summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity
diff options
context:
space:
mode:
authorChunrong Guo <chunrong.guo@nxp.com>2017-11-15 13:26:10 +0800
committerOtavio Salvador <otavio@ossystems.com.br>2017-11-16 11:09:27 -0200
commitaaf2c4beb205e9f9eef1b8a9732468acb7f1a4ee (patch)
tree35d88f0e454ca7703cbba91c740bbe8e02e8eac0 /recipes-connectivity
parentd709b2e285633fad2818baf53f3f1ddd35cf8527 (diff)
downloadmeta-freescale-aaf2c4beb205e9f9eef1b8a9732468acb7f1a4ee.tar.gz
openssl-qoriq: update recipes
*Update URL to fetch qoriq-open-source github *Update to b9e6572 This includes the following changes: b9e6572 - eng_cryptodev: add support for TLS algorithms offload b3a3bab - Prepare for 1.0.2l release 539c4d3 - make update cde19ec - Update CHANGES and NEWS for new release 8ded5f1 - Ignore -rle and -comp when compiled with OPENSSL_NO_COMP. Fixes make test when configured with no-comp. d130456 - Fix regression in openssl req -x509 behaviour. 7c300b9 - Remove notification settings from appveyor.yml b020bf6 - Remove dead code. ea3fc60 - Copy custom extension flags in a call to SSL_set_SSL_CTX() 4ae5993 - perlasm/x86_64-xlate.pl: work around problem with hex constants in masm. 16d78fb - Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME 6b8fa5b - RT2867: des_ede3_cfb1 ignored "size in bits" flag 5453820 - Fix URL links in comment d2335f3 - Fix time offset calculation. 13f70ae - Check fflush on BIO_ctrl call de46e82 - Remove unnecessary loop in pkey_rsa_decrypt. b99f102 - check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD fb2345a - Annotate ASN.1 attributes of the jurisdictionCountryName NID 60a70a5 - Fixed typo in X509_STORE_CTX_new description 74bcd77 - Numbers greater than 1 are usually non-negative. e8f2e2f - pkeyutl exit with 0 if the verification succeeded 71d66c4 - Additional check to handle BAD SSL_write retry a91bfe2 - crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 3f524f7 - Ensure dhparams can handle X9.42 params in DER 1f3b0fe - Add missing macros for DHxparams 248cf95 - Fix for #2730. Add CRLDP extension to list of supported extensions d75c56f - Free the compression methods in s_server and s_client 4bc46d - doc: Add stitched ciphers to EVP_EncryptInit.pod 8625e92 - doc: Add missing options in s_{server,client} 62f488d - Fix the error handling in CRYPTO_dup_ex_data. 144ab9b - Add documentation for SNI APIs *Openssl git includes all qoriq patches so remove qoriq patches folder Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Diffstat (limited to 'recipes-connectivity')
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq.inc6
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch69
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch343
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch61
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch319
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch1578
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch28
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch2050
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch155
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch64
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch163
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch43
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch53
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch100
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch321
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch199
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch338
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch377
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch72
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch48
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch73
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch93
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch35
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch260
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch37
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch34
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch155
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch108
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch90
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch91
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch106
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch46
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch27
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch26
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch26
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch110
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch46
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch28
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch29
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch30
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch95
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch49
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch69
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch52
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch76
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch38
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch26
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch28
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch29
-rw-r--r--recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb11
50 files changed, 5 insertions, 8305 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index 306da3a5..d7e4e331 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -22,9 +22,9 @@ python() {
22 d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) 22 d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
23} 23}
24 24
25SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ 25SRC_URI = "git://github.com/qoriq-open-source/openssl.git;nobranch=1"
26 " 26
27S = "${WORKDIR}/openssl-${PV}" 27S = "${WORKDIR}/git"
28 28
29PACKAGECONFIG[perl] = ",,," 29PACKAGECONFIG[perl] = ",,,"
30 30
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
deleted file mode 100644
index 67314cd2..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch
+++ /dev/null
@@ -1,69 +0,0 @@
1From 90d5822f09f0b6a0f1d8d2e7189e702a18686ab7 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 10 Sep 2013 12:46:46 +0300
4Subject: [PATCH 01/48] remove double initialization of cryptodev engine
5
6cryptodev engine is initialized together with the other engines in
7ENGINE_load_builtin_engines. The initialization done through
8OpenSSL_add_all_algorithms is redundant.
9
10Change-Id: Ic9488500967595543ff846f147b36f383db7cb27
11Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
12Reviewed-on: http://git.am.freescale.net:8181/17222
13---
14 crypto/engine/eng_all.c | 12 ------------
15 crypto/engine/engine.h | 4 ----
16 util/libeay.num | 2 +-
17 3 files changed, 1 insertion(+), 17 deletions(-)
18
19diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
20index 48ad0d2..a198c5f 100644
21--- a/crypto/engine/eng_all.c
22+++ b/crypto/engine/eng_all.c
23@@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void)
24 #endif
25 ENGINE_register_all_complete();
26 }
27-
28-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
29-void ENGINE_setup_bsd_cryptodev(void)
30-{
31- static int bsd_cryptodev_default_loaded = 0;
32- if (!bsd_cryptodev_default_loaded) {
33- ENGINE_load_cryptodev();
34- ENGINE_register_all_complete();
35- }
36- bsd_cryptodev_default_loaded = 1;
37-}
38-#endif
39diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
40index bd7b591..020d912 100644
41--- a/crypto/engine/engine.h
42+++ b/crypto/engine/engine.h
43@@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
44 */
45 void *ENGINE_get_static_state(void);
46
47-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
48-void ENGINE_setup_bsd_cryptodev(void);
49-# endif
50-
51 /* BEGIN ERROR CODES */
52 /*
53 * The following lines are auto generated by the script mkerr.pl. Any changes
54diff --git a/util/libeay.num b/util/libeay.num
55index 2094ab3..2742cf5 100755
56--- a/util/libeay.num
57+++ b/util/libeay.num
58@@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION:
59 BUF_strlcpy 3243 EXIST::FUNCTION:
60 OpenSSLDie 3244 EXIST::FUNCTION:
61 OPENSSL_cleanse 3245 EXIST::FUNCTION:
62-ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
63+ENGINE_setup_bsd_cryptodev 3246 NOEXIST::FUNCTION:
64 ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
65 EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
66 FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
67--
682.7.3
69
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
deleted file mode 100644
index a5c0f6db..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch
+++ /dev/null
@@ -1,343 +0,0 @@
1From 305ab3fd8a8620fd11f7aef7e42170ba205040a9 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 29 Aug 2013 16:51:18 +0300
4Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload
5
6- aes-128-cbc-hmac-sha1
7- aes-256-cbc-hmac-sha1
8
9Requires TLS patches on cryptodev and TLS algorithm support in Linux
10kernel driver.
11
12Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
13---
14 crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++--
15 1 file changed, 215 insertions(+), 11 deletions(-)
16
17diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
18index 2a2b95c..d4da7fb 100644
19--- a/crypto/engine/eng_cryptodev.c
20+++ b/crypto/engine/eng_cryptodev.c
21@@ -72,6 +72,9 @@ void ENGINE_load_cryptodev(void)
22 struct dev_crypto_state {
23 struct session_op d_sess;
24 int d_fd;
25+ unsigned char *aad;
26+ unsigned int aad_len;
27+ unsigned int len;
28 # ifdef USE_CRYPTODEV_DIGESTS
29 char dummy_mac_key[HASH_MAX_LEN];
30 unsigned char digest_res[HASH_MAX_LEN];
31@@ -142,24 +145,25 @@ static struct {
32 int nid;
33 int ivmax;
34 int keylen;
35+ int mackeylen;
36 } ciphers[] = {
37 {
38- CRYPTO_ARC4, NID_rc4, 0, 16,
39+ CRYPTO_ARC4, NID_rc4, 0, 16, 0
40 },
41 {
42- CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
43+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0
44 },
45 {
46- CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
47+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0
48 },
49 {
50- CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
51+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0
52 },
53 {
54- CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24,
55+ CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0
56 },
57 {
58- CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32,
59+ CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0
60 },
61 # ifdef CRYPTO_AES_CTR
62 {
63@@ -173,16 +177,22 @@ static struct {
64 },
65 # endif
66 {
67- CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
68+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0
69 },
70 {
71- CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
72+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0
73 },
74 {
75- CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
76+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
77 },
78 {
79- 0, NID_undef, 0, 0,
80+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
81+ },
82+ {
83+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
84+ },
85+ {
86+ 0, NID_undef, 0, 0, 0
87 },
88 };
89
90@@ -296,13 +306,15 @@ static int get_cryptodev_ciphers(const int **cnids)
91 }
92 memset(&sess, 0, sizeof(sess));
93 sess.key = (caddr_t) "123456789abcdefghijklmno";
94+ sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
95
96 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
97 if (ciphers[i].nid == NID_undef)
98 continue;
99 sess.cipher = ciphers[i].id;
100 sess.keylen = ciphers[i].keylen;
101- sess.mac = 0;
102+ sess.mackeylen = ciphers[i].mackeylen;
103+
104 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
105 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
106 nids[count++] = ciphers[i].nid;
107@@ -458,6 +470,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
108 return (1);
109 }
110
111+static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
112+ const unsigned char *in, size_t len)
113+{
114+ struct crypt_auth_op cryp;
115+ struct dev_crypto_state *state = ctx->cipher_data;
116+ struct session_op *sess = &state->d_sess;
117+ const void *iiv;
118+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
119+
120+ if (state->d_fd < 0)
121+ return (0);
122+ if (!len)
123+ return (1);
124+ if ((len % ctx->cipher->block_size) != 0)
125+ return (0);
126+
127+ memset(&cryp, 0, sizeof(cryp));
128+
129+ /* TODO: make a seamless integration with cryptodev flags */
130+ switch (ctx->cipher->nid) {
131+ case NID_aes_128_cbc_hmac_sha1:
132+ case NID_aes_256_cbc_hmac_sha1:
133+ cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
134+ }
135+ cryp.ses = sess->ses;
136+ cryp.len = state->len;
137+ cryp.src = (caddr_t) in;
138+ cryp.dst = (caddr_t) out;
139+ cryp.auth_src = state->aad;
140+ cryp.auth_len = state->aad_len;
141+
142+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
143+
144+ if (ctx->cipher->iv_len) {
145+ cryp.iv = (caddr_t) ctx->iv;
146+ if (!ctx->encrypt) {
147+ iiv = in + len - ctx->cipher->iv_len;
148+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
149+ }
150+ } else
151+ cryp.iv = NULL;
152+
153+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
154+ /*
155+ * XXX need better errror handling this can fail for a number of
156+ * different reasons.
157+ */
158+ return (0);
159+ }
160+
161+ if (ctx->cipher->iv_len) {
162+ if (ctx->encrypt)
163+ iiv = out + len - ctx->cipher->iv_len;
164+ else
165+ iiv = save_iv;
166+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
167+ }
168+ return (1);
169+}
170+
171 static int
172 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
173 const unsigned char *iv, int enc)
174@@ -497,6 +569,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
175 }
176
177 /*
178+ * Save the encryption key provided by upper layers. This function is called
179+ * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do
180+ * much here because the mac key is not available. The next call should/will
181+ * be to cryptodev_cbc_hmac_sha1_ctrl with parameter
182+ * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION
183+ * with both the crypto and hmac keys.
184+ */
185+static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
186+ const unsigned char *key,
187+ const unsigned char *iv, int enc)
188+{
189+ struct dev_crypto_state *state = ctx->cipher_data;
190+ struct session_op *sess = &state->d_sess;
191+ int cipher = -1, i;
192+
193+ for (i = 0; ciphers[i].id; i++)
194+ if (ctx->cipher->nid == ciphers[i].nid &&
195+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
196+ ctx->key_len == ciphers[i].keylen) {
197+ cipher = ciphers[i].id;
198+ break;
199+ }
200+
201+ if (!ciphers[i].id) {
202+ state->d_fd = -1;
203+ return (0);
204+ }
205+
206+ memset(sess, 0, sizeof(struct session_op));
207+
208+ sess->key = (caddr_t) key;
209+ sess->keylen = ctx->key_len;
210+ sess->cipher = cipher;
211+
212+ /* for whatever reason, (1) means success */
213+ return (1);
214+}
215+
216+/*
217 * free anything we allocated earlier when initting a
218 * session, and close the session.
219 */
220@@ -530,6 +641,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
221 return (ret);
222 }
223
224+static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
225+ int arg, void *ptr)
226+{
227+ switch (type) {
228+ case EVP_CTRL_AEAD_SET_MAC_KEY:
229+ {
230+ /* TODO: what happens with hmac keys larger than 64 bytes? */
231+ struct dev_crypto_state *state = ctx->cipher_data;
232+ struct session_op *sess = &state->d_sess;
233+
234+ if ((state->d_fd = get_dev_crypto()) < 0)
235+ return (0);
236+
237+ /* the rest should have been set in cryptodev_init_aead_key */
238+ sess->mackey = ptr;
239+ sess->mackeylen = arg;
240+
241+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
242+ put_dev_crypto(state->d_fd);
243+ state->d_fd = -1;
244+ return (0);
245+ }
246+ return (1);
247+ }
248+ case EVP_CTRL_AEAD_TLS1_AAD:
249+ {
250+ /* ptr points to the associated data buffer of 13 bytes */
251+ struct dev_crypto_state *state = ctx->cipher_data;
252+ unsigned char *p = ptr;
253+ unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
254+ unsigned int maclen, padlen;
255+ unsigned int bs = ctx->cipher->block_size;
256+
257+ state->aad = ptr;
258+ state->aad_len = arg;
259+ state->len = cryptlen;
260+
261+ /* TODO: this should be an extension of EVP_CIPHER struct */
262+ switch (ctx->cipher->nid) {
263+ case NID_aes_128_cbc_hmac_sha1:
264+ case NID_aes_256_cbc_hmac_sha1:
265+ maclen = SHA_DIGEST_LENGTH;
266+ }
267+
268+ /* space required for encryption (not only TLS padding) */
269+ padlen = maclen;
270+ if (ctx->encrypt) {
271+ cryptlen += maclen;
272+ padlen += bs - (cryptlen % bs);
273+ }
274+ return padlen;
275+ }
276+ default:
277+ return -1;
278+ }
279+}
280+
281 /*
282 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
283 * gets called when libcrypto requests a cipher NID.
284@@ -642,6 +810,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
285 NULL
286 };
287
288+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
289+ NID_aes_128_cbc_hmac_sha1,
290+ 16, 16, 16,
291+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
292+ cryptodev_init_aead_key,
293+ cryptodev_aead_cipher,
294+ cryptodev_cleanup,
295+ sizeof(struct dev_crypto_state),
296+ EVP_CIPHER_set_asn1_iv,
297+ EVP_CIPHER_get_asn1_iv,
298+ cryptodev_cbc_hmac_sha1_ctrl,
299+ NULL
300+};
301+
302+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
303+ NID_aes_256_cbc_hmac_sha1,
304+ 16, 32, 16,
305+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
306+ cryptodev_init_aead_key,
307+ cryptodev_aead_cipher,
308+ cryptodev_cleanup,
309+ sizeof(struct dev_crypto_state),
310+ EVP_CIPHER_set_asn1_iv,
311+ EVP_CIPHER_get_asn1_iv,
312+ cryptodev_cbc_hmac_sha1_ctrl,
313+ NULL
314+};
315+
316 # ifdef CRYPTO_AES_CTR
317 const EVP_CIPHER cryptodev_aes_ctr = {
318 NID_aes_128_ctr,
319@@ -730,6 +926,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
320 *cipher = &cryptodev_aes_ctr_256;
321 break;
322 # endif
323+ case NID_aes_128_cbc_hmac_sha1:
324+ *cipher = &cryptodev_aes_128_cbc_hmac_sha1;
325+ break;
326+ case NID_aes_256_cbc_hmac_sha1:
327+ *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
328+ break;
329 default:
330 *cipher = NULL;
331 break;
332@@ -1485,6 +1687,8 @@ void ENGINE_load_cryptodev(void)
333 }
334 put_dev_crypto(fd);
335
336+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
337+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
338 if (!ENGINE_set_id(engine, "cryptodev") ||
339 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
340 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
341--
3422.7.3
343
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
deleted file mode 100644
index c53ffc91..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch
+++ /dev/null
@@ -1,61 +0,0 @@
1From ce6fa215fa58e7ca7a81c70ce8c91f871a20a9dd Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 31 Jul 2014 14:06:19 +0300
4Subject: [PATCH 03/48] cryptodev: fix algorithm registration
5
6Cryptodev specific algorithms must register only if available in kernel.
7
8Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
9Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com>
10---
11 crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++---
12 1 file changed, 17 insertions(+), 3 deletions(-)
13
14diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
15index d4da7fb..49ed638 100644
16--- a/crypto/engine/eng_cryptodev.c
17+++ b/crypto/engine/eng_cryptodev.c
18@@ -135,6 +135,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
19 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
20 void (*f) (void));
21 void ENGINE_load_cryptodev(void);
22+const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
23+const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
24
25 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
26 {0, NULL, NULL, 0}
27@@ -390,7 +392,21 @@ static int get_cryptodev_digests(const int **cnids)
28 */
29 static int cryptodev_usable_ciphers(const int **nids)
30 {
31- return (get_cryptodev_ciphers(nids));
32+ int i, count;
33+
34+ count = get_cryptodev_ciphers(nids);
35+ /* add ciphers specific to cryptodev if found in kernel */
36+ for (i = 0; i < count; i++) {
37+ switch (*(*nids + i)) {
38+ case NID_aes_128_cbc_hmac_sha1:
39+ EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
40+ break;
41+ case NID_aes_256_cbc_hmac_sha1:
42+ EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
43+ break;
44+ }
45+ }
46+ return count;
47 }
48
49 static int cryptodev_usable_digests(const int **nids)
50@@ -1687,8 +1703,6 @@ void ENGINE_load_cryptodev(void)
51 }
52 put_dev_crypto(fd);
53
54- EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1);
55- EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
56 if (!ENGINE_set_id(engine, "cryptodev") ||
57 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
58 !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
59--
602.7.3
61
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
deleted file mode 100644
index 5b6fda10..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch
+++ /dev/null
@@ -1,319 +0,0 @@
1From 63ed25dadde23d01eaac6f4c4dae463ba4d7c368 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 05:56:54 +0545
4Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++
11 1 file changed, 297 insertions(+)
12 create mode 100644 crypto/engine/eng_cryptodev_ec.h
13
14diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
15new file mode 100644
16index 0000000..af54c51
17--- /dev/null
18+++ b/crypto/engine/eng_cryptodev_ec.h
19@@ -0,0 +1,297 @@
20+/*
21+ * Copyright (C) 2012 Freescale Semiconductor, Inc.
22+ *
23+ * Redistribution and use in source and binary forms, with or without
24+ * modification, are permitted provided that the following conditions
25+ * are met:
26+ * 1. Redistributions of source code must retain the above copyright
27+ * notice, this list of conditions and the following disclaimer.
28+ * 2. Redistributions in binary form must reproduce the above copyright
29+ * notice, this list of conditions and the following disclaimer in the
30+ * documentation and/or other materials provided with the distribution.
31+ *
32+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
33+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
34+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
35+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
36+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
37+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
38+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
39+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
40+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
41+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42+ *
43+ */
44+#ifndef __ENG_EC_H
45+#define __ENG_EC_H
46+
47+#define SPCF_CPARAM_INIT(X,...) \
48+static unsigned char X##_c[] = {__VA_ARGS__} \
49+
50+#define SPCF_FREE_BN(X) do { if(X) { BN_clear_free(X); X = NULL; } } while (0)
51+
52+#define SPCF_COPY_CPARAMS(NIDBUF) \
53+ do { \
54+ memcpy (buf, NIDBUF, buf_len); \
55+ } while (0)
56+
57+#define SPCF_CPARAM_CASE(X) \
58+ case NID_##X: \
59+ SPCF_COPY_CPARAMS(X##_c); \
60+ break
61+
62+SPCF_CPARAM_INIT(sect113r1, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28, 0xEC, 0x76,
63+ 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
64+SPCF_CPARAM_INIT(sect113r2, 0x00, 0x54, 0xD9, 0xF0, 0x39, 0x57, 0x17, 0x4A,
65+ 0x32, 0x32, 0x91, 0x67, 0xD7, 0xFE, 0x71);
66+SPCF_CPARAM_INIT(sect131r1, 0x03, 0xDB, 0x89, 0xB4, 0x05, 0xE4, 0x91, 0x16,
67+ 0x0E, 0x3B, 0x2F, 0x07, 0xB0, 0xCE, 0x20, 0xB3, 0x7E);
68+SPCF_CPARAM_INIT(sect131r2, 0x07, 0xCB, 0xB9, 0x92, 0x0D, 0x71, 0xA4, 0x8E,
69+ 0x09, 0x9C, 0x38, 0xD7, 0x1D, 0xA6, 0x49, 0x0E, 0xB1);
70+SPCF_CPARAM_INIT(sect163k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72+ 0x00, 0x00, 0x01);
73+SPCF_CPARAM_INIT(sect163r1, 0x05, 0xED, 0x40, 0x3E, 0xD5, 0x8E, 0xB4, 0x5B,
74+ 0x1C, 0xCE, 0xCA, 0x0F, 0x4F, 0x61, 0x65, 0x55, 0x49, 0x86,
75+ 0x1B, 0xE0, 0x52);
76+SPCF_CPARAM_INIT(sect163r2, 0x07, 0x2C, 0x4E, 0x1E, 0xF7, 0xCB, 0x2F, 0x3A,
77+ 0x03, 0x5D, 0x33, 0x10, 0x42, 0x94, 0x15, 0x96, 0x09, 0x13,
78+ 0x8B, 0xB4, 0x04);
79+SPCF_CPARAM_INIT(sect193r1, 0x01, 0x67, 0xB3, 0x5E, 0xB4, 0x31, 0x3F, 0x26,
80+ 0x3D, 0x0F, 0x7A, 0x3D, 0x50, 0x36, 0xF0, 0xA0, 0xA3, 0xC9,
81+ 0x80, 0xD4, 0x0E, 0x5A, 0x05, 0x3E, 0xD2);
82+SPCF_CPARAM_INIT(sect193r2, 0x00, 0x69, 0x89, 0xFE, 0x6B, 0xFE, 0x30, 0xED,
83+ 0xDC, 0x32, 0x44, 0x26, 0x9F, 0x3A, 0xAD, 0x18, 0xD6, 0x6C,
84+ 0xF3, 0xDB, 0x3E, 0x33, 0x02, 0xFA, 0xA8);
85+SPCF_CPARAM_INIT(sect233k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88+ 0x00, 0x01);
89+SPCF_CPARAM_INIT(sect233r1, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89, 0xDF, 0xF1,
90+ 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3, 0xCE, 0x35,
91+ 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D, 0xC0, 0xF2,
92+ 0x68, 0x6C);
93+SPCF_CPARAM_INIT(sect239k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96+ 0x00, 0x01);
97+SPCF_CPARAM_INIT(sect283k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
100+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
101+SPCF_CPARAM_INIT(sect283r1, 0x03, 0xD8, 0xC9, 0x3D, 0x3B, 0x0E, 0xA8, 0x1D,
102+ 0x92, 0x94, 0x03, 0x4D, 0x7E, 0xE3, 0x13, 0x5D, 0x0A, 0xC5,
103+ 0xFC, 0x8D, 0x9C, 0xB0, 0x27, 0x6F, 0x72, 0x11, 0xF8, 0x80,
104+ 0xF0, 0xD8, 0x1C, 0xA4, 0xC6, 0xE8, 0x7B, 0x38);
105+SPCF_CPARAM_INIT(sect409k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
109+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
110+ 0x00, 0x00, 0x00, 0x01);
111+SPCF_CPARAM_INIT(sect409r1, 0x01, 0x49, 0xB8, 0xB7, 0xBE, 0xBD, 0x9B, 0x63,
112+ 0x65, 0x3E, 0xF1, 0xCD, 0x8C, 0x6A, 0x5D, 0xD1, 0x05, 0xA2,
113+ 0xAA, 0xAC, 0x36, 0xFE, 0x2E, 0xAE, 0x43, 0xCF, 0x28, 0xCE,
114+ 0x1C, 0xB7, 0xC8, 0x30, 0xC1, 0xEC, 0xDB, 0xFA, 0x41, 0x3A,
115+ 0xB0, 0x7F, 0xE3, 0x5A, 0x57, 0x81, 0x1A, 0xE4, 0xF8, 0x8D,
116+ 0x30, 0xAC, 0x63, 0xFB);
117+SPCF_CPARAM_INIT(sect571k1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
119+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
120+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
122+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
123+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
124+ 0x00, 0x00, 0x00, 0x01);
125+SPCF_CPARAM_INIT(sect571r1, 0x06, 0x39, 0x5D, 0xB2, 0x2A, 0xB5, 0x94, 0xB1,
126+ 0x86, 0x8C, 0xED, 0x95, 0x25, 0x78, 0xB6, 0x53, 0x9F, 0xAB,
127+ 0xA6, 0x94, 0x06, 0xD9, 0xB2, 0x98, 0x61, 0x23, 0xA1, 0x85,
128+ 0xC8, 0x58, 0x32, 0xE2, 0x5F, 0xD5, 0xB6, 0x38, 0x33, 0xD5,
129+ 0x14, 0x42, 0xAB, 0xF1, 0xA9, 0xC0, 0x5F, 0xF0, 0xEC, 0xBD,
130+ 0x88, 0xD7, 0xF7, 0x79, 0x97, 0xF4, 0xDC, 0x91, 0x56, 0xAA,
131+ 0xF1, 0xCE, 0x08, 0x16, 0x46, 0x86, 0xDD, 0xFF, 0x75, 0x11,
132+ 0x6F, 0xBC, 0x9A, 0x7A);
133+SPCF_CPARAM_INIT(X9_62_c2pnb163v1, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29, 0x1F,
134+ 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70, 0x81,
135+ 0xE7, 0xEA, 0x26, 0xEC);
136+SPCF_CPARAM_INIT(X9_62_c2pnb163v2, 0x04, 0x35, 0xC0, 0x19, 0x66, 0x0E, 0x01,
137+ 0x01, 0xBA, 0x87, 0x0C, 0xA3, 0x9F, 0xD9, 0xA7, 0x76, 0x86,
138+ 0x50, 0x9D, 0x28, 0x13);
139+SPCF_CPARAM_INIT(X9_62_c2pnb163v3, 0x06, 0x55, 0xC4, 0x54, 0xE4, 0x1E, 0x38,
140+ 0x0C, 0x7A, 0x60, 0xB6, 0x67, 0x9A, 0x5B, 0x7A, 0x3F, 0x3A,
141+ 0xF6, 0x8E, 0x22, 0xC5);
142+SPCF_CPARAM_INIT(X9_62_c2pnb176v1, 0x00, 0x69, 0xF7, 0xDA, 0x36, 0x19, 0xA7,
143+ 0x42, 0xA3, 0x82, 0xFF, 0x05, 0x08, 0x8F, 0xD3, 0x99, 0x42,
144+ 0xCA, 0x0F, 0x1D, 0x90, 0xB6, 0x5B);
145+SPCF_CPARAM_INIT(X9_62_c2tnb191v1, 0x4C, 0x45, 0x25, 0xAB, 0x0B, 0x68, 0x4A,
146+ 0x64, 0x44, 0x62, 0x0A, 0x86, 0x45, 0xEF, 0x54, 0x6D, 0x54,
147+ 0x69, 0x39, 0x68, 0xC2, 0xAE, 0x84, 0xAC);
148+SPCF_CPARAM_INIT(X9_62_c2tnb191v2, 0x03, 0x7C, 0x8F, 0x57, 0xA2, 0x25, 0xC7,
149+ 0xB3, 0xD4, 0xED, 0xD5, 0x88, 0x0F, 0x38, 0x0A, 0xCC, 0x55,
150+ 0x74, 0xEC, 0xB3, 0x6C, 0x9F, 0x51, 0x21);
151+SPCF_CPARAM_INIT(X9_62_c2tnb191v3, 0x37, 0x39, 0xFF, 0x98, 0xB4, 0xD1, 0x69,
152+ 0x3E, 0xCF, 0x52, 0x7A, 0x98, 0x51, 0xED, 0xCF, 0x99, 0x9D,
153+ 0x9E, 0x75, 0x05, 0x43, 0x33, 0x43, 0x24);
154+SPCF_CPARAM_INIT(X9_62_c2pnb208w1, 0x00, 0xDB, 0x05, 0x3C, 0x41, 0x76, 0xCC,
155+ 0x1D, 0xA1, 0x27, 0x85, 0x2C, 0xA6, 0xD9, 0x88, 0xBE, 0x1A,
156+ 0xCC, 0xD1, 0x5B, 0x2A, 0xC1, 0xC1, 0x07, 0x42, 0x57, 0x34);
157+SPCF_CPARAM_INIT(X9_62_c2tnb239v1, 0x24, 0x59, 0xFC, 0xF4, 0x51, 0x7B, 0xC5,
158+ 0xA6, 0xB9, 0x9B, 0xE5, 0xC6, 0xC5, 0x62, 0x85, 0xC0, 0x21,
159+ 0xFE, 0x32, 0xEE, 0x2B, 0x6F, 0x1C, 0x22, 0xEA, 0x5B, 0xE1,
160+ 0xB8, 0x4B, 0x93);
161+SPCF_CPARAM_INIT(X9_62_c2tnb239v2, 0x64, 0x98, 0x84, 0x19, 0x3B, 0x56, 0x2D,
162+ 0x4A, 0x50, 0xB4, 0xFA, 0x56, 0x34, 0xE0, 0x34, 0x41, 0x3F,
163+ 0x94, 0xC4, 0x59, 0xDA, 0x7C, 0xDB, 0x16, 0x64, 0x9D, 0xDD,
164+ 0xF7, 0xE6, 0x0A);
165+SPCF_CPARAM_INIT(X9_62_c2tnb239v3, 0x32, 0x63, 0x2E, 0x65, 0x2B, 0xEE, 0x91,
166+ 0xC2, 0xE4, 0xA2, 0xF5, 0x42, 0xA3, 0x2D, 0x67, 0xA8, 0xB5,
167+ 0xB4, 0x5F, 0x21, 0xA0, 0x81, 0x02, 0xFB, 0x1F, 0x2A, 0xFB,
168+ 0xB6, 0xAC, 0xDA);
169+SPCF_CPARAM_INIT(X9_62_c2pnb272w1, 0x00, 0xDA, 0x7B, 0x60, 0x28, 0xF4, 0xC8,
170+ 0x09, 0xA0, 0xB9, 0x78, 0x81, 0xC3, 0xA5, 0x7E, 0x4D, 0x71,
171+ 0x81, 0x34, 0xD1, 0x3F, 0xEC, 0xE0, 0x90, 0x85, 0x8A, 0xC3,
172+ 0x1A, 0xE2, 0xDC, 0x2E, 0xDF, 0x8E, 0x3C, 0x8B);
173+SPCF_CPARAM_INIT(X9_62_c2pnb304w1, 0x00, 0x3C, 0x67, 0xB4, 0x07, 0xC6, 0xF3,
174+ 0x3F, 0x81, 0x0B, 0x17, 0xDC, 0x16, 0xE2, 0x14, 0x8A, 0x2C,
175+ 0x9C, 0xE2, 0x9D, 0x56, 0x05, 0x23, 0x69, 0x6A, 0x55, 0x93,
176+ 0x8A, 0x15, 0x40, 0x81, 0xE3, 0xE3, 0xAE, 0xFB, 0xCE, 0x45,
177+ 0x70, 0xC9);
178+SPCF_CPARAM_INIT(X9_62_c2tnb359v1, 0x22, 0x39, 0xAA, 0x58, 0x4A, 0xC5, 0x9A,
179+ 0xF9, 0x61, 0xD0, 0xFA, 0x2D, 0x52, 0x85, 0xB6, 0xFD, 0xF7,
180+ 0x34, 0x9B, 0xC6, 0x0E, 0x91, 0xE3, 0x20, 0xF4, 0x71, 0x64,
181+ 0xCE, 0x11, 0xF5, 0x18, 0xEF, 0xB4, 0xC0, 0x8B, 0x9B, 0xDA,
182+ 0x99, 0x9A, 0x8A, 0x37, 0xF8, 0x2A, 0x22, 0x61);
183+SPCF_CPARAM_INIT(X9_62_c2pnb368w1, 0x00, 0xC0, 0x6C, 0xCF, 0x42, 0x89, 0x3A,
184+ 0x8A, 0xAA, 0x00, 0x1E, 0x0B, 0xC0, 0xD2, 0xA2, 0x27, 0x66,
185+ 0xEF, 0x3E, 0x41, 0x88, 0x7C, 0xC6, 0x77, 0x6F, 0x4A, 0x04,
186+ 0x1E, 0xE4, 0x45, 0x14, 0xB2, 0x0A, 0xFC, 0x4E, 0x5C, 0x30,
187+ 0x40, 0x60, 0x06, 0x5B, 0xC8, 0xD6, 0xCF, 0x04, 0xD3, 0x25);
188+SPCF_CPARAM_INIT(X9_62_c2tnb431r1, 0x64, 0xF5, 0xBB, 0xE9, 0xBB, 0x31, 0x66,
189+ 0xA3, 0xA0, 0x2F, 0x2F, 0x22, 0xBF, 0x05, 0xD9, 0xF7, 0xDA,
190+ 0x43, 0xEE, 0x70, 0xC1, 0x79, 0x03, 0x15, 0x2B, 0x70, 0xA0,
191+ 0xB4, 0x25, 0x9B, 0xD2, 0xFC, 0xB2, 0x20, 0x3B, 0x7F, 0xB8,
192+ 0xD3, 0x39, 0x4E, 0x20, 0xEB, 0x0E, 0xA9, 0x84, 0xDD, 0xB1,
193+ 0xE1, 0xF1, 0x4C, 0x67, 0xB1, 0x36, 0x2B);
194+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
195+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
196+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
198+ 0x00, 0x00, 0x00, 0x00, 0x01);
199+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls4, 0x01, 0x73, 0xE8, 0x34, 0xAF, 0x28,
200+ 0xEC, 0x76, 0xCB, 0x83, 0xBD, 0x8D, 0xFE, 0xB2, 0xD5);
201+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls5, 0x04, 0x53, 0xE1, 0xE4, 0xB7, 0x29,
202+ 0x1F, 0x5C, 0x2D, 0x53, 0xCE, 0x18, 0x48, 0x3F, 0x00, 0x70,
203+ 0x81, 0xE7, 0xEA, 0x26, 0xEC);
204+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
205+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
206+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
207+ 0x00, 0x00, 0x00, 0x01);
208+SPCF_CPARAM_INIT(wap_wsg_idm_ecid_wtls11, 0x00, 0x07, 0xD5, 0xEF, 0x43, 0x89,
209+ 0xDF, 0xF1, 0x1E, 0xCD, 0xBA, 0x39, 0xC3, 0x09, 0x70, 0xD3,
210+ 0xCE, 0x35, 0xCE, 0xBB, 0xA5, 0x84, 0x73, 0xF6, 0x4B, 0x4D,
211+ 0xC0, 0xF2, 0x68, 0x6C);
212+/* Oakley curve #3 over 155 bit binary filed */
213+SPCF_CPARAM_INIT(ipsec3, 0x00, 0x31, 0x10, 0x00, 0x00, 0x02, 0x23, 0xA0, 0x00,
214+ 0xC4, 0x47, 0x40, 0x00, 0x08, 0x8E, 0x80, 0x00, 0x11, 0x1D,
215+ 0x1D);
216+/* Oakley curve #4 over 185 bit binary filed */
217+SPCF_CPARAM_INIT(ipsec4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
218+ 0x01, 0x80, 0x00, 0xC0, 0x0C, 0x00, 0x00, 0x00, 0x63, 0x80,
219+ 0x30, 0x00, 0x1C, 0x00, 0x09);
220+
221+static inline int
222+eng_ec_get_cparam(int nid, unsigned char *buf, unsigned int buf_len)
223+{
224+ int ret = 0;
225+ switch (nid) {
226+ SPCF_CPARAM_CASE(sect113r1);
227+ SPCF_CPARAM_CASE(sect113r2);
228+ SPCF_CPARAM_CASE(sect131r1);
229+ SPCF_CPARAM_CASE(sect131r2);
230+ SPCF_CPARAM_CASE(sect163k1);
231+ SPCF_CPARAM_CASE(sect163r1);
232+ SPCF_CPARAM_CASE(sect163r2);
233+ SPCF_CPARAM_CASE(sect193r1);
234+ SPCF_CPARAM_CASE(sect193r2);
235+ SPCF_CPARAM_CASE(sect233k1);
236+ SPCF_CPARAM_CASE(sect233r1);
237+ SPCF_CPARAM_CASE(sect239k1);
238+ SPCF_CPARAM_CASE(sect283k1);
239+ SPCF_CPARAM_CASE(sect283r1);
240+ SPCF_CPARAM_CASE(sect409k1);
241+ SPCF_CPARAM_CASE(sect409r1);
242+ SPCF_CPARAM_CASE(sect571k1);
243+ SPCF_CPARAM_CASE(sect571r1);
244+ SPCF_CPARAM_CASE(X9_62_c2pnb163v1);
245+ SPCF_CPARAM_CASE(X9_62_c2pnb163v2);
246+ SPCF_CPARAM_CASE(X9_62_c2pnb163v3);
247+ SPCF_CPARAM_CASE(X9_62_c2pnb176v1);
248+ SPCF_CPARAM_CASE(X9_62_c2tnb191v1);
249+ SPCF_CPARAM_CASE(X9_62_c2tnb191v2);
250+ SPCF_CPARAM_CASE(X9_62_c2tnb191v3);
251+ SPCF_CPARAM_CASE(X9_62_c2pnb208w1);
252+ SPCF_CPARAM_CASE(X9_62_c2tnb239v1);
253+ SPCF_CPARAM_CASE(X9_62_c2tnb239v2);
254+ SPCF_CPARAM_CASE(X9_62_c2tnb239v3);
255+ SPCF_CPARAM_CASE(X9_62_c2pnb272w1);
256+ SPCF_CPARAM_CASE(X9_62_c2pnb304w1);
257+ SPCF_CPARAM_CASE(X9_62_c2tnb359v1);
258+ SPCF_CPARAM_CASE(X9_62_c2pnb368w1);
259+ SPCF_CPARAM_CASE(X9_62_c2tnb431r1);
260+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls1);
261+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls3);
262+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls4);
263+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls5);
264+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls10);
265+ SPCF_CPARAM_CASE(wap_wsg_idm_ecid_wtls11);
266+ /* Oakley curve #3 over 155 bit binary filed */
267+ SPCF_CPARAM_CASE(ipsec3);
268+ /* Oakley curve #4 over 185 bit binary filed */
269+ SPCF_CPARAM_CASE(ipsec4);
270+ default:
271+ ret = -EINVAL;
272+ break;
273+ }
274+ return ret;
275+}
276+
277+/* Copies the curve points to a flat buffer with appropriate padding */
278+static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
279+ int xy_len, int crv_len)
280+{
281+ unsigned char *xy = NULL;
282+ int len1 = 0, len2 = 0;
283+
284+ len1 = BN_num_bytes(x);
285+ len2 = BN_num_bytes(y);
286+
287+ if (!(xy = malloc(xy_len))) {
288+ return NULL;
289+ }
290+
291+ memset(xy, 0, xy_len);
292+
293+ if (len1 < crv_len) {
294+ if (!BN_is_zero(x))
295+ BN_bn2bin(x, xy + (crv_len - len1));
296+ } else {
297+ BN_bn2bin(x, xy);
298+ }
299+
300+ if (len2 < crv_len) {
301+ if (!BN_is_zero(y))
302+ BN_bn2bin(y, xy+crv_len+(crv_len-len2));
303+ } else {
304+ BN_bn2bin(y, xy+crv_len);
305+ }
306+
307+ return xy;
308+}
309+
310+enum curve_t {
311+ DISCRETE_LOG,
312+ ECC_PRIME,
313+ ECC_BINARY,
314+ MAX_ECC_TYPE
315+};
316+#endif
317--
3182.7.3
319
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
deleted file mode 100644
index 156b7434..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch
+++ /dev/null
@@ -1,1578 +0,0 @@
1From aff25bbf6b5b833931a5281d30a6f26fda9f0a52 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 06:29:52 +0545
4Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++-----
11 1 file changed, 1202 insertions(+), 163 deletions(-)
12
13diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
14index 49ed638..cc9b63b 100644
15--- a/crypto/engine/eng_cryptodev.c
16+++ b/crypto/engine/eng_cryptodev.c
17@@ -59,6 +59,10 @@ void ENGINE_load_cryptodev(void)
18 # include <openssl/dsa.h>
19 # include <openssl/err.h>
20 # include <openssl/rsa.h>
21+# include <crypto/ecdsa/ecs_locl.h>
22+# include <crypto/ecdh/ech_locl.h>
23+# include <crypto/ec/ec_lcl.h>
24+# include <crypto/ec/ec.h>
25 # include <sys/ioctl.h>
26 # include <errno.h>
27 # include <stdio.h>
28@@ -68,6 +72,7 @@ void ENGINE_load_cryptodev(void)
29 # include <syslog.h>
30 # include <errno.h>
31 # include <string.h>
32+# include "eng_cryptodev_ec.h"
33
34 struct dev_crypto_state {
35 struct session_op d_sess;
36@@ -116,20 +121,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
37 BN_CTX *ctx);
38 static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
39 BN_CTX *ctx);
40-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
41- const BIGNUM *p, const BIGNUM *m,
42- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
43-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
44- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
45- BIGNUM *p, BN_CTX *ctx,
46- BN_MONT_CTX *mont);
47 static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
48 DSA *dsa);
49 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
50 DSA_SIG *sig, DSA *dsa);
51-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
52- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
53- BN_MONT_CTX *m_ctx);
54 static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
55 DH *dh);
56 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
57@@ -138,6 +133,105 @@ void ENGINE_load_cryptodev(void);
58 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
59 const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
60
61+inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
62+{
63+ int len;
64+ unsigned char *p;
65+
66+ len = BN_num_bytes(bn);
67+
68+ if (!len)
69+ return -1;
70+
71+ p = malloc(len);
72+ if (!p)
73+ return -1;
74+
75+ BN_bn2bin(bn, p);
76+
77+ *bin = p;
78+ *bin_len = len;
79+
80+ return 0;
81+}
82+
83+inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
84+{
85+ int len;
86+ unsigned char *p;
87+
88+ len = BN_num_bytes(bn);
89+
90+ if (!len)
91+ return -1;
92+
93+ if (len < *bin_len)
94+ p = malloc(*bin_len);
95+ else
96+ p = malloc(len);
97+
98+ if (!p)
99+ return -ENOMEM;
100+
101+ if (len < *bin_len) {
102+ /* place padding */
103+ memset(p, 0, (*bin_len - len));
104+ BN_bn2bin(bn, p + (*bin_len - len));
105+ } else {
106+ BN_bn2bin(bn, p);
107+ }
108+
109+ *bin = p;
110+ if (len >= *bin_len)
111+ *bin_len = len;
112+
113+ return 0;
114+}
115+
116+/**
117+ * Convert an ECC F2m 'b' parameter into the 'c' parameter.
118+ *Inputs:
119+ * q, the curve's modulus
120+ * b, the curve's b parameter
121+ * (a bignum for b, a buffer for c)
122+ * Output:
123+ * c, written into bin, right-adjusted to fill q_len bytes.
124+ */
125+static int
126+eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q,
127+ unsigned char **bin, int *bin_len)
128+{
129+ BIGNUM *c = BN_new();
130+ BIGNUM *exp = BN_new();
131+ BN_CTX *ctx = BN_CTX_new();
132+ int m = BN_num_bits(q) - 1;
133+ int ok = 0;
134+
135+ if (!c || !exp || !ctx || *bin)
136+ goto err;
137+
138+ /*
139+ * We have to compute c, where b = c^4, i.e., the fourth root of b.
140+ * The equation for c is c = b^(2^(m-2))
141+ * Compute exp = 2^(m-2)
142+ * (1 << x) == 2^x
143+ * and then compute c = b^exp
144+ */
145+ BN_lshift(exp, BN_value_one(), m - 2);
146+ BN_GF2m_mod_exp(c, b, exp, q, ctx);
147+ /* Store c */
148+ spcf_bn2bin_ex(c, bin, bin_len);
149+ ok = 1;
150+ err:
151+ if (ctx)
152+ BN_CTX_free(ctx);
153+ if (c)
154+ BN_free(c);
155+ if (exp)
156+ BN_free(exp);
157+ return ok;
158+}
159+
160 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
161 {0, NULL, NULL, 0}
162 };
163@@ -1230,7 +1324,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
164 */
165 static int bn2crparam(const BIGNUM *a, struct crparam *crp)
166 {
167- int i, j, k;
168 ssize_t bytes, bits;
169 u_char *b;
170
171@@ -1248,36 +1341,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
172 crp->crp_p = (caddr_t) b;
173 crp->crp_nbits = bits;
174
175- for (i = 0, j = 0; i < a->top; i++) {
176- for (k = 0; k < BN_BITS2 / 8; k++) {
177- if ((j + k) >= bytes)
178- return (0);
179- b[j + k] = a->d[i] >> (k * 8);
180- }
181- j += BN_BITS2 / 8;
182- }
183+ BN_bn2bin(a, crp->crp_p);
184 return (0);
185 }
186
187 /* Convert a /dev/crypto parameter to a BIGNUM */
188 static int crparam2bn(struct crparam *crp, BIGNUM *a)
189 {
190- u_int8_t *pd;
191- int i, bytes;
192+ int bytes;
193
194 bytes = (crp->crp_nbits + 7) / 8;
195
196 if (bytes == 0)
197 return (-1);
198
199- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
200- return (-1);
201-
202- for (i = 0; i < bytes; i++)
203- pd[i] = crp->crp_p[bytes - i - 1];
204-
205- BN_bin2bn(pd, bytes, a);
206- free(pd);
207+ BN_bin2bn(crp->crp_p, bytes, a);
208
209 return (0);
210 }
211@@ -1334,6 +1412,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
212 return ret;
213 }
214
215+/* Close an opened instance of cryptodev engine */
216+void cryptodev_close_instance(void *handle)
217+{
218+ int fd;
219+
220+ if (handle) {
221+ fd = *(int *)handle;
222+ close(fd);
223+ free(handle);
224+ }
225+}
226+
227+/* Create an instance of cryptodev for asynchronous interface */
228+void *cryptodev_init_instance(void)
229+{
230+ int *fd = malloc(sizeof(int));
231+
232+ if (fd) {
233+ if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
234+ free(fd);
235+ return NULL;
236+ }
237+ }
238+ return fd;
239+}
240+
241 static int
242 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
243 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
244@@ -1350,8 +1454,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
245 return (ret);
246 }
247
248- memset(&kop, 0, sizeof kop);
249 kop.crk_op = CRK_MOD_EXP;
250+ kop.crk_oparams = 0;
251+ kop.crk_status = 0;
252
253 /* inputs: a^p % m */
254 if (bn2crparam(a, &kop.crk_param[0]))
255@@ -1394,28 +1499,39 @@ static int
256 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
257 {
258 struct crypt_kop kop;
259- int ret = 1;
260+ int ret = 1, f_len, p_len, q_len;
261+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
262+ NULL, *c = NULL;
263
264 if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
265 /* XXX 0 means failure?? */
266 return (0);
267 }
268
269- memset(&kop, 0, sizeof kop);
270+ kop.crk_oparams = 0;
271+ kop.crk_status = 0;
272 kop.crk_op = CRK_MOD_EXP_CRT;
273+ f_len = BN_num_bytes(rsa->n);
274+ spcf_bn2bin_ex(I, &f, &f_len);
275+ spcf_bn2bin(rsa->p, &p, &p_len);
276+ spcf_bn2bin(rsa->q, &q, &q_len);
277+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
278+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
279+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
280 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
281- if (bn2crparam(rsa->p, &kop.crk_param[0]))
282- goto err;
283- if (bn2crparam(rsa->q, &kop.crk_param[1]))
284- goto err;
285- if (bn2crparam(I, &kop.crk_param[2]))
286- goto err;
287- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
288- goto err;
289- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
290- goto err;
291- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
292- goto err;
293+ kop.crk_param[0].crp_p = p;
294+ kop.crk_param[0].crp_nbits = p_len * 8;
295+ kop.crk_param[1].crp_p = q;
296+ kop.crk_param[1].crp_nbits = q_len * 8;
297+ kop.crk_param[2].crp_p = f;
298+ kop.crk_param[2].crp_nbits = f_len * 8;
299+ kop.crk_param[3].crp_p = dp;
300+ kop.crk_param[3].crp_nbits = p_len * 8;
301+ /* dq must of length q, rest all of length p */
302+ kop.crk_param[4].crp_p = dq;
303+ kop.crk_param[4].crp_nbits = q_len * 8;
304+ kop.crk_param[5].crp_p = c;
305+ kop.crk_param[5].crp_nbits = p_len * 8;
306 kop.crk_iparams = 6;
307
308 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
309@@ -1451,93 +1567,120 @@ static RSA_METHOD cryptodev_rsa = {
310 NULL /* rsa_verify */
311 };
312
313-static int
314-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
315- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
316-{
317- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
318-}
319-
320-static int
321-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
322- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
323- BN_CTX *ctx, BN_MONT_CTX *mont)
324+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
325+ DSA *dsa)
326 {
327- BIGNUM t2;
328- int ret = 0;
329-
330- BN_init(&t2);
331-
332- /* v = ( g^u1 * y^u2 mod p ) mod q */
333- /* let t1 = g ^ u1 mod p */
334- ret = 0;
335+ struct crypt_kop kop;
336+ BIGNUM *c = NULL, *d = NULL;
337+ DSA_SIG *dsaret = NULL;
338+ int q_len = 0, r_len = 0, g_len = 0;
339+ int priv_key_len = 0, ret;
340+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
341+ NULL;
342
343- if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
344+ memset(&kop, 0, sizeof kop);
345+ if ((c = BN_new()) == NULL) {
346+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
347 goto err;
348+ }
349
350- /* let t2 = y ^ u2 mod p */
351- if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
352+ if ((d = BN_new()) == NULL) {
353+ BN_free(c);
354+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
355 goto err;
356- /* let u1 = t1 * t2 mod p */
357- if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
358+ }
359+
360+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
361+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
362 goto err;
363+ }
364
365- BN_copy(t1, u1);
366+ /* Get order of the field of private keys into plain buffer */
367+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
368+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
369+ goto err;
370+ }
371
372- ret = 1;
373- err:
374- BN_free(&t2);
375- return (ret);
376-}
377+ /* sanity test */
378+ if (dlen > r_len) {
379+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
380+ goto err;
381+ }
382
383-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
384- DSA *dsa)
385-{
386- struct crypt_kop kop;
387- BIGNUM *r = NULL, *s = NULL;
388- DSA_SIG *dsaret = NULL;
389+ g_len = q_len;
390+ /**
391+ * Get generator into a plain buffer. If length is less than
392+ * q_len then add leading padding bytes.
393+ */
394+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
395+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
396+ goto err;
397+ }
398
399- if ((r = BN_new()) == NULL)
400+ priv_key_len = r_len;
401+ /**
402+ * Get private key into a plain buffer. If length is less than
403+ * r_len then add leading padding bytes.
404+ */
405+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
406+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
407 goto err;
408- if ((s = BN_new()) == NULL) {
409- BN_free(r);
410+ }
411+
412+ /* Allocate memory to store hash. */
413+ f = OPENSSL_malloc(r_len);
414+ if (!f) {
415+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
416 goto err;
417 }
418
419- memset(&kop, 0, sizeof kop);
420+ /* Add padding, since SEC expects hash to of size r_len */
421+ if (dlen < r_len)
422+ memset(f, 0, r_len - dlen);
423+
424+ /* Skip leading bytes if dgst_len < r_len */
425+ memcpy(f + r_len - dlen, dgst, dlen);
426+
427 kop.crk_op = CRK_DSA_SIGN;
428
429 /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
430- kop.crk_param[0].crp_p = (caddr_t) dgst;
431- kop.crk_param[0].crp_nbits = dlen * 8;
432- if (bn2crparam(dsa->p, &kop.crk_param[1]))
433- goto err;
434- if (bn2crparam(dsa->q, &kop.crk_param[2]))
435- goto err;
436- if (bn2crparam(dsa->g, &kop.crk_param[3]))
437+ kop.crk_param[0].crp_p = (void *)f;
438+ kop.crk_param[0].crp_nbits = r_len * 8;
439+ kop.crk_param[1].crp_p = (void *)q;
440+ kop.crk_param[1].crp_nbits = q_len * 8;
441+ kop.crk_param[2].crp_p = (void *)r;
442+ kop.crk_param[2].crp_nbits = r_len * 8;
443+ kop.crk_param[3].crp_p = (void *)g;
444+ kop.crk_param[3].crp_nbits = g_len * 8;
445+ kop.crk_param[4].crp_p = (void *)priv_key;
446+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
447+ kop.crk_iparams = 5;
448+
449+ ret = cryptodev_asym(&kop, r_len, c, r_len, d);
450+
451+ if (ret) {
452+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR);
453 goto err;
454- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
455+ }
456+
457+ dsaret = DSA_SIG_new();
458+ if (dsaret == NULL)
459 goto err;
460- kop.crk_iparams = 5;
461+ dsaret->r = c;
462+ dsaret->s = d;
463
464- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
465- BN_num_bytes(dsa->q), s) == 0) {
466- dsaret = DSA_SIG_new();
467- if (dsaret == NULL)
468- goto err;
469- dsaret->r = r;
470- dsaret->s = s;
471- r = s = NULL;
472- } else {
473+ zapparams(&kop);
474+ return (dsaret);
475+ err:
476+ {
477 const DSA_METHOD *meth = DSA_OpenSSL();
478+ if (c)
479+ BN_free(c);
480+ if (d)
481+ BN_free(d);
482 dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
483+ return (dsaret);
484 }
485- err:
486- BN_free(r);
487- BN_free(s);
488- kop.crk_param[0].crp_p = NULL;
489- zapparams(&kop);
490- return (dsaret);
491 }
492
493 static int
494@@ -1545,43 +1688,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
495 DSA_SIG *sig, DSA *dsa)
496 {
497 struct crypt_kop kop;
498- int dsaret = 1;
499+ int dsaret = 1, q_len = 0, r_len = 0, g_len = 0;
500+ int w_len = 0, c_len = 0, d_len = 0, ret = -1;
501+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
502+ unsigned char *c = NULL, *d = NULL, *f = NULL;
503
504 memset(&kop, 0, sizeof kop);
505 kop.crk_op = CRK_DSA_VERIFY;
506
507- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
508- kop.crk_param[0].crp_p = (caddr_t) dgst;
509- kop.crk_param[0].crp_nbits = dlen * 8;
510- if (bn2crparam(dsa->p, &kop.crk_param[1]))
511+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
512+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
513+ return ret;
514+ }
515+
516+ /* Get Order of field of private keys */
517+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
518+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
519 goto err;
520- if (bn2crparam(dsa->q, &kop.crk_param[2]))
521+ }
522+
523+ g_len = q_len;
524+ /**
525+ * Get generator into a plain buffer. If length is less than
526+ * q_len then add leading padding bytes.
527+ */
528+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
529+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
530+ goto err;
531+ }
532+ w_len = q_len;
533+ /**
534+ * Get public key into a plain buffer. If length is less than
535+ * q_len then add leading padding bytes.
536+ */
537+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
538+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
539 goto err;
540- if (bn2crparam(dsa->g, &kop.crk_param[3]))
541+ }
542+ /**
543+ * Get the 1st part of signature into a flat buffer with
544+ * appropriate padding
545+ */
546+ c_len = r_len;
547+
548+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
549+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
550 goto err;
551- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
552+ }
553+
554+ /**
555+ * Get the 2nd part of signature into a flat buffer with
556+ * appropriate padding
557+ */
558+ d_len = r_len;
559+
560+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
561+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
562 goto err;
563- if (bn2crparam(sig->r, &kop.crk_param[5]))
564+ }
565+
566+ /* Sanity test */
567+ if (dlen > r_len) {
568+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
569 goto err;
570- if (bn2crparam(sig->s, &kop.crk_param[6]))
571+ }
572+
573+ /* Allocate memory to store hash. */
574+ f = OPENSSL_malloc(r_len);
575+ if (!f) {
576+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
577 goto err;
578+ }
579+
580+ /* Add padding, since SEC expects hash to of size r_len */
581+ if (dlen < r_len)
582+ memset(f, 0, r_len - dlen);
583+
584+ /* Skip leading bytes if dgst_len < r_len */
585+ memcpy(f + r_len - dlen, dgst, dlen);
586+
587+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
588+ kop.crk_param[0].crp_p = (void *)f;
589+ kop.crk_param[0].crp_nbits = r_len * 8;
590+ kop.crk_param[1].crp_p = q;
591+ kop.crk_param[1].crp_nbits = q_len * 8;
592+ kop.crk_param[2].crp_p = r;
593+ kop.crk_param[2].crp_nbits = r_len * 8;
594+ kop.crk_param[3].crp_p = g;
595+ kop.crk_param[3].crp_nbits = g_len * 8;
596+ kop.crk_param[4].crp_p = w;
597+ kop.crk_param[4].crp_nbits = w_len * 8;
598+ kop.crk_param[5].crp_p = c;
599+ kop.crk_param[5].crp_nbits = c_len * 8;
600+ kop.crk_param[6].crp_p = d;
601+ kop.crk_param[6].crp_nbits = d_len * 8;
602 kop.crk_iparams = 7;
603
604- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
605- /*
606- * OCF success value is 0, if not zero, change dsaret to fail
607- */
608- if (0 != kop.crk_status)
609- dsaret = 0;
610- } else {
611- const DSA_METHOD *meth = DSA_OpenSSL();
612+ if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) {
613+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
614+ goto err;
615+ }
616
617- dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
618+ /*
619+ * OCF success value is 0, if not zero, change dsaret to fail
620+ */
621+ if (0 != kop.crk_status) {
622+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR);
623+ goto err;
624 }
625- err:
626- kop.crk_param[0].crp_p = NULL;
627+
628 zapparams(&kop);
629 return (dsaret);
630+ err:
631+ {
632+ const DSA_METHOD *meth = DSA_OpenSSL();
633+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
634+ return dsaret;
635+ }
636+}
637+
638+/* Cryptodev DSA Key Gen routine */
639+static int cryptodev_dsa_keygen(DSA *dsa)
640+{
641+ struct crypt_kop kop;
642+ int ret = 1, g_len;
643+ unsigned char *g = NULL;
644+
645+ if (dsa->priv_key == NULL) {
646+ if ((dsa->priv_key = BN_new()) == NULL)
647+ goto sw_try;
648+ }
649+
650+ if (dsa->pub_key == NULL) {
651+ if ((dsa->pub_key = BN_new()) == NULL)
652+ goto sw_try;
653+ }
654+
655+ g_len = BN_num_bytes(dsa->p);
656+ /**
657+ * Get generator into a plain buffer. If length is less than
658+ * p_len then add leading padding bytes.
659+ */
660+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
661+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
662+ goto sw_try;
663+ }
664+
665+ memset(&kop, 0, sizeof kop);
666+
667+ kop.crk_op = CRK_DSA_GENERATE_KEY;
668+ if (bn2crparam(dsa->p, &kop.crk_param[0]))
669+ goto sw_try;
670+ if (bn2crparam(dsa->q, &kop.crk_param[1]))
671+ goto sw_try;
672+ kop.crk_param[2].crp_p = g;
673+ kop.crk_param[2].crp_nbits = g_len * 8;
674+ kop.crk_iparams = 3;
675+
676+ /* pub_key is or prime length while priv key is of length of order */
677+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key,
678+ BN_num_bytes(dsa->q), dsa->priv_key))
679+ goto sw_try;
680+
681+ return ret;
682+ sw_try:
683+ {
684+ const DSA_METHOD *meth = DSA_OpenSSL();
685+ ret = (meth->dsa_keygen) (dsa);
686+ }
687+ return ret;
688 }
689
690 static DSA_METHOD cryptodev_dsa = {
691@@ -1597,12 +1872,558 @@ static DSA_METHOD cryptodev_dsa = {
692 NULL /* app_data */
693 };
694
695-static int
696-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
697- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
698- BN_MONT_CTX *m_ctx)
699+static ECDSA_METHOD cryptodev_ecdsa = {
700+ "cryptodev ECDSA method",
701+ NULL,
702+ NULL, /* ecdsa_sign_setup */
703+ NULL,
704+ NULL,
705+ 0, /* flags */
706+ NULL /* app_data */
707+};
708+
709+typedef enum ec_curve_s {
710+ EC_PRIME,
711+ EC_BINARY
712+} ec_curve_t;
713+
714+/* ENGINE handler for ECDSA Sign */
715+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
716+ int dgst_len, const BIGNUM *in_kinv,
717+ const BIGNUM *in_r, EC_KEY *eckey)
718 {
719- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
720+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
721+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
722+ BN_CTX *ctx = NULL;
723+ ECDSA_SIG *ret = NULL;
724+ ECDSA_DATA *ecdsa = NULL;
725+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
726+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
727+ NULL;
728+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
729+ int g_len = 0, d_len = 0, ab_len = 0;
730+ const BIGNUM *order = NULL, *priv_key = NULL;
731+ const EC_GROUP *group = NULL;
732+ struct crypt_kop kop;
733+ ec_curve_t ec_crv = EC_PRIME;
734+
735+ memset(&kop, 0, sizeof(kop));
736+ ecdsa = ecdsa_check(eckey);
737+ if (!ecdsa) {
738+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
739+ return NULL;
740+ }
741+
742+ group = EC_KEY_get0_group(eckey);
743+ priv_key = EC_KEY_get0_private_key(eckey);
744+
745+ if (!group || !priv_key) {
746+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
747+ return NULL;
748+ }
749+
750+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
751+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
752+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
753+ (y = BN_new()) == NULL) {
754+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
755+ goto err;
756+ }
757+
758+ order = &group->order;
759+ if (!order || BN_is_zero(order)) {
760+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
761+ goto err;
762+ }
763+
764+ i = BN_num_bits(order);
765+ /*
766+ * Need to truncate digest if it is too long: first truncate whole bytes
767+ */
768+ if (8 * dgst_len > i)
769+ dgst_len = (i + 7) / 8;
770+
771+ if (!BN_bin2bn(dgst, dgst_len, m)) {
772+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
773+ goto err;
774+ }
775+
776+ /* If still too long truncate remaining bits with a shift */
777+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
778+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
779+ goto err;
780+ }
781+
782+ /* copy the truncated bits into plain buffer */
783+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
784+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
785+ __LINE__);
786+ goto err;
787+ }
788+
789+ ret = ECDSA_SIG_new();
790+ if (!ret) {
791+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
792+ goto err;
793+ }
794+
795+ /* check if this is prime or binary EC request */
796+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
797+ NID_X9_62_prime_field) {
798+ ec_crv = EC_PRIME;
799+ /* get the generator point pair */
800+ if (!EC_POINT_get_affine_coordinates_GFp
801+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
802+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
803+ goto err;
804+ }
805+
806+ /* get the ECC curve parameters */
807+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
808+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
809+ goto err;
810+ }
811+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
812+ NID_X9_62_characteristic_two_field) {
813+ ec_crv = EC_BINARY;
814+ /* get the ECC curve parameters */
815+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
816+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
817+ goto err;
818+ }
819+
820+ /* get the generator point pair */
821+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
822+ EC_GROUP_get0_generator
823+ (group), x, y, ctx)) {
824+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
825+ goto err;
826+ }
827+ } else {
828+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
829+ goto err;
830+ }
831+
832+ if (spcf_bn2bin(order, &r, &r_len)) {
833+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
834+ goto err;
835+ }
836+
837+ if (spcf_bn2bin(p, &q, &q_len)) {
838+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
839+ goto err;
840+ }
841+
842+ priv_key_len = r_len;
843+
844+ /**
845+ * If BN_num_bytes of priv_key returns less then r_len then
846+ * add padding bytes before the key
847+ */
848+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
849+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
850+ goto err;
851+ }
852+
853+ /* Generation of ECC curve parameters */
854+ ab_len = 2 * q_len;
855+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
856+ if (!ab) {
857+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
858+ goto err;
859+ }
860+
861+ if (ec_crv == EC_BINARY) {
862+ if (eng_ec_get_cparam
863+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
864+ unsigned char *c_temp = NULL;
865+ int c_temp_len = q_len;
866+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
867+ memcpy(ab + q_len, c_temp, q_len);
868+ else
869+ goto err;
870+ }
871+ kop.curve_type = ECC_BINARY;
872+ }
873+
874+ /* Calculation of Generator point */
875+ g_len = 2 * q_len;
876+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
877+ if (!g_xy) {
878+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
879+ goto err;
880+ }
881+
882+ /* Memory allocation for first part of digital signature */
883+ c = malloc(r_len);
884+ if (!c) {
885+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
886+ goto err;
887+ }
888+
889+ d_len = r_len;
890+
891+ /* Memory allocation for second part of digital signature */
892+ d = malloc(d_len);
893+ if (!d) {
894+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
895+ goto err;
896+ }
897+
898+ /* memory for message representative */
899+ f = malloc(r_len);
900+ if (!f) {
901+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
902+ goto err;
903+ }
904+
905+ /* Add padding, since SEC expects hash to of size r_len */
906+ memset(f, 0, r_len - dgst_len);
907+
908+ /* Skip leading bytes if dgst_len < r_len */
909+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
910+
911+ dgst_len += r_len - dgst_len;
912+ kop.crk_op = CRK_DSA_SIGN;
913+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
914+ kop.crk_param[0].crp_p = f;
915+ kop.crk_param[0].crp_nbits = dgst_len * 8;
916+ kop.crk_param[1].crp_p = q;
917+ kop.crk_param[1].crp_nbits = q_len * 8;
918+ kop.crk_param[2].crp_p = r;
919+ kop.crk_param[2].crp_nbits = r_len * 8;
920+ kop.crk_param[3].crp_p = g_xy;
921+ kop.crk_param[3].crp_nbits = g_len * 8;
922+ kop.crk_param[4].crp_p = s;
923+ kop.crk_param[4].crp_nbits = priv_key_len * 8;
924+ kop.crk_param[5].crp_p = ab;
925+ kop.crk_param[5].crp_nbits = ab_len * 8;
926+ kop.crk_iparams = 6;
927+ kop.crk_param[6].crp_p = c;
928+ kop.crk_param[6].crp_nbits = d_len * 8;
929+ kop.crk_param[7].crp_p = d;
930+ kop.crk_param[7].crp_nbits = d_len * 8;
931+ kop.crk_oparams = 2;
932+
933+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
934+ /* Check if ret->r and s needs to allocated */
935+ crparam2bn(&kop.crk_param[6], ret->r);
936+ crparam2bn(&kop.crk_param[7], ret->s);
937+ } else {
938+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
939+ ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
940+ }
941+ kop.crk_param[0].crp_p = NULL;
942+ zapparams(&kop);
943+ err:
944+ if (!ret) {
945+ ECDSA_SIG_free(ret);
946+ ret = NULL;
947+ }
948+ return ret;
949+}
950+
951+static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
952+ ECDSA_SIG *sig, EC_KEY *eckey)
953+{
954+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
955+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
956+ BN_CTX *ctx = NULL;
957+ ECDSA_DATA *ecdsa = NULL;
958+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
959+ NULL;
960+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
961+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
962+ int d_len = 0, ab_len = 0, ret = -1;
963+ const EC_POINT *pub_key = NULL;
964+ const BIGNUM *order = NULL;
965+ const EC_GROUP *group = NULL;
966+ ec_curve_t ec_crv = EC_PRIME;
967+ struct crypt_kop kop;
968+
969+ memset(&kop, 0, sizeof kop);
970+ ecdsa = ecdsa_check(eckey);
971+ if (!ecdsa) {
972+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
973+ return ret;
974+ }
975+
976+ group = EC_KEY_get0_group(eckey);
977+ pub_key = EC_KEY_get0_public_key(eckey);
978+
979+ if (!group || !pub_key) {
980+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
981+ return ret;
982+ }
983+
984+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
985+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
986+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
987+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
988+ (w_y = BN_new()) == NULL) {
989+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
990+ goto err;
991+ }
992+
993+ order = &group->order;
994+ if (!order || BN_is_zero(order)) {
995+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
996+ goto err;
997+ }
998+
999+ i = BN_num_bits(order);
1000+ /*
1001+ * Need to truncate digest if it is too long: first truncate whole *
1002+ * bytes
1003+ */
1004+ if (8 * dgst_len > i)
1005+ dgst_len = (i + 7) / 8;
1006+
1007+ if (!BN_bin2bn(dgst, dgst_len, m)) {
1008+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1009+ goto err;
1010+ }
1011+
1012+ /* If still too long truncate remaining bits with a shift */
1013+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
1014+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1015+ goto err;
1016+ }
1017+ /* copy the truncated bits into plain buffer */
1018+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
1019+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1020+ goto err;
1021+ }
1022+
1023+ /* check if this is prime or binary EC request */
1024+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1025+ NID_X9_62_prime_field) {
1026+ ec_crv = EC_PRIME;
1027+
1028+ /* get the generator point pair */
1029+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1030+ EC_GROUP_get0_generator
1031+ (group), x, y, ctx)) {
1032+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1033+ goto err;
1034+ }
1035+
1036+ /* get the public key pair for prime curve */
1037+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1038+ pub_key, w_x, w_y, ctx)) {
1039+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1040+ goto err;
1041+ }
1042+
1043+ /* get the ECC curve parameters */
1044+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1045+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1046+ goto err;
1047+ }
1048+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1049+ NID_X9_62_characteristic_two_field) {
1050+ ec_crv = EC_BINARY;
1051+ /* get the ECC curve parameters */
1052+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
1053+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1054+ goto err;
1055+ }
1056+
1057+ /* get the generator point pair */
1058+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1059+ EC_GROUP_get0_generator
1060+ (group), x, y, ctx)) {
1061+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1062+ goto err;
1063+ }
1064+
1065+ /* get the public key pair for binary curve */
1066+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1067+ pub_key, w_x, w_y, ctx)) {
1068+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1069+ goto err;
1070+ }
1071+ } else {
1072+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1073+ goto err;
1074+ }
1075+
1076+ /* Get the order of the subgroup of private keys */
1077+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
1078+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1079+ goto err;
1080+ }
1081+
1082+ /* Get the irreducible polynomial that creates the field */
1083+ if (spcf_bn2bin(p, &q, &q_len)) {
1084+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1085+ goto err;
1086+ }
1087+
1088+ /* Get the public key into a flat buffer with appropriate padding */
1089+ pub_key_len = 2 * q_len;
1090+
1091+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
1092+ if (!w_xy) {
1093+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1094+ goto err;
1095+ }
1096+
1097+ /* Generation of ECC curve parameters */
1098+ ab_len = 2 * q_len;
1099+
1100+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
1101+ if (!ab) {
1102+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1103+ goto err;
1104+ }
1105+
1106+ if (ec_crv == EC_BINARY) {
1107+ /* copy b' i.e c(b), instead of only b */
1108+ if (eng_ec_get_cparam
1109+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
1110+ unsigned char *c_temp = NULL;
1111+ int c_temp_len = q_len;
1112+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1113+ memcpy(ab + q_len, c_temp, q_len);
1114+ else
1115+ goto err;
1116+ }
1117+ kop.curve_type = ECC_BINARY;
1118+ }
1119+
1120+ /* Calculation of Generator point */
1121+ g_len = 2 * q_len;
1122+
1123+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
1124+ if (!g_xy) {
1125+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1126+ goto err;
1127+ }
1128+
1129+ /**
1130+ * Get the 1st part of signature into a flat buffer with
1131+ * appropriate padding
1132+ */
1133+ if (BN_num_bytes(sig->r) < r_len)
1134+ c_len = r_len;
1135+
1136+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
1137+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1138+ goto err;
1139+ }
1140+
1141+ /**
1142+ * Get the 2nd part of signature into a flat buffer with
1143+ * appropriate padding
1144+ */
1145+ if (BN_num_bytes(sig->s) < r_len)
1146+ d_len = r_len;
1147+
1148+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
1149+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1150+ goto err;
1151+ }
1152+
1153+ /* memory for message representative */
1154+ f = malloc(r_len);
1155+ if (!f) {
1156+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1157+ goto err;
1158+ }
1159+
1160+ /* Add padding, since SEC expects hash to of size r_len */
1161+ memset(f, 0, r_len - dgst_len);
1162+
1163+ /* Skip leading bytes if dgst_len < r_len */
1164+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
1165+ dgst_len += r_len - dgst_len;
1166+ kop.crk_op = CRK_DSA_VERIFY;
1167+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1168+ kop.crk_param[0].crp_p = f;
1169+ kop.crk_param[0].crp_nbits = dgst_len * 8;
1170+ kop.crk_param[1].crp_p = q;
1171+ kop.crk_param[1].crp_nbits = q_len * 8;
1172+ kop.crk_param[2].crp_p = r;
1173+ kop.crk_param[2].crp_nbits = r_len * 8;
1174+ kop.crk_param[3].crp_p = g_xy;
1175+ kop.crk_param[3].crp_nbits = g_len * 8;
1176+ kop.crk_param[4].crp_p = w_xy;
1177+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
1178+ kop.crk_param[5].crp_p = ab;
1179+ kop.crk_param[5].crp_nbits = ab_len * 8;
1180+ kop.crk_param[6].crp_p = c;
1181+ kop.crk_param[6].crp_nbits = d_len * 8;
1182+ kop.crk_param[7].crp_p = d;
1183+ kop.crk_param[7].crp_nbits = d_len * 8;
1184+ kop.crk_iparams = 8;
1185+
1186+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1187+ /*
1188+ * OCF success value is 0, if not zero, change ret to fail
1189+ */
1190+ if (0 == kop.crk_status)
1191+ ret = 1;
1192+ } else {
1193+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1194+
1195+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
1196+ }
1197+ kop.crk_param[0].crp_p = NULL;
1198+ zapparams(&kop);
1199+
1200+ err:
1201+ return ret;
1202+}
1203+
1204+static int cryptodev_dh_keygen(DH *dh)
1205+{
1206+ struct crypt_kop kop;
1207+ int ret = 1, g_len;
1208+ unsigned char *g = NULL;
1209+
1210+ if (dh->priv_key == NULL) {
1211+ if ((dh->priv_key = BN_new()) == NULL)
1212+ goto sw_try;
1213+ }
1214+
1215+ if (dh->pub_key == NULL) {
1216+ if ((dh->pub_key = BN_new()) == NULL)
1217+ goto sw_try;
1218+ }
1219+
1220+ g_len = BN_num_bytes(dh->p);
1221+ /**
1222+ * Get generator into a plain buffer. If length is less than
1223+ * q_len then add leading padding bytes.
1224+ */
1225+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
1226+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
1227+ goto sw_try;
1228+ }
1229+
1230+ memset(&kop, 0, sizeof kop);
1231+ kop.crk_op = CRK_DH_GENERATE_KEY;
1232+ if (bn2crparam(dh->p, &kop.crk_param[0]))
1233+ goto sw_try;
1234+ if (bn2crparam(dh->q, &kop.crk_param[1]))
1235+ goto sw_try;
1236+ kop.crk_param[2].crp_p = g;
1237+ kop.crk_param[2].crp_nbits = g_len * 8;
1238+ kop.crk_iparams = 3;
1239+
1240+ /* pub_key is or prime length while priv key is of length of order */
1241+ if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
1242+ BN_num_bytes(dh->q), dh->priv_key))
1243+ goto sw_try;
1244+
1245+ return ret;
1246+ sw_try:
1247+ {
1248+ const DH_METHOD *meth = DH_OpenSSL();
1249+ ret = (meth->generate_key) (dh);
1250+ }
1251+ return ret;
1252 }
1253
1254 static int
1255@@ -1610,41 +2431,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1256 {
1257 struct crypt_kop kop;
1258 int dhret = 1;
1259- int fd, keylen;
1260+ int fd, p_len;
1261+ BIGNUM *temp = NULL;
1262+ unsigned char *padded_pub_key = NULL, *p = NULL;
1263+
1264+ if ((fd = get_asym_dev_crypto()) < 0)
1265+ goto sw_try;
1266+
1267+ memset(&kop, 0, sizeof kop);
1268+ kop.crk_op = CRK_DH_COMPUTE_KEY;
1269+ /* inputs: dh->priv_key pub_key dh->p key */
1270+ spcf_bn2bin(dh->p, &p, &p_len);
1271+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
1272+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1273+ goto sw_try;
1274+
1275+ kop.crk_param[1].crp_p = padded_pub_key;
1276+ kop.crk_param[1].crp_nbits = p_len * 8;
1277+ kop.crk_param[2].crp_p = p;
1278+ kop.crk_param[2].crp_nbits = p_len * 8;
1279+ kop.crk_iparams = 3;
1280+ kop.crk_param[3].crp_p = (void *)key;
1281+ kop.crk_param[3].crp_nbits = p_len * 8;
1282+ kop.crk_oparams = 1;
1283+ dhret = p_len;
1284+
1285+ if (ioctl(fd, CIOCKEY, &kop))
1286+ goto sw_try;
1287+
1288+ if ((temp = BN_new())) {
1289+ if (!BN_bin2bn(key, p_len, temp)) {
1290+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
1291+ goto sw_try;
1292+ }
1293+ if (dhret > BN_num_bytes(temp))
1294+ dhret = BN_bn2bin(temp, key);
1295+ BN_free(temp);
1296+ }
1297
1298- if ((fd = get_asym_dev_crypto()) < 0) {
1299+ kop.crk_param[3].crp_p = NULL;
1300+ zapparams(&kop);
1301+ return (dhret);
1302+ sw_try:
1303+ {
1304 const DH_METHOD *meth = DH_OpenSSL();
1305
1306- return ((meth->compute_key) (key, pub_key, dh));
1307+ dhret = (meth->compute_key) (key, pub_key, dh);
1308 }
1309+ return (dhret);
1310+}
1311
1312- keylen = BN_num_bits(dh->p);
1313+int cryptodev_ecdh_compute_key(void *out, size_t outlen,
1314+ const EC_POINT *pub_key, EC_KEY *ecdh,
1315+ void *(*KDF) (const void *in, size_t inlen,
1316+ void *out, size_t *outlen))
1317+{
1318+ ec_curve_t ec_crv = EC_PRIME;
1319+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
1320+ BIGNUM *w_x = NULL, *w_y = NULL;
1321+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
1322+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
1323+ BN_CTX *ctx;
1324+ EC_POINT *tmp = NULL;
1325+ BIGNUM *x = NULL, *y = NULL;
1326+ const BIGNUM *priv_key;
1327+ const EC_GROUP *group = NULL;
1328+ int ret = -1;
1329+ size_t buflen, len;
1330+ struct crypt_kop kop;
1331
1332 memset(&kop, 0, sizeof kop);
1333- kop.crk_op = CRK_DH_COMPUTE_KEY;
1334
1335- /* inputs: dh->priv_key pub_key dh->p key */
1336- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
1337+ if ((ctx = BN_CTX_new()) == NULL)
1338 goto err;
1339- if (bn2crparam(pub_key, &kop.crk_param[1]))
1340+ BN_CTX_start(ctx);
1341+ x = BN_CTX_get(ctx);
1342+ y = BN_CTX_get(ctx);
1343+ p = BN_CTX_get(ctx);
1344+ a = BN_CTX_get(ctx);
1345+ b = BN_CTX_get(ctx);
1346+ w_x = BN_CTX_get(ctx);
1347+ w_y = BN_CTX_get(ctx);
1348+
1349+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
1350+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
1351 goto err;
1352- if (bn2crparam(dh->p, &kop.crk_param[2]))
1353+ }
1354+
1355+ priv_key = EC_KEY_get0_private_key(ecdh);
1356+ if (priv_key == NULL) {
1357+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
1358 goto err;
1359- kop.crk_iparams = 3;
1360+ }
1361
1362- kop.crk_param[3].crp_p = (caddr_t) key;
1363- kop.crk_param[3].crp_nbits = keylen * 8;
1364- kop.crk_oparams = 1;
1365+ group = EC_KEY_get0_group(ecdh);
1366+ if ((tmp = EC_POINT_new(group)) == NULL) {
1367+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
1368+ goto err;
1369+ }
1370
1371- if (ioctl(fd, CIOCKEY, &kop) == -1) {
1372- const DH_METHOD *meth = DH_OpenSSL();
1373+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1374+ NID_X9_62_prime_field) {
1375+ ec_crv = EC_PRIME;
1376
1377- dhret = (meth->compute_key) (key, pub_key, dh);
1378+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1379+ EC_GROUP_get0_generator
1380+ (group), x, y, ctx)) {
1381+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
1382+ goto err;
1383+ }
1384+
1385+ /* get the ECC curve parameters */
1386+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1387+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1388+ goto err;
1389+ }
1390+
1391+ /* get the public key pair for prime curve */
1392+ if (!EC_POINT_get_affine_coordinates_GFp
1393+ (group, pub_key, w_x, w_y, ctx)) {
1394+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1395+ goto err;
1396+ }
1397+ } else {
1398+ ec_crv = EC_BINARY;
1399+
1400+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1401+ EC_GROUP_get0_generator
1402+ (group), x, y, ctx)) {
1403+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
1404+ goto err;
1405+ }
1406+
1407+ /* get the ECC curve parameters */
1408+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
1409+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1410+ goto err;
1411+ }
1412+
1413+ /* get the public key pair for binary curve */
1414+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1415+ pub_key, w_x, w_y, ctx)) {
1416+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1417+ goto err;
1418+ }
1419 }
1420+
1421+ /* irreducible polynomial that creates the field */
1422+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
1423+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1424+ goto err;
1425+ }
1426+
1427+ /* Get the irreducible polynomial that creates the field */
1428+ if (spcf_bn2bin(p, &q, &q_len)) {
1429+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1430+ goto err;
1431+ }
1432+
1433+ /* Get the public key into a flat buffer with appropriate padding */
1434+ pub_key_len = 2 * q_len;
1435+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
1436+ if (!w_xy) {
1437+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1438+ goto err;
1439+ }
1440+
1441+ /* Generation of ECC curve parameters */
1442+ ab_len = 2 * q_len;
1443+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
1444+ if (!ab) {
1445+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1446+ goto err;
1447+ }
1448+
1449+ if (ec_crv == EC_BINARY) {
1450+ /* copy b' i.e c(b), instead of only b */
1451+ if (eng_ec_get_cparam
1452+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
1453+ unsigned char *c_temp = NULL;
1454+ int c_temp_len = q_len;
1455+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1456+ memcpy(ab + q_len, c_temp, q_len);
1457+ else
1458+ goto err;
1459+ }
1460+ kop.curve_type = ECC_BINARY;
1461+ } else
1462+ kop.curve_type = ECC_PRIME;
1463+
1464+ priv_key_len = r_len;
1465+
1466+ /*
1467+ * If BN_num_bytes of priv_key returns less then r_len then
1468+ * add padding bytes before the key
1469+ */
1470+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
1471+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1472+ goto err;
1473+ }
1474+
1475+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
1476+ len = BN_num_bytes(x);
1477+ if (len > buflen || q_len < buflen) {
1478+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
1479+ goto err;
1480+ }
1481+
1482+ kop.crk_op = CRK_DH_COMPUTE_KEY;
1483+ kop.crk_param[0].crp_p = (void *)s;
1484+ kop.crk_param[0].crp_nbits = priv_key_len * 8;
1485+ kop.crk_param[1].crp_p = (void *)w_xy;
1486+ kop.crk_param[1].crp_nbits = pub_key_len * 8;
1487+ kop.crk_param[2].crp_p = (void *)q;
1488+ kop.crk_param[2].crp_nbits = q_len * 8;
1489+ kop.crk_param[3].crp_p = (void *)ab;
1490+ kop.crk_param[3].crp_nbits = ab_len * 8;
1491+ kop.crk_iparams = 4;
1492+ kop.crk_param[4].crp_p = (void *)out;
1493+ kop.crk_param[4].crp_nbits = q_len * 8;
1494+ kop.crk_oparams = 1;
1495+ ret = q_len;
1496+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) {
1497+ const ECDH_METHOD *meth = ECDH_OpenSSL();
1498+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
1499+ } else
1500+ ret = q_len;
1501 err:
1502- kop.crk_param[3].crp_p = NULL;
1503+ kop.crk_param[4].crp_p = NULL;
1504 zapparams(&kop);
1505- return (dhret);
1506+ return ret;
1507 }
1508
1509 static DH_METHOD cryptodev_dh = {
1510@@ -1658,6 +2674,14 @@ static DH_METHOD cryptodev_dh = {
1511 NULL /* app_data */
1512 };
1513
1514+static ECDH_METHOD cryptodev_ecdh = {
1515+ "cryptodev ECDH method",
1516+ NULL, /* cryptodev_ecdh_compute_key */
1517+ NULL,
1518+ 0, /* flags */
1519+ NULL /* app_data */
1520+};
1521+
1522 /*
1523 * ctrl right now is just a wrapper that doesn't do much
1524 * but I expect we'll want some options soon.
1525@@ -1737,24 +2761,39 @@ void ENGINE_load_cryptodev(void)
1526 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1527 if (cryptodev_asymfeat & CRF_DSA_SIGN)
1528 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1529- if (cryptodev_asymfeat & CRF_MOD_EXP) {
1530- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
1531- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
1532- }
1533 if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1534 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1535+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
1536+ cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
1537 }
1538
1539 if (ENGINE_set_DH(engine, &cryptodev_dh)) {
1540 const DH_METHOD *dh_meth = DH_OpenSSL();
1541+ memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
1542+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1543+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
1544+ }
1545+ if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
1546+ cryptodev_dh.generate_key = cryptodev_dh_keygen;
1547+ }
1548+ }
1549
1550- cryptodev_dh.generate_key = dh_meth->generate_key;
1551- cryptodev_dh.compute_key = dh_meth->compute_key;
1552- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
1553- if (cryptodev_asymfeat & CRF_MOD_EXP) {
1554- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
1555- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
1556- cryptodev_dh.compute_key = cryptodev_dh_compute_key;
1557+ if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) {
1558+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1559+ memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
1560+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
1561+ cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
1562+ }
1563+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
1564+ cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
1565+ }
1566+ }
1567+
1568+ if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) {
1569+ const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL();
1570+ memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
1571+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1572+ cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
1573 }
1574 }
1575
1576--
15772.7.3
1578
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
deleted file mode 100644
index 049f963a..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch
+++ /dev/null
@@ -1,28 +0,0 @@
1From e9981377fe8e2081fcd5b4e43a5ef4d8f1cc1e67 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 06:42:59 +0545
4Subject: [PATCH 06/48] Added hwrng dev file as source of RNG
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 e_os.h | 2 +-
11 1 file changed, 1 insertion(+), 1 deletion(-)
12
13diff --git a/e_os.h b/e_os.h
14index 1fa36c1..6c0917b 100644
15--- a/e_os.h
16+++ b/e_os.h
17@@ -82,7 +82,7 @@ extern "C" {
18 * set this to a comma-separated list of 'random' device files to try out. My
19 * default, we will try to read at least one of these files
20 */
21-# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
22+# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom"
23 # endif
24 # ifndef DEVRANDOM_EGD
25 /*
26--
272.7.3
28
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
deleted file mode 100644
index 154ae802..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch
+++ /dev/null
@@ -1,2050 +0,0 @@
1From ea28474ed5e1e21a6efba7570bf0d27d02923bce Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 11 Mar 2014 07:14:30 +0545
4Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev
5 interface
6
7Upstream-status: Pending
8
9Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da
10Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
11---
12 crypto/crypto.h | 16 +
13 crypto/dh/dh.h | 3 +
14 crypto/dsa/dsa.h | 5 +
15 crypto/ecdh/ech_locl.h | 3 +
16 crypto/ecdsa/ecs_locl.h | 5 +
17 crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++----
18 crypto/engine/eng_int.h | 23 +
19 crypto/engine/eng_lib.c | 46 ++
20 crypto/engine/engine.h | 24 +
21 crypto/rsa/rsa.h | 23 +
22 10 files changed, 1605 insertions(+), 141 deletions(-)
23
24diff --git a/crypto/crypto.h b/crypto/crypto.h
25index 6c644ce..2b4ec59 100644
26--- a/crypto/crypto.h
27+++ b/crypto/crypto.h
28@@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void);
29 # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
30 # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
31
32+/* Additions for Asynchronous PKC Infrastructure */
33+struct pkc_cookie_s {
34+ void *cookie; /* To be filled by openssl library primitive method function caller */
35+ void *eng_cookie; /* To be filled by Engine */
36+ /*
37+ * Callback handler to be provided by caller. Ensure to pass a
38+ * handler which takes the crypto operation to completion.
39+ * cookie: Container cookie from library
40+ * status: Status of the crypto Job completion.
41+ * 0: Job handled without any issue
42+ * -EINVAL: Parameters Invalid
43+ */
44+ void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
45+ void *eng_handle;
46+};
47+
48 #ifdef __cplusplus
49 }
50 #endif
51diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
52index a5bd901..31dd762 100644
53--- a/crypto/dh/dh.h
54+++ b/crypto/dh/dh.h
55@@ -123,6 +123,9 @@ struct dh_method {
56 int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
57 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
58 BN_MONT_CTX *m_ctx);
59+ int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
60+ struct pkc_cookie_s *cookie);
61+ int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
62 int (*init) (DH *dh);
63 int (*finish) (DH *dh);
64 int flags;
65diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
66index 545358f..8584731 100644
67--- a/crypto/dsa/dsa.h
68+++ b/crypto/dsa/dsa.h
69@@ -139,6 +139,10 @@ struct dsa_method {
70 /* Can be null */
71 int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
72 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
73+ int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
74+ DSA_SIG *sig, struct pkc_cookie_s *cookie);
75+ int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
76+ DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
77 int (*init) (DSA *dsa);
78 int (*finish) (DSA *dsa);
79 int flags;
80@@ -150,6 +154,7 @@ struct dsa_method {
81 BN_GENCB *cb);
82 /* If this is non-NULL, it is used to generate DSA keys */
83 int (*dsa_keygen) (DSA *dsa);
84+ int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
85 };
86
87 struct dsa_st {
88diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
89index 4e66024..502507b 100644
90--- a/crypto/ecdh/ech_locl.h
91+++ b/crypto/ecdh/ech_locl.h
92@@ -68,6 +68,9 @@ struct ecdh_method {
93 EC_KEY *ecdh, void *(*KDF) (const void *in,
94 size_t inlen, void *out,
95 size_t *outlen));
96+ int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
97+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen),
98+ struct pkc_cookie_s *cookie);
99 # if 0
100 int (*init) (EC_KEY *eckey);
101 int (*finish) (EC_KEY *eckey);
102diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
103index d3a5efc..9b28c04 100644
104--- a/crypto/ecdsa/ecs_locl.h
105+++ b/crypto/ecdsa/ecs_locl.h
106@@ -74,6 +74,11 @@ struct ecdsa_method {
107 BIGNUM **r);
108 int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
109 const ECDSA_SIG *sig, EC_KEY *eckey);
110+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
111+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
112+ ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
113+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
114+ const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
115 # if 0
116 int (*init) (EC_KEY *eckey);
117 int (*finish) (EC_KEY *eckey);
118diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
119index cc9b63b..90fe9b8 100644
120--- a/crypto/engine/eng_cryptodev.c
121+++ b/crypto/engine/eng_cryptodev.c
122@@ -1371,6 +1371,60 @@ static void zapparams(struct crypt_kop *kop)
123 }
124 }
125
126+/*
127+ * Any PKC request has at max 2 output parameters and they are stored here to
128+ * be used while copying in the check availability
129+ */
130+struct cryptodev_cookie_s {
131+ BIGNUM *r;
132+ struct crparam r_param;
133+ BIGNUM *s;
134+ struct crparam s_param;
135+ struct crypt_kop *kop;
136+};
137+
138+static int
139+cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
140+ BIGNUM *s)
141+{
142+ int fd;
143+ struct pkc_cookie_s *cookie = kop->cookie;
144+ struct cryptodev_cookie_s *eng_cookie;
145+
146+ fd = *(int *)cookie->eng_handle;
147+
148+ eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
149+
150+ if (eng_cookie) {
151+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
152+ if (r) {
153+ kop->crk_param[kop->crk_iparams].crp_p =
154+ calloc(rlen, sizeof(char));
155+ if (!kop->crk_param[kop->crk_iparams].crp_p)
156+ return -ENOMEM;
157+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
158+ kop->crk_oparams++;
159+ eng_cookie->r = r;
160+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
161+ }
162+ if (s) {
163+ kop->crk_param[kop->crk_iparams + 1].crp_p =
164+ calloc(slen, sizeof(char));
165+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
166+ return -ENOMEM;
167+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
168+ kop->crk_oparams++;
169+ eng_cookie->s = s;
170+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
171+ }
172+ } else
173+ return -ENOMEM;
174+
175+ eng_cookie->kop = kop;
176+ cookie->eng_cookie = eng_cookie;
177+ return ioctl(fd, CIOCASYMASYNCRYPT, kop);
178+}
179+
180 static int
181 cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
182 BIGNUM *s)
183@@ -1438,6 +1492,44 @@ void *cryptodev_init_instance(void)
184 return fd;
185 }
186
187+# include <poll.h>
188+
189+/* Return 0 on success and 1 on failure */
190+int cryptodev_check_availability(void *eng_handle)
191+{
192+ int fd = *(int *)eng_handle;
193+ struct pkc_cookie_list_s cookie_list;
194+ struct pkc_cookie_s *cookie;
195+ int i;
196+
197+ /* FETCH COOKIE returns number of cookies extracted */
198+ if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0)
199+ return 1;
200+
201+ for (i = 0; i < cookie_list.cookie_available; i++) {
202+ cookie = cookie_list.cookie[i];
203+ if (cookie) {
204+ struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie;
205+ if (eng_cookie) {
206+ struct crypt_kop *kop = eng_cookie->kop;
207+
208+ if (eng_cookie->r)
209+ crparam2bn(&eng_cookie->r_param, eng_cookie->r);
210+ if (eng_cookie->s)
211+ crparam2bn(&eng_cookie->s_param, eng_cookie->s);
212+ if (kop->crk_op == CRK_DH_COMPUTE_KEY)
213+ kop->crk_oparams = 0;
214+
215+ zapparams(eng_cookie->kop);
216+ free(eng_cookie->kop);
217+ free(eng_cookie);
218+ }
219+ cookie->pkc_callback(cookie, cookie_list.status[i]);
220+ }
221+ }
222+ return 0;
223+}
224+
225 static int
226 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
227 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
228@@ -1485,6 +1577,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
229 }
230
231 static int
232+cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
233+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont,
234+ struct pkc_cookie_s *cookie)
235+{
236+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
237+ int ret = 1;
238+
239+ /*
240+ * Currently, we know we can do mod exp iff we can do any asymmetric
241+ * operations at all.
242+ */
243+ if (cryptodev_asymfeat == 0 || !kop) {
244+ ret = BN_mod_exp(r, a, p, m, ctx);
245+ return (ret);
246+ }
247+
248+ kop->crk_oparams = 0;
249+ kop->crk_status = 0;
250+ kop->crk_op = CRK_MOD_EXP;
251+ kop->cookie = cookie;
252+ /* inputs: a^p % m */
253+ if (bn2crparam(a, &kop->crk_param[0]))
254+ goto err;
255+ if (bn2crparam(p, &kop->crk_param[1]))
256+ goto err;
257+ if (bn2crparam(m, &kop->crk_param[2]))
258+ goto err;
259+
260+ kop->crk_iparams = 3;
261+ if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL))
262+ goto err;
263+
264+ return ret;
265+ err:
266+ {
267+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
268+
269+ if (kop)
270+ free(kop);
271+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
272+ if (ret)
273+ /* Call the completion handler immediately */
274+ cookie->pkc_callback(cookie, 0);
275+ }
276+ return ret;
277+}
278+
279+static int
280+cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I,
281+ RSA *rsa, BN_CTX *ctx,
282+ struct pkc_cookie_s *cookie)
283+{
284+ int r;
285+ ctx = BN_CTX_new();
286+ r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie);
287+ BN_CTX_free(ctx);
288+ return r;
289+}
290+
291+static int
292 cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
293 BN_CTX *ctx)
294 {
295@@ -1551,6 +1703,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
296 return (ret);
297 }
298
299+static int
300+cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
301+ BN_CTX *ctx, struct pkc_cookie_s *cookie)
302+{
303+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
304+ int ret = 1, f_len, p_len, q_len;
305+ unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
306+ NULL, *c = NULL;
307+
308+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
309+ return (0);
310+ }
311+
312+ kop->crk_oparams = 0;
313+ kop->crk_status = 0;
314+ kop->crk_op = CRK_MOD_EXP_CRT;
315+ f_len = BN_num_bytes(rsa->n);
316+ spcf_bn2bin_ex(I, &f, &f_len);
317+ spcf_bn2bin(rsa->p, &p, &p_len);
318+ spcf_bn2bin(rsa->q, &q, &q_len);
319+ spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
320+ spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
321+ spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
322+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
323+ kop->crk_param[0].crp_p = p;
324+ kop->crk_param[0].crp_nbits = p_len * 8;
325+ kop->crk_param[1].crp_p = q;
326+ kop->crk_param[1].crp_nbits = q_len * 8;
327+ kop->crk_param[2].crp_p = f;
328+ kop->crk_param[2].crp_nbits = f_len * 8;
329+ kop->crk_param[3].crp_p = dp;
330+ kop->crk_param[3].crp_nbits = p_len * 8;
331+ /* dq must of length q, rest all of length p */
332+ kop->crk_param[4].crp_p = dq;
333+ kop->crk_param[4].crp_nbits = q_len * 8;
334+ kop->crk_param[5].crp_p = c;
335+ kop->crk_param[5].crp_nbits = p_len * 8;
336+ kop->crk_iparams = 6;
337+ kop->cookie = cookie;
338+ if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL))
339+ goto err;
340+
341+ return ret;
342+ err:
343+ {
344+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
345+
346+ if (kop)
347+ free(kop);
348+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
349+ if (ret)
350+ /* Call user completion handler immediately */
351+ cookie->pkc_callback(cookie, 0);
352+ }
353+ return (ret);
354+}
355+
356 static RSA_METHOD cryptodev_rsa = {
357 "cryptodev RSA method",
358 NULL, /* rsa_pub_enc */
359@@ -1559,6 +1768,12 @@ static RSA_METHOD cryptodev_rsa = {
360 NULL, /* rsa_priv_dec */
361 NULL,
362 NULL,
363+ NULL, /* rsa_pub_enc */
364+ NULL, /* rsa_pub_dec */
365+ NULL, /* rsa_priv_enc */
366+ NULL, /* rsa_priv_dec */
367+ NULL,
368+ NULL,
369 NULL, /* init */
370 NULL, /* finish */
371 0, /* flags */
372@@ -1859,128 +2074,428 @@ static int cryptodev_dsa_keygen(DSA *dsa)
373 return ret;
374 }
375
376-static DSA_METHOD cryptodev_dsa = {
377- "cryptodev DSA method",
378- NULL,
379- NULL, /* dsa_sign_setup */
380- NULL,
381- NULL, /* dsa_mod_exp */
382- NULL,
383- NULL, /* init */
384- NULL, /* finish */
385- 0, /* flags */
386- NULL /* app_data */
387-};
388+/* Cryptodev DSA Key Gen routine */
389+static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
390+{
391+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
392+ int ret = 1, g_len;
393+ unsigned char *g = NULL;
394
395-static ECDSA_METHOD cryptodev_ecdsa = {
396- "cryptodev ECDSA method",
397- NULL,
398- NULL, /* ecdsa_sign_setup */
399- NULL,
400- NULL,
401- 0, /* flags */
402- NULL /* app_data */
403-};
404+ if (!kop)
405+ goto sw_try;
406
407-typedef enum ec_curve_s {
408- EC_PRIME,
409- EC_BINARY
410-} ec_curve_t;
411+ if (dsa->priv_key == NULL) {
412+ if ((dsa->priv_key = BN_new()) == NULL)
413+ goto sw_try;
414+ }
415
416-/* ENGINE handler for ECDSA Sign */
417-static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
418- int dgst_len, const BIGNUM *in_kinv,
419- const BIGNUM *in_r, EC_KEY *eckey)
420-{
421- BIGNUM *m = NULL, *p = NULL, *a = NULL;
422- BIGNUM *b = NULL, *x = NULL, *y = NULL;
423- BN_CTX *ctx = NULL;
424- ECDSA_SIG *ret = NULL;
425- ECDSA_DATA *ecdsa = NULL;
426- unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
427- unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
428- NULL;
429- int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
430- int g_len = 0, d_len = 0, ab_len = 0;
431- const BIGNUM *order = NULL, *priv_key = NULL;
432- const EC_GROUP *group = NULL;
433- struct crypt_kop kop;
434- ec_curve_t ec_crv = EC_PRIME;
435+ if (dsa->pub_key == NULL) {
436+ if ((dsa->pub_key = BN_new()) == NULL)
437+ goto sw_try;
438+ }
439
440- memset(&kop, 0, sizeof(kop));
441- ecdsa = ecdsa_check(eckey);
442- if (!ecdsa) {
443- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
444- return NULL;
445+ g_len = BN_num_bytes(dsa->p);
446+ /**
447+ * Get generator into a plain buffer. If length is less than
448+ * q_len then add leading padding bytes.
449+ */
450+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
451+ DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
452+ goto sw_try;
453 }
454
455- group = EC_KEY_get0_group(eckey);
456- priv_key = EC_KEY_get0_private_key(eckey);
457+ memset(kop, 0, sizeof(struct crypt_kop));
458+ kop->crk_op = CRK_DSA_GENERATE_KEY;
459+ if (bn2crparam(dsa->p, &kop->crk_param[0]))
460+ goto sw_try;
461+ if (bn2crparam(dsa->q, &kop->crk_param[1]))
462+ goto sw_try;
463+ kop->crk_param[2].crp_p = g;
464+ kop->crk_param[2].crp_nbits = g_len * 8;
465+ kop->crk_iparams = 3;
466+ kop->cookie = cookie;
467
468- if (!group || !priv_key) {
469- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
470- return NULL;
471+ /* pub_key is or prime length while priv key is of length of order */
472+ if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key,
473+ BN_num_bytes(dsa->q), dsa->priv_key))
474+ goto sw_try;
475+
476+ return ret;
477+ sw_try:
478+ {
479+ const DSA_METHOD *meth = DSA_OpenSSL();
480+
481+ if (kop)
482+ free(kop);
483+ ret = (meth->dsa_keygen) (dsa);
484+ cookie->pkc_callback(cookie, 0);
485 }
486+ return ret;
487+}
488
489- if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
490- (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
491- (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
492- (y = BN_new()) == NULL) {
493- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
494+static int
495+cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
496+ DSA_SIG *sig, struct pkc_cookie_s *cookie)
497+{
498+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
499+ DSA_SIG *dsaret = NULL;
500+ int q_len = 0, r_len = 0, g_len = 0;
501+ int priv_key_len = 0, ret = 1;
502+ unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f =
503+ NULL;
504+ if (((sig->r = BN_new()) == NULL) || !kop) {
505+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
506 goto err;
507 }
508
509- order = &group->order;
510- if (!order || BN_is_zero(order)) {
511- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
512+ if ((sig->s = BN_new()) == NULL) {
513+ BN_free(sig->r);
514+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
515 goto err;
516 }
517
518- i = BN_num_bits(order);
519- /*
520- * Need to truncate digest if it is too long: first truncate whole bytes
521- */
522- if (8 * dgst_len > i)
523- dgst_len = (i + 7) / 8;
524-
525- if (!BN_bin2bn(dgst, dgst_len, m)) {
526- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
527+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
528+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
529 goto err;
530 }
531
532- /* If still too long truncate remaining bits with a shift */
533- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
534- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
535+ /* Get order of the field of private keys into plain buffer */
536+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
537+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
538 goto err;
539 }
540
541- /* copy the truncated bits into plain buffer */
542- if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
543- fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
544- __LINE__);
545+ /* sanity test */
546+ if (dlen > r_len) {
547+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
548 goto err;
549 }
550
551- ret = ECDSA_SIG_new();
552- if (!ret) {
553- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
554+ g_len = q_len;
555+ /**
556+ * Get generator into a plain buffer. If length is less than
557+ * q_len then add leading padding bytes.
558+ */
559+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
560+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
561 goto err;
562 }
563
564- /* check if this is prime or binary EC request */
565- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
566- NID_X9_62_prime_field) {
567- ec_crv = EC_PRIME;
568- /* get the generator point pair */
569- if (!EC_POINT_get_affine_coordinates_GFp
570- (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
571- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
572- goto err;
573- }
574+ priv_key_len = r_len;
575+ /**
576+ * Get private key into a plain buffer. If length is less than
577+ * r_len then add leading padding bytes.
578+ */
579+ if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) {
580+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
581+ goto err;
582+ }
583
584- /* get the ECC curve parameters */
585- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
586- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
587+ /* Allocate memory to store hash. */
588+ f = OPENSSL_malloc(r_len);
589+ if (!f) {
590+ DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
591+ goto err;
592+ }
593+
594+ /* Add padding, since SEC expects hash to of size r_len */
595+ if (dlen < r_len)
596+ memset(f, 0, r_len - dlen);
597+
598+ /* Skip leading bytes if dgst_len < r_len */
599+ memcpy(f + r_len - dlen, dgst, dlen);
600+
601+ dlen = r_len;
602+
603+ memset(kop, 0, sizeof(struct crypt_kop));
604+ kop->crk_op = CRK_DSA_SIGN;
605+
606+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
607+ kop->crk_param[0].crp_p = (void *)f;
608+ kop->crk_param[0].crp_nbits = dlen * 8;
609+ kop->crk_param[1].crp_p = (void *)q;
610+ kop->crk_param[1].crp_nbits = q_len * 8;
611+ kop->crk_param[2].crp_p = (void *)r;
612+ kop->crk_param[2].crp_nbits = r_len * 8;
613+ kop->crk_param[3].crp_p = (void *)g;
614+ kop->crk_param[3].crp_nbits = g_len * 8;
615+ kop->crk_param[4].crp_p = (void *)priv_key;
616+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
617+ kop->crk_iparams = 5;
618+ kop->cookie = cookie;
619+
620+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
621+ goto err;
622+
623+ return ret;
624+ err:
625+ {
626+ const DSA_METHOD *meth = DSA_OpenSSL();
627+
628+ if (kop)
629+ free(kop);
630+ BN_free(sig->r);
631+ BN_free(sig->s);
632+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
633+ sig->r = dsaret->r;
634+ sig->s = dsaret->s;
635+ /* Call user callback immediately */
636+ cookie->pkc_callback(cookie, 0);
637+ ret = dsaret;
638+ }
639+ return ret;
640+}
641+
642+static int
643+cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen,
644+ DSA_SIG *sig, DSA *dsa,
645+ struct pkc_cookie_s *cookie)
646+{
647+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
648+ int q_len = 0, r_len = 0, g_len = 0;
649+ int w_len = 0, c_len = 0, d_len = 0, ret = 1;
650+ unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL;
651+ unsigned char *c = NULL, *d = NULL, *f = NULL;
652+
653+ if (!kop)
654+ goto err;
655+
656+ if (spcf_bn2bin(dsa->p, &q, &q_len)) {
657+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
658+ return ret;
659+ }
660+
661+ /* Get Order of field of private keys */
662+ if (spcf_bn2bin(dsa->q, &r, &r_len)) {
663+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
664+ goto err;
665+ }
666+
667+ g_len = q_len;
668+ /**
669+ * Get generator into a plain buffer. If length is less than
670+ * q_len then add leading padding bytes.
671+ */
672+ if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) {
673+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
674+ goto err;
675+ }
676+ w_len = q_len;
677+ /**
678+ * Get public key into a plain buffer. If length is less than
679+ * q_len then add leading padding bytes.
680+ */
681+ if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) {
682+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
683+ goto err;
684+ }
685+ /**
686+ * Get the 1st part of signature into a flat buffer with
687+ * appropriate padding
688+ */
689+ c_len = r_len;
690+
691+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
692+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
693+ goto err;
694+ }
695+
696+ /**
697+ * Get the 2nd part of signature into a flat buffer with
698+ * appropriate padding
699+ */
700+ d_len = r_len;
701+
702+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
703+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
704+ goto err;
705+ }
706+
707+ /* Sanity test */
708+ if (dlen > r_len) {
709+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
710+ goto err;
711+ }
712+
713+ /* Allocate memory to store hash. */
714+ f = OPENSSL_malloc(r_len);
715+ if (!f) {
716+ DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
717+ goto err;
718+ }
719+
720+ /* Add padding, since SEC expects hash to of size r_len */
721+ if (dlen < r_len)
722+ memset(f, 0, r_len - dlen);
723+
724+ /* Skip leading bytes if dgst_len < r_len */
725+ memcpy(f + r_len - dlen, dgst, dlen);
726+
727+ dlen = r_len;
728+ memset(kop, 0, sizeof(struct crypt_kop));
729+
730+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
731+ kop->crk_param[0].crp_p = (void *)f;
732+ kop->crk_param[0].crp_nbits = dlen * 8;
733+ kop->crk_param[1].crp_p = q;
734+ kop->crk_param[1].crp_nbits = q_len * 8;
735+ kop->crk_param[2].crp_p = r;
736+ kop->crk_param[2].crp_nbits = r_len * 8;
737+ kop->crk_param[3].crp_p = g;
738+ kop->crk_param[3].crp_nbits = g_len * 8;
739+ kop->crk_param[4].crp_p = w;
740+ kop->crk_param[4].crp_nbits = w_len * 8;
741+ kop->crk_param[5].crp_p = c;
742+ kop->crk_param[5].crp_nbits = c_len * 8;
743+ kop->crk_param[6].crp_p = d;
744+ kop->crk_param[6].crp_nbits = d_len * 8;
745+ kop->crk_iparams = 7;
746+ kop->crk_op = CRK_DSA_VERIFY;
747+ kop->cookie = cookie;
748+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
749+ goto err;
750+
751+ return ret;
752+ err:
753+ {
754+ const DSA_METHOD *meth = DSA_OpenSSL();
755+
756+ if (kop)
757+ free(kop);
758+
759+ ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
760+ cookie->pkc_callback(cookie, 0);
761+ }
762+ return ret;
763+}
764+
765+static DSA_METHOD cryptodev_dsa = {
766+ "cryptodev DSA method",
767+ NULL,
768+ NULL, /* dsa_sign_setup */
769+ NULL,
770+ NULL, /* dsa_mod_exp */
771+ NULL,
772+ NULL,
773+ NULL,
774+ NULL,
775+ NULL, /* init */
776+ NULL, /* finish */
777+ 0, /* flags */
778+ NULL /* app_data */
779+};
780+
781+static ECDSA_METHOD cryptodev_ecdsa = {
782+ "cryptodev ECDSA method",
783+ NULL,
784+ NULL, /* ecdsa_sign_setup */
785+ NULL,
786+ NULL,
787+ NULL,
788+ NULL,
789+ 0, /* flags */
790+ NULL /* app_data */
791+};
792+
793+typedef enum ec_curve_s {
794+ EC_PRIME,
795+ EC_BINARY
796+} ec_curve_t;
797+
798+/* ENGINE handler for ECDSA Sign */
799+static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
800+ int dgst_len, const BIGNUM *in_kinv,
801+ const BIGNUM *in_r, EC_KEY *eckey)
802+{
803+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
804+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
805+ BN_CTX *ctx = NULL;
806+ ECDSA_SIG *ret = NULL;
807+ ECDSA_DATA *ecdsa = NULL;
808+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
809+ unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst =
810+ NULL;
811+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
812+ int g_len = 0, d_len = 0, ab_len = 0;
813+ const BIGNUM *order = NULL, *priv_key = NULL;
814+ const EC_GROUP *group = NULL;
815+ struct crypt_kop kop;
816+ ec_curve_t ec_crv = EC_PRIME;
817+
818+ memset(&kop, 0, sizeof(kop));
819+ ecdsa = ecdsa_check(eckey);
820+ if (!ecdsa) {
821+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
822+ return NULL;
823+ }
824+
825+ group = EC_KEY_get0_group(eckey);
826+ priv_key = EC_KEY_get0_private_key(eckey);
827+
828+ if (!group || !priv_key) {
829+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
830+ return NULL;
831+ }
832+
833+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
834+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
835+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
836+ (y = BN_new()) == NULL) {
837+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
838+ goto err;
839+ }
840+
841+ order = &group->order;
842+ if (!order || BN_is_zero(order)) {
843+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
844+ goto err;
845+ }
846+
847+ i = BN_num_bits(order);
848+ /*
849+ * Need to truncate digest if it is too long: first truncate whole bytes
850+ */
851+ if (8 * dgst_len > i)
852+ dgst_len = (i + 7) / 8;
853+
854+ if (!BN_bin2bn(dgst, dgst_len, m)) {
855+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
856+ goto err;
857+ }
858+
859+ /* If still too long truncate remaining bits with a shift */
860+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
861+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
862+ goto err;
863+ }
864+
865+ /* copy the truncated bits into plain buffer */
866+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
867+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
868+ __LINE__);
869+ goto err;
870+ }
871+
872+ ret = ECDSA_SIG_new();
873+ if (!ret) {
874+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
875+ goto err;
876+ }
877+
878+ /* check if this is prime or binary EC request */
879+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
880+ NID_X9_62_prime_field) {
881+ ec_crv = EC_PRIME;
882+ /* get the generator point pair */
883+ if (!EC_POINT_get_affine_coordinates_GFp
884+ (group, EC_GROUP_get0_generator(group), x, y, ctx)) {
885+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
886+ goto err;
887+ }
888+
889+ /* get the ECC curve parameters */
890+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
891+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
892 goto err;
893 }
894 } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
895@@ -2325,54 +2840,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
896 goto err;
897 }
898
899- /* memory for message representative */
900- f = malloc(r_len);
901- if (!f) {
902- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
903- goto err;
904+ /* memory for message representative */
905+ f = malloc(r_len);
906+ if (!f) {
907+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
908+ goto err;
909+ }
910+
911+ /* Add padding, since SEC expects hash to of size r_len */
912+ memset(f, 0, r_len - dgst_len);
913+
914+ /* Skip leading bytes if dgst_len < r_len */
915+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
916+ dgst_len += r_len - dgst_len;
917+ kop.crk_op = CRK_DSA_VERIFY;
918+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
919+ kop.crk_param[0].crp_p = f;
920+ kop.crk_param[0].crp_nbits = dgst_len * 8;
921+ kop.crk_param[1].crp_p = q;
922+ kop.crk_param[1].crp_nbits = q_len * 8;
923+ kop.crk_param[2].crp_p = r;
924+ kop.crk_param[2].crp_nbits = r_len * 8;
925+ kop.crk_param[3].crp_p = g_xy;
926+ kop.crk_param[3].crp_nbits = g_len * 8;
927+ kop.crk_param[4].crp_p = w_xy;
928+ kop.crk_param[4].crp_nbits = pub_key_len * 8;
929+ kop.crk_param[5].crp_p = ab;
930+ kop.crk_param[5].crp_nbits = ab_len * 8;
931+ kop.crk_param[6].crp_p = c;
932+ kop.crk_param[6].crp_nbits = d_len * 8;
933+ kop.crk_param[7].crp_p = d;
934+ kop.crk_param[7].crp_nbits = d_len * 8;
935+ kop.crk_iparams = 8;
936+
937+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
938+ /*
939+ * OCF success value is 0, if not zero, change ret to fail
940+ */
941+ if (0 == kop.crk_status)
942+ ret = 1;
943+ } else {
944+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
945+
946+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
947+ }
948+ kop.crk_param[0].crp_p = NULL;
949+ zapparams(&kop);
950+
951+ err:
952+ return ret;
953+}
954+
955+static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
956+ int dgst_len, const BIGNUM *in_kinv,
957+ const BIGNUM *in_r, EC_KEY *eckey,
958+ ECDSA_SIG *sig,
959+ struct pkc_cookie_s *cookie)
960+{
961+ BIGNUM *m = NULL, *p = NULL, *a = NULL;
962+ BIGNUM *b = NULL, *x = NULL, *y = NULL;
963+ BN_CTX *ctx = NULL;
964+ ECDSA_SIG *sig_ret = NULL;
965+ ECDSA_DATA *ecdsa = NULL;
966+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL;
967+ unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL;
968+ int i = 0, q_len = 0, priv_key_len = 0, r_len = 0;
969+ int g_len = 0, ab_len = 0, ret = 1;
970+ const BIGNUM *order = NULL, *priv_key = NULL;
971+ const EC_GROUP *group = NULL;
972+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
973+ ec_curve_t ec_crv = EC_PRIME;
974+
975+ if (!(sig->r = BN_new()) || !kop)
976+ goto err;
977+ if ((sig->s = BN_new()) == NULL) {
978+ BN_free(r);
979+ goto err;
980+ }
981+
982+ memset(kop, 0, sizeof(struct crypt_kop));
983+ ecdsa = ecdsa_check(eckey);
984+ if (!ecdsa) {
985+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
986+ goto err;
987+ }
988+
989+ group = EC_KEY_get0_group(eckey);
990+ priv_key = EC_KEY_get0_private_key(eckey);
991+
992+ if (!group || !priv_key) {
993+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
994+ goto err;
995+ }
996+
997+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
998+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
999+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
1000+ (y = BN_new()) == NULL) {
1001+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1002+ goto err;
1003+ }
1004+
1005+ order = &group->order;
1006+ if (!order || BN_is_zero(order)) {
1007+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS);
1008+ goto err;
1009+ }
1010+
1011+ i = BN_num_bits(order);
1012+ /*
1013+ * Need to truncate digest if it is too long: first truncate whole bytes
1014+ */
1015+ if (8 * dgst_len > i)
1016+ dgst_len = (i + 7) / 8;
1017+
1018+ if (!BN_bin2bn(dgst, dgst_len, m)) {
1019+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
1020+ goto err;
1021+ }
1022+
1023+ /* If still too long truncate remaining bits with a shift */
1024+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
1025+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
1026+ goto err;
1027+ }
1028+
1029+ /* copy the truncated bits into plain buffer */
1030+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
1031+ fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__,
1032+ __LINE__);
1033+ goto err;
1034+ }
1035+
1036+ /* check if this is prime or binary EC request */
1037+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
1038+ == NID_X9_62_prime_field) {
1039+ ec_crv = EC_PRIME;
1040+ /* get the generator point pair */
1041+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1042+ EC_GROUP_get0_generator
1043+ (group), x, y, ctx)) {
1044+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1045+ goto err;
1046+ }
1047+
1048+ /* get the ECC curve parameters */
1049+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1050+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1051+ goto err;
1052+ }
1053+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1054+ NID_X9_62_characteristic_two_field) {
1055+ ec_crv = EC_BINARY;
1056+ /* get the ECC curve parameters */
1057+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
1058+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1059+ goto err;
1060+ }
1061+
1062+ /* get the generator point pair */
1063+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1064+ EC_GROUP_get0_generator
1065+ (group), x, y, ctx)) {
1066+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1067+ goto err;
1068+ }
1069+ } else {
1070+ printf("Unsupported Curve\n");
1071+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1072+ goto err;
1073+ }
1074+
1075+ if (spcf_bn2bin(order, &r, &r_len)) {
1076+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1077+ goto err;
1078+ }
1079+
1080+ if (spcf_bn2bin(p, &q, &q_len)) {
1081+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1082+ goto err;
1083+ }
1084+
1085+ priv_key_len = r_len;
1086+
1087+ /**
1088+ * If BN_num_bytes of priv_key returns less then r_len then
1089+ * add padding bytes before the key
1090+ */
1091+ if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) {
1092+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1093+ goto err;
1094+ }
1095+
1096+ /* Generation of ECC curve parameters */
1097+ ab_len = 2 * q_len;
1098+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
1099+ if (!ab) {
1100+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1101+ goto err;
1102+ }
1103+
1104+ if (ec_crv == EC_BINARY) {
1105+ if (eng_ec_get_cparam
1106+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
1107+ unsigned char *c_temp = NULL;
1108+ int c_temp_len = q_len;
1109+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1110+ memcpy(ab + q_len, c_temp, q_len);
1111+ else
1112+ goto err;
1113+ }
1114+ kop->curve_type = ECC_BINARY;
1115+ }
1116+
1117+ /* Calculation of Generator point */
1118+ g_len = 2 * q_len;
1119+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
1120+ if (!g_xy) {
1121+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1122+ goto err;
1123+ }
1124+
1125+ /* memory for message representative */
1126+ f = malloc(r_len);
1127+ if (!f) {
1128+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1129+ goto err;
1130+ }
1131+
1132+ /* Add padding, since SEC expects hash to of size r_len */
1133+ memset(f, 0, r_len - dgst_len);
1134+
1135+ /* Skip leading bytes if dgst_len < r_len */
1136+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
1137+
1138+ dgst_len += r_len - dgst_len;
1139+
1140+ kop->crk_op = CRK_DSA_SIGN;
1141+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1142+ kop->crk_param[0].crp_p = f;
1143+ kop->crk_param[0].crp_nbits = dgst_len * 8;
1144+ kop->crk_param[1].crp_p = q;
1145+ kop->crk_param[1].crp_nbits = q_len * 8;
1146+ kop->crk_param[2].crp_p = r;
1147+ kop->crk_param[2].crp_nbits = r_len * 8;
1148+ kop->crk_param[3].crp_p = g_xy;
1149+ kop->crk_param[3].crp_nbits = g_len * 8;
1150+ kop->crk_param[4].crp_p = s;
1151+ kop->crk_param[4].crp_nbits = priv_key_len * 8;
1152+ kop->crk_param[5].crp_p = ab;
1153+ kop->crk_param[5].crp_nbits = ab_len * 8;
1154+ kop->crk_iparams = 6;
1155+ kop->cookie = cookie;
1156+
1157+ if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s))
1158+ goto err;
1159+
1160+ return ret;
1161+ err:
1162+ {
1163+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1164+ BN_free(sig->r);
1165+ BN_free(sig->s);
1166+ if (kop)
1167+ free(kop);
1168+ sig_ret =
1169+ (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey);
1170+ sig->r = sig_ret->r;
1171+ sig->s = sig_ret->s;
1172+ cookie->pkc_callback(cookie, 0);
1173+ }
1174+ return ret;
1175+}
1176+
1177+static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
1178+ int dgst_len, const ECDSA_SIG *sig,
1179+ EC_KEY *eckey,
1180+ struct pkc_cookie_s *cookie)
1181+{
1182+ BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
1183+ BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
1184+ BN_CTX *ctx = NULL;
1185+ ECDSA_DATA *ecdsa = NULL;
1186+ unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy =
1187+ NULL;
1188+ unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL;
1189+ int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0;
1190+ int d_len = 0, ab_len = 0, ret = 1;
1191+ const EC_POINT *pub_key = NULL;
1192+ const BIGNUM *order = NULL;
1193+ const EC_GROUP *group = NULL;
1194+ ec_curve_t ec_crv = EC_PRIME;
1195+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1196+
1197+ if (!kop)
1198+ goto err;
1199+
1200+ memset(kop, 0, sizeof(struct crypt_kop));
1201+ ecdsa = ecdsa_check(eckey);
1202+ if (!ecdsa) {
1203+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
1204+ goto err;
1205+ }
1206+
1207+ group = EC_KEY_get0_group(eckey);
1208+ pub_key = EC_KEY_get0_public_key(eckey);
1209+
1210+ if (!group || !pub_key) {
1211+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
1212+ goto err;
1213+ }
1214+
1215+ if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL ||
1216+ (a = BN_new()) == NULL || (b = BN_new()) == NULL ||
1217+ (p = BN_new()) == NULL || (x = BN_new()) == NULL ||
1218+ (y = BN_new()) == NULL || (w_x = BN_new()) == NULL ||
1219+ (w_y = BN_new()) == NULL) {
1220+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1221+ goto err;
1222+ }
1223+
1224+ order = &group->order;
1225+ if (!order || BN_is_zero(order)) {
1226+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
1227+ goto err;
1228+ }
1229+
1230+ i = BN_num_bits(order);
1231+ /*
1232+ * Need to truncate digest if it is too long: first truncate whole *
1233+ * bytes
1234+ */
1235+ if (8 * dgst_len > i)
1236+ dgst_len = (i + 7) / 8;
1237+
1238+ if (!BN_bin2bn(dgst, dgst_len, m)) {
1239+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1240+ goto err;
1241+ }
1242+
1243+ /* If still too long truncate remaining bits with a shift */
1244+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
1245+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
1246+ goto err;
1247+ }
1248+ /* copy the truncated bits into plain buffer */
1249+ if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) {
1250+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1251+ goto err;
1252+ }
1253+
1254+ /* check if this is prime or binary EC request */
1255+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1256+ NID_X9_62_prime_field) {
1257+ ec_crv = EC_PRIME;
1258+
1259+ /* get the generator point pair */
1260+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1261+ EC_GROUP_get0_generator
1262+ (group), x, y, ctx)) {
1263+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1264+ goto err;
1265+ }
1266+
1267+ /* get the public key pair for prime curve */
1268+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1269+ pub_key, w_x, w_y, ctx)) {
1270+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1271+ goto err;
1272+ }
1273+
1274+ /* get the ECC curve parameters */
1275+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1276+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1277+ goto err;
1278+ }
1279+ } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1280+ NID_X9_62_characteristic_two_field) {
1281+ ec_crv = EC_BINARY;
1282+ /* get the ECC curve parameters */
1283+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
1284+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1285+ goto err;
1286+ }
1287+
1288+ /* get the generator point pair */
1289+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1290+ EC_GROUP_get0_generator
1291+ (group), x, y, ctx)) {
1292+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1293+ goto err;
1294+ }
1295+
1296+ /* get the public key pair for binary curve */
1297+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1298+ pub_key, w_x, w_y, ctx)) {
1299+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1300+ goto err;
1301+ }
1302+ } else {
1303+ printf("Unsupported Curve\n");
1304+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
1305+ goto err;
1306+ }
1307+
1308+ /* Get the order of the subgroup of private keys */
1309+ if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) {
1310+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1311+ goto err;
1312+ }
1313+
1314+ /* Get the irreducible polynomial that creates the field */
1315+ if (spcf_bn2bin(p, &q, &q_len)) {
1316+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1317+ goto err;
1318+ }
1319+
1320+ /* Get the public key into a flat buffer with appropriate padding */
1321+ pub_key_len = 2 * q_len;
1322+
1323+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
1324+ if (!w_xy) {
1325+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1326+ goto err;
1327+ }
1328+
1329+ /* Generation of ECC curve parameters */
1330+ ab_len = 2 * q_len;
1331+
1332+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
1333+ if (!ab) {
1334+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1335+ goto err;
1336+ }
1337+
1338+ if (ec_crv == EC_BINARY) {
1339+ /* copy b' i.e c(b), instead of only b */
1340+ eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
1341+ kop->curve_type = ECC_BINARY;
1342+ }
1343+
1344+ /* Calculation of Generator point */
1345+ g_len = 2 * q_len;
1346+
1347+ g_xy = eng_copy_curve_points(x, y, g_len, q_len);
1348+ if (!g_xy) {
1349+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1350+ goto err;
1351+ }
1352+
1353+ /**
1354+ * Get the 1st part of signature into a flat buffer with
1355+ * appropriate padding
1356+ */
1357+ if (BN_num_bytes(sig->r) < r_len)
1358+ c_len = r_len;
1359+
1360+ if (spcf_bn2bin_ex(sig->r, &c, &c_len)) {
1361+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1362+ goto err;
1363+ }
1364+
1365+ /**
1366+ * Get the 2nd part of signature into a flat buffer with
1367+ * appropriate padding
1368+ */
1369+ if (BN_num_bytes(sig->s) < r_len)
1370+ d_len = r_len;
1371+
1372+ if (spcf_bn2bin_ex(sig->s, &d, &d_len)) {
1373+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1374+ goto err;
1375+ }
1376+
1377+ /* memory for message representative */
1378+ f = malloc(r_len);
1379+ if (!f) {
1380+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
1381+ goto err;
1382+ }
1383+
1384+ /* Add padding, since SEC expects hash to of size r_len */
1385+ memset(f, 0, r_len - dgst_len);
1386+
1387+ /* Skip leading bytes if dgst_len < r_len */
1388+ memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
1389+
1390+ dgst_len += r_len - dgst_len;
1391+
1392+ kop->crk_op = CRK_DSA_VERIFY;
1393+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1394+ kop->crk_param[0].crp_p = f;
1395+ kop->crk_param[0].crp_nbits = dgst_len * 8;
1396+ kop->crk_param[1].crp_p = q;
1397+ kop->crk_param[1].crp_nbits = q_len * 8;
1398+ kop->crk_param[2].crp_p = r;
1399+ kop->crk_param[2].crp_nbits = r_len * 8;
1400+ kop->crk_param[3].crp_p = g_xy;
1401+ kop->crk_param[3].crp_nbits = g_len * 8;
1402+ kop->crk_param[4].crp_p = w_xy;
1403+ kop->crk_param[4].crp_nbits = pub_key_len * 8;
1404+ kop->crk_param[5].crp_p = ab;
1405+ kop->crk_param[5].crp_nbits = ab_len * 8;
1406+ kop->crk_param[6].crp_p = c;
1407+ kop->crk_param[6].crp_nbits = d_len * 8;
1408+ kop->crk_param[7].crp_p = d;
1409+ kop->crk_param[7].crp_nbits = d_len * 8;
1410+ kop->crk_iparams = 8;
1411+ kop->cookie = cookie;
1412+
1413+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
1414+ goto err;
1415+
1416+ return ret;
1417+ err:
1418+ {
1419+ const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1420+
1421+ if (kop)
1422+ free(kop);
1423+ ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
1424+ cookie->pkc_callback(cookie, 0);
1425+ }
1426+
1427+ return ret;
1428+}
1429+
1430+/* Cryptodev DH Key Gen routine */
1431+static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
1432+{
1433+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1434+ int ret = 1, g_len;
1435+ unsigned char *g = NULL;
1436+
1437+ if (!kop)
1438+ goto sw_try;
1439+
1440+ if (dh->priv_key == NULL) {
1441+ if ((dh->priv_key = BN_new()) == NULL)
1442+ goto sw_try;
1443+ }
1444+
1445+ if (dh->pub_key == NULL) {
1446+ if ((dh->pub_key = BN_new()) == NULL)
1447+ goto sw_try;
1448+ }
1449+
1450+ g_len = BN_num_bytes(dh->p);
1451+ /**
1452+ * Get generator into a plain buffer. If length is less than
1453+ * q_len then add leading padding bytes.
1454+ */
1455+ if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
1456+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
1457+ goto sw_try;
1458 }
1459
1460- /* Add padding, since SEC expects hash to of size r_len */
1461- memset(f, 0, r_len - dgst_len);
1462+ memset(kop, 0, sizeof(struct crypt_kop));
1463+ kop->crk_op = CRK_DH_GENERATE_KEY;
1464+ if (bn2crparam(dh->p, &kop->crk_param[0]))
1465+ goto sw_try;
1466+ if (bn2crparam(dh->q, &kop->crk_param[1]))
1467+ goto sw_try;
1468+ kop->crk_param[2].crp_p = g;
1469+ kop->crk_param[2].crp_nbits = g_len * 8;
1470+ kop->crk_iparams = 3;
1471+ kop->cookie = cookie;
1472
1473- /* Skip leading bytes if dgst_len < r_len */
1474- memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len);
1475- dgst_len += r_len - dgst_len;
1476- kop.crk_op = CRK_DSA_VERIFY;
1477- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
1478- kop.crk_param[0].crp_p = f;
1479- kop.crk_param[0].crp_nbits = dgst_len * 8;
1480- kop.crk_param[1].crp_p = q;
1481- kop.crk_param[1].crp_nbits = q_len * 8;
1482- kop.crk_param[2].crp_p = r;
1483- kop.crk_param[2].crp_nbits = r_len * 8;
1484- kop.crk_param[3].crp_p = g_xy;
1485- kop.crk_param[3].crp_nbits = g_len * 8;
1486- kop.crk_param[4].crp_p = w_xy;
1487- kop.crk_param[4].crp_nbits = pub_key_len * 8;
1488- kop.crk_param[5].crp_p = ab;
1489- kop.crk_param[5].crp_nbits = ab_len * 8;
1490- kop.crk_param[6].crp_p = c;
1491- kop.crk_param[6].crp_nbits = d_len * 8;
1492- kop.crk_param[7].crp_p = d;
1493- kop.crk_param[7].crp_nbits = d_len * 8;
1494- kop.crk_iparams = 8;
1495+ /* pub_key is or prime length while priv key is of length of order */
1496+ if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key,
1497+ BN_num_bytes(dh->q), dh->priv_key))
1498+ goto sw_try;
1499
1500- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
1501- /*
1502- * OCF success value is 0, if not zero, change ret to fail
1503- */
1504- if (0 == kop.crk_status)
1505- ret = 1;
1506- } else {
1507- const ECDSA_METHOD *meth = ECDSA_OpenSSL();
1508+ return ret;
1509+ sw_try:
1510+ {
1511+ const DH_METHOD *meth = DH_OpenSSL();
1512
1513- ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey);
1514+ if (kop)
1515+ free(kop);
1516+ ret = (meth->generate_key) (dh);
1517+ cookie->pkc_callback(cookie, 0);
1518 }
1519- kop.crk_param[0].crp_p = NULL;
1520- zapparams(&kop);
1521-
1522- err:
1523 return ret;
1524 }
1525
1526@@ -2481,6 +3530,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1527 return (dhret);
1528 }
1529
1530+/* Return Length if successful and 0 on failure */
1531+static int
1532+cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
1533+ DH *dh, struct pkc_cookie_s *cookie)
1534+{
1535+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1536+ int ret = 1;
1537+ int fd, p_len;
1538+ unsigned char *padded_pub_key = NULL, *p = NULL;
1539+
1540+ fd = *(int *)cookie->eng_handle;
1541+
1542+ memset(kop, 0, sizeof(struct crypt_kop));
1543+ kop->crk_op = CRK_DH_COMPUTE_KEY;
1544+ /* inputs: dh->priv_key pub_key dh->p key */
1545+ spcf_bn2bin(dh->p, &p, &p_len);
1546+ spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
1547+
1548+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
1549+ goto err;
1550+ kop->crk_param[1].crp_p = padded_pub_key;
1551+ kop->crk_param[1].crp_nbits = p_len * 8;
1552+ kop->crk_param[2].crp_p = p;
1553+ kop->crk_param[2].crp_nbits = p_len * 8;
1554+ kop->crk_iparams = 3;
1555+
1556+ kop->cookie = cookie;
1557+ kop->crk_param[3].crp_p = (void *)key;
1558+ kop->crk_param[3].crp_nbits = p_len * 8;
1559+ kop->crk_oparams = 1;
1560+
1561+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
1562+ goto err;
1563+
1564+ return p_len;
1565+ err:
1566+ {
1567+ const DH_METHOD *meth = DH_OpenSSL();
1568+
1569+ if (kop)
1570+ free(kop);
1571+ ret = (meth->compute_key) (key, pub_key, dh);
1572+ /* Call user cookie handler */
1573+ cookie->pkc_callback(cookie, 0);
1574+ }
1575+ return (ret);
1576+}
1577+
1578 int cryptodev_ecdh_compute_key(void *out, size_t outlen,
1579 const EC_POINT *pub_key, EC_KEY *ecdh,
1580 void *(*KDF) (const void *in, size_t inlen,
1581@@ -2663,6 +3760,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
1582 return ret;
1583 }
1584
1585+int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
1586+ const EC_POINT *pub_key, EC_KEY *ecdh,
1587+ void *(*KDF) (const void *in,
1588+ size_t inlen, void *out,
1589+ size_t *outlen),
1590+ struct pkc_cookie_s *cookie)
1591+{
1592+ ec_curve_t ec_crv = EC_PRIME;
1593+ unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
1594+ BIGNUM *w_x = NULL, *w_y = NULL;
1595+ int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
1596+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
1597+ BN_CTX *ctx;
1598+ EC_POINT *tmp = NULL;
1599+ BIGNUM *x = NULL, *y = NULL;
1600+ const BIGNUM *priv_key;
1601+ const EC_GROUP *group = NULL;
1602+ int ret = 1;
1603+ size_t buflen, len;
1604+ struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
1605+
1606+ if (!(ctx = BN_CTX_new()) || !kop)
1607+ goto err;
1608+
1609+ memset(kop, 0, sizeof(struct crypt_kop));
1610+
1611+ BN_CTX_start(ctx);
1612+ x = BN_CTX_get(ctx);
1613+ y = BN_CTX_get(ctx);
1614+ p = BN_CTX_get(ctx);
1615+ a = BN_CTX_get(ctx);
1616+ b = BN_CTX_get(ctx);
1617+ w_x = BN_CTX_get(ctx);
1618+ w_y = BN_CTX_get(ctx);
1619+
1620+ if (!x || !y || !p || !a || !b || !w_x || !w_y) {
1621+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
1622+ goto err;
1623+ }
1624+
1625+ priv_key = EC_KEY_get0_private_key(ecdh);
1626+ if (priv_key == NULL) {
1627+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
1628+ goto err;
1629+ }
1630+
1631+ group = EC_KEY_get0_group(ecdh);
1632+ if ((tmp = EC_POINT_new(group)) == NULL) {
1633+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
1634+ goto err;
1635+ }
1636+
1637+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
1638+ NID_X9_62_prime_field) {
1639+ ec_crv = EC_PRIME;
1640+
1641+ if (!EC_POINT_get_affine_coordinates_GFp(group,
1642+ EC_GROUP_get0_generator
1643+ (group), x, y, ctx)) {
1644+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
1645+ goto err;
1646+ }
1647+
1648+ /* get the ECC curve parameters */
1649+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) {
1650+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1651+ goto err;
1652+ }
1653+
1654+ /* get the public key pair for prime curve */
1655+ if (!EC_POINT_get_affine_coordinates_GFp
1656+ (group, pub_key, w_x, w_y, ctx)) {
1657+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1658+ goto err;
1659+ }
1660+ } else {
1661+ ec_crv = EC_BINARY;
1662+
1663+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1664+ EC_GROUP_get0_generator
1665+ (group), x, y, ctx)) {
1666+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
1667+ goto err;
1668+ }
1669+
1670+ /* get the ECC curve parameters */
1671+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) {
1672+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1673+ goto err;
1674+ }
1675+
1676+ /* get the public key pair for binary curve */
1677+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
1678+ pub_key, w_x, w_y, ctx)) {
1679+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
1680+ goto err;
1681+ }
1682+ }
1683+
1684+ /* irreducible polynomial that creates the field */
1685+ if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) {
1686+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1687+ goto err;
1688+ }
1689+
1690+ /* Get the irreducible polynomial that creates the field */
1691+ if (spcf_bn2bin(p, &q, &q_len)) {
1692+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1693+ goto err;
1694+ }
1695+
1696+ /* Get the public key into a flat buffer with appropriate padding */
1697+ pub_key_len = 2 * q_len;
1698+ w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len);
1699+ if (!w_xy) {
1700+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1701+ goto err;
1702+ }
1703+
1704+ /* Generation of ECC curve parameters */
1705+ ab_len = 2 * q_len;
1706+ ab = eng_copy_curve_points(a, b, ab_len, q_len);
1707+ if (!ab) {
1708+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
1709+ goto err;
1710+ }
1711+
1712+ if (ec_crv == EC_BINARY) {
1713+ /* copy b' i.e c(b), instead of only b */
1714+ if (eng_ec_get_cparam
1715+ (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) {
1716+ unsigned char *c_temp = NULL;
1717+ int c_temp_len = q_len;
1718+ if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len))
1719+ memcpy(ab + q_len, c_temp, q_len);
1720+ else
1721+ goto err;
1722+ }
1723+ kop->curve_type = ECC_BINARY;
1724+ } else
1725+ kop->curve_type = ECC_PRIME;
1726+
1727+ priv_key_len = r_len;
1728+
1729+ /*
1730+ * If BN_num_bytes of priv_key returns less then r_len then
1731+ * add padding bytes before the key
1732+ */
1733+ if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) {
1734+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
1735+ goto err;
1736+ }
1737+
1738+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
1739+ len = BN_num_bytes(x);
1740+ if (len > buflen || q_len < buflen) {
1741+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
1742+ goto err;
1743+ }
1744+
1745+ kop->crk_op = CRK_DH_COMPUTE_KEY;
1746+ kop->crk_param[0].crp_p = (void *)s;
1747+ kop->crk_param[0].crp_nbits = priv_key_len * 8;
1748+ kop->crk_param[1].crp_p = (void *)w_xy;
1749+ kop->crk_param[1].crp_nbits = pub_key_len * 8;
1750+ kop->crk_param[2].crp_p = (void *)q;
1751+ kop->crk_param[2].crp_nbits = q_len * 8;
1752+ kop->crk_param[3].crp_p = (void *)ab;
1753+ kop->crk_param[3].crp_nbits = ab_len * 8;
1754+ kop->crk_iparams = 4;
1755+ kop->crk_param[4].crp_p = (void *)out;
1756+ kop->crk_param[4].crp_nbits = q_len * 8;
1757+ kop->crk_oparams = 1;
1758+ kop->cookie = cookie;
1759+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
1760+ goto err;
1761+
1762+ return q_len;
1763+ err:
1764+ {
1765+ const ECDH_METHOD *meth = ECDH_OpenSSL();
1766+
1767+ if (kop)
1768+ free(kop);
1769+ ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF);
1770+ /* Call user cookie handler */
1771+ cookie->pkc_callback(cookie, 0);
1772+ }
1773+ return ret;
1774+}
1775+
1776 static DH_METHOD cryptodev_dh = {
1777 "cryptodev DH method",
1778 NULL, /* cryptodev_dh_generate_key */
1779@@ -2670,6 +3958,8 @@ static DH_METHOD cryptodev_dh = {
1780 NULL,
1781 NULL,
1782 NULL,
1783+ NULL,
1784+ NULL,
1785 0, /* flags */
1786 NULL /* app_data */
1787 };
1788@@ -2678,6 +3968,7 @@ static ECDH_METHOD cryptodev_ecdh = {
1789 "cryptodev ECDH method",
1790 NULL, /* cryptodev_ecdh_compute_key */
1791 NULL,
1792+ NULL,
1793 0, /* flags */
1794 NULL /* app_data */
1795 };
1796@@ -2748,10 +4039,15 @@ void ENGINE_load_cryptodev(void)
1797 cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
1798 if (cryptodev_asymfeat & CRF_MOD_EXP) {
1799 cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
1800- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
1801+ cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async;
1802+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) {
1803 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
1804- else
1805+ cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async;
1806+ } else {
1807 cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
1808+ cryptodev_rsa.rsa_mod_exp_async =
1809+ cryptodev_rsa_nocrt_mod_exp_async;
1810+ }
1811 }
1812 }
1813
1814@@ -2759,12 +4055,18 @@ void ENGINE_load_cryptodev(void)
1815 const DSA_METHOD *meth = DSA_OpenSSL();
1816
1817 memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
1818- if (cryptodev_asymfeat & CRF_DSA_SIGN)
1819+ if (cryptodev_asymfeat & CRF_DSA_SIGN) {
1820 cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
1821- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
1822+ cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async;
1823+ }
1824+ if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
1825 cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
1826- if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY)
1827+ cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async;
1828+ }
1829+ if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) {
1830 cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen;
1831+ cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async;
1832+ }
1833 }
1834
1835 if (ENGINE_set_DH(engine, &cryptodev_dh)) {
1836@@ -2772,9 +4074,12 @@ void ENGINE_load_cryptodev(void)
1837 memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD));
1838 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1839 cryptodev_dh.compute_key = cryptodev_dh_compute_key;
1840+ cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async;
1841 }
1842 if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) {
1843 cryptodev_dh.generate_key = cryptodev_dh_keygen;
1844+ cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async;
1845+
1846 }
1847 }
1848
1849@@ -2783,9 +4088,13 @@ void ENGINE_load_cryptodev(void)
1850 memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD));
1851 if (cryptodev_asymfeat & CRF_DSA_SIGN) {
1852 cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign;
1853+ cryptodev_ecdsa.ecdsa_do_sign_async =
1854+ cryptodev_ecdsa_do_sign_async;
1855 }
1856 if (cryptodev_asymfeat & CRF_DSA_VERIFY) {
1857 cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify;
1858+ cryptodev_ecdsa.ecdsa_do_verify_async =
1859+ cryptodev_ecdsa_verify_async;
1860 }
1861 }
1862
1863@@ -2794,9 +4103,16 @@ void ENGINE_load_cryptodev(void)
1864 memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD));
1865 if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) {
1866 cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key;
1867+ cryptodev_ecdh.compute_key_async =
1868+ cryptodev_ecdh_compute_key_async;
1869 }
1870 }
1871
1872+ ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
1873+ ENGINE_set_close_instance(engine, cryptodev_close_instance);
1874+ ENGINE_set_init_instance(engine, cryptodev_init_instance);
1875+ ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
1876+
1877 ENGINE_add(engine);
1878 ENGINE_free(engine);
1879 ERR_clear_error();
1880diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
1881index 46f163b..b698a0c 100644
1882--- a/crypto/engine/eng_int.h
1883+++ b/crypto/engine/eng_int.h
1884@@ -198,6 +198,29 @@ struct engine_st {
1885 ENGINE_LOAD_KEY_PTR load_privkey;
1886 ENGINE_LOAD_KEY_PTR load_pubkey;
1887 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
1888+ /*
1889+ * Instantiate Engine handle to be passed in check_pkc_availability
1890+ * Ensure that Engine is instantiated before any pkc asynchronous call.
1891+ */
1892+ void *(*engine_init_instance)(void);
1893+ /*
1894+ * Instantiated Engine handle will be closed with this call.
1895+ * Ensure that no pkc asynchronous call is made after this call
1896+ */
1897+ void (*engine_close_instance)(void *handle);
1898+ /*
1899+ * Check availability will extract the data from kernel.
1900+ * eng_handle: This is the Engine handle corresponds to which
1901+ * the cookies needs to be polled.
1902+ * return 0 if cookie available else 1
1903+ */
1904+ int (*check_pkc_availability)(void *eng_handle);
1905+ /*
1906+ * The following map is used to check if the engine supports asynchronous implementation
1907+ * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
1908+ * implementation need to check this features using "int ENGINE_get_async_map(engine *)";
1909+ */
1910+ int async_map;
1911 const ENGINE_CMD_DEFN *cmd_defns;
1912 int flags;
1913 /* reference count on the structure itself */
1914diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
1915index dc2abd2..0c57e12 100644
1916--- a/crypto/engine/eng_lib.c
1917+++ b/crypto/engine/eng_lib.c
1918@@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e)
1919 e->ctrl = NULL;
1920 e->load_privkey = NULL;
1921 e->load_pubkey = NULL;
1922+ e->check_pkc_availability = NULL;
1923+ e->engine_init_instance = NULL;
1924+ e->engine_close_instance = NULL;
1925 e->cmd_defns = NULL;
1926+ e->async_map = 0;
1927 e->flags = 0;
1928 }
1929
1930@@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id)
1931 }
1932 e->id = id;
1933 return 1;
1934+ }
1935+
1936+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
1937+ {
1938+ e->engine_init_instance = engine_init_instance;
1939+ }
1940+
1941+void ENGINE_set_close_instance(ENGINE *e,
1942+ void (*engine_close_instance)(void *))
1943+ {
1944+ e->engine_close_instance = engine_close_instance;
1945+ }
1946+
1947+void ENGINE_set_async_map(ENGINE *e, int async_map)
1948+ {
1949+ e->async_map = async_map;
1950+ }
1951+
1952+void *ENGINE_init_instance(ENGINE *e)
1953+ {
1954+ return e->engine_init_instance();
1955+ }
1956+
1957+void ENGINE_close_instance(ENGINE *e, void *eng_handle)
1958+ {
1959+ e->engine_close_instance(eng_handle);
1960+ }
1961+
1962+int ENGINE_get_async_map(ENGINE *e)
1963+ {
1964+ return e->async_map;
1965+ }
1966+
1967+void ENGINE_set_check_pkc_availability(ENGINE *e,
1968+ int (*check_pkc_availability)(void *eng_handle))
1969+ {
1970+ e->check_pkc_availability = check_pkc_availability;
1971+ }
1972+
1973+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
1974+ {
1975+ return e->check_pkc_availability(eng_handle);
1976 }
1977
1978 int ENGINE_set_name(ENGINE *e, const char *name)
1979diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
1980index 020d912..4527aa1 100644
1981--- a/crypto/engine/engine.h
1982+++ b/crypto/engine/engine.h
1983@@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void);
1984 int ENGINE_free(ENGINE *e);
1985 int ENGINE_up_ref(ENGINE *e);
1986 int ENGINE_set_id(ENGINE *e, const char *id);
1987+void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
1988+void ENGINE_set_close_instance(ENGINE *e,
1989+ void (*engine_free_instance)(void *));
1990+/*
1991+ * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
1992+ *of the engine
1993+ */
1994+#define ENGINE_RSA_ASYNC 0x0001
1995+#define ENGINE_DSA_ASYNC 0x0002
1996+#define ENGINE_DH_ASYNC 0x0004
1997+#define ENGINE_ECDSA_ASYNC 0x0008
1998+#define ENGINE_ECDH_ASYNC 0x0010
1999+#define ENGINE_ALLPKC_ASYNC 0x001F
2000+/* Engine implementation will set the bitmap based on above flags using following API */
2001+void ENGINE_set_async_map(ENGINE *e, int async_map);
2002+ /* Application need to check the bitmap based on above flags using following API
2003+ * to confirm asynchronous methods supported
2004+ */
2005+int ENGINE_get_async_map(ENGINE *e);
2006+void *ENGINE_init_instance(ENGINE *e);
2007+void ENGINE_close_instance(ENGINE *e, void *eng_handle);
2008+void ENGINE_set_check_pkc_availability(ENGINE *e,
2009+ int (*check_pkc_availability)(void *eng_handle));
2010+int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
2011 int ENGINE_set_name(ENGINE *e, const char *name);
2012 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
2013 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
2014diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
2015index d2ee374..7c539fc 100644
2016--- a/crypto/rsa/rsa.h
2017+++ b/crypto/rsa/rsa.h
2018@@ -97,6 +97,29 @@ struct rsa_meth_st {
2019 /* Can be null */
2020 int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
2021 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
2022+ /*
2023+ * Cookie in the following _async variant must be allocated before
2024+ * submission and can be freed once its corresponding callback
2025+ * handler is called
2026+ */
2027+ int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from,
2028+ unsigned char *to, RSA *rsa, int padding,
2029+ struct pkc_cookie_s *cookie);
2030+ int (*rsa_pub_dec_async)(int flen,const unsigned char *from,
2031+ unsigned char *to, RSA *rsa, int padding,
2032+ struct pkc_cookie_s *cookie);
2033+ int (*rsa_priv_enc_async)(int flen,const unsigned char *from,
2034+ unsigned char *to, RSA *rsa, int padding,
2035+ struct pkc_cookie_s *cookie);
2036+ int (*rsa_priv_dec_async)(int flen,const unsigned char *from,
2037+ unsigned char *to, RSA *rsa, int padding,
2038+ struct pkc_cookie_s *cookie);
2039+ int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
2040+ BN_CTX *ctx, struct pkc_cookie_s *cookie);
2041+ int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
2042+ const BIGNUM *m, BN_CTX *ctx,
2043+ BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie);
2044+
2045 /* called at new */
2046 int (*init) (RSA *rsa);
2047 /* called at free */
2048--
20492.7.3
2050
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
deleted file mode 100644
index 070b93a0..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch
+++ /dev/null
@@ -1,155 +0,0 @@
1From 73629969c6fe54529441530674b061ce31a41d93 Mon Sep 17 00:00:00 2001
2From: Hou Zhiqiang <B48286@freescale.com>
3Date: Wed, 2 Apr 2014 16:10:43 +0800
4Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command
5 with hardware engine
6
7Upstream-status: Pending
8
9Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
10Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
11---
12 crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++
13 1 file changed, 120 insertions(+)
14
15diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
16index 90fe9b8..8c9ad5c 100644
17--- a/crypto/engine/eng_cryptodev.c
18+++ b/crypto/engine/eng_cryptodev.c
19@@ -2022,6 +2022,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
20 }
21 }
22
23+/* Cryptodev RSA Key Gen routine */
24+static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
25+{
26+ struct crypt_kop kop;
27+ int ret, fd;
28+ int p_len, q_len;
29+ int i;
30+
31+ if ((fd = get_asym_dev_crypto()) < 0)
32+ return fd;
33+
34+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
35+ goto err;
36+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
37+ goto err;
38+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
39+ goto err;
40+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
41+ goto err;
42+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
43+ goto err;
44+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
45+ goto err;
46+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
47+ goto err;
48+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
49+ goto err;
50+
51+ BN_copy(rsa->e, e);
52+
53+ p_len = (bits + 1) / (2 * 8);
54+ q_len = (bits - p_len * 8) / 8;
55+ memset(&kop, 0, sizeof kop);
56+ kop.crk_op = CRK_RSA_GENERATE_KEY;
57+
58+ /* p length */
59+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
60+ if (!kop.crk_param[kop.crk_iparams].crp_p)
61+ goto err;
62+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
63+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
64+ kop.crk_iparams++;
65+ kop.crk_oparams++;
66+ /* q length */
67+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
68+ if (!kop.crk_param[kop.crk_iparams].crp_p)
69+ goto err;
70+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
71+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
72+ kop.crk_iparams++;
73+ kop.crk_oparams++;
74+ /* n length */
75+ kop.crk_param[kop.crk_iparams].crp_p =
76+ calloc(p_len + q_len + 1, sizeof(char));
77+ if (!kop.crk_param[kop.crk_iparams].crp_p)
78+ goto err;
79+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
80+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1);
81+ kop.crk_iparams++;
82+ kop.crk_oparams++;
83+ /* d length */
84+ kop.crk_param[kop.crk_iparams].crp_p =
85+ calloc(p_len + q_len + 1, sizeof(char));
86+ if (!kop.crk_param[kop.crk_iparams].crp_p)
87+ goto err;
88+ kop.crk_param[kop.crk_iparams].crp_nbits = bits;
89+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1);
90+ kop.crk_iparams++;
91+ kop.crk_oparams++;
92+ /* dp1 length */
93+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
94+ if (!kop.crk_param[kop.crk_iparams].crp_p)
95+ goto err;
96+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
97+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
98+ kop.crk_iparams++;
99+ kop.crk_oparams++;
100+ /* dq1 length */
101+ kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
102+ if (!kop.crk_param[kop.crk_iparams].crp_p)
103+ goto err;
104+ kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
105+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
106+ kop.crk_iparams++;
107+ kop.crk_oparams++;
108+ /* i length */
109+ kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
110+ if (!kop.crk_param[kop.crk_iparams].crp_p)
111+ goto err;
112+ kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
113+ memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
114+ kop.crk_iparams++;
115+ kop.crk_oparams++;
116+
117+ if (ioctl(fd, CIOCKEY, &kop) == 0) {
118+ BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p);
119+ BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q);
120+ BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n);
121+ BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d);
122+ BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1);
123+ BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1);
124+ BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp);
125+ return 1;
126+ }
127+ sw_try:
128+ {
129+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
130+ ret = (meth->rsa_keygen) (rsa, bits, e, cb);
131+ }
132+ return ret;
133+
134+ err:
135+ for (i = 0; i < CRK_MAXPARAM; i++)
136+ free(kop.crk_param[i].crp_p);
137+ return 0;
138+
139+}
140+
141 /* Cryptodev DSA Key Gen routine */
142 static int cryptodev_dsa_keygen(DSA *dsa)
143 {
144@@ -4048,6 +4166,8 @@ void ENGINE_load_cryptodev(void)
145 cryptodev_rsa.rsa_mod_exp_async =
146 cryptodev_rsa_nocrt_mod_exp_async;
147 }
148+ if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY)
149+ cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen;
150 }
151 }
152
153--
1542.7.3
155
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
deleted file mode 100644
index faa1690b..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch
+++ /dev/null
@@ -1,64 +0,0 @@
1From b3726ca2b823fe2a4c675b750e6f96d4a03ce93c Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Wed, 16 Apr 2014 22:53:04 +0545
4Subject: [PATCH 09/48] RSA Keygen Fix
5
6Upstream-status: Pending
7
8If Kernel driver doesn't support RSA Keygen or same returns
9error handling the keygen operation, the keygen is gracefully
10handled by software supported rsa_keygen handler
11
12Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
13Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
14---
15 crypto/engine/eng_cryptodev.c | 12 +++++++-----
16 1 file changed, 7 insertions(+), 5 deletions(-)
17
18diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
19index 8c9ad5c..3686c23 100644
20--- a/crypto/engine/eng_cryptodev.c
21+++ b/crypto/engine/eng_cryptodev.c
22@@ -2031,7 +2031,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
23 int i;
24
25 if ((fd = get_asym_dev_crypto()) < 0)
26- return fd;
27+ goto sw_try;
28
29 if (!rsa->n && ((rsa->n = BN_new()) == NULL))
30 goto err;
31@@ -2060,7 +2060,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
32 /* p length */
33 kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char));
34 if (!kop.crk_param[kop.crk_iparams].crp_p)
35- goto err;
36+ goto sw_try;
37 kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8;
38 memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1);
39 kop.crk_iparams++;
40@@ -2068,7 +2068,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
41 /* q length */
42 kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char));
43 if (!kop.crk_param[kop.crk_iparams].crp_p)
44- goto err;
45+ goto sw_try;
46 kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8;
47 memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1);
48 kop.crk_iparams++;
49@@ -2128,8 +2128,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
50 }
51 sw_try:
52 {
53- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
54- ret = (meth->rsa_keygen) (rsa, bits, e, cb);
55+ const RSA_METHOD *meth = rsa->meth;
56+ rsa->meth = RSA_PKCS1_SSLeay();
57+ ret = RSA_generate_key_ex(rsa, bits, e, cb);
58+ rsa->meth = meth;
59 }
60 return ret;
61
62--
632.7.3
64
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
deleted file mode 100644
index 22258b4d..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch
+++ /dev/null
@@ -1,163 +0,0 @@
1From 1a7d37d609b5ce61d0c1454292dd4500859ed65c Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 17 Apr 2014 06:57:59 +0545
4Subject: [PATCH 10/48] Removed local copy of curve_t type
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 crypto/engine/eng_cryptodev.c | 33 ++++++++++++++-------------------
12 crypto/engine/eng_cryptodev_ec.h | 7 -------
13 2 files changed, 14 insertions(+), 26 deletions(-)
14
15diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
16index 3686c23..afcf72b 100644
17--- a/crypto/engine/eng_cryptodev.c
18+++ b/crypto/engine/eng_cryptodev.c
19@@ -2517,11 +2517,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
20 NULL /* app_data */
21 };
22
23-typedef enum ec_curve_s {
24- EC_PRIME,
25- EC_BINARY
26-} ec_curve_t;
27-
28 /* ENGINE handler for ECDSA Sign */
29 static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
30 int dgst_len, const BIGNUM *in_kinv,
31@@ -2540,7 +2535,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
32 const BIGNUM *order = NULL, *priv_key = NULL;
33 const EC_GROUP *group = NULL;
34 struct crypt_kop kop;
35- ec_curve_t ec_crv = EC_PRIME;
36+ enum ec_curve_t ec_crv = EC_PRIME;
37
38 memset(&kop, 0, sizeof(kop));
39 ecdsa = ecdsa_check(eckey);
40@@ -2678,7 +2673,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
41 else
42 goto err;
43 }
44- kop.curve_type = ECC_BINARY;
45+ kop.curve_type = EC_BINARY;
46 }
47
48 /* Calculation of Generator point */
49@@ -2773,7 +2768,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
50 const EC_POINT *pub_key = NULL;
51 const BIGNUM *order = NULL;
52 const EC_GROUP *group = NULL;
53- ec_curve_t ec_crv = EC_PRIME;
54+ enum ec_curve_t ec_crv = EC_PRIME;
55 struct crypt_kop kop;
56
57 memset(&kop, 0, sizeof kop);
58@@ -2924,7 +2919,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
59 else
60 goto err;
61 }
62- kop.curve_type = ECC_BINARY;
63+ kop.curve_type = EC_BINARY;
64 }
65
66 /* Calculation of Generator point */
67@@ -3029,7 +3024,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
68 const BIGNUM *order = NULL, *priv_key = NULL;
69 const EC_GROUP *group = NULL;
70 struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
71- ec_curve_t ec_crv = EC_PRIME;
72+ enum ec_curve_t ec_crv = EC_PRIME;
73
74 if (!(sig->r = BN_new()) || !kop)
75 goto err;
76@@ -3170,7 +3165,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
77 else
78 goto err;
79 }
80- kop->curve_type = ECC_BINARY;
81+ kop->curve_type = EC_BINARY;
82 }
83
84 /* Calculation of Generator point */
85@@ -3250,7 +3245,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
86 const EC_POINT *pub_key = NULL;
87 const BIGNUM *order = NULL;
88 const EC_GROUP *group = NULL;
89- ec_curve_t ec_crv = EC_PRIME;
90+ enum ec_curve_t ec_crv = EC_PRIME;
91 struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
92
93 if (!kop)
94@@ -3397,7 +3392,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst,
95 if (ec_crv == EC_BINARY) {
96 /* copy b' i.e c(b), instead of only b */
97 eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len);
98- kop->curve_type = ECC_BINARY;
99+ kop->curve_type = EC_BINARY;
100 }
101
102 /* Calculation of Generator point */
103@@ -3703,7 +3698,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
104 void *(*KDF) (const void *in, size_t inlen,
105 void *out, size_t *outlen))
106 {
107- ec_curve_t ec_crv = EC_PRIME;
108+ enum ec_curve_t ec_crv = EC_PRIME;
109 unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
110 BIGNUM *w_x = NULL, *w_y = NULL;
111 int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
112@@ -3833,9 +3828,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen,
113 else
114 goto err;
115 }
116- kop.curve_type = ECC_BINARY;
117+ kop.curve_type = EC_BINARY;
118 } else
119- kop.curve_type = ECC_PRIME;
120+ kop.curve_type = EC_PRIME;
121
122 priv_key_len = r_len;
123
124@@ -3887,7 +3882,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
125 size_t *outlen),
126 struct pkc_cookie_s *cookie)
127 {
128- ec_curve_t ec_crv = EC_PRIME;
129+ enum ec_curve_t ec_crv = EC_PRIME;
130 unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL;
131 BIGNUM *w_x = NULL, *w_y = NULL;
132 int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0;
133@@ -4018,9 +4013,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen,
134 else
135 goto err;
136 }
137- kop->curve_type = ECC_BINARY;
138+ kop->curve_type = EC_BINARY;
139 } else
140- kop->curve_type = ECC_PRIME;
141+ kop->curve_type = EC_PRIME;
142
143 priv_key_len = r_len;
144
145diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h
146index af54c51..41a8702 100644
147--- a/crypto/engine/eng_cryptodev_ec.h
148+++ b/crypto/engine/eng_cryptodev_ec.h
149@@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y,
150
151 return xy;
152 }
153-
154-enum curve_t {
155- DISCRETE_LOG,
156- ECC_PRIME,
157- ECC_BINARY,
158- MAX_ECC_TYPE
159-};
160 #endif
161--
1622.7.3
163
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
deleted file mode 100644
index d7fb2234..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1From 82afed6364dfcced7458dbd2bda7932054078f04 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Tue, 22 Apr 2014 22:58:33 +0545
4Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams
5
6Upstream-status: Pending
7
8When dhparams are created, modulus parameter required for
9private key generation is not populated. So, falling back
10to software for proper population of modulus parameters followed
11by private key generation
12
13Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
14Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
15---
16 crypto/engine/eng_cryptodev.c | 4 ++--
17 1 file changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
20index afcf72b..2013746 100644
21--- a/crypto/engine/eng_cryptodev.c
22+++ b/crypto/engine/eng_cryptodev.c
23@@ -3515,7 +3515,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
24 kop->crk_op = CRK_DH_GENERATE_KEY;
25 if (bn2crparam(dh->p, &kop->crk_param[0]))
26 goto sw_try;
27- if (bn2crparam(dh->q, &kop->crk_param[1]))
28+ if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1]))
29 goto sw_try;
30 kop->crk_param[2].crp_p = g;
31 kop->crk_param[2].crp_nbits = g_len * 8;
32@@ -3570,7 +3570,7 @@ static int cryptodev_dh_keygen(DH *dh)
33 kop.crk_op = CRK_DH_GENERATE_KEY;
34 if (bn2crparam(dh->p, &kop.crk_param[0]))
35 goto sw_try;
36- if (bn2crparam(dh->q, &kop.crk_param[1]))
37+ if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
38 goto sw_try;
39 kop.crk_param[2].crp_p = g;
40 kop.crk_param[2].crp_nbits = g_len * 8;
41--
422.7.3
43
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
deleted file mode 100644
index b665f7a9..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch
+++ /dev/null
@@ -1,53 +0,0 @@
1From f7817245b35156ec2b15514c952db806140c6ebc Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 24 Apr 2014 00:35:34 +0545
4Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen
5
6Upstream-status: Pending
7
8DSA Keygen is not handled in default openssl dsa method. Due to
9same null function pointer in SW DSA method, the backoff for dsa
10keygen gives segmentation fault.
11
12Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
13Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
14---
15 crypto/engine/eng_cryptodev.c | 12 ++++++++----
16 1 file changed, 8 insertions(+), 4 deletions(-)
17
18diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
19index 2013746..a3a97d2 100644
20--- a/crypto/engine/eng_cryptodev.c
21+++ b/crypto/engine/eng_cryptodev.c
22@@ -2188,8 +2188,10 @@ static int cryptodev_dsa_keygen(DSA *dsa)
23 return ret;
24 sw_try:
25 {
26- const DSA_METHOD *meth = DSA_OpenSSL();
27- ret = (meth->dsa_keygen) (dsa);
28+ const DSA_METHOD *meth = dsa->meth;
29+ dsa->meth = DSA_OpenSSL();
30+ ret = DSA_generate_key(dsa);
31+ dsa->meth = meth;
32 }
33 return ret;
34 }
35@@ -2243,11 +2245,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie)
36 return ret;
37 sw_try:
38 {
39- const DSA_METHOD *meth = DSA_OpenSSL();
40+ const DSA_METHOD *meth = dsa->meth;
41
42+ dsa->meth = DSA_OpenSSL();
43 if (kop)
44 free(kop);
45- ret = (meth->dsa_keygen) (dsa);
46+ ret = DSA_generate_key(dsa);
47+ dsa->meth = meth;
48 cookie->pkc_callback(cookie, 0);
49 }
50 return ret;
51--
522.7.3
53
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
deleted file mode 100644
index 4f8fd4de..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch
+++ /dev/null
@@ -1,100 +0,0 @@
1From 0075a1d36133523a40efc66d6491a4f11aca87fd Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 1 May 2014 06:35:45 +0545
4Subject: [PATCH 13/48] Fixed DH keygen pair generator
5
6Upstream-status: Pending
7
8Wrong Padding results into keygen length error
9
10Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
11Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
12---
13 crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
14 1 file changed, 33 insertions(+), 17 deletions(-)
15
16diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
17index a3a97d2..5a9f4b7 100644
18--- a/crypto/engine/eng_cryptodev.c
19+++ b/crypto/engine/eng_cryptodev.c
20@@ -3547,44 +3547,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie)
21 static int cryptodev_dh_keygen(DH *dh)
22 {
23 struct crypt_kop kop;
24- int ret = 1, g_len;
25- unsigned char *g = NULL;
26+ int ret = 1, q_len = 0;
27+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
28+ BIGNUM *pub_key = NULL, *priv_key = NULL;
29+ int generate_new_key = 1;
30
31- if (dh->priv_key == NULL) {
32- if ((dh->priv_key = BN_new()) == NULL)
33- goto sw_try;
34- }
35+ if (dh->priv_key)
36+ priv_key = dh->priv_key;
37
38- if (dh->pub_key == NULL) {
39- if ((dh->pub_key = BN_new()) == NULL)
40- goto sw_try;
41- }
42+ if (dh->pub_key)
43+ pub_key = dh->pub_key;
44
45- g_len = BN_num_bytes(dh->p);
46+ q_len = BN_num_bytes(dh->p);
47 /**
48 * Get generator into a plain buffer. If length is less than
49 * q_len then add leading padding bytes.
50 */
51- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
52+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
53+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
54+ goto sw_try;
55+ }
56+
57+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
58 DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
59 goto sw_try;
60 }
61
62 memset(&kop, 0, sizeof kop);
63 kop.crk_op = CRK_DH_GENERATE_KEY;
64- if (bn2crparam(dh->p, &kop.crk_param[0]))
65- goto sw_try;
66+ kop.crk_param[0].crp_p = q;
67+ kop.crk_param[0].crp_nbits = q_len * 8;
68 if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
69 goto sw_try;
70 kop.crk_param[2].crp_p = g;
71- kop.crk_param[2].crp_nbits = g_len * 8;
72+ kop.crk_param[2].crp_nbits = q_len * 8;
73 kop.crk_iparams = 3;
74
75+ s = OPENSSL_malloc(q_len);
76+ if (!s) {
77+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
78+ goto sw_try;
79+ }
80+
81+ w = OPENSSL_malloc(q_len);
82+ if (!w) {
83+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
84+ goto sw_try;
85+ }
86+
87 /* pub_key is or prime length while priv key is of length of order */
88- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
89- BN_num_bytes(dh->q), dh->priv_key))
90+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
91 goto sw_try;
92
93+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
94+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
95 return ret;
96 sw_try:
97 {
98--
992.7.3
100
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
deleted file mode 100644
index 898499b4..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch
+++ /dev/null
@@ -1,321 +0,0 @@
1From fcbd6199deb715b117153b7df00cdd4cdec44d79 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 16 Jun 2014 14:06:21 +0300
4Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading
5
6Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
7---
8 apps/speed.c | 6 +-
9 crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++-
10 2 files changed, 240 insertions(+), 2 deletions(-)
11
12diff --git a/apps/speed.c b/apps/speed.c
13index b862868..fd2a2a5 100644
14--- a/apps/speed.c
15+++ b/apps/speed.c
16@@ -226,7 +226,11 @@
17 # endif
18
19 # undef BUFSIZE
20-# define BUFSIZE ((long)1024*8+1)
21+/* The buffer overhead allows GCM tag at the end of the encrypted data. This
22+ avoids buffer overflows from cryptodev since Linux kernel GCM
23+ implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher()
24+ which doesn't */
25+#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN)
26 static volatile int run = 0;
27
28 static int mr = 0;
29diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
30index 5a9f4b7..1754917 100644
31--- a/crypto/engine/eng_cryptodev.c
32+++ b/crypto/engine/eng_cryptodev.c
33@@ -2,6 +2,7 @@
34 * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
35 * Copyright (c) 2002 Theo de Raadt
36 * Copyright (c) 2002 Markus Friedl
37+ * Copyright (c) 2013-2014 Freescale Semiconductor, Inc.
38 * All rights reserved.
39 *
40 * Redistribution and use in source and binary forms, with or without
41@@ -78,8 +79,10 @@ struct dev_crypto_state {
42 struct session_op d_sess;
43 int d_fd;
44 unsigned char *aad;
45- unsigned int aad_len;
46+ int aad_len;
47 unsigned int len;
48+ unsigned char *iv;
49+ int ivlen;
50 # ifdef USE_CRYPTODEV_DIGESTS
51 char dummy_mac_key[HASH_MAX_LEN];
52 unsigned char digest_res[HASH_MAX_LEN];
53@@ -288,6 +291,9 @@ static struct {
54 CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
55 },
56 {
57+ CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
58+ },
59+ {
60 0, NID_undef, 0, 0, 0
61 },
62 };
63@@ -326,6 +332,22 @@ static struct {
64 };
65 # endif
66
67+/* increment counter (64-bit int) by 1 */
68+static void ctr64_inc(unsigned char *counter)
69+{
70+ int n = 8;
71+ unsigned char c;
72+
73+ do {
74+ --n;
75+ c = counter[n];
76+ ++c;
77+ counter[n] = c;
78+ if (c)
79+ return;
80+ } while (n);
81+}
82+
83 /*
84 * Return a fd if /dev/crypto seems usable, 0 otherwise.
85 */
86@@ -808,6 +830,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
87 }
88 }
89
90+static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx,
91+ const unsigned char *key,
92+ const unsigned char *iv, int enc)
93+{
94+ struct dev_crypto_state *state = ctx->cipher_data;
95+ struct session_op *sess = &state->d_sess;
96+ int cipher = -1, i;
97+ if (!iv && !key)
98+ return 1;
99+
100+ if (iv)
101+ memcpy(ctx->iv, iv, ctx->cipher->iv_len);
102+
103+ for (i = 0; ciphers[i].id; i++)
104+ if (ctx->cipher->nid == ciphers[i].nid &&
105+ ctx->cipher->iv_len <= ciphers[i].ivmax &&
106+ ctx->key_len == ciphers[i].keylen) {
107+ cipher = ciphers[i].id;
108+ break;
109+ }
110+
111+ if (!ciphers[i].id) {
112+ state->d_fd = -1;
113+ return 0;
114+ }
115+
116+ memset(sess, 0, sizeof(struct session_op));
117+
118+ if ((state->d_fd = get_dev_crypto()) < 0)
119+ return 0;
120+
121+ sess->key = (unsigned char *)key;
122+ sess->keylen = ctx->key_len;
123+ sess->cipher = cipher;
124+
125+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
126+ put_dev_crypto(state->d_fd);
127+ state->d_fd = -1;
128+ return 0;
129+ }
130+ return 1;
131+}
132+
133+static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
134+ const unsigned char *in, size_t len)
135+{
136+ struct crypt_auth_op cryp = { 0 };
137+ struct dev_crypto_state *state = ctx->cipher_data;
138+ struct session_op *sess = &state->d_sess;
139+ int rv = len;
140+
141+ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
142+ EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
143+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
144+ return 0;
145+
146+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
147+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
148+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
149+
150+ if (ctx->encrypt) {
151+ len -= EVP_GCM_TLS_TAG_LEN;
152+ }
153+ cryp.ses = sess->ses;
154+ cryp.len = len;
155+ cryp.src = (unsigned char *)in;
156+ cryp.dst = out;
157+ cryp.auth_src = state->aad;
158+ cryp.auth_len = state->aad_len;
159+ cryp.iv = ctx->iv;
160+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
161+
162+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
163+ return 0;
164+ }
165+
166+ if (ctx->encrypt)
167+ ctr64_inc(state->iv + state->ivlen - 8);
168+ else
169+ rv = len - EVP_GCM_TLS_TAG_LEN;
170+
171+ return rv;
172+}
173+
174+static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
175+ const unsigned char *in, size_t len)
176+{
177+ struct crypt_auth_op cryp;
178+ struct dev_crypto_state *state = ctx->cipher_data;
179+ struct session_op *sess = &state->d_sess;
180+
181+ if (state->d_fd < 0)
182+ return 0;
183+
184+ if ((len % ctx->cipher->block_size) != 0)
185+ return 0;
186+
187+ if (state->aad_len >= 0)
188+ return cryptodev_gcm_tls_cipher(ctx, out, in, len);
189+
190+ memset(&cryp, 0, sizeof(cryp));
191+
192+ cryp.ses = sess->ses;
193+ cryp.len = len;
194+ cryp.src = (unsigned char *)in;
195+ cryp.dst = out;
196+ cryp.auth_src = NULL;
197+ cryp.auth_len = 0;
198+ cryp.iv = ctx->iv;
199+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
200+
201+ if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) {
202+ return 0;
203+ }
204+
205+ return len;
206+}
207+
208+static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
209+ void *ptr)
210+{
211+ struct dev_crypto_state *state = ctx->cipher_data;
212+ switch (type) {
213+ case EVP_CTRL_INIT:
214+ {
215+ state->ivlen = ctx->cipher->iv_len;
216+ state->iv = ctx->iv;
217+ state->aad_len = -1;
218+ return 1;
219+ }
220+ case EVP_CTRL_GCM_SET_IV_FIXED:
221+ {
222+ /* Special case: -1 length restores whole IV */
223+ if (arg == -1) {
224+ memcpy(state->iv, ptr, state->ivlen);
225+ return 1;
226+ }
227+ /*
228+ * Fixed field must be at least 4 bytes and invocation field at
229+ * least 8.
230+ */
231+ if ((arg < 4) || (state->ivlen - arg) < 8)
232+ return 0;
233+ if (arg)
234+ memcpy(state->iv, ptr, arg);
235+ if (ctx->encrypt &&
236+ RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0)
237+ return 0;
238+ return 1;
239+ }
240+ case EVP_CTRL_AEAD_TLS1_AAD:
241+ {
242+ unsigned int len;
243+ if (arg != 13)
244+ return 0;
245+
246+ memcpy(ctx->buf, ptr, arg);
247+ len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1];
248+
249+ /* Correct length for explicit IV */
250+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
251+
252+ /* If decrypting correct for tag too */
253+ if (!ctx->encrypt)
254+ len -= EVP_GCM_TLS_TAG_LEN;
255+
256+ ctx->buf[arg - 2] = len >> 8;
257+ ctx->buf[arg - 1] = len & 0xff;
258+
259+ state->aad = ctx->buf;
260+ state->aad_len = arg;
261+ state->len = len;
262+
263+ /* Extra padding: tag appended to record */
264+ return EVP_GCM_TLS_TAG_LEN;
265+ }
266+ case EVP_CTRL_GCM_SET_IV_INV:
267+ {
268+ if (ctx->encrypt)
269+ return 0;
270+ memcpy(state->iv + state->ivlen - arg, ptr, arg);
271+ return 1;
272+ }
273+ case EVP_CTRL_GCM_IV_GEN:
274+ if (arg <= 0 || arg > state->ivlen)
275+ arg = state->ivlen;
276+ memcpy(ptr, state->iv + state->ivlen - arg, arg);
277+ return 1;
278+ default:
279+ return -1;
280+ }
281+}
282+
283 /*
284 * libcrypto EVP stuff - this is how we get wired to EVP so the engine
285 * gets called when libcrypto requests a cipher NID.
286@@ -948,6 +1163,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
287 NULL
288 };
289
290+const EVP_CIPHER cryptodev_aes_128_gcm = {
291+ NID_aes_128_gcm,
292+ 1, 16, 12,
293+ EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1
294+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
295+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
296+ cryptodev_init_gcm_key,
297+ cryptodev_gcm_cipher,
298+ cryptodev_cleanup,
299+ sizeof(struct dev_crypto_state),
300+ EVP_CIPHER_set_asn1_iv,
301+ EVP_CIPHER_get_asn1_iv,
302+ cryptodev_gcm_ctrl,
303+ NULL
304+};
305+
306 # ifdef CRYPTO_AES_CTR
307 const EVP_CIPHER cryptodev_aes_ctr = {
308 NID_aes_128_ctr,
309@@ -1042,6 +1273,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
310 case NID_aes_256_cbc_hmac_sha1:
311 *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
312 break;
313+ case NID_aes_128_gcm:
314+ *cipher = &cryptodev_aes_128_gcm;
315+ break;
316 default:
317 *cipher = NULL;
318 break;
319--
3202.7.3
321
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
deleted file mode 100644
index c1201f26..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch
+++ /dev/null
@@ -1,199 +0,0 @@
1From 6094ec91a5b8dde4bc3a7928b7cb6c81cac8a169 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Fri, 9 May 2014 17:54:06 +0300
4Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with
5 3des_cbc_hmac_sha1
6
7Both obj_mac.h and obj_dat.h were generated using the scripts
8from crypto/objects:
9
10$ cd crypto/objects
11$ perl objects.pl objects.txt obj_mac.num obj_mac.h
12$ perl obj_dat.pl obj_mac.h obj_dat.h
13
14Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
15Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
16---
17 crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++
18 crypto/objects/obj_dat.h | 10 +++++++---
19 crypto/objects/obj_mac.h | 4 ++++
20 crypto/objects/obj_mac.num | 1 +
21 crypto/objects/objects.txt | 1 +
22 ssl/ssl_ciph.c | 4 ++++
23 6 files changed, 43 insertions(+), 3 deletions(-)
24
25diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
26index 1754917..ae644b9 100644
27--- a/crypto/engine/eng_cryptodev.c
28+++ b/crypto/engine/eng_cryptodev.c
29@@ -133,6 +133,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
30 static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
31 void (*f) (void));
32 void ENGINE_load_cryptodev(void);
33+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
34 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
35 const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
36
37@@ -285,6 +286,9 @@ static struct {
38 CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0
39 },
40 {
41+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20
42+ },
43+ {
44 CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20
45 },
46 {
47@@ -520,6 +524,9 @@ static int cryptodev_usable_ciphers(const int **nids)
48 case NID_aes_256_cbc_hmac_sha1:
49 EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1);
50 break;
51+ case NID_des_ede3_cbc_hmac_sha1:
52+ EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
53+ break;
54 }
55 }
56 return count;
57@@ -624,6 +631,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
58 switch (ctx->cipher->nid) {
59 case NID_aes_128_cbc_hmac_sha1:
60 case NID_aes_256_cbc_hmac_sha1:
61+ case NID_des_ede3_cbc_hmac_sha1:
62 cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
63 }
64 cryp.ses = sess->ses;
65@@ -814,6 +822,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
66 switch (ctx->cipher->nid) {
67 case NID_aes_128_cbc_hmac_sha1:
68 case NID_aes_256_cbc_hmac_sha1:
69+ case NID_des_ede3_cbc_hmac_sha1:
70 maclen = SHA_DIGEST_LENGTH;
71 }
72
73@@ -1135,6 +1144,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = {
74 NULL
75 };
76
77+const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = {
78+ NID_des_ede3_cbc_hmac_sha1,
79+ 8, 24, 8,
80+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
81+ cryptodev_init_aead_key,
82+ cryptodev_aead_cipher,
83+ cryptodev_cleanup,
84+ sizeof(struct dev_crypto_state),
85+ EVP_CIPHER_set_asn1_iv,
86+ EVP_CIPHER_get_asn1_iv,
87+ cryptodev_cbc_hmac_sha1_ctrl,
88+ NULL
89+};
90+
91 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = {
92 NID_aes_128_cbc_hmac_sha1,
93 16, 16, 16,
94@@ -1256,6 +1279,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
95 case NID_aes_256_cbc:
96 *cipher = &cryptodev_aes_256_cbc;
97 break;
98+ case NID_des_ede3_cbc_hmac_sha1:
99+ *cipher = &cryptodev_3des_cbc_hmac_sha1;
100+ break;
101 # ifdef CRYPTO_AES_CTR
102 case NID_aes_128_ctr:
103 *cipher = &cryptodev_aes_ctr;
104diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
105index b7e3cf2..35d1abc 100644
106--- a/crypto/objects/obj_dat.h
107+++ b/crypto/objects/obj_dat.h
108@@ -62,9 +62,9 @@
109 * [including the GNU Public Licence.]
110 */
111
112-#define NUM_NID 958
113-#define NUM_SN 951
114-#define NUM_LN 951
115+#define NUM_NID 959
116+#define NUM_SN 952
117+#define NUM_LN 952
118 #define NUM_OBJ 890
119
120 static const unsigned char lvalues[6255]={
121@@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
122 NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
123 {"jurisdictionC","jurisdictionCountryName",
124 NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
125+{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
126+ NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
127 };
128
129 static const unsigned int sn_objs[NUM_SN]={
130@@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={
131 62, /* "DES-EDE-OFB" */
132 33, /* "DES-EDE3" */
133 44, /* "DES-EDE3-CBC" */
134+958, /* "DES-EDE3-CBC-HMAC-SHA1" */
135 61, /* "DES-EDE3-CFB" */
136 658, /* "DES-EDE3-CFB1" */
137 659, /* "DES-EDE3-CFB8" */
138@@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={
139 62, /* "des-ede-ofb" */
140 33, /* "des-ede3" */
141 44, /* "des-ede3-cbc" */
142+958, /* "des-ede3-cbc-hmac-sha1" */
143 61, /* "des-ede3-cfb" */
144 658, /* "des-ede3-cfb1" */
145 659, /* "des-ede3-cfb8" */
146diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
147index 779c309..cb318bc 100644
148--- a/crypto/objects/obj_mac.h
149+++ b/crypto/objects/obj_mac.h
150@@ -4047,6 +4047,10 @@
151 #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
152 #define NID_aes_256_cbc_hmac_sha256 950
153
154+#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1"
155+#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
156+#define NID_des_ede3_cbc_hmac_sha1 958
157+
158 #define SN_dhpublicnumber "dhpublicnumber"
159 #define LN_dhpublicnumber "X9.42 DH"
160 #define NID_dhpublicnumber 920
161diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
162index 8e5ea83..02d1bb8 100644
163--- a/crypto/objects/obj_mac.num
164+++ b/crypto/objects/obj_mac.num
165@@ -955,3 +955,4 @@ ct_cert_scts 954
166 jurisdictionLocalityName 955
167 jurisdictionStateOrProvinceName 956
168 jurisdictionCountryName 957
169+des_ede3_cbc_hmac_sha1 958
170diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
171index b57aabb..4e1ff18 100644
172--- a/crypto/objects/objects.txt
173+++ b/crypto/objects/objects.txt
174@@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb
175 : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256
176 : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
177 : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
178+ : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
179
180 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
181
182diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
183index 2ad8f43..fdf6be9 100644
184--- a/ssl/ssl_ciph.c
185+++ b/ssl/ssl_ciph.c
186@@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
187 c->algorithm_mac == SSL_SHA256 &&
188 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
189 *enc = evp, *md = NULL;
190+ else if (c->algorithm_enc == SSL_3DES &&
191+ c->algorithm_mac == SSL_SHA1 &&
192+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
193+ *enc = evp, *md = NULL;
194 return (1);
195 } else
196 return (0);
197--
1982.7.3
199
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
deleted file mode 100644
index d6b72b57..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch
+++ /dev/null
@@ -1,338 +0,0 @@
1From 4a229203e276283cb894b08b2607204a647d7594 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Fri, 22 Jan 2016 11:58:34 +0200
4Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload
5
6Supported cipher suites:
7- 3des-ede-cbc-sha
8- aes-128-cbc-hmac-sha
9- aes-256-cbc-hmac-sha
10
11Requires TLS patches on cryptodev and TLS algorithm support in Linux
12kernel driver.
13
14Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
15Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
16---
17 crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++-
18 crypto/objects/obj_dat.h | 18 ++++++--
19 crypto/objects/obj_mac.h | 12 ++++++
20 crypto/objects/obj_mac.num | 3 ++
21 crypto/objects/objects.txt | 3 ++
22 ssl/ssl_ciph.c | 28 ++++++++++---
23 6 files changed, 151 insertions(+), 9 deletions(-)
24
25diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
26index ae644b9..80b20e5 100644
27--- a/crypto/engine/eng_cryptodev.c
28+++ b/crypto/engine/eng_cryptodev.c
29@@ -67,6 +67,7 @@ void ENGINE_load_cryptodev(void)
30 # include <sys/ioctl.h>
31 # include <errno.h>
32 # include <stdio.h>
33+# include <stdbool.h>
34 # include <unistd.h>
35 # include <fcntl.h>
36 # include <stdarg.h>
37@@ -136,6 +137,9 @@ void ENGINE_load_cryptodev(void);
38 const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1;
39 const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1;
40 const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
41+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
42+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
43+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
44
45 inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
46 {
47@@ -295,6 +299,18 @@ static struct {
48 CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20
49 },
50 {
51+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8,
52+ 24, 20
53+ },
54+ {
55+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16,
56+ 20
57+ },
58+ {
59+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32,
60+ 20
61+ },
62+ {
63 CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
64 },
65 {
66@@ -527,6 +543,15 @@ static int cryptodev_usable_ciphers(const int **nids)
67 case NID_des_ede3_cbc_hmac_sha1:
68 EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1);
69 break;
70+ case NID_tls11_des_ede3_cbc_hmac_sha1:
71+ EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1);
72+ break;
73+ case NID_tls11_aes_128_cbc_hmac_sha1:
74+ EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1);
75+ break;
76+ case NID_tls11_aes_256_cbc_hmac_sha1:
77+ EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
78+ break;
79 }
80 }
81 return count;
82@@ -632,6 +657,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
83 case NID_aes_128_cbc_hmac_sha1:
84 case NID_aes_256_cbc_hmac_sha1:
85 case NID_des_ede3_cbc_hmac_sha1:
86+ case NID_tls11_des_ede3_cbc_hmac_sha1:
87+ case NID_tls11_aes_128_cbc_hmac_sha1:
88+ case NID_tls11_aes_256_cbc_hmac_sha1:
89 cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
90 }
91 cryp.ses = sess->ses;
92@@ -811,8 +839,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
93 struct dev_crypto_state *state = ctx->cipher_data;
94 unsigned char *p = ptr;
95 unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1];
96- unsigned int maclen, padlen;
97+ unsigned int maclen, padlen, len;
98 unsigned int bs = ctx->cipher->block_size;
99+ bool aad_needs_fix = false;
100
101 state->aad = ptr;
102 state->aad_len = arg;
103@@ -824,6 +853,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
104 case NID_aes_256_cbc_hmac_sha1:
105 case NID_des_ede3_cbc_hmac_sha1:
106 maclen = SHA_DIGEST_LENGTH;
107+ break;
108+ case NID_tls11_des_ede3_cbc_hmac_sha1:
109+ case NID_tls11_aes_128_cbc_hmac_sha1:
110+ case NID_tls11_aes_256_cbc_hmac_sha1:
111+ maclen = SHA_DIGEST_LENGTH;
112+ aad_needs_fix = true;
113+ break;
114+ }
115+
116+ /* Correct length for AAD Length field */
117+ if (ctx->encrypt && aad_needs_fix) {
118+ len = cryptlen - bs;
119+ p[arg - 2] = len >> 8;
120+ p[arg - 1] = len & 0xff;
121 }
122
123 /* space required for encryption (not only TLS padding) */
124@@ -1186,6 +1229,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = {
125 NULL
126 };
127
128+const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = {
129+ NID_tls11_des_ede3_cbc_hmac_sha1,
130+ 8, 24, 8,
131+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
132+ cryptodev_init_aead_key,
133+ cryptodev_aead_cipher,
134+ cryptodev_cleanup,
135+ sizeof(struct dev_crypto_state),
136+ EVP_CIPHER_set_asn1_iv,
137+ EVP_CIPHER_get_asn1_iv,
138+ cryptodev_cbc_hmac_sha1_ctrl,
139+ NULL
140+};
141+
142+const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = {
143+ NID_tls11_aes_128_cbc_hmac_sha1,
144+ 16, 16, 16,
145+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
146+ cryptodev_init_aead_key,
147+ cryptodev_aead_cipher,
148+ cryptodev_cleanup,
149+ sizeof(struct dev_crypto_state),
150+ EVP_CIPHER_set_asn1_iv,
151+ EVP_CIPHER_get_asn1_iv,
152+ cryptodev_cbc_hmac_sha1_ctrl,
153+ NULL
154+};
155+
156+const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
157+ NID_tls11_aes_256_cbc_hmac_sha1,
158+ 16, 32, 16,
159+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
160+ cryptodev_init_aead_key,
161+ cryptodev_aead_cipher,
162+ cryptodev_cleanup,
163+ sizeof(struct dev_crypto_state),
164+ EVP_CIPHER_set_asn1_iv,
165+ EVP_CIPHER_get_asn1_iv,
166+ cryptodev_cbc_hmac_sha1_ctrl,
167+ NULL
168+};
169+
170 const EVP_CIPHER cryptodev_aes_128_gcm = {
171 NID_aes_128_gcm,
172 1, 16, 12,
173@@ -1299,6 +1384,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
174 case NID_aes_256_cbc_hmac_sha1:
175 *cipher = &cryptodev_aes_256_cbc_hmac_sha1;
176 break;
177+ case NID_tls11_des_ede3_cbc_hmac_sha1:
178+ *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1;
179+ break;
180+ case NID_tls11_aes_128_cbc_hmac_sha1:
181+ *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1;
182+ break;
183+ case NID_tls11_aes_256_cbc_hmac_sha1:
184+ *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1;
185+ break;
186 case NID_aes_128_gcm:
187 *cipher = &cryptodev_aes_128_gcm;
188 break;
189diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
190index 35d1abc..4dd32a1 100644
191--- a/crypto/objects/obj_dat.h
192+++ b/crypto/objects/obj_dat.h
193@@ -62,9 +62,9 @@
194 * [including the GNU Public Licence.]
195 */
196
197-#define NUM_NID 959
198-#define NUM_SN 952
199-#define NUM_LN 952
200+#define NUM_NID 962
201+#define NUM_SN 955
202+#define NUM_LN 955
203 #define NUM_OBJ 890
204
205 static const unsigned char lvalues[6255]={
206@@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
207 NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
208 {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1",
209 NID_des_ede3_cbc_hmac_sha1,0,NULL,0},
210+{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1",
211+ NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0},
212+{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1",
213+ NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
214+{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
215+ NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
216 };
217
218 static const unsigned int sn_objs[NUM_SN]={
219@@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={
220 100, /* "SN" */
221 16, /* "ST" */
222 143, /* "SXNetID" */
223+960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
224+961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
225+959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
226 458, /* "UID" */
227 0, /* "UNDEF" */
228 11, /* "X500" */
229@@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={
230 459, /* "textEncodedORAddress" */
231 293, /* "textNotice" */
232 106, /* "title" */
233+960, /* "tls11-aes-128-cbc-hmac-sha1" */
234+961, /* "tls11-aes-256-cbc-hmac-sha1" */
235+959, /* "tls11-des-ede3-cbc-hmac-sha1" */
236 682, /* "tpBasis" */
237 436, /* "ucl" */
238 0, /* "undefined" */
239diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
240index cb318bc..5930563 100644
241--- a/crypto/objects/obj_mac.h
242+++ b/crypto/objects/obj_mac.h
243@@ -4051,6 +4051,18 @@
244 #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1"
245 #define NID_des_ede3_cbc_hmac_sha1 958
246
247+#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1"
248+#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1"
249+#define NID_tls11_des_ede3_cbc_hmac_sha1 959
250+
251+#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1"
252+#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1"
253+#define NID_tls11_aes_128_cbc_hmac_sha1 960
254+
255+#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1"
256+#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
257+#define NID_tls11_aes_256_cbc_hmac_sha1 961
258+
259 #define SN_dhpublicnumber "dhpublicnumber"
260 #define LN_dhpublicnumber "X9.42 DH"
261 #define NID_dhpublicnumber 920
262diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
263index 02d1bb8..02f1728 100644
264--- a/crypto/objects/obj_mac.num
265+++ b/crypto/objects/obj_mac.num
266@@ -956,3 +956,6 @@ jurisdictionLocalityName 955
267 jurisdictionStateOrProvinceName 956
268 jurisdictionCountryName 957
269 des_ede3_cbc_hmac_sha1 958
270+tls11_des_ede3_cbc_hmac_sha1 959
271+tls11_aes_128_cbc_hmac_sha1 960
272+tls11_aes_256_cbc_hmac_sha1 961
273diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
274index 4e1ff18..cda81da 100644
275--- a/crypto/objects/objects.txt
276+++ b/crypto/objects/objects.txt
277@@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb
278 : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
279 : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
280 : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1
281+ : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
282+ : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
283+ : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
284
285 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
286
287diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
288index fdf6be9..b4af7dc 100644
289--- a/ssl/ssl_ciph.c
290+++ b/ssl/ssl_ciph.c
291@@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
292 c->algorithm_mac == SSL_MD5 &&
293 (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
294 *enc = evp, *md = NULL;
295- else if (c->algorithm_enc == SSL_AES128 &&
296+ else if (s->ssl_version == TLS1_VERSION &&
297+ c->algorithm_enc == SSL_AES128 &&
298 c->algorithm_mac == SSL_SHA1 &&
299 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
300 *enc = evp, *md = NULL;
301- else if (c->algorithm_enc == SSL_AES256 &&
302+ else if (s->ssl_version == TLS1_VERSION &&
303+ c->algorithm_enc == SSL_AES256 &&
304 c->algorithm_mac == SSL_SHA1 &&
305 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
306 *enc = evp, *md = NULL;
307@@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
308 c->algorithm_mac == SSL_SHA256 &&
309 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
310 *enc = evp, *md = NULL;
311- else if (c->algorithm_enc == SSL_3DES &&
312- c->algorithm_mac == SSL_SHA1 &&
313- (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
314+ else if (s->ssl_version == TLS1_VERSION &&
315+ c->algorithm_enc == SSL_3DES &&
316+ c->algorithm_mac == SSL_SHA1 &&
317+ (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1")))
318+ *enc = evp, *md = NULL;
319+ else if (s->ssl_version == TLS1_1_VERSION &&
320+ c->algorithm_enc == SSL_3DES &&
321+ c->algorithm_mac == SSL_SHA1 &&
322+ (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1")))
323+ *enc = evp, *md = NULL;
324+ else if (s->ssl_version == TLS1_1_VERSION &&
325+ c->algorithm_enc == SSL_AES128 &&
326+ c->algorithm_mac == SSL_SHA1 &&
327+ (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1")))
328+ *enc = evp, *md = NULL;
329+ else if (s->ssl_version == TLS1_1_VERSION &&
330+ c->algorithm_enc == SSL_AES256 &&
331+ c->algorithm_mac == SSL_SHA1 &&
332+ (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
333 *enc = evp, *md = NULL;
334 return (1);
335 } else
336--
3372.7.3
338
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
deleted file mode 100644
index 30348941..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch
+++ /dev/null
@@ -1,377 +0,0 @@
1From 0103fb8e6fc412462968224ec9315609c54eccc1 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 31 Mar 2015 16:32:35 +0300
4Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload
5
6Supported cipher suites:
7- 3des-ede-cbc-sha
8- aes-128-cbc-hmac-sha
9- aes-256-cbc-hmac-sha
10- aes-128-cbc-hmac-sha256
11- aes-256-cbc-hmac-sha256
12
13Requires TLS patches on cryptodev and TLS algorithm support in Linux
14kernel driver.
15
16Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
17Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
18---
19 crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++
20 crypto/objects/obj_dat.h | 26 +++++++-
21 crypto/objects/obj_mac.h | 20 ++++++
22 crypto/objects/obj_mac.num | 5 ++
23 crypto/objects/objects.txt | 5 ++
24 ssl/ssl_ciph.c | 25 ++++++++
25 6 files changed, 216 insertions(+), 3 deletions(-)
26
27diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
28index 80b20e5..455868e 100644
29--- a/crypto/engine/eng_cryptodev.c
30+++ b/crypto/engine/eng_cryptodev.c
31@@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1;
32 const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1;
33 const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1;
34 const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1;
35+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1;
36+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1;
37+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
38+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
39+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
40
41 inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
42 {
43@@ -311,6 +316,26 @@ static struct {
44 20
45 },
46 {
47+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8,
48+ 24, 20
49+ },
50+ {
51+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16,
52+ 20
53+ },
54+ {
55+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32,
56+ 20
57+ },
58+ {
59+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16,
60+ 16, 32
61+ },
62+ {
63+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16,
64+ 32, 32
65+ },
66+ {
67 CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0
68 },
69 {
70@@ -552,6 +577,21 @@ static int cryptodev_usable_ciphers(const int **nids)
71 case NID_tls11_aes_256_cbc_hmac_sha1:
72 EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1);
73 break;
74+ case NID_tls12_des_ede3_cbc_hmac_sha1:
75+ EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1);
76+ break;
77+ case NID_tls12_aes_128_cbc_hmac_sha1:
78+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1);
79+ break;
80+ case NID_tls12_aes_256_cbc_hmac_sha1:
81+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1);
82+ break;
83+ case NID_tls12_aes_128_cbc_hmac_sha256:
84+ EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256);
85+ break;
86+ case NID_tls12_aes_256_cbc_hmac_sha256:
87+ EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256);
88+ break;
89 }
90 }
91 return count;
92@@ -660,6 +700,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
93 case NID_tls11_des_ede3_cbc_hmac_sha1:
94 case NID_tls11_aes_128_cbc_hmac_sha1:
95 case NID_tls11_aes_256_cbc_hmac_sha1:
96+ case NID_tls12_des_ede3_cbc_hmac_sha1:
97+ case NID_tls12_aes_128_cbc_hmac_sha1:
98+ case NID_tls12_aes_256_cbc_hmac_sha1:
99+ case NID_tls12_aes_128_cbc_hmac_sha256:
100+ case NID_tls12_aes_256_cbc_hmac_sha256:
101 cryp.flags = COP_FLAG_AEAD_TLS_TYPE;
102 }
103 cryp.ses = sess->ses;
104@@ -857,9 +902,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
105 case NID_tls11_des_ede3_cbc_hmac_sha1:
106 case NID_tls11_aes_128_cbc_hmac_sha1:
107 case NID_tls11_aes_256_cbc_hmac_sha1:
108+ case NID_tls12_des_ede3_cbc_hmac_sha1:
109+ case NID_tls12_aes_128_cbc_hmac_sha1:
110+ case NID_tls12_aes_256_cbc_hmac_sha1:
111 maclen = SHA_DIGEST_LENGTH;
112 aad_needs_fix = true;
113 break;
114+ case NID_tls12_aes_128_cbc_hmac_sha256:
115+ case NID_tls12_aes_256_cbc_hmac_sha256:
116+ maclen = SHA256_DIGEST_LENGTH;
117+ aad_needs_fix = true;
118+ break;
119 }
120
121 /* Correct length for AAD Length field */
122@@ -1271,6 +1324,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = {
123 NULL
124 };
125
126+const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = {
127+ NID_tls12_des_ede3_cbc_hmac_sha1,
128+ 8, 24, 8,
129+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
130+ cryptodev_init_aead_key,
131+ cryptodev_aead_cipher,
132+ cryptodev_cleanup,
133+ sizeof(struct dev_crypto_state),
134+ EVP_CIPHER_set_asn1_iv,
135+ EVP_CIPHER_get_asn1_iv,
136+ cryptodev_cbc_hmac_sha1_ctrl,
137+ NULL
138+};
139+
140+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = {
141+ NID_tls12_aes_128_cbc_hmac_sha1,
142+ 16, 16, 16,
143+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
144+ cryptodev_init_aead_key,
145+ cryptodev_aead_cipher,
146+ cryptodev_cleanup,
147+ sizeof(struct dev_crypto_state),
148+ EVP_CIPHER_set_asn1_iv,
149+ EVP_CIPHER_get_asn1_iv,
150+ cryptodev_cbc_hmac_sha1_ctrl,
151+ NULL
152+};
153+
154+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = {
155+ NID_tls12_aes_256_cbc_hmac_sha1,
156+ 16, 32, 16,
157+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
158+ cryptodev_init_aead_key,
159+ cryptodev_aead_cipher,
160+ cryptodev_cleanup,
161+ sizeof(struct dev_crypto_state),
162+ EVP_CIPHER_set_asn1_iv,
163+ EVP_CIPHER_get_asn1_iv,
164+ cryptodev_cbc_hmac_sha1_ctrl,
165+ NULL
166+};
167+
168+const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = {
169+ NID_tls12_aes_128_cbc_hmac_sha256,
170+ 16, 16, 16,
171+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
172+ cryptodev_init_aead_key,
173+ cryptodev_aead_cipher,
174+ cryptodev_cleanup,
175+ sizeof(struct dev_crypto_state),
176+ EVP_CIPHER_set_asn1_iv,
177+ EVP_CIPHER_get_asn1_iv,
178+ cryptodev_cbc_hmac_sha1_ctrl,
179+ NULL
180+};
181+
182+const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = {
183+ NID_tls12_aes_256_cbc_hmac_sha256,
184+ 16, 32, 16,
185+ EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER,
186+ cryptodev_init_aead_key,
187+ cryptodev_aead_cipher,
188+ cryptodev_cleanup,
189+ sizeof(struct dev_crypto_state),
190+ EVP_CIPHER_set_asn1_iv,
191+ EVP_CIPHER_get_asn1_iv,
192+ cryptodev_cbc_hmac_sha1_ctrl,
193+ NULL
194+};
195+
196 const EVP_CIPHER cryptodev_aes_128_gcm = {
197 NID_aes_128_gcm,
198 1, 16, 12,
199@@ -1396,6 +1519,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
200 case NID_aes_128_gcm:
201 *cipher = &cryptodev_aes_128_gcm;
202 break;
203+ case NID_tls12_des_ede3_cbc_hmac_sha1:
204+ *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1;
205+ break;
206+ case NID_tls12_aes_128_cbc_hmac_sha1:
207+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1;
208+ break;
209+ case NID_tls12_aes_256_cbc_hmac_sha1:
210+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1;
211+ break;
212+ case NID_tls12_aes_128_cbc_hmac_sha256:
213+ *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256;
214+ break;
215+ case NID_tls12_aes_256_cbc_hmac_sha256:
216+ *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256;
217+ break;
218 default:
219 *cipher = NULL;
220 break;
221diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
222index 4dd32a1..e3a2505 100644
223--- a/crypto/objects/obj_dat.h
224+++ b/crypto/objects/obj_dat.h
225@@ -62,9 +62,9 @@
226 * [including the GNU Public Licence.]
227 */
228
229-#define NUM_NID 962
230-#define NUM_SN 955
231-#define NUM_LN 955
232+#define NUM_NID 967
233+#define NUM_SN 960
234+#define NUM_LN 960
235 #define NUM_OBJ 890
236
237 static const unsigned char lvalues[6255]={
238@@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
239 NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0},
240 {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1",
241 NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0},
242+{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1",
243+ NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0},
244+{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1",
245+ NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0},
246+{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1",
247+ NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0},
248+{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256",
249+ NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0},
250+{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256",
251+ NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0},
252 };
253
254 static const unsigned int sn_objs[NUM_SN]={
255@@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={
256 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */
257 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */
258 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */
259+963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */
260+965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */
261+964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */
262+966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */
263+962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */
264 458, /* "UID" */
265 0, /* "UNDEF" */
266 11, /* "X500" */
267@@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={
268 960, /* "tls11-aes-128-cbc-hmac-sha1" */
269 961, /* "tls11-aes-256-cbc-hmac-sha1" */
270 959, /* "tls11-des-ede3-cbc-hmac-sha1" */
271+963, /* "tls12-aes-128-cbc-hmac-sha1" */
272+965, /* "tls12-aes-128-cbc-hmac-sha256" */
273+964, /* "tls12-aes-256-cbc-hmac-sha1" */
274+966, /* "tls12-aes-256-cbc-hmac-sha256" */
275+962, /* "tls12-des-ede3-cbc-hmac-sha1" */
276 682, /* "tpBasis" */
277 436, /* "ucl" */
278 0, /* "undefined" */
279diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
280index 5930563..f4a81cb 100644
281--- a/crypto/objects/obj_mac.h
282+++ b/crypto/objects/obj_mac.h
283@@ -4063,6 +4063,26 @@
284 #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1"
285 #define NID_tls11_aes_256_cbc_hmac_sha1 961
286
287+#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1"
288+#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1"
289+#define NID_tls12_des_ede3_cbc_hmac_sha1 962
290+
291+#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1"
292+#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1"
293+#define NID_tls12_aes_128_cbc_hmac_sha1 963
294+
295+#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1"
296+#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1"
297+#define NID_tls12_aes_256_cbc_hmac_sha1 964
298+
299+#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256"
300+#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256"
301+#define NID_tls12_aes_128_cbc_hmac_sha256 965
302+
303+#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256"
304+#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256"
305+#define NID_tls12_aes_256_cbc_hmac_sha256 966
306+
307 #define SN_dhpublicnumber "dhpublicnumber"
308 #define LN_dhpublicnumber "X9.42 DH"
309 #define NID_dhpublicnumber 920
310diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
311index 02f1728..401be03 100644
312--- a/crypto/objects/obj_mac.num
313+++ b/crypto/objects/obj_mac.num
314@@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958
315 tls11_des_ede3_cbc_hmac_sha1 959
316 tls11_aes_128_cbc_hmac_sha1 960
317 tls11_aes_256_cbc_hmac_sha1 961
318+tls12_des_ede3_cbc_hmac_sha1 962
319+tls12_aes_128_cbc_hmac_sha1 963
320+tls12_aes_256_cbc_hmac_sha1 964
321+tls12_aes_128_cbc_hmac_sha256 965
322+tls12_aes_256_cbc_hmac_sha256 966
323diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
324index cda81da..68a8da8 100644
325--- a/crypto/objects/objects.txt
326+++ b/crypto/objects/objects.txt
327@@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb
328 : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1
329 : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1
330 : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1
331+ : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1
332+ : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1
333+ : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1
334+ : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256
335+ : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256
336
337 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
338
339diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
340index b4af7dc..359cb5d 100644
341--- a/ssl/ssl_ciph.c
342+++ b/ssl/ssl_ciph.c
343@@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
344 c->algorithm_mac == SSL_SHA1 &&
345 (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1")))
346 *enc = evp, *md = NULL;
347+ else if (s->ssl_version == TLS1_2_VERSION &&
348+ c->algorithm_enc == SSL_3DES &&
349+ c->algorithm_mac == SSL_SHA1 &&
350+ (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1")))
351+ *enc = evp, *md = NULL;
352+ else if (s->ssl_version == TLS1_2_VERSION &&
353+ c->algorithm_enc == SSL_AES128 &&
354+ c->algorithm_mac == SSL_SHA1 &&
355+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1")))
356+ *enc = evp, *md = NULL;
357+ else if (s->ssl_version == TLS1_2_VERSION &&
358+ c->algorithm_enc == SSL_AES256 &&
359+ c->algorithm_mac == SSL_SHA1 &&
360+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1")))
361+ *enc = evp, *md = NULL;
362+ else if (s->ssl_version == TLS1_2_VERSION &&
363+ c->algorithm_enc == SSL_AES128 &&
364+ c->algorithm_mac == SSL_SHA256 &&
365+ (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256")))
366+ *enc = evp, *md = NULL;
367+ else if (s->ssl_version == TLS1_2_VERSION &&
368+ c->algorithm_enc == SSL_AES256 &&
369+ c->algorithm_mac == SSL_SHA256 &&
370+ (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256")))
371+ *enc = evp, *md = NULL;
372 return (1);
373 } else
374 return (0);
375--
3762.7.3
377
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
deleted file mode 100644
index cf6cce26..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch
+++ /dev/null
@@ -1,72 +0,0 @@
1From dddb8bc7eea34dfc73c1f5c8863d19894d9a18ac Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 16:11:53 +0200
4Subject: [PATCH 18/48] cryptodev: drop redundant function
5
6get_dev_crypto already caches the result. Another cache in-between is
7useless.
8
9Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 crypto/engine/eng_cryptodev.c | 17 +++--------------
12 1 file changed, 3 insertions(+), 14 deletions(-)
13
14diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
15index 455868e..d229f61 100644
16--- a/crypto/engine/eng_cryptodev.c
17+++ b/crypto/engine/eng_cryptodev.c
18@@ -94,7 +94,6 @@ struct dev_crypto_state {
19
20 static u_int32_t cryptodev_asymfeat = 0;
21
22-static int get_asym_dev_crypto(void);
23 static int open_dev_crypto(void);
24 static int get_dev_crypto(void);
25 static int get_cryptodev_ciphers(const int **cnids);
26@@ -441,16 +440,6 @@ static void put_dev_crypto(int fd)
27 # endif
28 }
29
30-/* Caching version for asym operations */
31-static int get_asym_dev_crypto(void)
32-{
33- static int fd = -1;
34-
35- if (fd == -1)
36- fd = get_dev_crypto();
37- return fd;
38-}
39-
40 /*
41 * Find out what ciphers /dev/crypto will let us have a session for.
42 * XXX note, that some of these openssl doesn't deal with yet!
43@@ -1923,7 +1912,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
44 {
45 int fd, ret = -1;
46
47- if ((fd = get_asym_dev_crypto()) < 0)
48+ if ((fd = get_dev_crypto()) < 0)
49 return ret;
50
51 if (r) {
52@@ -2522,7 +2511,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
53 int p_len, q_len;
54 int i;
55
56- if ((fd = get_asym_dev_crypto()) < 0)
57+ if ((fd = get_dev_crypto()) < 0)
58 goto sw_try;
59
60 if (!rsa->n && ((rsa->n = BN_new()) == NULL))
61@@ -4111,7 +4100,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
62 BIGNUM *temp = NULL;
63 unsigned char *padded_pub_key = NULL, *p = NULL;
64
65- if ((fd = get_asym_dev_crypto()) < 0)
66+ if ((fd = get_dev_crypto()) < 0)
67 goto sw_try;
68
69 memset(&kop, 0, sizeof kop);
70--
712.7.3
72
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
deleted file mode 100644
index d423dd10..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From 413ef57790244fc521d40ade62358abaf0a55d10 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 17 Feb 2015 13:12:53 +0200
4Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use
5
6- The buffer is just about to be overwritten. Zeroing it before that has
7 no purpose
8
9Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11Reviewed-on: http://git.am.freescale.net:8181/34217
12---
13 crypto/engine/eng_cryptodev.c | 14 ++++----------
14 1 file changed, 4 insertions(+), 10 deletions(-)
15
16diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
17index d229f61..4d370ad 100644
18--- a/crypto/engine/eng_cryptodev.c
19+++ b/crypto/engine/eng_cryptodev.c
20@@ -1806,21 +1806,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
21 static int bn2crparam(const BIGNUM *a, struct crparam *crp)
22 {
23 ssize_t bytes, bits;
24- u_char *b;
25-
26- crp->crp_p = NULL;
27- crp->crp_nbits = 0;
28
29 bits = BN_num_bits(a);
30 bytes = (bits + 7) / 8;
31
32- b = malloc(bytes);
33- if (b == NULL)
34- return (1);
35- memset(b, 0, bytes);
36-
37- crp->crp_p = (caddr_t) b;
38 crp->crp_nbits = bits;
39+ crp->crp_p = malloc(bytes);
40+
41+ if (crp->crp_p == NULL)
42+ return (1);
43
44 BN_bn2bin(a, crp->crp_p);
45 return (0);
46--
472.7.3
48
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
deleted file mode 100644
index d82dc5c3..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch
+++ /dev/null
@@ -1,73 +0,0 @@
1From ac3dfaf10125f08454d51e8fc4b3a77d33fd96d0 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Wed, 18 Feb 2015 10:39:46 +0200
4Subject: [PATCH 20/48] cryptodev: clean-up code layout
5
6This is just a refactoring that uses else branch to check for malloc failures
7
8Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
9---
10 crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++-----------------------
11 1 file changed, 21 insertions(+), 24 deletions(-)
12
13diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
14index 4d370ad..487a2c9 100644
15--- a/crypto/engine/eng_cryptodev.c
16+++ b/crypto/engine/eng_cryptodev.c
17@@ -1869,32 +1869,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
18 fd = *(int *)cookie->eng_handle;
19
20 eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
21-
22- if (eng_cookie) {
23- memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
24- if (r) {
25- kop->crk_param[kop->crk_iparams].crp_p =
26- calloc(rlen, sizeof(char));
27- if (!kop->crk_param[kop->crk_iparams].crp_p)
28- return -ENOMEM;
29- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
30- kop->crk_oparams++;
31- eng_cookie->r = r;
32- eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
33- }
34- if (s) {
35- kop->crk_param[kop->crk_iparams + 1].crp_p =
36- calloc(slen, sizeof(char));
37- if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
38- return -ENOMEM;
39- kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
40- kop->crk_oparams++;
41- eng_cookie->s = s;
42- eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
43- }
44- } else
45+ if (!eng_cookie)
46 return -ENOMEM;
47
48+ memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s));
49+ if (r) {
50+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
51+ if (!kop->crk_param[kop->crk_iparams].crp_p)
52+ return -ENOMEM;
53+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
54+ kop->crk_oparams++;
55+ eng_cookie->r = r;
56+ eng_cookie->r_param = kop->crk_param[kop->crk_iparams];
57+ }
58+ if (s) {
59+ kop->crk_param[kop->crk_iparams + 1].crp_p =
60+ calloc(slen, sizeof(char));
61+ if (!kop->crk_param[kop->crk_iparams + 1].crp_p)
62+ return -ENOMEM;
63+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
64+ kop->crk_oparams++;
65+ eng_cookie->s = s;
66+ eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1];
67+ }
68 eng_cookie->kop = kop;
69 cookie->eng_cookie = eng_cookie;
70 return ioctl(fd, CIOCASYMASYNCRYPT, kop);
71--
722.7.3
73
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
deleted file mode 100644
index fa825bb5..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch
+++ /dev/null
@@ -1,93 +0,0 @@
1From b96074f4e44b2147d4d771dd086463c9cb7d42a3 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 16:43:29 +0200
4Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open'
5
6The file descriptor returned by get_dev_crypto is cached after a
7successful return. The issue is, it is cached inside 'open_dev_crypto'
8which is no longer useful as a general purpose open("/dev/crypto")
9function.
10
11This patch is a refactoring that moves the caching operation from
12open_dev_crypto to get_dev_crypto and leaves the former as a simpler
13function true to its name
14
15Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
16---
17 crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++----------------------
18 1 file changed, 21 insertions(+), 22 deletions(-)
19
20diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
21index 487a2c9..d7188a6 100644
22--- a/crypto/engine/eng_cryptodev.c
23+++ b/crypto/engine/eng_cryptodev.c
24@@ -392,45 +392,44 @@ static void ctr64_inc(unsigned char *counter)
25 } while (n);
26 }
27
28-/*
29- * Return a fd if /dev/crypto seems usable, 0 otherwise.
30- */
31 static int open_dev_crypto(void)
32 {
33- static int fd = -1;
34+ int fd;
35
36- if (fd == -1) {
37- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
38- return (-1);
39- /* close on exec */
40- if (fcntl(fd, F_SETFD, 1) == -1) {
41- close(fd);
42- fd = -1;
43- return (-1);
44- }
45+ fd = open("/dev/crypto", O_RDWR, 0);
46+ if (fd < 0)
47+ return -1;
48+
49+ /* close on exec */
50+ if (fcntl(fd, F_SETFD, 1) == -1) {
51+ close(fd);
52+ return -1;
53 }
54- return (fd);
55+
56+ return fd;
57 }
58
59 static int get_dev_crypto(void)
60 {
61- int fd, retfd;
62+ static int fd = -1;
63+ int retfd;
64
65- if ((fd = open_dev_crypto()) == -1)
66- return (-1);
67-# ifndef CRIOGET_NOT_NEEDED
68+ if (fd == -1)
69+ fd = open_dev_crypto();
70+# ifdef CRIOGET_NOT_NEEDED
71+ return fd;
72+# else
73+ if (fd == -1)
74+ return -1;
75 if (ioctl(fd, CRIOGET, &retfd) == -1)
76 return (-1);
77-
78 /* close on exec */
79 if (fcntl(retfd, F_SETFD, 1) == -1) {
80 close(retfd);
81 return (-1);
82 }
83-# else
84- retfd = fd;
85+ return retfd;
86 # endif
87- return (retfd);
88 }
89
90 static void put_dev_crypto(int fd)
91--
922.7.3
93
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
deleted file mode 100644
index eddb1f24..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch
+++ /dev/null
@@ -1,35 +0,0 @@
1From 43710e60fd8bae1ebc4d1eef6d86cb4e82653ac4 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 13:09:32 +0200
4Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int
5
6Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043
7Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
8Reviewed-on: http://git.am.freescale.net:8181/34220
9---
10 crypto/engine/eng_cryptodev.c | 8 +++++---
11 1 file changed, 5 insertions(+), 3 deletions(-)
12
13diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
14index d7188a6..7b3dbd1 100644
15--- a/crypto/engine/eng_cryptodev.c
16+++ b/crypto/engine/eng_cryptodev.c
17@@ -432,10 +432,12 @@ static int get_dev_crypto(void)
18 # endif
19 }
20
21-static void put_dev_crypto(int fd)
22+static int put_dev_crypto(int fd)
23 {
24-# ifndef CRIOGET_NOT_NEEDED
25- close(fd);
26+#ifdef CRIOGET_NOT_NEEDED
27+ return 0;
28+#else
29+ return close(fd);
30 # endif
31 }
32
33--
342.7.3
35
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
deleted file mode 100644
index 4f589af7..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch
+++ /dev/null
@@ -1,260 +0,0 @@
1From b706132a33555162e6dbf26d9fde4bcb1136d553 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 19 Feb 2015 13:39:52 +0200
4Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code
5
6- Engine init returns directly a file descriptor instead of a pointer to one
7- Similarly, the Engine close will now just close the file
8
9Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 crypto/crypto.h | 2 +-
12 crypto/engine/eng_cryptodev.c | 43 +++++++----------------------------
13 crypto/engine/eng_int.h | 14 +++---------
14 crypto/engine/eng_lib.c | 53 +++++++++++++++++++++----------------------
15 crypto/engine/engine.h | 13 +++++------
16 5 files changed, 44 insertions(+), 81 deletions(-)
17
18diff --git a/crypto/crypto.h b/crypto/crypto.h
19index 2b4ec59..ddb9b69 100644
20--- a/crypto/crypto.h
21+++ b/crypto/crypto.h
22@@ -668,7 +668,7 @@ struct pkc_cookie_s {
23 * -EINVAL: Parameters Invalid
24 */
25 void (*pkc_callback)(struct pkc_cookie_s *cookie, int status);
26- void *eng_handle;
27+ int eng_handle;
28 };
29
30 #ifdef __cplusplus
31diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
32index 7b3dbd1..34c8d18 100644
33--- a/crypto/engine/eng_cryptodev.c
34+++ b/crypto/engine/eng_cryptodev.c
35@@ -434,10 +434,10 @@ static int get_dev_crypto(void)
36
37 static int put_dev_crypto(int fd)
38 {
39-#ifdef CRIOGET_NOT_NEEDED
40- return 0;
41-#else
42- return close(fd);
43+# ifdef CRIOGET_NOT_NEEDED
44+ return 0;
45+# else
46+ return close(fd);
47 # endif
48 }
49
50@@ -1867,7 +1867,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
51 struct pkc_cookie_s *cookie = kop->cookie;
52 struct cryptodev_cookie_s *eng_cookie;
53
54- fd = *(int *)cookie->eng_handle;
55+ fd = cookie->eng_handle;
56
57 eng_cookie = malloc(sizeof(struct cryptodev_cookie_s));
58 if (!eng_cookie)
59@@ -1939,38 +1939,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
60 return ret;
61 }
62
63-/* Close an opened instance of cryptodev engine */
64-void cryptodev_close_instance(void *handle)
65-{
66- int fd;
67-
68- if (handle) {
69- fd = *(int *)handle;
70- close(fd);
71- free(handle);
72- }
73-}
74-
75-/* Create an instance of cryptodev for asynchronous interface */
76-void *cryptodev_init_instance(void)
77-{
78- int *fd = malloc(sizeof(int));
79-
80- if (fd) {
81- if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) {
82- free(fd);
83- return NULL;
84- }
85- }
86- return fd;
87-}
88-
89 # include <poll.h>
90
91 /* Return 0 on success and 1 on failure */
92-int cryptodev_check_availability(void *eng_handle)
93+int cryptodev_check_availability(int fd)
94 {
95- int fd = *(int *)eng_handle;
96 struct pkc_cookie_list_s cookie_list;
97 struct pkc_cookie_s *cookie;
98 int i;
99@@ -4719,8 +4692,8 @@ void ENGINE_load_cryptodev(void)
100 }
101
102 ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability);
103- ENGINE_set_close_instance(engine, cryptodev_close_instance);
104- ENGINE_set_init_instance(engine, cryptodev_init_instance);
105+ ENGINE_set_close_instance(engine, put_dev_crypto);
106+ ENGINE_set_open_instance(engine, open_dev_crypto);
107 ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC);
108
109 ENGINE_add(engine);
110diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
111index b698a0c..7541beb 100644
112--- a/crypto/engine/eng_int.h
113+++ b/crypto/engine/eng_int.h
114@@ -198,23 +198,15 @@ struct engine_st {
115 ENGINE_LOAD_KEY_PTR load_privkey;
116 ENGINE_LOAD_KEY_PTR load_pubkey;
117 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
118- /*
119- * Instantiate Engine handle to be passed in check_pkc_availability
120- * Ensure that Engine is instantiated before any pkc asynchronous call.
121- */
122- void *(*engine_init_instance)(void);
123- /*
124- * Instantiated Engine handle will be closed with this call.
125- * Ensure that no pkc asynchronous call is made after this call
126- */
127- void (*engine_close_instance)(void *handle);
128+ int (*engine_open_instance)(void);
129+ int (*engine_close_instance)(int fd);
130 /*
131 * Check availability will extract the data from kernel.
132 * eng_handle: This is the Engine handle corresponds to which
133 * the cookies needs to be polled.
134 * return 0 if cookie available else 1
135 */
136- int (*check_pkc_availability)(void *eng_handle);
137+ int (*check_pkc_availability)(int fd);
138 /*
139 * The following map is used to check if the engine supports asynchronous implementation
140 * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous
141diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
142index 0c57e12..4fdcfd6 100644
143--- a/crypto/engine/eng_lib.c
144+++ b/crypto/engine/eng_lib.c
145@@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e)
146 e->load_privkey = NULL;
147 e->load_pubkey = NULL;
148 e->check_pkc_availability = NULL;
149- e->engine_init_instance = NULL;
150+ e->engine_open_instance = NULL;
151 e->engine_close_instance = NULL;
152 e->cmd_defns = NULL;
153 e->async_map = 0;
154@@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id)
155 return 1;
156 }
157
158-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void))
159- {
160- e->engine_init_instance = engine_init_instance;
161- }
162+void ENGINE_set_open_instance(ENGINE *e, int (*engine_open_instance)(void))
163+{
164+ e->engine_open_instance = engine_open_instance;
165+}
166
167-void ENGINE_set_close_instance(ENGINE *e,
168- void (*engine_close_instance)(void *))
169- {
170- e->engine_close_instance = engine_close_instance;
171- }
172+void ENGINE_set_close_instance(ENGINE *e, int (*engine_close_instance)(int))
173+{
174+ e->engine_close_instance = engine_close_instance;
175+}
176
177 void ENGINE_set_async_map(ENGINE *e, int async_map)
178 {
179 e->async_map = async_map;
180 }
181
182-void *ENGINE_init_instance(ENGINE *e)
183- {
184- return e->engine_init_instance();
185- }
186-
187-void ENGINE_close_instance(ENGINE *e, void *eng_handle)
188- {
189- e->engine_close_instance(eng_handle);
190- }
191-
192 int ENGINE_get_async_map(ENGINE *e)
193 {
194 return e->async_map;
195 }
196
197+int ENGINE_open_instance(ENGINE *e)
198+{
199+ return e->engine_open_instance();
200+}
201+
202+int ENGINE_close_instance(ENGINE *e, int fd)
203+{
204+ return e->engine_close_instance(fd);
205+}
206+
207 void ENGINE_set_check_pkc_availability(ENGINE *e,
208- int (*check_pkc_availability)(void *eng_handle))
209- {
210- e->check_pkc_availability = check_pkc_availability;
211- }
212+ int (*check_pkc_availability)(int fd))
213+{
214+ e->check_pkc_availability = check_pkc_availability;
215+}
216
217-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle)
218- {
219- return e->check_pkc_availability(eng_handle);
220+int ENGINE_check_pkc_availability(ENGINE *e, int fd)
221+{
222+ return e->check_pkc_availability(fd);
223 }
224
225 int ENGINE_set_name(ENGINE *e, const char *name)
226diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
227index 4527aa1..f83ee73 100644
228--- a/crypto/engine/engine.h
229+++ b/crypto/engine/engine.h
230@@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void);
231 int ENGINE_free(ENGINE *e);
232 int ENGINE_up_ref(ENGINE *e);
233 int ENGINE_set_id(ENGINE *e, const char *id);
234-void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void));
235-void ENGINE_set_close_instance(ENGINE *e,
236- void (*engine_free_instance)(void *));
237 /*
238 * Following FLAGS are bitmap store in async_map to set asynchronous interface capability
239 *of the engine
240@@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
241 * to confirm asynchronous methods supported
242 */
243 int ENGINE_get_async_map(ENGINE *e);
244-void *ENGINE_init_instance(ENGINE *e);
245-void ENGINE_close_instance(ENGINE *e, void *eng_handle);
246+int ENGINE_open_instance(ENGINE *e);
247+int ENGINE_close_instance(ENGINE *e, int fd);
248+void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
249+void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
250 void ENGINE_set_check_pkc_availability(ENGINE *e,
251- int (*check_pkc_availability)(void *eng_handle));
252-int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle);
253+ int (*check_pkc_availability)(int fd));
254+int ENGINE_check_pkc_availability(ENGINE *e, int fd);
255 int ENGINE_set_name(ENGINE *e, const char *name);
256 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
257 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
258--
2592.7.3
260
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
deleted file mode 100644
index 0daa2a4d..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1From e1de7751808d5196a9a719ad49a1281d2a3c453d Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 14 Dec 2015 14:02:00 +0200
4Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from
5 conditionals
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 6 ++++--
10 1 file changed, 4 insertions(+), 2 deletions(-)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index 34c8d18..31687d8 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -1560,14 +1560,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
17 struct session_op *sess = &state->d_sess;
18 int digest;
19
20- if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) {
21+ digest = digest_nid_to_cryptodev(ctx->digest->type);
22+ if (digest == NID_undef) {
23 printf("cryptodev_digest_init: Can't get digest \n");
24 return (0);
25 }
26
27 memset(state, 0, sizeof(struct dev_crypto_state));
28
29- if ((state->d_fd = get_dev_crypto()) < 0) {
30+ state->d_fd = get_dev_crypto();
31+ if (state->d_fd < 0) {
32 printf("cryptodev_digest_init: Can't get Dev \n");
33 return (0);
34 }
35--
362.7.3
37
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
deleted file mode 100644
index 3e02c72b..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From 9ffa46ff1348817f4c8d24e9d42fa0f739a652d7 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 15 Dec 2015 12:10:37 +0200
4Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 4 ++--
9 1 file changed, 2 insertions(+), 2 deletions(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index 31687d8..e6616e9 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -1560,14 +1560,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
16 struct session_op *sess = &state->d_sess;
17 int digest;
18
19+ memset(state, 0, sizeof(struct dev_crypto_state));
20+
21 digest = digest_nid_to_cryptodev(ctx->digest->type);
22 if (digest == NID_undef) {
23 printf("cryptodev_digest_init: Can't get digest \n");
24 return (0);
25 }
26
27- memset(state, 0, sizeof(struct dev_crypto_state));
28-
29 state->d_fd = get_dev_crypto();
30 if (state->d_fd < 0) {
31 printf("cryptodev_digest_init: Can't get Dev \n");
32--
332.7.3
34
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
deleted file mode 100644
index 4e1ce65d..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch
+++ /dev/null
@@ -1,155 +0,0 @@
1From 7f6a709ed46d79d765ee0bb2fc16b84d0bb4c8a6 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 14 Dec 2015 17:49:08 +0200
4Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
5
6This patch simplifies code and removes duplication in digest_update and
7digest_final for cryptodev engine.
8
9Note: The current design of eng_cryptodev for digests operations assumes
10 the presence of all the data before processing (this is suboptimal
11 with cryptodev-linux because Linux kernel has support for digest-update
12 operations and there is no need to accumulate the input data).
13
14Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
15---
16 crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
17 1 file changed, 28 insertions(+), 48 deletions(-)
18
19diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
20index e6616e9..a8652bf 100644
21--- a/crypto/engine/eng_cryptodev.c
22+++ b/crypto/engine/eng_cryptodev.c
23@@ -1591,24 +1591,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
24 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
25 size_t count)
26 {
27- struct crypt_op cryp;
28 struct dev_crypto_state *state = ctx->md_data;
29- struct session_op *sess = &state->d_sess;
30
31- if (!data || state->d_fd < 0) {
32+ if (!data || !count) {
33 printf("cryptodev_digest_update: illegal inputs \n");
34- return (0);
35- }
36-
37- if (!count) {
38- return (0);
39+ return 0;
40 }
41
42- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
43- /* if application doesn't support one buffer */
44+ /*
45+ * Accumulate input data if it is scattered in several buffers. TODO:
46+ * Depending on number of calls and data size, this code can be optimized
47+ * to take advantage of Linux kernel crypto API, balancing between
48+ * cryptodev calls and accumulating small amounts of data
49+ */
50+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
51+ state->mac_data = data;
52+ state->mac_len = count;
53+ } else {
54 state->mac_data =
55 OPENSSL_realloc(state->mac_data, state->mac_len + count);
56-
57 if (!state->mac_data) {
58 printf("cryptodev_digest_update: realloc failed\n");
59 return (0);
60@@ -1616,23 +1617,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
61
62 memcpy(state->mac_data + state->mac_len, data, count);
63 state->mac_len += count;
64-
65- return (1);
66 }
67
68- memset(&cryp, 0, sizeof(cryp));
69-
70- cryp.ses = sess->ses;
71- cryp.flags = 0;
72- cryp.len = count;
73- cryp.src = (caddr_t) data;
74- cryp.dst = NULL;
75- cryp.mac = (caddr_t) state->digest_res;
76- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
77- printf("cryptodev_digest_update: digest failed\n");
78- return (0);
79- }
80- return (1);
81+ return 1;
82 }
83
84 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
85@@ -1641,33 +1628,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
86 struct dev_crypto_state *state = ctx->md_data;
87 struct session_op *sess = &state->d_sess;
88
89- int ret = 1;
90-
91 if (!md || state->d_fd < 0) {
92 printf("cryptodev_digest_final: illegal input\n");
93 return (0);
94 }
95
96- if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
97- /* if application doesn't support one buffer */
98- memset(&cryp, 0, sizeof(cryp));
99- cryp.ses = sess->ses;
100- cryp.flags = 0;
101- cryp.len = state->mac_len;
102- cryp.src = state->mac_data;
103- cryp.dst = NULL;
104- cryp.mac = (caddr_t) md;
105- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
106- printf("cryptodev_digest_final: digest failed\n");
107- return (0);
108- }
109+ memset(&cryp, 0, sizeof(cryp));
110
111- return 1;
112- }
113+ cryp.ses = sess->ses;
114+ cryp.flags = 0;
115+ cryp.len = state->mac_len;
116+ cryp.src = state->mac_data;
117+ cryp.mac = md;
118
119- memcpy(md, state->digest_res, ctx->digest->md_size);
120+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
121+ printf("cryptodev_digest_final: digest failed\n");
122+ return (0);
123+ }
124
125- return (ret);
126+ return (1);
127 }
128
129 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
130@@ -1684,11 +1663,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
131 return (0);
132 }
133
134- if (state->mac_data) {
135+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
136 OPENSSL_free(state->mac_data);
137- state->mac_data = NULL;
138- state->mac_len = 0;
139 }
140+ state->mac_data = NULL;
141+ state->mac_len = 0;
142
143 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
144 printf("cryptodev_digest_cleanup: failed to close session\n");
145@@ -1696,6 +1675,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
146 } else {
147 ret = 1;
148 }
149+
150 put_dev_crypto(state->d_fd);
151 state->d_fd = -1;
152
153--
1542.7.3
155
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
deleted file mode 100644
index 08108897..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch
+++ /dev/null
@@ -1,108 +0,0 @@
1From 0307a70fc4399a0ee758172e385d4daaae669ce6 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 15 Dec 2015 12:23:13 +0200
4Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------
9 1 file changed, 19 insertions(+), 25 deletions(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index a8652bf..8b8710a 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -1578,13 +1578,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
16 sess->mackeylen = digest_key_length(ctx->digest->type);
17 sess->mac = digest;
18
19- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
20- put_dev_crypto(state->d_fd);
21- state->d_fd = -1;
22- printf("cryptodev_digest_init: Open session failed\n");
23- return (0);
24- }
25-
26 return (1);
27 }
28
29@@ -1624,6 +1617,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
30
31 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
32 {
33+ int ret = 1;
34 struct crypt_op cryp;
35 struct dev_crypto_state *state = ctx->md_data;
36 struct session_op *sess = &state->d_sess;
37@@ -1633,6 +1627,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
38 return (0);
39 }
40
41+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
42+ printf("cryptodev_digest_init: Open session failed\n");
43+ return (0);
44+ }
45+
46 memset(&cryp, 0, sizeof(cryp));
47
48 cryp.ses = sess->ses;
49@@ -1643,43 +1642,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
50
51 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
52 printf("cryptodev_digest_final: digest failed\n");
53- return (0);
54+ ret = 0;
55 }
56
57- return (1);
58+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
59+ printf("cryptodev_digest_cleanup: failed to close session\n");
60+ }
61+
62+ return ret;
63 }
64
65 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
66 {
67- int ret = 1;
68 struct dev_crypto_state *state = ctx->md_data;
69 struct session_op *sess = &state->d_sess;
70
71- if (state == NULL)
72+ if (state == NULL) {
73 return 0;
74-
75- if (state->d_fd < 0) {
76- printf("cryptodev_digest_cleanup: illegal input\n");
77- return (0);
78 }
79
80 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
81 OPENSSL_free(state->mac_data);
82 }
83- state->mac_data = NULL;
84- state->mac_len = 0;
85
86- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
87- printf("cryptodev_digest_cleanup: failed to close session\n");
88- ret = 0;
89- } else {
90- ret = 1;
91+ if (state->d_fd >= 0) {
92+ put_dev_crypto(state->d_fd);
93+ state->d_fd = -1;
94 }
95
96- put_dev_crypto(state->d_fd);
97- state->d_fd = -1;
98+ state->mac_data = NULL;
99+ state->mac_len = 0;
100
101- return (ret);
102+ return 1;
103 }
104
105 static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
106--
1072.7.3
108
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
deleted file mode 100644
index 91bd4a45..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch
+++ /dev/null
@@ -1,90 +0,0 @@
1From 07f16d70cf7993c43e2c24a1e121c197db9ce1bc Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 15 Dec 2015 12:51:36 +0200
4Subject: [PATCH 28/48] cryptodev: fix debug print messages
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 18 +++++++++---------
9 1 file changed, 9 insertions(+), 9 deletions(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index 8b8710a..b74f21c 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -1564,13 +1564,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
16
17 digest = digest_nid_to_cryptodev(ctx->digest->type);
18 if (digest == NID_undef) {
19- printf("cryptodev_digest_init: Can't get digest \n");
20+ printf("%s: Can't get digest\n", __func__);
21 return (0);
22 }
23
24 state->d_fd = get_dev_crypto();
25 if (state->d_fd < 0) {
26- printf("cryptodev_digest_init: Can't get Dev \n");
27+ printf("%s: Can't get Dev\n", __func__);
28 return (0);
29 }
30
31@@ -1587,7 +1587,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
32 struct dev_crypto_state *state = ctx->md_data;
33
34 if (!data || !count) {
35- printf("cryptodev_digest_update: illegal inputs \n");
36+ printf("%s: illegal inputs\n", __func__);
37 return 0;
38 }
39
40@@ -1604,7 +1604,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
41 state->mac_data =
42 OPENSSL_realloc(state->mac_data, state->mac_len + count);
43 if (!state->mac_data) {
44- printf("cryptodev_digest_update: realloc failed\n");
45+ printf("%s: realloc failed\n", __func__);
46 return (0);
47 }
48
49@@ -1623,12 +1623,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
50 struct session_op *sess = &state->d_sess;
51
52 if (!md || state->d_fd < 0) {
53- printf("cryptodev_digest_final: illegal input\n");
54+ printf("%s: illegal input\n", __func__);
55 return (0);
56 }
57
58 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
59- printf("cryptodev_digest_init: Open session failed\n");
60+ printf("%s: Open session failed\n", __func__);
61 return (0);
62 }
63
64@@ -1641,12 +1641,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
65 cryp.mac = md;
66
67 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
68- printf("cryptodev_digest_final: digest failed\n");
69+ printf("%s: digest failed\n", __func__);
70 ret = 0;
71 }
72
73 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
74- printf("cryptodev_digest_cleanup: failed to close session\n");
75+ printf("%s: failed to close session\n", __func__);
76 }
77
78 return ret;
79@@ -1701,7 +1701,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
80 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
81 put_dev_crypto(dstate->d_fd);
82 dstate->d_fd = -1;
83- printf("cryptodev_digest_init: Open session failed\n");
84+ printf("%s: Open session failed\n", __func__);
85 return (0);
86 }
87
88--
892.7.3
90
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
deleted file mode 100644
index abf80844..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch
+++ /dev/null
@@ -1,91 +0,0 @@
1From 64d5378080c14a9cf9fd673457af0fa80f3a94ee Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 15 Dec 2015 15:43:28 +0200
4Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 34 +++++++++++-----------------------
9 1 file changed, 11 insertions(+), 23 deletions(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index b74f21c..4f375e0 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -85,6 +85,7 @@ struct dev_crypto_state {
16 unsigned char *iv;
17 int ivlen;
18 # ifdef USE_CRYPTODEV_DIGESTS
19+ struct hash_op_data hash_op;
20 char dummy_mac_key[HASH_MAX_LEN];
21 unsigned char digest_res[HASH_MAX_LEN];
22 char *mac_data;
23@@ -1557,7 +1558,7 @@ static int digest_key_length(int nid)
24 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
25 {
26 struct dev_crypto_state *state = ctx->md_data;
27- struct session_op *sess = &state->d_sess;
28+ struct hash_op_data *hash_op = &state->hash_op;
29 int digest;
30
31 memset(state, 0, sizeof(struct dev_crypto_state));
32@@ -1574,9 +1575,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
33 return (0);
34 }
35
36- sess->mackey = state->dummy_mac_key;
37- sess->mackeylen = digest_key_length(ctx->digest->type);
38- sess->mac = digest;
39+ hash_op->mac_op = digest;
40+ hash_op->mackey = state->dummy_mac_key;
41+ hash_op->mackeylen = digest_key_length(ctx->digest->type);
42
43 return (1);
44 }
45@@ -1618,37 +1619,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
46 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
47 {
48 int ret = 1;
49- struct crypt_op cryp;
50 struct dev_crypto_state *state = ctx->md_data;
51- struct session_op *sess = &state->d_sess;
52+ struct hash_op_data *hash_op = &state->hash_op;
53
54 if (!md || state->d_fd < 0) {
55 printf("%s: illegal input\n", __func__);
56 return (0);
57 }
58
59- if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
60- printf("%s: Open session failed\n", __func__);
61- return (0);
62- }
63-
64- memset(&cryp, 0, sizeof(cryp));
65+ hash_op->flags = 0;
66+ hash_op->len = state->mac_len;
67+ hash_op->src = state->mac_data;
68+ hash_op->mac_result = md;
69
70- cryp.ses = sess->ses;
71- cryp.flags = 0;
72- cryp.len = state->mac_len;
73- cryp.src = state->mac_data;
74- cryp.mac = md;
75-
76- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
77+ if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) {
78 printf("%s: digest failed\n", __func__);
79 ret = 0;
80 }
81
82- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
83- printf("%s: failed to close session\n", __func__);
84- }
85-
86 return ret;
87 }
88
89--
902.7.3
91
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
deleted file mode 100644
index 28de5673..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch
+++ /dev/null
@@ -1,106 +0,0 @@
1From 328b2890d5a9baf9f936bd9facaf411c01931f08 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Wed, 13 Jan 2016 15:18:20 +0200
4Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching
5 inside digests table
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++-------------------------
10 1 file changed, 18 insertions(+), 26 deletions(-)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index 4f375e0..163a37d 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -1534,37 +1534,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
17
18 # ifdef USE_CRYPTODEV_DIGESTS
19
20-/* convert digest type to cryptodev */
21-static int digest_nid_to_cryptodev(int nid)
22+static int digest_nid_to_id(int nid)
23 {
24 int i;
25
26- for (i = 0; digests[i].id; i++)
27- if (digests[i].nid == nid)
28- return (digests[i].id);
29- return (0);
30-}
31-
32-static int digest_key_length(int nid)
33-{
34- int i;
35-
36- for (i = 0; digests[i].id; i++)
37- if (digests[i].nid == nid)
38- return digests[i].keylen;
39- return (0);
40+ for (i = 0;; i++) {
41+ if ((digests[i].nid == nid) || (digests[i].id == 0)) {
42+ break;
43+ }
44+ }
45+ return i;
46 }
47
48 static int cryptodev_digest_init(EVP_MD_CTX *ctx)
49 {
50 struct dev_crypto_state *state = ctx->md_data;
51 struct hash_op_data *hash_op = &state->hash_op;
52- int digest;
53+ int id;
54
55 memset(state, 0, sizeof(struct dev_crypto_state));
56
57- digest = digest_nid_to_cryptodev(ctx->digest->type);
58- if (digest == NID_undef) {
59+ id = digest_nid_to_id(ctx->digest->type);
60+
61+ hash_op->mac_op = digests[id].id;
62+ hash_op->mackeylen = digests[id].keylen;
63+ if (hash_op->mac_op == 0) {
64 printf("%s: Can't get digest\n", __func__);
65 return (0);
66 }
67@@ -1575,11 +1569,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
68 return (0);
69 }
70
71- hash_op->mac_op = digest;
72 hash_op->mackey = state->dummy_mac_key;
73- hash_op->mackeylen = digest_key_length(ctx->digest->type);
74
75- return (1);
76+ return 1;
77 }
78
79 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
80@@ -1669,7 +1661,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
81 struct dev_crypto_state *fstate = from->md_data;
82 struct dev_crypto_state *dstate = to->md_data;
83 struct session_op *sess;
84- int digest;
85+ int id;
86
87 if (dstate == NULL || fstate == NULL)
88 return 1;
89@@ -1678,11 +1670,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
90
91 sess = &dstate->d_sess;
92
93- digest = digest_nid_to_cryptodev(to->digest->type);
94+ id = digest_nid_to_id(to->digest->type);
95
96 sess->mackey = dstate->dummy_mac_key;
97- sess->mackeylen = digest_key_length(to->digest->type);
98- sess->mac = digest;
99+ sess->mackeylen = digests[id].keylen;
100+ sess->mac = digests[id].id;
101
102 dstate->d_fd = get_dev_crypto();
103
104--
1052.7.3
106
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
deleted file mode 100644
index d7af9cbd..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch
+++ /dev/null
@@ -1,46 +0,0 @@
1From 9faaca759390bba5aeeb049d31f74806e78137e1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 16:00:22 +0200
4Subject: [PATCH 31/48] cryptodev: remove not used local variables
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 6 +-----
9 1 file changed, 1 insertion(+), 5 deletions(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index 163a37d..b13bf8c 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -1635,7 +1635,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
16 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
17 {
18 struct dev_crypto_state *state = ctx->md_data;
19- struct session_op *sess = &state->d_sess;
20
21 if (state == NULL) {
22 return 0;
23@@ -3952,7 +3951,6 @@ static int cryptodev_dh_keygen(DH *dh)
24 int ret = 1, q_len = 0;
25 unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
26 BIGNUM *pub_key = NULL, *priv_key = NULL;
27- int generate_new_key = 1;
28
29 if (dh->priv_key)
30 priv_key = dh->priv_key;
31@@ -4074,11 +4072,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
32 {
33 struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
34 int ret = 1;
35- int fd, p_len;
36+ int p_len;
37 unsigned char *padded_pub_key = NULL, *p = NULL;
38
39- fd = *(int *)cookie->eng_handle;
40-
41 memset(kop, 0, sizeof(struct crypt_kop));
42 kop->crk_op = CRK_DH_COMPUTE_KEY;
43 /* inputs: dh->priv_key pub_key dh->p key */
44--
452.7.3
46
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
deleted file mode 100644
index a53705f9..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1From a6dc52cbcda9b4dcb0fda3b780e7c89219388982 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 17:22:49 +0200
4Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 2 ++
9 1 file changed, 2 insertions(+)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index b13bf8c..cdd99b8 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -413,7 +413,9 @@ static int open_dev_crypto(void)
16 static int get_dev_crypto(void)
17 {
18 static int fd = -1;
19+# ifndef CRIOGET_NOT_NEEDED
20 int retfd;
21+# endif
22
23 if (fd == -1)
24 fd = open_dev_crypto();
25--
262.7.3
27
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
deleted file mode 100644
index f0863bdc..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1From 6d335627ec5bdf89c89ced9d2fa7610e6dc50e31 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 16:08:25 +0200
4Subject: [PATCH 33/48] cryptodev: fix function declaration typo
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/engine.h | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
12index f83ee73..c8efbe1 100644
13--- a/crypto/engine/engine.h
14+++ b/crypto/engine/engine.h
15@@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map);
16 int ENGINE_get_async_map(ENGINE *e);
17 int ENGINE_open_instance(ENGINE *e);
18 int ENGINE_close_instance(ENGINE *e, int fd);
19-void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void));
20+void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void));
21 void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int));
22 void ENGINE_set_check_pkc_availability(ENGINE *e,
23 int (*check_pkc_availability)(int fd));
24--
252.7.3
26
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
deleted file mode 100644
index 50aa45c8..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1From fcb63347ddb004825e05250fd082fe84ff3689df Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 16:12:54 +0200
4Subject: [PATCH 34/48] cryptodev: fix incorrect function signature
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index cdd99b8..1c71bc7 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -3161,7 +3161,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst,
16 }
17
18 static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len,
19- ECDSA_SIG *sig, EC_KEY *eckey)
20+ const ECDSA_SIG *sig, EC_KEY *eckey)
21 {
22 BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL;
23 BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL;
24--
252.7.3
26
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
deleted file mode 100644
index e028f663..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch
+++ /dev/null
@@ -1,110 +0,0 @@
1From 6ed8710043b5dc947afab8fffa80ea97f4c84ad6 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 16:21:46 +0200
4Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct
5 initializer
6
7The initialization data for these structures had either missing or excess
8values and did not match the structure definitions.
9
10Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
11---
12 crypto/dh/dh.h | 6 +++---
13 crypto/dsa/dsa.h | 11 ++++++-----
14 crypto/engine/eng_cryptodev.c | 11 ++++++-----
15 3 files changed, 15 insertions(+), 13 deletions(-)
16
17diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
18index 31dd762..11c6c7d 100644
19--- a/crypto/dh/dh.h
20+++ b/crypto/dh/dh.h
21@@ -123,9 +123,9 @@ struct dh_method {
22 int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
23 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
24 BN_MONT_CTX *m_ctx);
25- int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh,
26- struct pkc_cookie_s *cookie);
27- int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie);
28+ int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key,
29+ DH *dh, struct pkc_cookie_s * cookie);
30+ int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie);
31 int (*init) (DH *dh);
32 int (*finish) (DH *dh);
33 int flags;
34diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
35index 8584731..ab52add 100644
36--- a/crypto/dsa/dsa.h
37+++ b/crypto/dsa/dsa.h
38@@ -139,10 +139,11 @@ struct dsa_method {
39 /* Can be null */
40 int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
41 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
42- int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa,
43- DSA_SIG *sig, struct pkc_cookie_s *cookie);
44- int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
45- DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie);
46+ int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa,
47+ DSA_SIG *sig, struct pkc_cookie_s * cookie);
48+ int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len,
49+ DSA_SIG *sig, DSA *dsa,
50+ struct pkc_cookie_s * cookie);
51 int (*init) (DSA *dsa);
52 int (*finish) (DSA *dsa);
53 int flags;
54@@ -154,7 +155,7 @@ struct dsa_method {
55 BN_GENCB *cb);
56 /* If this is non-NULL, it is used to generate DSA keys */
57 int (*dsa_keygen) (DSA *dsa);
58- int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie);
59+ int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie);
60 };
61
62 struct dsa_st {
63diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
64index 1c71bc7..20e1ec3 100644
65--- a/crypto/engine/eng_cryptodev.c
66+++ b/crypto/engine/eng_cryptodev.c
67@@ -2905,11 +2905,13 @@ static DSA_METHOD cryptodev_dsa = {
68 NULL,
69 NULL,
70 NULL,
71- NULL,
72 NULL, /* init */
73 NULL, /* finish */
74 0, /* flags */
75- NULL /* app_data */
76+ NULL, /* app_data */
77+ NULL,
78+ NULL,
79+ NULL
80 };
81
82 static ECDSA_METHOD cryptodev_ecdsa = {
83@@ -2919,7 +2921,6 @@ static ECDSA_METHOD cryptodev_ecdsa = {
84 NULL,
85 NULL,
86 NULL,
87- NULL,
88 0, /* flags */
89 NULL /* app_data */
90 };
91@@ -4496,14 +4497,14 @@ static DH_METHOD cryptodev_dh = {
92 NULL,
93 NULL,
94 0, /* flags */
95- NULL /* app_data */
96+ NULL, /* app_data */
97+ NULL, /* generate_params */
98 };
99
100 static ECDH_METHOD cryptodev_ecdh = {
101 "cryptodev ECDH method",
102 NULL, /* cryptodev_ecdh_compute_key */
103 NULL,
104- NULL,
105 0, /* flags */
106 NULL /* app_data */
107 };
108--
1092.7.3
110
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
deleted file mode 100644
index e59744ed..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch
+++ /dev/null
@@ -1,46 +0,0 @@
1From bf4e61a53459358185a73dffa5f79af9bd739149 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 16:36:33 +0200
4Subject: [PATCH 36/48] cryptodev: fix free on error path
5
6This was most likely a typo that escaped code review
7
8Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
9---
10 crypto/ecdsa/ecs_locl.h | 4 ++--
11 crypto/engine/eng_cryptodev.c | 2 +-
12 2 files changed, 3 insertions(+), 3 deletions(-)
13
14diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
15index 9b28c04..c3843c6 100644
16--- a/crypto/ecdsa/ecs_locl.h
17+++ b/crypto/ecdsa/ecs_locl.h
18@@ -74,10 +74,10 @@ struct ecdsa_method {
19 BIGNUM **r);
20 int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
21 const ECDSA_SIG *sig, EC_KEY *eckey);
22- int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
23+ int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len,
24 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey,
25 ECDSA_SIG *sig, struct pkc_cookie_s *cookie);
26- int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
27+ int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len,
28 const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie);
29 # if 0
30 int (*init) (EC_KEY *eckey);
31diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
32index 20e1ec3..1f13079 100644
33--- a/crypto/engine/eng_cryptodev.c
34+++ b/crypto/engine/eng_cryptodev.c
35@@ -3437,7 +3437,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst,
36 if (!(sig->r = BN_new()) || !kop)
37 goto err;
38 if ((sig->s = BN_new()) == NULL) {
39- BN_free(r);
40+ BN_free(sig->r);
41 goto err;
42 }
43
44--
452.7.3
46
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
deleted file mode 100644
index ea1f4b23..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch
+++ /dev/null
@@ -1,28 +0,0 @@
1From ec6b6531e3e67b4e82a4bc6829777052f39807b1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 16:55:32 +0200
4Subject: [PATCH 37/48] cryptodev: fix return value on error
5
6Even though we're on error path, the operation is taken care of on
7software; return success (ret is 1)
8
9Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
10---
11 crypto/engine/eng_cryptodev.c | 1 -
12 1 file changed, 1 deletion(-)
13
14diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
15index 1f13079..b87fa7d 100644
16--- a/crypto/engine/eng_cryptodev.c
17+++ b/crypto/engine/eng_cryptodev.c
18@@ -2768,7 +2768,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa,
19 sig->s = dsaret->s;
20 /* Call user callback immediately */
21 cookie->pkc_callback(cookie, 0);
22- ret = dsaret;
23 }
24 return ret;
25 }
26--
272.7.3
28
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
deleted file mode 100644
index acd6e320..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From 77c84d99b5b0ab95efc9e1efc083e5cca8aa4eb5 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 17:11:43 +0200
4Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 4 ++--
9 1 file changed, 2 insertions(+), 2 deletions(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index b87fa7d..4296704 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -86,9 +86,9 @@ struct dev_crypto_state {
16 int ivlen;
17 # ifdef USE_CRYPTODEV_DIGESTS
18 struct hash_op_data hash_op;
19- char dummy_mac_key[HASH_MAX_LEN];
20+ unsigned char dummy_mac_key[HASH_MAX_LEN];
21 unsigned char digest_res[HASH_MAX_LEN];
22- char *mac_data;
23+ unsigned char *mac_data;
24 int mac_len;
25 # endif
26 };
27--
282.7.3
29
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
deleted file mode 100644
index 70319e4c..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch
+++ /dev/null
@@ -1,30 +0,0 @@
1From 4366920bb2a97c10c49c5e6d035c0c82629b9f0a Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 17:15:25 +0200
4Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier
5
6The const qualifier is discarded by the assignment as a result of how
7the variables are defined. This patch drops the const qualifier
8explicitly to avoid build errors.
9
10Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
11---
12 crypto/engine/eng_cryptodev.c | 2 +-
13 1 file changed, 1 insertion(+), 1 deletion(-)
14
15diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
16index 4296704..f8619b0 100644
17--- a/crypto/engine/eng_cryptodev.c
18+++ b/crypto/engine/eng_cryptodev.c
19@@ -1593,7 +1593,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
20 * cryptodev calls and accumulating small amounts of data
21 */
22 if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
23- state->mac_data = data;
24+ state->mac_data = (void *)data;
25 state->mac_len = count;
26 } else {
27 state->mac_data =
28--
292.7.3
30
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
deleted file mode 100644
index c8359670..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch
+++ /dev/null
@@ -1,95 +0,0 @@
1From f256bb9574f77206b289b265d1d46bb53e54c71c Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 9 Feb 2016 11:28:23 +0200
4Subject: [PATCH 40/48] cryptodev: replace caddr_t with void *
5
6This avoids warnings such as "pointer targets in assignment differ in
7signedness" when compiling the code
8
9Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
10---
11 crypto/engine/eng_cryptodev.c | 22 +++++++++++-----------
12 1 file changed, 11 insertions(+), 11 deletions(-)
13
14diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
15index f8619b0..aac2740 100644
16--- a/crypto/engine/eng_cryptodev.c
17+++ b/crypto/engine/eng_cryptodev.c
18@@ -461,8 +461,8 @@ static int get_cryptodev_ciphers(const int **cnids)
19 return (0);
20 }
21 memset(&sess, 0, sizeof(sess));
22- sess.key = (caddr_t) "123456789abcdefghijklmno";
23- sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO";
24+ sess.key = (void *)"123456789abcdefghijklmno";
25+ sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO";
26
27 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
28 if (ciphers[i].nid == NID_undef)
29@@ -502,7 +502,7 @@ static int get_cryptodev_digests(const int **cnids)
30 return (0);
31 }
32 memset(&sess, 0, sizeof(sess));
33- sess.mackey = (caddr_t) "123456789abcdefghijklmno";
34+ sess.mackey = (void *)"123456789abcdefghijklmno";
35 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
36 if (digests[i].nid == NID_undef)
37 continue;
38@@ -634,14 +634,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
39 cryp.ses = sess->ses;
40 cryp.flags = 0;
41 cryp.len = inl;
42- cryp.src = (caddr_t) in;
43- cryp.dst = (caddr_t) out;
44+ cryp.src = (void *)in;
45+ cryp.dst = (void *)out;
46 cryp.mac = 0;
47
48 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
49
50 if (ctx->cipher->iv_len) {
51- cryp.iv = (caddr_t) ctx->iv;
52+ cryp.iv = (void *)ctx->iv;
53 if (!ctx->encrypt) {
54 iiv = in + inl - ctx->cipher->iv_len;
55 memcpy(save_iv, iiv, ctx->cipher->iv_len);
56@@ -702,15 +702,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
57 }
58 cryp.ses = sess->ses;
59 cryp.len = state->len;
60- cryp.src = (caddr_t) in;
61- cryp.dst = (caddr_t) out;
62+ cryp.src = (void *)in;
63+ cryp.dst = (void *)out;
64 cryp.auth_src = state->aad;
65 cryp.auth_len = state->aad_len;
66
67 cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
68
69 if (ctx->cipher->iv_len) {
70- cryp.iv = (caddr_t) ctx->iv;
71+ cryp.iv = (void *)ctx->iv;
72 if (!ctx->encrypt) {
73 iiv = in + len - ctx->cipher->iv_len;
74 memcpy(save_iv, iiv, ctx->cipher->iv_len);
75@@ -762,7 +762,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
76 if ((state->d_fd = get_dev_crypto()) < 0)
77 return (0);
78
79- sess->key = (caddr_t) key;
80+ sess->key = (void *)key;
81 sess->keylen = ctx->key_len;
82 sess->cipher = cipher;
83
84@@ -805,7 +805,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx,
85
86 memset(sess, 0, sizeof(struct session_op));
87
88- sess->key = (caddr_t) key;
89+ sess->key = (void *)key;
90 sess->keylen = ctx->key_len;
91 sess->cipher = cipher;
92
93--
942.7.3
95
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 6c46061e..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1From c714cb7a33e994ff2278149d4a7a20a21215a2f6 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 17:04:25 +0200
4Subject: [PATCH 41/48] cryptodev: check for errors inside
5 cryptodev_rsa_mod_exp
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------
10 1 file changed, 18 insertions(+), 6 deletions(-)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index aac2740..e419bef 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -2067,12 +2067,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
17 kop.crk_status = 0;
18 kop.crk_op = CRK_MOD_EXP_CRT;
19 f_len = BN_num_bytes(rsa->n);
20- spcf_bn2bin_ex(I, &f, &f_len);
21- spcf_bn2bin(rsa->p, &p, &p_len);
22- spcf_bn2bin(rsa->q, &q, &q_len);
23- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
24- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
25- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
26+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
27+ goto err;
28+ }
29+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
30+ goto err;
31+ }
32+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
33+ goto err;
34+ }
35+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
36+ goto err;
37+ }
38+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
39+ goto err;
40+ }
41+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
42+ goto err;
43+ }
44 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
45 kop.crk_param[0].crp_p = p;
46 kop.crk_param[0].crp_nbits = p_len * 8;
47--
482.7.3
49
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
deleted file mode 100644
index 4b9b0862..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch
+++ /dev/null
@@ -1,69 +0,0 @@
1From 7f444e52acada23977b89d42f8dd8ebd915ccd83 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 9 Feb 2016 11:47:52 +0200
4Subject: [PATCH 42/48] cryptodev: check for errors inside
5 cryptodev_rsa_mod_exp_async
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++--------
10 1 file changed, 25 insertions(+), 8 deletions(-)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index e419bef..7c391d6 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -2122,25 +2122,42 @@ static int
17 cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
18 BN_CTX *ctx, struct pkc_cookie_s *cookie)
19 {
20- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
21+ struct crypt_kop *kop;
22 int ret = 1, f_len, p_len, q_len;
23 unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq =
24 NULL, *c = NULL;
25
26- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) {
27+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
28 return (0);
29 }
30
31+ kop = malloc(sizeof(struct crypt_kop));
32+ if (kop == NULL) {
33+ goto err;
34+ }
35+
36 kop->crk_oparams = 0;
37 kop->crk_status = 0;
38 kop->crk_op = CRK_MOD_EXP_CRT;
39 f_len = BN_num_bytes(rsa->n);
40- spcf_bn2bin_ex(I, &f, &f_len);
41- spcf_bn2bin(rsa->p, &p, &p_len);
42- spcf_bn2bin(rsa->q, &q, &q_len);
43- spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len);
44- spcf_bn2bin_ex(rsa->iqmp, &c, &p_len);
45- spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len);
46+ if (spcf_bn2bin_ex(I, &f, &f_len) != 0) {
47+ goto err;
48+ }
49+ if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) {
50+ goto err;
51+ }
52+ if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) {
53+ goto err;
54+ }
55+ if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) {
56+ goto err;
57+ }
58+ if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) {
59+ goto err;
60+ }
61+ if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) {
62+ goto err;
63+ }
64 /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
65 kop->crk_param[0].crp_p = p;
66 kop->crk_param[0].crp_nbits = p_len * 8;
67--
682.7.3
69
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 879d5c2c..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 73115f243f0a65326888537f125e31f28c9f570d Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 9 Feb 2016 11:53:22 +0200
4Subject: [PATCH 43/48] cryptodev: check for errors inside
5 cryptodev_dh_compute_key
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 15 +++++++++++----
10 1 file changed, 11 insertions(+), 4 deletions(-)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index 7c391d6..753e326 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -4056,11 +4056,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
17 memset(&kop, 0, sizeof kop);
18 kop.crk_op = CRK_DH_COMPUTE_KEY;
19 /* inputs: dh->priv_key pub_key dh->p key */
20- spcf_bn2bin(dh->p, &p, &p_len);
21- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
22- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
23+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
24 goto sw_try;
25-
26+ }
27+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
28+ goto sw_try;
29+ }
30+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) {
31+ goto sw_try;
32+ }
33 kop.crk_param[1].crp_p = padded_pub_key;
34 kop.crk_param[1].crp_nbits = p_len * 8;
35 kop.crk_param[2].crp_p = p;
36@@ -4087,10 +4091,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
37 kop.crk_param[3].crp_p = NULL;
38 zapparams(&kop);
39 return (dhret);
40+
41 sw_try:
42 {
43 const DH_METHOD *meth = DH_OpenSSL();
44
45+ free(p);
46+ free(padded_pub_key);
47 dhret = (meth->compute_key) (key, pub_key, dh);
48 }
49 return (dhret);
50--
512.7.3
52
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
deleted file mode 100644
index 37bdff8d..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch
+++ /dev/null
@@ -1,76 +0,0 @@
1From 0901ff383524e896424921f4e8a1ba7020e7613d Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 9 Feb 2016 11:53:33 +0200
4Subject: [PATCH 44/48] cryptodev: check for errors inside
5 cryptodev_dh_compute_key_async
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++--------
10 1 file changed, 21 insertions(+), 8 deletions(-)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index 753e326..b9c7ff3 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -4108,19 +4108,28 @@ static int
17 cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
18 DH *dh, struct pkc_cookie_s *cookie)
19 {
20- struct crypt_kop *kop = malloc(sizeof(struct crypt_kop));
21+ struct crypt_kop *kop;
22 int ret = 1;
23 int p_len;
24 unsigned char *padded_pub_key = NULL, *p = NULL;
25
26+ kop = malloc(sizeof(struct crypt_kop));
27+ if (kop == NULL) {
28+ goto err;
29+ }
30+
31 memset(kop, 0, sizeof(struct crypt_kop));
32 kop->crk_op = CRK_DH_COMPUTE_KEY;
33 /* inputs: dh->priv_key pub_key dh->p key */
34- spcf_bn2bin(dh->p, &p, &p_len);
35- spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len);
36-
37- if (bn2crparam(dh->priv_key, &kop->crk_param[0]))
38+ if (spcf_bn2bin(dh->p, &p, &p_len) != 0) {
39+ goto err;
40+ }
41+ if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) {
42 goto err;
43+ }
44+ if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) {
45+ goto err;
46+ }
47 kop->crk_param[1].crp_p = padded_pub_key;
48 kop->crk_param[1].crp_nbits = p_len * 8;
49 kop->crk_param[2].crp_p = p;
50@@ -4132,16 +4141,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key,
51 kop->crk_param[3].crp_nbits = p_len * 8;
52 kop->crk_oparams = 1;
53
54- if (cryptodev_asym_async(kop, 0, NULL, 0, NULL))
55+ if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) {
56 goto err;
57+ }
58
59 return p_len;
60 err:
61 {
62 const DH_METHOD *meth = DH_OpenSSL();
63-
64- if (kop)
65+ free(p);
66+ free(padded_pub_key);
67+ if (kop) {
68 free(kop);
69+ }
70+
71 ret = (meth->compute_key) (key, pub_key, dh);
72 /* Call user cookie handler */
73 cookie->pkc_callback(cookie, 0);
74--
752.7.3
76
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
deleted file mode 100644
index 12b5f6cc..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch
+++ /dev/null
@@ -1,38 +0,0 @@
1From 6ca53b6d6519d52021e642230bb51ae7834b3e67 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 9 Feb 2016 12:11:32 +0200
4Subject: [PATCH 45/48] cryptodev: change signature for conversion functions
5
6These functions are called with const BIGNUMs, so we change the
7signatures to avoid compilation warnings
8
9Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
10---
11 crypto/engine/eng_cryptodev.c | 4 ++--
12 1 file changed, 2 insertions(+), 2 deletions(-)
13
14diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
15index b9c7ff3..58e539c 100644
16--- a/crypto/engine/eng_cryptodev.c
17+++ b/crypto/engine/eng_cryptodev.c
18@@ -146,7 +146,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1;
19 const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256;
20 const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256;
21
22-inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
23+static int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len)
24 {
25 int len;
26 unsigned char *p;
27@@ -168,7 +168,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len)
28 return 0;
29 }
30
31-inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len)
32+static int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len)
33 {
34 int len;
35 unsigned char *p;
36--
372.7.3
38
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
deleted file mode 100644
index d8b56dee..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1From 8f6e948f5f6bb2b517a5436dd6294e7e5536cf8f Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 9 Feb 2016 12:13:59 +0200
4Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/engine/eng_cryptodev.c | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
12index 58e539c..ddd3462 100644
13--- a/crypto/engine/eng_cryptodev.c
14+++ b/crypto/engine/eng_cryptodev.c
15@@ -4027,7 +4027,7 @@ static int cryptodev_dh_keygen(DH *dh)
16 }
17
18 /* pub_key is or prime length while priv key is of length of order */
19- if (cryptodev_asym(&kop, q_len, w, q_len, s))
20+ if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s))
21 goto sw_try;
22
23 dh->pub_key = BN_bin2bn(w, q_len, pub_key);
24--
252.7.3
26
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
deleted file mode 100644
index 7cfad9cd..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch
+++ /dev/null
@@ -1,28 +0,0 @@
1From e50560cb9a201c0b0130bb29d4c99121a8ec97ba Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 8 Feb 2016 15:15:02 +0200
4Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors
5
6This patch has the purpose of maintaining a higher level of code quality.
7
8Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
9---
10 crypto/engine/Makefile | 2 +-
11 1 file changed, 1 insertion(+), 1 deletion(-)
12
13diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile
14index 426388e..010f21d 100644
15--- a/crypto/engine/Makefile
16+++ b/crypto/engine/Makefile
17@@ -10,7 +10,7 @@ CFLAG=-g
18 MAKEFILE= Makefile
19 AR= ar r
20
21-CFLAGS= $(INCLUDES) $(CFLAG)
22+CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG)
23
24 GENERAL=Makefile
25 TEST= enginetest.c
26--
272.7.3
28
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
deleted file mode 100644
index 57ff7f11..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From c79e7a4a818ea86bf6045197173d5c4e243d1f4f Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Wed, 6 Apr 2016 15:22:58 +0300
4Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some
5 compilers
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/engine/eng_cryptodev.c | 4 ++++
10 1 file changed, 4 insertions(+)
11
12diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
13index ddd3462..2266b26 100644
14--- a/crypto/engine/eng_cryptodev.c
15+++ b/crypto/engine/eng_cryptodev.c
16@@ -906,6 +906,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
17 maclen = SHA256_DIGEST_LENGTH;
18 aad_needs_fix = true;
19 break;
20+ default:
21+ fprintf(stderr, "%s: unsupported NID: %d\n",
22+ __func__, ctx->cipher->nid);
23+ return -1;
24 }
25
26 /* Correct length for AAD Length field */
27--
282.7.3
29
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
index a2346ba1..04052ac3 100644
--- a/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2l.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
12export DIRS = "crypto ssl apps engines" 12export DIRS = "crypto ssl apps engines"
13export OE_LDFLAGS="${LDFLAGS}" 13export OE_LDFLAGS="${LDFLAGS}"
14 14
15SRC_URI += "file://find.pl;subdir=${BP}/util \ 15SRC_URI += "file://find.pl;subdir=git/util \
16 file://run-ptest \ 16 file://run-ptest \
17 file://openssl-c_rehash.sh \ 17 file://openssl-c_rehash.sh \
18 file://configure-targets.patch \ 18 file://configure-targets.patch \
@@ -44,14 +44,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util \
44 file://Use-SHA256-not-MD5-as-default-digest.patch \ 44 file://Use-SHA256-not-MD5-as-default-digest.patch \
45 file://0001-Fix-build-with-clang-using-external-assembler.patch \ 45 file://0001-Fix-build-with-clang-using-external-assembler.patch \
46 " 46 "
47SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566" 47SRCREV = "b9e6572a0dcbaaf84a8925cabd1a86bd594ca69f"
48SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
49
50SRC_URI += " \
51 file://find.pl;subdir=openssl-${PV}/util/ \
52 file://0001-remove-double-initialization-of-cryptodev-engine.patch \
53 file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \
54"
55 48
56PACKAGES =+ "${PN}-engines" 49PACKAGES =+ "${PN}-engines"
57FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" 50FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-13 12:38:19 +0000