 00:00:00 2001
2From: Jan Kara <jack@suse.cz>
3Date: Sun, 17 Aug 2014 11:49:57 +0200
4Subject: [PATCH] isofs: Fix unbounded recursion when processing relocated
5 directories
6
7commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 upstream.
8
9We did not check relocated directory in any way when processing Rock
10Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
11entry pointing to another CL entry leading to possibly unbounded
12recursion in kernel code and thus stack overflow or deadlocks (if there
13is a loop created from CL entries).
14
15Fix the problem by not allowing CL entry to point to a directory entry
16with CL entry (such use makes no good sense anyway) and by checking
17whether CL entry doesn't point to itself.
18
19Upstream status: backported (from v3.12 e4ca8b780c82c04ec0)
20
21Reported-by: Chris Evans <cevans@google.com>
22Signed-off-by: Jan Kara <jack@suse.cz>
23Signed-off-by: Jiri Slaby <jslaby@suse.cz>
24Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
25---
26 fs/isofs/inode.c | 15 ++++++++-------
27 fs/isofs/isofs.h | 23 +++++++++++++++++++----
28 fs/isofs/rock.c | 39 ++++++++++++++++++++++++++++-----------
29 3 files changed, 55 insertions(+), 22 deletions(-)
30
31diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
32index e5d408a..2e2af97 100644
33--- a/fs/isofs/inode.c
34+++ b/fs/isofs/inode.c
35@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
36 return;
37 }
38
39-static int isofs_read_inode(struct inode *);
40+static int isofs_read_inode(struct inode *, int relocated);
41 static int isofs_statfs (struct dentry *, struct kstatfs *);
42
43 static struct kmem_cache *isofs_inode_cachep;
44@@ -1258,7 +1258,7 @@ out_toomany:
45 goto out;
46 }
47
48-static int isofs_read_inode(struct inode *inode)
49+static int isofs_read_inode(struct inode *inode, int relocated)
50 {
51 struct super_block *sb = inode->i_sb;
52 struct isofs_sb_info *sbi = ISOFS_SB(sb);
53@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode)
54 */
55
56 if (!high_sierra) {
57- parse_rock_ridge_inode(de, inode);
58+ parse_rock_ridge_inode(de, inode, relocated);
59 /* if we want uid/gid set, override the rock ridge setting */
60 if (sbi->s_uid_set)
61 inode->i_uid = sbi->s_uid;
62@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
63 * offset that point to the underlying meta-data for the inode. The
64 * code below is otherwise similar to the iget() code in
65 * include/linux/fs.h */
66-struct inode *isofs_iget(struct super_block *sb,
67- unsigned long block,
68- unsigned long offset)
69+struct inode *__isofs_iget(struct super_block *sb,
70+ unsigned long block,
71+ unsigned long offset,
72+ int relocated)
73 {
74 unsigned long hashval;
75 struct inode *inode;
76@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb,
77 return ERR_PTR(-ENOMEM);
78
79 if (inode->i_state & I_NEW) {
80- ret = isofs_read_inode(inode);
81+ ret = isofs_read_inode(inode, relocated);
82 if (ret < 0) {
83 iget_failed(inode);
84 inode = ERR_PTR(ret);
85diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
86index 9916723..0ac4c1f 100644
87--- a/fs/isofs/isofs.h
88+++ b/fs/isofs/isofs.h
89@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
90
91 struct inode; /* To make gcc happy */
92
93-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
94+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
95 extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
96 extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
97
98@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
99 extern struct buffer_head *isofs_bread(struct inode *, sector_t);
100 extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
101
102-extern struct inode *isofs_iget(struct super_block *sb,
103- unsigned long block,
104- unsigned long offset);
105+struct inode *__isofs_iget(struct super_block *sb,
106+ unsigned long block,
107+ unsigned long offset,
108+ int relocated);
109+
110+static inline struct inode *isofs_iget(struct super_block *sb,
111+ unsigned long block,
112+ unsigned long offset)
113+{
114+ return __isofs_iget(sb, block, offset, 0);
115+}
116+
117+static inline struct inode *isofs_iget_reloc(struct super_block *sb,
118+ unsigned long block,
119+ unsigned long offset)
120+{
121+ return __isofs_iget(sb, block, offset, 1);
122+}
123
124 /* Because the inode number is no longer relevant to finding the
125 * underlying meta-data for an inode, we are free to choose a more
126diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
127index c0bf424..f488bba 100644
128--- a/fs/isofs/rock.c
129+++ b/fs/isofs/rock.c
130@@ -288,12 +288,16 @@ eio:
131 goto out;
132 }
133
134+#define RR_REGARD_XA 1
135+#define RR_RELOC_DE 2
136+
137 static int
138 parse_rock_ridge_inode_internal(struct iso_directory_record *de,
139- struct inode *inode, int regard_xa)
140+ struct inode *inode, int flags)
141 {
142 int symlink_len = 0;
143 int cnt, sig;
144+ unsigned int reloc_block;
145 struct inode *reloc;
146 struct rock_ridge *rr;
147 int rootflag;
148@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
149
150 init_rock_state(&rs, inode);
151 setup_rock_ridge(de, inode, &rs);
152- if (regard_xa) {
153+ if (flags & RR_REGARD_XA) {
154 rs.chr += 14;
155 rs.len -= 14;
156 if (rs.len < 0)
157@@ -485,12 +489,22 @@ repeat:
158 "relocated directory\n");
159 goto out;
160 case SIG('C', 'L'):
161- ISOFS_I(inode)->i_first_extent =
162- isonum_733(rr->u.CL.location);
163- reloc =
164- isofs_iget(inode->i_sb,
165- ISOFS_I(inode)->i_first_extent,
166- 0);
167+ if (flags & RR_RELOC_DE) {
168+ printk(KERN_ERR
169+ "ISOFS: Recursive directory relocation "
170+ "is not supported\n");
171+ goto eio;
172+ }
173+ reloc_block = isonum_733(rr->u.CL.location);
174+ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
175+ ISOFS_I(inode)->i_iget5_offset == 0) {
176+ printk(KERN_ERR
177+ "ISOFS: Directory relocation points to "
178+ "itself\n");
179+ goto eio;
180+ }
181+ ISOFS_I(inode)->i_first_extent = reloc_block;
182+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
183 if (IS_ERR(reloc)) {
184 ret = PTR_ERR(reloc);
185 goto out;
186@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
187 return rpnt;
188 }
189
190-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
191+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
192+ int relocated)
193 {
194- int result = parse_rock_ridge_inode_internal(de, inode, 0);
195+ int flags = relocated ? RR_RELOC_DE : 0;
196+ int result = parse_rock_ridge_inode_internal(de, inode, flags);
197
198 /*
199 * if rockridge flag was reset and we didn't look for attributes
200@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
201 */
202 if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
203 && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
204- result = parse_rock_ridge_inode_internal(de, inode, 14);
205+ result = parse_rock_ridge_inode_internal(de, inode,
206+ flags | RR_REGARD_XA);
207 }
208 return result;
209 }
210--
2111.9.1
212
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
new file mode 100644
index 00000000..1ae600fb
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch
@@ -0,0 +1,47 @@
1fs: umount on symlink leaks mnt count
2
3commit 295dc39d941dc2ae53d5c170365af4c9d5c16212 upstream.
4
5Currently umount on symlink blocks following umount:
6
7/vz is separate mount
8
9drwxr-xr-x. 2 root root 4096 Jul 19 01:14 testdir
10lrwxrwxrwx. 1 root root 11 Jul 19 01:16 testlink -> /vz/testdir
11umount: /vz/testlink: not mounted (expected)
12
13umount: /vz: device is busy. (unexpected)
14
15In this case mountpoint_last() gets an extra refcount on path->mnt
16
17Upstream-Status: Backport
18
19Signed-off-by: Vasily Averin <vvs@openvz.org>
20Acked-by: Ian Kent <raven@themaw.net>
21Acked-by: Jeff Layton <jlayton@primarydata.com>
22Cc: stable@vger.kernel.org
23Signed-off-by: Christoph Hellwig <hch@lst.de>
24Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
25---
26 fs/namei.c | 3 ++-
27 1 file changed, 2 insertions(+), 1 deletion(-)
28
29diff --git a/fs/namei.c b/fs/namei.c
30index 187cacf..c199dcc 100644
31--- a/fs/namei.c
32+++ b/fs/namei.c
33@@ -2280,9 +2280,10 @@ done:
34 goto out;
35 }
36 path->dentry = dentry;
37- path->mnt = mntget(nd->path.mnt);
38+ path->mnt = nd->path.mnt;
39 if (should_follow_link(dentry->d_inode, nd->flags & LOOKUP_FOLLOW))
40 return 1;
41+ mntget(path->mnt);
42 follow_mount(path);
43 error = 0;
44 out:
45--
461.9.1
47
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch b/meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch
new file mode 100644
index 00000000..a0bdc271
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/auditsc-CVE-2014-3917.patch
@@ -0,0 +1,91 @@
1From 6004b0e5ac2e8e9e1bb0f012dc9242e03cca95df Mon Sep 17 00:00:00 2001
2From: Andy Lutomirski <luto@amacapital.net>
3Date: Wed, 28 May 2014 23:09:58 -0400
4Subject: [PATCH] auditsc: audit_krule mask accesses need bounds checking
5
6commit a3c54931199565930d6d84f4c3456f6440aefd41 upstream.
7
8Fixes an easy DoS and possible information disclosure.
9
10This does nothing about the broken state of x32 auditing.
11
12eparis: If the admin has enabled auditd and has specifically loaded
13audit rules. This bug has been around since before git. Wow...
14
15This fixes CVE-2014-3917
16Upstream-Status: Backport
17
18Signed-off-by: Andy Lutomirski <luto@amacapital.net>
19Signed-off-by: Eric Paris <eparis@redhat.com>
20Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
21Signed-off-by: Jiri Slaby <jslaby@suse.cz>
22Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23---
24 kernel/auditsc.c | 27 ++++++++++++++++++---------
25 1 file changed, 18 insertions(+), 9 deletions(-)
26
27diff --git a/kernel/auditsc.c b/kernel/auditsc.c
28index 3b79a47..979c00b 100644
29--- a/kernel/auditsc.c
30+++ b/kernel/auditsc.c
31@@ -733,6 +733,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
32 return AUDIT_BUILD_CONTEXT;
33 }
34
35+static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
36+{
37+ int word, bit;
38+
39+ if (val > 0xffffffff)
40+ return false;
41+
42+ word = AUDIT_WORD(val);
43+ if (word >= AUDIT_BITMASK_SIZE)
44+ return false;
45+
46+ bit = AUDIT_BIT(val);
47+
48+ return rule->mask[word] & bit;
49+}
50+
51 /* At syscall entry and exit time, this filter is called if the
52 * audit_state is not low enough that auditing cannot take place, but is
53 * also not high enough that we already know we have to write an audit
54@@ -750,11 +766,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
55
56 rcu_read_lock();
57 if (!list_empty(list)) {
58- int word = AUDIT_WORD(ctx->major);
59- int bit = AUDIT_BIT(ctx->major);
60-
61 list_for_each_entry_rcu(e, list, list) {
62- if ((e->rule.mask[word] & bit) == bit &&
63+ if (audit_in_mask(&e->rule, ctx->major) &&
64 audit_filter_rules(tsk, &e->rule, ctx, NULL,
65 &state, false)) {
66 rcu_read_unlock();
67@@ -774,20 +787,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
68 static int audit_filter_inode_name(struct task_struct *tsk,
69 struct audit_names *n,
70 struct audit_context *ctx) {
71- int word, bit;
72 int h = audit_hash_ino((u32)n->ino);
73 struct list_head *list = &audit_inode_hash[h];
74 struct audit_entry *e;
75 enum audit_state state;
76
77- word = AUDIT_WORD(ctx->major);
78- bit = AUDIT_BIT(ctx->major);
79-
80 if (list_empty(list))
81 return 0;
82
83 list_for_each_entry_rcu(e, list, list) {
84- if ((e->rule.mask[word] & bit) == bit &&
85+ if (audit_in_mask(&e->rule, ctx->major) &&
86 audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
87 ctx->current_state = state;
88 return 1;
89--
901.9.1
91
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch b/meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch
new file mode 100644
index 00000000..0cd9c958
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/eCryptfs-CVE-2014-9683.patch
@@ -0,0 +1,41 @@
1From 8ffea99d6f2be99790611282f326da95a84a8cab Mon Sep 17 00:00:00 2001
2From: Michael Halcrow <mhalcrow@google.com>
3Date: Wed, 26 Nov 2014 09:09:16 -0800
4Subject: [PATCH] eCryptfs: Remove buggy and unnecessary write in file name
5 decode routine
6
7commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream.
8
9Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
10end of the allocated buffer during encrypted filename decoding. This
11fix corrects the issue by getting rid of the unnecessary 0 write when
12the current bit offset is 2.
13
14Fixes CVE-2014-9683
15Upstream-Status: Backport
16
17Signed-off-by: Michael Halcrow <mhalcrow@google.com>
18Reported-by: Dmitry Chernenkov <dmitryc@google.com>
19Suggested-by: Kees Cook <keescook@chromium.org>
20Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
21Signed-off-by: Jiri Slaby <jslaby@suse.cz>
22Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23---
24 fs/ecryptfs/crypto.c | 1 -
25 1 file changed, 1 deletion(-)
26
27diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
28index 000eae2..bf926f7 100644
29--- a/fs/ecryptfs/crypto.c
30+++ b/fs/ecryptfs/crypto.c
31@@ -1917,7 +1917,6 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
32 break;
33 case 2:
34 dst[dst_byte_offset++] |= (src_byte);
35- dst[dst_byte_offset] = 0;
36 current_bit_offset = 0;
37 break;
38 }
39--
401.9.1
41
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch b/meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch
new file mode 100644
index 00000000..a61ae4cb
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/fs-CVE-2014-4014.patch
@@ -0,0 +1,210 @@
1From 2246a472bce19c0d373fb5488a0e612e3328ce0a Mon Sep 17 00:00:00 2001
2From: Andy Lutomirski <luto@amacapital.net>
3Date: Tue, 10 Jun 2014 12:45:42 -0700
4Subject: [PATCH] fs,userns: Change inode_capable to capable_wrt_inode_uidgid
5
6commit 23adbe12ef7d3d4195e80800ab36b37bee28cd03 upstream.
7
8The kernel has no concept of capabilities with respect to inodes; inodes
9exist independently of namespaces. For example, inode_capable(inode,
10CAP_LINUX_IMMUTABLE) would be nonsense.
11
12This patch changes inode_capable to check for uid and gid mappings and
13renames it to capable_wrt_inode_uidgid, which should make it more
14obvious what it does.
15
16Fixes CVE-2014-4014.
17Upstream-Status: Backport
18
19Cc: Theodore Ts'o <tytso@mit.edu>
20Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
21Cc: "Eric W. Biederman" <ebiederm@xmission.com>
22Cc: Dave Chinner <david@fromorbit.com>
23Signed-off-by: Andy Lutomirski <luto@amacapital.net>
24Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
25Signed-off-by: Jiri Slaby <jslaby@suse.cz>
26Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
27---
28 fs/attr.c | 8 ++++----
29 fs/inode.c | 10 +++++++---
30 fs/namei.c | 11 ++++++-----
31 fs/xfs/xfs_ioctl.c | 2 +-
32 include/linux/capability.h | 2 +-
33 kernel/capability.c | 20 ++++++++------------
34 6 files changed, 27 insertions(+), 26 deletions(-)
35
36diff --git a/fs/attr.c b/fs/attr.c
37index 8dd5825..66fa625 100644
38--- a/fs/attr.c
39+++ b/fs/attr.c
40@@ -50,14 +50,14 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
41 if ((ia_valid & ATTR_UID) &&
42 (!uid_eq(current_fsuid(), inode->i_uid) ||
43 !uid_eq(attr->ia_uid, inode->i_uid)) &&
44- !inode_capable(inode, CAP_CHOWN))
45+ !capable_wrt_inode_uidgid(inode, CAP_CHOWN))
46 return -EPERM;
47
48 /* Make sure caller can chgrp. */
49 if ((ia_valid & ATTR_GID) &&
50 (!uid_eq(current_fsuid(), inode->i_uid) ||
51 (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
52- !inode_capable(inode, CAP_CHOWN))
53+ !capable_wrt_inode_uidgid(inode, CAP_CHOWN))
54 return -EPERM;
55
56 /* Make sure a caller can chmod. */
57@@ -67,7 +67,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
58 /* Also check the setgid bit! */
59 if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
60 inode->i_gid) &&
61- !inode_capable(inode, CAP_FSETID))
62+ !capable_wrt_inode_uidgid(inode, CAP_FSETID))
63 attr->ia_mode &= ~S_ISGID;
64 }
65
66@@ -160,7 +160,7 @@ void setattr_copy(struct inode *inode, const struct iattr *attr)
67 umode_t mode = attr->ia_mode;
68
69 if (!in_group_p(inode->i_gid) &&
70- !inode_capable(inode, CAP_FSETID))
71+ !capable_wrt_inode_uidgid(inode, CAP_FSETID))
72 mode &= ~S_ISGID;
73 inode->i_mode = mode;
74 }
75diff --git a/fs/inode.c b/fs/inode.c
76index b33ba8e..1e6e846 100644
77--- a/fs/inode.c
78+++ b/fs/inode.c
79@@ -1808,14 +1808,18 @@ EXPORT_SYMBOL(inode_init_owner);
80 * inode_owner_or_capable - check current task permissions to inode
81 * @inode: inode being checked
82 *
83- * Return true if current either has CAP_FOWNER to the inode, or
84- * owns the file.
85+ * Return true if current either has CAP_FOWNER in a namespace with the
86+ * inode owner uid mapped, or owns the file.
87 */
88 bool inode_owner_or_capable(const struct inode *inode)
89 {
90+ struct user_namespace *ns;
91+
92 if (uid_eq(current_fsuid(), inode->i_uid))
93 return true;
94- if (inode_capable(inode, CAP_FOWNER))
95+
96+ ns = current_user_ns();
97+ if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid))
98 return true;
99 return false;
100 }
101diff --git a/fs/namei.c b/fs/namei.c
102index 187cacf..338d08b 100644
103--- a/fs/namei.c
104+++ b/fs/namei.c
105@@ -321,10 +321,11 @@ int generic_permission(struct inode *inode, int mask)
106
107 if (S_ISDIR(inode->i_mode)) {
108 /* DACs are overridable for directories */
109- if (inode_capable(inode, CAP_DAC_OVERRIDE))
110+ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
111 return 0;
112 if (!(mask & MAY_WRITE))
113- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
114+ if (capable_wrt_inode_uidgid(inode,
115+ CAP_DAC_READ_SEARCH))
116 return 0;
117 return -EACCES;
118 }
119@@ -334,7 +335,7 @@ int generic_permission(struct inode *inode, int mask)
120 * at least one exec bit set.
121 */
122 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
123- if (inode_capable(inode, CAP_DAC_OVERRIDE))
124+ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
125 return 0;
126
127 /*
128@@ -342,7 +343,7 @@ int generic_permission(struct inode *inode, int mask)
129 */
130 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
131 if (mask == MAY_READ)
132- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
133+ if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
134 return 0;
135
136 return -EACCES;
137@@ -2404,7 +2405,7 @@ static inline int check_sticky(struct inode *dir, struct inode *inode)
138 return 0;
139 if (uid_eq(dir->i_uid, fsuid))
140 return 0;
141- return !inode_capable(inode, CAP_FOWNER);
142+ return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
143 }
144
145 /*
146diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
147index 8c8ef24..52b5375 100644
148--- a/fs/xfs/xfs_ioctl.c
149+++ b/fs/xfs/xfs_ioctl.c
150@@ -1133,7 +1133,7 @@ xfs_ioctl_setattr(
151 * cleared upon successful return from chown()
152 */
153 if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) &&
154- !inode_capable(VFS_I(ip), CAP_FSETID))
155+ !capable_wrt_inode_uidgid(VFS_I(ip), CAP_FSETID))
156 ip->i_d.di_mode &= ~(S_ISUID|S_ISGID);
157
158 /*
159diff --git a/include/linux/capability.h b/include/linux/capability.h
160index a6ee1f9..84b13ad 100644
161--- a/include/linux/capability.h
162+++ b/include/linux/capability.h
163@@ -210,7 +210,7 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
164 struct user_namespace *ns, int cap);
165 extern bool capable(int cap);
166 extern bool ns_capable(struct user_namespace *ns, int cap);
167-extern bool inode_capable(const struct inode *inode, int cap);
168+extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
169 extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
170
171 /* audit system wants to get cap info from files as well */
172diff --git a/kernel/capability.c b/kernel/capability.c
173index 4e66bf9..788653b 100644
174--- a/kernel/capability.c
175+++ b/kernel/capability.c
176@@ -433,23 +433,19 @@ bool capable(int cap)
177 EXPORT_SYMBOL(capable);
178
179 /**
180- * inode_capable - Check superior capability over inode
181+ * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
182 * @inode: The inode in question
183 * @cap: The capability in question
184 *
185- * Return true if the current task has the given superior capability
186- * targeted at it's own user namespace and that the given inode is owned
187- * by the current user namespace or a child namespace.
188- *
189- * Currently we check to see if an inode is owned by the current
190- * user namespace by seeing if the inode's owner maps into the
191- * current user namespace.
192- *
193+ * Return true if the current task has the given capability targeted at
194+ * its own user namespace and that the given inode's uid and gid are
195+ * mapped into the current user namespace.
196 */
197-bool inode_capable(const struct inode *inode, int cap)
198+bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
199 {
200 struct user_namespace *ns = current_user_ns();
201
202- return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
203+ return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
204+ kgid_has_mapping(ns, inode->i_gid);
205 }
206-EXPORT_SYMBOL(inode_capable);
207+EXPORT_SYMBOL(capable_wrt_inode_uidgid);
208--
2091.9.1
210
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch b/meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch
new file mode 100644
index 00000000..590af0a6
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/mm-2014-3122.patch
@@ -0,0 +1,98 @@
1From 77552735ba84a410447af7e3375625eb4cfd577b Mon Sep 17 00:00:00 2001
2From: Vlastimil Babka <vbabka@suse.cz>
3Date: Mon, 7 Apr 2014 15:37:50 -0700
4Subject: [PATCH] mm: try_to_unmap_cluster() should lock_page() before mlocking
5
6commit 57e68e9cd65b4b8eb4045a1e0d0746458502554c upstream.
7
8A BUG_ON(!PageLocked) was triggered in mlock_vma_page() by Sasha Levin
9fuzzing with trinity. The call site try_to_unmap_cluster() does not lock
10the pages other than its check_page parameter (which is already locked).
11
12The BUG_ON in mlock_vma_page() is not documented and its purpose is
13somewhat unclear, but apparently it serializes against page migration,
14which could otherwise fail to transfer the PG_mlocked flag. This would
15not be fatal, as the page would be eventually encountered again, but
16NR_MLOCK accounting would become distorted nevertheless. This patch adds
17a comment to the BUG_ON in mlock_vma_page() and munlock_vma_page() to that
18effect.
19
20The call site try_to_unmap_cluster() is fixed so that for page !=
21check_page, trylock_page() is attempted (to avoid possible deadlocks as we
22already have check_page locked) and mlock_vma_page() is performed only
23upon success. If the page lock cannot be obtained, the page is left
24without PG_mlocked, which is again not a problem in the whole unevictable
25memory design.
26
27Fixes CVE-2014-3122
28Upstream-Status: Backport
29
30Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
31Signed-off-by: Bob Liu <bob.liu@oracle.com>
32Reported-by: Sasha Levin <sasha.levin@oracle.com>
33Cc: Wanpeng Li <liwanp@linux.vnet.ibm.com>
34Cc: Michel Lespinasse <walken@google.com>
35Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
36Acked-by: Rik van Riel <riel@redhat.com>
37Cc: David Rientjes <rientjes@google.com>
38Cc: Mel Gorman <mgorman@suse.de>
39Cc: Hugh Dickins <hughd@google.com>
40Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
41Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
42Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
43Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
44Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
45---
46 mm/mlock.c | 2 ++
47 mm/rmap.c | 14 ++++++++++++--
48 2 files changed, 14 insertions(+), 2 deletions(-)
49
50diff --git a/mm/mlock.c b/mm/mlock.c
51index 79b7cf7..713e462 100644
52--- a/mm/mlock.c
53+++ b/mm/mlock.c
54@@ -76,6 +76,7 @@ void clear_page_mlock(struct page *page)
55 */
56 void mlock_vma_page(struct page *page)
57 {
58+ /* Serialize with page migration */
59 BUG_ON(!PageLocked(page));
60
61 if (!TestSetPageMlocked(page)) {
62@@ -106,6 +107,7 @@ unsigned int munlock_vma_page(struct page *page)
63 {
64 unsigned int page_mask = 0;
65
66+ /* For try_to_munlock() and to serialize with page migration */
67 BUG_ON(!PageLocked(page));
68
69 if (TestClearPageMlocked(page)) {
70diff --git a/mm/rmap.c b/mm/rmap.c
71index 3f60774..fbf0040 100644
72--- a/mm/rmap.c
73+++ b/mm/rmap.c
74@@ -1390,9 +1390,19 @@ static int try_to_unmap_cluster(unsigned long cursor, unsigned int *mapcount,
75 BUG_ON(!page || PageAnon(page));
76
77 if (locked_vma) {
78- mlock_vma_page(page); /* no-op if already mlocked */
79- if (page == check_page)
80+ if (page == check_page) {
81+ /* we know we have check_page locked */
82+ mlock_vma_page(page);
83 ret = SWAP_MLOCK;
84+ } else if (trylock_page(page)) {
85+ /*
86+ * If we can lock the page, perform mlock.
87+ * Otherwise leave the page alone, it will be
88+ * eventually encountered again later.
89+ */
90+ mlock_vma_page(page);
91+ unlock_page(page);
92+ }
93 continue; /* don't unmap */
94 }
95
96--
971.9.1
98
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch b/meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch
new file mode 100644
index 00000000..635c2bb5
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch
@@ -0,0 +1,47 @@
1From 8545129540a5862b22aad03badb2a9f93bf29117 Mon Sep 17 00:00:00 2001
2From: Bob Cochran <yocto@mindchasers.com>
3Date: Mon, 3 Nov 2014 22:45:35 -0500
4Subject: [meta-fsl-ppc][PATCH] linux-qoriq: Change defconfig for T1040 to
5 match number of CPUS
6
7Having a number higher than necessary for NR_CPUS wastes memory by
8instantiating unnecessary structures in RAM. An example is in the DPAA where
9DPAA_ETH_TX_QUEUES is defined based on NR_CPUS and used to create
10dozens of extra qman_fq structures. Using the prior value of 24, which was
11left over from the T4240 created an additonal 60 frame queue structures alone.
12
13This has been tested on t1040rdb-64b. .
14
15Signed-off-by: Bob Cochran <yocto@mindchasers.com>
16---
17 arch/powerpc/configs/corenet32_fmanv3_smp_defconfig | 2 +-
18 arch/powerpc/configs/corenet64_fmanv3_smp_defconfig | 2 +-
19 2 files changed, 2 insertions(+), 2 deletions(-)
20
21diff --git a/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig b/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig
22index a401e7c..5542248 100644
23--- a/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig
24+++ b/arch/powerpc/configs/corenet32_fmanv3_smp_defconfig
25@@ -1,6 +1,6 @@
26 CONFIG_PPC_85xx=y
27 CONFIG_SMP=y
28-CONFIG_NR_CPUS=8
29+CONFIG_NR_CPUS=4
30 CONFIG_EXPERIMENTAL=y
31 CONFIG_SYSVIPC=y
32 CONFIG_POSIX_MQUEUE=y
33diff --git a/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig b/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig
34index 1b987d9..bc0dacf 100644
35--- a/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig
36+++ b/arch/powerpc/configs/corenet64_fmanv3_smp_defconfig
37@@ -2,7 +2,7 @@ CONFIG_PPC64=y
38 CONFIG_PPC_BOOK3E_64=y
39 CONFIG_ALTIVEC=y
40 CONFIG_SMP=y
41-CONFIG_NR_CPUS=24
42+CONFIG_NR_CPUS=4
43 CONFIG_SYSVIPC=y
44 CONFIG_POSIX_MQUEUE=y
45 CONFIG_IRQ_DOMAIN_DEBUG=y
46--
471.7.9.5
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
new file mode 100644
index 00000000..6fc5610e
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch
@@ -0,0 +1,145 @@
1From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001
2From: Daniel Borkmann <dborkman@redhat.com>
3Date: Mon, 3 Mar 2014 17:23:04 +0100
4Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is
5 AUTH capable
6
7[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ]
8
9RFC4895 introduced AUTH chunks for SCTP; during the SCTP
10handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
11being optional though):
12
13 ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
14 <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
15 -------------------- COOKIE-ECHO -------------------->
16 <-------------------- COOKIE-ACK ---------------------
17
18A special case is when an endpoint requires COOKIE-ECHO
19chunks to be authenticated:
20
21 ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
22 <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
23 ------------------ AUTH; COOKIE-ECHO ---------------->
24 <-------------------- COOKIE-ACK ---------------------
25
26RFC4895, section 6.3. Receiving Authenticated Chunks says:
27
28 The receiver MUST use the HMAC algorithm indicated in
29 the HMAC Identifier field. If this algorithm was not
30 specified by the receiver in the HMAC-ALGO parameter in
31 the INIT or INIT-ACK chunk during association setup, the
32 AUTH chunk and all the chunks after it MUST be discarded
33 and an ERROR chunk SHOULD be sent with the error cause
34 defined in Section 4.1. [...] If no endpoint pair shared
35 key has been configured for that Shared Key Identifier,
36 all authenticated chunks MUST be silently discarded. [...]
37
38 When an endpoint requires COOKIE-ECHO chunks to be
39 authenticated, some special procedures have to be followed
40 because the reception of a COOKIE-ECHO chunk might result
41 in the creation of an SCTP association. If a packet arrives
42 containing an AUTH chunk as a first chunk, a COOKIE-ECHO
43 chunk as the second chunk, and possibly more chunks after
44 them, and the receiver does not have an STCB for that
45 packet, then authentication is based on the contents of
46 the COOKIE-ECHO chunk. In this situation, the receiver MUST
47 authenticate the chunks in the packet by using the RANDOM
48 parameters, CHUNKS parameters and HMAC_ALGO parameters
49 obtained from the COOKIE-ECHO chunk, and possibly a local
50 shared secret as inputs to the authentication procedure
51 specified in Section 6.3. If authentication fails, then
52 the packet is discarded. If the authentication is successful,
53 the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
54 MUST be processed. If the receiver has an STCB, it MUST
55 process the AUTH chunk as described above using the STCB
56 from the existing association to authenticate the
57 COOKIE-ECHO chunk and all the chunks after it. [...]
58
59Commit bbd0d59809f9 introduced the possibility to receive
60and verification of AUTH chunk, including the edge case for
61authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
62the function sctp_sf_do_5_1D_ce() handles processing,
63unpacks and creates a new association if it passed sanity
64checks and also tests for authentication chunks being
65present. After a new association has been processed, it
66invokes sctp_process_init() on the new association and
67walks through the parameter list it received from the INIT
68chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
69and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
70meta data (peer_random, peer_hmacs, peer_chunks) in case
71sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
72SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
73peer_random != NULL and peer_hmacs != NULL the peer is to be
74assumed asoc->peer.auth_capable=1, in any other case
75asoc->peer.auth_capable=0.
76
77Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
78available, we set up a fake auth chunk and pass that on to
79sctp_sf_authenticate(), which at latest in
80sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
81at position 0..0008 when setting up the crypto key in
82crypto_hash_setkey() by using asoc->asoc_shared_key that is
83NULL as condition key_id == asoc->active_key_id is true if
84the AUTH chunk was injected correctly from remote. This
85happens no matter what net.sctp.auth_enable sysctl says.
86
87The fix is to check for net->sctp.auth_enable and for
88asoc->peer.auth_capable before doing any operations like
89sctp_sf_authenticate() as no key is activated in
90sctp_auth_asoc_init_active_key() for each case.
91
92Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
93passed from the INIT chunk was not used in the AUTH chunk, we
94SHOULD send an error; however in this case it would be better
95to just silently discard such a maliciously prepared handshake
96as we didn't even receive a parameter at all. Also, as our
97endpoint has no shared key configured, section 6.3 says that
98MUST silently discard, which we are doing from now onwards.
99
100Before calling sctp_sf_pdiscard(), we need not only to free
101the association, but also the chunk->auth_chunk skb, as
102commit bbd0d59809f9 created a skb clone in that case.
103
104I have tested this locally by using netfilter's nfqueue and
105re-injecting packets into the local stack after maliciously
106modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
107and the SCTP packet containing the COOKIE_ECHO (injecting
108AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
109
110This fixes CVE-2014-0101
111Upstream-Status: Backport
112
113Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
114Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
115Cc: Vlad Yasevich <yasevich@gmail.com>
116Cc: Neil Horman <nhorman@tuxdriver.com>
117Acked-by: Vlad Yasevich <vyasevich@gmail.com>
118Signed-off-by: David S. Miller <davem@davemloft.net>
119Signed-off-by: Jiri Slaby <jslaby@suse.cz>
120Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
121---
122 net/sctp/sm_statefuns.c | 7 +++++++
123 1 file changed, 7 insertions(+)
124
125diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
126index dfe3f36..56ebe71 100644
127--- a/net/sctp/sm_statefuns.c
128+++ b/net/sctp/sm_statefuns.c
129@@ -759,6 +759,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
130 struct sctp_chunk auth;
131 sctp_ierror_t ret;
132
133+ /* Make sure that we and the peer are AUTH capable */
134+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
135+ kfree_skb(chunk->auth_chunk);
136+ sctp_association_free(new_asoc);
137+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
138+ }
139+
140 /* set-up our fake chunk so that we can process it */
141 auth.skb = chunk->auth_chunk;
142 auth.asoc = chunk->asoc;
143--
1441.9.1
145
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch b/meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch
new file mode 100644
index 00000000..2fdcc9fb
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/powerpc-Fix-64-bit-builds-with-binutils-2.24.patch
@@ -0,0 +1,80 @@
1From 7998eb3dc700aaf499f93f50b3d77da834ef9e1d Mon Sep 17 00:00:00 2001
2From: Guenter Roeck <linux@roeck-us.net>
3Date: Thu, 15 May 2014 09:33:42 -0700
4Subject: powerpc: Fix 64 bit builds with binutils 2.24
5
6Upstream-Status: Backport
7
8With binutils 2.24, various 64 bit builds fail with relocation errors
9such as
10
11arch/powerpc/kernel/built-in.o: In function `exc_debug_crit_book3e':
12 (.text+0x165ee): relocation truncated to fit: R_PPC64_ADDR16_HI
13 against symbol `interrupt_base_book3e' defined in .text section
14 in arch/powerpc/kernel/built-in.o
15arch/powerpc/kernel/built-in.o: In function `exc_debug_crit_book3e':
16 (.text+0x16602): relocation truncated to fit: R_PPC64_ADDR16_HI
17 against symbol `interrupt_end_book3e' defined in .text section
18 in arch/powerpc/kernel/built-in.o
19
20The assembler maintainer says:
21
22 I changed the ABI, something that had to be done but unfortunately
23 happens to break the booke kernel code. When building up a 64-bit
24 value with lis, ori, shl, oris, ori or similar sequences, you now
25 should use @high and @higha in place of @h and @ha. @h and @ha
26 (and their associated relocs R_PPC64_ADDR16_HI and R_PPC64_ADDR16_HA)
27 now report overflow if the value is out of 32-bit signed range.
28 ie. @h and @ha assume you're building a 32-bit value. This is needed
29 to report out-of-range -mcmodel=medium toc pointer offsets in @toc@h
30 and @toc@ha expressions, and for consistency I did the same for all
31 other @h and @ha relocs.
32
33Replacing @h with @high in one strategic location fixes the relocation
34errors. This has to be done conditionally since the assembler either
35supports @h or @high but not both.
36
37Cc: <stable@vger.kernel.org>
38Signed-off-by: Guenter Roeck <linux@roeck-us.net>
39Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
40
41diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
42index 4c0cedf..ce4c68a 100644
43--- a/arch/powerpc/Makefile
44+++ b/arch/powerpc/Makefile
45@@ -150,7 +150,9 @@ endif
46
47 CFLAGS-$(CONFIG_TUNE_CELL) += $(call cc-option,-mtune=cell)
48
49-KBUILD_CPPFLAGS += -Iarch/$(ARCH)
50+asinstr := $(call as-instr,lis 9$(comma)foo@high,-DHAVE_AS_ATHIGH=1)
51+
52+KBUILD_CPPFLAGS += -Iarch/$(ARCH) $(asinstr)
53 KBUILD_AFLAGS += -Iarch/$(ARCH)
54 KBUILD_CFLAGS += -msoft-float -pipe -Iarch/$(ARCH) $(CFLAGS-y)
55 CPP = $(CC) -E $(KBUILD_CFLAGS)
56diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
57index 6586a40..cded7c1 100644
58--- a/arch/powerpc/include/asm/ppc_asm.h
59+++ b/arch/powerpc/include/asm/ppc_asm.h
60@@ -318,11 +318,16 @@ n:
61 addi reg,reg,(name - 0b)@l;
62
63 #ifdef __powerpc64__
64+#ifdef HAVE_AS_ATHIGH
65+#define __AS_ATHIGH high
66+#else
67+#define __AS_ATHIGH h
68+#endif
69 #define LOAD_REG_IMMEDIATE(reg,expr) \
70 lis reg,(expr)@highest; \
71 ori reg,reg,(expr)@higher; \
72 rldicr reg,reg,32,31; \
73- oris reg,reg,(expr)@h; \
74+ oris reg,reg,(expr)@__AS_ATHIGH; \
75 ori reg,reg,(expr)@l;
76
77 #define LOAD_REG_ADDR(reg,name) \
78--
79cgit v0.10.1
80
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch
new file mode 100644
index 00000000..e7b12283
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-4667.patch
@@ -0,0 +1,51 @@
1From ddb638e68690ca61959775b262a5ef0719c5c066 Mon Sep 17 00:00:00 2001
2From: Xufeng Zhang <xufeng.zhang@windriver.com>
3Date: Thu, 12 Jun 2014 10:53:36 +0800
4Subject: [PATCH] sctp: Fix sk_ack_backlog wrap-around problem
5
6[ Upstream commit d3217b15a19a4779c39b212358a5c71d725822ee ]
7
8Consider the scenario:
9For a TCP-style socket, while processing the COOKIE_ECHO chunk in
10sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check,
11a new association would be created in sctp_unpack_cookie(), but afterwards,
12some processing maybe failed, and sctp_association_free() will be called to
13free the previously allocated association, in sctp_association_free(),
14sk_ack_backlog value is decremented for this socket, since the initial
15value for sk_ack_backlog is 0, after the decrement, it will be 65535,
16a wrap-around problem happens, and if we want to establish new associations
17afterward in the same socket, ABORT would be triggered since sctp deem the
18accept queue as full.
19Fix this issue by only decrementing sk_ack_backlog for associations in
20the endpoint's list.
21
22Fixes CVE-2014-4667
23Upstream-Status: Backport
24
25Fix-suggested-by: Neil Horman <nhorman@tuxdriver.com>
26Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
27Acked-by: Daniel Borkmann <dborkman@redhat.com>
28Acked-by: Vlad Yasevich <vyasevich@gmail.com>
29Signed-off-by: David S. Miller <davem@davemloft.net>
30Signed-off-by: Jiri Slaby <jslaby@suse.cz>
31Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
32---
33 net/sctp/associola.c | 2 +-
34 1 file changed, 1 insertion(+), 1 deletion(-)
35
36diff --git a/net/sctp/associola.c b/net/sctp/associola.c
37index cef5099..f6d6dcd 100644
38--- a/net/sctp/associola.c
39+++ b/net/sctp/associola.c
40@@ -375,7 +375,7 @@ void sctp_association_free(struct sctp_association *asoc)
41 /* Only real associations count against the endpoint, so
42 * don't bother for if this is a temporary association.
43 */
44- if (!asoc->temp) {
45+ if (!list_empty(&asoc->asocs)) {
46 list_del(&asoc->asocs);
47
48 /* Decrement the backlog value for a TCP-style listening
49--
501.9.1
51
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch
new file mode 100644
index 00000000..0c4beb31
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/sctp-CVE-2014-7841.patch
@@ -0,0 +1,85 @@
1From 4008f1dbe6fea8114e7f79ed2d238e369dc9138f Mon Sep 17 00:00:00 2001
2From: Daniel Borkmann <dborkman@redhat.com>
3Date: Mon, 10 Nov 2014 17:54:26 +0100
4Subject: [PATCH] net: sctp: fix NULL pointer dereference in
5 af->from_addr_param on malformed packet
6
7[ Upstream commit e40607cbe270a9e8360907cb1e62ddf0736e4864 ]
8
9An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
10in the form of:
11
12 ------------ INIT[PARAM: SET_PRIMARY_IP] ------------>
13
14While the INIT chunk parameter verification dissects through many things
15in order to detect malformed input, it misses to actually check parameters
16inside of parameters. E.g. RFC5061, section 4.2.4 proposes a 'set primary
17IP address' parameter in ASCONF, which has as a subparameter an address
18parameter.
19
20So an attacker may send a parameter type other than SCTP_PARAM_IPV4_ADDRESS
21or SCTP_PARAM_IPV6_ADDRESS, param_type2af() will subsequently return 0
22and thus sctp_get_af_specific() returns NULL, too, which we then happily
23dereference unconditionally through af->from_addr_param().
24
25The trace for the log:
26
27BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
28IP: [<ffffffffa01e9c62>] sctp_process_init+0x492/0x990 [sctp]
29PGD 0
30Oops: 0000 [#1] SMP
31[...]
32Pid: 0, comm: swapper Not tainted 2.6.32-504.el6.x86_64 #1 Bochs Bochs
33RIP: 0010:[<ffffffffa01e9c62>] [<ffffffffa01e9c62>] sctp_process_init+0x492/0x990 [sctp]
34[...]
35Call Trace:
36 <IRQ>
37 [<ffffffffa01f2add>] ? sctp_bind_addr_copy+0x5d/0xe0 [sctp]
38 [<ffffffffa01e1fcb>] sctp_sf_do_5_1B_init+0x21b/0x340 [sctp]
39 [<ffffffffa01e3751>] sctp_do_sm+0x71/0x1210 [sctp]
40 [<ffffffffa01e5c09>] ? sctp_endpoint_lookup_assoc+0xc9/0xf0 [sctp]
41 [<ffffffffa01e61f6>] sctp_endpoint_bh_rcv+0x116/0x230 [sctp]
42 [<ffffffffa01ee986>] sctp_inq_push+0x56/0x80 [sctp]
43 [<ffffffffa01fcc42>] sctp_rcv+0x982/0xa10 [sctp]
44 [<ffffffffa01d5123>] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
45 [<ffffffff8148bdc9>] ? nf_iterate+0x69/0xb0
46 [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
47 [<ffffffff8148bf86>] ? nf_hook_slow+0x76/0x120
48 [<ffffffff81496d10>] ? ip_local_deliver_finish+0x0/0x2d0
49[...]
50
51A minimal way to address this is to check for NULL as we do on all
52other such occasions where we know sctp_get_af_specific() could
53possibly return with NULL.
54
55Fix for CVE-2014-7841
56Upstream-Status: Backport
57
58Fixes: d6de3097592b ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT")
59Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
60Cc: Vlad Yasevich <vyasevich@gmail.com>
61Acked-by: Neil Horman <nhorman@tuxdriver.com>
62Signed-off-by: David S. Miller <davem@davemloft.net>
63Signed-off-by: Jiri Slaby <jslaby@suse.cz>
64Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
65---
66 net/sctp/sm_make_chunk.c | 3 +++
67 1 file changed, 3 insertions(+)
68
69diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
70index 1e06f3b..e342387 100644
71--- a/net/sctp/sm_make_chunk.c
72+++ b/net/sctp/sm_make_chunk.c
73@@ -2622,6 +2622,9 @@ do_addr_param:
74 addr_param = param.v + sizeof(sctp_addip_param_t);
75
76 af = sctp_get_af_specific(param_type2af(param.p->type));
77+ if (af == NULL)
78+ break;
79+
80 af->from_addr_param(&addr, addr_param,
81 htons(asoc->peer.port), 0);
82
83--
841.9.1
85
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch b/meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch
new file mode 100644
index 00000000..573b5300
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/security-keys-CVE-2014-9529.patch
@@ -0,0 +1,53 @@
1From a7033e302dcd38bb4333f46b3fdcd930955e402d Mon Sep 17 00:00:00 2001
2From: Sasha Levin <sasha.levin@oracle.com>
3Date: Mon, 29 Dec 2014 09:39:01 -0500
4Subject: [PATCH] KEYS: close race between key lookup and freeing
5
6commit a3a8784454692dd72e5d5d34dcdab17b4420e74c upstream.
7
8When a key is being garbage collected, it's key->user would get put before
9the ->destroy() callback is called, where the key is removed from it's
10respective tracking structures.
11
12This leaves a key hanging in a semi-invalid state which leaves a window open
13for a different task to try an access key->user. An example is
14find_keyring_by_name() which would dereference key->user for a key that is
15in the process of being garbage collected (where key->user was freed but
16->destroy() wasn't called yet - so it's still present in the linked list).
17
18This would cause either a panic, or corrupt memory.
19
20Fixes CVE-2014-9529.
21
22Upstream-Status: Backport
23
24Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
25Signed-off-by: David Howells <dhowells@redhat.com>
26Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
27Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
28---
29 security/keys/gc.c | 4 ++--
30 1 file changed, 2 insertions(+), 2 deletions(-)
31
32diff --git a/security/keys/gc.c b/security/keys/gc.c
33index d67c97b..7978186 100644
34--- a/security/keys/gc.c
35+++ b/security/keys/gc.c
36@@ -201,12 +201,12 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
37 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
38 atomic_dec(&key->user->nikeys);
39
40- key_user_put(key->user);
41-
42 /* now throw away the key memory */
43 if (key->type->destroy)
44 key->type->destroy(key);
45
46+ key_user_put(key->user);
47+
48 kfree(key->description);
49
50 #ifdef KEY_DEBUGGING
51--
521.9.1
53
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch b/meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch
new file mode 100644
index 00000000..0f8b49c1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/target-CVE-2014-4027.patch
@@ -0,0 +1,46 @@
1From 186f32e2096c7d9cd9106b8dedd79c596f4c8398 Mon Sep 17 00:00:00 2001
2From: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
3Date: Mon, 16 Jun 2014 20:59:52 +0000
4Subject: [PATCH] target: Explicitly clear ramdisk_mcp backend pages
5
6[Note that a different patch to address the same issue went in during
7v3.15-rc1 (commit 4442dc8a), but includes a bunch of other changes that
8don't strictly apply to fixing the bug]
9
10This patch changes rd_allocate_sgl_table() to explicitly clear
11ramdisk_mcp backend memory pages by passing __GFP_ZERO into
12alloc_pages().
13
14This addresses a potential security issue where reading from a
15ramdisk_mcp could return sensitive information, and follows what
16>= v3.15 does to explicitly clear ramdisk_mcp memory at backend
17device initialization time.
18
19This fixes CVE-2014-4027
20Upstream-Status: Backport
21
22Reported-by: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
23Cc: Jorge Daniel Sequeira Matias <jdsm@tecnico.ulisboa.pt>
24Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
25Signed-off-by: Jiri Slaby <jslaby@suse.cz>
26Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
27---
28 drivers/target/target_core_rd.c | 2 +-
29 1 file changed, 1 insertion(+), 1 deletion(-)
30
31diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
32index 131327a..9f6bede 100644
33--- a/drivers/target/target_core_rd.c
34+++ b/drivers/target/target_core_rd.c
35@@ -179,7 +179,7 @@ static int rd_build_device_space(struct rd_dev *rd_dev)
36 - 1;
37
38 for (j = 0; j < sg_per_table; j++) {
39- pg = alloc_pages(GFP_KERNEL, 0);
40+ pg = alloc_pages(GFP_KERNEL | __GFP_ZERO, 0);
41 if (!pg) {
42 pr_err("Unable to allocate scatterlist"
43 " pages for struct rd_dev_sg_table\n");
44--
451.9.1
46
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch b/meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch
new file mode 100644
index 00000000..cc90f7de
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/tracing-CVE-2014-7825_CVE-2014-7826.patch
@@ -0,0 +1,94 @@
1From abc07cd01c51fb54088c6bc8ee654d104a5ec7d9 Mon Sep 17 00:00:00 2001
2From: Rabin Vincent <rabin@rab.in>
3Date: Wed, 29 Oct 2014 23:06:58 +0100
4Subject: [PATCH] tracing/syscalls: Ignore numbers outside NR_syscalls' range
5
6commit 086ba77a6db00ed858ff07451bedee197df868c9 upstream.
7
8ARM has some private syscalls (for example, set_tls(2)) which lie
9outside the range of NR_syscalls. If any of these are called while
10syscall tracing is being performed, out-of-bounds array access will
11occur in the ftrace and perf sys_{enter,exit} handlers.
12
13 # trace-cmd record -e raw_syscalls:* true && trace-cmd report
14 ...
15 true-653 [000] 384.675777: sys_enter: NR 192 (0, 1000, 3, 4000022, ffffffff, 0)
16 true-653 [000] 384.675812: sys_exit: NR 192 = 1995915264
17 true-653 [000] 384.675971: sys_enter: NR 983045 (76f74480, 76f74000, 76f74b28, 76f74480, 76f76f74, 1)
18 true-653 [000] 384.675988: sys_exit: NR 983045 = 0
19 ...
20
21 # trace-cmd record -e syscalls:* true
22 [ 17.289329] Unable to handle kernel paging request at virtual address aaaaaace
23 [ 17.289590] pgd = 9e71c000
24 [ 17.289696] [aaaaaace] *pgd=00000000
25 [ 17.289985] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
26 [ 17.290169] Modules linked in:
27 [ 17.290391] CPU: 0 PID: 704 Comm: true Not tainted 3.18.0-rc2+ #21
28 [ 17.290585] task: 9f4dab00 ti: 9e710000 task.ti: 9e710000
29 [ 17.290747] PC is at ftrace_syscall_enter+0x48/0x1f8
30 [ 17.290866] LR is at syscall_trace_enter+0x124/0x184
31
32Fix this by ignoring out-of-NR_syscalls-bounds syscall numbers.
33
34Commit cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls"
35added the check for less than zero, but it should have also checked
36for greater than NR_syscalls.
37
38Fixes CVE-2014-7825 and CVE-2014-7826
39Upstream-Status: Backport
40
41Link: http://lkml.kernel.org/p/1414620418-29472-1-git-send-email-rabin@rab.in
42
43Fixes: cd0980fc8add "tracing: Check invalid syscall nr while tracing syscalls"
44Signed-off-by: Rabin Vincent <rabin@rab.in>
45Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
46Signed-off-by: Jiri Slaby <jslaby@suse.cz>
47Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
48---
49 kernel/trace/trace_syscalls.c | 8 ++++----
50 1 file changed, 4 insertions(+), 4 deletions(-)
51
52diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
53index 559329d..d8ce71b 100644
54--- a/kernel/trace/trace_syscalls.c
55+++ b/kernel/trace/trace_syscalls.c
56@@ -312,7 +312,7 @@ static void ftrace_syscall_enter(void *data, struct pt_regs *regs, long id)
57 int size;
58
59 syscall_nr = trace_get_syscall_nr(current, regs);
60- if (syscall_nr < 0)
61+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
62 return;
63 if (!test_bit(syscall_nr, tr->enabled_enter_syscalls))
64 return;
65@@ -354,7 +354,7 @@ static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret)
66 int syscall_nr;
67
68 syscall_nr = trace_get_syscall_nr(current, regs);
69- if (syscall_nr < 0)
70+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
71 return;
72 if (!test_bit(syscall_nr, tr->enabled_exit_syscalls))
73 return;
74@@ -557,7 +557,7 @@ static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id)
75 int size;
76
77 syscall_nr = trace_get_syscall_nr(current, regs);
78- if (syscall_nr < 0)
79+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
80 return;
81 if (!test_bit(syscall_nr, enabled_perf_enter_syscalls))
82 return;
83@@ -631,7 +631,7 @@ static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret)
84 int size;
85
86 syscall_nr = trace_get_syscall_nr(current, regs);
87- if (syscall_nr < 0)
88+ if (syscall_nr < 0 || syscall_nr >= NR_syscalls)
89 return;
90 if (!test_bit(syscall_nr, enabled_perf_exit_syscalls))
91 return;
92--
931.9.1
94
diff --git a/meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch b/meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch
new file mode 100644
index 00000000..9086e0a1
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/files/udf-CVE-2014-6410.patch
@@ -0,0 +1,96 @@
1From 07d209bd092d023976fdb881ba6d4b30fe18aebe Mon Sep 17 00:00:00 2001
2From: Jan Kara <jack@suse.cz>
3Date: Thu, 4 Sep 2014 14:06:55 +0200
4Subject: [PATCH] udf: Avoid infinite loop when processing indirect ICBs
5
6commit c03aa9f6e1f938618e6db2e23afef0574efeeb65 upstream.
7
8We did not implement any bound on number of indirect ICBs we follow when
9loading inode. Thus corrupted medium could cause kernel to go into an
10infinite loop, possibly causing a stack overflow.
11
12Fix the possible stack overflow by removing recursion from
13__udf_read_inode() and limit number of indirect ICBs we follow to avoid
14infinite loops.
15
16Upstream-Status: Backport
17
18Signed-off-by: Jan Kara <jack@suse.cz>
19Cc: Chuck Ebbert <cebbert.lkml@gmail.com>
20Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
21Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
22---
23 fs/udf/inode.c | 35 +++++++++++++++++++++--------------
24 1 file changed, 21 insertions(+), 14 deletions(-)
25
26diff --git a/fs/udf/inode.c b/fs/udf/inode.c
27index b6d15d3..aa02328 100644
28--- a/fs/udf/inode.c
29+++ b/fs/udf/inode.c
30@@ -1270,13 +1270,22 @@ update_time:
31 return 0;
32 }
33
34+/*
35+ * Maximum length of linked list formed by ICB hierarchy. The chosen number is
36+ * arbitrary - just that we hopefully don't limit any real use of rewritten
37+ * inode on write-once media but avoid looping for too long on corrupted media.
38+ */
39+#define UDF_MAX_ICB_NESTING 1024
40+
41 static void __udf_read_inode(struct inode *inode)
42 {
43 struct buffer_head *bh = NULL;
44 struct fileEntry *fe;
45 uint16_t ident;
46 struct udf_inode_info *iinfo = UDF_I(inode);
47+ unsigned int indirections = 0;
48
49+reread:
50 /*
51 * Set defaults, but the inode is still incomplete!
52 * Note: get_new_inode() sets the following on a new inode:
53@@ -1313,28 +1322,26 @@ static void __udf_read_inode(struct inode *inode)
54 ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1,
55 &ident);
56 if (ident == TAG_IDENT_IE && ibh) {
57- struct buffer_head *nbh = NULL;
58 struct kernel_lb_addr loc;
59 struct indirectEntry *ie;
60
61 ie = (struct indirectEntry *)ibh->b_data;
62 loc = lelb_to_cpu(ie->indirectICB.extLocation);
63
64- if (ie->indirectICB.extLength &&
65- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0,
66- &ident))) {
67- if (ident == TAG_IDENT_FE ||
68- ident == TAG_IDENT_EFE) {
69- memcpy(&iinfo->i_location,
70- &loc,
71- sizeof(struct kernel_lb_addr));
72- brelse(bh);
73- brelse(ibh);
74- brelse(nbh);
75- __udf_read_inode(inode);
76+ if (ie->indirectICB.extLength) {
77+ brelse(bh);
78+ brelse(ibh);
79+ memcpy(&iinfo->i_location, &loc,
80+ sizeof(struct kernel_lb_addr));
81+ if (++indirections > UDF_MAX_ICB_NESTING) {
82+ udf_err(inode->i_sb,
83+ "too many ICBs in ICB hierarchy"
84+ " (max %d supported)\n",
85+ UDF_MAX_ICB_NESTING);
86+ make_bad_inode(inode);
87 return;
88 }
89- brelse(nbh);
90+ goto reread;
91 }
92 }
93 brelse(ibh);
94--
951.9.1
96
diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc
new file mode 100644
index 00000000..a832b46a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq.inc
@@ -0,0 +1,46 @@
1inherit kernel qoriq_build_64bit_kernel
2require recipes-kernel/linux/linux-dtb.inc
3
4DESCRIPTION = "Linux kernel for Freescale platforms"
5SECTION = "kernel"
6LICENSE = "GPLv2"
7LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7"
8
9KSRC ?= ""
10S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}'
11
12DEPENDS_append = " libgcc"
13KERNEL_CC_append = " ${TOOLCHAIN_OPTIONS}"
14KERNEL_LD_append = " ${TOOLCHAIN_OPTIONS}"
15
16SCMVERSION ?= "y"
17DELTA_KERNEL_DEFCONFIG ?= ""
18do_configure_prepend() {
19 # copy desired defconfig so we pick it up for the real kernel_do_configure
20 cp ${KERNEL_DEFCONFIG} ${B}/.config
21
22 # add config fragments
23 for deltacfg in ${DELTA_KERNEL_DEFCONFIG}; do
24 if [ -f "${deltacfg}" ]; then
25 ${S}/scripts/kconfig/merge_config.sh -m .config ${deltacfg}
26 elif [ -f "${S}/arch/powerpc/configs/${deltacfg}" ]; then
27 ${S}/scripts/kconfig/merge_config.sh -m .config \
28 ${S}/arch/powerpc/configs/${deltacfg}
29 fi
30 done
31
32 #add git revision to the local version
33 if [ "${SCMVERSION}" = "y" ]; then
34 # append sdk version if SDK_VERSION is defined
35 sdkversion=''
36 if [ -n "${SDK_VERSION}" ]; then
37 sdkversion="-${SDK_VERSION}"
38 fi
39 head=`git --git-dir=${S}/.git rev-parse --verify --short HEAD 2> /dev/null`
40 printf "%s%s%s" $sdkversion +g $head > ${B}/.scmversion
41 fi
42}
43
44# make everything compatible for the time being
45COMPATIBLE_MACHINE_$MACHINE = "$MACHINE"
46
diff --git a/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb
new file mode 100644
index 00000000..1e9e4761
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -0,0 +1,43 @@
1require recipes-kernel/linux/linux-qoriq.inc
2
3SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \
4 file://powerpc-Fix-64-bit-builds-with-binutils-2.24.patch \
5 file://Fix-for-CVE-2014-5045-fs-umount-on-symlink-leak.patch \
6 file://Fix-CVE-2014-5077-sctp-inherit-auth-capable-on-INIT-collisions.patch \
7 file://Fix-CVE-2014-5471_CVE-2014-5472.patch \
8 file://modify-defconfig-t1040-nr-cpus.patch \
9 file://0001-mnt-CVE-2014-5206_CVE-2014-5207.patch \
10 file://0002-mnt-CVE-2014-5206_CVE-2014-5207.patch \
11 file://0003-mnt-CVE-2014-5206_CVE-2014-5207.patch \
12 file://0004-mnt-CVE-2014-5206_CVE-2014-5207.patch \
13 file://0005-mnt-CVE-2014-5206_CVE-2014-5207.patch \
14 file://udf-CVE-2014-6410.patch \
15 file://net-sctp-CVE-2014-0101.patch \
16 file://0001-HID-CVE-2014-3181.patch \
17 file://0002-HID-CVE-2014-3182.patch \
18 file://0003-HID-CVE-2014-3184.patch \
19 file://0004-USB-CVE-2014-3185.patch \
20 file://0001-kvm-iommu-CVE-2014-3601.patch \
21 file://0002-kvm-iommu-CVE-2014-8369.patch \
22 file://0001-net-sctp-CVE-2014-3673.patch \
23 file://0002-net-sctp-CVE-2014-3687.patch \
24 file://0003-net-sctp-CVE-2014-3688.patch \
25 file://auditsc-CVE-2014-3917.patch \
26 file://0001-ALSA-CVE-2014-4652.patch \
27 file://0002-ALSA-CVE-2014-4653.patch \
28 file://sctp-CVE-2014-4667.patch \
29 file://sctp-CVE-2014-7841.patch \
30 file://0001-ALSA-CVE-2014-4656.patch \
31 file://0002-ALSA-CVE-2014-4656.patch \
32 file://target-CVE-2014-4027.patch \
33 file://mm-2014-3122.patch \
34 file://0001-shmem-CVE-2014-4171.patch \
35 file://0002-shmem-CVE-2014-4171.patch \
36 file://0003-shmem-CVE-2014-4171.patch \
37 file://fs-CVE-2014-4014.patch \
38 file://tracing-CVE-2014-7825_CVE-2014-7826.patch \
39 file://security-keys-CVE-2014-9529.patch \
40 file://eCryptfs-CVE-2014-9683.patch \
41"
42SRCREV = "6619b8b55796cdf0cec04b66a71288edd3057229"
43
diff --git a/meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend b/meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend
new file mode 100644
index 00000000..5ff765d4
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/lttng/lttng-modules_%.bbappend
@@ -0,0 +1,2 @@
1inherit qoriq_build_64bit_kernel
2
diff --git a/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb b/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb
new file mode 100644
index 00000000..2d5e3165
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb
@@ -0,0 +1,33 @@
1DESCRIPTION = "pkc host driver"
2SECTION = "pkc-host"
3LICENSE = "GPLv2"
4LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=6a26ed8e76a8ea2e019c525369ed0f03"
5
6inherit module qoriq_build_64bit_kernel
7RDEPENDS_${PN} += "cryptodev-module"
8
9# Currently pkc-host does not support RSA_KEYGEN, remove this
10# if it is fixed.
11REQUIRED_DISTRO_FEATURES = "c29x_pkc"
12
13SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-host.git;nobranch=1"
14SRCREV = "cae512c94e2a26cc6b0d6393d307cdea2d7282c9"
15
16S = "${WORKDIR}/git"
17
18EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
19
20do_install() {
21 install -d ${D}/lib/modules/c2x0
22 install -d ${D}/etc/crypto
23 install -d ${D}/${bindir}
24 cp ${S}/*.ko ${D}/lib/modules/c2x0
25 cp ${S}/crypto.cfg ${D}/etc/crypto
26 cp ${S}/images/pkc-firmware.bin ${D}/etc/crypto
27 cp ${S}/perf/mini_calc/mini_calc ${D}/${bindir}
28 cp ${S}/apps/cli/cli ${D}/${bindir}
29 cp ${S}/perf/c29x_driver_perf_profile.sh ${D}/${bindir}
30}
31
32
33FILES_${PN} += "${bindir}/mini_calc ${bindir}/cli ${bindir}/c29x_driver_perf_profile.sh /etc/crypto/crypto.cfg /etc/crypto/pkc-firmware.bin"
diff --git a/meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb b/meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb
new file mode 100644
index 00000000..c08f057f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/qoriq-debug/qoriq-debug_git.bb
@@ -0,0 +1,15 @@
1DESCRIPTION = "QorIQ Debug File System Module"
2SECTION = "qoriq-debug"
3LICENSE = "GPLv2+"
4LIC_FILES_CHKSUM = "file://COPYING;md5=e29234dd5d40dc352cc60cc0c93437ba"
5
6inherit module autotools-brokensep qoriq_build_64bit_kernel
7
8SRC_URI = "git://git.freescale.com/ppc/sdk/qoriq-debug.git;nobranch=1"
9SRCREV = "20615c1ea332102635f8314cee5787c48c1a4254"
10
11S = "${WORKDIR}/git"
12
13EXTRA_OECONF += "--with-linux=${STAGING_KERNEL_DIR}"
14EXTRA_OEMAKE += 'SYSROOT="${D}"'
15
diff --git a/meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb b/meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb
new file mode 100644
index 00000000..5e6b0858
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/skmm-host/skmm-host_git.bb
@@ -0,0 +1,15 @@
1DESCRIPTION = "skmm host driver offload data to PCIe EP and push the data en-decrypted back to application"
2SECTION = "c293-skmm-host"
3LICENSE = "Freescale-EULA"
4LIC_FILES_CHKSUM = "file://Makefile;endline=7;md5=edffaac1da9e809ade0d2fcfcc18d8df"
5
6inherit module qoriq_build_64bit_kernel
7
8SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-host.git;nobranch=1"
9SRCREV = "97c9241a359edccdf8913cb9accbfe4ceb511523"
10
11S = "${WORKDIR}/git"
12
13EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
14
15FILES_${PN} += "/etc/skmm/ /usr/bin/"
diff --git a/meta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb b/meta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb
new file mode 100755
index 00000000..51e1475a
--- /dev/null
+++ b/meta-fsl-ppc/recipes-kernel/uio-seville/uio-seville_0.1.bb
@@ -0,0 +1,15 @@
1DESCRIPTION = "UIO driver for T1040 L2 Switch"
2LICENSE = "GPLv2"
3LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
4
5SRC_URI = "git://git.freescale.com/ppc/sdk/l2switch-uio.git;branch=sdk-v1.7.x"
6SRCREV = "35af73f3ba00745777f32787400d9eb0317d7ff5"
7
8inherit module
9
10S = "${WORKDIR}/git/uio-driver"
11
12COMPATIBLE_MACHINE ?= "(none)"
13COMPATIBLE_MACHINE_t1040 = ".*"
14COMPATIBLE_MACHINE_t1042 = ".*"
15
diff --git a/meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb b/meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb
new file mode 100644
index 00000000..599bce28
--- /dev/null
+++ b/meta-fsl-ppc/recipes-virtualization/hv-cfg/hv-cfg_git.bb
@@ -0,0 +1,52 @@
1DESCRIPTION = "Hypervisor Config"
2SECTION = "hv-cfg"
3LICENSE = "BSD"
4PR = "r6"
5
6LIC_FILES_CHKSUM = " \
7 file://p2041rdb/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
8 file://p3041ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
9 file://p4080ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
10 file://p5020ds/LICENSE;md5=96dd72f26e9bb861de5c76c60e35e1bc \
11"
12
13DEPENDS += "dtc-native"
14
15# this package is specific to the machine itself
16INHIBIT_DEFAULT_DEPS = "1"
17PACKAGE_ARCH = "${MACHINE_ARCH}"
18
19inherit deploy
20
21SRC_URI = "git://git.freescale.com/ppc/sdk/hv-cfg.git;nobranch=1"
22SRCREV = "f79080739851b3a3dfcd435f2ef1572459a4313c"
23
24S = "${WORKDIR}/git"
25
26do_install () {
27 make install
28
29 M=`echo ${MACHINE} | sed s/-64b//g`
30 if [ "t1042rdb" = "${M}" ];then
31 M=t1040rdb
32 fi
33 install -d ${D}/boot/hv-cfg
34 cp -r ${S}/${M}/${M}/* ${D}/boot/hv-cfg
35}
36
37do_deploy () {
38 M=`echo ${MACHINE} | sed s/-64b//g`
39 if [ "t1042rdb" = "${M}" ];then
40 M=t1040rdb
41 fi
42 install -d ${DEPLOYDIR}/hv-cfg
43 cp -r ${S}/${M}/${M}/* ${DEPLOYDIR}/hv-cfg
44}
45addtask deploy after do_install
46
47PACKAGES += "${PN}-image"
48FILES_${PN}-image += "/boot"
49
50COMPATIBLE_HOST_qoriq-ppc = ".*"
51COMPATIBLE_HOST ?= "(none)"
52ALLOW_EMPTY_${PN} = "1"
diff --git a/meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules b/meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules
new file mode 100644
index 00000000..5edfa113
--- /dev/null
+++ b/meta-fsl-ppc/recipes-virtualization/hypervisor/files/81-fsl-embedded-hv.rules
@@ -0,0 +1,2 @@
1# Add rule to handle setting up device node for FSL HV mgmt driver
2SUBSYSTEM=="misc", KERNEL=="fsl-hv", NAME="fsl-hv"
diff --git a/meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb b/meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb
new file mode 100644
index 00000000..3a7f838f
--- /dev/null
+++ b/meta-fsl-ppc/recipes-virtualization/hypervisor/hypervisor_git.bb
@@ -0,0 +1,94 @@
1DESCRIPTION = "Freescale embedded hypervisor"
2SECTION = "embedded-hv"
3LICENSE = "BSD"
4LIC_FILES_CHKSUM = "file://README;endline=22;md5=0655bbc3b7d7166c30c87208b4e23cf0"
5
6PR = "r3"
7
8DEPENDS = "u-boot-mkimage-native"
9
10inherit deploy
11
12# TODO: fix dtc to use the already built package
13SRC_URI = " \
14 git://git.freescale.com/ppc/sdk/hypervisor/hypervisor.git;name=hypervisor;nobranch=1 \
15 git://git.freescale.com/ppc/sdk/hypervisor/kconfig.git;name=kconfig;destsuffix=git/kconfig;nobranch=1 \
16 git://git.freescale.com/ppc/sdk/hypervisor/libos.git;name=libos;destsuffix=git/libos;nobranch=1 \
17 git://git.kernel.org/pub/scm/utils/dtc/dtc.git;name=dtc;destsuffix=dtc \
18 git://git.freescale.com/ppc/sdk/hypertrk.git;name=hypertrk;destsuffix=git/hypertrk;nobranch=1 \
19 file://81-fsl-embedded-hv.rules \
20 "
21
22SRCREV_FORMAT="hypervisor"
23SRCREV = "99b04d937b944d57b2685b55584e982d8e36dd41"
24SRCREV_kconfig = "a56025d4da992b856796b0eccac2e410d751dbac"
25SRCREV_libos = "819bda2a913bc1f6afb43f5f2b026da5872866ea"
26SRCREV_dtc = "a6d55e039fd22048687fe061b4609e2807efe764"
27SRCREV_hypertrk = "975c98b562186afbd3bbf103ae54b96cf9b3e533"
28
29S = "${WORKDIR}/git"
30
31OUTPUT ?= "output32"
32OUTPUT_powerpc64 = "output64"
33
34EXTRA_OEMAKE = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${TARGET_PREFIX}gcc ${TOOLCHAIN_OPTIONS}" O="${OUTPUT}"'
35
36DEFCONFIG = "defconfig"
37DEFCONFIG_powerpc64 = "64bit_defconfig"
38
39COMPATIBLE_HOST_qoriq-ppc = ".*"
40COMPATIBLE_HOST ?= "(none)"
41
42inherit cml1
43do_configure () {
44 oe_runmake ${DEFCONFIG}
45}
46
47PKG_HV_HYPERTRK_SUPPORT = "n"
48do_compile () {
49 if [ "${PKG_HV_HYPERTRK_SUPPORT}" = "y" ]
50 then
51 oe_runmake silentoldconfig
52 export HV_DIR=$PWD
53 cd hypertrk
54 oe_runmake deploy
55 cd ..
56 fi
57
58 oe_runmake
59 oe_runmake partman
60}
61
62do_install () {
63 install -d ${D}/${bindir}
64 install ${B}/${OUTPUT}/bin/linux/partman ${D}/${bindir}/partman
65
66 install -d ${D}${sysconfdir}/udev/rules.d
67 install -m 0644 ${WORKDIR}/81-fsl-embedded-hv.rules ${D}${sysconfdir}/udev/rules.d
68
69 install -d ${D}/boot/hv
70 install ${B}/${OUTPUT}/.config ${D}/boot/hv/hypervisor.config
71 install -m 644 ${B}/${OUTPUT}/bin/hv ${B}/${OUTPUT}/bin/hv.map \
72 ${B}/${OUTPUT}/bin/hv.uImage ${B}/${OUTPUT}/bin/hv.bin \
73 ${D}/boot/hv/
74}
75
76do_deploy () {
77 install -d ${DEPLOYDIR}/hv/
78 install ${B}/${OUTPUT}/.config ${DEPLOYDIR}/hv/hypervisor.config
79 install -m 644 ${B}/${OUTPUT}/bin/hv ${B}/${OUTPUT}/bin/hv.map \
80 ${B}/${OUTPUT}/bin/hv.uImage ${B}/${OUTPUT}/bin/hv.bin \
81 ${DEPLOYDIR}/hv/
82}
83addtask deploy before do_build after do_install
84
85do_deploy_append() {
86 rm -f ${B}/../hv
87}
88
89INSANE_SKIP_${PN} = 'already-stripped'
90INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
91ALLOW_EMPTY_${PN} = "1"
92PACKAGES_prepend = "${PN}-image ${PN}-partman "
93FILES_${PN}-image = "/boot/"
94FILES_${PN}-partman = "${bindir}/partman"
diff --git a/meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz b/meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz
new file mode 100644
index 00000000..d8f20147
--- /dev/null
+++ b/meta-fsl-ppc/recipes-virtualization/mux-server/files/mux-server-1.02.tar.gz
Binary files differ
diff --git a/meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb b/meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb
new file mode 100644
index 00000000..ab9cce1c
--- /dev/null
+++ b/meta-fsl-ppc/recipes-virtualization/mux-server/mux-server_1.02.bb
@@ -0,0 +1,16 @@
1DESCRIPTION = "A Linux-based utility supporting console multiplexing and demultiplexing"
2SECTION = "mux-server"
3LICENSE = "LGPL-2.1"
4# TODO: add a dedicated COPYING file
5LIC_FILES_CHKSUM = "file://mux_server.c;endline=9;md5=e59eeb0812bb88b7af2d932f2dc22aed"
6
7SRC_URI = "file://mux-server-${PV}.tar.gz;name=mux_server"
8
9EXTRA_OEMAKE='HOSTCC="${CC}"'
10
11do_install () {
12 install -d ${D}${bindir}
13 install -m 755 mux_server ${D}${bindir}
14}
15
16BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf
new file mode 100644
index 00000000..cc22fa13
--- /dev/null
+++ b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt/qoriq-ppc/qemu.conf
@@ -0,0 +1,465 @@
1# Master configuration file for the QEMU driver.
2# All settings described here are optional - if omitted, sensible
3# defaults are used.
4
5# VNC is configured to listen on 127.0.0.1 by default.
6# To make it listen on all public interfaces, uncomment
7# this next option.
8#
9# NB, strong recommendation to enable TLS + x509 certificate
10# verification when allowing public access
11#
12#vnc_listen = "0.0.0.0"
13
14# Enable this option to have VNC served over an automatically created
15# unix socket. This prevents unprivileged access from users on the
16# host machine, though most VNC clients do not support it.
17#
18# This will only be enabled for VNC configurations that do not have
19# a hardcoded 'listen' or 'socket' value. This setting takes preference
20# over vnc_listen.
21#
22#vnc_auto_unix_socket = 1
23
24# Enable use of TLS encryption on the VNC server. This requires
25# a VNC client which supports the VeNCrypt protocol extension.
26# Examples include vinagre, virt-viewer, virt-manager and vencrypt
27# itself. UltraVNC, RealVNC, TightVNC do not support this
28#
29# It is necessary to setup CA and issue a server certificate
30# before enabling this.
31#
32#vnc_tls = 1
33
34
35# Use of TLS requires that x509 certificates be issued. The
36# default it to keep them in /etc/pki/libvirt-vnc. This directory
37# must contain
38#
39# ca-cert.pem - the CA master certificate
40# server-cert.pem - the server certificate signed with ca-cert.pem
41# server-key.pem - the server private key
42#
43# This option allows the certificate directory to be changed
44#
45#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
46
47
48# The default TLS configuration only uses certificates for the server
49# allowing the client to verify the server's identity and establish
50# an encrypted channel.
51#
52# It is possible to use x509 certificates for authentication too, by
53# issuing a x509 certificate to every client who needs to connect.
54#
55# Enabling this option will reject any client who does not have a
56# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
57#
58#vnc_tls_x509_verify = 1
59
60
61# The default VNC password. Only 8 letters are significant for
62# VNC passwords. This parameter is only used if the per-domain
63# XML config does not already provide a password. To allow
64# access without passwords, leave this commented out. An empty
65# string will still enable passwords, but be rejected by QEMU,
66# effectively preventing any use of VNC. Obviously change this
67# example here before you set this.
68#
69#vnc_password = "XYZ12345"
70
71
72# Enable use of SASL encryption on the VNC server. This requires
73# a VNC client which supports the SASL protocol extension.
74# Examples include vinagre, virt-viewer and virt-manager
75# itself. UltraVNC, RealVNC, TightVNC do not support this
76#
77# It is necessary to configure /etc/sasl2/qemu.conf to choose
78# the desired SASL plugin (eg, GSSPI for Kerberos)
79#
80#vnc_sasl = 1
81
82
83# The default SASL configuration file is located in /etc/sasl2/
84# When running libvirtd unprivileged, it may be desirable to
85# override the configs in this location. Set this parameter to
86# point to the directory, and create a qemu.conf in that location
87#
88#vnc_sasl_dir = "/some/directory/sasl2"
89
90
91# QEMU implements an extension for providing audio over a VNC connection,
92# though if your VNC client does not support it, your only chance for getting
93# sound output is through regular audio backends. By default, libvirt will
94# disable all QEMU sound backends if using VNC, since they can cause
95# permissions issues. Enabling this option will make libvirtd honor the
96# QEMU_AUDIO_DRV environment variable when using VNC.
97#
98#vnc_allow_host_audio = 0
99
100
101
102# SPICE is configured to listen on 127.0.0.1 by default.
103# To make it listen on all public interfaces, uncomment
104# this next option.
105#
106# NB, strong recommendation to enable TLS + x509 certificate
107# verification when allowing public access
108#
109#spice_listen = "0.0.0.0"
110
111
112# Enable use of TLS encryption on the SPICE server.
113#
114# It is necessary to setup CA and issue a server certificate
115# before enabling this.
116#
117#spice_tls = 1
118
119
120# Use of TLS requires that x509 certificates be issued. The
121# default it to keep them in /etc/pki/libvirt-spice. This directory
122# must contain
123#
124# ca-cert.pem - the CA master certificate
125# server-cert.pem - the server certificate signed with ca-cert.pem
126# server-key.pem - the server private key
127#
128# This option allows the certificate directory to be changed.
129#
130#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
131
132
133# The default SPICE password. This parameter is only used if the
134# per-domain XML config does not already provide a password. To
135# allow access without passwords, leave this commented out. An
136# empty string will still enable passwords, but be rejected by
137# QEMU, effectively preventing any use of SPICE. Obviously change
138# this example here before you set this.
139#
140#spice_password = "XYZ12345"
141
142
143# Enable use of SASL encryption on the SPICE server. This requires
144# a SPICE client which supports the SASL protocol extension.
145#
146# It is necessary to configure /etc/sasl2/qemu.conf to choose
147# the desired SASL plugin (eg, GSSPI for Kerberos)
148#
149#spice_sasl = 1
150
151# The default SASL configuration file is located in /etc/sasl2/
152# When running libvirtd unprivileged, it may be desirable to
153# override the configs in this location. Set this parameter to
154# point to the directory, and create a qemu.conf in that location
155#
156#spice_sasl_dir = "/some/directory/sasl2"
157
158
159# By default, if no graphical front end is configured, libvirt will disable
160# QEMU audio output since directly talking to alsa/pulseaudio may not work
161# with various security settings. If you know what you're doing, enable
162# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV
163# environment variable when using nographics.
164#
165#nographics_allow_host_audio = 1
166
167
168# Override the port for creating both VNC and SPICE sessions (min).
169# This defaults to 5900 and increases for consecutive sessions
170# or when ports are occupied, until it hits the maximum.
171#
172# Minimum must be greater than or equal to 5900 as lower number would
173# result into negative vnc display number.
174#
175# Maximum must be less than 65536, because higher numbers do not make
176# sense as a port number.
177#
178#remote_display_port_min = 5900
179#remote_display_port_max = 65535
180
181# VNC WebSocket port policies, same rules apply as with remote display
182# ports. VNC WebSockets use similar display <-> port mappings, with
183# the exception being that ports starts from 5700 instead of 5900.
184#
185#remote_websocket_port_min = 5700
186#remote_websocket_port_max = 65535
187
188# The default security driver is SELinux. If SELinux is disabled
189# on the host, then the security driver will automatically disable
190# itself. If you wish to disable QEMU SELinux security driver while
191# leaving SELinux enabled for the host in general, then set this
192# to 'none' instead. It's also possible to use more than one security
193# driver at the same time, for this use a list of names separated by
194# comma and delimited by square brackets. For example:
195#
196# security_driver = [ "selinux", "apparmor" ]
197#
198# Notes: The DAC security driver is always enabled; as a result, the
199# value of security_driver cannot contain "dac". The value "none" is
200# a special value; security_driver can be set to that value in
201# isolation, but it cannot appear in a list of drivers.
202#
203#security_driver = "selinux"
204
205# If set to non-zero, then the default security labeling
206# will make guests confined. If set to zero, then guests
207# will be unconfined by default. Defaults to 1.
208#security_default_confined = 1
209
210# If set to non-zero, then attempts to create unconfined
211# guests will be blocked. Defaults to 0.
212#security_require_confined = 1
213
214# The user for QEMU processes run by the system instance. It can be
215# specified as a user name or as a user id. The qemu driver will try to
216# parse this value first as a name and then, if the name doesn't exist,
217# as a user id.
218#
219# Since a sequence of digits is a valid user name, a leading plus sign
220# can be used to ensure that a user id will not be interpreted as a user
221# name.
222#
223# Some examples of valid values are:
224#
225# user = "qemu" # A user named "qemu"
226# user = "+0" # Super user (uid=0)
227# user = "100" # A user named "100" or a user with uid=100
228#
229#user = "root"
230
231# The group for QEMU processes run by the system instance. It can be
232# specified in a similar way to user.
233#group = "root"
234
235# Whether libvirt should dynamically change file ownership
236# to match the configured user/group above. Defaults to 1.
237# Set to 0 to disable file ownership changes.
238#dynamic_ownership = 1
239
240
241# What cgroup controllers to make use of with QEMU guests
242#
243# - 'cpu' - use for schedular tunables
244# - 'devices' - use for device whitelisting
245# - 'memory' - use for memory tunables
246# - 'blkio' - use for block devices I/O tunables
247# - 'cpuset' - use for CPUs and memory nodes
248# - 'cpuacct' - use for CPUs statistics.
249#
250# NB, even if configured here, they won't be used unless
251# the administrator has mounted cgroups, e.g.:
252#
253# mkdir /dev/cgroup
254# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup
255#
256# They can be mounted anywhere, and different controllers
257# can be mounted in different locations. libvirt will detect
258# where they are located.
259#
260#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
261
262# This is the basic set of devices allowed / required by
263# all virtual machines.
264#
265# As well as this, any configured block backed disks,
266# all sound device, and all PTY devices are allowed.
267#
268# This will only need setting if newer QEMU suddenly
269# wants some device we don't already know about.
270#
271cgroup_device_acl = [
272 "/dev/null", "/dev/full", "/dev/zero",
273 "/dev/random", "/dev/urandom",
274 "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
275 "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio", "/dev/net/tun"
276]
277
278
279# The default format for Qemu/KVM guest save images is raw; that is, the
280# memory from the domain is dumped out directly to a file. If you have
281# guests with a large amount of memory, however, this can take up quite
282# a bit of space. If you would like to compress the images while they
283# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
284# for save_image_format. Note that this means you slow down the process of
285# saving a domain in order to save disk space; the list above is in descending
286# order by performance and ascending order by compression ratio.
287#
288# save_image_format is used when you use 'virsh save' or 'virsh managedsave'
289# at scheduled saving, and it is an error if the specified save_image_format
290# is not valid, or the requested compression program can't be found.
291#
292# dump_image_format is used when you use 'virsh dump' at emergency
293# crashdump, and if the specified dump_image_format is not valid, or
294# the requested compression program can't be found, this falls
295# back to "raw" compression.
296#
297# snapshot_image_format specifies the compression algorithm of the memory save
298# image when an external snapshot of a domain is taken. This does not apply
299# on disk image format. It is an error if the specified format isn't valid,
300# or the requested compression program can't be found.
301#
302#save_image_format = "raw"
303#dump_image_format = "raw"
304#snapshot_image_format = "raw"
305
306# When a domain is configured to be auto-dumped when libvirtd receives a
307# watchdog event from qemu guest, libvirtd will save dump files in directory
308# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
309#
310#auto_dump_path = "/var/lib/libvirt/qemu/dump"
311
312# When a domain is configured to be auto-dumped, enabling this flag
313# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
314# virDomainCoreDump API. That is, the system will avoid using the
315# file system cache while writing the dump file, but may cause
316# slower operation.
317#
318#auto_dump_bypass_cache = 0
319
320# When a domain is configured to be auto-started, enabling this flag
321# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
322# with the virDomainCreateWithFlags API. That is, the system will
323# avoid using the file system cache when restoring any managed state
324# file, but may cause slower operation.
325#
326#auto_start_bypass_cache = 0
327
328# If provided by the host and a hugetlbfs mount point is configured,
329# a guest may request huge page backing. When this mount point is
330# unspecified here, determination of a host mount point in /proc/mounts
331# will be attempted. Specifying an explicit mount overrides detection
332# of the same in /proc/mounts. Setting the mount point to "" will
333# disable guest hugepage backing.
334#
335# NB, within this mount point, guests will create memory backing files
336# in a location of $MOUNTPOINT/libvirt/qemu
337#
338#hugetlbfs_mount = "/dev/hugepages"
339
340
341# Path to the setuid helper for creating tap devices. This executable
342# is used to create <source type='bridge'> interfaces when libvirtd is
343# running unprivileged. libvirt invokes the helper directly, instead
344# of using "-netdev bridge", for security reasons.
345#bridge_helper = "/usr/libexec/qemu-bridge-helper"
346
347
348
349# If clear_emulator_capabilities is enabled, libvirt will drop all
350# privileged capabilities of the QEmu/KVM emulator. This is enabled by
351# default.
352#
353# Warning: Disabling this option means that a compromised guest can
354# exploit the privileges and possibly do damage to the host.
355#
356#clear_emulator_capabilities = 1
357
358
359# If enabled, libvirt will have QEMU set its process name to
360# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU
361# process will appear as "qemu:VM_NAME" in process listings and
362# other system monitoring tools. By default, QEMU does not set
363# its process title, so the complete QEMU command (emulator and
364# its arguments) appear in process listings.
365#
366#set_process_name = 1
367
368
369# If max_processes is set to a positive integer, libvirt will use
370# it to set the maximum number of processes that can be run by qemu
371# user. This can be used to override default value set by host OS.
372# The same applies to max_files which sets the limit on the maximum
373# number of opened files.
374#
375#max_processes = 0
376#max_files = 0
377
378
379
380# mac_filter enables MAC addressed based filtering on bridge ports.
381# This currently requires ebtables to be installed.
382#
383#mac_filter = 1
384
385
386# By default, PCI devices below non-ACS switch are not allowed to be assigned
387# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
388# be assigned to guests.
389#
390#relaxed_acs_check = 1
391
392
393# If allow_disk_format_probing is enabled, libvirt will probe disk
394# images to attempt to identify their format, when not otherwise
395# specified in the XML. This is disabled by default.
396#
397# WARNING: Enabling probing is a security hole in almost all
398# deployments. It is strongly recommended that users update their
399# guest XML <disk> elements to include <driver type='XXXX'/>
400# elements instead of enabling this option.
401#
402#allow_disk_format_probing = 1
403
404
405# To enable 'Sanlock' project based locking of the file
406# content (to prevent two VMs writing to the same
407# disk), uncomment this
408#
409#lock_manager = "sanlock"
410
411
412
413# Set limit of maximum APIs queued on one domain. All other APIs
414# over this threshold will fail on acquiring job lock. Specially,
415# setting to zero turns this feature off.
416# Note, that job lock is per domain.
417#
418#max_queued = 0
419
420###################################################################
421# Keepalive protocol:
422# This allows qemu driver to detect broken connections to remote
423# libvirtd during peer-to-peer migration. A keepalive message is
424# sent to the deamon after keepalive_interval seconds of inactivity
425# to check if the deamon is still responding; keepalive_count is a
426# maximum number of keepalive messages that are allowed to be sent
427# to the deamon without getting any response before the connection
428# is considered broken. In other words, the connection is
429# automatically closed approximately after
430# keepalive_interval * (keepalive_count + 1) seconds since the last
431# message received from the deamon. If keepalive_interval is set to
432# -1, qemu driver will not send keepalive requests during
433# peer-to-peer migration; however, the remote libvirtd can still
434# send them and source libvirtd will send responses. When
435# keepalive_count is set to 0, connections will be automatically
436# closed after keepalive_interval seconds of inactivity without
437# sending any keepalive messages.
438#
439#keepalive_interval = 5
440#keepalive_count = 5
441
442
443
444# Use seccomp syscall whitelisting in QEMU.
445# 1 = on, 0 = off, -1 = use QEMU default
446# Defaults to -1.
447#
448#seccomp_sandbox = 1
449
450
451
452# Override the listen address for all incoming migrations. Defaults to
453# 0.0.0.0 or :: in case if both host and qemu are capable of IPv6.
454#migration_address = "127.0.0.1"
455
456
457# Override the port range used for incoming migrations.
458#
459# Minimum must be greater than 0, however when QEMU is not running as root,
460# setting the minimum to be lower than 1024 will not work.
461#
462# Maximum must not be greater than 65535.
463#
464#migration_port_min = 49152
465#migration_port_max = 49215
diff --git a/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend
new file mode 100644
index 00000000..c7e6d32e
--- /dev/null
+++ b/meta-fsl-ppc/virtualization-layer/recipes-extended/libvirt/libvirt_%.bbappend
@@ -0,0 +1,9 @@
1PACKAGECONFIG_qoriq-ppc = "qemu yajl lxc test remote macvtap libvirtd netcf udev python"
2
3FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
4SRC_URI_append_qoriq-ppc = " file://qemu.conf"
5
6do_install_append_qoriq-ppc() {
7 install -m 0644 ${WORKDIR}/qemu.conf ${D}${sysconfdir}/libvirt/qemu.conf
8}
9