diff options
95 files changed, 13912 insertions, 6933 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc index faccb080..8c8c0365 100644 --- a/recipes-connectivity/openssl/openssl-qoriq.inc +++ b/recipes-connectivity/openssl/openssl-qoriq.inc | |||
@@ -8,6 +8,9 @@ SECTION = "libs/network" | |||
8 | LICENSE = "openssl" | 8 | LICENSE = "openssl" |
9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" | 9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" |
10 | 10 | ||
11 | DEPENDS = "hostperl-runtime-native" | ||
12 | DEPENDS_append_class-target = " openssl-native" | ||
13 | |||
11 | PROVIDES = "openssl" | 14 | PROVIDES = "openssl" |
12 | 15 | ||
13 | python() { | 16 | python() { |
@@ -19,8 +22,6 @@ python() { | |||
19 | d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) | 22 | d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) |
20 | } | 23 | } |
21 | 24 | ||
22 | DEPENDS = "perl-native-runtime" | ||
23 | |||
24 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | 25 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ |
25 | " | 26 | " |
26 | S = "${WORKDIR}/openssl-${PV}" | 27 | S = "${WORKDIR}/openssl-${PV}" |
@@ -28,37 +29,39 @@ S = "${WORKDIR}/openssl-${PV}" | |||
28 | PACKAGECONFIG[perl] = ",,," | 29 | PACKAGECONFIG[perl] = ",,," |
29 | 30 | ||
30 | AR_append = " r" | 31 | AR_append = " r" |
32 | TERMIO_libc-musl = "-DTERMIOS" | ||
33 | TERMIO ?= "-DTERMIO" | ||
31 | # Avoid binaries being marked as requiring an executable stack since it | 34 | # Avoid binaries being marked as requiring an executable stack since it |
32 | # doesn't(which causes and this causes issues with SELinux | 35 | # doesn't(which causes and this causes issues with SELinux |
33 | CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ | 36 | CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ |
34 | -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack" | 37 | ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack" |
35 | |||
36 | # -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom | ||
37 | CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" | ||
38 | CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}" | ||
39 | 38 | ||
40 | export DIRS = "crypto ssl apps" | 39 | export DIRS = "crypto ssl apps" |
41 | export EX_LIBS = "-lgcc -ldl" | 40 | export EX_LIBS = "-lgcc -ldl" |
42 | export AS = "${CC} -c" | 41 | export AS = "${CC} -c" |
43 | EXTRA_OEMAKE = "-e MAKEFLAGS=" | 42 | EXTRA_OEMAKE = "-e MAKEFLAGS=" |
44 | 43 | ||
45 | inherit pkgconfig siteinfo multilib_header | 44 | inherit pkgconfig siteinfo multilib_header ptest |
46 | 45 | ||
47 | PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" | 46 | PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf" |
48 | FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}" | 47 | FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" |
49 | FILES_libssl = "${libdir}/libssl.so.*" | 48 | FILES_libssl = "${libdir}/libssl${SOLIBS}" |
50 | FILES_${PN} =+ " ${libdir}/ssl/*" | 49 | FILES_${PN} =+ " ${libdir}/ssl/*" |
51 | FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" | 50 | FILES_${PN}-misc = "${libdir}/ssl/misc" |
52 | RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" | 51 | RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" |
53 | FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}" | ||
54 | 52 | ||
55 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto | 53 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto |
56 | # package RRECOMMENDS on this package. This will enable the configuration | 54 | # package RRECOMMENDS on this package. This will enable the configuration |
57 | # file to be installed for both the base openssl package and the libcrypto | 55 | # file to be installed for both the base openssl package and the libcrypto |
58 | # package since the base openssl package depends on the libcrypto package. | 56 | # package since the base openssl package depends on the libcrypto package. |
59 | FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" | 57 | FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf" |
60 | CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" | 58 | CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf" |
61 | RRECOMMENDS_libcrypto += "openssl-conf" | 59 | RRECOMMENDS_libcrypto += "${PN}-conf" |
60 | RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" | ||
61 | |||
62 | # Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE | ||
63 | # vulnerability | ||
64 | EXTRA_OECONF = " -no-ssl3" | ||
62 | 65 | ||
63 | do_configure_prepend_darwin () { | 66 | do_configure_prepend_darwin () { |
64 | sed -i -e '/version-script=openssl\.ld/d' Configure | 67 | sed -i -e '/version-script=openssl\.ld/d' Configure |
@@ -71,17 +74,18 @@ do_configure () { | |||
71 | ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ | 74 | ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ |
72 | 75 | ||
73 | os=${HOST_OS} | 76 | os=${HOST_OS} |
74 | if [ "x$os" = "xlinux-uclibc" ]; then | 77 | case $os in |
75 | os=linux | 78 | linux-uclibc |\ |
76 | elif [ "x$os" = "xlinux-uclibceabi" ]; then | 79 | linux-uclibceabi |\ |
77 | os=linux | 80 | linux-gnueabi |\ |
78 | elif [ "x$os" = "xlinux-uclibcspe" ]; then | 81 | linux-uclibcspe |\ |
79 | os=linux | 82 | linux-gnuspe |\ |
80 | elif [ "x$os" = "xlinux-gnuspe" ]; then | 83 | linux-musl*) |
81 | os=linux | 84 | os=linux |
82 | elif [ "x$os" = "xlinux-gnueabi" ]; then | 85 | ;; |
83 | os=linux | 86 | *) |
84 | fi | 87 | ;; |
88 | esac | ||
85 | target="$os-${HOST_ARCH}" | 89 | target="$os-${HOST_ARCH}" |
86 | case $target in | 90 | case $target in |
87 | linux-arm) | 91 | linux-arm) |
@@ -91,7 +95,7 @@ do_configure () { | |||
91 | target=linux-elf-armeb | 95 | target=linux-elf-armeb |
92 | ;; | 96 | ;; |
93 | linux-aarch64*) | 97 | linux-aarch64*) |
94 | target=linux-generic64 | 98 | target=linux-aarch64 |
95 | ;; | 99 | ;; |
96 | linux-sh3) | 100 | linux-sh3) |
97 | target=debian-sh3 | 101 | target=debian-sh3 |
@@ -120,9 +124,12 @@ do_configure () { | |||
120 | linux-mipsel) | 124 | linux-mipsel) |
121 | target=debian-mipsel | 125 | target=debian-mipsel |
122 | ;; | 126 | ;; |
123 | linux-*-mips64) | 127 | linux-*-mips64 | linux-mips64) |
124 | target=linux-mips | 128 | target=linux-mips |
125 | ;; | 129 | ;; |
130 | linux-microblaze*|linux-nios2*) | ||
131 | target=linux-generic32 | ||
132 | ;; | ||
126 | linux-powerpc) | 133 | linux-powerpc) |
127 | target=linux-ppc | 134 | target=linux-ppc |
128 | ;; | 135 | ;; |
@@ -145,40 +152,80 @@ do_configure () { | |||
145 | if [ "x$useprefix" = "x" ]; then | 152 | if [ "x$useprefix" = "x" ]; then |
146 | useprefix=/ | 153 | useprefix=/ |
147 | fi | 154 | fi |
148 | perl ./Configure shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target | 155 | perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target |
156 | } | ||
157 | |||
158 | do_compile_prepend_class-target () { | ||
159 | sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile | ||
149 | } | 160 | } |
150 | 161 | ||
151 | do_compile () { | 162 | do_compile () { |
152 | oe_runmake | 163 | oe_runmake |
153 | } | 164 | } |
154 | 165 | ||
166 | do_compile_ptest () { | ||
167 | oe_runmake buildtest | ||
168 | } | ||
169 | |||
155 | do_install () { | 170 | do_install () { |
171 | # Create ${D}/${prefix} to fix parallel issues | ||
172 | mkdir -p ${D}/${prefix}/ | ||
173 | |||
156 | oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install | 174 | oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install |
157 | 175 | ||
158 | oe_libinstall -so libcrypto ${D}${libdir} | 176 | oe_libinstall -so libcrypto ${D}${libdir} |
159 | oe_libinstall -so libssl ${D}${libdir} | 177 | oe_libinstall -so libssl ${D}${libdir} |
160 | 178 | ||
161 | # Moving libcrypto to /lib | ||
162 | if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then | ||
163 | mkdir -p ${D}/${base_libdir}/ | ||
164 | mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/ | ||
165 | sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc | ||
166 | fi | ||
167 | |||
168 | install -d ${D}${includedir} | 179 | install -d ${D}${includedir} |
169 | cp --dereference -R include/openssl ${D}${includedir} | 180 | cp --dereference -R include/openssl ${D}${includedir} |
170 | 181 | ||
182 | install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash | ||
183 | sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash | ||
184 | |||
171 | oe_multilib_header openssl/opensslconf.h | 185 | oe_multilib_header openssl/opensslconf.h |
172 | if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then | 186 | if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then |
173 | install -m 0755 ${S}/tools/c_rehash ${D}${bindir} | ||
174 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash | ||
175 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl | 187 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl |
176 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget | 188 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget |
177 | # The c_rehash utility isn't installed by the normal installation process. | ||
178 | else | 189 | else |
179 | rm -f ${D}${bindir}/c_rehash | ||
180 | rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget | 190 | rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget |
181 | fi | 191 | fi |
192 | |||
193 | # Create SSL structure | ||
194 | install -d ${D}${sysconfdir}/ssl/ | ||
195 | mv ${D}${libdir}/ssl/openssl.cnf \ | ||
196 | ${D}${libdir}/ssl/certs \ | ||
197 | ${D}${libdir}/ssl/private \ | ||
198 | \ | ||
199 | ${D}${sysconfdir}/ssl/ | ||
200 | ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs | ||
201 | ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private | ||
202 | ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf | ||
203 | } | ||
204 | |||
205 | do_install_ptest () { | ||
206 | cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} | ||
207 | cp Configure config e_os.h ${D}${PTEST_PATH} | ||
208 | cp -r -L include ${D}${PTEST_PATH} | ||
209 | ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} | ||
210 | ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} | ||
211 | mkdir -p ${D}${PTEST_PATH}/crypto | ||
212 | cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto | ||
213 | cp -r certs ${D}${PTEST_PATH} | ||
214 | mkdir -p ${D}${PTEST_PATH}/apps | ||
215 | ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps | ||
216 | ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps | ||
217 | ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps | ||
218 | cp apps/server2.pem ${D}${PTEST_PATH}/apps | ||
219 | mkdir -p ${D}${PTEST_PATH}/util | ||
220 | install util/opensslwrap.sh ${D}${PTEST_PATH}/util | ||
221 | install util/shlib_wrap.sh ${D}${PTEST_PATH}/util | ||
222 | } | ||
223 | |||
224 | do_install_append_class-native() { | ||
225 | create_wrapper ${D}${bindir}/openssl \ | ||
226 | OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ | ||
227 | SSL_CERT_DIR=${libdir}/ssl/certs \ | ||
228 | SSL_CERT_FILE=${libdir}/ssl/cert.pem \ | ||
229 | OPENSSL_ENGINES=${libdir}/ssl/engines | ||
182 | } | 230 | } |
183 | 231 | ||
184 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch new file mode 100644 index 00000000..249446a5 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/Makefiles-ptest.patch | |||
@@ -0,0 +1,77 @@ | |||
1 | Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests | ||
2 | cross-compiled. | ||
3 | |||
4 | Signed-off-by: Anders Roxell <anders.roxell@enea.com> | ||
5 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | ||
6 | Upstream-Status: Pending | ||
7 | --- | ||
8 | Index: openssl-1.0.2/Makefile.org | ||
9 | =================================================================== | ||
10 | --- openssl-1.0.2.orig/Makefile.org | ||
11 | +++ openssl-1.0.2/Makefile.org | ||
12 | @@ -451,8 +451,16 @@ rehash.time: certs apps | ||
13 | test: tests | ||
14 | |||
15 | tests: rehash | ||
16 | + $(MAKE) buildtest | ||
17 | + $(MAKE) runtest | ||
18 | + | ||
19 | +buildtest: | ||
20 | + @(cd test && \ | ||
21 | + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps); | ||
22 | + | ||
23 | +runtest: | ||
24 | @(cd test && echo "testing..." && \ | ||
25 | - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); | ||
26 | + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests ); | ||
27 | OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a | ||
28 | |||
29 | report: | ||
30 | Index: openssl-1.0.2/test/Makefile | ||
31 | =================================================================== | ||
32 | --- openssl-1.0.2.orig/test/Makefile | ||
33 | +++ openssl-1.0.2/test/Makefile | ||
34 | @@ -137,7 +137,7 @@ tests: exe apps $(TESTS) | ||
35 | apps: | ||
36 | @(cd ..; $(MAKE) DIRS=apps all) | ||
37 | |||
38 | -alltests: \ | ||
39 | +all-tests= \ | ||
40 | test_des test_idea test_sha test_md4 test_md5 test_hmac \ | ||
41 | test_md2 test_mdc2 test_wp \ | ||
42 | test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ | ||
43 | @@ -148,6 +148,11 @@ alltests: \ | ||
44 | test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ | ||
45 | test_constant_time | ||
46 | |||
47 | +alltests: | ||
48 | + @(for i in $(all-tests); do \ | ||
49 | + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ | ||
50 | + done) | ||
51 | + | ||
52 | test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt | ||
53 | ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt | ||
54 | |||
55 | @@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 | ||
56 | echo test second x509v3 certificate | ||
57 | sh ./tx509 v3-cert2.pem 2>/dev/null | ||
58 | |||
59 | -test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem | ||
60 | +test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem | ||
61 | @sh ./trsa 2>/dev/null | ||
62 | ../util/shlib_wrap.sh ./$(RSATEST) | ||
63 | |||
64 | @@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test | ||
65 | sh ./testtsa; \ | ||
66 | fi | ||
67 | |||
68 | -test_ige: $(IGETEST)$(EXE_EXT) | ||
69 | +test_ige: | ||
70 | @echo "Test IGE mode" | ||
71 | ../util/shlib_wrap.sh ./$(IGETEST) | ||
72 | |||
73 | -test_jpake: $(JPAKETEST)$(EXE_EXT) | ||
74 | +test_jpake: | ||
75 | @echo "Test JPAKE" | ||
76 | ../util/shlib_wrap.sh ./$(JPAKETEST) | ||
77 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch new file mode 100644 index 00000000..613dc7b7 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/configure-musl-target.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | Add musl triplet support | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
5 | |||
6 | Index: openssl-1.0.2a/Configure | ||
7 | =================================================================== | ||
8 | --- openssl-1.0.2a.orig/Configure | ||
9 | +++ openssl-1.0.2a/Configure | ||
10 | @@ -431,7 +431,7 @@ my %table=( | ||
11 | # | ||
12 | # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 | ||
13 | # | ||
14 | -"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
15 | +"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
16 | "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
17 | # Configure script adds minimally required -march for assembly support, | ||
18 | # if no -march was specified at command line. mips32 and mips64 below | ||
19 | @@ -504,6 +504,8 @@ my %table=( | ||
20 | "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
21 | "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
22 | "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
23 | +"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
24 | +"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
25 | |||
26 | "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", | ||
27 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch index c1f3d087..691e74af 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/configure-targets.patch | |||
@@ -7,28 +7,31 @@ The number of colons are important :) | |||
7 | Configure | 16 ++++++++++++++++ | 7 | Configure | 16 ++++++++++++++++ |
8 | 1 file changed, 16 insertions(+) | 8 | 1 file changed, 16 insertions(+) |
9 | 9 | ||
10 | --- a/Configure | 10 | Index: openssl-1.0.2a/Configure |
11 | +++ b/Configure | 11 | =================================================================== |
12 | @@ -403,6 +403,22 @@ my %table=( | 12 | --- openssl-1.0.2a.orig/Configure |
13 | "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", | 13 | +++ openssl-1.0.2a/Configure |
14 | "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", | 14 | @@ -443,6 +443,23 @@ my %table=( |
15 | "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", | ||
16 | "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", | ||
15 | 17 | ||
16 | + # Linux on ARM | 18 | + |
17 | +"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 19 | +# Linux on ARM |
18 | +"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 20 | +"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
19 | +"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 21 | +"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
20 | +"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 22 | +"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
21 | +"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 23 | +"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
22 | +"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 24 | +"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
25 | +"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
23 | + | 26 | + |
24 | +"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", | 27 | +"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", |
25 | + | 28 | + |
26 | +#### Linux on MIPS/MIPS64 | 29 | +#### Linux on MIPS/MIPS64 |
27 | +"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 30 | +"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
28 | +"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 31 | +"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
29 | +"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 32 | +"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
30 | +"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 33 | +"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
31 | + | 34 | + |
32 | # Android: linux-* but without -DTERMIO and pointers to headers and libs. | 35 | # Android: linux-* but without pointers to headers and libs. |
33 | "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 36 | "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
34 | "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 37 | "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch new file mode 100644 index 00000000..4f81d85d --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/crypto_use_bigint_in_x86-64_perl.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | When building on x32 systems where the default type is 32bit, make sure | ||
4 | we can transparently represent 64bit integers. Otherwise we end up with | ||
5 | build errors like: | ||
6 | /usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s | ||
7 | Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. | ||
8 | ... | ||
9 | ghash-x86_64.s: Assembler messages: | ||
10 | ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression | ||
11 | |||
12 | We don't enable this globally as there are some cases where we'd get | ||
13 | 32bit values interpreted as unsigned when we need them as signed. | ||
14 | |||
15 | Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> | ||
16 | URL: https://bugs.gentoo.org/542618 | ||
17 | |||
18 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
19 | |||
20 | Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl | ||
21 | =================================================================== | ||
22 | --- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl | ||
23 | +++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl | ||
24 | @@ -194,7 +194,10 @@ my %globals; | ||
25 | } | ||
26 | sub out { | ||
27 | my $self = shift; | ||
28 | - | ||
29 | + # When building on x32 ABIs, the expanded hex value might be too | ||
30 | + # big to fit into 32bits. Enable transparent 64bit support here | ||
31 | + # so we can safely print it out. | ||
32 | + use bigint; | ||
33 | if ($gas) { | ||
34 | # Solaris /usr/ccs/bin/as can't handle multiplications | ||
35 | # in $self->{value} | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch index ac1b19b9..68e54d56 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/c_rehash-compat.patch | |||
@@ -1,38 +1,54 @@ | |||
1 | Upstream-Status: Backport [debian] | ||
2 | |||
3 | From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 | 1 | From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 |
4 | From: Ludwig Nussel <ludwig.nussel@suse.de> | 2 | From: Ludwig Nussel <ludwig.nussel@suse.de> |
5 | Date: Wed, 21 Apr 2010 15:52:10 +0200 | 3 | Date: Wed, 21 Apr 2010 15:52:10 +0200 |
6 | Subject: [PATCH] also create old hash for compatibility | 4 | Subject: [PATCH] also create old hash for compatibility |
7 | 5 | ||
8 | --- | 6 | Upstream-Status: Backport [debian] |
9 | tools/c_rehash.in | 8 +++++++- | ||
10 | 1 files changed, 7 insertions(+), 1 deletions(-) | ||
11 | 7 | ||
12 | Index: openssl-1.0.0d/tools/c_rehash.in | 8 | diff --git a/tools/c_rehash.in b/tools/c_rehash.in |
13 | =================================================================== | 9 | index b086ff9..b777d79 100644 |
14 | --- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 | 10 | --- a/tools/c_rehash.in |
15 | +++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 | 11 | +++ b/tools/c_rehash.in |
16 | @@ -86,6 +86,7 @@ | 12 | @@ -8,8 +8,6 @@ my $prefix; |
17 | } | 13 | |
14 | my $openssl = $ENV{OPENSSL} || "openssl"; | ||
15 | my $pwd; | ||
16 | -my $x509hash = "-subject_hash"; | ||
17 | -my $crlhash = "-hash"; | ||
18 | my $verbose = 0; | ||
19 | my $symlink_exists=eval {symlink("",""); 1}; | ||
20 | my $removelinks = 1; | ||
21 | @@ -18,10 +16,7 @@ my $removelinks = 1; | ||
22 | while ( $ARGV[0] =~ /^-/ ) { | ||
23 | my $flag = shift @ARGV; | ||
24 | last if ( $flag eq '--'); | ||
25 | - if ( $flag eq '-old') { | ||
26 | - $x509hash = "-subject_hash_old"; | ||
27 | - $crlhash = "-hash_old"; | ||
28 | - } elsif ( $flag eq '-h') { | ||
29 | + if ( $flag eq '-h') { | ||
30 | help(); | ||
31 | } elsif ( $flag eq '-n' ) { | ||
32 | $removelinks = 0; | ||
33 | @@ -113,7 +108,9 @@ sub hash_dir { | ||
34 | next; | ||
18 | } | 35 | } |
19 | link_hash_cert($fname) if($cert); | 36 | link_hash_cert($fname) if($cert); |
20 | + link_hash_cert_old($fname) if($cert); | 37 | + link_hash_cert_old($fname) if($cert); |
21 | link_hash_crl($fname) if($crl); | 38 | link_hash_crl($fname) if($crl); |
39 | + link_hash_crl_old($fname) if($crl); | ||
22 | } | 40 | } |
23 | } | 41 | } |
24 | @@ -119,8 +120,9 @@ | 42 | |
43 | @@ -146,6 +143,7 @@ sub check_file { | ||
25 | 44 | ||
26 | sub link_hash_cert { | 45 | sub link_hash_cert { |
27 | my $fname = $_[0]; | 46 | my $fname = $_[0]; |
28 | + my $hashopt = $_[1] || '-subject_hash'; | 47 | + my $x509hash = $_[1] || '-subject_hash'; |
29 | $fname =~ s/'/'\\''/g; | 48 | $fname =~ s/'/'\\''/g; |
30 | - my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; | 49 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; |
31 | + my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; | ||
32 | chomp $hash; | 50 | chomp $hash; |
33 | chomp $fprint; | 51 | @@ -176,11 +174,21 @@ sub link_hash_cert { |
34 | $fprint =~ s/^.*=//; | ||
35 | @@ -150,6 +152,10 @@ | ||
36 | $hashlist{$hash} = $fprint; | 52 | $hashlist{$hash} = $fprint; |
37 | } | 53 | } |
38 | 54 | ||
@@ -40,6 +56,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in | |||
40 | + link_hash_cert($_[0], '-subject_hash_old'); | 56 | + link_hash_cert($_[0], '-subject_hash_old'); |
41 | +} | 57 | +} |
42 | + | 58 | + |
59 | +sub link_hash_crl_old { | ||
60 | + link_hash_crl($_[0], '-hash_old'); | ||
61 | +} | ||
62 | + | ||
63 | + | ||
43 | # Same as above except for a CRL. CRL links are of the form <hash>.r<n> | 64 | # Same as above except for a CRL. CRL links are of the form <hash>.r<n> |
44 | 65 | ||
45 | sub link_hash_crl { | 66 | sub link_hash_crl { |
67 | my $fname = $_[0]; | ||
68 | + my $crlhash = $_[1] || "-hash"; | ||
69 | $fname =~ s/'/'\\''/g; | ||
70 | my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; | ||
71 | chomp $hash; | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch index 8101edf0..39d43281 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/debian-targets.patch | |||
@@ -1,12 +1,12 @@ | |||
1 | Upstream-Status: Backport [debian] | 1 | Upstream-Status: Backport [debian] |
2 | 2 | ||
3 | Index: openssl-1.0.1/Configure | 3 | Index: openssl-1.0.2/Configure |
4 | =================================================================== | 4 | =================================================================== |
5 | --- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 | 5 | --- openssl-1.0.2.orig/Configure |
6 | +++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 | 6 | +++ openssl-1.0.2/Configure |
7 | @@ -105,6 +105,10 @@ | 7 | @@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic |
8 | 8 | ||
9 | my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; | 9 | my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; |
10 | 10 | ||
11 | +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS | 11 | +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS |
12 | +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; | 12 | +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; |
@@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure | |||
15 | my $strict_warnings = 0; | 15 | my $strict_warnings = 0; |
16 | 16 | ||
17 | my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; | 17 | my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; |
18 | @@ -338,6 +342,48 @@ | 18 | @@ -343,6 +347,55 @@ my %table=( |
19 | "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", | 19 | "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", |
20 | "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", | 20 | "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", |
21 | 21 | ||
@@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure | |||
23 | +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 23 | +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
24 | +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 24 | +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
25 | +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 25 | +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
26 | +"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 26 | +"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
27 | +"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 27 | +"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
28 | +"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 28 | +"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
29 | +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", | 29 | +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", |
30 | +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 30 | +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
31 | +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 31 | +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
@@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure | |||
40 | +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 40 | +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
41 | +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 41 | +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
42 | +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 42 | +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
43 | +"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
44 | +"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
45 | +"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
46 | +"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
43 | +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 47 | +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
44 | +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 48 | +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
45 | +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 49 | +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
46 | +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 50 | +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
47 | +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 51 | +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
48 | +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 52 | +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
53 | +"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
49 | +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 54 | +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
50 | +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 55 | +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
51 | +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 56 | +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
57 | +"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
52 | +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 58 | +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
53 | +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 59 | +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
54 | +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 60 | +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
@@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure | |||
60 | +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 66 | +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
61 | +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 67 | +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
62 | +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 68 | +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
69 | +"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", | ||
63 | + | 70 | + |
64 | #### | 71 | #### |
65 | #### Variety of LINUX:-) | 72 | #### Variety of LINUX:-) |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch deleted file mode 100644 index ee0a62c3..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/debian/make-targets.patch +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | Upstream-Status: Backport [debian] | ||
2 | |||
3 | Index: openssl-1.0.1/Makefile.org | ||
4 | =================================================================== | ||
5 | --- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000 | ||
6 | +++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000 | ||
7 | @@ -135,7 +135,7 @@ | ||
8 | |||
9 | BASEADDR= | ||
10 | |||
11 | -DIRS= crypto ssl engines apps test tools | ||
12 | +DIRS= crypto ssl engines apps tools | ||
13 | ENGDIRS= ccgost | ||
14 | SHLIBDIRS= crypto ssl | ||
15 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch index ece8b9b4..a2491800 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/debian/version-script.patch | |||
@@ -1,10 +1,8 @@ | |||
1 | Upstream-Status: Backport [debian] | 1 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure |
2 | |||
3 | Index: openssl-1.0.1d/Configure | ||
4 | =================================================================== | 2 | =================================================================== |
5 | --- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 | 3 | --- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 |
6 | +++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 | 4 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 |
7 | @@ -1621,6 +1621,8 @@ | 5 | @@ -1651,6 +1651,8 @@ |
8 | } | 6 | } |
9 | } | 7 | } |
10 | 8 | ||
@@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure | |||
13 | open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; | 11 | open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; |
14 | unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; | 12 | unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; |
15 | open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; | 13 | open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; |
16 | Index: openssl-1.0.1d/openssl.ld | 14 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld |
17 | =================================================================== | 15 | =================================================================== |
18 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | 16 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 |
19 | +++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 | 17 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 |
20 | @@ -0,0 +1,4620 @@ | 18 | @@ -0,0 +1,4615 @@ |
21 | +OPENSSL_1.0.0 { | 19 | +OPENSSL_1.0.0 { |
22 | + global: | 20 | + global: |
23 | + BIO_f_ssl; | 21 | + BIO_f_ssl; |
@@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld | |||
2229 | + ERR_load_COMP_strings; | 2227 | + ERR_load_COMP_strings; |
2230 | + PKCS12_item_decrypt_d2i; | 2228 | + PKCS12_item_decrypt_d2i; |
2231 | + ASN1_UTF8STRING_it; | 2229 | + ASN1_UTF8STRING_it; |
2232 | + ASN1_UTF8STRING_it; | ||
2233 | + ENGINE_unregister_ciphers; | 2230 | + ENGINE_unregister_ciphers; |
2234 | + ENGINE_get_ciphers; | 2231 | + ENGINE_get_ciphers; |
2235 | + d2i_OCSP_BASICRESP; | 2232 | + d2i_OCSP_BASICRESP; |
2236 | + KRB5_CHECKSUM_it; | 2233 | + KRB5_CHECKSUM_it; |
2237 | + KRB5_CHECKSUM_it; | ||
2238 | + EC_POINT_add; | 2234 | + EC_POINT_add; |
2239 | + ASN1_item_ex_i2d; | 2235 | + ASN1_item_ex_i2d; |
2240 | + OCSP_CERTID_it; | 2236 | + OCSP_CERTID_it; |
2241 | + OCSP_CERTID_it; | ||
2242 | + d2i_OCSP_RESPBYTES; | 2237 | + d2i_OCSP_RESPBYTES; |
2243 | + X509V3_add1_i2d; | 2238 | + X509V3_add1_i2d; |
2244 | + PKCS7_ENVELOPE_it; | 2239 | + PKCS7_ENVELOPE_it; |
2245 | + PKCS7_ENVELOPE_it; | ||
2246 | + UI_add_input_boolean; | 2240 | + UI_add_input_boolean; |
2247 | + ENGINE_unregister_RSA; | 2241 | + ENGINE_unregister_RSA; |
2248 | + X509V3_EXT_nconf; | 2242 | + X509V3_EXT_nconf; |
@@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld | |||
2254 | + ENGINE_register_all_RAND; | 2248 | + ENGINE_register_all_RAND; |
2255 | + ENGINE_load_dynamic; | 2249 | + ENGINE_load_dynamic; |
2256 | + PBKDF2PARAM_it; | 2250 | + PBKDF2PARAM_it; |
2257 | + PBKDF2PARAM_it; | ||
2258 | + EXTENDED_KEY_USAGE_new; | 2251 | + EXTENDED_KEY_USAGE_new; |
2259 | + EC_GROUP_clear_free; | 2252 | + EC_GROUP_clear_free; |
2260 | + OCSP_sendreq_bio; | 2253 | + OCSP_sendreq_bio; |
2261 | + ASN1_item_digest; | 2254 | + ASN1_item_digest; |
2262 | + OCSP_BASICRESP_delete_ext; | 2255 | + OCSP_BASICRESP_delete_ext; |
2263 | + OCSP_SIGNATURE_it; | 2256 | + OCSP_SIGNATURE_it; |
2264 | + OCSP_SIGNATURE_it; | ||
2265 | + X509_CRL_it; | ||
2266 | + X509_CRL_it; | 2257 | + X509_CRL_it; |
2267 | + OCSP_BASICRESP_add_ext; | 2258 | + OCSP_BASICRESP_add_ext; |
2268 | + KRB5_ENCKEY_it; | 2259 | + KRB5_ENCKEY_it; |
2269 | + KRB5_ENCKEY_it; | ||
2270 | + UI_method_set_closer; | 2260 | + UI_method_set_closer; |
2271 | + X509_STORE_set_purpose; | 2261 | + X509_STORE_set_purpose; |
2272 | + i2d_ASN1_GENERALSTRING; | 2262 | + i2d_ASN1_GENERALSTRING; |
@@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2277 | + OCSP_REQUEST_get_ext_by_OBJ; | 2267 | + OCSP_REQUEST_get_ext_by_OBJ; |
2278 | + _ossl_old_des_random_key; | 2268 | + _ossl_old_des_random_key; |
2279 | + ASN1_T61STRING_it; | 2269 | + ASN1_T61STRING_it; |
2280 | + ASN1_T61STRING_it; | ||
2281 | + EC_GROUP_method_of; | 2270 | + EC_GROUP_method_of; |
2282 | + i2d_KRB5_APREQ; | 2271 | + i2d_KRB5_APREQ; |
2283 | + _ossl_old_des_encrypt; | 2272 | + _ossl_old_des_encrypt; |
@@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2293 | + OCSP_SINGLERESP_get_ext_count; | 2282 | + OCSP_SINGLERESP_get_ext_count; |
2294 | + UI_ctrl; | 2283 | + UI_ctrl; |
2295 | + _shadow_DES_rw_mode; | 2284 | + _shadow_DES_rw_mode; |
2296 | + _shadow_DES_rw_mode; | ||
2297 | + asn1_do_adb; | 2285 | + asn1_do_adb; |
2298 | + ASN1_template_i2d; | 2286 | + ASN1_template_i2d; |
2299 | + ENGINE_register_DH; | 2287 | + ENGINE_register_DH; |
@@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2307 | + KRB5_ENCKEY_free; | 2295 | + KRB5_ENCKEY_free; |
2308 | + OCSP_resp_get0; | 2296 | + OCSP_resp_get0; |
2309 | + GENERAL_NAME_it; | 2297 | + GENERAL_NAME_it; |
2310 | + GENERAL_NAME_it; | ||
2311 | + ASN1_GENERALIZEDTIME_it; | ||
2312 | + ASN1_GENERALIZEDTIME_it; | 2298 | + ASN1_GENERALIZEDTIME_it; |
2313 | + X509_STORE_set_flags; | 2299 | + X509_STORE_set_flags; |
2314 | + EC_POINT_set_compressed_coordinates_GFp; | 2300 | + EC_POINT_set_compressed_coordinates_GFp; |
@@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld | |||
2330 | + EC_POINT_set_affine_coords_GFp; | 2316 | + EC_POINT_set_affine_coords_GFp; |
2331 | + _ossl_old_des_options; | 2317 | + _ossl_old_des_options; |
2332 | + SXNET_it; | 2318 | + SXNET_it; |
2333 | + SXNET_it; | ||
2334 | + UI_dup_input_boolean; | 2319 | + UI_dup_input_boolean; |
2335 | + PKCS12_add_CSPName_asc; | 2320 | + PKCS12_add_CSPName_asc; |
2336 | + EC_POINT_is_at_infinity; | 2321 | + EC_POINT_is_at_infinity; |
2337 | + ENGINE_load_cryptodev; | 2322 | + ENGINE_load_cryptodev; |
2338 | + DSO_convert_filename; | 2323 | + DSO_convert_filename; |
2339 | + POLICYQUALINFO_it; | 2324 | + POLICYQUALINFO_it; |
2340 | + POLICYQUALINFO_it; | ||
2341 | + ENGINE_register_ciphers; | 2325 | + ENGINE_register_ciphers; |
2342 | + BN_mod_lshift_quick; | 2326 | + BN_mod_lshift_quick; |
2343 | + DSO_set_filename; | 2327 | + DSO_set_filename; |
2344 | + ASN1_item_free; | 2328 | + ASN1_item_free; |
2345 | + KRB5_TKTBODY_free; | 2329 | + KRB5_TKTBODY_free; |
2346 | + AUTHORITY_KEYID_it; | 2330 | + AUTHORITY_KEYID_it; |
2347 | + AUTHORITY_KEYID_it; | ||
2348 | + KRB5_APREQBODY_new; | 2331 | + KRB5_APREQBODY_new; |
2349 | + X509V3_EXT_REQ_add_nconf; | 2332 | + X509V3_EXT_REQ_add_nconf; |
2350 | + ENGINE_ctrl_cmd_string; | 2333 | + ENGINE_ctrl_cmd_string; |
@@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld | |||
2352 | + EVP_MD_CTX_init; | 2335 | + EVP_MD_CTX_init; |
2353 | + EXTENDED_KEY_USAGE_free; | 2336 | + EXTENDED_KEY_USAGE_free; |
2354 | + PKCS7_ATTR_SIGN_it; | 2337 | + PKCS7_ATTR_SIGN_it; |
2355 | + PKCS7_ATTR_SIGN_it; | ||
2356 | + UI_add_error_string; | 2338 | + UI_add_error_string; |
2357 | + KRB5_CHECKSUM_free; | 2339 | + KRB5_CHECKSUM_free; |
2358 | + OCSP_REQUEST_get_ext; | 2340 | + OCSP_REQUEST_get_ext; |
2359 | + ENGINE_load_ubsec; | 2341 | + ENGINE_load_ubsec; |
2360 | + ENGINE_register_all_digests; | 2342 | + ENGINE_register_all_digests; |
2361 | + PKEY_USAGE_PERIOD_it; | 2343 | + PKEY_USAGE_PERIOD_it; |
2362 | + PKEY_USAGE_PERIOD_it; | ||
2363 | + PKCS12_unpack_authsafes; | 2344 | + PKCS12_unpack_authsafes; |
2364 | + ASN1_item_unpack; | 2345 | + ASN1_item_unpack; |
2365 | + NETSCAPE_SPKAC_it; | 2346 | + NETSCAPE_SPKAC_it; |
2366 | + NETSCAPE_SPKAC_it; | ||
2367 | + X509_REVOKED_it; | ||
2368 | + X509_REVOKED_it; | 2347 | + X509_REVOKED_it; |
2369 | + ASN1_STRING_encode; | 2348 | + ASN1_STRING_encode; |
2370 | + EVP_aes_128_ecb; | 2349 | + EVP_aes_128_ecb; |
@@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2376 | + UI_dup_info_string; | 2355 | + UI_dup_info_string; |
2377 | + _ossl_old_des_xwhite_in2out; | 2356 | + _ossl_old_des_xwhite_in2out; |
2378 | + PKCS12_it; | 2357 | + PKCS12_it; |
2379 | + PKCS12_it; | ||
2380 | + OCSP_SINGLERESP_get_ext_by_critical; | 2358 | + OCSP_SINGLERESP_get_ext_by_critical; |
2381 | + OCSP_SINGLERESP_get_ext_by_crit; | 2359 | + OCSP_SINGLERESP_get_ext_by_crit; |
2382 | + OCSP_CERTSTATUS_free; | 2360 | + OCSP_CERTSTATUS_free; |
@@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld | |||
2395 | + ENGINE_unregister_DSA; | 2373 | + ENGINE_unregister_DSA; |
2396 | + _ossl_old_des_key_sched; | 2374 | + _ossl_old_des_key_sched; |
2397 | + X509_EXTENSION_it; | 2375 | + X509_EXTENSION_it; |
2398 | + X509_EXTENSION_it; | ||
2399 | + i2d_KRB5_AUTHENT; | 2376 | + i2d_KRB5_AUTHENT; |
2400 | + SXNETID_it; | 2377 | + SXNETID_it; |
2401 | + SXNETID_it; | ||
2402 | + d2i_OCSP_SINGLERESP; | 2378 | + d2i_OCSP_SINGLERESP; |
2403 | + EDIPARTYNAME_new; | 2379 | + EDIPARTYNAME_new; |
2404 | + PKCS12_certbag2x509; | 2380 | + PKCS12_certbag2x509; |
@@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld | |||
2409 | + d2i_KRB5_APREQBODY; | 2385 | + d2i_KRB5_APREQBODY; |
2410 | + UI_method_get_flusher; | 2386 | + UI_method_get_flusher; |
2411 | + X509_PUBKEY_it; | 2387 | + X509_PUBKEY_it; |
2412 | + X509_PUBKEY_it; | ||
2413 | + _ossl_old_des_enc_read; | 2388 | + _ossl_old_des_enc_read; |
2414 | + PKCS7_ENCRYPT_it; | 2389 | + PKCS7_ENCRYPT_it; |
2415 | + PKCS7_ENCRYPT_it; | ||
2416 | + i2d_OCSP_RESPONSE; | 2390 | + i2d_OCSP_RESPONSE; |
2417 | + EC_GROUP_get_cofactor; | 2391 | + EC_GROUP_get_cofactor; |
2418 | + PKCS12_unpack_p7data; | 2392 | + PKCS12_unpack_p7data; |
@@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld | |||
2430 | + PKCS12_item_i2d_encrypt; | 2404 | + PKCS12_item_i2d_encrypt; |
2431 | + X509_add1_ext_i2d; | 2405 | + X509_add1_ext_i2d; |
2432 | + PKCS7_SIGNER_INFO_it; | 2406 | + PKCS7_SIGNER_INFO_it; |
2433 | + PKCS7_SIGNER_INFO_it; | ||
2434 | + KRB5_PRINCNAME_new; | 2407 | + KRB5_PRINCNAME_new; |
2435 | + PKCS12_SAFEBAG_it; | 2408 | + PKCS12_SAFEBAG_it; |
2436 | + PKCS12_SAFEBAG_it; | ||
2437 | + EC_GROUP_get_order; | 2409 | + EC_GROUP_get_order; |
2438 | + d2i_OCSP_RESPID; | 2410 | + d2i_OCSP_RESPID; |
2439 | + OCSP_request_verify; | 2411 | + OCSP_request_verify; |
@@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld | |||
2448 | + EVP_MD_CTX_create; | 2420 | + EVP_MD_CTX_create; |
2449 | + OCSP_resp_find_status; | 2421 | + OCSP_resp_find_status; |
2450 | + X509_ALGOR_it; | 2422 | + X509_ALGOR_it; |
2451 | + X509_ALGOR_it; | ||
2452 | + ASN1_TIME_it; | ||
2453 | + ASN1_TIME_it; | 2423 | + ASN1_TIME_it; |
2454 | + OCSP_request_set1_name; | 2424 | + OCSP_request_set1_name; |
2455 | + OCSP_ONEREQ_get_ext_count; | 2425 | + OCSP_ONEREQ_get_ext_count; |
2456 | + UI_get0_result; | 2426 | + UI_get0_result; |
2457 | + PKCS12_AUTHSAFES_it; | 2427 | + PKCS12_AUTHSAFES_it; |
2458 | + PKCS12_AUTHSAFES_it; | ||
2459 | + EVP_aes_256_ecb; | 2428 | + EVP_aes_256_ecb; |
2460 | + PKCS12_pack_authsafes; | 2429 | + PKCS12_pack_authsafes; |
2461 | + ASN1_IA5STRING_it; | 2430 | + ASN1_IA5STRING_it; |
2462 | + ASN1_IA5STRING_it; | ||
2463 | + UI_get_input_flags; | 2431 | + UI_get_input_flags; |
2464 | + EC_GROUP_set_generator; | 2432 | + EC_GROUP_set_generator; |
2465 | + _ossl_old_des_string_to_2keys; | 2433 | + _ossl_old_des_string_to_2keys; |
2466 | + OCSP_CERTID_free; | 2434 | + OCSP_CERTID_free; |
2467 | + X509_CERT_AUX_it; | 2435 | + X509_CERT_AUX_it; |
2468 | + X509_CERT_AUX_it; | ||
2469 | + CERTIFICATEPOLICIES_it; | ||
2470 | + CERTIFICATEPOLICIES_it; | 2436 | + CERTIFICATEPOLICIES_it; |
2471 | + _ossl_old_des_ede3_cbc_encrypt; | 2437 | + _ossl_old_des_ede3_cbc_encrypt; |
2472 | + RAND_set_rand_engine; | 2438 | + RAND_set_rand_engine; |
2473 | + DSO_get_loaded_filename; | 2439 | + DSO_get_loaded_filename; |
2474 | + X509_ATTRIBUTE_it; | 2440 | + X509_ATTRIBUTE_it; |
2475 | + X509_ATTRIBUTE_it; | ||
2476 | + OCSP_ONEREQ_get_ext_by_NID; | 2441 | + OCSP_ONEREQ_get_ext_by_NID; |
2477 | + PKCS12_decrypt_skey; | 2442 | + PKCS12_decrypt_skey; |
2478 | + KRB5_AUTHENT_it; | 2443 | + KRB5_AUTHENT_it; |
2479 | + KRB5_AUTHENT_it; | ||
2480 | + UI_dup_error_string; | 2444 | + UI_dup_error_string; |
2481 | + RSAPublicKey_it; | 2445 | + RSAPublicKey_it; |
2482 | + RSAPublicKey_it; | ||
2483 | + i2d_OCSP_REQUEST; | 2446 | + i2d_OCSP_REQUEST; |
2484 | + PKCS12_x509crl2certbag; | 2447 | + PKCS12_x509crl2certbag; |
2485 | + OCSP_SERVICELOC_it; | 2448 | + OCSP_SERVICELOC_it; |
2486 | + OCSP_SERVICELOC_it; | ||
2487 | + ASN1_item_sign; | 2449 | + ASN1_item_sign; |
2488 | + X509_CRL_set_issuer_name; | 2450 | + X509_CRL_set_issuer_name; |
2489 | + OBJ_NAME_do_all_sorted; | 2451 | + OBJ_NAME_do_all_sorted; |
@@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld | |||
2494 | + ENGINE_get_digest; | 2456 | + ENGINE_get_digest; |
2495 | + OCSP_RESPONSE_print; | 2457 | + OCSP_RESPONSE_print; |
2496 | + KRB5_TKTBODY_it; | 2458 | + KRB5_TKTBODY_it; |
2497 | + KRB5_TKTBODY_it; | ||
2498 | + ACCESS_DESCRIPTION_it; | 2459 | + ACCESS_DESCRIPTION_it; |
2499 | + ACCESS_DESCRIPTION_it; | ||
2500 | + PKCS7_ISSUER_AND_SERIAL_it; | ||
2501 | + PKCS7_ISSUER_AND_SERIAL_it; | 2460 | + PKCS7_ISSUER_AND_SERIAL_it; |
2502 | + PBE2PARAM_it; | 2461 | + PBE2PARAM_it; |
2503 | + PBE2PARAM_it; | ||
2504 | + PKCS12_certbag2x509crl; | 2462 | + PKCS12_certbag2x509crl; |
2505 | + PKCS7_SIGNED_it; | 2463 | + PKCS7_SIGNED_it; |
2506 | + PKCS7_SIGNED_it; | ||
2507 | + ENGINE_get_cipher; | 2464 | + ENGINE_get_cipher; |
2508 | + i2d_OCSP_CRLID; | 2465 | + i2d_OCSP_CRLID; |
2509 | + OCSP_SINGLERESP_new; | 2466 | + OCSP_SINGLERESP_new; |
2510 | + ENGINE_cmd_is_executable; | 2467 | + ENGINE_cmd_is_executable; |
2511 | + RSA_up_ref; | 2468 | + RSA_up_ref; |
2512 | + ASN1_GENERALSTRING_it; | 2469 | + ASN1_GENERALSTRING_it; |
2513 | + ASN1_GENERALSTRING_it; | ||
2514 | + ENGINE_register_DSA; | 2470 | + ENGINE_register_DSA; |
2515 | + X509V3_EXT_add_nconf_sk; | 2471 | + X509V3_EXT_add_nconf_sk; |
2516 | + ENGINE_set_load_pubkey_function; | 2472 | + ENGINE_set_load_pubkey_function; |
2517 | + PKCS8_decrypt; | 2473 | + PKCS8_decrypt; |
2518 | + PEM_bytes_read_bio; | 2474 | + PEM_bytes_read_bio; |
2519 | + DIRECTORYSTRING_it; | 2475 | + DIRECTORYSTRING_it; |
2520 | + DIRECTORYSTRING_it; | ||
2521 | + d2i_OCSP_CRLID; | 2476 | + d2i_OCSP_CRLID; |
2522 | + EC_POINT_is_on_curve; | 2477 | + EC_POINT_is_on_curve; |
2523 | + CRYPTO_set_locked_mem_ex_functions; | 2478 | + CRYPTO_set_locked_mem_ex_functions; |
@@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2525 | + d2i_KRB5_CHECKSUM; | 2480 | + d2i_KRB5_CHECKSUM; |
2526 | + ASN1_item_dup; | 2481 | + ASN1_item_dup; |
2527 | + X509_it; | 2482 | + X509_it; |
2528 | + X509_it; | ||
2529 | + BN_mod_add; | 2483 | + BN_mod_add; |
2530 | + KRB5_AUTHDATA_free; | 2484 | + KRB5_AUTHDATA_free; |
2531 | + _ossl_old_des_cbc_cksum; | 2485 | + _ossl_old_des_cbc_cksum; |
@@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2534 | + EC_POINT_get_Jprojective_coordinates_GFp; | 2488 | + EC_POINT_get_Jprojective_coordinates_GFp; |
2535 | + EC_POINT_get_Jproj_coords_GFp; | 2489 | + EC_POINT_get_Jproj_coords_GFp; |
2536 | + ZLONG_it; | 2490 | + ZLONG_it; |
2537 | + ZLONG_it; | ||
2538 | + CRYPTO_get_locked_mem_ex_functions; | 2491 | + CRYPTO_get_locked_mem_ex_functions; |
2539 | + CRYPTO_get_locked_mem_ex_funcs; | 2492 | + CRYPTO_get_locked_mem_ex_funcs; |
2540 | + ASN1_TIME_check; | 2493 | + ASN1_TIME_check; |
@@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld | |||
2544 | + _ossl_old_des_ede3_cfb64_encrypt; | 2497 | + _ossl_old_des_ede3_cfb64_encrypt; |
2545 | + _ossl_odes_ede3_cfb64_encrypt; | 2498 | + _ossl_odes_ede3_cfb64_encrypt; |
2546 | + ASN1_BMPSTRING_it; | 2499 | + ASN1_BMPSTRING_it; |
2547 | + ASN1_BMPSTRING_it; | ||
2548 | + ASN1_tag2bit; | 2500 | + ASN1_tag2bit; |
2549 | + UI_method_set_flusher; | 2501 | + UI_method_set_flusher; |
2550 | + X509_ocspid_print; | 2502 | + X509_ocspid_print; |
2551 | + KRB5_ENCDATA_it; | 2503 | + KRB5_ENCDATA_it; |
2552 | + KRB5_ENCDATA_it; | ||
2553 | + ENGINE_get_load_pubkey_function; | 2504 | + ENGINE_get_load_pubkey_function; |
2554 | + UI_add_user_data; | 2505 | + UI_add_user_data; |
2555 | + OCSP_REQUEST_delete_ext; | 2506 | + OCSP_REQUEST_delete_ext; |
2556 | + UI_get_method; | 2507 | + UI_get_method; |
2557 | + OCSP_ONEREQ_free; | 2508 | + OCSP_ONEREQ_free; |
2558 | + ASN1_PRINTABLESTRING_it; | 2509 | + ASN1_PRINTABLESTRING_it; |
2559 | + ASN1_PRINTABLESTRING_it; | ||
2560 | + X509_CRL_set_nextUpdate; | 2510 | + X509_CRL_set_nextUpdate; |
2561 | + OCSP_REQUEST_it; | 2511 | + OCSP_REQUEST_it; |
2562 | + OCSP_REQUEST_it; | ||
2563 | + OCSP_BASICRESP_it; | ||
2564 | + OCSP_BASICRESP_it; | 2512 | + OCSP_BASICRESP_it; |
2565 | + AES_ecb_encrypt; | 2513 | + AES_ecb_encrypt; |
2566 | + BN_mod_sqr; | 2514 | + BN_mod_sqr; |
2567 | + NETSCAPE_CERT_SEQUENCE_it; | 2515 | + NETSCAPE_CERT_SEQUENCE_it; |
2568 | + NETSCAPE_CERT_SEQUENCE_it; | ||
2569 | + GENERAL_NAMES_it; | ||
2570 | + GENERAL_NAMES_it; | 2516 | + GENERAL_NAMES_it; |
2571 | + AUTHORITY_INFO_ACCESS_it; | 2517 | + AUTHORITY_INFO_ACCESS_it; |
2572 | + AUTHORITY_INFO_ACCESS_it; | ||
2573 | + ASN1_FBOOLEAN_it; | ||
2574 | + ASN1_FBOOLEAN_it; | 2518 | + ASN1_FBOOLEAN_it; |
2575 | + UI_set_ex_data; | 2519 | + UI_set_ex_data; |
2576 | + _ossl_old_des_string_to_key; | 2520 | + _ossl_old_des_string_to_key; |
2577 | + ENGINE_register_all_RSA; | 2521 | + ENGINE_register_all_RSA; |
2578 | + d2i_KRB5_PRINCNAME; | 2522 | + d2i_KRB5_PRINCNAME; |
2579 | + OCSP_RESPBYTES_it; | 2523 | + OCSP_RESPBYTES_it; |
2580 | + OCSP_RESPBYTES_it; | ||
2581 | + X509_CINF_it; | ||
2582 | + X509_CINF_it; | 2524 | + X509_CINF_it; |
2583 | + ENGINE_unregister_digests; | 2525 | + ENGINE_unregister_digests; |
2584 | + d2i_EDIPARTYNAME; | 2526 | + d2i_EDIPARTYNAME; |
@@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2588 | + OCSP_RESPDATA_free; | 2530 | + OCSP_RESPDATA_free; |
2589 | + d2i_KRB5_TICKET; | 2531 | + d2i_KRB5_TICKET; |
2590 | + OTHERNAME_it; | 2532 | + OTHERNAME_it; |
2591 | + OTHERNAME_it; | ||
2592 | + EVP_MD_CTX_cleanup; | 2533 | + EVP_MD_CTX_cleanup; |
2593 | + d2i_ASN1_GENERALSTRING; | 2534 | + d2i_ASN1_GENERALSTRING; |
2594 | + X509_CRL_set_version; | 2535 | + X509_CRL_set_version; |
@@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2598 | + OCSP_REQUEST_free; | 2539 | + OCSP_REQUEST_free; |
2599 | + OCSP_REQUEST_add1_ext_i2d; | 2540 | + OCSP_REQUEST_add1_ext_i2d; |
2600 | + X509_VAL_it; | 2541 | + X509_VAL_it; |
2601 | + X509_VAL_it; | ||
2602 | + EC_POINTs_make_affine; | 2542 | + EC_POINTs_make_affine; |
2603 | + EC_POINT_mul; | 2543 | + EC_POINT_mul; |
2604 | + X509V3_EXT_add_nconf; | 2544 | + X509V3_EXT_add_nconf; |
@@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2606 | + X509_CRL_add1_ext_i2d; | 2546 | + X509_CRL_add1_ext_i2d; |
2607 | + _ossl_old_des_fcrypt; | 2547 | + _ossl_old_des_fcrypt; |
2608 | + DISPLAYTEXT_it; | 2548 | + DISPLAYTEXT_it; |
2609 | + DISPLAYTEXT_it; | ||
2610 | + X509_CRL_set_lastUpdate; | 2549 | + X509_CRL_set_lastUpdate; |
2611 | + OCSP_BASICRESP_free; | 2550 | + OCSP_BASICRESP_free; |
2612 | + OCSP_BASICRESP_add1_ext_i2d; | 2551 | + OCSP_BASICRESP_add1_ext_i2d; |
@@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2619 | + UI_get0_result_string; | 2558 | + UI_get0_result_string; |
2620 | + ASN1_GENERALSTRING_new; | 2559 | + ASN1_GENERALSTRING_new; |
2621 | + X509_SIG_it; | 2560 | + X509_SIG_it; |
2622 | + X509_SIG_it; | ||
2623 | + ERR_set_implementation; | 2561 | + ERR_set_implementation; |
2624 | + ERR_load_EC_strings; | 2562 | + ERR_load_EC_strings; |
2625 | + UI_get0_action_string; | 2563 | + UI_get0_action_string; |
@@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld | |||
2634 | + OCSP_ONEREQ_get_ext_by_OBJ; | 2572 | + OCSP_ONEREQ_get_ext_by_OBJ; |
2635 | + ASN1_primitive_new; | 2573 | + ASN1_primitive_new; |
2636 | + ASN1_PRINTABLE_it; | 2574 | + ASN1_PRINTABLE_it; |
2637 | + ASN1_PRINTABLE_it; | ||
2638 | + EVP_aes_192_ecb; | 2575 | + EVP_aes_192_ecb; |
2639 | + OCSP_SIGNATURE_new; | 2576 | + OCSP_SIGNATURE_new; |
2640 | + LONG_it; | 2577 | + LONG_it; |
2641 | + LONG_it; | ||
2642 | + ASN1_VISIBLESTRING_it; | ||
2643 | + ASN1_VISIBLESTRING_it; | 2578 | + ASN1_VISIBLESTRING_it; |
2644 | + OCSP_SINGLERESP_add1_ext_i2d; | 2579 | + OCSP_SINGLERESP_add1_ext_i2d; |
2645 | + d2i_OCSP_CERTID; | 2580 | + d2i_OCSP_CERTID; |
2646 | + ASN1_item_d2i_fp; | 2581 | + ASN1_item_d2i_fp; |
2647 | + CRL_DIST_POINTS_it; | 2582 | + CRL_DIST_POINTS_it; |
2648 | + CRL_DIST_POINTS_it; | ||
2649 | + GENERAL_NAME_print; | 2583 | + GENERAL_NAME_print; |
2650 | + OCSP_SINGLERESP_delete_ext; | 2584 | + OCSP_SINGLERESP_delete_ext; |
2651 | + PKCS12_SAFEBAGS_it; | 2585 | + PKCS12_SAFEBAGS_it; |
2652 | + PKCS12_SAFEBAGS_it; | ||
2653 | + d2i_OCSP_SIGNATURE; | 2586 | + d2i_OCSP_SIGNATURE; |
2654 | + OCSP_request_add1_nonce; | 2587 | + OCSP_request_add1_nonce; |
2655 | + ENGINE_set_cmd_defns; | 2588 | + ENGINE_set_cmd_defns; |
2656 | + OCSP_SERVICELOC_free; | 2589 | + OCSP_SERVICELOC_free; |
2657 | + EC_GROUP_free; | 2590 | + EC_GROUP_free; |
2658 | + ASN1_BIT_STRING_it; | 2591 | + ASN1_BIT_STRING_it; |
2659 | + ASN1_BIT_STRING_it; | ||
2660 | + X509_REQ_it; | ||
2661 | + X509_REQ_it; | 2592 | + X509_REQ_it; |
2662 | + _ossl_old_des_cbc_encrypt; | 2593 | + _ossl_old_des_cbc_encrypt; |
2663 | + ERR_unload_strings; | 2594 | + ERR_unload_strings; |
2664 | + PKCS7_SIGN_ENVELOPE_it; | 2595 | + PKCS7_SIGN_ENVELOPE_it; |
2665 | + PKCS7_SIGN_ENVELOPE_it; | ||
2666 | + EDIPARTYNAME_free; | 2596 | + EDIPARTYNAME_free; |
2667 | + OCSP_REQINFO_free; | 2597 | + OCSP_REQINFO_free; |
2668 | + EC_GROUP_new_curve_GFp; | 2598 | + EC_GROUP_new_curve_GFp; |
@@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2687 | + OCSP_CRLID_free; | 2617 | + OCSP_CRLID_free; |
2688 | + OCSP_BASICRESP_get1_ext_d2i; | 2618 | + OCSP_BASICRESP_get1_ext_d2i; |
2689 | + RSAPrivateKey_it; | 2619 | + RSAPrivateKey_it; |
2690 | + RSAPrivateKey_it; | ||
2691 | + ENGINE_register_all_DH; | 2620 | + ENGINE_register_all_DH; |
2692 | + i2d_EDIPARTYNAME; | 2621 | + i2d_EDIPARTYNAME; |
2693 | + EC_POINT_get_affine_coordinates_GFp; | 2622 | + EC_POINT_get_affine_coordinates_GFp; |
@@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld | |||
2695 | + OCSP_CRLID_new; | 2624 | + OCSP_CRLID_new; |
2696 | + ENGINE_get_flags; | 2625 | + ENGINE_get_flags; |
2697 | + OCSP_ONEREQ_it; | 2626 | + OCSP_ONEREQ_it; |
2698 | + OCSP_ONEREQ_it; | ||
2699 | + UI_process; | 2627 | + UI_process; |
2700 | + ASN1_INTEGER_it; | 2628 | + ASN1_INTEGER_it; |
2701 | + ASN1_INTEGER_it; | ||
2702 | + EVP_CipherInit_ex; | 2629 | + EVP_CipherInit_ex; |
2703 | + UI_get_string_type; | 2630 | + UI_get_string_type; |
2704 | + ENGINE_unregister_DH; | 2631 | + ENGINE_unregister_DH; |
@@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2707 | + bn_dup_expand; | 2634 | + bn_dup_expand; |
2708 | + OCSP_cert_id_new; | 2635 | + OCSP_cert_id_new; |
2709 | + BASIC_CONSTRAINTS_it; | 2636 | + BASIC_CONSTRAINTS_it; |
2710 | + BASIC_CONSTRAINTS_it; | ||
2711 | + BN_mod_add_quick; | 2637 | + BN_mod_add_quick; |
2712 | + EC_POINT_new; | 2638 | + EC_POINT_new; |
2713 | + EVP_MD_CTX_destroy; | 2639 | + EVP_MD_CTX_destroy; |
@@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2717 | + EC_POINT_free; | 2643 | + EC_POINT_free; |
2718 | + DH_up_ref; | 2644 | + DH_up_ref; |
2719 | + X509_NAME_ENTRY_it; | 2645 | + X509_NAME_ENTRY_it; |
2720 | + X509_NAME_ENTRY_it; | ||
2721 | + UI_get_ex_new_index; | 2646 | + UI_get_ex_new_index; |
2722 | + BN_mod_sub_quick; | 2647 | + BN_mod_sub_quick; |
2723 | + OCSP_ONEREQ_add_ext; | 2648 | + OCSP_ONEREQ_add_ext; |
@@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2730 | + ENGINE_register_complete; | 2655 | + ENGINE_register_complete; |
2731 | + X509V3_EXT_nconf_nid; | 2656 | + X509V3_EXT_nconf_nid; |
2732 | + ASN1_SEQUENCE_it; | 2657 | + ASN1_SEQUENCE_it; |
2733 | + ASN1_SEQUENCE_it; | ||
2734 | + UI_set_default_method; | 2658 | + UI_set_default_method; |
2735 | + RAND_query_egd_bytes; | 2659 | + RAND_query_egd_bytes; |
2736 | + UI_method_get_writer; | 2660 | + UI_method_get_writer; |
@@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2738 | + PEM_def_callback; | 2662 | + PEM_def_callback; |
2739 | + ENGINE_cleanup; | 2663 | + ENGINE_cleanup; |
2740 | + DIST_POINT_it; | 2664 | + DIST_POINT_it; |
2741 | + DIST_POINT_it; | ||
2742 | + OCSP_SINGLERESP_it; | ||
2743 | + OCSP_SINGLERESP_it; | 2665 | + OCSP_SINGLERESP_it; |
2744 | + d2i_KRB5_TKTBODY; | 2666 | + d2i_KRB5_TKTBODY; |
2745 | + EC_POINT_cmp; | 2667 | + EC_POINT_cmp; |
@@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld | |||
2758 | + OCSP_cert_to_id; | 2680 | + OCSP_cert_to_id; |
2759 | + OCSP_RESPID_new; | 2681 | + OCSP_RESPID_new; |
2760 | + OCSP_RESPDATA_it; | 2682 | + OCSP_RESPDATA_it; |
2761 | + OCSP_RESPDATA_it; | ||
2762 | + d2i_OCSP_RESPDATA; | 2683 | + d2i_OCSP_RESPDATA; |
2763 | + ENGINE_register_all_complete; | 2684 | + ENGINE_register_all_complete; |
2764 | + OCSP_check_validity; | 2685 | + OCSP_check_validity; |
2765 | + PKCS12_BAGS_it; | 2686 | + PKCS12_BAGS_it; |
2766 | + PKCS12_BAGS_it; | ||
2767 | + OCSP_url_svcloc_new; | 2687 | + OCSP_url_svcloc_new; |
2768 | + ASN1_template_free; | 2688 | + ASN1_template_free; |
2769 | + OCSP_SINGLERESP_add_ext; | 2689 | + OCSP_SINGLERESP_add_ext; |
2770 | + KRB5_AUTHENTBODY_it; | 2690 | + KRB5_AUTHENTBODY_it; |
2771 | + KRB5_AUTHENTBODY_it; | ||
2772 | + X509_supported_extension; | 2691 | + X509_supported_extension; |
2773 | + i2d_KRB5_AUTHDATA; | 2692 | + i2d_KRB5_AUTHDATA; |
2774 | + UI_method_get_opener; | 2693 | + UI_method_get_opener; |
2775 | + ENGINE_set_ex_data; | 2694 | + ENGINE_set_ex_data; |
2776 | + OCSP_REQUEST_print; | 2695 | + OCSP_REQUEST_print; |
2777 | + CBIGNUM_it; | 2696 | + CBIGNUM_it; |
2778 | + CBIGNUM_it; | ||
2779 | + KRB5_TICKET_new; | 2697 | + KRB5_TICKET_new; |
2780 | + KRB5_APREQ_new; | 2698 | + KRB5_APREQ_new; |
2781 | + EC_GROUP_get_curve_GFp; | 2699 | + EC_GROUP_get_curve_GFp; |
@@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld | |||
2785 | + OCSP_single_get0_status; | 2703 | + OCSP_single_get0_status; |
2786 | + BN_swap; | 2704 | + BN_swap; |
2787 | + POLICYINFO_it; | 2705 | + POLICYINFO_it; |
2788 | + POLICYINFO_it; | ||
2789 | + ENGINE_set_destroy_function; | 2706 | + ENGINE_set_destroy_function; |
2790 | + asn1_enc_free; | 2707 | + asn1_enc_free; |
2791 | + OCSP_RESPID_it; | 2708 | + OCSP_RESPID_it; |
2792 | + OCSP_RESPID_it; | ||
2793 | + EC_GROUP_new; | 2709 | + EC_GROUP_new; |
2794 | + EVP_aes_256_cbc; | 2710 | + EVP_aes_256_cbc; |
2795 | + i2d_KRB5_PRINCNAME; | 2711 | + i2d_KRB5_PRINCNAME; |
2796 | + _ossl_old_des_encrypt2; | 2712 | + _ossl_old_des_encrypt2; |
2797 | + _ossl_old_des_encrypt3; | 2713 | + _ossl_old_des_encrypt3; |
2798 | + PKCS8_PRIV_KEY_INFO_it; | 2714 | + PKCS8_PRIV_KEY_INFO_it; |
2799 | + PKCS8_PRIV_KEY_INFO_it; | ||
2800 | + OCSP_REQINFO_it; | ||
2801 | + OCSP_REQINFO_it; | 2715 | + OCSP_REQINFO_it; |
2802 | + PBEPARAM_it; | 2716 | + PBEPARAM_it; |
2803 | + PBEPARAM_it; | ||
2804 | + KRB5_AUTHENTBODY_new; | 2717 | + KRB5_AUTHENTBODY_new; |
2805 | + X509_CRL_add0_revoked; | 2718 | + X509_CRL_add0_revoked; |
2806 | + EDIPARTYNAME_it; | 2719 | + EDIPARTYNAME_it; |
2807 | + EDIPARTYNAME_it; | ||
2808 | + NETSCAPE_SPKI_it; | ||
2809 | + NETSCAPE_SPKI_it; | 2720 | + NETSCAPE_SPKI_it; |
2810 | + UI_get0_test_string; | 2721 | + UI_get0_test_string; |
2811 | + ENGINE_get_cipher_engine; | 2722 | + ENGINE_get_cipher_engine; |
@@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld | |||
2817 | + UI_method_get_reader; | 2728 | + UI_method_get_reader; |
2818 | + OCSP_BASICRESP_get_ext_count; | 2729 | + OCSP_BASICRESP_get_ext_count; |
2819 | + ASN1_ENUMERATED_it; | 2730 | + ASN1_ENUMERATED_it; |
2820 | + ASN1_ENUMERATED_it; | ||
2821 | + UI_set_result; | 2731 | + UI_set_result; |
2822 | + i2d_KRB5_TICKET; | 2732 | + i2d_KRB5_TICKET; |
2823 | + X509_print_ex_fp; | 2733 | + X509_print_ex_fp; |
2824 | + EVP_CIPHER_CTX_set_padding; | 2734 | + EVP_CIPHER_CTX_set_padding; |
2825 | + d2i_OCSP_RESPONSE; | 2735 | + d2i_OCSP_RESPONSE; |
2826 | + ASN1_UTCTIME_it; | 2736 | + ASN1_UTCTIME_it; |
2827 | + ASN1_UTCTIME_it; | ||
2828 | + _ossl_old_des_enc_write; | 2737 | + _ossl_old_des_enc_write; |
2829 | + OCSP_RESPONSE_new; | 2738 | + OCSP_RESPONSE_new; |
2830 | + AES_set_encrypt_key; | 2739 | + AES_set_encrypt_key; |
@@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld | |||
2834 | + OCSP_onereq_get0_id; | 2743 | + OCSP_onereq_get0_id; |
2835 | + ENGINE_set_default_ciphers; | 2744 | + ENGINE_set_default_ciphers; |
2836 | + NOTICEREF_it; | 2745 | + NOTICEREF_it; |
2837 | + NOTICEREF_it; | ||
2838 | + X509V3_EXT_CRL_add_nconf; | 2746 | + X509V3_EXT_CRL_add_nconf; |
2839 | + OCSP_REVOKEDINFO_it; | 2747 | + OCSP_REVOKEDINFO_it; |
2840 | + OCSP_REVOKEDINFO_it; | ||
2841 | + AES_encrypt; | 2748 | + AES_encrypt; |
2842 | + OCSP_REQUEST_new; | 2749 | + OCSP_REQUEST_new; |
2843 | + ASN1_ANY_it; | 2750 | + ASN1_ANY_it; |
2844 | + ASN1_ANY_it; | ||
2845 | + CRYPTO_ex_data_new_class; | 2751 | + CRYPTO_ex_data_new_class; |
2846 | + _ossl_old_des_ncbc_encrypt; | 2752 | + _ossl_old_des_ncbc_encrypt; |
2847 | + i2d_KRB5_TKTBODY; | 2753 | + i2d_KRB5_TKTBODY; |
@@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld | |||
2864 | + ENGINE_load_nuron; | 2770 | + ENGINE_load_nuron; |
2865 | + _ossl_old_des_pcbc_encrypt; | 2771 | + _ossl_old_des_pcbc_encrypt; |
2866 | + PKCS12_MAC_DATA_it; | 2772 | + PKCS12_MAC_DATA_it; |
2867 | + PKCS12_MAC_DATA_it; | ||
2868 | + OCSP_accept_responses_new; | 2773 | + OCSP_accept_responses_new; |
2869 | + asn1_do_lock; | 2774 | + asn1_do_lock; |
2870 | + PKCS7_ATTR_VERIFY_it; | 2775 | + PKCS7_ATTR_VERIFY_it; |
2871 | + PKCS7_ATTR_VERIFY_it; | ||
2872 | + KRB5_APREQBODY_it; | ||
2873 | + KRB5_APREQBODY_it; | 2776 | + KRB5_APREQBODY_it; |
2874 | + i2d_OCSP_SINGLERESP; | 2777 | + i2d_OCSP_SINGLERESP; |
2875 | + ASN1_item_ex_new; | 2778 | + ASN1_item_ex_new; |
2876 | + UI_add_verify_string; | 2779 | + UI_add_verify_string; |
2877 | + _ossl_old_des_set_key; | 2780 | + _ossl_old_des_set_key; |
2878 | + KRB5_PRINCNAME_it; | 2781 | + KRB5_PRINCNAME_it; |
2879 | + KRB5_PRINCNAME_it; | ||
2880 | + EVP_DecryptInit_ex; | 2782 | + EVP_DecryptInit_ex; |
2881 | + i2d_OCSP_CERTID; | 2783 | + i2d_OCSP_CERTID; |
2882 | + ASN1_item_d2i_bio; | 2784 | + ASN1_item_d2i_bio; |
@@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld | |||
2890 | + OCSP_BASICRESP_new; | 2792 | + OCSP_BASICRESP_new; |
2891 | + OCSP_REQUEST_get_ext_by_NID; | 2793 | + OCSP_REQUEST_get_ext_by_NID; |
2892 | + KRB5_APREQ_it; | 2794 | + KRB5_APREQ_it; |
2893 | + KRB5_APREQ_it; | ||
2894 | + ENGINE_get_destroy_function; | 2795 | + ENGINE_get_destroy_function; |
2895 | + CONF_set_nconf; | 2796 | + CONF_set_nconf; |
2896 | + ASN1_PRINTABLE_free; | 2797 | + ASN1_PRINTABLE_free; |
2897 | + OCSP_BASICRESP_get_ext_by_NID; | 2798 | + OCSP_BASICRESP_get_ext_by_NID; |
2898 | + DIST_POINT_NAME_it; | 2799 | + DIST_POINT_NAME_it; |
2899 | + DIST_POINT_NAME_it; | ||
2900 | + X509V3_extensions_print; | 2800 | + X509V3_extensions_print; |
2901 | + _ossl_old_des_cfb64_encrypt; | 2801 | + _ossl_old_des_cfb64_encrypt; |
2902 | + X509_REVOKED_add1_ext_i2d; | 2802 | + X509_REVOKED_add1_ext_i2d; |
2903 | + _ossl_old_des_ofb_encrypt; | 2803 | + _ossl_old_des_ofb_encrypt; |
2904 | + KRB5_TKTBODY_new; | 2804 | + KRB5_TKTBODY_new; |
2905 | + ASN1_OCTET_STRING_it; | 2805 | + ASN1_OCTET_STRING_it; |
2906 | + ASN1_OCTET_STRING_it; | ||
2907 | + ERR_load_UI_strings; | 2806 | + ERR_load_UI_strings; |
2908 | + i2d_KRB5_ENCKEY; | 2807 | + i2d_KRB5_ENCKEY; |
2909 | + ASN1_template_new; | 2808 | + ASN1_template_new; |
@@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
2911 | + ASN1_item_i2d_fp; | 2810 | + ASN1_item_i2d_fp; |
2912 | + KRB5_PRINCNAME_free; | 2811 | + KRB5_PRINCNAME_free; |
2913 | + PKCS7_RECIP_INFO_it; | 2812 | + PKCS7_RECIP_INFO_it; |
2914 | + PKCS7_RECIP_INFO_it; | ||
2915 | + EXTENDED_KEY_USAGE_it; | ||
2916 | + EXTENDED_KEY_USAGE_it; | 2813 | + EXTENDED_KEY_USAGE_it; |
2917 | + EC_GFp_simple_method; | 2814 | + EC_GFp_simple_method; |
2918 | + EC_GROUP_precompute_mult; | 2815 | + EC_GROUP_precompute_mult; |
@@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld | |||
2920 | + UI_method_set_writer; | 2817 | + UI_method_set_writer; |
2921 | + KRB5_AUTHENT_new; | 2818 | + KRB5_AUTHENT_new; |
2922 | + X509_CRL_INFO_it; | 2819 | + X509_CRL_INFO_it; |
2923 | + X509_CRL_INFO_it; | ||
2924 | + DSO_set_name_converter; | 2820 | + DSO_set_name_converter; |
2925 | + AES_set_decrypt_key; | 2821 | + AES_set_decrypt_key; |
2926 | + PKCS7_DIGEST_it; | 2822 | + PKCS7_DIGEST_it; |
2927 | + PKCS7_DIGEST_it; | ||
2928 | + PKCS12_x5092certbag; | 2823 | + PKCS12_x5092certbag; |
2929 | + EVP_DigestInit_ex; | 2824 | + EVP_DigestInit_ex; |
2930 | + i2a_ACCESS_DESCRIPTION; | 2825 | + i2a_ACCESS_DESCRIPTION; |
2931 | + OCSP_RESPONSE_it; | 2826 | + OCSP_RESPONSE_it; |
2932 | + OCSP_RESPONSE_it; | ||
2933 | + PKCS7_ENC_CONTENT_it; | ||
2934 | + PKCS7_ENC_CONTENT_it; | 2827 | + PKCS7_ENC_CONTENT_it; |
2935 | + OCSP_request_add0_id; | 2828 | + OCSP_request_add0_id; |
2936 | + EC_POINT_make_affine; | 2829 | + EC_POINT_make_affine; |
2937 | + DSO_get_filename; | 2830 | + DSO_get_filename; |
2938 | + OCSP_CERTSTATUS_it; | 2831 | + OCSP_CERTSTATUS_it; |
2939 | + OCSP_CERTSTATUS_it; | ||
2940 | + OCSP_request_add1_cert; | 2832 | + OCSP_request_add1_cert; |
2941 | + UI_get0_output_string; | 2833 | + UI_get0_output_string; |
2942 | + UI_dup_verify_string; | 2834 | + UI_dup_verify_string; |
2943 | + BN_mod_lshift; | 2835 | + BN_mod_lshift; |
2944 | + KRB5_AUTHDATA_it; | 2836 | + KRB5_AUTHDATA_it; |
2945 | + KRB5_AUTHDATA_it; | ||
2946 | + asn1_set_choice_selector; | 2837 | + asn1_set_choice_selector; |
2947 | + OCSP_basic_add1_status; | 2838 | + OCSP_basic_add1_status; |
2948 | + OCSP_RESPID_free; | 2839 | + OCSP_RESPID_free; |
2949 | + asn1_get_field_ptr; | 2840 | + asn1_get_field_ptr; |
2950 | + UI_add_input_string; | 2841 | + UI_add_input_string; |
2951 | + OCSP_CRLID_it; | 2842 | + OCSP_CRLID_it; |
2952 | + OCSP_CRLID_it; | ||
2953 | + i2d_KRB5_AUTHENTBODY; | 2843 | + i2d_KRB5_AUTHENTBODY; |
2954 | + OCSP_REQUEST_get_ext_count; | 2844 | + OCSP_REQUEST_get_ext_count; |
2955 | + ENGINE_load_atalla; | 2845 | + ENGINE_load_atalla; |
2956 | + X509_NAME_it; | 2846 | + X509_NAME_it; |
2957 | + X509_NAME_it; | ||
2958 | + USERNOTICE_it; | ||
2959 | + USERNOTICE_it; | 2847 | + USERNOTICE_it; |
2960 | + OCSP_REQINFO_new; | 2848 | + OCSP_REQINFO_new; |
2961 | + OCSP_BASICRESP_get_ext; | 2849 | + OCSP_BASICRESP_get_ext; |
@@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld | |||
2965 | + i2d_KRB5_ENCDATA; | 2853 | + i2d_KRB5_ENCDATA; |
2966 | + X509_PURPOSE_set; | 2854 | + X509_PURPOSE_set; |
2967 | + X509_REQ_INFO_it; | 2855 | + X509_REQ_INFO_it; |
2968 | + X509_REQ_INFO_it; | ||
2969 | + UI_method_set_opener; | 2856 | + UI_method_set_opener; |
2970 | + ASN1_item_ex_free; | 2857 | + ASN1_item_ex_free; |
2971 | + ASN1_BOOLEAN_it; | 2858 | + ASN1_BOOLEAN_it; |
2972 | + ASN1_BOOLEAN_it; | ||
2973 | + ENGINE_get_table_flags; | 2859 | + ENGINE_get_table_flags; |
2974 | + UI_create_method; | 2860 | + UI_create_method; |
2975 | + OCSP_ONEREQ_add1_ext_i2d; | 2861 | + OCSP_ONEREQ_add1_ext_i2d; |
2976 | + _shadow_DES_check_key; | 2862 | + _shadow_DES_check_key; |
2977 | + _shadow_DES_check_key; | ||
2978 | + d2i_OCSP_REQINFO; | 2863 | + d2i_OCSP_REQINFO; |
2979 | + UI_add_info_string; | 2864 | + UI_add_info_string; |
2980 | + UI_get_result_minsize; | 2865 | + UI_get_result_minsize; |
2981 | + ASN1_NULL_it; | 2866 | + ASN1_NULL_it; |
2982 | + ASN1_NULL_it; | ||
2983 | + BN_mod_lshift1; | 2867 | + BN_mod_lshift1; |
2984 | + d2i_OCSP_ONEREQ; | 2868 | + d2i_OCSP_ONEREQ; |
2985 | + OCSP_ONEREQ_new; | 2869 | + OCSP_ONEREQ_new; |
2986 | + KRB5_TICKET_it; | 2870 | + KRB5_TICKET_it; |
2987 | + KRB5_TICKET_it; | ||
2988 | + EVP_aes_192_cbc; | 2871 | + EVP_aes_192_cbc; |
2989 | + KRB5_TICKET_free; | 2872 | + KRB5_TICKET_free; |
2990 | + UI_new; | 2873 | + UI_new; |
2991 | + OCSP_response_create; | 2874 | + OCSP_response_create; |
2992 | + _ossl_old_des_xcbc_encrypt; | 2875 | + _ossl_old_des_xcbc_encrypt; |
2993 | + PKCS7_it; | 2876 | + PKCS7_it; |
2994 | + PKCS7_it; | ||
2995 | + OCSP_REQUEST_get_ext_by_critical; | 2877 | + OCSP_REQUEST_get_ext_by_critical; |
2996 | + OCSP_REQUEST_get_ext_by_crit; | 2878 | + OCSP_REQUEST_get_ext_by_crit; |
2997 | + ENGINE_set_flags; | 2879 | + ENGINE_set_flags; |
@@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld | |||
3000 | + EVP_Digest; | 2882 | + EVP_Digest; |
3001 | + OCSP_ONEREQ_delete_ext; | 2883 | + OCSP_ONEREQ_delete_ext; |
3002 | + ASN1_TBOOLEAN_it; | 2884 | + ASN1_TBOOLEAN_it; |
3003 | + ASN1_TBOOLEAN_it; | ||
3004 | + ASN1_item_new; | 2885 | + ASN1_item_new; |
3005 | + ASN1_TIME_to_generalizedtime; | 2886 | + ASN1_TIME_to_generalizedtime; |
3006 | + BIGNUM_it; | 2887 | + BIGNUM_it; |
3007 | + BIGNUM_it; | ||
3008 | + AES_cbc_encrypt; | 2888 | + AES_cbc_encrypt; |
3009 | + ENGINE_get_load_privkey_function; | 2889 | + ENGINE_get_load_privkey_function; |
3010 | + ENGINE_get_load_privkey_fn; | 2890 | + ENGINE_get_load_privkey_fn; |
@@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3016 | + EC_POINT_point2oct; | 2896 | + EC_POINT_point2oct; |
3017 | + KRB5_APREQ_free; | 2897 | + KRB5_APREQ_free; |
3018 | + ASN1_OBJECT_it; | 2898 | + ASN1_OBJECT_it; |
3019 | + ASN1_OBJECT_it; | ||
3020 | + OCSP_crlID_new; | 2899 | + OCSP_crlID_new; |
3021 | + OCSP_crlID2_new; | 2900 | + OCSP_crlID2_new; |
3022 | + CONF_modules_load_file; | 2901 | + CONF_modules_load_file; |
@@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3074 | + i2d_ASN1_UNIVERSALSTRING; | 2953 | + i2d_ASN1_UNIVERSALSTRING; |
3075 | + ASN1_UNIVERSALSTRING_free; | 2954 | + ASN1_UNIVERSALSTRING_free; |
3076 | + ASN1_UNIVERSALSTRING_it; | 2955 | + ASN1_UNIVERSALSTRING_it; |
3077 | + ASN1_UNIVERSALSTRING_it; | ||
3078 | + d2i_ASN1_UNIVERSALSTRING; | 2956 | + d2i_ASN1_UNIVERSALSTRING; |
3079 | + EVP_des_ede3_ecb; | 2957 | + EVP_des_ede3_ecb; |
3080 | + X509_REQ_print_ex; | 2958 | + X509_REQ_print_ex; |
@@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld | |||
3130 | + HMAC_CTX_set_flags; | 3008 | + HMAC_CTX_set_flags; |
3131 | + d2i_PROXY_CERT_INFO_EXTENSION; | 3009 | + d2i_PROXY_CERT_INFO_EXTENSION; |
3132 | + PROXY_POLICY_it; | 3010 | + PROXY_POLICY_it; |
3133 | + PROXY_POLICY_it; | ||
3134 | + i2d_PROXY_POLICY; | 3011 | + i2d_PROXY_POLICY; |
3135 | + i2d_PROXY_CERT_INFO_EXTENSION; | 3012 | + i2d_PROXY_CERT_INFO_EXTENSION; |
3136 | + d2i_PROXY_POLICY; | 3013 | + d2i_PROXY_POLICY; |
3137 | + PROXY_CERT_INFO_EXTENSION_new; | 3014 | + PROXY_CERT_INFO_EXTENSION_new; |
3138 | + PROXY_CERT_INFO_EXTENSION_free; | 3015 | + PROXY_CERT_INFO_EXTENSION_free; |
3139 | + PROXY_CERT_INFO_EXTENSION_it; | 3016 | + PROXY_CERT_INFO_EXTENSION_it; |
3140 | + PROXY_CERT_INFO_EXTENSION_it; | ||
3141 | + PROXY_POLICY_free; | 3017 | + PROXY_POLICY_free; |
3142 | + PROXY_POLICY_new; | 3018 | + PROXY_POLICY_new; |
3143 | + BN_MONT_CTX_set_locked; | 3019 | + BN_MONT_CTX_set_locked; |
@@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3174 | + BN_BLINDING_get_thread_id; | 3050 | + BN_BLINDING_get_thread_id; |
3175 | + X509_STORE_CTX_set0_param; | 3051 | + X509_STORE_CTX_set0_param; |
3176 | + POLICY_MAPPING_it; | 3052 | + POLICY_MAPPING_it; |
3177 | + POLICY_MAPPING_it; | ||
3178 | + STORE_parse_attrs_start; | 3053 | + STORE_parse_attrs_start; |
3179 | + POLICY_CONSTRAINTS_free; | 3054 | + POLICY_CONSTRAINTS_free; |
3180 | + EVP_PKEY_add1_attr_by_NID; | 3055 | + EVP_PKEY_add1_attr_by_NID; |
@@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3183 | + STORE_set_method; | 3058 | + STORE_set_method; |
3184 | + GENERAL_SUBTREE_free; | 3059 | + GENERAL_SUBTREE_free; |
3185 | + NAME_CONSTRAINTS_it; | 3060 | + NAME_CONSTRAINTS_it; |
3186 | + NAME_CONSTRAINTS_it; | ||
3187 | + ECDH_get_default_method; | 3061 | + ECDH_get_default_method; |
3188 | + PKCS12_add_safe; | 3062 | + PKCS12_add_safe; |
3189 | + EC_KEY_new_by_curve_name; | 3063 | + EC_KEY_new_by_curve_name; |
@@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3226 | + ENGINE_get_default_ECDH; | 3100 | + ENGINE_get_default_ECDH; |
3227 | + EC_KEY_get_conv_form; | 3101 | + EC_KEY_get_conv_form; |
3228 | + ASN1_OCTET_STRING_NDEF_it; | 3102 | + ASN1_OCTET_STRING_NDEF_it; |
3229 | + ASN1_OCTET_STRING_NDEF_it; | ||
3230 | + STORE_delete_public_key; | 3103 | + STORE_delete_public_key; |
3231 | + STORE_get_public_key; | 3104 | + STORE_get_public_key; |
3232 | + STORE_modify_arbitrary; | 3105 | + STORE_modify_arbitrary; |
@@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3383 | + ENGINE_load_padlock; | 3256 | + ENGINE_load_padlock; |
3384 | + EC_GROUP_set_curve_name; | 3257 | + EC_GROUP_set_curve_name; |
3385 | + X509_CERT_PAIR_it; | 3258 | + X509_CERT_PAIR_it; |
3386 | + X509_CERT_PAIR_it; | ||
3387 | + STORE_meth_get_revoke_fn; | 3259 | + STORE_meth_get_revoke_fn; |
3388 | + STORE_method_get_revoke_function; | 3260 | + STORE_method_get_revoke_function; |
3389 | + STORE_method_set_get_function; | 3261 | + STORE_method_set_get_function; |
@@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3510 | + pqueue_pop; | 3382 | + pqueue_pop; |
3511 | + STORE_ATTR_INFO_get0_cstr; | 3383 | + STORE_ATTR_INFO_get0_cstr; |
3512 | + POLICY_CONSTRAINTS_it; | 3384 | + POLICY_CONSTRAINTS_it; |
3513 | + POLICY_CONSTRAINTS_it; | ||
3514 | + STORE_get_ex_new_index; | 3385 | + STORE_get_ex_new_index; |
3515 | + EVP_PKEY_get_attr_by_OBJ; | 3386 | + EVP_PKEY_get_attr_by_OBJ; |
3516 | + X509_VERIFY_PARAM_add0_policy; | 3387 | + X509_VERIFY_PARAM_add0_policy; |
@@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3558 | + STORE_modify_crl; | 3429 | + STORE_modify_crl; |
3559 | + STORE_list_private_key_start; | 3430 | + STORE_list_private_key_start; |
3560 | + POLICY_MAPPINGS_it; | 3431 | + POLICY_MAPPINGS_it; |
3561 | + POLICY_MAPPINGS_it; | ||
3562 | + GENERAL_SUBTREE_it; | ||
3563 | + GENERAL_SUBTREE_it; | 3432 | + GENERAL_SUBTREE_it; |
3564 | + EC_GROUP_get_curve_name; | 3433 | + EC_GROUP_get_curve_name; |
3565 | + PEM_write_X509_CERT_PAIR; | 3434 | + PEM_write_X509_CERT_PAIR; |
@@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld | |||
3692 | + BIO_set_callback_arg; | 3561 | + BIO_set_callback_arg; |
3693 | + v3_addr_add_prefix; | 3562 | + v3_addr_add_prefix; |
3694 | + IPAddressOrRange_it; | 3563 | + IPAddressOrRange_it; |
3695 | + IPAddressOrRange_it; | ||
3696 | + BIO_set_flags; | 3564 | + BIO_set_flags; |
3697 | + ASIdentifiers_it; | 3565 | + ASIdentifiers_it; |
3698 | + ASIdentifiers_it; | ||
3699 | + v3_addr_get_range; | 3566 | + v3_addr_get_range; |
3700 | + BIO_method_type; | 3567 | + BIO_method_type; |
3701 | + v3_addr_inherits; | 3568 | + v3_addr_inherits; |
3702 | + IPAddressChoice_it; | 3569 | + IPAddressChoice_it; |
3703 | + IPAddressChoice_it; | ||
3704 | + AES_ige_encrypt; | 3570 | + AES_ige_encrypt; |
3705 | + v3_addr_add_range; | 3571 | + v3_addr_add_range; |
3706 | + EVP_CIPHER_CTX_nid; | 3572 | + EVP_CIPHER_CTX_nid; |
@@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3721 | + BIO_clear_flags; | 3587 | + BIO_clear_flags; |
3722 | + i2d_ASRange; | 3588 | + i2d_ASRange; |
3723 | + IPAddressRange_it; | 3589 | + IPAddressRange_it; |
3724 | + IPAddressRange_it; | ||
3725 | + IPAddressChoice_new; | 3590 | + IPAddressChoice_new; |
3726 | + ASIdentifierChoice_new; | 3591 | + ASIdentifierChoice_new; |
3727 | + ASRange_free; | 3592 | + ASRange_free; |
@@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3742 | + BIO_test_flags; | 3607 | + BIO_test_flags; |
3743 | + i2d_ASIdentifierChoice; | 3608 | + i2d_ASIdentifierChoice; |
3744 | + ASRange_it; | 3609 | + ASRange_it; |
3745 | + ASRange_it; | ||
3746 | + d2i_ASIdentifiers; | 3610 | + d2i_ASIdentifiers; |
3747 | + ASRange_new; | 3611 | + ASRange_new; |
3748 | + d2i_IPAddressChoice; | 3612 | + d2i_IPAddressChoice; |
@@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3751 | + EVP_Cipher; | 3615 | + EVP_Cipher; |
3752 | + i2d_IPAddressOrRange; | 3616 | + i2d_IPAddressOrRange; |
3753 | + ASIdOrRange_it; | 3617 | + ASIdOrRange_it; |
3754 | + ASIdOrRange_it; | ||
3755 | + EVP_CIPHER_nid; | 3618 | + EVP_CIPHER_nid; |
3756 | + i2d_IPAddressChoice; | 3619 | + i2d_IPAddressChoice; |
3757 | + EVP_CIPHER_CTX_block_size; | 3620 | + EVP_CIPHER_CTX_block_size; |
@@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3762 | + v3_addr_is_canonical; | 3625 | + v3_addr_is_canonical; |
3763 | + i2d_IPAddressRange; | 3626 | + i2d_IPAddressRange; |
3764 | + IPAddressFamily_it; | 3627 | + IPAddressFamily_it; |
3765 | + IPAddressFamily_it; | ||
3766 | + v3_asid_inherits; | 3628 | + v3_asid_inherits; |
3767 | + EVP_CIPHER_CTX_cipher; | 3629 | + EVP_CIPHER_CTX_cipher; |
3768 | + EVP_CIPHER_CTX_get_app_data; | 3630 | + EVP_CIPHER_CTX_get_app_data; |
@@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3772 | + d2i_IPAddressOrRange; | 3634 | + d2i_IPAddressOrRange; |
3773 | + v3_addr_canonize; | 3635 | + v3_addr_canonize; |
3774 | + ASIdentifierChoice_it; | 3636 | + ASIdentifierChoice_it; |
3775 | + ASIdentifierChoice_it; | ||
3776 | + EVP_MD_CTX_md; | 3637 | + EVP_MD_CTX_md; |
3777 | + d2i_ASIdentifierChoice; | 3638 | + d2i_ASIdentifierChoice; |
3778 | + BIO_method_name; | 3639 | + BIO_method_name; |
@@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3795 | + SEED_set_key; | 3656 | + SEED_set_key; |
3796 | + EVP_seed_cfb128; | 3657 | + EVP_seed_cfb128; |
3797 | + X509_EXTENSIONS_it; | 3658 | + X509_EXTENSIONS_it; |
3798 | + X509_EXTENSIONS_it; | ||
3799 | + X509_get1_ocsp; | 3659 | + X509_get1_ocsp; |
3800 | + OCSP_REQ_CTX_free; | 3660 | + OCSP_REQ_CTX_free; |
3801 | + i2d_X509_EXTENSIONS; | 3661 | + i2d_X509_EXTENSIONS; |
@@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3803 | + OCSP_sendreq_new; | 3663 | + OCSP_sendreq_new; |
3804 | + d2i_X509_EXTENSIONS; | 3664 | + d2i_X509_EXTENSIONS; |
3805 | + X509_ALGORS_it; | 3665 | + X509_ALGORS_it; |
3806 | + X509_ALGORS_it; | ||
3807 | + X509_ALGOR_get0; | 3666 | + X509_ALGOR_get0; |
3808 | + X509_ALGOR_set0; | 3667 | + X509_ALGOR_set0; |
3809 | + AES_unwrap_key; | 3668 | + AES_unwrap_key; |
@@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3848 | + CMS_SignerInfo_verify; | 3707 | + CMS_SignerInfo_verify; |
3849 | + CMS_data; | 3708 | + CMS_data; |
3850 | + CMS_ContentInfo_it; | 3709 | + CMS_ContentInfo_it; |
3851 | + CMS_ContentInfo_it; | ||
3852 | + d2i_CMS_ReceiptRequest; | 3710 | + d2i_CMS_ReceiptRequest; |
3853 | + CMS_compress; | 3711 | + CMS_compress; |
3854 | + CMS_digest_create; | 3712 | + CMS_digest_create; |
@@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
3893 | + CMS_RecipientInfo_kekri_get0_id; | 3751 | + CMS_RecipientInfo_kekri_get0_id; |
3894 | + CMS_verify_receipt; | 3752 | + CMS_verify_receipt; |
3895 | + CMS_ReceiptRequest_it; | 3753 | + CMS_ReceiptRequest_it; |
3896 | + CMS_ReceiptRequest_it; | ||
3897 | + PEM_read_bio_CMS; | 3754 | + PEM_read_bio_CMS; |
3898 | + CMS_get1_crls; | 3755 | + CMS_get1_crls; |
3899 | + CMS_add0_recipient_key; | 3756 | + CMS_add0_recipient_key; |
@@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
4032 | + TS_REQ_dup; | 3889 | + TS_REQ_dup; |
4033 | + GENERAL_NAME_dup; | 3890 | + GENERAL_NAME_dup; |
4034 | + ASN1_SEQUENCE_ANY_it; | 3891 | + ASN1_SEQUENCE_ANY_it; |
4035 | + ASN1_SEQUENCE_ANY_it; | ||
4036 | + WHIRLPOOL; | 3892 | + WHIRLPOOL; |
4037 | + X509_STORE_get1_crls; | 3893 | + X509_STORE_get1_crls; |
4038 | + ENGINE_get_pkey_asn1_meth; | 3894 | + ENGINE_get_pkey_asn1_meth; |
@@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
4103 | + DIST_POINT_set_dpname; | 3959 | + DIST_POINT_set_dpname; |
4104 | + i2d_ISSUING_DIST_POINT; | 3960 | + i2d_ISSUING_DIST_POINT; |
4105 | + ASN1_SET_ANY_it; | 3961 | + ASN1_SET_ANY_it; |
4106 | + ASN1_SET_ANY_it; | ||
4107 | + EVP_PKEY_CTX_get_data; | 3962 | + EVP_PKEY_CTX_get_data; |
4108 | + TS_STATUS_INFO_print_bio; | 3963 | + TS_STATUS_INFO_print_bio; |
4109 | + EVP_PKEY_derive_init; | 3964 | + EVP_PKEY_derive_init; |
@@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
4263 | + EVP_DigestSignFinal; | 4118 | + EVP_DigestSignFinal; |
4264 | + TS_RESP_CTX_set_def_policy; | 4119 | + TS_RESP_CTX_set_def_policy; |
4265 | + NETSCAPE_X509_it; | 4120 | + NETSCAPE_X509_it; |
4266 | + NETSCAPE_X509_it; | ||
4267 | + TS_RESP_create_response; | 4121 | + TS_RESP_create_response; |
4268 | + PKCS7_SIGNER_INFO_get0_algs; | 4122 | + PKCS7_SIGNER_INFO_get0_algs; |
4269 | + TS_TST_INFO_get_nonce; | 4123 | + TS_TST_INFO_get_nonce; |
@@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
4322 | + EVP_CIPHER_do_all_sorted; | 4176 | + EVP_CIPHER_do_all_sorted; |
4323 | + EVP_PKEY_CTX_free; | 4177 | + EVP_PKEY_CTX_free; |
4324 | + ISSUING_DIST_POINT_it; | 4178 | + ISSUING_DIST_POINT_it; |
4325 | + ISSUING_DIST_POINT_it; | ||
4326 | + d2i_TS_MSG_IMPRINT_fp; | 4179 | + d2i_TS_MSG_IMPRINT_fp; |
4327 | + X509_STORE_get1_certs; | 4180 | + X509_STORE_get1_certs; |
4328 | + EVP_PKEY_CTX_get_operation; | 4181 | + EVP_PKEY_CTX_get_operation; |
@@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld | |||
4615 | + X509_signature_dump; | 4468 | + X509_signature_dump; |
4616 | + d2i_RSA_PSS_PARAMS; | 4469 | + d2i_RSA_PSS_PARAMS; |
4617 | + RSA_PSS_PARAMS_it; | 4470 | + RSA_PSS_PARAMS_it; |
4618 | + RSA_PSS_PARAMS_it; | ||
4619 | + RSA_PSS_PARAMS_free; | 4471 | + RSA_PSS_PARAMS_free; |
4620 | + X509_sign_ctx; | 4472 | + X509_sign_ctx; |
4621 | + i2d_RSA_PSS_PARAMS; | 4473 | + i2d_RSA_PSS_PARAMS; |
@@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld | |||
4638 | + CRYPTO_memcmp; | 4490 | + CRYPTO_memcmp; |
4639 | +} OPENSSL_1.0.1; | 4491 | +} OPENSSL_1.0.1; |
4640 | + | 4492 | + |
4641 | Index: openssl-1.0.1d/engines/openssl.ld | 4493 | +OPENSSL_1.0.2 { |
4494 | + global: | ||
4495 | + SSL_CTX_set_alpn_protos; | ||
4496 | + SSL_set_alpn_protos; | ||
4497 | + SSL_CTX_set_alpn_select_cb; | ||
4498 | + SSL_get0_alpn_selected; | ||
4499 | + SSL_CTX_set_custom_cli_ext; | ||
4500 | + SSL_CTX_set_custom_srv_ext; | ||
4501 | + SSL_CTX_set_srv_supp_data; | ||
4502 | + SSL_CTX_set_cli_supp_data; | ||
4503 | + SSL_set_cert_cb; | ||
4504 | + SSL_CTX_use_serverinfo; | ||
4505 | + SSL_CTX_use_serverinfo_file; | ||
4506 | + SSL_CTX_set_cert_cb; | ||
4507 | + SSL_CTX_get0_param; | ||
4508 | + SSL_get0_param; | ||
4509 | + SSL_certs_clear; | ||
4510 | + DTLSv1_2_method; | ||
4511 | + DTLSv1_2_server_method; | ||
4512 | + DTLSv1_2_client_method; | ||
4513 | + DTLS_method; | ||
4514 | + DTLS_server_method; | ||
4515 | + DTLS_client_method; | ||
4516 | + SSL_CTX_get_ssl_method; | ||
4517 | + SSL_CTX_get0_certificate; | ||
4518 | + SSL_CTX_get0_privatekey; | ||
4519 | + SSL_COMP_set0_compression_methods; | ||
4520 | + SSL_COMP_free_compression_methods; | ||
4521 | + SSL_CIPHER_find; | ||
4522 | + SSL_is_server; | ||
4523 | + SSL_CONF_CTX_new; | ||
4524 | + SSL_CONF_CTX_finish; | ||
4525 | + SSL_CONF_CTX_free; | ||
4526 | + SSL_CONF_CTX_set_flags; | ||
4527 | + SSL_CONF_CTX_clear_flags; | ||
4528 | + SSL_CONF_CTX_set1_prefix; | ||
4529 | + SSL_CONF_CTX_set_ssl; | ||
4530 | + SSL_CONF_CTX_set_ssl_ctx; | ||
4531 | + SSL_CONF_cmd; | ||
4532 | + SSL_CONF_cmd_argv; | ||
4533 | + SSL_CONF_cmd_value_type; | ||
4534 | + SSL_trace; | ||
4535 | + SSL_CIPHER_standard_name; | ||
4536 | + SSL_get_tlsa_record_byname; | ||
4537 | + ASN1_TIME_diff; | ||
4538 | + BIO_hex_string; | ||
4539 | + CMS_RecipientInfo_get0_pkey_ctx; | ||
4540 | + CMS_RecipientInfo_encrypt; | ||
4541 | + CMS_SignerInfo_get0_pkey_ctx; | ||
4542 | + CMS_SignerInfo_get0_md_ctx; | ||
4543 | + CMS_SignerInfo_get0_signature; | ||
4544 | + CMS_RecipientInfo_kari_get0_alg; | ||
4545 | + CMS_RecipientInfo_kari_get0_reks; | ||
4546 | + CMS_RecipientInfo_kari_get0_orig_id; | ||
4547 | + CMS_RecipientInfo_kari_orig_id_cmp; | ||
4548 | + CMS_RecipientEncryptedKey_get0_id; | ||
4549 | + CMS_RecipientEncryptedKey_cert_cmp; | ||
4550 | + CMS_RecipientInfo_kari_set0_pkey; | ||
4551 | + CMS_RecipientInfo_kari_get0_ctx; | ||
4552 | + CMS_RecipientInfo_kari_decrypt; | ||
4553 | + CMS_SharedInfo_encode; | ||
4554 | + DH_compute_key_padded; | ||
4555 | + d2i_DHxparams; | ||
4556 | + i2d_DHxparams; | ||
4557 | + DH_get_1024_160; | ||
4558 | + DH_get_2048_224; | ||
4559 | + DH_get_2048_256; | ||
4560 | + DH_KDF_X9_42; | ||
4561 | + ECDH_KDF_X9_62; | ||
4562 | + ECDSA_METHOD_new; | ||
4563 | + ECDSA_METHOD_free; | ||
4564 | + ECDSA_METHOD_set_app_data; | ||
4565 | + ECDSA_METHOD_get_app_data; | ||
4566 | + ECDSA_METHOD_set_sign; | ||
4567 | + ECDSA_METHOD_set_sign_setup; | ||
4568 | + ECDSA_METHOD_set_verify; | ||
4569 | + ECDSA_METHOD_set_flags; | ||
4570 | + ECDSA_METHOD_set_name; | ||
4571 | + EVP_des_ede3_wrap; | ||
4572 | + EVP_aes_128_wrap; | ||
4573 | + EVP_aes_192_wrap; | ||
4574 | + EVP_aes_256_wrap; | ||
4575 | + EVP_aes_128_cbc_hmac_sha256; | ||
4576 | + EVP_aes_256_cbc_hmac_sha256; | ||
4577 | + CRYPTO_128_wrap; | ||
4578 | + CRYPTO_128_unwrap; | ||
4579 | + OCSP_REQ_CTX_nbio; | ||
4580 | + OCSP_REQ_CTX_new; | ||
4581 | + OCSP_set_max_response_length; | ||
4582 | + OCSP_REQ_CTX_i2d; | ||
4583 | + OCSP_REQ_CTX_nbio_d2i; | ||
4584 | + OCSP_REQ_CTX_get0_mem_bio; | ||
4585 | + OCSP_REQ_CTX_http; | ||
4586 | + RSA_padding_add_PKCS1_OAEP_mgf1; | ||
4587 | + RSA_padding_check_PKCS1_OAEP_mgf1; | ||
4588 | + RSA_OAEP_PARAMS_free; | ||
4589 | + RSA_OAEP_PARAMS_it; | ||
4590 | + RSA_OAEP_PARAMS_new; | ||
4591 | + SSL_get_sigalgs; | ||
4592 | + SSL_get_shared_sigalgs; | ||
4593 | + SSL_check_chain; | ||
4594 | + X509_chain_up_ref; | ||
4595 | + X509_http_nbio; | ||
4596 | + X509_CRL_http_nbio; | ||
4597 | + X509_REVOKED_dup; | ||
4598 | + i2d_re_X509_tbs; | ||
4599 | + X509_get0_signature; | ||
4600 | + X509_get_signature_nid; | ||
4601 | + X509_CRL_diff; | ||
4602 | + X509_chain_check_suiteb; | ||
4603 | + X509_CRL_check_suiteb; | ||
4604 | + X509_check_host; | ||
4605 | + X509_check_email; | ||
4606 | + X509_check_ip; | ||
4607 | + X509_check_ip_asc; | ||
4608 | + X509_STORE_set_lookup_crls_cb; | ||
4609 | + X509_STORE_CTX_get0_store; | ||
4610 | + X509_VERIFY_PARAM_set1_host; | ||
4611 | + X509_VERIFY_PARAM_add1_host; | ||
4612 | + X509_VERIFY_PARAM_set_hostflags; | ||
4613 | + X509_VERIFY_PARAM_get0_peername; | ||
4614 | + X509_VERIFY_PARAM_set1_email; | ||
4615 | + X509_VERIFY_PARAM_set1_ip; | ||
4616 | + X509_VERIFY_PARAM_set1_ip_asc; | ||
4617 | + X509_VERIFY_PARAM_get0_name; | ||
4618 | + X509_VERIFY_PARAM_get_count; | ||
4619 | + X509_VERIFY_PARAM_get0; | ||
4620 | + X509V3_EXT_free; | ||
4621 | + EC_GROUP_get_mont_data; | ||
4622 | + EC_curve_nid2nist; | ||
4623 | + EC_curve_nist2nid; | ||
4624 | + PEM_write_bio_DHxparams; | ||
4625 | + PEM_write_DHxparams; | ||
4626 | + SSL_CTX_add_client_custom_ext; | ||
4627 | + SSL_CTX_add_server_custom_ext; | ||
4628 | + SSL_extension_supported; | ||
4629 | + BUF_strnlen; | ||
4630 | + sk_deep_copy; | ||
4631 | + SSL_test_functions; | ||
4632 | +} OPENSSL_1.0.1d; | ||
4633 | + | ||
4634 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld | ||
4642 | =================================================================== | 4635 | =================================================================== |
4643 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | 4636 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 |
4644 | +++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 | 4637 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 |
4645 | @@ -0,0 +1,10 @@ | 4638 | @@ -0,0 +1,10 @@ |
4646 | +OPENSSL_1.0.0 { | 4639 | +OPENSSL_1.0.0 { |
4647 | + global: | 4640 | + global: |
@@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld | |||
4653 | + *; | 4646 | + *; |
4654 | +}; | 4647 | +}; |
4655 | + | 4648 | + |
4656 | Index: openssl-1.0.1d/engines/ccgost/openssl.ld | 4649 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld |
4657 | =================================================================== | 4650 | =================================================================== |
4658 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | 4651 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 |
4659 | +++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 | 4652 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 |
4660 | @@ -0,0 +1,10 @@ | 4653 | @@ -0,0 +1,10 @@ |
4661 | +OPENSSL_1.0.0 { | 4654 | +OPENSSL_1.0.0 { |
4662 | + global: | 4655 | + global: |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch new file mode 100644 index 00000000..c43bcd1c --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_digicert_malaysia.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From: Raphael Geissert <geissert@debian.org> | ||
2 | Description: make X509_verify_cert indicate that any certificate whose | ||
3 | name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. | ||
4 | Forwarded: not-needed | ||
5 | Origin: vendor | ||
6 | Last-Update: 2011-11-05 | ||
7 | |||
8 | Upstream-Status: Backport [debian] | ||
9 | |||
10 | |||
11 | Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c | ||
12 | =================================================================== | ||
13 | --- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 | ||
14 | +++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 | ||
15 | @@ -964,10 +964,11 @@ | ||
16 | for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) | ||
17 | { | ||
18 | x = sk_X509_value(ctx->chain, i); | ||
19 | - /* Mark DigiNotar certificates as revoked, no matter | ||
20 | - * where in the chain they are. | ||
21 | + /* Mark certificates containing the following names as | ||
22 | + * revoked, no matter where in the chain they are. | ||
23 | */ | ||
24 | - if (x->name && strstr(x->name, "DigiNotar")) | ||
25 | + if (x->name && (strstr(x->name, "DigiNotar") || | ||
26 | + strstr(x->name, "Digicert Sdn. Bhd."))) | ||
27 | { | ||
28 | ctx->error = X509_V_ERR_CERT_REVOKED; | ||
29 | ctx->error_depth = i; | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch new file mode 100644 index 00000000..d81e22cd --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/block_diginotar.patch | |||
@@ -0,0 +1,68 @@ | |||
1 | From: Raphael Geissert <geissert@debian.org> | ||
2 | Description: make X509_verify_cert indicate that any certificate whose | ||
3 | name contains "DigiNotar" is revoked. | ||
4 | Forwarded: not-needed | ||
5 | Origin: vendor | ||
6 | Last-Update: 2011-09-08 | ||
7 | Bug: http://bugs.debian.org/639744 | ||
8 | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> | ||
9 | Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk> | ||
10 | |||
11 | This is not meant as final patch. | ||
12 | |||
13 | Upstream-Status: Backport [debian] | ||
14 | |||
15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
16 | |||
17 | Index: openssl-1.0.2g/crypto/x509/x509_vfy.c | ||
18 | =================================================================== | ||
19 | --- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c | ||
20 | +++ openssl-1.0.2g/crypto/x509/x509_vfy.c | ||
21 | @@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c | ||
22 | static int check_revocation(X509_STORE_CTX *ctx); | ||
23 | static int check_cert(X509_STORE_CTX *ctx); | ||
24 | static int check_policy(X509_STORE_CTX *ctx); | ||
25 | +static int check_ca_blacklist(X509_STORE_CTX *ctx); | ||
26 | |||
27 | static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, | ||
28 | unsigned int *preasons, X509_CRL *crl, X509 *x); | ||
29 | @@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx | ||
30 | if (!ok) | ||
31 | goto err; | ||
32 | |||
33 | + ok = check_ca_blacklist(ctx); | ||
34 | + if(!ok) goto err; | ||
35 | + | ||
36 | #ifndef OPENSSL_NO_RFC3779 | ||
37 | /* RFC 3779 path validation, now that CRL check has been done */ | ||
38 | ok = v3_asid_validate_path(ctx); | ||
39 | @@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX | ||
40 | return 1; | ||
41 | } | ||
42 | |||
43 | +static int check_ca_blacklist(X509_STORE_CTX *ctx) | ||
44 | + { | ||
45 | + X509 *x; | ||
46 | + int i; | ||
47 | + /* Check all certificates against the blacklist */ | ||
48 | + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) | ||
49 | + { | ||
50 | + x = sk_X509_value(ctx->chain, i); | ||
51 | + /* Mark DigiNotar certificates as revoked, no matter | ||
52 | + * where in the chain they are. | ||
53 | + */ | ||
54 | + if (x->name && strstr(x->name, "DigiNotar")) | ||
55 | + { | ||
56 | + ctx->error = X509_V_ERR_CERT_REVOKED; | ||
57 | + ctx->error_depth = i; | ||
58 | + ctx->current_cert = x; | ||
59 | + if (!ctx->verify_cb(0,ctx)) | ||
60 | + return 0; | ||
61 | + } | ||
62 | + } | ||
63 | + return 1; | ||
64 | + } | ||
65 | + | ||
66 | static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, | ||
67 | X509 **pissuer, int *pscore, unsigned int *preasons, | ||
68 | STACK_OF(X509_CRL) *crls) | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch new file mode 100644 index 00000000..29f11a28 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/debian1.0.2/version-script.patch | |||
@@ -0,0 +1,4656 @@ | |||
1 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure | ||
2 | =================================================================== | ||
3 | --- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 | ||
4 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 | ||
5 | @@ -1651,6 +1651,8 @@ | ||
6 | } | ||
7 | } | ||
8 | |||
9 | +$shared_ldflag .= " -Wl,--version-script=openssl.ld"; | ||
10 | + | ||
11 | open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; | ||
12 | unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; | ||
13 | open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; | ||
14 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld | ||
15 | =================================================================== | ||
16 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
17 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 | ||
18 | @@ -0,0 +1,4608 @@ | ||
19 | +OPENSSL_1.0.2d { | ||
20 | + global: | ||
21 | + BIO_f_ssl; | ||
22 | + BIO_new_buffer_ssl_connect; | ||
23 | + BIO_new_ssl; | ||
24 | + BIO_new_ssl_connect; | ||
25 | + BIO_proxy_ssl_copy_session_id; | ||
26 | + BIO_ssl_copy_session_id; | ||
27 | + BIO_ssl_shutdown; | ||
28 | + d2i_SSL_SESSION; | ||
29 | + DTLSv1_client_method; | ||
30 | + DTLSv1_method; | ||
31 | + DTLSv1_server_method; | ||
32 | + ERR_load_SSL_strings; | ||
33 | + i2d_SSL_SESSION; | ||
34 | + kssl_build_principal_2; | ||
35 | + kssl_cget_tkt; | ||
36 | + kssl_check_authent; | ||
37 | + kssl_ctx_free; | ||
38 | + kssl_ctx_new; | ||
39 | + kssl_ctx_setkey; | ||
40 | + kssl_ctx_setprinc; | ||
41 | + kssl_ctx_setstring; | ||
42 | + kssl_ctx_show; | ||
43 | + kssl_err_set; | ||
44 | + kssl_krb5_free_data_contents; | ||
45 | + kssl_sget_tkt; | ||
46 | + kssl_skip_confound; | ||
47 | + kssl_validate_times; | ||
48 | + PEM_read_bio_SSL_SESSION; | ||
49 | + PEM_read_SSL_SESSION; | ||
50 | + PEM_write_bio_SSL_SESSION; | ||
51 | + PEM_write_SSL_SESSION; | ||
52 | + SSL_accept; | ||
53 | + SSL_add_client_CA; | ||
54 | + SSL_add_dir_cert_subjects_to_stack; | ||
55 | + SSL_add_dir_cert_subjs_to_stk; | ||
56 | + SSL_add_file_cert_subjects_to_stack; | ||
57 | + SSL_add_file_cert_subjs_to_stk; | ||
58 | + SSL_alert_desc_string; | ||
59 | + SSL_alert_desc_string_long; | ||
60 | + SSL_alert_type_string; | ||
61 | + SSL_alert_type_string_long; | ||
62 | + SSL_callback_ctrl; | ||
63 | + SSL_check_private_key; | ||
64 | + SSL_CIPHER_description; | ||
65 | + SSL_CIPHER_get_bits; | ||
66 | + SSL_CIPHER_get_name; | ||
67 | + SSL_CIPHER_get_version; | ||
68 | + SSL_clear; | ||
69 | + SSL_COMP_add_compression_method; | ||
70 | + SSL_COMP_get_compression_methods; | ||
71 | + SSL_COMP_get_compress_methods; | ||
72 | + SSL_COMP_get_name; | ||
73 | + SSL_connect; | ||
74 | + SSL_copy_session_id; | ||
75 | + SSL_ctrl; | ||
76 | + SSL_CTX_add_client_CA; | ||
77 | + SSL_CTX_add_session; | ||
78 | + SSL_CTX_callback_ctrl; | ||
79 | + SSL_CTX_check_private_key; | ||
80 | + SSL_CTX_ctrl; | ||
81 | + SSL_CTX_flush_sessions; | ||
82 | + SSL_CTX_free; | ||
83 | + SSL_CTX_get_cert_store; | ||
84 | + SSL_CTX_get_client_CA_list; | ||
85 | + SSL_CTX_get_client_cert_cb; | ||
86 | + SSL_CTX_get_ex_data; | ||
87 | + SSL_CTX_get_ex_new_index; | ||
88 | + SSL_CTX_get_info_callback; | ||
89 | + SSL_CTX_get_quiet_shutdown; | ||
90 | + SSL_CTX_get_timeout; | ||
91 | + SSL_CTX_get_verify_callback; | ||
92 | + SSL_CTX_get_verify_depth; | ||
93 | + SSL_CTX_get_verify_mode; | ||
94 | + SSL_CTX_load_verify_locations; | ||
95 | + SSL_CTX_new; | ||
96 | + SSL_CTX_remove_session; | ||
97 | + SSL_CTX_sess_get_get_cb; | ||
98 | + SSL_CTX_sess_get_new_cb; | ||
99 | + SSL_CTX_sess_get_remove_cb; | ||
100 | + SSL_CTX_sessions; | ||
101 | + SSL_CTX_sess_set_get_cb; | ||
102 | + SSL_CTX_sess_set_new_cb; | ||
103 | + SSL_CTX_sess_set_remove_cb; | ||
104 | + SSL_CTX_set1_param; | ||
105 | + SSL_CTX_set_cert_store; | ||
106 | + SSL_CTX_set_cert_verify_callback; | ||
107 | + SSL_CTX_set_cert_verify_cb; | ||
108 | + SSL_CTX_set_cipher_list; | ||
109 | + SSL_CTX_set_client_CA_list; | ||
110 | + SSL_CTX_set_client_cert_cb; | ||
111 | + SSL_CTX_set_client_cert_engine; | ||
112 | + SSL_CTX_set_cookie_generate_cb; | ||
113 | + SSL_CTX_set_cookie_verify_cb; | ||
114 | + SSL_CTX_set_default_passwd_cb; | ||
115 | + SSL_CTX_set_default_passwd_cb_userdata; | ||
116 | + SSL_CTX_set_default_verify_paths; | ||
117 | + SSL_CTX_set_def_passwd_cb_ud; | ||
118 | + SSL_CTX_set_def_verify_paths; | ||
119 | + SSL_CTX_set_ex_data; | ||
120 | + SSL_CTX_set_generate_session_id; | ||
121 | + SSL_CTX_set_info_callback; | ||
122 | + SSL_CTX_set_msg_callback; | ||
123 | + SSL_CTX_set_psk_client_callback; | ||
124 | + SSL_CTX_set_psk_server_callback; | ||
125 | + SSL_CTX_set_purpose; | ||
126 | + SSL_CTX_set_quiet_shutdown; | ||
127 | + SSL_CTX_set_session_id_context; | ||
128 | + SSL_CTX_set_ssl_version; | ||
129 | + SSL_CTX_set_timeout; | ||
130 | + SSL_CTX_set_tmp_dh_callback; | ||
131 | + SSL_CTX_set_tmp_ecdh_callback; | ||
132 | + SSL_CTX_set_tmp_rsa_callback; | ||
133 | + SSL_CTX_set_trust; | ||
134 | + SSL_CTX_set_verify; | ||
135 | + SSL_CTX_set_verify_depth; | ||
136 | + SSL_CTX_use_cert_chain_file; | ||
137 | + SSL_CTX_use_certificate; | ||
138 | + SSL_CTX_use_certificate_ASN1; | ||
139 | + SSL_CTX_use_certificate_chain_file; | ||
140 | + SSL_CTX_use_certificate_file; | ||
141 | + SSL_CTX_use_PrivateKey; | ||
142 | + SSL_CTX_use_PrivateKey_ASN1; | ||
143 | + SSL_CTX_use_PrivateKey_file; | ||
144 | + SSL_CTX_use_psk_identity_hint; | ||
145 | + SSL_CTX_use_RSAPrivateKey; | ||
146 | + SSL_CTX_use_RSAPrivateKey_ASN1; | ||
147 | + SSL_CTX_use_RSAPrivateKey_file; | ||
148 | + SSL_do_handshake; | ||
149 | + SSL_dup; | ||
150 | + SSL_dup_CA_list; | ||
151 | + SSLeay_add_ssl_algorithms; | ||
152 | + SSL_free; | ||
153 | + SSL_get1_session; | ||
154 | + SSL_get_certificate; | ||
155 | + SSL_get_cipher_list; | ||
156 | + SSL_get_ciphers; | ||
157 | + SSL_get_client_CA_list; | ||
158 | + SSL_get_current_cipher; | ||
159 | + SSL_get_current_compression; | ||
160 | + SSL_get_current_expansion; | ||
161 | + SSL_get_default_timeout; | ||
162 | + SSL_get_error; | ||
163 | + SSL_get_ex_data; | ||
164 | + SSL_get_ex_data_X509_STORE_CTX_idx; | ||
165 | + SSL_get_ex_d_X509_STORE_CTX_idx; | ||
166 | + SSL_get_ex_new_index; | ||
167 | + SSL_get_fd; | ||
168 | + SSL_get_finished; | ||
169 | + SSL_get_info_callback; | ||
170 | + SSL_get_peer_cert_chain; | ||
171 | + SSL_get_peer_certificate; | ||
172 | + SSL_get_peer_finished; | ||
173 | + SSL_get_privatekey; | ||
174 | + SSL_get_psk_identity; | ||
175 | + SSL_get_psk_identity_hint; | ||
176 | + SSL_get_quiet_shutdown; | ||
177 | + SSL_get_rbio; | ||
178 | + SSL_get_read_ahead; | ||
179 | + SSL_get_rfd; | ||
180 | + SSL_get_servername; | ||
181 | + SSL_get_servername_type; | ||
182 | + SSL_get_session; | ||
183 | + SSL_get_shared_ciphers; | ||
184 | + SSL_get_shutdown; | ||
185 | + SSL_get_SSL_CTX; | ||
186 | + SSL_get_ssl_method; | ||
187 | + SSL_get_verify_callback; | ||
188 | + SSL_get_verify_depth; | ||
189 | + SSL_get_verify_mode; | ||
190 | + SSL_get_verify_result; | ||
191 | + SSL_get_version; | ||
192 | + SSL_get_wbio; | ||
193 | + SSL_get_wfd; | ||
194 | + SSL_has_matching_session_id; | ||
195 | + SSL_library_init; | ||
196 | + SSL_load_client_CA_file; | ||
197 | + SSL_load_error_strings; | ||
198 | + SSL_new; | ||
199 | + SSL_peek; | ||
200 | + SSL_pending; | ||
201 | + SSL_read; | ||
202 | + SSL_renegotiate; | ||
203 | + SSL_renegotiate_pending; | ||
204 | + SSL_rstate_string; | ||
205 | + SSL_rstate_string_long; | ||
206 | + SSL_SESSION_cmp; | ||
207 | + SSL_SESSION_free; | ||
208 | + SSL_SESSION_get_ex_data; | ||
209 | + SSL_SESSION_get_ex_new_index; | ||
210 | + SSL_SESSION_get_id; | ||
211 | + SSL_SESSION_get_time; | ||
212 | + SSL_SESSION_get_timeout; | ||
213 | + SSL_SESSION_hash; | ||
214 | + SSL_SESSION_new; | ||
215 | + SSL_SESSION_print; | ||
216 | + SSL_SESSION_print_fp; | ||
217 | + SSL_SESSION_set_ex_data; | ||
218 | + SSL_SESSION_set_time; | ||
219 | + SSL_SESSION_set_timeout; | ||
220 | + SSL_set1_param; | ||
221 | + SSL_set_accept_state; | ||
222 | + SSL_set_bio; | ||
223 | + SSL_set_cipher_list; | ||
224 | + SSL_set_client_CA_list; | ||
225 | + SSL_set_connect_state; | ||
226 | + SSL_set_ex_data; | ||
227 | + SSL_set_fd; | ||
228 | + SSL_set_generate_session_id; | ||
229 | + SSL_set_info_callback; | ||
230 | + SSL_set_msg_callback; | ||
231 | + SSL_set_psk_client_callback; | ||
232 | + SSL_set_psk_server_callback; | ||
233 | + SSL_set_purpose; | ||
234 | + SSL_set_quiet_shutdown; | ||
235 | + SSL_set_read_ahead; | ||
236 | + SSL_set_rfd; | ||
237 | + SSL_set_session; | ||
238 | + SSL_set_session_id_context; | ||
239 | + SSL_set_session_secret_cb; | ||
240 | + SSL_set_session_ticket_ext; | ||
241 | + SSL_set_session_ticket_ext_cb; | ||
242 | + SSL_set_shutdown; | ||
243 | + SSL_set_SSL_CTX; | ||
244 | + SSL_set_ssl_method; | ||
245 | + SSL_set_tmp_dh_callback; | ||
246 | + SSL_set_tmp_ecdh_callback; | ||
247 | + SSL_set_tmp_rsa_callback; | ||
248 | + SSL_set_trust; | ||
249 | + SSL_set_verify; | ||
250 | + SSL_set_verify_depth; | ||
251 | + SSL_set_verify_result; | ||
252 | + SSL_set_wfd; | ||
253 | + SSL_shutdown; | ||
254 | + SSL_state; | ||
255 | + SSL_state_string; | ||
256 | + SSL_state_string_long; | ||
257 | + SSL_use_certificate; | ||
258 | + SSL_use_certificate_ASN1; | ||
259 | + SSL_use_certificate_file; | ||
260 | + SSL_use_PrivateKey; | ||
261 | + SSL_use_PrivateKey_ASN1; | ||
262 | + SSL_use_PrivateKey_file; | ||
263 | + SSL_use_psk_identity_hint; | ||
264 | + SSL_use_RSAPrivateKey; | ||
265 | + SSL_use_RSAPrivateKey_ASN1; | ||
266 | + SSL_use_RSAPrivateKey_file; | ||
267 | + SSLv23_client_method; | ||
268 | + SSLv23_method; | ||
269 | + SSLv23_server_method; | ||
270 | + SSLv2_client_method; | ||
271 | + SSLv2_method; | ||
272 | + SSLv2_server_method; | ||
273 | + SSLv3_client_method; | ||
274 | + SSLv3_method; | ||
275 | + SSLv3_server_method; | ||
276 | + SSL_version; | ||
277 | + SSL_want; | ||
278 | + SSL_write; | ||
279 | + TLSv1_client_method; | ||
280 | + TLSv1_method; | ||
281 | + TLSv1_server_method; | ||
282 | + | ||
283 | + | ||
284 | + SSLeay; | ||
285 | + SSLeay_version; | ||
286 | + ASN1_BIT_STRING_asn1_meth; | ||
287 | + ASN1_HEADER_free; | ||
288 | + ASN1_HEADER_new; | ||
289 | + ASN1_IA5STRING_asn1_meth; | ||
290 | + ASN1_INTEGER_get; | ||
291 | + ASN1_INTEGER_set; | ||
292 | + ASN1_INTEGER_to_BN; | ||
293 | + ASN1_OBJECT_create; | ||
294 | + ASN1_OBJECT_free; | ||
295 | + ASN1_OBJECT_new; | ||
296 | + ASN1_PRINTABLE_type; | ||
297 | + ASN1_STRING_cmp; | ||
298 | + ASN1_STRING_dup; | ||
299 | + ASN1_STRING_free; | ||
300 | + ASN1_STRING_new; | ||
301 | + ASN1_STRING_print; | ||
302 | + ASN1_STRING_set; | ||
303 | + ASN1_STRING_type_new; | ||
304 | + ASN1_TYPE_free; | ||
305 | + ASN1_TYPE_new; | ||
306 | + ASN1_UNIVERSALSTRING_to_string; | ||
307 | + ASN1_UTCTIME_check; | ||
308 | + ASN1_UTCTIME_print; | ||
309 | + ASN1_UTCTIME_set; | ||
310 | + ASN1_check_infinite_end; | ||
311 | + ASN1_d2i_bio; | ||
312 | + ASN1_d2i_fp; | ||
313 | + ASN1_digest; | ||
314 | + ASN1_dup; | ||
315 | + ASN1_get_object; | ||
316 | + ASN1_i2d_bio; | ||
317 | + ASN1_i2d_fp; | ||
318 | + ASN1_object_size; | ||
319 | + ASN1_parse; | ||
320 | + ASN1_put_object; | ||
321 | + ASN1_sign; | ||
322 | + ASN1_verify; | ||
323 | + BF_cbc_encrypt; | ||
324 | + BF_cfb64_encrypt; | ||
325 | + BF_ecb_encrypt; | ||
326 | + BF_encrypt; | ||
327 | + BF_ofb64_encrypt; | ||
328 | + BF_options; | ||
329 | + BF_set_key; | ||
330 | + BIO_CONNECT_free; | ||
331 | + BIO_CONNECT_new; | ||
332 | + BIO_accept; | ||
333 | + BIO_ctrl; | ||
334 | + BIO_int_ctrl; | ||
335 | + BIO_debug_callback; | ||
336 | + BIO_dump; | ||
337 | + BIO_dup_chain; | ||
338 | + BIO_f_base64; | ||
339 | + BIO_f_buffer; | ||
340 | + BIO_f_cipher; | ||
341 | + BIO_f_md; | ||
342 | + BIO_f_null; | ||
343 | + BIO_f_proxy_server; | ||
344 | + BIO_fd_non_fatal_error; | ||
345 | + BIO_fd_should_retry; | ||
346 | + BIO_find_type; | ||
347 | + BIO_free; | ||
348 | + BIO_free_all; | ||
349 | + BIO_get_accept_socket; | ||
350 | + BIO_get_filter_bio; | ||
351 | + BIO_get_host_ip; | ||
352 | + BIO_get_port; | ||
353 | + BIO_get_retry_BIO; | ||
354 | + BIO_get_retry_reason; | ||
355 | + BIO_gethostbyname; | ||
356 | + BIO_gets; | ||
357 | + BIO_new; | ||
358 | + BIO_new_accept; | ||
359 | + BIO_new_connect; | ||
360 | + BIO_new_fd; | ||
361 | + BIO_new_file; | ||
362 | + BIO_new_fp; | ||
363 | + BIO_new_socket; | ||
364 | + BIO_pop; | ||
365 | + BIO_printf; | ||
366 | + BIO_push; | ||
367 | + BIO_puts; | ||
368 | + BIO_read; | ||
369 | + BIO_s_accept; | ||
370 | + BIO_s_connect; | ||
371 | + BIO_s_fd; | ||
372 | + BIO_s_file; | ||
373 | + BIO_s_mem; | ||
374 | + BIO_s_null; | ||
375 | + BIO_s_proxy_client; | ||
376 | + BIO_s_socket; | ||
377 | + BIO_set; | ||
378 | + BIO_set_cipher; | ||
379 | + BIO_set_tcp_ndelay; | ||
380 | + BIO_sock_cleanup; | ||
381 | + BIO_sock_error; | ||
382 | + BIO_sock_init; | ||
383 | + BIO_sock_non_fatal_error; | ||
384 | + BIO_sock_should_retry; | ||
385 | + BIO_socket_ioctl; | ||
386 | + BIO_write; | ||
387 | + BN_CTX_free; | ||
388 | + BN_CTX_new; | ||
389 | + BN_MONT_CTX_free; | ||
390 | + BN_MONT_CTX_new; | ||
391 | + BN_MONT_CTX_set; | ||
392 | + BN_add; | ||
393 | + BN_add_word; | ||
394 | + BN_hex2bn; | ||
395 | + BN_bin2bn; | ||
396 | + BN_bn2hex; | ||
397 | + BN_bn2bin; | ||
398 | + BN_clear; | ||
399 | + BN_clear_bit; | ||
400 | + BN_clear_free; | ||
401 | + BN_cmp; | ||
402 | + BN_copy; | ||
403 | + BN_div; | ||
404 | + BN_div_word; | ||
405 | + BN_dup; | ||
406 | + BN_free; | ||
407 | + BN_from_montgomery; | ||
408 | + BN_gcd; | ||
409 | + BN_generate_prime; | ||
410 | + BN_get_word; | ||
411 | + BN_is_bit_set; | ||
412 | + BN_is_prime; | ||
413 | + BN_lshift; | ||
414 | + BN_lshift1; | ||
415 | + BN_mask_bits; | ||
416 | + BN_mod; | ||
417 | + BN_mod_exp; | ||
418 | + BN_mod_exp_mont; | ||
419 | + BN_mod_exp_simple; | ||
420 | + BN_mod_inverse; | ||
421 | + BN_mod_mul; | ||
422 | + BN_mod_mul_montgomery; | ||
423 | + BN_mod_word; | ||
424 | + BN_mul; | ||
425 | + BN_new; | ||
426 | + BN_num_bits; | ||
427 | + BN_num_bits_word; | ||
428 | + BN_options; | ||
429 | + BN_print; | ||
430 | + BN_print_fp; | ||
431 | + BN_rand; | ||
432 | + BN_reciprocal; | ||
433 | + BN_rshift; | ||
434 | + BN_rshift1; | ||
435 | + BN_set_bit; | ||
436 | + BN_set_word; | ||
437 | + BN_sqr; | ||
438 | + BN_sub; | ||
439 | + BN_to_ASN1_INTEGER; | ||
440 | + BN_ucmp; | ||
441 | + BN_value_one; | ||
442 | + BUF_MEM_free; | ||
443 | + BUF_MEM_grow; | ||
444 | + BUF_MEM_new; | ||
445 | + BUF_strdup; | ||
446 | + CONF_free; | ||
447 | + CONF_get_number; | ||
448 | + CONF_get_section; | ||
449 | + CONF_get_string; | ||
450 | + CONF_load; | ||
451 | + CRYPTO_add_lock; | ||
452 | + CRYPTO_dbg_free; | ||
453 | + CRYPTO_dbg_malloc; | ||
454 | + CRYPTO_dbg_realloc; | ||
455 | + CRYPTO_dbg_remalloc; | ||
456 | + CRYPTO_free; | ||
457 | + CRYPTO_get_add_lock_callback; | ||
458 | + CRYPTO_get_id_callback; | ||
459 | + CRYPTO_get_lock_name; | ||
460 | + CRYPTO_get_locking_callback; | ||
461 | + CRYPTO_get_mem_functions; | ||
462 | + CRYPTO_lock; | ||
463 | + CRYPTO_malloc; | ||
464 | + CRYPTO_mem_ctrl; | ||
465 | + CRYPTO_mem_leaks; | ||
466 | + CRYPTO_mem_leaks_cb; | ||
467 | + CRYPTO_mem_leaks_fp; | ||
468 | + CRYPTO_realloc; | ||
469 | + CRYPTO_remalloc; | ||
470 | + CRYPTO_set_add_lock_callback; | ||
471 | + CRYPTO_set_id_callback; | ||
472 | + CRYPTO_set_locking_callback; | ||
473 | + CRYPTO_set_mem_functions; | ||
474 | + CRYPTO_thread_id; | ||
475 | + DH_check; | ||
476 | + DH_compute_key; | ||
477 | + DH_free; | ||
478 | + DH_generate_key; | ||
479 | + DH_generate_parameters; | ||
480 | + DH_new; | ||
481 | + DH_size; | ||
482 | + DHparams_print; | ||
483 | + DHparams_print_fp; | ||
484 | + DSA_free; | ||
485 | + DSA_generate_key; | ||
486 | + DSA_generate_parameters; | ||
487 | + DSA_is_prime; | ||
488 | + DSA_new; | ||
489 | + DSA_print; | ||
490 | + DSA_print_fp; | ||
491 | + DSA_sign; | ||
492 | + DSA_sign_setup; | ||
493 | + DSA_size; | ||
494 | + DSA_verify; | ||
495 | + DSAparams_print; | ||
496 | + DSAparams_print_fp; | ||
497 | + ERR_clear_error; | ||
498 | + ERR_error_string; | ||
499 | + ERR_free_strings; | ||
500 | + ERR_func_error_string; | ||
501 | + ERR_get_err_state_table; | ||
502 | + ERR_get_error; | ||
503 | + ERR_get_error_line; | ||
504 | + ERR_get_state; | ||
505 | + ERR_get_string_table; | ||
506 | + ERR_lib_error_string; | ||
507 | + ERR_load_ASN1_strings; | ||
508 | + ERR_load_BIO_strings; | ||
509 | + ERR_load_BN_strings; | ||
510 | + ERR_load_BUF_strings; | ||
511 | + ERR_load_CONF_strings; | ||
512 | + ERR_load_DH_strings; | ||
513 | + ERR_load_DSA_strings; | ||
514 | + ERR_load_ERR_strings; | ||
515 | + ERR_load_EVP_strings; | ||
516 | + ERR_load_OBJ_strings; | ||
517 | + ERR_load_PEM_strings; | ||
518 | + ERR_load_PROXY_strings; | ||
519 | + ERR_load_RSA_strings; | ||
520 | + ERR_load_X509_strings; | ||
521 | + ERR_load_crypto_strings; | ||
522 | + ERR_load_strings; | ||
523 | + ERR_peek_error; | ||
524 | + ERR_peek_error_line; | ||
525 | + ERR_print_errors; | ||
526 | + ERR_print_errors_fp; | ||
527 | + ERR_put_error; | ||
528 | + ERR_reason_error_string; | ||
529 | + ERR_remove_state; | ||
530 | + EVP_BytesToKey; | ||
531 | + EVP_CIPHER_CTX_cleanup; | ||
532 | + EVP_CipherFinal; | ||
533 | + EVP_CipherInit; | ||
534 | + EVP_CipherUpdate; | ||
535 | + EVP_DecodeBlock; | ||
536 | + EVP_DecodeFinal; | ||
537 | + EVP_DecodeInit; | ||
538 | + EVP_DecodeUpdate; | ||
539 | + EVP_DecryptFinal; | ||
540 | + EVP_DecryptInit; | ||
541 | + EVP_DecryptUpdate; | ||
542 | + EVP_DigestFinal; | ||
543 | + EVP_DigestInit; | ||
544 | + EVP_DigestUpdate; | ||
545 | + EVP_EncodeBlock; | ||
546 | + EVP_EncodeFinal; | ||
547 | + EVP_EncodeInit; | ||
548 | + EVP_EncodeUpdate; | ||
549 | + EVP_EncryptFinal; | ||
550 | + EVP_EncryptInit; | ||
551 | + EVP_EncryptUpdate; | ||
552 | + EVP_OpenFinal; | ||
553 | + EVP_OpenInit; | ||
554 | + EVP_PKEY_assign; | ||
555 | + EVP_PKEY_copy_parameters; | ||
556 | + EVP_PKEY_free; | ||
557 | + EVP_PKEY_missing_parameters; | ||
558 | + EVP_PKEY_new; | ||
559 | + EVP_PKEY_save_parameters; | ||
560 | + EVP_PKEY_size; | ||
561 | + EVP_PKEY_type; | ||
562 | + EVP_SealFinal; | ||
563 | + EVP_SealInit; | ||
564 | + EVP_SignFinal; | ||
565 | + EVP_VerifyFinal; | ||
566 | + EVP_add_alias; | ||
567 | + EVP_add_cipher; | ||
568 | + EVP_add_digest; | ||
569 | + EVP_bf_cbc; | ||
570 | + EVP_bf_cfb64; | ||
571 | + EVP_bf_ecb; | ||
572 | + EVP_bf_ofb; | ||
573 | + EVP_cleanup; | ||
574 | + EVP_des_cbc; | ||
575 | + EVP_des_cfb64; | ||
576 | + EVP_des_ecb; | ||
577 | + EVP_des_ede; | ||
578 | + EVP_des_ede3; | ||
579 | + EVP_des_ede3_cbc; | ||
580 | + EVP_des_ede3_cfb64; | ||
581 | + EVP_des_ede3_ofb; | ||
582 | + EVP_des_ede_cbc; | ||
583 | + EVP_des_ede_cfb64; | ||
584 | + EVP_des_ede_ofb; | ||
585 | + EVP_des_ofb; | ||
586 | + EVP_desx_cbc; | ||
587 | + EVP_dss; | ||
588 | + EVP_dss1; | ||
589 | + EVP_enc_null; | ||
590 | + EVP_get_cipherbyname; | ||
591 | + EVP_get_digestbyname; | ||
592 | + EVP_get_pw_prompt; | ||
593 | + EVP_idea_cbc; | ||
594 | + EVP_idea_cfb64; | ||
595 | + EVP_idea_ecb; | ||
596 | + EVP_idea_ofb; | ||
597 | + EVP_md2; | ||
598 | + EVP_md5; | ||
599 | + EVP_md_null; | ||
600 | + EVP_rc2_cbc; | ||
601 | + EVP_rc2_cfb64; | ||
602 | + EVP_rc2_ecb; | ||
603 | + EVP_rc2_ofb; | ||
604 | + EVP_rc4; | ||
605 | + EVP_read_pw_string; | ||
606 | + EVP_set_pw_prompt; | ||
607 | + EVP_sha; | ||
608 | + EVP_sha1; | ||
609 | + MD2; | ||
610 | + MD2_Final; | ||
611 | + MD2_Init; | ||
612 | + MD2_Update; | ||
613 | + MD2_options; | ||
614 | + MD5; | ||
615 | + MD5_Final; | ||
616 | + MD5_Init; | ||
617 | + MD5_Update; | ||
618 | + MDC2; | ||
619 | + MDC2_Final; | ||
620 | + MDC2_Init; | ||
621 | + MDC2_Update; | ||
622 | + NETSCAPE_SPKAC_free; | ||
623 | + NETSCAPE_SPKAC_new; | ||
624 | + NETSCAPE_SPKI_free; | ||
625 | + NETSCAPE_SPKI_new; | ||
626 | + NETSCAPE_SPKI_sign; | ||
627 | + NETSCAPE_SPKI_verify; | ||
628 | + OBJ_add_object; | ||
629 | + OBJ_bsearch; | ||
630 | + OBJ_cleanup; | ||
631 | + OBJ_cmp; | ||
632 | + OBJ_create; | ||
633 | + OBJ_dup; | ||
634 | + OBJ_ln2nid; | ||
635 | + OBJ_new_nid; | ||
636 | + OBJ_nid2ln; | ||
637 | + OBJ_nid2obj; | ||
638 | + OBJ_nid2sn; | ||
639 | + OBJ_obj2nid; | ||
640 | + OBJ_sn2nid; | ||
641 | + OBJ_txt2nid; | ||
642 | + PEM_ASN1_read; | ||
643 | + PEM_ASN1_read_bio; | ||
644 | + PEM_ASN1_write; | ||
645 | + PEM_ASN1_write_bio; | ||
646 | + PEM_SealFinal; | ||
647 | + PEM_SealInit; | ||
648 | + PEM_SealUpdate; | ||
649 | + PEM_SignFinal; | ||
650 | + PEM_SignInit; | ||
651 | + PEM_SignUpdate; | ||
652 | + PEM_X509_INFO_read; | ||
653 | + PEM_X509_INFO_read_bio; | ||
654 | + PEM_X509_INFO_write_bio; | ||
655 | + PEM_dek_info; | ||
656 | + PEM_do_header; | ||
657 | + PEM_get_EVP_CIPHER_INFO; | ||
658 | + PEM_proc_type; | ||
659 | + PEM_read; | ||
660 | + PEM_read_DHparams; | ||
661 | + PEM_read_DSAPrivateKey; | ||
662 | + PEM_read_DSAparams; | ||
663 | + PEM_read_PKCS7; | ||
664 | + PEM_read_PrivateKey; | ||
665 | + PEM_read_RSAPrivateKey; | ||
666 | + PEM_read_X509; | ||
667 | + PEM_read_X509_CRL; | ||
668 | + PEM_read_X509_REQ; | ||
669 | + PEM_read_bio; | ||
670 | + PEM_read_bio_DHparams; | ||
671 | + PEM_read_bio_DSAPrivateKey; | ||
672 | + PEM_read_bio_DSAparams; | ||
673 | + PEM_read_bio_PKCS7; | ||
674 | + PEM_read_bio_PrivateKey; | ||
675 | + PEM_read_bio_RSAPrivateKey; | ||
676 | + PEM_read_bio_X509; | ||
677 | + PEM_read_bio_X509_CRL; | ||
678 | + PEM_read_bio_X509_REQ; | ||
679 | + PEM_write; | ||
680 | + PEM_write_DHparams; | ||
681 | + PEM_write_DSAPrivateKey; | ||
682 | + PEM_write_DSAparams; | ||
683 | + PEM_write_PKCS7; | ||
684 | + PEM_write_PrivateKey; | ||
685 | + PEM_write_RSAPrivateKey; | ||
686 | + PEM_write_X509; | ||
687 | + PEM_write_X509_CRL; | ||
688 | + PEM_write_X509_REQ; | ||
689 | + PEM_write_bio; | ||
690 | + PEM_write_bio_DHparams; | ||
691 | + PEM_write_bio_DSAPrivateKey; | ||
692 | + PEM_write_bio_DSAparams; | ||
693 | + PEM_write_bio_PKCS7; | ||
694 | + PEM_write_bio_PrivateKey; | ||
695 | + PEM_write_bio_RSAPrivateKey; | ||
696 | + PEM_write_bio_X509; | ||
697 | + PEM_write_bio_X509_CRL; | ||
698 | + PEM_write_bio_X509_REQ; | ||
699 | + PKCS7_DIGEST_free; | ||
700 | + PKCS7_DIGEST_new; | ||
701 | + PKCS7_ENCRYPT_free; | ||
702 | + PKCS7_ENCRYPT_new; | ||
703 | + PKCS7_ENC_CONTENT_free; | ||
704 | + PKCS7_ENC_CONTENT_new; | ||
705 | + PKCS7_ENVELOPE_free; | ||
706 | + PKCS7_ENVELOPE_new; | ||
707 | + PKCS7_ISSUER_AND_SERIAL_digest; | ||
708 | + PKCS7_ISSUER_AND_SERIAL_free; | ||
709 | + PKCS7_ISSUER_AND_SERIAL_new; | ||
710 | + PKCS7_RECIP_INFO_free; | ||
711 | + PKCS7_RECIP_INFO_new; | ||
712 | + PKCS7_SIGNED_free; | ||
713 | + PKCS7_SIGNED_new; | ||
714 | + PKCS7_SIGNER_INFO_free; | ||
715 | + PKCS7_SIGNER_INFO_new; | ||
716 | + PKCS7_SIGN_ENVELOPE_free; | ||
717 | + PKCS7_SIGN_ENVELOPE_new; | ||
718 | + PKCS7_dup; | ||
719 | + PKCS7_free; | ||
720 | + PKCS7_new; | ||
721 | + PROXY_ENTRY_add_noproxy; | ||
722 | + PROXY_ENTRY_clear_noproxy; | ||
723 | + PROXY_ENTRY_free; | ||
724 | + PROXY_ENTRY_get_noproxy; | ||
725 | + PROXY_ENTRY_new; | ||
726 | + PROXY_ENTRY_set_server; | ||
727 | + PROXY_add_noproxy; | ||
728 | + PROXY_add_server; | ||
729 | + PROXY_check_by_host; | ||
730 | + PROXY_check_url; | ||
731 | + PROXY_clear_noproxy; | ||
732 | + PROXY_free; | ||
733 | + PROXY_get_noproxy; | ||
734 | + PROXY_get_proxies; | ||
735 | + PROXY_get_proxy_entry; | ||
736 | + PROXY_load_conf; | ||
737 | + PROXY_new; | ||
738 | + PROXY_print; | ||
739 | + RAND_bytes; | ||
740 | + RAND_cleanup; | ||
741 | + RAND_file_name; | ||
742 | + RAND_load_file; | ||
743 | + RAND_screen; | ||
744 | + RAND_seed; | ||
745 | + RAND_write_file; | ||
746 | + RC2_cbc_encrypt; | ||
747 | + RC2_cfb64_encrypt; | ||
748 | + RC2_ecb_encrypt; | ||
749 | + RC2_encrypt; | ||
750 | + RC2_ofb64_encrypt; | ||
751 | + RC2_set_key; | ||
752 | + RC4; | ||
753 | + RC4_options; | ||
754 | + RC4_set_key; | ||
755 | + RSAPrivateKey_asn1_meth; | ||
756 | + RSAPrivateKey_dup; | ||
757 | + RSAPublicKey_dup; | ||
758 | + RSA_PKCS1_SSLeay; | ||
759 | + RSA_free; | ||
760 | + RSA_generate_key; | ||
761 | + RSA_new; | ||
762 | + RSA_new_method; | ||
763 | + RSA_print; | ||
764 | + RSA_print_fp; | ||
765 | + RSA_private_decrypt; | ||
766 | + RSA_private_encrypt; | ||
767 | + RSA_public_decrypt; | ||
768 | + RSA_public_encrypt; | ||
769 | + RSA_set_default_method; | ||
770 | + RSA_sign; | ||
771 | + RSA_sign_ASN1_OCTET_STRING; | ||
772 | + RSA_size; | ||
773 | + RSA_verify; | ||
774 | + RSA_verify_ASN1_OCTET_STRING; | ||
775 | + SHA; | ||
776 | + SHA1; | ||
777 | + SHA1_Final; | ||
778 | + SHA1_Init; | ||
779 | + SHA1_Update; | ||
780 | + SHA_Final; | ||
781 | + SHA_Init; | ||
782 | + SHA_Update; | ||
783 | + OpenSSL_add_all_algorithms; | ||
784 | + OpenSSL_add_all_ciphers; | ||
785 | + OpenSSL_add_all_digests; | ||
786 | + TXT_DB_create_index; | ||
787 | + TXT_DB_free; | ||
788 | + TXT_DB_get_by_index; | ||
789 | + TXT_DB_insert; | ||
790 | + TXT_DB_read; | ||
791 | + TXT_DB_write; | ||
792 | + X509_ALGOR_free; | ||
793 | + X509_ALGOR_new; | ||
794 | + X509_ATTRIBUTE_free; | ||
795 | + X509_ATTRIBUTE_new; | ||
796 | + X509_CINF_free; | ||
797 | + X509_CINF_new; | ||
798 | + X509_CRL_INFO_free; | ||
799 | + X509_CRL_INFO_new; | ||
800 | + X509_CRL_add_ext; | ||
801 | + X509_CRL_cmp; | ||
802 | + X509_CRL_delete_ext; | ||
803 | + X509_CRL_dup; | ||
804 | + X509_CRL_free; | ||
805 | + X509_CRL_get_ext; | ||
806 | + X509_CRL_get_ext_by_NID; | ||
807 | + X509_CRL_get_ext_by_OBJ; | ||
808 | + X509_CRL_get_ext_by_critical; | ||
809 | + X509_CRL_get_ext_count; | ||
810 | + X509_CRL_new; | ||
811 | + X509_CRL_sign; | ||
812 | + X509_CRL_verify; | ||
813 | + X509_EXTENSION_create_by_NID; | ||
814 | + X509_EXTENSION_create_by_OBJ; | ||
815 | + X509_EXTENSION_dup; | ||
816 | + X509_EXTENSION_free; | ||
817 | + X509_EXTENSION_get_critical; | ||
818 | + X509_EXTENSION_get_data; | ||
819 | + X509_EXTENSION_get_object; | ||
820 | + X509_EXTENSION_new; | ||
821 | + X509_EXTENSION_set_critical; | ||
822 | + X509_EXTENSION_set_data; | ||
823 | + X509_EXTENSION_set_object; | ||
824 | + X509_INFO_free; | ||
825 | + X509_INFO_new; | ||
826 | + X509_LOOKUP_by_alias; | ||
827 | + X509_LOOKUP_by_fingerprint; | ||
828 | + X509_LOOKUP_by_issuer_serial; | ||
829 | + X509_LOOKUP_by_subject; | ||
830 | + X509_LOOKUP_ctrl; | ||
831 | + X509_LOOKUP_file; | ||
832 | + X509_LOOKUP_free; | ||
833 | + X509_LOOKUP_hash_dir; | ||
834 | + X509_LOOKUP_init; | ||
835 | + X509_LOOKUP_new; | ||
836 | + X509_LOOKUP_shutdown; | ||
837 | + X509_NAME_ENTRY_create_by_NID; | ||
838 | + X509_NAME_ENTRY_create_by_OBJ; | ||
839 | + X509_NAME_ENTRY_dup; | ||
840 | + X509_NAME_ENTRY_free; | ||
841 | + X509_NAME_ENTRY_get_data; | ||
842 | + X509_NAME_ENTRY_get_object; | ||
843 | + X509_NAME_ENTRY_new; | ||
844 | + X509_NAME_ENTRY_set_data; | ||
845 | + X509_NAME_ENTRY_set_object; | ||
846 | + X509_NAME_add_entry; | ||
847 | + X509_NAME_cmp; | ||
848 | + X509_NAME_delete_entry; | ||
849 | + X509_NAME_digest; | ||
850 | + X509_NAME_dup; | ||
851 | + X509_NAME_entry_count; | ||
852 | + X509_NAME_free; | ||
853 | + X509_NAME_get_entry; | ||
854 | + X509_NAME_get_index_by_NID; | ||
855 | + X509_NAME_get_index_by_OBJ; | ||
856 | + X509_NAME_get_text_by_NID; | ||
857 | + X509_NAME_get_text_by_OBJ; | ||
858 | + X509_NAME_hash; | ||
859 | + X509_NAME_new; | ||
860 | + X509_NAME_oneline; | ||
861 | + X509_NAME_print; | ||
862 | + X509_NAME_set; | ||
863 | + X509_OBJECT_free_contents; | ||
864 | + X509_OBJECT_retrieve_by_subject; | ||
865 | + X509_OBJECT_up_ref_count; | ||
866 | + X509_PKEY_free; | ||
867 | + X509_PKEY_new; | ||
868 | + X509_PUBKEY_free; | ||
869 | + X509_PUBKEY_get; | ||
870 | + X509_PUBKEY_new; | ||
871 | + X509_PUBKEY_set; | ||
872 | + X509_REQ_INFO_free; | ||
873 | + X509_REQ_INFO_new; | ||
874 | + X509_REQ_dup; | ||
875 | + X509_REQ_free; | ||
876 | + X509_REQ_get_pubkey; | ||
877 | + X509_REQ_new; | ||
878 | + X509_REQ_print; | ||
879 | + X509_REQ_print_fp; | ||
880 | + X509_REQ_set_pubkey; | ||
881 | + X509_REQ_set_subject_name; | ||
882 | + X509_REQ_set_version; | ||
883 | + X509_REQ_sign; | ||
884 | + X509_REQ_to_X509; | ||
885 | + X509_REQ_verify; | ||
886 | + X509_REVOKED_add_ext; | ||
887 | + X509_REVOKED_delete_ext; | ||
888 | + X509_REVOKED_free; | ||
889 | + X509_REVOKED_get_ext; | ||
890 | + X509_REVOKED_get_ext_by_NID; | ||
891 | + X509_REVOKED_get_ext_by_OBJ; | ||
892 | + X509_REVOKED_get_ext_by_critical; | ||
893 | + X509_REVOKED_get_ext_by_critic; | ||
894 | + X509_REVOKED_get_ext_count; | ||
895 | + X509_REVOKED_new; | ||
896 | + X509_SIG_free; | ||
897 | + X509_SIG_new; | ||
898 | + X509_STORE_CTX_cleanup; | ||
899 | + X509_STORE_CTX_init; | ||
900 | + X509_STORE_add_cert; | ||
901 | + X509_STORE_add_lookup; | ||
902 | + X509_STORE_free; | ||
903 | + X509_STORE_get_by_subject; | ||
904 | + X509_STORE_load_locations; | ||
905 | + X509_STORE_new; | ||
906 | + X509_STORE_set_default_paths; | ||
907 | + X509_VAL_free; | ||
908 | + X509_VAL_new; | ||
909 | + X509_add_ext; | ||
910 | + X509_asn1_meth; | ||
911 | + X509_certificate_type; | ||
912 | + X509_check_private_key; | ||
913 | + X509_cmp_current_time; | ||
914 | + X509_delete_ext; | ||
915 | + X509_digest; | ||
916 | + X509_dup; | ||
917 | + X509_free; | ||
918 | + X509_get_default_cert_area; | ||
919 | + X509_get_default_cert_dir; | ||
920 | + X509_get_default_cert_dir_env; | ||
921 | + X509_get_default_cert_file; | ||
922 | + X509_get_default_cert_file_env; | ||
923 | + X509_get_default_private_dir; | ||
924 | + X509_get_ext; | ||
925 | + X509_get_ext_by_NID; | ||
926 | + X509_get_ext_by_OBJ; | ||
927 | + X509_get_ext_by_critical; | ||
928 | + X509_get_ext_count; | ||
929 | + X509_get_issuer_name; | ||
930 | + X509_get_pubkey; | ||
931 | + X509_get_pubkey_parameters; | ||
932 | + X509_get_serialNumber; | ||
933 | + X509_get_subject_name; | ||
934 | + X509_gmtime_adj; | ||
935 | + X509_issuer_and_serial_cmp; | ||
936 | + X509_issuer_and_serial_hash; | ||
937 | + X509_issuer_name_cmp; | ||
938 | + X509_issuer_name_hash; | ||
939 | + X509_load_cert_file; | ||
940 | + X509_new; | ||
941 | + X509_print; | ||
942 | + X509_print_fp; | ||
943 | + X509_set_issuer_name; | ||
944 | + X509_set_notAfter; | ||
945 | + X509_set_notBefore; | ||
946 | + X509_set_pubkey; | ||
947 | + X509_set_serialNumber; | ||
948 | + X509_set_subject_name; | ||
949 | + X509_set_version; | ||
950 | + X509_sign; | ||
951 | + X509_subject_name_cmp; | ||
952 | + X509_subject_name_hash; | ||
953 | + X509_to_X509_REQ; | ||
954 | + X509_verify; | ||
955 | + X509_verify_cert; | ||
956 | + X509_verify_cert_error_string; | ||
957 | + X509v3_add_ext; | ||
958 | + X509v3_add_extension; | ||
959 | + X509v3_add_netscape_extensions; | ||
960 | + X509v3_add_standard_extensions; | ||
961 | + X509v3_cleanup_extensions; | ||
962 | + X509v3_data_type_by_NID; | ||
963 | + X509v3_data_type_by_OBJ; | ||
964 | + X509v3_delete_ext; | ||
965 | + X509v3_get_ext; | ||
966 | + X509v3_get_ext_by_NID; | ||
967 | + X509v3_get_ext_by_OBJ; | ||
968 | + X509v3_get_ext_by_critical; | ||
969 | + X509v3_get_ext_count; | ||
970 | + X509v3_pack_string; | ||
971 | + X509v3_pack_type_by_NID; | ||
972 | + X509v3_pack_type_by_OBJ; | ||
973 | + X509v3_unpack_string; | ||
974 | + _des_crypt; | ||
975 | + a2d_ASN1_OBJECT; | ||
976 | + a2i_ASN1_INTEGER; | ||
977 | + a2i_ASN1_STRING; | ||
978 | + asn1_Finish; | ||
979 | + asn1_GetSequence; | ||
980 | + bn_div_words; | ||
981 | + bn_expand2; | ||
982 | + bn_mul_add_words; | ||
983 | + bn_mul_words; | ||
984 | + BN_uadd; | ||
985 | + BN_usub; | ||
986 | + bn_sqr_words; | ||
987 | + _ossl_old_crypt; | ||
988 | + d2i_ASN1_BIT_STRING; | ||
989 | + d2i_ASN1_BOOLEAN; | ||
990 | + d2i_ASN1_HEADER; | ||
991 | + d2i_ASN1_IA5STRING; | ||
992 | + d2i_ASN1_INTEGER; | ||
993 | + d2i_ASN1_OBJECT; | ||
994 | + d2i_ASN1_OCTET_STRING; | ||
995 | + d2i_ASN1_PRINTABLE; | ||
996 | + d2i_ASN1_PRINTABLESTRING; | ||
997 | + d2i_ASN1_SET; | ||
998 | + d2i_ASN1_T61STRING; | ||
999 | + d2i_ASN1_TYPE; | ||
1000 | + d2i_ASN1_UTCTIME; | ||
1001 | + d2i_ASN1_bytes; | ||
1002 | + d2i_ASN1_type_bytes; | ||
1003 | + d2i_DHparams; | ||
1004 | + d2i_DSAPrivateKey; | ||
1005 | + d2i_DSAPrivateKey_bio; | ||
1006 | + d2i_DSAPrivateKey_fp; | ||
1007 | + d2i_DSAPublicKey; | ||
1008 | + d2i_DSAparams; | ||
1009 | + d2i_NETSCAPE_SPKAC; | ||
1010 | + d2i_NETSCAPE_SPKI; | ||
1011 | + d2i_Netscape_RSA; | ||
1012 | + d2i_PKCS7; | ||
1013 | + d2i_PKCS7_DIGEST; | ||
1014 | + d2i_PKCS7_ENCRYPT; | ||
1015 | + d2i_PKCS7_ENC_CONTENT; | ||
1016 | + d2i_PKCS7_ENVELOPE; | ||
1017 | + d2i_PKCS7_ISSUER_AND_SERIAL; | ||
1018 | + d2i_PKCS7_RECIP_INFO; | ||
1019 | + d2i_PKCS7_SIGNED; | ||
1020 | + d2i_PKCS7_SIGNER_INFO; | ||
1021 | + d2i_PKCS7_SIGN_ENVELOPE; | ||
1022 | + d2i_PKCS7_bio; | ||
1023 | + d2i_PKCS7_fp; | ||
1024 | + d2i_PrivateKey; | ||
1025 | + d2i_PublicKey; | ||
1026 | + d2i_RSAPrivateKey; | ||
1027 | + d2i_RSAPrivateKey_bio; | ||
1028 | + d2i_RSAPrivateKey_fp; | ||
1029 | + d2i_RSAPublicKey; | ||
1030 | + d2i_X509; | ||
1031 | + d2i_X509_ALGOR; | ||
1032 | + d2i_X509_ATTRIBUTE; | ||
1033 | + d2i_X509_CINF; | ||
1034 | + d2i_X509_CRL; | ||
1035 | + d2i_X509_CRL_INFO; | ||
1036 | + d2i_X509_CRL_bio; | ||
1037 | + d2i_X509_CRL_fp; | ||
1038 | + d2i_X509_EXTENSION; | ||
1039 | + d2i_X509_NAME; | ||
1040 | + d2i_X509_NAME_ENTRY; | ||
1041 | + d2i_X509_PKEY; | ||
1042 | + d2i_X509_PUBKEY; | ||
1043 | + d2i_X509_REQ; | ||
1044 | + d2i_X509_REQ_INFO; | ||
1045 | + d2i_X509_REQ_bio; | ||
1046 | + d2i_X509_REQ_fp; | ||
1047 | + d2i_X509_REVOKED; | ||
1048 | + d2i_X509_SIG; | ||
1049 | + d2i_X509_VAL; | ||
1050 | + d2i_X509_bio; | ||
1051 | + d2i_X509_fp; | ||
1052 | + DES_cbc_cksum; | ||
1053 | + DES_cbc_encrypt; | ||
1054 | + DES_cblock_print_file; | ||
1055 | + DES_cfb64_encrypt; | ||
1056 | + DES_cfb_encrypt; | ||
1057 | + DES_decrypt3; | ||
1058 | + DES_ecb3_encrypt; | ||
1059 | + DES_ecb_encrypt; | ||
1060 | + DES_ede3_cbc_encrypt; | ||
1061 | + DES_ede3_cfb64_encrypt; | ||
1062 | + DES_ede3_ofb64_encrypt; | ||
1063 | + DES_enc_read; | ||
1064 | + DES_enc_write; | ||
1065 | + DES_encrypt1; | ||
1066 | + DES_encrypt2; | ||
1067 | + DES_encrypt3; | ||
1068 | + DES_fcrypt; | ||
1069 | + DES_is_weak_key; | ||
1070 | + DES_key_sched; | ||
1071 | + DES_ncbc_encrypt; | ||
1072 | + DES_ofb64_encrypt; | ||
1073 | + DES_ofb_encrypt; | ||
1074 | + DES_options; | ||
1075 | + DES_pcbc_encrypt; | ||
1076 | + DES_quad_cksum; | ||
1077 | + DES_random_key; | ||
1078 | + _ossl_old_des_random_seed; | ||
1079 | + _ossl_old_des_read_2passwords; | ||
1080 | + _ossl_old_des_read_password; | ||
1081 | + _ossl_old_des_read_pw; | ||
1082 | + _ossl_old_des_read_pw_string; | ||
1083 | + DES_set_key; | ||
1084 | + DES_set_odd_parity; | ||
1085 | + DES_string_to_2keys; | ||
1086 | + DES_string_to_key; | ||
1087 | + DES_xcbc_encrypt; | ||
1088 | + DES_xwhite_in2out; | ||
1089 | + fcrypt_body; | ||
1090 | + i2a_ASN1_INTEGER; | ||
1091 | + i2a_ASN1_OBJECT; | ||
1092 | + i2a_ASN1_STRING; | ||
1093 | + i2d_ASN1_BIT_STRING; | ||
1094 | + i2d_ASN1_BOOLEAN; | ||
1095 | + i2d_ASN1_HEADER; | ||
1096 | + i2d_ASN1_IA5STRING; | ||
1097 | + i2d_ASN1_INTEGER; | ||
1098 | + i2d_ASN1_OBJECT; | ||
1099 | + i2d_ASN1_OCTET_STRING; | ||
1100 | + i2d_ASN1_PRINTABLE; | ||
1101 | + i2d_ASN1_SET; | ||
1102 | + i2d_ASN1_TYPE; | ||
1103 | + i2d_ASN1_UTCTIME; | ||
1104 | + i2d_ASN1_bytes; | ||
1105 | + i2d_DHparams; | ||
1106 | + i2d_DSAPrivateKey; | ||
1107 | + i2d_DSAPrivateKey_bio; | ||
1108 | + i2d_DSAPrivateKey_fp; | ||
1109 | + i2d_DSAPublicKey; | ||
1110 | + i2d_DSAparams; | ||
1111 | + i2d_NETSCAPE_SPKAC; | ||
1112 | + i2d_NETSCAPE_SPKI; | ||
1113 | + i2d_Netscape_RSA; | ||
1114 | + i2d_PKCS7; | ||
1115 | + i2d_PKCS7_DIGEST; | ||
1116 | + i2d_PKCS7_ENCRYPT; | ||
1117 | + i2d_PKCS7_ENC_CONTENT; | ||
1118 | + i2d_PKCS7_ENVELOPE; | ||
1119 | + i2d_PKCS7_ISSUER_AND_SERIAL; | ||
1120 | + i2d_PKCS7_RECIP_INFO; | ||
1121 | + i2d_PKCS7_SIGNED; | ||
1122 | + i2d_PKCS7_SIGNER_INFO; | ||
1123 | + i2d_PKCS7_SIGN_ENVELOPE; | ||
1124 | + i2d_PKCS7_bio; | ||
1125 | + i2d_PKCS7_fp; | ||
1126 | + i2d_PrivateKey; | ||
1127 | + i2d_PublicKey; | ||
1128 | + i2d_RSAPrivateKey; | ||
1129 | + i2d_RSAPrivateKey_bio; | ||
1130 | + i2d_RSAPrivateKey_fp; | ||
1131 | + i2d_RSAPublicKey; | ||
1132 | + i2d_X509; | ||
1133 | + i2d_X509_ALGOR; | ||
1134 | + i2d_X509_ATTRIBUTE; | ||
1135 | + i2d_X509_CINF; | ||
1136 | + i2d_X509_CRL; | ||
1137 | + i2d_X509_CRL_INFO; | ||
1138 | + i2d_X509_CRL_bio; | ||
1139 | + i2d_X509_CRL_fp; | ||
1140 | + i2d_X509_EXTENSION; | ||
1141 | + i2d_X509_NAME; | ||
1142 | + i2d_X509_NAME_ENTRY; | ||
1143 | + i2d_X509_PKEY; | ||
1144 | + i2d_X509_PUBKEY; | ||
1145 | + i2d_X509_REQ; | ||
1146 | + i2d_X509_REQ_INFO; | ||
1147 | + i2d_X509_REQ_bio; | ||
1148 | + i2d_X509_REQ_fp; | ||
1149 | + i2d_X509_REVOKED; | ||
1150 | + i2d_X509_SIG; | ||
1151 | + i2d_X509_VAL; | ||
1152 | + i2d_X509_bio; | ||
1153 | + i2d_X509_fp; | ||
1154 | + idea_cbc_encrypt; | ||
1155 | + idea_cfb64_encrypt; | ||
1156 | + idea_ecb_encrypt; | ||
1157 | + idea_encrypt; | ||
1158 | + idea_ofb64_encrypt; | ||
1159 | + idea_options; | ||
1160 | + idea_set_decrypt_key; | ||
1161 | + idea_set_encrypt_key; | ||
1162 | + lh_delete; | ||
1163 | + lh_doall; | ||
1164 | + lh_doall_arg; | ||
1165 | + lh_free; | ||
1166 | + lh_insert; | ||
1167 | + lh_new; | ||
1168 | + lh_node_stats; | ||
1169 | + lh_node_stats_bio; | ||
1170 | + lh_node_usage_stats; | ||
1171 | + lh_node_usage_stats_bio; | ||
1172 | + lh_retrieve; | ||
1173 | + lh_stats; | ||
1174 | + lh_stats_bio; | ||
1175 | + lh_strhash; | ||
1176 | + sk_delete; | ||
1177 | + sk_delete_ptr; | ||
1178 | + sk_dup; | ||
1179 | + sk_find; | ||
1180 | + sk_free; | ||
1181 | + sk_insert; | ||
1182 | + sk_new; | ||
1183 | + sk_pop; | ||
1184 | + sk_pop_free; | ||
1185 | + sk_push; | ||
1186 | + sk_set_cmp_func; | ||
1187 | + sk_shift; | ||
1188 | + sk_unshift; | ||
1189 | + sk_zero; | ||
1190 | + BIO_f_nbio_test; | ||
1191 | + ASN1_TYPE_get; | ||
1192 | + ASN1_TYPE_set; | ||
1193 | + PKCS7_content_free; | ||
1194 | + ERR_load_PKCS7_strings; | ||
1195 | + X509_find_by_issuer_and_serial; | ||
1196 | + X509_find_by_subject; | ||
1197 | + PKCS7_ctrl; | ||
1198 | + PKCS7_set_type; | ||
1199 | + PKCS7_set_content; | ||
1200 | + PKCS7_SIGNER_INFO_set; | ||
1201 | + PKCS7_add_signer; | ||
1202 | + PKCS7_add_certificate; | ||
1203 | + PKCS7_add_crl; | ||
1204 | + PKCS7_content_new; | ||
1205 | + PKCS7_dataSign; | ||
1206 | + PKCS7_dataVerify; | ||
1207 | + PKCS7_dataInit; | ||
1208 | + PKCS7_add_signature; | ||
1209 | + PKCS7_cert_from_signer_info; | ||
1210 | + PKCS7_get_signer_info; | ||
1211 | + EVP_delete_alias; | ||
1212 | + EVP_mdc2; | ||
1213 | + PEM_read_bio_RSAPublicKey; | ||
1214 | + PEM_write_bio_RSAPublicKey; | ||
1215 | + d2i_RSAPublicKey_bio; | ||
1216 | + i2d_RSAPublicKey_bio; | ||
1217 | + PEM_read_RSAPublicKey; | ||
1218 | + PEM_write_RSAPublicKey; | ||
1219 | + d2i_RSAPublicKey_fp; | ||
1220 | + i2d_RSAPublicKey_fp; | ||
1221 | + BIO_copy_next_retry; | ||
1222 | + RSA_flags; | ||
1223 | + X509_STORE_add_crl; | ||
1224 | + X509_load_crl_file; | ||
1225 | + EVP_rc2_40_cbc; | ||
1226 | + EVP_rc4_40; | ||
1227 | + EVP_CIPHER_CTX_init; | ||
1228 | + HMAC; | ||
1229 | + HMAC_Init; | ||
1230 | + HMAC_Update; | ||
1231 | + HMAC_Final; | ||
1232 | + ERR_get_next_error_library; | ||
1233 | + EVP_PKEY_cmp_parameters; | ||
1234 | + HMAC_cleanup; | ||
1235 | + BIO_ptr_ctrl; | ||
1236 | + BIO_new_file_internal; | ||
1237 | + BIO_new_fp_internal; | ||
1238 | + BIO_s_file_internal; | ||
1239 | + BN_BLINDING_convert; | ||
1240 | + BN_BLINDING_invert; | ||
1241 | + BN_BLINDING_update; | ||
1242 | + RSA_blinding_on; | ||
1243 | + RSA_blinding_off; | ||
1244 | + i2t_ASN1_OBJECT; | ||
1245 | + BN_BLINDING_new; | ||
1246 | + BN_BLINDING_free; | ||
1247 | + EVP_cast5_cbc; | ||
1248 | + EVP_cast5_cfb64; | ||
1249 | + EVP_cast5_ecb; | ||
1250 | + EVP_cast5_ofb; | ||
1251 | + BF_decrypt; | ||
1252 | + CAST_set_key; | ||
1253 | + CAST_encrypt; | ||
1254 | + CAST_decrypt; | ||
1255 | + CAST_ecb_encrypt; | ||
1256 | + CAST_cbc_encrypt; | ||
1257 | + CAST_cfb64_encrypt; | ||
1258 | + CAST_ofb64_encrypt; | ||
1259 | + RC2_decrypt; | ||
1260 | + OBJ_create_objects; | ||
1261 | + BN_exp; | ||
1262 | + BN_mul_word; | ||
1263 | + BN_sub_word; | ||
1264 | + BN_dec2bn; | ||
1265 | + BN_bn2dec; | ||
1266 | + BIO_ghbn_ctrl; | ||
1267 | + CRYPTO_free_ex_data; | ||
1268 | + CRYPTO_get_ex_data; | ||
1269 | + CRYPTO_set_ex_data; | ||
1270 | + ERR_load_CRYPTO_strings; | ||
1271 | + ERR_load_CRYPTOlib_strings; | ||
1272 | + EVP_PKEY_bits; | ||
1273 | + MD5_Transform; | ||
1274 | + SHA1_Transform; | ||
1275 | + SHA_Transform; | ||
1276 | + X509_STORE_CTX_get_chain; | ||
1277 | + X509_STORE_CTX_get_current_cert; | ||
1278 | + X509_STORE_CTX_get_error; | ||
1279 | + X509_STORE_CTX_get_error_depth; | ||
1280 | + X509_STORE_CTX_get_ex_data; | ||
1281 | + X509_STORE_CTX_set_cert; | ||
1282 | + X509_STORE_CTX_set_chain; | ||
1283 | + X509_STORE_CTX_set_error; | ||
1284 | + X509_STORE_CTX_set_ex_data; | ||
1285 | + CRYPTO_dup_ex_data; | ||
1286 | + CRYPTO_get_new_lockid; | ||
1287 | + CRYPTO_new_ex_data; | ||
1288 | + RSA_set_ex_data; | ||
1289 | + RSA_get_ex_data; | ||
1290 | + RSA_get_ex_new_index; | ||
1291 | + RSA_padding_add_PKCS1_type_1; | ||
1292 | + RSA_padding_add_PKCS1_type_2; | ||
1293 | + RSA_padding_add_SSLv23; | ||
1294 | + RSA_padding_add_none; | ||
1295 | + RSA_padding_check_PKCS1_type_1; | ||
1296 | + RSA_padding_check_PKCS1_type_2; | ||
1297 | + RSA_padding_check_SSLv23; | ||
1298 | + RSA_padding_check_none; | ||
1299 | + bn_add_words; | ||
1300 | + d2i_Netscape_RSA_2; | ||
1301 | + CRYPTO_get_ex_new_index; | ||
1302 | + RIPEMD160_Init; | ||
1303 | + RIPEMD160_Update; | ||
1304 | + RIPEMD160_Final; | ||
1305 | + RIPEMD160; | ||
1306 | + RIPEMD160_Transform; | ||
1307 | + RC5_32_set_key; | ||
1308 | + RC5_32_ecb_encrypt; | ||
1309 | + RC5_32_encrypt; | ||
1310 | + RC5_32_decrypt; | ||
1311 | + RC5_32_cbc_encrypt; | ||
1312 | + RC5_32_cfb64_encrypt; | ||
1313 | + RC5_32_ofb64_encrypt; | ||
1314 | + BN_bn2mpi; | ||
1315 | + BN_mpi2bn; | ||
1316 | + ASN1_BIT_STRING_get_bit; | ||
1317 | + ASN1_BIT_STRING_set_bit; | ||
1318 | + BIO_get_ex_data; | ||
1319 | + BIO_get_ex_new_index; | ||
1320 | + BIO_set_ex_data; | ||
1321 | + X509v3_get_key_usage; | ||
1322 | + X509v3_set_key_usage; | ||
1323 | + a2i_X509v3_key_usage; | ||
1324 | + i2a_X509v3_key_usage; | ||
1325 | + EVP_PKEY_decrypt; | ||
1326 | + EVP_PKEY_encrypt; | ||
1327 | + PKCS7_RECIP_INFO_set; | ||
1328 | + PKCS7_add_recipient; | ||
1329 | + PKCS7_add_recipient_info; | ||
1330 | + PKCS7_set_cipher; | ||
1331 | + ASN1_TYPE_get_int_octetstring; | ||
1332 | + ASN1_TYPE_get_octetstring; | ||
1333 | + ASN1_TYPE_set_int_octetstring; | ||
1334 | + ASN1_TYPE_set_octetstring; | ||
1335 | + ASN1_UTCTIME_set_string; | ||
1336 | + ERR_add_error_data; | ||
1337 | + ERR_set_error_data; | ||
1338 | + EVP_CIPHER_asn1_to_param; | ||
1339 | + EVP_CIPHER_param_to_asn1; | ||
1340 | + EVP_CIPHER_get_asn1_iv; | ||
1341 | + EVP_CIPHER_set_asn1_iv; | ||
1342 | + EVP_rc5_32_12_16_cbc; | ||
1343 | + EVP_rc5_32_12_16_cfb64; | ||
1344 | + EVP_rc5_32_12_16_ecb; | ||
1345 | + EVP_rc5_32_12_16_ofb; | ||
1346 | + asn1_add_error; | ||
1347 | + d2i_ASN1_BMPSTRING; | ||
1348 | + i2d_ASN1_BMPSTRING; | ||
1349 | + BIO_f_ber; | ||
1350 | + BN_init; | ||
1351 | + COMP_CTX_new; | ||
1352 | + COMP_CTX_free; | ||
1353 | + COMP_CTX_compress_block; | ||
1354 | + COMP_CTX_expand_block; | ||
1355 | + X509_STORE_CTX_get_ex_new_index; | ||
1356 | + OBJ_NAME_add; | ||
1357 | + BIO_socket_nbio; | ||
1358 | + EVP_rc2_64_cbc; | ||
1359 | + OBJ_NAME_cleanup; | ||
1360 | + OBJ_NAME_get; | ||
1361 | + OBJ_NAME_init; | ||
1362 | + OBJ_NAME_new_index; | ||
1363 | + OBJ_NAME_remove; | ||
1364 | + BN_MONT_CTX_copy; | ||
1365 | + BIO_new_socks4a_connect; | ||
1366 | + BIO_s_socks4a_connect; | ||
1367 | + PROXY_set_connect_mode; | ||
1368 | + RAND_SSLeay; | ||
1369 | + RAND_set_rand_method; | ||
1370 | + RSA_memory_lock; | ||
1371 | + bn_sub_words; | ||
1372 | + bn_mul_normal; | ||
1373 | + bn_mul_comba8; | ||
1374 | + bn_mul_comba4; | ||
1375 | + bn_sqr_normal; | ||
1376 | + bn_sqr_comba8; | ||
1377 | + bn_sqr_comba4; | ||
1378 | + bn_cmp_words; | ||
1379 | + bn_mul_recursive; | ||
1380 | + bn_mul_part_recursive; | ||
1381 | + bn_sqr_recursive; | ||
1382 | + bn_mul_low_normal; | ||
1383 | + BN_RECP_CTX_init; | ||
1384 | + BN_RECP_CTX_new; | ||
1385 | + BN_RECP_CTX_free; | ||
1386 | + BN_RECP_CTX_set; | ||
1387 | + BN_mod_mul_reciprocal; | ||
1388 | + BN_mod_exp_recp; | ||
1389 | + BN_div_recp; | ||
1390 | + BN_CTX_init; | ||
1391 | + BN_MONT_CTX_init; | ||
1392 | + RAND_get_rand_method; | ||
1393 | + PKCS7_add_attribute; | ||
1394 | + PKCS7_add_signed_attribute; | ||
1395 | + PKCS7_digest_from_attributes; | ||
1396 | + PKCS7_get_attribute; | ||
1397 | + PKCS7_get_issuer_and_serial; | ||
1398 | + PKCS7_get_signed_attribute; | ||
1399 | + COMP_compress_block; | ||
1400 | + COMP_expand_block; | ||
1401 | + COMP_rle; | ||
1402 | + COMP_zlib; | ||
1403 | + ms_time_diff; | ||
1404 | + ms_time_new; | ||
1405 | + ms_time_free; | ||
1406 | + ms_time_cmp; | ||
1407 | + ms_time_get; | ||
1408 | + PKCS7_set_attributes; | ||
1409 | + PKCS7_set_signed_attributes; | ||
1410 | + X509_ATTRIBUTE_create; | ||
1411 | + X509_ATTRIBUTE_dup; | ||
1412 | + ASN1_GENERALIZEDTIME_check; | ||
1413 | + ASN1_GENERALIZEDTIME_print; | ||
1414 | + ASN1_GENERALIZEDTIME_set; | ||
1415 | + ASN1_GENERALIZEDTIME_set_string; | ||
1416 | + ASN1_TIME_print; | ||
1417 | + BASIC_CONSTRAINTS_free; | ||
1418 | + BASIC_CONSTRAINTS_new; | ||
1419 | + ERR_load_X509V3_strings; | ||
1420 | + NETSCAPE_CERT_SEQUENCE_free; | ||
1421 | + NETSCAPE_CERT_SEQUENCE_new; | ||
1422 | + OBJ_txt2obj; | ||
1423 | + PEM_read_NETSCAPE_CERT_SEQUENCE; | ||
1424 | + PEM_read_NS_CERT_SEQ; | ||
1425 | + PEM_read_bio_NETSCAPE_CERT_SEQUENCE; | ||
1426 | + PEM_read_bio_NS_CERT_SEQ; | ||
1427 | + PEM_write_NETSCAPE_CERT_SEQUENCE; | ||
1428 | + PEM_write_NS_CERT_SEQ; | ||
1429 | + PEM_write_bio_NETSCAPE_CERT_SEQUENCE; | ||
1430 | + PEM_write_bio_NS_CERT_SEQ; | ||
1431 | + X509V3_EXT_add; | ||
1432 | + X509V3_EXT_add_alias; | ||
1433 | + X509V3_EXT_add_conf; | ||
1434 | + X509V3_EXT_cleanup; | ||
1435 | + X509V3_EXT_conf; | ||
1436 | + X509V3_EXT_conf_nid; | ||
1437 | + X509V3_EXT_get; | ||
1438 | + X509V3_EXT_get_nid; | ||
1439 | + X509V3_EXT_print; | ||
1440 | + X509V3_EXT_print_fp; | ||
1441 | + X509V3_add_standard_extensions; | ||
1442 | + X509V3_add_value; | ||
1443 | + X509V3_add_value_bool; | ||
1444 | + X509V3_add_value_int; | ||
1445 | + X509V3_conf_free; | ||
1446 | + X509V3_get_value_bool; | ||
1447 | + X509V3_get_value_int; | ||
1448 | + X509V3_parse_list; | ||
1449 | + d2i_ASN1_GENERALIZEDTIME; | ||
1450 | + d2i_ASN1_TIME; | ||
1451 | + d2i_BASIC_CONSTRAINTS; | ||
1452 | + d2i_NETSCAPE_CERT_SEQUENCE; | ||
1453 | + d2i_ext_ku; | ||
1454 | + ext_ku_free; | ||
1455 | + ext_ku_new; | ||
1456 | + i2d_ASN1_GENERALIZEDTIME; | ||
1457 | + i2d_ASN1_TIME; | ||
1458 | + i2d_BASIC_CONSTRAINTS; | ||
1459 | + i2d_NETSCAPE_CERT_SEQUENCE; | ||
1460 | + i2d_ext_ku; | ||
1461 | + EVP_MD_CTX_copy; | ||
1462 | + i2d_ASN1_ENUMERATED; | ||
1463 | + d2i_ASN1_ENUMERATED; | ||
1464 | + ASN1_ENUMERATED_set; | ||
1465 | + ASN1_ENUMERATED_get; | ||
1466 | + BN_to_ASN1_ENUMERATED; | ||
1467 | + ASN1_ENUMERATED_to_BN; | ||
1468 | + i2a_ASN1_ENUMERATED; | ||
1469 | + a2i_ASN1_ENUMERATED; | ||
1470 | + i2d_GENERAL_NAME; | ||
1471 | + d2i_GENERAL_NAME; | ||
1472 | + GENERAL_NAME_new; | ||
1473 | + GENERAL_NAME_free; | ||
1474 | + GENERAL_NAMES_new; | ||
1475 | + GENERAL_NAMES_free; | ||
1476 | + d2i_GENERAL_NAMES; | ||
1477 | + i2d_GENERAL_NAMES; | ||
1478 | + i2v_GENERAL_NAMES; | ||
1479 | + i2s_ASN1_OCTET_STRING; | ||
1480 | + s2i_ASN1_OCTET_STRING; | ||
1481 | + X509V3_EXT_check_conf; | ||
1482 | + hex_to_string; | ||
1483 | + string_to_hex; | ||
1484 | + DES_ede3_cbcm_encrypt; | ||
1485 | + RSA_padding_add_PKCS1_OAEP; | ||
1486 | + RSA_padding_check_PKCS1_OAEP; | ||
1487 | + X509_CRL_print_fp; | ||
1488 | + X509_CRL_print; | ||
1489 | + i2v_GENERAL_NAME; | ||
1490 | + v2i_GENERAL_NAME; | ||
1491 | + i2d_PKEY_USAGE_PERIOD; | ||
1492 | + d2i_PKEY_USAGE_PERIOD; | ||
1493 | + PKEY_USAGE_PERIOD_new; | ||
1494 | + PKEY_USAGE_PERIOD_free; | ||
1495 | + v2i_GENERAL_NAMES; | ||
1496 | + i2s_ASN1_INTEGER; | ||
1497 | + X509V3_EXT_d2i; | ||
1498 | + name_cmp; | ||
1499 | + str_dup; | ||
1500 | + i2s_ASN1_ENUMERATED; | ||
1501 | + i2s_ASN1_ENUMERATED_TABLE; | ||
1502 | + BIO_s_log; | ||
1503 | + BIO_f_reliable; | ||
1504 | + PKCS7_dataFinal; | ||
1505 | + PKCS7_dataDecode; | ||
1506 | + X509V3_EXT_CRL_add_conf; | ||
1507 | + BN_set_params; | ||
1508 | + BN_get_params; | ||
1509 | + BIO_get_ex_num; | ||
1510 | + BIO_set_ex_free_func; | ||
1511 | + EVP_ripemd160; | ||
1512 | + ASN1_TIME_set; | ||
1513 | + i2d_AUTHORITY_KEYID; | ||
1514 | + d2i_AUTHORITY_KEYID; | ||
1515 | + AUTHORITY_KEYID_new; | ||
1516 | + AUTHORITY_KEYID_free; | ||
1517 | + ASN1_seq_unpack; | ||
1518 | + ASN1_seq_pack; | ||
1519 | + ASN1_unpack_string; | ||
1520 | + ASN1_pack_string; | ||
1521 | + PKCS12_pack_safebag; | ||
1522 | + PKCS12_MAKE_KEYBAG; | ||
1523 | + PKCS8_encrypt; | ||
1524 | + PKCS12_MAKE_SHKEYBAG; | ||
1525 | + PKCS12_pack_p7data; | ||
1526 | + PKCS12_pack_p7encdata; | ||
1527 | + PKCS12_add_localkeyid; | ||
1528 | + PKCS12_add_friendlyname_asc; | ||
1529 | + PKCS12_add_friendlyname_uni; | ||
1530 | + PKCS12_get_friendlyname; | ||
1531 | + PKCS12_pbe_crypt; | ||
1532 | + PKCS12_decrypt_d2i; | ||
1533 | + PKCS12_i2d_encrypt; | ||
1534 | + PKCS12_init; | ||
1535 | + PKCS12_key_gen_asc; | ||
1536 | + PKCS12_key_gen_uni; | ||
1537 | + PKCS12_gen_mac; | ||
1538 | + PKCS12_verify_mac; | ||
1539 | + PKCS12_set_mac; | ||
1540 | + PKCS12_setup_mac; | ||
1541 | + OPENSSL_asc2uni; | ||
1542 | + OPENSSL_uni2asc; | ||
1543 | + i2d_PKCS12_BAGS; | ||
1544 | + PKCS12_BAGS_new; | ||
1545 | + d2i_PKCS12_BAGS; | ||
1546 | + PKCS12_BAGS_free; | ||
1547 | + i2d_PKCS12; | ||
1548 | + d2i_PKCS12; | ||
1549 | + PKCS12_new; | ||
1550 | + PKCS12_free; | ||
1551 | + i2d_PKCS12_MAC_DATA; | ||
1552 | + PKCS12_MAC_DATA_new; | ||
1553 | + d2i_PKCS12_MAC_DATA; | ||
1554 | + PKCS12_MAC_DATA_free; | ||
1555 | + i2d_PKCS12_SAFEBAG; | ||
1556 | + PKCS12_SAFEBAG_new; | ||
1557 | + d2i_PKCS12_SAFEBAG; | ||
1558 | + PKCS12_SAFEBAG_free; | ||
1559 | + ERR_load_PKCS12_strings; | ||
1560 | + PKCS12_PBE_add; | ||
1561 | + PKCS8_add_keyusage; | ||
1562 | + PKCS12_get_attr_gen; | ||
1563 | + PKCS12_parse; | ||
1564 | + PKCS12_create; | ||
1565 | + i2d_PKCS12_bio; | ||
1566 | + i2d_PKCS12_fp; | ||
1567 | + d2i_PKCS12_bio; | ||
1568 | + d2i_PKCS12_fp; | ||
1569 | + i2d_PBEPARAM; | ||
1570 | + PBEPARAM_new; | ||
1571 | + d2i_PBEPARAM; | ||
1572 | + PBEPARAM_free; | ||
1573 | + i2d_PKCS8_PRIV_KEY_INFO; | ||
1574 | + PKCS8_PRIV_KEY_INFO_new; | ||
1575 | + d2i_PKCS8_PRIV_KEY_INFO; | ||
1576 | + PKCS8_PRIV_KEY_INFO_free; | ||
1577 | + EVP_PKCS82PKEY; | ||
1578 | + EVP_PKEY2PKCS8; | ||
1579 | + PKCS8_set_broken; | ||
1580 | + EVP_PBE_ALGOR_CipherInit; | ||
1581 | + EVP_PBE_alg_add; | ||
1582 | + PKCS5_pbe_set; | ||
1583 | + EVP_PBE_cleanup; | ||
1584 | + i2d_SXNET; | ||
1585 | + d2i_SXNET; | ||
1586 | + SXNET_new; | ||
1587 | + SXNET_free; | ||
1588 | + i2d_SXNETID; | ||
1589 | + d2i_SXNETID; | ||
1590 | + SXNETID_new; | ||
1591 | + SXNETID_free; | ||
1592 | + DSA_SIG_new; | ||
1593 | + DSA_SIG_free; | ||
1594 | + DSA_do_sign; | ||
1595 | + DSA_do_verify; | ||
1596 | + d2i_DSA_SIG; | ||
1597 | + i2d_DSA_SIG; | ||
1598 | + i2d_ASN1_VISIBLESTRING; | ||
1599 | + d2i_ASN1_VISIBLESTRING; | ||
1600 | + i2d_ASN1_UTF8STRING; | ||
1601 | + d2i_ASN1_UTF8STRING; | ||
1602 | + i2d_DIRECTORYSTRING; | ||
1603 | + d2i_DIRECTORYSTRING; | ||
1604 | + i2d_DISPLAYTEXT; | ||
1605 | + d2i_DISPLAYTEXT; | ||
1606 | + d2i_ASN1_SET_OF_X509; | ||
1607 | + i2d_ASN1_SET_OF_X509; | ||
1608 | + i2d_PBKDF2PARAM; | ||
1609 | + PBKDF2PARAM_new; | ||
1610 | + d2i_PBKDF2PARAM; | ||
1611 | + PBKDF2PARAM_free; | ||
1612 | + i2d_PBE2PARAM; | ||
1613 | + PBE2PARAM_new; | ||
1614 | + d2i_PBE2PARAM; | ||
1615 | + PBE2PARAM_free; | ||
1616 | + d2i_ASN1_SET_OF_GENERAL_NAME; | ||
1617 | + i2d_ASN1_SET_OF_GENERAL_NAME; | ||
1618 | + d2i_ASN1_SET_OF_SXNETID; | ||
1619 | + i2d_ASN1_SET_OF_SXNETID; | ||
1620 | + d2i_ASN1_SET_OF_POLICYQUALINFO; | ||
1621 | + i2d_ASN1_SET_OF_POLICYQUALINFO; | ||
1622 | + d2i_ASN1_SET_OF_POLICYINFO; | ||
1623 | + i2d_ASN1_SET_OF_POLICYINFO; | ||
1624 | + SXNET_add_id_asc; | ||
1625 | + SXNET_add_id_ulong; | ||
1626 | + SXNET_add_id_INTEGER; | ||
1627 | + SXNET_get_id_asc; | ||
1628 | + SXNET_get_id_ulong; | ||
1629 | + SXNET_get_id_INTEGER; | ||
1630 | + X509V3_set_conf_lhash; | ||
1631 | + i2d_CERTIFICATEPOLICIES; | ||
1632 | + CERTIFICATEPOLICIES_new; | ||
1633 | + CERTIFICATEPOLICIES_free; | ||
1634 | + d2i_CERTIFICATEPOLICIES; | ||
1635 | + i2d_POLICYINFO; | ||
1636 | + POLICYINFO_new; | ||
1637 | + d2i_POLICYINFO; | ||
1638 | + POLICYINFO_free; | ||
1639 | + i2d_POLICYQUALINFO; | ||
1640 | + POLICYQUALINFO_new; | ||
1641 | + d2i_POLICYQUALINFO; | ||
1642 | + POLICYQUALINFO_free; | ||
1643 | + i2d_USERNOTICE; | ||
1644 | + USERNOTICE_new; | ||
1645 | + d2i_USERNOTICE; | ||
1646 | + USERNOTICE_free; | ||
1647 | + i2d_NOTICEREF; | ||
1648 | + NOTICEREF_new; | ||
1649 | + d2i_NOTICEREF; | ||
1650 | + NOTICEREF_free; | ||
1651 | + X509V3_get_string; | ||
1652 | + X509V3_get_section; | ||
1653 | + X509V3_string_free; | ||
1654 | + X509V3_section_free; | ||
1655 | + X509V3_set_ctx; | ||
1656 | + s2i_ASN1_INTEGER; | ||
1657 | + CRYPTO_set_locked_mem_functions; | ||
1658 | + CRYPTO_get_locked_mem_functions; | ||
1659 | + CRYPTO_malloc_locked; | ||
1660 | + CRYPTO_free_locked; | ||
1661 | + BN_mod_exp2_mont; | ||
1662 | + ERR_get_error_line_data; | ||
1663 | + ERR_peek_error_line_data; | ||
1664 | + PKCS12_PBE_keyivgen; | ||
1665 | + X509_ALGOR_dup; | ||
1666 | + d2i_ASN1_SET_OF_DIST_POINT; | ||
1667 | + i2d_ASN1_SET_OF_DIST_POINT; | ||
1668 | + i2d_CRL_DIST_POINTS; | ||
1669 | + CRL_DIST_POINTS_new; | ||
1670 | + CRL_DIST_POINTS_free; | ||
1671 | + d2i_CRL_DIST_POINTS; | ||
1672 | + i2d_DIST_POINT; | ||
1673 | + DIST_POINT_new; | ||
1674 | + d2i_DIST_POINT; | ||
1675 | + DIST_POINT_free; | ||
1676 | + i2d_DIST_POINT_NAME; | ||
1677 | + DIST_POINT_NAME_new; | ||
1678 | + DIST_POINT_NAME_free; | ||
1679 | + d2i_DIST_POINT_NAME; | ||
1680 | + X509V3_add_value_uchar; | ||
1681 | + d2i_ASN1_SET_OF_X509_ATTRIBUTE; | ||
1682 | + i2d_ASN1_SET_OF_ASN1_TYPE; | ||
1683 | + d2i_ASN1_SET_OF_X509_EXTENSION; | ||
1684 | + d2i_ASN1_SET_OF_X509_NAME_ENTRY; | ||
1685 | + d2i_ASN1_SET_OF_ASN1_TYPE; | ||
1686 | + i2d_ASN1_SET_OF_X509_ATTRIBUTE; | ||
1687 | + i2d_ASN1_SET_OF_X509_EXTENSION; | ||
1688 | + i2d_ASN1_SET_OF_X509_NAME_ENTRY; | ||
1689 | + X509V3_EXT_i2d; | ||
1690 | + X509V3_EXT_val_prn; | ||
1691 | + X509V3_EXT_add_list; | ||
1692 | + EVP_CIPHER_type; | ||
1693 | + EVP_PBE_CipherInit; | ||
1694 | + X509V3_add_value_bool_nf; | ||
1695 | + d2i_ASN1_UINTEGER; | ||
1696 | + sk_value; | ||
1697 | + sk_num; | ||
1698 | + sk_set; | ||
1699 | + i2d_ASN1_SET_OF_X509_REVOKED; | ||
1700 | + sk_sort; | ||
1701 | + d2i_ASN1_SET_OF_X509_REVOKED; | ||
1702 | + i2d_ASN1_SET_OF_X509_ALGOR; | ||
1703 | + i2d_ASN1_SET_OF_X509_CRL; | ||
1704 | + d2i_ASN1_SET_OF_X509_ALGOR; | ||
1705 | + d2i_ASN1_SET_OF_X509_CRL; | ||
1706 | + i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; | ||
1707 | + i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; | ||
1708 | + d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; | ||
1709 | + d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; | ||
1710 | + PKCS5_PBE_add; | ||
1711 | + PEM_write_bio_PKCS8; | ||
1712 | + i2d_PKCS8_fp; | ||
1713 | + PEM_read_bio_PKCS8_PRIV_KEY_INFO; | ||
1714 | + PEM_read_bio_P8_PRIV_KEY_INFO; | ||
1715 | + d2i_PKCS8_bio; | ||
1716 | + d2i_PKCS8_PRIV_KEY_INFO_fp; | ||
1717 | + PEM_write_bio_PKCS8_PRIV_KEY_INFO; | ||
1718 | + PEM_write_bio_P8_PRIV_KEY_INFO; | ||
1719 | + PEM_read_PKCS8; | ||
1720 | + d2i_PKCS8_PRIV_KEY_INFO_bio; | ||
1721 | + d2i_PKCS8_fp; | ||
1722 | + PEM_write_PKCS8; | ||
1723 | + PEM_read_PKCS8_PRIV_KEY_INFO; | ||
1724 | + PEM_read_P8_PRIV_KEY_INFO; | ||
1725 | + PEM_read_bio_PKCS8; | ||
1726 | + PEM_write_PKCS8_PRIV_KEY_INFO; | ||
1727 | + PEM_write_P8_PRIV_KEY_INFO; | ||
1728 | + PKCS5_PBE_keyivgen; | ||
1729 | + i2d_PKCS8_bio; | ||
1730 | + i2d_PKCS8_PRIV_KEY_INFO_fp; | ||
1731 | + i2d_PKCS8_PRIV_KEY_INFO_bio; | ||
1732 | + BIO_s_bio; | ||
1733 | + PKCS5_pbe2_set; | ||
1734 | + PKCS5_PBKDF2_HMAC_SHA1; | ||
1735 | + PKCS5_v2_PBE_keyivgen; | ||
1736 | + PEM_write_bio_PKCS8PrivateKey; | ||
1737 | + PEM_write_PKCS8PrivateKey; | ||
1738 | + BIO_ctrl_get_read_request; | ||
1739 | + BIO_ctrl_pending; | ||
1740 | + BIO_ctrl_wpending; | ||
1741 | + BIO_new_bio_pair; | ||
1742 | + BIO_ctrl_get_write_guarantee; | ||
1743 | + CRYPTO_num_locks; | ||
1744 | + CONF_load_bio; | ||
1745 | + CONF_load_fp; | ||
1746 | + i2d_ASN1_SET_OF_ASN1_OBJECT; | ||
1747 | + d2i_ASN1_SET_OF_ASN1_OBJECT; | ||
1748 | + PKCS7_signatureVerify; | ||
1749 | + RSA_set_method; | ||
1750 | + RSA_get_method; | ||
1751 | + RSA_get_default_method; | ||
1752 | + RSA_check_key; | ||
1753 | + OBJ_obj2txt; | ||
1754 | + DSA_dup_DH; | ||
1755 | + X509_REQ_get_extensions; | ||
1756 | + X509_REQ_set_extension_nids; | ||
1757 | + BIO_nwrite; | ||
1758 | + X509_REQ_extension_nid; | ||
1759 | + BIO_nread; | ||
1760 | + X509_REQ_get_extension_nids; | ||
1761 | + BIO_nwrite0; | ||
1762 | + X509_REQ_add_extensions_nid; | ||
1763 | + BIO_nread0; | ||
1764 | + X509_REQ_add_extensions; | ||
1765 | + BIO_new_mem_buf; | ||
1766 | + DH_set_ex_data; | ||
1767 | + DH_set_method; | ||
1768 | + DSA_OpenSSL; | ||
1769 | + DH_get_ex_data; | ||
1770 | + DH_get_ex_new_index; | ||
1771 | + DSA_new_method; | ||
1772 | + DH_new_method; | ||
1773 | + DH_OpenSSL; | ||
1774 | + DSA_get_ex_new_index; | ||
1775 | + DH_get_default_method; | ||
1776 | + DSA_set_ex_data; | ||
1777 | + DH_set_default_method; | ||
1778 | + DSA_get_ex_data; | ||
1779 | + X509V3_EXT_REQ_add_conf; | ||
1780 | + NETSCAPE_SPKI_print; | ||
1781 | + NETSCAPE_SPKI_set_pubkey; | ||
1782 | + NETSCAPE_SPKI_b64_encode; | ||
1783 | + NETSCAPE_SPKI_get_pubkey; | ||
1784 | + NETSCAPE_SPKI_b64_decode; | ||
1785 | + UTF8_putc; | ||
1786 | + UTF8_getc; | ||
1787 | + RSA_null_method; | ||
1788 | + ASN1_tag2str; | ||
1789 | + BIO_ctrl_reset_read_request; | ||
1790 | + DISPLAYTEXT_new; | ||
1791 | + ASN1_GENERALIZEDTIME_free; | ||
1792 | + X509_REVOKED_get_ext_d2i; | ||
1793 | + X509_set_ex_data; | ||
1794 | + X509_reject_set_bit_asc; | ||
1795 | + X509_NAME_add_entry_by_txt; | ||
1796 | + X509_NAME_add_entry_by_NID; | ||
1797 | + X509_PURPOSE_get0; | ||
1798 | + PEM_read_X509_AUX; | ||
1799 | + d2i_AUTHORITY_INFO_ACCESS; | ||
1800 | + PEM_write_PUBKEY; | ||
1801 | + ACCESS_DESCRIPTION_new; | ||
1802 | + X509_CERT_AUX_free; | ||
1803 | + d2i_ACCESS_DESCRIPTION; | ||
1804 | + X509_trust_clear; | ||
1805 | + X509_TRUST_add; | ||
1806 | + ASN1_VISIBLESTRING_new; | ||
1807 | + X509_alias_set1; | ||
1808 | + ASN1_PRINTABLESTRING_free; | ||
1809 | + EVP_PKEY_get1_DSA; | ||
1810 | + ASN1_BMPSTRING_new; | ||
1811 | + ASN1_mbstring_copy; | ||
1812 | + ASN1_UTF8STRING_new; | ||
1813 | + DSA_get_default_method; | ||
1814 | + i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; | ||
1815 | + ASN1_T61STRING_free; | ||
1816 | + DSA_set_method; | ||
1817 | + X509_get_ex_data; | ||
1818 | + ASN1_STRING_type; | ||
1819 | + X509_PURPOSE_get_by_sname; | ||
1820 | + ASN1_TIME_free; | ||
1821 | + ASN1_OCTET_STRING_cmp; | ||
1822 | + ASN1_BIT_STRING_new; | ||
1823 | + X509_get_ext_d2i; | ||
1824 | + PEM_read_bio_X509_AUX; | ||
1825 | + ASN1_STRING_set_default_mask_asc; | ||
1826 | + ASN1_STRING_set_def_mask_asc; | ||
1827 | + PEM_write_bio_RSA_PUBKEY; | ||
1828 | + ASN1_INTEGER_cmp; | ||
1829 | + d2i_RSA_PUBKEY_fp; | ||
1830 | + X509_trust_set_bit_asc; | ||
1831 | + PEM_write_bio_DSA_PUBKEY; | ||
1832 | + X509_STORE_CTX_free; | ||
1833 | + EVP_PKEY_set1_DSA; | ||
1834 | + i2d_DSA_PUBKEY_fp; | ||
1835 | + X509_load_cert_crl_file; | ||
1836 | + ASN1_TIME_new; | ||
1837 | + i2d_RSA_PUBKEY; | ||
1838 | + X509_STORE_CTX_purpose_inherit; | ||
1839 | + PEM_read_RSA_PUBKEY; | ||
1840 | + d2i_X509_AUX; | ||
1841 | + i2d_DSA_PUBKEY; | ||
1842 | + X509_CERT_AUX_print; | ||
1843 | + PEM_read_DSA_PUBKEY; | ||
1844 | + i2d_RSA_PUBKEY_bio; | ||
1845 | + ASN1_BIT_STRING_num_asc; | ||
1846 | + i2d_PUBKEY; | ||
1847 | + ASN1_UTCTIME_free; | ||
1848 | + DSA_set_default_method; | ||
1849 | + X509_PURPOSE_get_by_id; | ||
1850 | + ACCESS_DESCRIPTION_free; | ||
1851 | + PEM_read_bio_PUBKEY; | ||
1852 | + ASN1_STRING_set_by_NID; | ||
1853 | + X509_PURPOSE_get_id; | ||
1854 | + DISPLAYTEXT_free; | ||
1855 | + OTHERNAME_new; | ||
1856 | + X509_CERT_AUX_new; | ||
1857 | + X509_TRUST_cleanup; | ||
1858 | + X509_NAME_add_entry_by_OBJ; | ||
1859 | + X509_CRL_get_ext_d2i; | ||
1860 | + X509_PURPOSE_get0_name; | ||
1861 | + PEM_read_PUBKEY; | ||
1862 | + i2d_DSA_PUBKEY_bio; | ||
1863 | + i2d_OTHERNAME; | ||
1864 | + ASN1_OCTET_STRING_free; | ||
1865 | + ASN1_BIT_STRING_set_asc; | ||
1866 | + X509_get_ex_new_index; | ||
1867 | + ASN1_STRING_TABLE_cleanup; | ||
1868 | + X509_TRUST_get_by_id; | ||
1869 | + X509_PURPOSE_get_trust; | ||
1870 | + ASN1_STRING_length; | ||
1871 | + d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; | ||
1872 | + ASN1_PRINTABLESTRING_new; | ||
1873 | + X509V3_get_d2i; | ||
1874 | + ASN1_ENUMERATED_free; | ||
1875 | + i2d_X509_CERT_AUX; | ||
1876 | + X509_STORE_CTX_set_trust; | ||
1877 | + ASN1_STRING_set_default_mask; | ||
1878 | + X509_STORE_CTX_new; | ||
1879 | + EVP_PKEY_get1_RSA; | ||
1880 | + DIRECTORYSTRING_free; | ||
1881 | + PEM_write_X509_AUX; | ||
1882 | + ASN1_OCTET_STRING_set; | ||
1883 | + d2i_DSA_PUBKEY_fp; | ||
1884 | + d2i_RSA_PUBKEY; | ||
1885 | + X509_TRUST_get0_name; | ||
1886 | + X509_TRUST_get0; | ||
1887 | + AUTHORITY_INFO_ACCESS_free; | ||
1888 | + ASN1_IA5STRING_new; | ||
1889 | + d2i_DSA_PUBKEY; | ||
1890 | + X509_check_purpose; | ||
1891 | + ASN1_ENUMERATED_new; | ||
1892 | + d2i_RSA_PUBKEY_bio; | ||
1893 | + d2i_PUBKEY; | ||
1894 | + X509_TRUST_get_trust; | ||
1895 | + X509_TRUST_get_flags; | ||
1896 | + ASN1_BMPSTRING_free; | ||
1897 | + ASN1_T61STRING_new; | ||
1898 | + ASN1_UTCTIME_new; | ||
1899 | + i2d_AUTHORITY_INFO_ACCESS; | ||
1900 | + EVP_PKEY_set1_RSA; | ||
1901 | + X509_STORE_CTX_set_purpose; | ||
1902 | + ASN1_IA5STRING_free; | ||
1903 | + PEM_write_bio_X509_AUX; | ||
1904 | + X509_PURPOSE_get_count; | ||
1905 | + CRYPTO_add_info; | ||
1906 | + X509_NAME_ENTRY_create_by_txt; | ||
1907 | + ASN1_STRING_get_default_mask; | ||
1908 | + X509_alias_get0; | ||
1909 | + ASN1_STRING_data; | ||
1910 | + i2d_ACCESS_DESCRIPTION; | ||
1911 | + X509_trust_set_bit; | ||
1912 | + ASN1_BIT_STRING_free; | ||
1913 | + PEM_read_bio_RSA_PUBKEY; | ||
1914 | + X509_add1_reject_object; | ||
1915 | + X509_check_trust; | ||
1916 | + PEM_read_bio_DSA_PUBKEY; | ||
1917 | + X509_PURPOSE_add; | ||
1918 | + ASN1_STRING_TABLE_get; | ||
1919 | + ASN1_UTF8STRING_free; | ||
1920 | + d2i_DSA_PUBKEY_bio; | ||
1921 | + PEM_write_RSA_PUBKEY; | ||
1922 | + d2i_OTHERNAME; | ||
1923 | + X509_reject_set_bit; | ||
1924 | + PEM_write_DSA_PUBKEY; | ||
1925 | + X509_PURPOSE_get0_sname; | ||
1926 | + EVP_PKEY_set1_DH; | ||
1927 | + ASN1_OCTET_STRING_dup; | ||
1928 | + ASN1_BIT_STRING_set; | ||
1929 | + X509_TRUST_get_count; | ||
1930 | + ASN1_INTEGER_free; | ||
1931 | + OTHERNAME_free; | ||
1932 | + i2d_RSA_PUBKEY_fp; | ||
1933 | + ASN1_INTEGER_dup; | ||
1934 | + d2i_X509_CERT_AUX; | ||
1935 | + PEM_write_bio_PUBKEY; | ||
1936 | + ASN1_VISIBLESTRING_free; | ||
1937 | + X509_PURPOSE_cleanup; | ||
1938 | + ASN1_mbstring_ncopy; | ||
1939 | + ASN1_GENERALIZEDTIME_new; | ||
1940 | + EVP_PKEY_get1_DH; | ||
1941 | + ASN1_OCTET_STRING_new; | ||
1942 | + ASN1_INTEGER_new; | ||
1943 | + i2d_X509_AUX; | ||
1944 | + ASN1_BIT_STRING_name_print; | ||
1945 | + X509_cmp; | ||
1946 | + ASN1_STRING_length_set; | ||
1947 | + DIRECTORYSTRING_new; | ||
1948 | + X509_add1_trust_object; | ||
1949 | + PKCS12_newpass; | ||
1950 | + SMIME_write_PKCS7; | ||
1951 | + SMIME_read_PKCS7; | ||
1952 | + DES_set_key_checked; | ||
1953 | + PKCS7_verify; | ||
1954 | + PKCS7_encrypt; | ||
1955 | + DES_set_key_unchecked; | ||
1956 | + SMIME_crlf_copy; | ||
1957 | + i2d_ASN1_PRINTABLESTRING; | ||
1958 | + PKCS7_get0_signers; | ||
1959 | + PKCS7_decrypt; | ||
1960 | + SMIME_text; | ||
1961 | + PKCS7_simple_smimecap; | ||
1962 | + PKCS7_get_smimecap; | ||
1963 | + PKCS7_sign; | ||
1964 | + PKCS7_add_attrib_smimecap; | ||
1965 | + CRYPTO_dbg_set_options; | ||
1966 | + CRYPTO_remove_all_info; | ||
1967 | + CRYPTO_get_mem_debug_functions; | ||
1968 | + CRYPTO_is_mem_check_on; | ||
1969 | + CRYPTO_set_mem_debug_functions; | ||
1970 | + CRYPTO_pop_info; | ||
1971 | + CRYPTO_push_info_; | ||
1972 | + CRYPTO_set_mem_debug_options; | ||
1973 | + PEM_write_PKCS8PrivateKey_nid; | ||
1974 | + PEM_write_bio_PKCS8PrivateKey_nid; | ||
1975 | + PEM_write_bio_PKCS8PrivKey_nid; | ||
1976 | + d2i_PKCS8PrivateKey_bio; | ||
1977 | + ASN1_NULL_free; | ||
1978 | + d2i_ASN1_NULL; | ||
1979 | + ASN1_NULL_new; | ||
1980 | + i2d_PKCS8PrivateKey_bio; | ||
1981 | + i2d_PKCS8PrivateKey_fp; | ||
1982 | + i2d_ASN1_NULL; | ||
1983 | + i2d_PKCS8PrivateKey_nid_fp; | ||
1984 | + d2i_PKCS8PrivateKey_fp; | ||
1985 | + i2d_PKCS8PrivateKey_nid_bio; | ||
1986 | + i2d_PKCS8PrivateKeyInfo_fp; | ||
1987 | + i2d_PKCS8PrivateKeyInfo_bio; | ||
1988 | + PEM_cb; | ||
1989 | + i2d_PrivateKey_fp; | ||
1990 | + d2i_PrivateKey_bio; | ||
1991 | + d2i_PrivateKey_fp; | ||
1992 | + i2d_PrivateKey_bio; | ||
1993 | + X509_reject_clear; | ||
1994 | + X509_TRUST_set_default; | ||
1995 | + d2i_AutoPrivateKey; | ||
1996 | + X509_ATTRIBUTE_get0_type; | ||
1997 | + X509_ATTRIBUTE_set1_data; | ||
1998 | + X509at_get_attr; | ||
1999 | + X509at_get_attr_count; | ||
2000 | + X509_ATTRIBUTE_create_by_NID; | ||
2001 | + X509_ATTRIBUTE_set1_object; | ||
2002 | + X509_ATTRIBUTE_count; | ||
2003 | + X509_ATTRIBUTE_create_by_OBJ; | ||
2004 | + X509_ATTRIBUTE_get0_object; | ||
2005 | + X509at_get_attr_by_NID; | ||
2006 | + X509at_add1_attr; | ||
2007 | + X509_ATTRIBUTE_get0_data; | ||
2008 | + X509at_delete_attr; | ||
2009 | + X509at_get_attr_by_OBJ; | ||
2010 | + RAND_add; | ||
2011 | + BIO_number_written; | ||
2012 | + BIO_number_read; | ||
2013 | + X509_STORE_CTX_get1_chain; | ||
2014 | + ERR_load_RAND_strings; | ||
2015 | + RAND_pseudo_bytes; | ||
2016 | + X509_REQ_get_attr_by_NID; | ||
2017 | + X509_REQ_get_attr; | ||
2018 | + X509_REQ_add1_attr_by_NID; | ||
2019 | + X509_REQ_get_attr_by_OBJ; | ||
2020 | + X509at_add1_attr_by_NID; | ||
2021 | + X509_REQ_add1_attr_by_OBJ; | ||
2022 | + X509_REQ_get_attr_count; | ||
2023 | + X509_REQ_add1_attr; | ||
2024 | + X509_REQ_delete_attr; | ||
2025 | + X509at_add1_attr_by_OBJ; | ||
2026 | + X509_REQ_add1_attr_by_txt; | ||
2027 | + X509_ATTRIBUTE_create_by_txt; | ||
2028 | + X509at_add1_attr_by_txt; | ||
2029 | + BN_pseudo_rand; | ||
2030 | + BN_is_prime_fasttest; | ||
2031 | + BN_CTX_end; | ||
2032 | + BN_CTX_start; | ||
2033 | + BN_CTX_get; | ||
2034 | + EVP_PKEY2PKCS8_broken; | ||
2035 | + ASN1_STRING_TABLE_add; | ||
2036 | + CRYPTO_dbg_get_options; | ||
2037 | + AUTHORITY_INFO_ACCESS_new; | ||
2038 | + CRYPTO_get_mem_debug_options; | ||
2039 | + DES_crypt; | ||
2040 | + PEM_write_bio_X509_REQ_NEW; | ||
2041 | + PEM_write_X509_REQ_NEW; | ||
2042 | + BIO_callback_ctrl; | ||
2043 | + RAND_egd; | ||
2044 | + RAND_status; | ||
2045 | + bn_dump1; | ||
2046 | + DES_check_key_parity; | ||
2047 | + lh_num_items; | ||
2048 | + RAND_event; | ||
2049 | + DSO_new; | ||
2050 | + DSO_new_method; | ||
2051 | + DSO_free; | ||
2052 | + DSO_flags; | ||
2053 | + DSO_up; | ||
2054 | + DSO_set_default_method; | ||
2055 | + DSO_get_default_method; | ||
2056 | + DSO_get_method; | ||
2057 | + DSO_set_method; | ||
2058 | + DSO_load; | ||
2059 | + DSO_bind_var; | ||
2060 | + DSO_METHOD_null; | ||
2061 | + DSO_METHOD_openssl; | ||
2062 | + DSO_METHOD_dlfcn; | ||
2063 | + DSO_METHOD_win32; | ||
2064 | + ERR_load_DSO_strings; | ||
2065 | + DSO_METHOD_dl; | ||
2066 | + NCONF_load; | ||
2067 | + NCONF_load_fp; | ||
2068 | + NCONF_new; | ||
2069 | + NCONF_get_string; | ||
2070 | + NCONF_free; | ||
2071 | + NCONF_get_number; | ||
2072 | + CONF_dump_fp; | ||
2073 | + NCONF_load_bio; | ||
2074 | + NCONF_dump_fp; | ||
2075 | + NCONF_get_section; | ||
2076 | + NCONF_dump_bio; | ||
2077 | + CONF_dump_bio; | ||
2078 | + NCONF_free_data; | ||
2079 | + CONF_set_default_method; | ||
2080 | + ERR_error_string_n; | ||
2081 | + BIO_snprintf; | ||
2082 | + DSO_ctrl; | ||
2083 | + i2d_ASN1_SET_OF_ASN1_INTEGER; | ||
2084 | + i2d_ASN1_SET_OF_PKCS12_SAFEBAG; | ||
2085 | + i2d_ASN1_SET_OF_PKCS7; | ||
2086 | + BIO_vfree; | ||
2087 | + d2i_ASN1_SET_OF_ASN1_INTEGER; | ||
2088 | + d2i_ASN1_SET_OF_PKCS12_SAFEBAG; | ||
2089 | + ASN1_UTCTIME_get; | ||
2090 | + X509_REQ_digest; | ||
2091 | + X509_CRL_digest; | ||
2092 | + d2i_ASN1_SET_OF_PKCS7; | ||
2093 | + EVP_CIPHER_CTX_set_key_length; | ||
2094 | + EVP_CIPHER_CTX_ctrl; | ||
2095 | + BN_mod_exp_mont_word; | ||
2096 | + RAND_egd_bytes; | ||
2097 | + X509_REQ_get1_email; | ||
2098 | + X509_get1_email; | ||
2099 | + X509_email_free; | ||
2100 | + i2d_RSA_NET; | ||
2101 | + d2i_RSA_NET_2; | ||
2102 | + d2i_RSA_NET; | ||
2103 | + DSO_bind_func; | ||
2104 | + CRYPTO_get_new_dynlockid; | ||
2105 | + sk_new_null; | ||
2106 | + CRYPTO_set_dynlock_destroy_callback; | ||
2107 | + CRYPTO_set_dynlock_destroy_cb; | ||
2108 | + CRYPTO_destroy_dynlockid; | ||
2109 | + CRYPTO_set_dynlock_size; | ||
2110 | + CRYPTO_set_dynlock_create_callback; | ||
2111 | + CRYPTO_set_dynlock_create_cb; | ||
2112 | + CRYPTO_set_dynlock_lock_callback; | ||
2113 | + CRYPTO_set_dynlock_lock_cb; | ||
2114 | + CRYPTO_get_dynlock_lock_callback; | ||
2115 | + CRYPTO_get_dynlock_lock_cb; | ||
2116 | + CRYPTO_get_dynlock_destroy_callback; | ||
2117 | + CRYPTO_get_dynlock_destroy_cb; | ||
2118 | + CRYPTO_get_dynlock_value; | ||
2119 | + CRYPTO_get_dynlock_create_callback; | ||
2120 | + CRYPTO_get_dynlock_create_cb; | ||
2121 | + c2i_ASN1_BIT_STRING; | ||
2122 | + i2c_ASN1_BIT_STRING; | ||
2123 | + RAND_poll; | ||
2124 | + c2i_ASN1_INTEGER; | ||
2125 | + i2c_ASN1_INTEGER; | ||
2126 | + BIO_dump_indent; | ||
2127 | + ASN1_parse_dump; | ||
2128 | + c2i_ASN1_OBJECT; | ||
2129 | + X509_NAME_print_ex_fp; | ||
2130 | + ASN1_STRING_print_ex_fp; | ||
2131 | + X509_NAME_print_ex; | ||
2132 | + ASN1_STRING_print_ex; | ||
2133 | + MD4; | ||
2134 | + MD4_Transform; | ||
2135 | + MD4_Final; | ||
2136 | + MD4_Update; | ||
2137 | + MD4_Init; | ||
2138 | + EVP_md4; | ||
2139 | + i2d_PUBKEY_bio; | ||
2140 | + i2d_PUBKEY_fp; | ||
2141 | + d2i_PUBKEY_bio; | ||
2142 | + ASN1_STRING_to_UTF8; | ||
2143 | + BIO_vprintf; | ||
2144 | + BIO_vsnprintf; | ||
2145 | + d2i_PUBKEY_fp; | ||
2146 | + X509_cmp_time; | ||
2147 | + X509_STORE_CTX_set_time; | ||
2148 | + X509_STORE_CTX_get1_issuer; | ||
2149 | + X509_OBJECT_retrieve_match; | ||
2150 | + X509_OBJECT_idx_by_subject; | ||
2151 | + X509_STORE_CTX_set_flags; | ||
2152 | + X509_STORE_CTX_trusted_stack; | ||
2153 | + X509_time_adj; | ||
2154 | + X509_check_issued; | ||
2155 | + ASN1_UTCTIME_cmp_time_t; | ||
2156 | + DES_set_weak_key_flag; | ||
2157 | + DES_check_key; | ||
2158 | + DES_rw_mode; | ||
2159 | + RSA_PKCS1_RSAref; | ||
2160 | + X509_keyid_set1; | ||
2161 | + BIO_next; | ||
2162 | + DSO_METHOD_vms; | ||
2163 | + BIO_f_linebuffer; | ||
2164 | + BN_bntest_rand; | ||
2165 | + OPENSSL_issetugid; | ||
2166 | + BN_rand_range; | ||
2167 | + ERR_load_ENGINE_strings; | ||
2168 | + ENGINE_set_DSA; | ||
2169 | + ENGINE_get_finish_function; | ||
2170 | + ENGINE_get_default_RSA; | ||
2171 | + ENGINE_get_BN_mod_exp; | ||
2172 | + DSA_get_default_openssl_method; | ||
2173 | + ENGINE_set_DH; | ||
2174 | + ENGINE_set_def_BN_mod_exp_crt; | ||
2175 | + ENGINE_set_default_BN_mod_exp_crt; | ||
2176 | + ENGINE_init; | ||
2177 | + DH_get_default_openssl_method; | ||
2178 | + RSA_set_default_openssl_method; | ||
2179 | + ENGINE_finish; | ||
2180 | + ENGINE_load_public_key; | ||
2181 | + ENGINE_get_DH; | ||
2182 | + ENGINE_ctrl; | ||
2183 | + ENGINE_get_init_function; | ||
2184 | + ENGINE_set_init_function; | ||
2185 | + ENGINE_set_default_DSA; | ||
2186 | + ENGINE_get_name; | ||
2187 | + ENGINE_get_last; | ||
2188 | + ENGINE_get_prev; | ||
2189 | + ENGINE_get_default_DH; | ||
2190 | + ENGINE_get_RSA; | ||
2191 | + ENGINE_set_default; | ||
2192 | + ENGINE_get_RAND; | ||
2193 | + ENGINE_get_first; | ||
2194 | + ENGINE_by_id; | ||
2195 | + ENGINE_set_finish_function; | ||
2196 | + ENGINE_get_def_BN_mod_exp_crt; | ||
2197 | + ENGINE_get_default_BN_mod_exp_crt; | ||
2198 | + RSA_get_default_openssl_method; | ||
2199 | + ENGINE_set_RSA; | ||
2200 | + ENGINE_load_private_key; | ||
2201 | + ENGINE_set_default_RAND; | ||
2202 | + ENGINE_set_BN_mod_exp; | ||
2203 | + ENGINE_remove; | ||
2204 | + ENGINE_free; | ||
2205 | + ENGINE_get_BN_mod_exp_crt; | ||
2206 | + ENGINE_get_next; | ||
2207 | + ENGINE_set_name; | ||
2208 | + ENGINE_get_default_DSA; | ||
2209 | + ENGINE_set_default_BN_mod_exp; | ||
2210 | + ENGINE_set_default_RSA; | ||
2211 | + ENGINE_get_default_RAND; | ||
2212 | + ENGINE_get_default_BN_mod_exp; | ||
2213 | + ENGINE_set_RAND; | ||
2214 | + ENGINE_set_id; | ||
2215 | + ENGINE_set_BN_mod_exp_crt; | ||
2216 | + ENGINE_set_default_DH; | ||
2217 | + ENGINE_new; | ||
2218 | + ENGINE_get_id; | ||
2219 | + DSA_set_default_openssl_method; | ||
2220 | + ENGINE_add; | ||
2221 | + DH_set_default_openssl_method; | ||
2222 | + ENGINE_get_DSA; | ||
2223 | + ENGINE_get_ctrl_function; | ||
2224 | + ENGINE_set_ctrl_function; | ||
2225 | + BN_pseudo_rand_range; | ||
2226 | + X509_STORE_CTX_set_verify_cb; | ||
2227 | + ERR_load_COMP_strings; | ||
2228 | + PKCS12_item_decrypt_d2i; | ||
2229 | + ASN1_UTF8STRING_it; | ||
2230 | + ENGINE_unregister_ciphers; | ||
2231 | + ENGINE_get_ciphers; | ||
2232 | + d2i_OCSP_BASICRESP; | ||
2233 | + KRB5_CHECKSUM_it; | ||
2234 | + EC_POINT_add; | ||
2235 | + ASN1_item_ex_i2d; | ||
2236 | + OCSP_CERTID_it; | ||
2237 | + d2i_OCSP_RESPBYTES; | ||
2238 | + X509V3_add1_i2d; | ||
2239 | + PKCS7_ENVELOPE_it; | ||
2240 | + UI_add_input_boolean; | ||
2241 | + ENGINE_unregister_RSA; | ||
2242 | + X509V3_EXT_nconf; | ||
2243 | + ASN1_GENERALSTRING_free; | ||
2244 | + d2i_OCSP_CERTSTATUS; | ||
2245 | + X509_REVOKED_set_serialNumber; | ||
2246 | + X509_print_ex; | ||
2247 | + OCSP_ONEREQ_get1_ext_d2i; | ||
2248 | + ENGINE_register_all_RAND; | ||
2249 | + ENGINE_load_dynamic; | ||
2250 | + PBKDF2PARAM_it; | ||
2251 | + EXTENDED_KEY_USAGE_new; | ||
2252 | + EC_GROUP_clear_free; | ||
2253 | + OCSP_sendreq_bio; | ||
2254 | + ASN1_item_digest; | ||
2255 | + OCSP_BASICRESP_delete_ext; | ||
2256 | + OCSP_SIGNATURE_it; | ||
2257 | + X509_CRL_it; | ||
2258 | + OCSP_BASICRESP_add_ext; | ||
2259 | + KRB5_ENCKEY_it; | ||
2260 | + UI_method_set_closer; | ||
2261 | + X509_STORE_set_purpose; | ||
2262 | + i2d_ASN1_GENERALSTRING; | ||
2263 | + OCSP_response_status; | ||
2264 | + i2d_OCSP_SERVICELOC; | ||
2265 | + ENGINE_get_digest_engine; | ||
2266 | + EC_GROUP_set_curve_GFp; | ||
2267 | + OCSP_REQUEST_get_ext_by_OBJ; | ||
2268 | + _ossl_old_des_random_key; | ||
2269 | + ASN1_T61STRING_it; | ||
2270 | + EC_GROUP_method_of; | ||
2271 | + i2d_KRB5_APREQ; | ||
2272 | + _ossl_old_des_encrypt; | ||
2273 | + ASN1_PRINTABLE_new; | ||
2274 | + HMAC_Init_ex; | ||
2275 | + d2i_KRB5_AUTHENT; | ||
2276 | + OCSP_archive_cutoff_new; | ||
2277 | + EC_POINT_set_Jprojective_coordinates_GFp; | ||
2278 | + EC_POINT_set_Jproj_coords_GFp; | ||
2279 | + _ossl_old_des_is_weak_key; | ||
2280 | + OCSP_BASICRESP_get_ext_by_OBJ; | ||
2281 | + EC_POINT_oct2point; | ||
2282 | + OCSP_SINGLERESP_get_ext_count; | ||
2283 | + UI_ctrl; | ||
2284 | + _shadow_DES_rw_mode; | ||
2285 | + asn1_do_adb; | ||
2286 | + ASN1_template_i2d; | ||
2287 | + ENGINE_register_DH; | ||
2288 | + UI_construct_prompt; | ||
2289 | + X509_STORE_set_trust; | ||
2290 | + UI_dup_input_string; | ||
2291 | + d2i_KRB5_APREQ; | ||
2292 | + EVP_MD_CTX_copy_ex; | ||
2293 | + OCSP_request_is_signed; | ||
2294 | + i2d_OCSP_REQINFO; | ||
2295 | + KRB5_ENCKEY_free; | ||
2296 | + OCSP_resp_get0; | ||
2297 | + GENERAL_NAME_it; | ||
2298 | + ASN1_GENERALIZEDTIME_it; | ||
2299 | + X509_STORE_set_flags; | ||
2300 | + EC_POINT_set_compressed_coordinates_GFp; | ||
2301 | + EC_POINT_set_compr_coords_GFp; | ||
2302 | + OCSP_response_status_str; | ||
2303 | + d2i_OCSP_REVOKEDINFO; | ||
2304 | + OCSP_basic_add1_cert; | ||
2305 | + ERR_get_implementation; | ||
2306 | + EVP_CipherFinal_ex; | ||
2307 | + OCSP_CERTSTATUS_new; | ||
2308 | + CRYPTO_cleanup_all_ex_data; | ||
2309 | + OCSP_resp_find; | ||
2310 | + BN_nnmod; | ||
2311 | + X509_CRL_sort; | ||
2312 | + X509_REVOKED_set_revocationDate; | ||
2313 | + ENGINE_register_RAND; | ||
2314 | + OCSP_SERVICELOC_new; | ||
2315 | + EC_POINT_set_affine_coordinates_GFp; | ||
2316 | + EC_POINT_set_affine_coords_GFp; | ||
2317 | + _ossl_old_des_options; | ||
2318 | + SXNET_it; | ||
2319 | + UI_dup_input_boolean; | ||
2320 | + PKCS12_add_CSPName_asc; | ||
2321 | + EC_POINT_is_at_infinity; | ||
2322 | + ENGINE_load_cryptodev; | ||
2323 | + DSO_convert_filename; | ||
2324 | + POLICYQUALINFO_it; | ||
2325 | + ENGINE_register_ciphers; | ||
2326 | + BN_mod_lshift_quick; | ||
2327 | + DSO_set_filename; | ||
2328 | + ASN1_item_free; | ||
2329 | + KRB5_TKTBODY_free; | ||
2330 | + AUTHORITY_KEYID_it; | ||
2331 | + KRB5_APREQBODY_new; | ||
2332 | + X509V3_EXT_REQ_add_nconf; | ||
2333 | + ENGINE_ctrl_cmd_string; | ||
2334 | + i2d_OCSP_RESPDATA; | ||
2335 | + EVP_MD_CTX_init; | ||
2336 | + EXTENDED_KEY_USAGE_free; | ||
2337 | + PKCS7_ATTR_SIGN_it; | ||
2338 | + UI_add_error_string; | ||
2339 | + KRB5_CHECKSUM_free; | ||
2340 | + OCSP_REQUEST_get_ext; | ||
2341 | + ENGINE_load_ubsec; | ||
2342 | + ENGINE_register_all_digests; | ||
2343 | + PKEY_USAGE_PERIOD_it; | ||
2344 | + PKCS12_unpack_authsafes; | ||
2345 | + ASN1_item_unpack; | ||
2346 | + NETSCAPE_SPKAC_it; | ||
2347 | + X509_REVOKED_it; | ||
2348 | + ASN1_STRING_encode; | ||
2349 | + EVP_aes_128_ecb; | ||
2350 | + KRB5_AUTHENT_free; | ||
2351 | + OCSP_BASICRESP_get_ext_by_critical; | ||
2352 | + OCSP_BASICRESP_get_ext_by_crit; | ||
2353 | + OCSP_cert_status_str; | ||
2354 | + d2i_OCSP_REQUEST; | ||
2355 | + UI_dup_info_string; | ||
2356 | + _ossl_old_des_xwhite_in2out; | ||
2357 | + PKCS12_it; | ||
2358 | + OCSP_SINGLERESP_get_ext_by_critical; | ||
2359 | + OCSP_SINGLERESP_get_ext_by_crit; | ||
2360 | + OCSP_CERTSTATUS_free; | ||
2361 | + _ossl_old_des_crypt; | ||
2362 | + ASN1_item_i2d; | ||
2363 | + EVP_DecryptFinal_ex; | ||
2364 | + ENGINE_load_openssl; | ||
2365 | + ENGINE_get_cmd_defns; | ||
2366 | + ENGINE_set_load_privkey_function; | ||
2367 | + ENGINE_set_load_privkey_fn; | ||
2368 | + EVP_EncryptFinal_ex; | ||
2369 | + ENGINE_set_default_digests; | ||
2370 | + X509_get0_pubkey_bitstr; | ||
2371 | + asn1_ex_i2c; | ||
2372 | + ENGINE_register_RSA; | ||
2373 | + ENGINE_unregister_DSA; | ||
2374 | + _ossl_old_des_key_sched; | ||
2375 | + X509_EXTENSION_it; | ||
2376 | + i2d_KRB5_AUTHENT; | ||
2377 | + SXNETID_it; | ||
2378 | + d2i_OCSP_SINGLERESP; | ||
2379 | + EDIPARTYNAME_new; | ||
2380 | + PKCS12_certbag2x509; | ||
2381 | + _ossl_old_des_ofb64_encrypt; | ||
2382 | + d2i_EXTENDED_KEY_USAGE; | ||
2383 | + ERR_print_errors_cb; | ||
2384 | + ENGINE_set_ciphers; | ||
2385 | + d2i_KRB5_APREQBODY; | ||
2386 | + UI_method_get_flusher; | ||
2387 | + X509_PUBKEY_it; | ||
2388 | + _ossl_old_des_enc_read; | ||
2389 | + PKCS7_ENCRYPT_it; | ||
2390 | + i2d_OCSP_RESPONSE; | ||
2391 | + EC_GROUP_get_cofactor; | ||
2392 | + PKCS12_unpack_p7data; | ||
2393 | + d2i_KRB5_AUTHDATA; | ||
2394 | + OCSP_copy_nonce; | ||
2395 | + KRB5_AUTHDATA_new; | ||
2396 | + OCSP_RESPDATA_new; | ||
2397 | + EC_GFp_mont_method; | ||
2398 | + OCSP_REVOKEDINFO_free; | ||
2399 | + UI_get_ex_data; | ||
2400 | + KRB5_APREQBODY_free; | ||
2401 | + EC_GROUP_get0_generator; | ||
2402 | + UI_get_default_method; | ||
2403 | + X509V3_set_nconf; | ||
2404 | + PKCS12_item_i2d_encrypt; | ||
2405 | + X509_add1_ext_i2d; | ||
2406 | + PKCS7_SIGNER_INFO_it; | ||
2407 | + KRB5_PRINCNAME_new; | ||
2408 | + PKCS12_SAFEBAG_it; | ||
2409 | + EC_GROUP_get_order; | ||
2410 | + d2i_OCSP_RESPID; | ||
2411 | + OCSP_request_verify; | ||
2412 | + NCONF_get_number_e; | ||
2413 | + _ossl_old_des_decrypt3; | ||
2414 | + X509_signature_print; | ||
2415 | + OCSP_SINGLERESP_free; | ||
2416 | + ENGINE_load_builtin_engines; | ||
2417 | + i2d_OCSP_ONEREQ; | ||
2418 | + OCSP_REQUEST_add_ext; | ||
2419 | + OCSP_RESPBYTES_new; | ||
2420 | + EVP_MD_CTX_create; | ||
2421 | + OCSP_resp_find_status; | ||
2422 | + X509_ALGOR_it; | ||
2423 | + ASN1_TIME_it; | ||
2424 | + OCSP_request_set1_name; | ||
2425 | + OCSP_ONEREQ_get_ext_count; | ||
2426 | + UI_get0_result; | ||
2427 | + PKCS12_AUTHSAFES_it; | ||
2428 | + EVP_aes_256_ecb; | ||
2429 | + PKCS12_pack_authsafes; | ||
2430 | + ASN1_IA5STRING_it; | ||
2431 | + UI_get_input_flags; | ||
2432 | + EC_GROUP_set_generator; | ||
2433 | + _ossl_old_des_string_to_2keys; | ||
2434 | + OCSP_CERTID_free; | ||
2435 | + X509_CERT_AUX_it; | ||
2436 | + CERTIFICATEPOLICIES_it; | ||
2437 | + _ossl_old_des_ede3_cbc_encrypt; | ||
2438 | + RAND_set_rand_engine; | ||
2439 | + DSO_get_loaded_filename; | ||
2440 | + X509_ATTRIBUTE_it; | ||
2441 | + OCSP_ONEREQ_get_ext_by_NID; | ||
2442 | + PKCS12_decrypt_skey; | ||
2443 | + KRB5_AUTHENT_it; | ||
2444 | + UI_dup_error_string; | ||
2445 | + RSAPublicKey_it; | ||
2446 | + i2d_OCSP_REQUEST; | ||
2447 | + PKCS12_x509crl2certbag; | ||
2448 | + OCSP_SERVICELOC_it; | ||
2449 | + ASN1_item_sign; | ||
2450 | + X509_CRL_set_issuer_name; | ||
2451 | + OBJ_NAME_do_all_sorted; | ||
2452 | + i2d_OCSP_BASICRESP; | ||
2453 | + i2d_OCSP_RESPBYTES; | ||
2454 | + PKCS12_unpack_p7encdata; | ||
2455 | + HMAC_CTX_init; | ||
2456 | + ENGINE_get_digest; | ||
2457 | + OCSP_RESPONSE_print; | ||
2458 | + KRB5_TKTBODY_it; | ||
2459 | + ACCESS_DESCRIPTION_it; | ||
2460 | + PKCS7_ISSUER_AND_SERIAL_it; | ||
2461 | + PBE2PARAM_it; | ||
2462 | + PKCS12_certbag2x509crl; | ||
2463 | + PKCS7_SIGNED_it; | ||
2464 | + ENGINE_get_cipher; | ||
2465 | + i2d_OCSP_CRLID; | ||
2466 | + OCSP_SINGLERESP_new; | ||
2467 | + ENGINE_cmd_is_executable; | ||
2468 | + RSA_up_ref; | ||
2469 | + ASN1_GENERALSTRING_it; | ||
2470 | + ENGINE_register_DSA; | ||
2471 | + X509V3_EXT_add_nconf_sk; | ||
2472 | + ENGINE_set_load_pubkey_function; | ||
2473 | + PKCS8_decrypt; | ||
2474 | + PEM_bytes_read_bio; | ||
2475 | + DIRECTORYSTRING_it; | ||
2476 | + d2i_OCSP_CRLID; | ||
2477 | + EC_POINT_is_on_curve; | ||
2478 | + CRYPTO_set_locked_mem_ex_functions; | ||
2479 | + CRYPTO_set_locked_mem_ex_funcs; | ||
2480 | + d2i_KRB5_CHECKSUM; | ||
2481 | + ASN1_item_dup; | ||
2482 | + X509_it; | ||
2483 | + BN_mod_add; | ||
2484 | + KRB5_AUTHDATA_free; | ||
2485 | + _ossl_old_des_cbc_cksum; | ||
2486 | + ASN1_item_verify; | ||
2487 | + CRYPTO_set_mem_ex_functions; | ||
2488 | + EC_POINT_get_Jprojective_coordinates_GFp; | ||
2489 | + EC_POINT_get_Jproj_coords_GFp; | ||
2490 | + ZLONG_it; | ||
2491 | + CRYPTO_get_locked_mem_ex_functions; | ||
2492 | + CRYPTO_get_locked_mem_ex_funcs; | ||
2493 | + ASN1_TIME_check; | ||
2494 | + UI_get0_user_data; | ||
2495 | + HMAC_CTX_cleanup; | ||
2496 | + DSA_up_ref; | ||
2497 | + _ossl_old_des_ede3_cfb64_encrypt; | ||
2498 | + _ossl_odes_ede3_cfb64_encrypt; | ||
2499 | + ASN1_BMPSTRING_it; | ||
2500 | + ASN1_tag2bit; | ||
2501 | + UI_method_set_flusher; | ||
2502 | + X509_ocspid_print; | ||
2503 | + KRB5_ENCDATA_it; | ||
2504 | + ENGINE_get_load_pubkey_function; | ||
2505 | + UI_add_user_data; | ||
2506 | + OCSP_REQUEST_delete_ext; | ||
2507 | + UI_get_method; | ||
2508 | + OCSP_ONEREQ_free; | ||
2509 | + ASN1_PRINTABLESTRING_it; | ||
2510 | + X509_CRL_set_nextUpdate; | ||
2511 | + OCSP_REQUEST_it; | ||
2512 | + OCSP_BASICRESP_it; | ||
2513 | + AES_ecb_encrypt; | ||
2514 | + BN_mod_sqr; | ||
2515 | + NETSCAPE_CERT_SEQUENCE_it; | ||
2516 | + GENERAL_NAMES_it; | ||
2517 | + AUTHORITY_INFO_ACCESS_it; | ||
2518 | + ASN1_FBOOLEAN_it; | ||
2519 | + UI_set_ex_data; | ||
2520 | + _ossl_old_des_string_to_key; | ||
2521 | + ENGINE_register_all_RSA; | ||
2522 | + d2i_KRB5_PRINCNAME; | ||
2523 | + OCSP_RESPBYTES_it; | ||
2524 | + X509_CINF_it; | ||
2525 | + ENGINE_unregister_digests; | ||
2526 | + d2i_EDIPARTYNAME; | ||
2527 | + d2i_OCSP_SERVICELOC; | ||
2528 | + ENGINE_get_digests; | ||
2529 | + _ossl_old_des_set_odd_parity; | ||
2530 | + OCSP_RESPDATA_free; | ||
2531 | + d2i_KRB5_TICKET; | ||
2532 | + OTHERNAME_it; | ||
2533 | + EVP_MD_CTX_cleanup; | ||
2534 | + d2i_ASN1_GENERALSTRING; | ||
2535 | + X509_CRL_set_version; | ||
2536 | + BN_mod_sub; | ||
2537 | + OCSP_SINGLERESP_get_ext_by_NID; | ||
2538 | + ENGINE_get_ex_new_index; | ||
2539 | + OCSP_REQUEST_free; | ||
2540 | + OCSP_REQUEST_add1_ext_i2d; | ||
2541 | + X509_VAL_it; | ||
2542 | + EC_POINTs_make_affine; | ||
2543 | + EC_POINT_mul; | ||
2544 | + X509V3_EXT_add_nconf; | ||
2545 | + X509_TRUST_set; | ||
2546 | + X509_CRL_add1_ext_i2d; | ||
2547 | + _ossl_old_des_fcrypt; | ||
2548 | + DISPLAYTEXT_it; | ||
2549 | + X509_CRL_set_lastUpdate; | ||
2550 | + OCSP_BASICRESP_free; | ||
2551 | + OCSP_BASICRESP_add1_ext_i2d; | ||
2552 | + d2i_KRB5_AUTHENTBODY; | ||
2553 | + CRYPTO_set_ex_data_implementation; | ||
2554 | + CRYPTO_set_ex_data_impl; | ||
2555 | + KRB5_ENCDATA_new; | ||
2556 | + DSO_up_ref; | ||
2557 | + OCSP_crl_reason_str; | ||
2558 | + UI_get0_result_string; | ||
2559 | + ASN1_GENERALSTRING_new; | ||
2560 | + X509_SIG_it; | ||
2561 | + ERR_set_implementation; | ||
2562 | + ERR_load_EC_strings; | ||
2563 | + UI_get0_action_string; | ||
2564 | + OCSP_ONEREQ_get_ext; | ||
2565 | + EC_POINT_method_of; | ||
2566 | + i2d_KRB5_APREQBODY; | ||
2567 | + _ossl_old_des_ecb3_encrypt; | ||
2568 | + CRYPTO_get_mem_ex_functions; | ||
2569 | + ENGINE_get_ex_data; | ||
2570 | + UI_destroy_method; | ||
2571 | + ASN1_item_i2d_bio; | ||
2572 | + OCSP_ONEREQ_get_ext_by_OBJ; | ||
2573 | + ASN1_primitive_new; | ||
2574 | + ASN1_PRINTABLE_it; | ||
2575 | + EVP_aes_192_ecb; | ||
2576 | + OCSP_SIGNATURE_new; | ||
2577 | + LONG_it; | ||
2578 | + ASN1_VISIBLESTRING_it; | ||
2579 | + OCSP_SINGLERESP_add1_ext_i2d; | ||
2580 | + d2i_OCSP_CERTID; | ||
2581 | + ASN1_item_d2i_fp; | ||
2582 | + CRL_DIST_POINTS_it; | ||
2583 | + GENERAL_NAME_print; | ||
2584 | + OCSP_SINGLERESP_delete_ext; | ||
2585 | + PKCS12_SAFEBAGS_it; | ||
2586 | + d2i_OCSP_SIGNATURE; | ||
2587 | + OCSP_request_add1_nonce; | ||
2588 | + ENGINE_set_cmd_defns; | ||
2589 | + OCSP_SERVICELOC_free; | ||
2590 | + EC_GROUP_free; | ||
2591 | + ASN1_BIT_STRING_it; | ||
2592 | + X509_REQ_it; | ||
2593 | + _ossl_old_des_cbc_encrypt; | ||
2594 | + ERR_unload_strings; | ||
2595 | + PKCS7_SIGN_ENVELOPE_it; | ||
2596 | + EDIPARTYNAME_free; | ||
2597 | + OCSP_REQINFO_free; | ||
2598 | + EC_GROUP_new_curve_GFp; | ||
2599 | + OCSP_REQUEST_get1_ext_d2i; | ||
2600 | + PKCS12_item_pack_safebag; | ||
2601 | + asn1_ex_c2i; | ||
2602 | + ENGINE_register_digests; | ||
2603 | + i2d_OCSP_REVOKEDINFO; | ||
2604 | + asn1_enc_restore; | ||
2605 | + UI_free; | ||
2606 | + UI_new_method; | ||
2607 | + EVP_EncryptInit_ex; | ||
2608 | + X509_pubkey_digest; | ||
2609 | + EC_POINT_invert; | ||
2610 | + OCSP_basic_sign; | ||
2611 | + i2d_OCSP_RESPID; | ||
2612 | + OCSP_check_nonce; | ||
2613 | + ENGINE_ctrl_cmd; | ||
2614 | + d2i_KRB5_ENCKEY; | ||
2615 | + OCSP_parse_url; | ||
2616 | + OCSP_SINGLERESP_get_ext; | ||
2617 | + OCSP_CRLID_free; | ||
2618 | + OCSP_BASICRESP_get1_ext_d2i; | ||
2619 | + RSAPrivateKey_it; | ||
2620 | + ENGINE_register_all_DH; | ||
2621 | + i2d_EDIPARTYNAME; | ||
2622 | + EC_POINT_get_affine_coordinates_GFp; | ||
2623 | + EC_POINT_get_affine_coords_GFp; | ||
2624 | + OCSP_CRLID_new; | ||
2625 | + ENGINE_get_flags; | ||
2626 | + OCSP_ONEREQ_it; | ||
2627 | + UI_process; | ||
2628 | + ASN1_INTEGER_it; | ||
2629 | + EVP_CipherInit_ex; | ||
2630 | + UI_get_string_type; | ||
2631 | + ENGINE_unregister_DH; | ||
2632 | + ENGINE_register_all_DSA; | ||
2633 | + OCSP_ONEREQ_get_ext_by_critical; | ||
2634 | + bn_dup_expand; | ||
2635 | + OCSP_cert_id_new; | ||
2636 | + BASIC_CONSTRAINTS_it; | ||
2637 | + BN_mod_add_quick; | ||
2638 | + EC_POINT_new; | ||
2639 | + EVP_MD_CTX_destroy; | ||
2640 | + OCSP_RESPBYTES_free; | ||
2641 | + EVP_aes_128_cbc; | ||
2642 | + OCSP_SINGLERESP_get1_ext_d2i; | ||
2643 | + EC_POINT_free; | ||
2644 | + DH_up_ref; | ||
2645 | + X509_NAME_ENTRY_it; | ||
2646 | + UI_get_ex_new_index; | ||
2647 | + BN_mod_sub_quick; | ||
2648 | + OCSP_ONEREQ_add_ext; | ||
2649 | + OCSP_request_sign; | ||
2650 | + EVP_DigestFinal_ex; | ||
2651 | + ENGINE_set_digests; | ||
2652 | + OCSP_id_issuer_cmp; | ||
2653 | + OBJ_NAME_do_all; | ||
2654 | + EC_POINTs_mul; | ||
2655 | + ENGINE_register_complete; | ||
2656 | + X509V3_EXT_nconf_nid; | ||
2657 | + ASN1_SEQUENCE_it; | ||
2658 | + UI_set_default_method; | ||
2659 | + RAND_query_egd_bytes; | ||
2660 | + UI_method_get_writer; | ||
2661 | + UI_OpenSSL; | ||
2662 | + PEM_def_callback; | ||
2663 | + ENGINE_cleanup; | ||
2664 | + DIST_POINT_it; | ||
2665 | + OCSP_SINGLERESP_it; | ||
2666 | + d2i_KRB5_TKTBODY; | ||
2667 | + EC_POINT_cmp; | ||
2668 | + OCSP_REVOKEDINFO_new; | ||
2669 | + i2d_OCSP_CERTSTATUS; | ||
2670 | + OCSP_basic_add1_nonce; | ||
2671 | + ASN1_item_ex_d2i; | ||
2672 | + BN_mod_lshift1_quick; | ||
2673 | + UI_set_method; | ||
2674 | + OCSP_id_get0_info; | ||
2675 | + BN_mod_sqrt; | ||
2676 | + EC_GROUP_copy; | ||
2677 | + KRB5_ENCDATA_free; | ||
2678 | + _ossl_old_des_cfb_encrypt; | ||
2679 | + OCSP_SINGLERESP_get_ext_by_OBJ; | ||
2680 | + OCSP_cert_to_id; | ||
2681 | + OCSP_RESPID_new; | ||
2682 | + OCSP_RESPDATA_it; | ||
2683 | + d2i_OCSP_RESPDATA; | ||
2684 | + ENGINE_register_all_complete; | ||
2685 | + OCSP_check_validity; | ||
2686 | + PKCS12_BAGS_it; | ||
2687 | + OCSP_url_svcloc_new; | ||
2688 | + ASN1_template_free; | ||
2689 | + OCSP_SINGLERESP_add_ext; | ||
2690 | + KRB5_AUTHENTBODY_it; | ||
2691 | + X509_supported_extension; | ||
2692 | + i2d_KRB5_AUTHDATA; | ||
2693 | + UI_method_get_opener; | ||
2694 | + ENGINE_set_ex_data; | ||
2695 | + OCSP_REQUEST_print; | ||
2696 | + CBIGNUM_it; | ||
2697 | + KRB5_TICKET_new; | ||
2698 | + KRB5_APREQ_new; | ||
2699 | + EC_GROUP_get_curve_GFp; | ||
2700 | + KRB5_ENCKEY_new; | ||
2701 | + ASN1_template_d2i; | ||
2702 | + _ossl_old_des_quad_cksum; | ||
2703 | + OCSP_single_get0_status; | ||
2704 | + BN_swap; | ||
2705 | + POLICYINFO_it; | ||
2706 | + ENGINE_set_destroy_function; | ||
2707 | + asn1_enc_free; | ||
2708 | + OCSP_RESPID_it; | ||
2709 | + EC_GROUP_new; | ||
2710 | + EVP_aes_256_cbc; | ||
2711 | + i2d_KRB5_PRINCNAME; | ||
2712 | + _ossl_old_des_encrypt2; | ||
2713 | + _ossl_old_des_encrypt3; | ||
2714 | + PKCS8_PRIV_KEY_INFO_it; | ||
2715 | + OCSP_REQINFO_it; | ||
2716 | + PBEPARAM_it; | ||
2717 | + KRB5_AUTHENTBODY_new; | ||
2718 | + X509_CRL_add0_revoked; | ||
2719 | + EDIPARTYNAME_it; | ||
2720 | + NETSCAPE_SPKI_it; | ||
2721 | + UI_get0_test_string; | ||
2722 | + ENGINE_get_cipher_engine; | ||
2723 | + ENGINE_register_all_ciphers; | ||
2724 | + EC_POINT_copy; | ||
2725 | + BN_kronecker; | ||
2726 | + _ossl_old_des_ede3_ofb64_encrypt; | ||
2727 | + _ossl_odes_ede3_ofb64_encrypt; | ||
2728 | + UI_method_get_reader; | ||
2729 | + OCSP_BASICRESP_get_ext_count; | ||
2730 | + ASN1_ENUMERATED_it; | ||
2731 | + UI_set_result; | ||
2732 | + i2d_KRB5_TICKET; | ||
2733 | + X509_print_ex_fp; | ||
2734 | + EVP_CIPHER_CTX_set_padding; | ||
2735 | + d2i_OCSP_RESPONSE; | ||
2736 | + ASN1_UTCTIME_it; | ||
2737 | + _ossl_old_des_enc_write; | ||
2738 | + OCSP_RESPONSE_new; | ||
2739 | + AES_set_encrypt_key; | ||
2740 | + OCSP_resp_count; | ||
2741 | + KRB5_CHECKSUM_new; | ||
2742 | + ENGINE_load_cswift; | ||
2743 | + OCSP_onereq_get0_id; | ||
2744 | + ENGINE_set_default_ciphers; | ||
2745 | + NOTICEREF_it; | ||
2746 | + X509V3_EXT_CRL_add_nconf; | ||
2747 | + OCSP_REVOKEDINFO_it; | ||
2748 | + AES_encrypt; | ||
2749 | + OCSP_REQUEST_new; | ||
2750 | + ASN1_ANY_it; | ||
2751 | + CRYPTO_ex_data_new_class; | ||
2752 | + _ossl_old_des_ncbc_encrypt; | ||
2753 | + i2d_KRB5_TKTBODY; | ||
2754 | + EC_POINT_clear_free; | ||
2755 | + AES_decrypt; | ||
2756 | + asn1_enc_init; | ||
2757 | + UI_get_result_maxsize; | ||
2758 | + OCSP_CERTID_new; | ||
2759 | + ENGINE_unregister_RAND; | ||
2760 | + UI_method_get_closer; | ||
2761 | + d2i_KRB5_ENCDATA; | ||
2762 | + OCSP_request_onereq_count; | ||
2763 | + OCSP_basic_verify; | ||
2764 | + KRB5_AUTHENTBODY_free; | ||
2765 | + ASN1_item_d2i; | ||
2766 | + ASN1_primitive_free; | ||
2767 | + i2d_EXTENDED_KEY_USAGE; | ||
2768 | + i2d_OCSP_SIGNATURE; | ||
2769 | + asn1_enc_save; | ||
2770 | + ENGINE_load_nuron; | ||
2771 | + _ossl_old_des_pcbc_encrypt; | ||
2772 | + PKCS12_MAC_DATA_it; | ||
2773 | + OCSP_accept_responses_new; | ||
2774 | + asn1_do_lock; | ||
2775 | + PKCS7_ATTR_VERIFY_it; | ||
2776 | + KRB5_APREQBODY_it; | ||
2777 | + i2d_OCSP_SINGLERESP; | ||
2778 | + ASN1_item_ex_new; | ||
2779 | + UI_add_verify_string; | ||
2780 | + _ossl_old_des_set_key; | ||
2781 | + KRB5_PRINCNAME_it; | ||
2782 | + EVP_DecryptInit_ex; | ||
2783 | + i2d_OCSP_CERTID; | ||
2784 | + ASN1_item_d2i_bio; | ||
2785 | + EC_POINT_dbl; | ||
2786 | + asn1_get_choice_selector; | ||
2787 | + i2d_KRB5_CHECKSUM; | ||
2788 | + ENGINE_set_table_flags; | ||
2789 | + AES_options; | ||
2790 | + ENGINE_load_chil; | ||
2791 | + OCSP_id_cmp; | ||
2792 | + OCSP_BASICRESP_new; | ||
2793 | + OCSP_REQUEST_get_ext_by_NID; | ||
2794 | + KRB5_APREQ_it; | ||
2795 | + ENGINE_get_destroy_function; | ||
2796 | + CONF_set_nconf; | ||
2797 | + ASN1_PRINTABLE_free; | ||
2798 | + OCSP_BASICRESP_get_ext_by_NID; | ||
2799 | + DIST_POINT_NAME_it; | ||
2800 | + X509V3_extensions_print; | ||
2801 | + _ossl_old_des_cfb64_encrypt; | ||
2802 | + X509_REVOKED_add1_ext_i2d; | ||
2803 | + _ossl_old_des_ofb_encrypt; | ||
2804 | + KRB5_TKTBODY_new; | ||
2805 | + ASN1_OCTET_STRING_it; | ||
2806 | + ERR_load_UI_strings; | ||
2807 | + i2d_KRB5_ENCKEY; | ||
2808 | + ASN1_template_new; | ||
2809 | + OCSP_SIGNATURE_free; | ||
2810 | + ASN1_item_i2d_fp; | ||
2811 | + KRB5_PRINCNAME_free; | ||
2812 | + PKCS7_RECIP_INFO_it; | ||
2813 | + EXTENDED_KEY_USAGE_it; | ||
2814 | + EC_GFp_simple_method; | ||
2815 | + EC_GROUP_precompute_mult; | ||
2816 | + OCSP_request_onereq_get0; | ||
2817 | + UI_method_set_writer; | ||
2818 | + KRB5_AUTHENT_new; | ||
2819 | + X509_CRL_INFO_it; | ||
2820 | + DSO_set_name_converter; | ||
2821 | + AES_set_decrypt_key; | ||
2822 | + PKCS7_DIGEST_it; | ||
2823 | + PKCS12_x5092certbag; | ||
2824 | + EVP_DigestInit_ex; | ||
2825 | + i2a_ACCESS_DESCRIPTION; | ||
2826 | + OCSP_RESPONSE_it; | ||
2827 | + PKCS7_ENC_CONTENT_it; | ||
2828 | + OCSP_request_add0_id; | ||
2829 | + EC_POINT_make_affine; | ||
2830 | + DSO_get_filename; | ||
2831 | + OCSP_CERTSTATUS_it; | ||
2832 | + OCSP_request_add1_cert; | ||
2833 | + UI_get0_output_string; | ||
2834 | + UI_dup_verify_string; | ||
2835 | + BN_mod_lshift; | ||
2836 | + KRB5_AUTHDATA_it; | ||
2837 | + asn1_set_choice_selector; | ||
2838 | + OCSP_basic_add1_status; | ||
2839 | + OCSP_RESPID_free; | ||
2840 | + asn1_get_field_ptr; | ||
2841 | + UI_add_input_string; | ||
2842 | + OCSP_CRLID_it; | ||
2843 | + i2d_KRB5_AUTHENTBODY; | ||
2844 | + OCSP_REQUEST_get_ext_count; | ||
2845 | + ENGINE_load_atalla; | ||
2846 | + X509_NAME_it; | ||
2847 | + USERNOTICE_it; | ||
2848 | + OCSP_REQINFO_new; | ||
2849 | + OCSP_BASICRESP_get_ext; | ||
2850 | + CRYPTO_get_ex_data_implementation; | ||
2851 | + CRYPTO_get_ex_data_impl; | ||
2852 | + ASN1_item_pack; | ||
2853 | + i2d_KRB5_ENCDATA; | ||
2854 | + X509_PURPOSE_set; | ||
2855 | + X509_REQ_INFO_it; | ||
2856 | + UI_method_set_opener; | ||
2857 | + ASN1_item_ex_free; | ||
2858 | + ASN1_BOOLEAN_it; | ||
2859 | + ENGINE_get_table_flags; | ||
2860 | + UI_create_method; | ||
2861 | + OCSP_ONEREQ_add1_ext_i2d; | ||
2862 | + _shadow_DES_check_key; | ||
2863 | + d2i_OCSP_REQINFO; | ||
2864 | + UI_add_info_string; | ||
2865 | + UI_get_result_minsize; | ||
2866 | + ASN1_NULL_it; | ||
2867 | + BN_mod_lshift1; | ||
2868 | + d2i_OCSP_ONEREQ; | ||
2869 | + OCSP_ONEREQ_new; | ||
2870 | + KRB5_TICKET_it; | ||
2871 | + EVP_aes_192_cbc; | ||
2872 | + KRB5_TICKET_free; | ||
2873 | + UI_new; | ||
2874 | + OCSP_response_create; | ||
2875 | + _ossl_old_des_xcbc_encrypt; | ||
2876 | + PKCS7_it; | ||
2877 | + OCSP_REQUEST_get_ext_by_critical; | ||
2878 | + OCSP_REQUEST_get_ext_by_crit; | ||
2879 | + ENGINE_set_flags; | ||
2880 | + _ossl_old_des_ecb_encrypt; | ||
2881 | + OCSP_response_get1_basic; | ||
2882 | + EVP_Digest; | ||
2883 | + OCSP_ONEREQ_delete_ext; | ||
2884 | + ASN1_TBOOLEAN_it; | ||
2885 | + ASN1_item_new; | ||
2886 | + ASN1_TIME_to_generalizedtime; | ||
2887 | + BIGNUM_it; | ||
2888 | + AES_cbc_encrypt; | ||
2889 | + ENGINE_get_load_privkey_function; | ||
2890 | + ENGINE_get_load_privkey_fn; | ||
2891 | + OCSP_RESPONSE_free; | ||
2892 | + UI_method_set_reader; | ||
2893 | + i2d_ASN1_T61STRING; | ||
2894 | + EC_POINT_set_to_infinity; | ||
2895 | + ERR_load_OCSP_strings; | ||
2896 | + EC_POINT_point2oct; | ||
2897 | + KRB5_APREQ_free; | ||
2898 | + ASN1_OBJECT_it; | ||
2899 | + OCSP_crlID_new; | ||
2900 | + OCSP_crlID2_new; | ||
2901 | + CONF_modules_load_file; | ||
2902 | + CONF_imodule_set_usr_data; | ||
2903 | + ENGINE_set_default_string; | ||
2904 | + CONF_module_get_usr_data; | ||
2905 | + ASN1_add_oid_module; | ||
2906 | + CONF_modules_finish; | ||
2907 | + OPENSSL_config; | ||
2908 | + CONF_modules_unload; | ||
2909 | + CONF_imodule_get_value; | ||
2910 | + CONF_module_set_usr_data; | ||
2911 | + CONF_parse_list; | ||
2912 | + CONF_module_add; | ||
2913 | + CONF_get1_default_config_file; | ||
2914 | + CONF_imodule_get_flags; | ||
2915 | + CONF_imodule_get_module; | ||
2916 | + CONF_modules_load; | ||
2917 | + CONF_imodule_get_name; | ||
2918 | + ERR_peek_top_error; | ||
2919 | + CONF_imodule_get_usr_data; | ||
2920 | + CONF_imodule_set_flags; | ||
2921 | + ENGINE_add_conf_module; | ||
2922 | + ERR_peek_last_error_line; | ||
2923 | + ERR_peek_last_error_line_data; | ||
2924 | + ERR_peek_last_error; | ||
2925 | + DES_read_2passwords; | ||
2926 | + DES_read_password; | ||
2927 | + UI_UTIL_read_pw; | ||
2928 | + UI_UTIL_read_pw_string; | ||
2929 | + ENGINE_load_aep; | ||
2930 | + ENGINE_load_sureware; | ||
2931 | + OPENSSL_add_all_algorithms_noconf; | ||
2932 | + OPENSSL_add_all_algo_noconf; | ||
2933 | + OPENSSL_add_all_algorithms_conf; | ||
2934 | + OPENSSL_add_all_algo_conf; | ||
2935 | + OPENSSL_load_builtin_modules; | ||
2936 | + AES_ofb128_encrypt; | ||
2937 | + AES_ctr128_encrypt; | ||
2938 | + AES_cfb128_encrypt; | ||
2939 | + ENGINE_load_4758cca; | ||
2940 | + _ossl_096_des_random_seed; | ||
2941 | + EVP_aes_256_ofb; | ||
2942 | + EVP_aes_192_ofb; | ||
2943 | + EVP_aes_128_cfb128; | ||
2944 | + EVP_aes_256_cfb128; | ||
2945 | + EVP_aes_128_ofb; | ||
2946 | + EVP_aes_192_cfb128; | ||
2947 | + CONF_modules_free; | ||
2948 | + NCONF_default; | ||
2949 | + OPENSSL_no_config; | ||
2950 | + NCONF_WIN32; | ||
2951 | + ASN1_UNIVERSALSTRING_new; | ||
2952 | + EVP_des_ede_ecb; | ||
2953 | + i2d_ASN1_UNIVERSALSTRING; | ||
2954 | + ASN1_UNIVERSALSTRING_free; | ||
2955 | + ASN1_UNIVERSALSTRING_it; | ||
2956 | + d2i_ASN1_UNIVERSALSTRING; | ||
2957 | + EVP_des_ede3_ecb; | ||
2958 | + X509_REQ_print_ex; | ||
2959 | + ENGINE_up_ref; | ||
2960 | + BUF_MEM_grow_clean; | ||
2961 | + CRYPTO_realloc_clean; | ||
2962 | + BUF_strlcat; | ||
2963 | + BIO_indent; | ||
2964 | + BUF_strlcpy; | ||
2965 | + OpenSSLDie; | ||
2966 | + OPENSSL_cleanse; | ||
2967 | + ENGINE_setup_bsd_cryptodev; | ||
2968 | + ERR_release_err_state_table; | ||
2969 | + EVP_aes_128_cfb8; | ||
2970 | + FIPS_corrupt_rsa; | ||
2971 | + FIPS_selftest_des; | ||
2972 | + EVP_aes_128_cfb1; | ||
2973 | + EVP_aes_192_cfb8; | ||
2974 | + FIPS_mode_set; | ||
2975 | + FIPS_selftest_dsa; | ||
2976 | + EVP_aes_256_cfb8; | ||
2977 | + FIPS_allow_md5; | ||
2978 | + DES_ede3_cfb_encrypt; | ||
2979 | + EVP_des_ede3_cfb8; | ||
2980 | + FIPS_rand_seeded; | ||
2981 | + AES_cfbr_encrypt_block; | ||
2982 | + AES_cfb8_encrypt; | ||
2983 | + FIPS_rand_seed; | ||
2984 | + FIPS_corrupt_des; | ||
2985 | + EVP_aes_192_cfb1; | ||
2986 | + FIPS_selftest_aes; | ||
2987 | + FIPS_set_prng_key; | ||
2988 | + EVP_des_cfb8; | ||
2989 | + FIPS_corrupt_dsa; | ||
2990 | + FIPS_test_mode; | ||
2991 | + FIPS_rand_method; | ||
2992 | + EVP_aes_256_cfb1; | ||
2993 | + ERR_load_FIPS_strings; | ||
2994 | + FIPS_corrupt_aes; | ||
2995 | + FIPS_selftest_sha1; | ||
2996 | + FIPS_selftest_rsa; | ||
2997 | + FIPS_corrupt_sha1; | ||
2998 | + EVP_des_cfb1; | ||
2999 | + FIPS_dsa_check; | ||
3000 | + AES_cfb1_encrypt; | ||
3001 | + EVP_des_ede3_cfb1; | ||
3002 | + FIPS_rand_check; | ||
3003 | + FIPS_md5_allowed; | ||
3004 | + FIPS_mode; | ||
3005 | + FIPS_selftest_failed; | ||
3006 | + sk_is_sorted; | ||
3007 | + X509_check_ca; | ||
3008 | + HMAC_CTX_set_flags; | ||
3009 | + d2i_PROXY_CERT_INFO_EXTENSION; | ||
3010 | + PROXY_POLICY_it; | ||
3011 | + i2d_PROXY_POLICY; | ||
3012 | + i2d_PROXY_CERT_INFO_EXTENSION; | ||
3013 | + d2i_PROXY_POLICY; | ||
3014 | + PROXY_CERT_INFO_EXTENSION_new; | ||
3015 | + PROXY_CERT_INFO_EXTENSION_free; | ||
3016 | + PROXY_CERT_INFO_EXTENSION_it; | ||
3017 | + PROXY_POLICY_free; | ||
3018 | + PROXY_POLICY_new; | ||
3019 | + BN_MONT_CTX_set_locked; | ||
3020 | + FIPS_selftest_rng; | ||
3021 | + EVP_sha384; | ||
3022 | + EVP_sha512; | ||
3023 | + EVP_sha224; | ||
3024 | + EVP_sha256; | ||
3025 | + FIPS_selftest_hmac; | ||
3026 | + FIPS_corrupt_rng; | ||
3027 | + BN_mod_exp_mont_consttime; | ||
3028 | + RSA_X931_hash_id; | ||
3029 | + RSA_padding_check_X931; | ||
3030 | + RSA_verify_PKCS1_PSS; | ||
3031 | + RSA_padding_add_X931; | ||
3032 | + RSA_padding_add_PKCS1_PSS; | ||
3033 | + PKCS1_MGF1; | ||
3034 | + BN_X931_generate_Xpq; | ||
3035 | + RSA_X931_generate_key; | ||
3036 | + BN_X931_derive_prime; | ||
3037 | + BN_X931_generate_prime; | ||
3038 | + RSA_X931_derive; | ||
3039 | + BIO_new_dgram; | ||
3040 | + BN_get0_nist_prime_384; | ||
3041 | + ERR_set_mark; | ||
3042 | + X509_STORE_CTX_set0_crls; | ||
3043 | + ENGINE_set_STORE; | ||
3044 | + ENGINE_register_ECDSA; | ||
3045 | + STORE_meth_set_list_start_fn; | ||
3046 | + STORE_method_set_list_start_function; | ||
3047 | + BN_BLINDING_invert_ex; | ||
3048 | + NAME_CONSTRAINTS_free; | ||
3049 | + STORE_ATTR_INFO_set_number; | ||
3050 | + BN_BLINDING_get_thread_id; | ||
3051 | + X509_STORE_CTX_set0_param; | ||
3052 | + POLICY_MAPPING_it; | ||
3053 | + STORE_parse_attrs_start; | ||
3054 | + POLICY_CONSTRAINTS_free; | ||
3055 | + EVP_PKEY_add1_attr_by_NID; | ||
3056 | + BN_nist_mod_192; | ||
3057 | + EC_GROUP_get_trinomial_basis; | ||
3058 | + STORE_set_method; | ||
3059 | + GENERAL_SUBTREE_free; | ||
3060 | + NAME_CONSTRAINTS_it; | ||
3061 | + ECDH_get_default_method; | ||
3062 | + PKCS12_add_safe; | ||
3063 | + EC_KEY_new_by_curve_name; | ||
3064 | + STORE_meth_get_update_store_fn; | ||
3065 | + STORE_method_get_update_store_function; | ||
3066 | + ENGINE_register_ECDH; | ||
3067 | + SHA512_Update; | ||
3068 | + i2d_ECPrivateKey; | ||
3069 | + BN_get0_nist_prime_192; | ||
3070 | + STORE_modify_certificate; | ||
3071 | + EC_POINT_set_affine_coordinates_GF2m; | ||
3072 | + EC_POINT_set_affine_coords_GF2m; | ||
3073 | + BN_GF2m_mod_exp_arr; | ||
3074 | + STORE_ATTR_INFO_modify_number; | ||
3075 | + X509_keyid_get0; | ||
3076 | + ENGINE_load_gmp; | ||
3077 | + pitem_new; | ||
3078 | + BN_GF2m_mod_mul_arr; | ||
3079 | + STORE_list_public_key_endp; | ||
3080 | + o2i_ECPublicKey; | ||
3081 | + EC_KEY_copy; | ||
3082 | + BIO_dump_fp; | ||
3083 | + X509_policy_node_get0_parent; | ||
3084 | + EC_GROUP_check_discriminant; | ||
3085 | + i2o_ECPublicKey; | ||
3086 | + EC_KEY_precompute_mult; | ||
3087 | + a2i_IPADDRESS; | ||
3088 | + STORE_meth_set_initialise_fn; | ||
3089 | + STORE_method_set_initialise_function; | ||
3090 | + X509_STORE_CTX_set_depth; | ||
3091 | + X509_VERIFY_PARAM_inherit; | ||
3092 | + EC_POINT_point2bn; | ||
3093 | + STORE_ATTR_INFO_set_dn; | ||
3094 | + X509_policy_tree_get0_policies; | ||
3095 | + EC_GROUP_new_curve_GF2m; | ||
3096 | + STORE_destroy_method; | ||
3097 | + ENGINE_unregister_STORE; | ||
3098 | + EVP_PKEY_get1_EC_KEY; | ||
3099 | + STORE_ATTR_INFO_get0_number; | ||
3100 | + ENGINE_get_default_ECDH; | ||
3101 | + EC_KEY_get_conv_form; | ||
3102 | + ASN1_OCTET_STRING_NDEF_it; | ||
3103 | + STORE_delete_public_key; | ||
3104 | + STORE_get_public_key; | ||
3105 | + STORE_modify_arbitrary; | ||
3106 | + ENGINE_get_static_state; | ||
3107 | + pqueue_iterator; | ||
3108 | + ECDSA_SIG_new; | ||
3109 | + OPENSSL_DIR_end; | ||
3110 | + BN_GF2m_mod_sqr; | ||
3111 | + EC_POINT_bn2point; | ||
3112 | + X509_VERIFY_PARAM_set_depth; | ||
3113 | + EC_KEY_set_asn1_flag; | ||
3114 | + STORE_get_method; | ||
3115 | + EC_KEY_get_key_method_data; | ||
3116 | + ECDSA_sign_ex; | ||
3117 | + STORE_parse_attrs_end; | ||
3118 | + EC_GROUP_get_point_conversion_form; | ||
3119 | + EC_GROUP_get_point_conv_form; | ||
3120 | + STORE_method_set_store_function; | ||
3121 | + STORE_ATTR_INFO_in; | ||
3122 | + PEM_read_bio_ECPKParameters; | ||
3123 | + EC_GROUP_get_pentanomial_basis; | ||
3124 | + EVP_PKEY_add1_attr_by_txt; | ||
3125 | + BN_BLINDING_set_flags; | ||
3126 | + X509_VERIFY_PARAM_set1_policies; | ||
3127 | + X509_VERIFY_PARAM_set1_name; | ||
3128 | + X509_VERIFY_PARAM_set_purpose; | ||
3129 | + STORE_get_number; | ||
3130 | + ECDSA_sign_setup; | ||
3131 | + BN_GF2m_mod_solve_quad_arr; | ||
3132 | + EC_KEY_up_ref; | ||
3133 | + POLICY_MAPPING_free; | ||
3134 | + BN_GF2m_mod_div; | ||
3135 | + X509_VERIFY_PARAM_set_flags; | ||
3136 | + EC_KEY_free; | ||
3137 | + STORE_meth_set_list_next_fn; | ||
3138 | + STORE_method_set_list_next_function; | ||
3139 | + PEM_write_bio_ECPrivateKey; | ||
3140 | + d2i_EC_PUBKEY; | ||
3141 | + STORE_meth_get_generate_fn; | ||
3142 | + STORE_method_get_generate_function; | ||
3143 | + STORE_meth_set_list_end_fn; | ||
3144 | + STORE_method_set_list_end_function; | ||
3145 | + pqueue_print; | ||
3146 | + EC_GROUP_have_precompute_mult; | ||
3147 | + EC_KEY_print_fp; | ||
3148 | + BN_GF2m_mod_arr; | ||
3149 | + PEM_write_bio_X509_CERT_PAIR; | ||
3150 | + EVP_PKEY_cmp; | ||
3151 | + X509_policy_level_node_count; | ||
3152 | + STORE_new_engine; | ||
3153 | + STORE_list_public_key_start; | ||
3154 | + X509_VERIFY_PARAM_new; | ||
3155 | + ECDH_get_ex_data; | ||
3156 | + EVP_PKEY_get_attr; | ||
3157 | + ECDSA_do_sign; | ||
3158 | + ENGINE_unregister_ECDH; | ||
3159 | + ECDH_OpenSSL; | ||
3160 | + EC_KEY_set_conv_form; | ||
3161 | + EC_POINT_dup; | ||
3162 | + GENERAL_SUBTREE_new; | ||
3163 | + STORE_list_crl_endp; | ||
3164 | + EC_get_builtin_curves; | ||
3165 | + X509_policy_node_get0_qualifiers; | ||
3166 | + X509_pcy_node_get0_qualifiers; | ||
3167 | + STORE_list_crl_end; | ||
3168 | + EVP_PKEY_set1_EC_KEY; | ||
3169 | + BN_GF2m_mod_sqrt_arr; | ||
3170 | + i2d_ECPrivateKey_bio; | ||
3171 | + ECPKParameters_print_fp; | ||
3172 | + pqueue_find; | ||
3173 | + ECDSA_SIG_free; | ||
3174 | + PEM_write_bio_ECPKParameters; | ||
3175 | + STORE_method_set_ctrl_function; | ||
3176 | + STORE_list_public_key_end; | ||
3177 | + EC_KEY_set_private_key; | ||
3178 | + pqueue_peek; | ||
3179 | + STORE_get_arbitrary; | ||
3180 | + STORE_store_crl; | ||
3181 | + X509_policy_node_get0_policy; | ||
3182 | + PKCS12_add_safes; | ||
3183 | + BN_BLINDING_convert_ex; | ||
3184 | + X509_policy_tree_free; | ||
3185 | + OPENSSL_ia32cap_loc; | ||
3186 | + BN_GF2m_poly2arr; | ||
3187 | + STORE_ctrl; | ||
3188 | + STORE_ATTR_INFO_compare; | ||
3189 | + BN_get0_nist_prime_224; | ||
3190 | + i2d_ECParameters; | ||
3191 | + i2d_ECPKParameters; | ||
3192 | + BN_GENCB_call; | ||
3193 | + d2i_ECPKParameters; | ||
3194 | + STORE_meth_set_generate_fn; | ||
3195 | + STORE_method_set_generate_function; | ||
3196 | + ENGINE_set_ECDH; | ||
3197 | + NAME_CONSTRAINTS_new; | ||
3198 | + SHA256_Init; | ||
3199 | + EC_KEY_get0_public_key; | ||
3200 | + PEM_write_bio_EC_PUBKEY; | ||
3201 | + STORE_ATTR_INFO_set_cstr; | ||
3202 | + STORE_list_crl_next; | ||
3203 | + STORE_ATTR_INFO_in_range; | ||
3204 | + ECParameters_print; | ||
3205 | + STORE_meth_set_delete_fn; | ||
3206 | + STORE_method_set_delete_function; | ||
3207 | + STORE_list_certificate_next; | ||
3208 | + ASN1_generate_nconf; | ||
3209 | + BUF_memdup; | ||
3210 | + BN_GF2m_mod_mul; | ||
3211 | + STORE_meth_get_list_next_fn; | ||
3212 | + STORE_method_get_list_next_function; | ||
3213 | + STORE_ATTR_INFO_get0_dn; | ||
3214 | + STORE_list_private_key_next; | ||
3215 | + EC_GROUP_set_seed; | ||
3216 | + X509_VERIFY_PARAM_set_trust; | ||
3217 | + STORE_ATTR_INFO_free; | ||
3218 | + STORE_get_private_key; | ||
3219 | + EVP_PKEY_get_attr_count; | ||
3220 | + STORE_ATTR_INFO_new; | ||
3221 | + EC_GROUP_get_curve_GF2m; | ||
3222 | + STORE_meth_set_revoke_fn; | ||
3223 | + STORE_method_set_revoke_function; | ||
3224 | + STORE_store_number; | ||
3225 | + BN_is_prime_ex; | ||
3226 | + STORE_revoke_public_key; | ||
3227 | + X509_STORE_CTX_get0_param; | ||
3228 | + STORE_delete_arbitrary; | ||
3229 | + PEM_read_X509_CERT_PAIR; | ||
3230 | + X509_STORE_set_depth; | ||
3231 | + ECDSA_get_ex_data; | ||
3232 | + SHA224; | ||
3233 | + BIO_dump_indent_fp; | ||
3234 | + EC_KEY_set_group; | ||
3235 | + BUF_strndup; | ||
3236 | + STORE_list_certificate_start; | ||
3237 | + BN_GF2m_mod; | ||
3238 | + X509_REQ_check_private_key; | ||
3239 | + EC_GROUP_get_seed_len; | ||
3240 | + ERR_load_STORE_strings; | ||
3241 | + PEM_read_bio_EC_PUBKEY; | ||
3242 | + STORE_list_private_key_end; | ||
3243 | + i2d_EC_PUBKEY; | ||
3244 | + ECDSA_get_default_method; | ||
3245 | + ASN1_put_eoc; | ||
3246 | + X509_STORE_CTX_get_explicit_policy; | ||
3247 | + X509_STORE_CTX_get_expl_policy; | ||
3248 | + X509_VERIFY_PARAM_table_cleanup; | ||
3249 | + STORE_modify_private_key; | ||
3250 | + X509_VERIFY_PARAM_free; | ||
3251 | + EC_METHOD_get_field_type; | ||
3252 | + EC_GFp_nist_method; | ||
3253 | + STORE_meth_set_modify_fn; | ||
3254 | + STORE_method_set_modify_function; | ||
3255 | + STORE_parse_attrs_next; | ||
3256 | + ENGINE_load_padlock; | ||
3257 | + EC_GROUP_set_curve_name; | ||
3258 | + X509_CERT_PAIR_it; | ||
3259 | + STORE_meth_get_revoke_fn; | ||
3260 | + STORE_method_get_revoke_function; | ||
3261 | + STORE_method_set_get_function; | ||
3262 | + STORE_modify_number; | ||
3263 | + STORE_method_get_store_function; | ||
3264 | + STORE_store_private_key; | ||
3265 | + BN_GF2m_mod_sqr_arr; | ||
3266 | + RSA_setup_blinding; | ||
3267 | + BIO_s_datagram; | ||
3268 | + STORE_Memory; | ||
3269 | + sk_find_ex; | ||
3270 | + EC_GROUP_set_curve_GF2m; | ||
3271 | + ENGINE_set_default_ECDSA; | ||
3272 | + POLICY_CONSTRAINTS_new; | ||
3273 | + BN_GF2m_mod_sqrt; | ||
3274 | + ECDH_set_default_method; | ||
3275 | + EC_KEY_generate_key; | ||
3276 | + SHA384_Update; | ||
3277 | + BN_GF2m_arr2poly; | ||
3278 | + STORE_method_get_get_function; | ||
3279 | + STORE_meth_set_cleanup_fn; | ||
3280 | + STORE_method_set_cleanup_function; | ||
3281 | + EC_GROUP_check; | ||
3282 | + d2i_ECPrivateKey_bio; | ||
3283 | + EC_KEY_insert_key_method_data; | ||
3284 | + STORE_meth_get_lock_store_fn; | ||
3285 | + STORE_method_get_lock_store_function; | ||
3286 | + X509_VERIFY_PARAM_get_depth; | ||
3287 | + SHA224_Final; | ||
3288 | + STORE_meth_set_update_store_fn; | ||
3289 | + STORE_method_set_update_store_function; | ||
3290 | + SHA224_Update; | ||
3291 | + d2i_ECPrivateKey; | ||
3292 | + ASN1_item_ndef_i2d; | ||
3293 | + STORE_delete_private_key; | ||
3294 | + ERR_pop_to_mark; | ||
3295 | + ENGINE_register_all_STORE; | ||
3296 | + X509_policy_level_get0_node; | ||
3297 | + i2d_PKCS7_NDEF; | ||
3298 | + EC_GROUP_get_degree; | ||
3299 | + ASN1_generate_v3; | ||
3300 | + STORE_ATTR_INFO_modify_cstr; | ||
3301 | + X509_policy_tree_level_count; | ||
3302 | + BN_GF2m_add; | ||
3303 | + EC_KEY_get0_group; | ||
3304 | + STORE_generate_crl; | ||
3305 | + STORE_store_public_key; | ||
3306 | + X509_CERT_PAIR_free; | ||
3307 | + STORE_revoke_private_key; | ||
3308 | + BN_nist_mod_224; | ||
3309 | + SHA512_Final; | ||
3310 | + STORE_ATTR_INFO_modify_dn; | ||
3311 | + STORE_meth_get_initialise_fn; | ||
3312 | + STORE_method_get_initialise_function; | ||
3313 | + STORE_delete_number; | ||
3314 | + i2d_EC_PUBKEY_bio; | ||
3315 | + BIO_dgram_non_fatal_error; | ||
3316 | + EC_GROUP_get_asn1_flag; | ||
3317 | + STORE_ATTR_INFO_in_ex; | ||
3318 | + STORE_list_crl_start; | ||
3319 | + ECDH_get_ex_new_index; | ||
3320 | + STORE_meth_get_modify_fn; | ||
3321 | + STORE_method_get_modify_function; | ||
3322 | + v2i_ASN1_BIT_STRING; | ||
3323 | + STORE_store_certificate; | ||
3324 | + OBJ_bsearch_ex; | ||
3325 | + X509_STORE_CTX_set_default; | ||
3326 | + STORE_ATTR_INFO_set_sha1str; | ||
3327 | + BN_GF2m_mod_inv; | ||
3328 | + BN_GF2m_mod_exp; | ||
3329 | + STORE_modify_public_key; | ||
3330 | + STORE_meth_get_list_start_fn; | ||
3331 | + STORE_method_get_list_start_function; | ||
3332 | + EC_GROUP_get0_seed; | ||
3333 | + STORE_store_arbitrary; | ||
3334 | + STORE_meth_set_unlock_store_fn; | ||
3335 | + STORE_method_set_unlock_store_function; | ||
3336 | + BN_GF2m_mod_div_arr; | ||
3337 | + ENGINE_set_ECDSA; | ||
3338 | + STORE_create_method; | ||
3339 | + ECPKParameters_print; | ||
3340 | + EC_KEY_get0_private_key; | ||
3341 | + PEM_write_EC_PUBKEY; | ||
3342 | + X509_VERIFY_PARAM_set1; | ||
3343 | + ECDH_set_method; | ||
3344 | + v2i_GENERAL_NAME_ex; | ||
3345 | + ECDH_set_ex_data; | ||
3346 | + STORE_generate_key; | ||
3347 | + BN_nist_mod_521; | ||
3348 | + X509_policy_tree_get0_level; | ||
3349 | + EC_GROUP_set_point_conversion_form; | ||
3350 | + EC_GROUP_set_point_conv_form; | ||
3351 | + PEM_read_EC_PUBKEY; | ||
3352 | + i2d_ECDSA_SIG; | ||
3353 | + ECDSA_OpenSSL; | ||
3354 | + STORE_delete_crl; | ||
3355 | + EC_KEY_get_enc_flags; | ||
3356 | + ASN1_const_check_infinite_end; | ||
3357 | + EVP_PKEY_delete_attr; | ||
3358 | + ECDSA_set_default_method; | ||
3359 | + EC_POINT_set_compressed_coordinates_GF2m; | ||
3360 | + EC_POINT_set_compr_coords_GF2m; | ||
3361 | + EC_GROUP_cmp; | ||
3362 | + STORE_revoke_certificate; | ||
3363 | + BN_get0_nist_prime_256; | ||
3364 | + STORE_meth_get_delete_fn; | ||
3365 | + STORE_method_get_delete_function; | ||
3366 | + SHA224_Init; | ||
3367 | + PEM_read_ECPrivateKey; | ||
3368 | + SHA512_Init; | ||
3369 | + STORE_parse_attrs_endp; | ||
3370 | + BN_set_negative; | ||
3371 | + ERR_load_ECDSA_strings; | ||
3372 | + EC_GROUP_get_basis_type; | ||
3373 | + STORE_list_public_key_next; | ||
3374 | + i2v_ASN1_BIT_STRING; | ||
3375 | + STORE_OBJECT_free; | ||
3376 | + BN_nist_mod_384; | ||
3377 | + i2d_X509_CERT_PAIR; | ||
3378 | + PEM_write_ECPKParameters; | ||
3379 | + ECDH_compute_key; | ||
3380 | + STORE_ATTR_INFO_get0_sha1str; | ||
3381 | + ENGINE_register_all_ECDH; | ||
3382 | + pqueue_pop; | ||
3383 | + STORE_ATTR_INFO_get0_cstr; | ||
3384 | + POLICY_CONSTRAINTS_it; | ||
3385 | + STORE_get_ex_new_index; | ||
3386 | + EVP_PKEY_get_attr_by_OBJ; | ||
3387 | + X509_VERIFY_PARAM_add0_policy; | ||
3388 | + BN_GF2m_mod_solve_quad; | ||
3389 | + SHA256; | ||
3390 | + i2d_ECPrivateKey_fp; | ||
3391 | + X509_policy_tree_get0_user_policies; | ||
3392 | + X509_pcy_tree_get0_usr_policies; | ||
3393 | + OPENSSL_DIR_read; | ||
3394 | + ENGINE_register_all_ECDSA; | ||
3395 | + X509_VERIFY_PARAM_lookup; | ||
3396 | + EC_POINT_get_affine_coordinates_GF2m; | ||
3397 | + EC_POINT_get_affine_coords_GF2m; | ||
3398 | + EC_GROUP_dup; | ||
3399 | + ENGINE_get_default_ECDSA; | ||
3400 | + EC_KEY_new; | ||
3401 | + SHA256_Transform; | ||
3402 | + EC_KEY_set_enc_flags; | ||
3403 | + ECDSA_verify; | ||
3404 | + EC_POINT_point2hex; | ||
3405 | + ENGINE_get_STORE; | ||
3406 | + SHA512; | ||
3407 | + STORE_get_certificate; | ||
3408 | + ECDSA_do_sign_ex; | ||
3409 | + ECDSA_do_verify; | ||
3410 | + d2i_ECPrivateKey_fp; | ||
3411 | + STORE_delete_certificate; | ||
3412 | + SHA512_Transform; | ||
3413 | + X509_STORE_set1_param; | ||
3414 | + STORE_method_get_ctrl_function; | ||
3415 | + STORE_free; | ||
3416 | + PEM_write_ECPrivateKey; | ||
3417 | + STORE_meth_get_unlock_store_fn; | ||
3418 | + STORE_method_get_unlock_store_function; | ||
3419 | + STORE_get_ex_data; | ||
3420 | + EC_KEY_set_public_key; | ||
3421 | + PEM_read_ECPKParameters; | ||
3422 | + X509_CERT_PAIR_new; | ||
3423 | + ENGINE_register_STORE; | ||
3424 | + RSA_generate_key_ex; | ||
3425 | + DSA_generate_parameters_ex; | ||
3426 | + ECParameters_print_fp; | ||
3427 | + X509V3_NAME_from_section; | ||
3428 | + EVP_PKEY_add1_attr; | ||
3429 | + STORE_modify_crl; | ||
3430 | + STORE_list_private_key_start; | ||
3431 | + POLICY_MAPPINGS_it; | ||
3432 | + GENERAL_SUBTREE_it; | ||
3433 | + EC_GROUP_get_curve_name; | ||
3434 | + PEM_write_X509_CERT_PAIR; | ||
3435 | + BIO_dump_indent_cb; | ||
3436 | + d2i_X509_CERT_PAIR; | ||
3437 | + STORE_list_private_key_endp; | ||
3438 | + asn1_const_Finish; | ||
3439 | + i2d_EC_PUBKEY_fp; | ||
3440 | + BN_nist_mod_256; | ||
3441 | + X509_VERIFY_PARAM_add0_table; | ||
3442 | + pqueue_free; | ||
3443 | + BN_BLINDING_create_param; | ||
3444 | + ECDSA_size; | ||
3445 | + d2i_EC_PUBKEY_bio; | ||
3446 | + BN_get0_nist_prime_521; | ||
3447 | + STORE_ATTR_INFO_modify_sha1str; | ||
3448 | + BN_generate_prime_ex; | ||
3449 | + EC_GROUP_new_by_curve_name; | ||
3450 | + SHA256_Final; | ||
3451 | + DH_generate_parameters_ex; | ||
3452 | + PEM_read_bio_ECPrivateKey; | ||
3453 | + STORE_meth_get_cleanup_fn; | ||
3454 | + STORE_method_get_cleanup_function; | ||
3455 | + ENGINE_get_ECDH; | ||
3456 | + d2i_ECDSA_SIG; | ||
3457 | + BN_is_prime_fasttest_ex; | ||
3458 | + ECDSA_sign; | ||
3459 | + X509_policy_check; | ||
3460 | + EVP_PKEY_get_attr_by_NID; | ||
3461 | + STORE_set_ex_data; | ||
3462 | + ENGINE_get_ECDSA; | ||
3463 | + EVP_ecdsa; | ||
3464 | + BN_BLINDING_get_flags; | ||
3465 | + PKCS12_add_cert; | ||
3466 | + STORE_OBJECT_new; | ||
3467 | + ERR_load_ECDH_strings; | ||
3468 | + EC_KEY_dup; | ||
3469 | + EVP_CIPHER_CTX_rand_key; | ||
3470 | + ECDSA_set_method; | ||
3471 | + a2i_IPADDRESS_NC; | ||
3472 | + d2i_ECParameters; | ||
3473 | + STORE_list_certificate_end; | ||
3474 | + STORE_get_crl; | ||
3475 | + X509_POLICY_NODE_print; | ||
3476 | + SHA384_Init; | ||
3477 | + EC_GF2m_simple_method; | ||
3478 | + ECDSA_set_ex_data; | ||
3479 | + SHA384_Final; | ||
3480 | + PKCS7_set_digest; | ||
3481 | + EC_KEY_print; | ||
3482 | + STORE_meth_set_lock_store_fn; | ||
3483 | + STORE_method_set_lock_store_function; | ||
3484 | + ECDSA_get_ex_new_index; | ||
3485 | + SHA384; | ||
3486 | + POLICY_MAPPING_new; | ||
3487 | + STORE_list_certificate_endp; | ||
3488 | + X509_STORE_CTX_get0_policy_tree; | ||
3489 | + EC_GROUP_set_asn1_flag; | ||
3490 | + EC_KEY_check_key; | ||
3491 | + d2i_EC_PUBKEY_fp; | ||
3492 | + PKCS7_set0_type_other; | ||
3493 | + PEM_read_bio_X509_CERT_PAIR; | ||
3494 | + pqueue_next; | ||
3495 | + STORE_meth_get_list_end_fn; | ||
3496 | + STORE_method_get_list_end_function; | ||
3497 | + EVP_PKEY_add1_attr_by_OBJ; | ||
3498 | + X509_VERIFY_PARAM_set_time; | ||
3499 | + pqueue_new; | ||
3500 | + ENGINE_set_default_ECDH; | ||
3501 | + STORE_new_method; | ||
3502 | + PKCS12_add_key; | ||
3503 | + DSO_merge; | ||
3504 | + EC_POINT_hex2point; | ||
3505 | + BIO_dump_cb; | ||
3506 | + SHA256_Update; | ||
3507 | + pqueue_insert; | ||
3508 | + pitem_free; | ||
3509 | + BN_GF2m_mod_inv_arr; | ||
3510 | + ENGINE_unregister_ECDSA; | ||
3511 | + BN_BLINDING_set_thread_id; | ||
3512 | + get_rfc3526_prime_8192; | ||
3513 | + X509_VERIFY_PARAM_clear_flags; | ||
3514 | + get_rfc2409_prime_1024; | ||
3515 | + DH_check_pub_key; | ||
3516 | + get_rfc3526_prime_2048; | ||
3517 | + get_rfc3526_prime_6144; | ||
3518 | + get_rfc3526_prime_1536; | ||
3519 | + get_rfc3526_prime_3072; | ||
3520 | + get_rfc3526_prime_4096; | ||
3521 | + get_rfc2409_prime_768; | ||
3522 | + X509_VERIFY_PARAM_get_flags; | ||
3523 | + EVP_CIPHER_CTX_new; | ||
3524 | + EVP_CIPHER_CTX_free; | ||
3525 | + Camellia_cbc_encrypt; | ||
3526 | + Camellia_cfb128_encrypt; | ||
3527 | + Camellia_cfb1_encrypt; | ||
3528 | + Camellia_cfb8_encrypt; | ||
3529 | + Camellia_ctr128_encrypt; | ||
3530 | + Camellia_cfbr_encrypt_block; | ||
3531 | + Camellia_decrypt; | ||
3532 | + Camellia_ecb_encrypt; | ||
3533 | + Camellia_encrypt; | ||
3534 | + Camellia_ofb128_encrypt; | ||
3535 | + Camellia_set_key; | ||
3536 | + EVP_camellia_128_cbc; | ||
3537 | + EVP_camellia_128_cfb128; | ||
3538 | + EVP_camellia_128_cfb1; | ||
3539 | + EVP_camellia_128_cfb8; | ||
3540 | + EVP_camellia_128_ecb; | ||
3541 | + EVP_camellia_128_ofb; | ||
3542 | + EVP_camellia_192_cbc; | ||
3543 | + EVP_camellia_192_cfb128; | ||
3544 | + EVP_camellia_192_cfb1; | ||
3545 | + EVP_camellia_192_cfb8; | ||
3546 | + EVP_camellia_192_ecb; | ||
3547 | + EVP_camellia_192_ofb; | ||
3548 | + EVP_camellia_256_cbc; | ||
3549 | + EVP_camellia_256_cfb128; | ||
3550 | + EVP_camellia_256_cfb1; | ||
3551 | + EVP_camellia_256_cfb8; | ||
3552 | + EVP_camellia_256_ecb; | ||
3553 | + EVP_camellia_256_ofb; | ||
3554 | + a2i_ipadd; | ||
3555 | + ASIdentifiers_free; | ||
3556 | + i2d_ASIdOrRange; | ||
3557 | + EVP_CIPHER_block_size; | ||
3558 | + v3_asid_is_canonical; | ||
3559 | + IPAddressChoice_free; | ||
3560 | + EVP_CIPHER_CTX_set_app_data; | ||
3561 | + BIO_set_callback_arg; | ||
3562 | + v3_addr_add_prefix; | ||
3563 | + IPAddressOrRange_it; | ||
3564 | + BIO_set_flags; | ||
3565 | + ASIdentifiers_it; | ||
3566 | + v3_addr_get_range; | ||
3567 | + BIO_method_type; | ||
3568 | + v3_addr_inherits; | ||
3569 | + IPAddressChoice_it; | ||
3570 | + AES_ige_encrypt; | ||
3571 | + v3_addr_add_range; | ||
3572 | + EVP_CIPHER_CTX_nid; | ||
3573 | + d2i_ASRange; | ||
3574 | + v3_addr_add_inherit; | ||
3575 | + v3_asid_add_id_or_range; | ||
3576 | + v3_addr_validate_resource_set; | ||
3577 | + EVP_CIPHER_iv_length; | ||
3578 | + EVP_MD_type; | ||
3579 | + v3_asid_canonize; | ||
3580 | + IPAddressRange_free; | ||
3581 | + v3_asid_add_inherit; | ||
3582 | + EVP_CIPHER_CTX_key_length; | ||
3583 | + IPAddressRange_new; | ||
3584 | + ASIdOrRange_new; | ||
3585 | + EVP_MD_size; | ||
3586 | + EVP_MD_CTX_test_flags; | ||
3587 | + BIO_clear_flags; | ||
3588 | + i2d_ASRange; | ||
3589 | + IPAddressRange_it; | ||
3590 | + IPAddressChoice_new; | ||
3591 | + ASIdentifierChoice_new; | ||
3592 | + ASRange_free; | ||
3593 | + EVP_MD_pkey_type; | ||
3594 | + EVP_MD_CTX_clear_flags; | ||
3595 | + IPAddressFamily_free; | ||
3596 | + i2d_IPAddressFamily; | ||
3597 | + IPAddressOrRange_new; | ||
3598 | + EVP_CIPHER_flags; | ||
3599 | + v3_asid_validate_resource_set; | ||
3600 | + d2i_IPAddressRange; | ||
3601 | + AES_bi_ige_encrypt; | ||
3602 | + BIO_get_callback; | ||
3603 | + IPAddressOrRange_free; | ||
3604 | + v3_addr_subset; | ||
3605 | + d2i_IPAddressFamily; | ||
3606 | + v3_asid_subset; | ||
3607 | + BIO_test_flags; | ||
3608 | + i2d_ASIdentifierChoice; | ||
3609 | + ASRange_it; | ||
3610 | + d2i_ASIdentifiers; | ||
3611 | + ASRange_new; | ||
3612 | + d2i_IPAddressChoice; | ||
3613 | + v3_addr_get_afi; | ||
3614 | + EVP_CIPHER_key_length; | ||
3615 | + EVP_Cipher; | ||
3616 | + i2d_IPAddressOrRange; | ||
3617 | + ASIdOrRange_it; | ||
3618 | + EVP_CIPHER_nid; | ||
3619 | + i2d_IPAddressChoice; | ||
3620 | + EVP_CIPHER_CTX_block_size; | ||
3621 | + ASIdentifiers_new; | ||
3622 | + v3_addr_validate_path; | ||
3623 | + IPAddressFamily_new; | ||
3624 | + EVP_MD_CTX_set_flags; | ||
3625 | + v3_addr_is_canonical; | ||
3626 | + i2d_IPAddressRange; | ||
3627 | + IPAddressFamily_it; | ||
3628 | + v3_asid_inherits; | ||
3629 | + EVP_CIPHER_CTX_cipher; | ||
3630 | + EVP_CIPHER_CTX_get_app_data; | ||
3631 | + EVP_MD_block_size; | ||
3632 | + EVP_CIPHER_CTX_flags; | ||
3633 | + v3_asid_validate_path; | ||
3634 | + d2i_IPAddressOrRange; | ||
3635 | + v3_addr_canonize; | ||
3636 | + ASIdentifierChoice_it; | ||
3637 | + EVP_MD_CTX_md; | ||
3638 | + d2i_ASIdentifierChoice; | ||
3639 | + BIO_method_name; | ||
3640 | + EVP_CIPHER_CTX_iv_length; | ||
3641 | + ASIdOrRange_free; | ||
3642 | + ASIdentifierChoice_free; | ||
3643 | + BIO_get_callback_arg; | ||
3644 | + BIO_set_callback; | ||
3645 | + d2i_ASIdOrRange; | ||
3646 | + i2d_ASIdentifiers; | ||
3647 | + SEED_decrypt; | ||
3648 | + SEED_encrypt; | ||
3649 | + SEED_cbc_encrypt; | ||
3650 | + EVP_seed_ofb; | ||
3651 | + SEED_cfb128_encrypt; | ||
3652 | + SEED_ofb128_encrypt; | ||
3653 | + EVP_seed_cbc; | ||
3654 | + SEED_ecb_encrypt; | ||
3655 | + EVP_seed_ecb; | ||
3656 | + SEED_set_key; | ||
3657 | + EVP_seed_cfb128; | ||
3658 | + X509_EXTENSIONS_it; | ||
3659 | + X509_get1_ocsp; | ||
3660 | + OCSP_REQ_CTX_free; | ||
3661 | + i2d_X509_EXTENSIONS; | ||
3662 | + OCSP_sendreq_nbio; | ||
3663 | + OCSP_sendreq_new; | ||
3664 | + d2i_X509_EXTENSIONS; | ||
3665 | + X509_ALGORS_it; | ||
3666 | + X509_ALGOR_get0; | ||
3667 | + X509_ALGOR_set0; | ||
3668 | + AES_unwrap_key; | ||
3669 | + AES_wrap_key; | ||
3670 | + X509at_get0_data_by_OBJ; | ||
3671 | + ASN1_TYPE_set1; | ||
3672 | + ASN1_STRING_set0; | ||
3673 | + i2d_X509_ALGORS; | ||
3674 | + BIO_f_zlib; | ||
3675 | + COMP_zlib_cleanup; | ||
3676 | + d2i_X509_ALGORS; | ||
3677 | + CMS_ReceiptRequest_free; | ||
3678 | + PEM_write_CMS; | ||
3679 | + CMS_add0_CertificateChoices; | ||
3680 | + CMS_unsigned_add1_attr_by_OBJ; | ||
3681 | + ERR_load_CMS_strings; | ||
3682 | + CMS_sign_receipt; | ||
3683 | + i2d_CMS_ContentInfo; | ||
3684 | + CMS_signed_delete_attr; | ||
3685 | + d2i_CMS_bio; | ||
3686 | + CMS_unsigned_get_attr_by_NID; | ||
3687 | + CMS_verify; | ||
3688 | + SMIME_read_CMS; | ||
3689 | + CMS_decrypt_set1_key; | ||
3690 | + CMS_SignerInfo_get0_algs; | ||
3691 | + CMS_add1_cert; | ||
3692 | + CMS_set_detached; | ||
3693 | + CMS_encrypt; | ||
3694 | + CMS_EnvelopedData_create; | ||
3695 | + CMS_uncompress; | ||
3696 | + CMS_add0_crl; | ||
3697 | + CMS_SignerInfo_verify_content; | ||
3698 | + CMS_unsigned_get0_data_by_OBJ; | ||
3699 | + PEM_write_bio_CMS; | ||
3700 | + CMS_unsigned_get_attr; | ||
3701 | + CMS_RecipientInfo_ktri_cert_cmp; | ||
3702 | + CMS_RecipientInfo_ktri_get0_algs; | ||
3703 | + CMS_RecipInfo_ktri_get0_algs; | ||
3704 | + CMS_ContentInfo_free; | ||
3705 | + CMS_final; | ||
3706 | + CMS_add_simple_smimecap; | ||
3707 | + CMS_SignerInfo_verify; | ||
3708 | + CMS_data; | ||
3709 | + CMS_ContentInfo_it; | ||
3710 | + d2i_CMS_ReceiptRequest; | ||
3711 | + CMS_compress; | ||
3712 | + CMS_digest_create; | ||
3713 | + CMS_SignerInfo_cert_cmp; | ||
3714 | + CMS_SignerInfo_sign; | ||
3715 | + CMS_data_create; | ||
3716 | + i2d_CMS_bio; | ||
3717 | + CMS_EncryptedData_set1_key; | ||
3718 | + CMS_decrypt; | ||
3719 | + int_smime_write_ASN1; | ||
3720 | + CMS_unsigned_delete_attr; | ||
3721 | + CMS_unsigned_get_attr_count; | ||
3722 | + CMS_add_smimecap; | ||
3723 | + PEM_read_CMS; | ||
3724 | + CMS_signed_get_attr_by_OBJ; | ||
3725 | + d2i_CMS_ContentInfo; | ||
3726 | + CMS_add_standard_smimecap; | ||
3727 | + CMS_ContentInfo_new; | ||
3728 | + CMS_RecipientInfo_type; | ||
3729 | + CMS_get0_type; | ||
3730 | + CMS_is_detached; | ||
3731 | + CMS_sign; | ||
3732 | + CMS_signed_add1_attr; | ||
3733 | + CMS_unsigned_get_attr_by_OBJ; | ||
3734 | + SMIME_write_CMS; | ||
3735 | + CMS_EncryptedData_decrypt; | ||
3736 | + CMS_get0_RecipientInfos; | ||
3737 | + CMS_add0_RevocationInfoChoice; | ||
3738 | + CMS_decrypt_set1_pkey; | ||
3739 | + CMS_SignerInfo_set1_signer_cert; | ||
3740 | + CMS_get0_signers; | ||
3741 | + CMS_ReceiptRequest_get0_values; | ||
3742 | + CMS_signed_get0_data_by_OBJ; | ||
3743 | + CMS_get0_SignerInfos; | ||
3744 | + CMS_add0_cert; | ||
3745 | + CMS_EncryptedData_encrypt; | ||
3746 | + CMS_digest_verify; | ||
3747 | + CMS_set1_signers_certs; | ||
3748 | + CMS_signed_get_attr; | ||
3749 | + CMS_RecipientInfo_set0_key; | ||
3750 | + CMS_SignedData_init; | ||
3751 | + CMS_RecipientInfo_kekri_get0_id; | ||
3752 | + CMS_verify_receipt; | ||
3753 | + CMS_ReceiptRequest_it; | ||
3754 | + PEM_read_bio_CMS; | ||
3755 | + CMS_get1_crls; | ||
3756 | + CMS_add0_recipient_key; | ||
3757 | + SMIME_read_ASN1; | ||
3758 | + CMS_ReceiptRequest_new; | ||
3759 | + CMS_get0_content; | ||
3760 | + CMS_get1_ReceiptRequest; | ||
3761 | + CMS_signed_add1_attr_by_OBJ; | ||
3762 | + CMS_RecipientInfo_kekri_id_cmp; | ||
3763 | + CMS_add1_ReceiptRequest; | ||
3764 | + CMS_SignerInfo_get0_signer_id; | ||
3765 | + CMS_unsigned_add1_attr_by_NID; | ||
3766 | + CMS_unsigned_add1_attr; | ||
3767 | + CMS_signed_get_attr_by_NID; | ||
3768 | + CMS_get1_certs; | ||
3769 | + CMS_signed_add1_attr_by_NID; | ||
3770 | + CMS_unsigned_add1_attr_by_txt; | ||
3771 | + CMS_dataFinal; | ||
3772 | + CMS_RecipientInfo_ktri_get0_signer_id; | ||
3773 | + CMS_RecipInfo_ktri_get0_sigr_id; | ||
3774 | + i2d_CMS_ReceiptRequest; | ||
3775 | + CMS_add1_recipient_cert; | ||
3776 | + CMS_dataInit; | ||
3777 | + CMS_signed_add1_attr_by_txt; | ||
3778 | + CMS_RecipientInfo_decrypt; | ||
3779 | + CMS_signed_get_attr_count; | ||
3780 | + CMS_get0_eContentType; | ||
3781 | + CMS_set1_eContentType; | ||
3782 | + CMS_ReceiptRequest_create0; | ||
3783 | + CMS_add1_signer; | ||
3784 | + CMS_RecipientInfo_set0_pkey; | ||
3785 | + ENGINE_set_load_ssl_client_cert_function; | ||
3786 | + ENGINE_set_ld_ssl_clnt_cert_fn; | ||
3787 | + ENGINE_get_ssl_client_cert_function; | ||
3788 | + ENGINE_get_ssl_client_cert_fn; | ||
3789 | + ENGINE_load_ssl_client_cert; | ||
3790 | + ENGINE_load_capi; | ||
3791 | + OPENSSL_isservice; | ||
3792 | + FIPS_dsa_sig_decode; | ||
3793 | + EVP_CIPHER_CTX_clear_flags; | ||
3794 | + FIPS_rand_status; | ||
3795 | + FIPS_rand_set_key; | ||
3796 | + CRYPTO_set_mem_info_functions; | ||
3797 | + RSA_X931_generate_key_ex; | ||
3798 | + int_ERR_set_state_func; | ||
3799 | + int_EVP_MD_set_engine_callbacks; | ||
3800 | + int_CRYPTO_set_do_dynlock_callback; | ||
3801 | + FIPS_rng_stick; | ||
3802 | + EVP_CIPHER_CTX_set_flags; | ||
3803 | + BN_X931_generate_prime_ex; | ||
3804 | + FIPS_selftest_check; | ||
3805 | + FIPS_rand_set_dt; | ||
3806 | + CRYPTO_dbg_pop_info; | ||
3807 | + FIPS_dsa_free; | ||
3808 | + RSA_X931_derive_ex; | ||
3809 | + FIPS_rsa_new; | ||
3810 | + FIPS_rand_bytes; | ||
3811 | + fips_cipher_test; | ||
3812 | + EVP_CIPHER_CTX_test_flags; | ||
3813 | + CRYPTO_malloc_debug_init; | ||
3814 | + CRYPTO_dbg_push_info; | ||
3815 | + FIPS_corrupt_rsa_keygen; | ||
3816 | + FIPS_dh_new; | ||
3817 | + FIPS_corrupt_dsa_keygen; | ||
3818 | + FIPS_dh_free; | ||
3819 | + fips_pkey_signature_test; | ||
3820 | + EVP_add_alg_module; | ||
3821 | + int_RAND_init_engine_callbacks; | ||
3822 | + int_EVP_CIPHER_set_engine_callbacks; | ||
3823 | + int_EVP_MD_init_engine_callbacks; | ||
3824 | + FIPS_rand_test_mode; | ||
3825 | + FIPS_rand_reset; | ||
3826 | + FIPS_dsa_new; | ||
3827 | + int_RAND_set_callbacks; | ||
3828 | + BN_X931_derive_prime_ex; | ||
3829 | + int_ERR_lib_init; | ||
3830 | + int_EVP_CIPHER_init_engine_callbacks; | ||
3831 | + FIPS_rsa_free; | ||
3832 | + FIPS_dsa_sig_encode; | ||
3833 | + CRYPTO_dbg_remove_all_info; | ||
3834 | + OPENSSL_init; | ||
3835 | + CRYPTO_strdup; | ||
3836 | + JPAKE_STEP3A_process; | ||
3837 | + JPAKE_STEP1_release; | ||
3838 | + JPAKE_get_shared_key; | ||
3839 | + JPAKE_STEP3B_init; | ||
3840 | + JPAKE_STEP1_generate; | ||
3841 | + JPAKE_STEP1_init; | ||
3842 | + JPAKE_STEP3B_process; | ||
3843 | + JPAKE_STEP2_generate; | ||
3844 | + JPAKE_CTX_new; | ||
3845 | + JPAKE_CTX_free; | ||
3846 | + JPAKE_STEP3B_release; | ||
3847 | + JPAKE_STEP3A_release; | ||
3848 | + JPAKE_STEP2_process; | ||
3849 | + JPAKE_STEP3B_generate; | ||
3850 | + JPAKE_STEP1_process; | ||
3851 | + JPAKE_STEP3A_generate; | ||
3852 | + JPAKE_STEP2_release; | ||
3853 | + JPAKE_STEP3A_init; | ||
3854 | + ERR_load_JPAKE_strings; | ||
3855 | + JPAKE_STEP2_init; | ||
3856 | + pqueue_size; | ||
3857 | + i2d_TS_ACCURACY; | ||
3858 | + i2d_TS_MSG_IMPRINT_fp; | ||
3859 | + i2d_TS_MSG_IMPRINT; | ||
3860 | + EVP_PKEY_print_public; | ||
3861 | + EVP_PKEY_CTX_new; | ||
3862 | + i2d_TS_TST_INFO; | ||
3863 | + EVP_PKEY_asn1_find; | ||
3864 | + DSO_METHOD_beos; | ||
3865 | + TS_CONF_load_cert; | ||
3866 | + TS_REQ_get_ext; | ||
3867 | + EVP_PKEY_sign_init; | ||
3868 | + ASN1_item_print; | ||
3869 | + TS_TST_INFO_set_nonce; | ||
3870 | + TS_RESP_dup; | ||
3871 | + ENGINE_register_pkey_meths; | ||
3872 | + EVP_PKEY_asn1_add0; | ||
3873 | + PKCS7_add0_attrib_signing_time; | ||
3874 | + i2d_TS_TST_INFO_fp; | ||
3875 | + BIO_asn1_get_prefix; | ||
3876 | + TS_TST_INFO_set_time; | ||
3877 | + EVP_PKEY_meth_set_decrypt; | ||
3878 | + EVP_PKEY_set_type_str; | ||
3879 | + EVP_PKEY_CTX_get_keygen_info; | ||
3880 | + TS_REQ_set_policy_id; | ||
3881 | + d2i_TS_RESP_fp; | ||
3882 | + ENGINE_get_pkey_asn1_meth_engine; | ||
3883 | + ENGINE_get_pkey_asn1_meth_eng; | ||
3884 | + WHIRLPOOL_Init; | ||
3885 | + TS_RESP_set_status_info; | ||
3886 | + EVP_PKEY_keygen; | ||
3887 | + EVP_DigestSignInit; | ||
3888 | + TS_ACCURACY_set_millis; | ||
3889 | + TS_REQ_dup; | ||
3890 | + GENERAL_NAME_dup; | ||
3891 | + ASN1_SEQUENCE_ANY_it; | ||
3892 | + WHIRLPOOL; | ||
3893 | + X509_STORE_get1_crls; | ||
3894 | + ENGINE_get_pkey_asn1_meth; | ||
3895 | + EVP_PKEY_asn1_new; | ||
3896 | + BIO_new_NDEF; | ||
3897 | + ENGINE_get_pkey_meth; | ||
3898 | + TS_MSG_IMPRINT_set_algo; | ||
3899 | + i2d_TS_TST_INFO_bio; | ||
3900 | + TS_TST_INFO_set_ordering; | ||
3901 | + TS_TST_INFO_get_ext_by_OBJ; | ||
3902 | + CRYPTO_THREADID_set_pointer; | ||
3903 | + TS_CONF_get_tsa_section; | ||
3904 | + SMIME_write_ASN1; | ||
3905 | + TS_RESP_CTX_set_signer_key; | ||
3906 | + EVP_PKEY_encrypt_old; | ||
3907 | + EVP_PKEY_encrypt_init; | ||
3908 | + CRYPTO_THREADID_cpy; | ||
3909 | + ASN1_PCTX_get_cert_flags; | ||
3910 | + i2d_ESS_SIGNING_CERT; | ||
3911 | + TS_CONF_load_key; | ||
3912 | + i2d_ASN1_SEQUENCE_ANY; | ||
3913 | + d2i_TS_MSG_IMPRINT_bio; | ||
3914 | + EVP_PKEY_asn1_set_public; | ||
3915 | + b2i_PublicKey_bio; | ||
3916 | + BIO_asn1_set_prefix; | ||
3917 | + EVP_PKEY_new_mac_key; | ||
3918 | + BIO_new_CMS; | ||
3919 | + CRYPTO_THREADID_cmp; | ||
3920 | + TS_REQ_ext_free; | ||
3921 | + EVP_PKEY_asn1_set_free; | ||
3922 | + EVP_PKEY_get0_asn1; | ||
3923 | + d2i_NETSCAPE_X509; | ||
3924 | + EVP_PKEY_verify_recover_init; | ||
3925 | + EVP_PKEY_CTX_set_data; | ||
3926 | + EVP_PKEY_keygen_init; | ||
3927 | + TS_RESP_CTX_set_status_info; | ||
3928 | + TS_MSG_IMPRINT_get_algo; | ||
3929 | + TS_REQ_print_bio; | ||
3930 | + EVP_PKEY_CTX_ctrl_str; | ||
3931 | + EVP_PKEY_get_default_digest_nid; | ||
3932 | + PEM_write_bio_PKCS7_stream; | ||
3933 | + TS_MSG_IMPRINT_print_bio; | ||
3934 | + BN_asc2bn; | ||
3935 | + TS_REQ_get_policy_id; | ||
3936 | + ENGINE_set_default_pkey_asn1_meths; | ||
3937 | + ENGINE_set_def_pkey_asn1_meths; | ||
3938 | + d2i_TS_ACCURACY; | ||
3939 | + DSO_global_lookup; | ||
3940 | + TS_CONF_set_tsa_name; | ||
3941 | + i2d_ASN1_SET_ANY; | ||
3942 | + ENGINE_load_gost; | ||
3943 | + WHIRLPOOL_BitUpdate; | ||
3944 | + ASN1_PCTX_get_flags; | ||
3945 | + TS_TST_INFO_get_ext_by_NID; | ||
3946 | + TS_RESP_new; | ||
3947 | + ESS_CERT_ID_dup; | ||
3948 | + TS_STATUS_INFO_dup; | ||
3949 | + TS_REQ_delete_ext; | ||
3950 | + EVP_DigestVerifyFinal; | ||
3951 | + EVP_PKEY_print_params; | ||
3952 | + i2d_CMS_bio_stream; | ||
3953 | + TS_REQ_get_msg_imprint; | ||
3954 | + OBJ_find_sigid_by_algs; | ||
3955 | + TS_TST_INFO_get_serial; | ||
3956 | + TS_REQ_get_nonce; | ||
3957 | + X509_PUBKEY_set0_param; | ||
3958 | + EVP_PKEY_CTX_set0_keygen_info; | ||
3959 | + DIST_POINT_set_dpname; | ||
3960 | + i2d_ISSUING_DIST_POINT; | ||
3961 | + ASN1_SET_ANY_it; | ||
3962 | + EVP_PKEY_CTX_get_data; | ||
3963 | + TS_STATUS_INFO_print_bio; | ||
3964 | + EVP_PKEY_derive_init; | ||
3965 | + d2i_TS_TST_INFO; | ||
3966 | + EVP_PKEY_asn1_add_alias; | ||
3967 | + d2i_TS_RESP_bio; | ||
3968 | + OTHERNAME_cmp; | ||
3969 | + GENERAL_NAME_set0_value; | ||
3970 | + PKCS7_RECIP_INFO_get0_alg; | ||
3971 | + TS_RESP_CTX_new; | ||
3972 | + TS_RESP_set_tst_info; | ||
3973 | + PKCS7_final; | ||
3974 | + EVP_PKEY_base_id; | ||
3975 | + TS_RESP_CTX_set_signer_cert; | ||
3976 | + TS_REQ_set_msg_imprint; | ||
3977 | + EVP_PKEY_CTX_ctrl; | ||
3978 | + TS_CONF_set_digests; | ||
3979 | + d2i_TS_MSG_IMPRINT; | ||
3980 | + EVP_PKEY_meth_set_ctrl; | ||
3981 | + TS_REQ_get_ext_by_NID; | ||
3982 | + PKCS5_pbe_set0_algor; | ||
3983 | + BN_BLINDING_thread_id; | ||
3984 | + TS_ACCURACY_new; | ||
3985 | + X509_CRL_METHOD_free; | ||
3986 | + ASN1_PCTX_get_nm_flags; | ||
3987 | + EVP_PKEY_meth_set_sign; | ||
3988 | + CRYPTO_THREADID_current; | ||
3989 | + EVP_PKEY_decrypt_init; | ||
3990 | + NETSCAPE_X509_free; | ||
3991 | + i2b_PVK_bio; | ||
3992 | + EVP_PKEY_print_private; | ||
3993 | + GENERAL_NAME_get0_value; | ||
3994 | + b2i_PVK_bio; | ||
3995 | + ASN1_UTCTIME_adj; | ||
3996 | + TS_TST_INFO_new; | ||
3997 | + EVP_MD_do_all_sorted; | ||
3998 | + TS_CONF_set_default_engine; | ||
3999 | + TS_ACCURACY_set_seconds; | ||
4000 | + TS_TST_INFO_get_time; | ||
4001 | + PKCS8_pkey_get0; | ||
4002 | + EVP_PKEY_asn1_get0; | ||
4003 | + OBJ_add_sigid; | ||
4004 | + PKCS7_SIGNER_INFO_sign; | ||
4005 | + EVP_PKEY_paramgen_init; | ||
4006 | + EVP_PKEY_sign; | ||
4007 | + OBJ_sigid_free; | ||
4008 | + EVP_PKEY_meth_set_init; | ||
4009 | + d2i_ESS_ISSUER_SERIAL; | ||
4010 | + ISSUING_DIST_POINT_new; | ||
4011 | + ASN1_TIME_adj; | ||
4012 | + TS_OBJ_print_bio; | ||
4013 | + EVP_PKEY_meth_set_verify_recover; | ||
4014 | + EVP_PKEY_meth_set_vrfy_recover; | ||
4015 | + TS_RESP_get_status_info; | ||
4016 | + CMS_stream; | ||
4017 | + EVP_PKEY_CTX_set_cb; | ||
4018 | + PKCS7_to_TS_TST_INFO; | ||
4019 | + ASN1_PCTX_get_oid_flags; | ||
4020 | + TS_TST_INFO_add_ext; | ||
4021 | + EVP_PKEY_meth_set_derive; | ||
4022 | + i2d_TS_RESP_fp; | ||
4023 | + i2d_TS_MSG_IMPRINT_bio; | ||
4024 | + TS_RESP_CTX_set_accuracy; | ||
4025 | + TS_REQ_set_nonce; | ||
4026 | + ESS_CERT_ID_new; | ||
4027 | + ENGINE_pkey_asn1_find_str; | ||
4028 | + TS_REQ_get_ext_count; | ||
4029 | + BUF_reverse; | ||
4030 | + TS_TST_INFO_print_bio; | ||
4031 | + d2i_ISSUING_DIST_POINT; | ||
4032 | + ENGINE_get_pkey_meths; | ||
4033 | + i2b_PrivateKey_bio; | ||
4034 | + i2d_TS_RESP; | ||
4035 | + b2i_PublicKey; | ||
4036 | + TS_VERIFY_CTX_cleanup; | ||
4037 | + TS_STATUS_INFO_free; | ||
4038 | + TS_RESP_verify_token; | ||
4039 | + OBJ_bsearch_ex_; | ||
4040 | + ASN1_bn_print; | ||
4041 | + EVP_PKEY_asn1_get_count; | ||
4042 | + ENGINE_register_pkey_asn1_meths; | ||
4043 | + ASN1_PCTX_set_nm_flags; | ||
4044 | + EVP_DigestVerifyInit; | ||
4045 | + ENGINE_set_default_pkey_meths; | ||
4046 | + TS_TST_INFO_get_policy_id; | ||
4047 | + TS_REQ_get_cert_req; | ||
4048 | + X509_CRL_set_meth_data; | ||
4049 | + PKCS8_pkey_set0; | ||
4050 | + ASN1_STRING_copy; | ||
4051 | + d2i_TS_TST_INFO_fp; | ||
4052 | + X509_CRL_match; | ||
4053 | + EVP_PKEY_asn1_set_private; | ||
4054 | + TS_TST_INFO_get_ext_d2i; | ||
4055 | + TS_RESP_CTX_add_policy; | ||
4056 | + d2i_TS_RESP; | ||
4057 | + TS_CONF_load_certs; | ||
4058 | + TS_TST_INFO_get_msg_imprint; | ||
4059 | + ERR_load_TS_strings; | ||
4060 | + TS_TST_INFO_get_version; | ||
4061 | + EVP_PKEY_CTX_dup; | ||
4062 | + EVP_PKEY_meth_set_verify; | ||
4063 | + i2b_PublicKey_bio; | ||
4064 | + TS_CONF_set_certs; | ||
4065 | + EVP_PKEY_asn1_get0_info; | ||
4066 | + TS_VERIFY_CTX_free; | ||
4067 | + TS_REQ_get_ext_by_critical; | ||
4068 | + TS_RESP_CTX_set_serial_cb; | ||
4069 | + X509_CRL_get_meth_data; | ||
4070 | + TS_RESP_CTX_set_time_cb; | ||
4071 | + TS_MSG_IMPRINT_get_msg; | ||
4072 | + TS_TST_INFO_ext_free; | ||
4073 | + TS_REQ_get_version; | ||
4074 | + TS_REQ_add_ext; | ||
4075 | + EVP_PKEY_CTX_set_app_data; | ||
4076 | + OBJ_bsearch_; | ||
4077 | + EVP_PKEY_meth_set_verifyctx; | ||
4078 | + i2d_PKCS7_bio_stream; | ||
4079 | + CRYPTO_THREADID_set_numeric; | ||
4080 | + PKCS7_sign_add_signer; | ||
4081 | + d2i_TS_TST_INFO_bio; | ||
4082 | + TS_TST_INFO_get_ordering; | ||
4083 | + TS_RESP_print_bio; | ||
4084 | + TS_TST_INFO_get_exts; | ||
4085 | + HMAC_CTX_copy; | ||
4086 | + PKCS5_pbe2_set_iv; | ||
4087 | + ENGINE_get_pkey_asn1_meths; | ||
4088 | + b2i_PrivateKey; | ||
4089 | + EVP_PKEY_CTX_get_app_data; | ||
4090 | + TS_REQ_set_cert_req; | ||
4091 | + CRYPTO_THREADID_set_callback; | ||
4092 | + TS_CONF_set_serial; | ||
4093 | + TS_TST_INFO_free; | ||
4094 | + d2i_TS_REQ_fp; | ||
4095 | + TS_RESP_verify_response; | ||
4096 | + i2d_ESS_ISSUER_SERIAL; | ||
4097 | + TS_ACCURACY_get_seconds; | ||
4098 | + EVP_CIPHER_do_all; | ||
4099 | + b2i_PrivateKey_bio; | ||
4100 | + OCSP_CERTID_dup; | ||
4101 | + X509_PUBKEY_get0_param; | ||
4102 | + TS_MSG_IMPRINT_dup; | ||
4103 | + PKCS7_print_ctx; | ||
4104 | + i2d_TS_REQ_bio; | ||
4105 | + EVP_whirlpool; | ||
4106 | + EVP_PKEY_asn1_set_param; | ||
4107 | + EVP_PKEY_meth_set_encrypt; | ||
4108 | + ASN1_PCTX_set_flags; | ||
4109 | + i2d_ESS_CERT_ID; | ||
4110 | + TS_VERIFY_CTX_new; | ||
4111 | + TS_RESP_CTX_set_extension_cb; | ||
4112 | + ENGINE_register_all_pkey_meths; | ||
4113 | + TS_RESP_CTX_set_status_info_cond; | ||
4114 | + TS_RESP_CTX_set_stat_info_cond; | ||
4115 | + EVP_PKEY_verify; | ||
4116 | + WHIRLPOOL_Final; | ||
4117 | + X509_CRL_METHOD_new; | ||
4118 | + EVP_DigestSignFinal; | ||
4119 | + TS_RESP_CTX_set_def_policy; | ||
4120 | + NETSCAPE_X509_it; | ||
4121 | + TS_RESP_create_response; | ||
4122 | + PKCS7_SIGNER_INFO_get0_algs; | ||
4123 | + TS_TST_INFO_get_nonce; | ||
4124 | + EVP_PKEY_decrypt_old; | ||
4125 | + TS_TST_INFO_set_policy_id; | ||
4126 | + TS_CONF_set_ess_cert_id_chain; | ||
4127 | + EVP_PKEY_CTX_get0_pkey; | ||
4128 | + d2i_TS_REQ; | ||
4129 | + EVP_PKEY_asn1_find_str; | ||
4130 | + BIO_f_asn1; | ||
4131 | + ESS_SIGNING_CERT_new; | ||
4132 | + EVP_PBE_find; | ||
4133 | + X509_CRL_get0_by_cert; | ||
4134 | + EVP_PKEY_derive; | ||
4135 | + i2d_TS_REQ; | ||
4136 | + TS_TST_INFO_delete_ext; | ||
4137 | + ESS_ISSUER_SERIAL_free; | ||
4138 | + ASN1_PCTX_set_str_flags; | ||
4139 | + ENGINE_get_pkey_asn1_meth_str; | ||
4140 | + TS_CONF_set_signer_key; | ||
4141 | + TS_ACCURACY_get_millis; | ||
4142 | + TS_RESP_get_token; | ||
4143 | + TS_ACCURACY_dup; | ||
4144 | + ENGINE_register_all_pkey_asn1_meths; | ||
4145 | + ENGINE_reg_all_pkey_asn1_meths; | ||
4146 | + X509_CRL_set_default_method; | ||
4147 | + CRYPTO_THREADID_hash; | ||
4148 | + CMS_ContentInfo_print_ctx; | ||
4149 | + TS_RESP_free; | ||
4150 | + ISSUING_DIST_POINT_free; | ||
4151 | + ESS_ISSUER_SERIAL_new; | ||
4152 | + CMS_add1_crl; | ||
4153 | + PKCS7_add1_attrib_digest; | ||
4154 | + TS_RESP_CTX_add_md; | ||
4155 | + TS_TST_INFO_dup; | ||
4156 | + ENGINE_set_pkey_asn1_meths; | ||
4157 | + PEM_write_bio_Parameters; | ||
4158 | + TS_TST_INFO_get_accuracy; | ||
4159 | + X509_CRL_get0_by_serial; | ||
4160 | + TS_TST_INFO_set_version; | ||
4161 | + TS_RESP_CTX_get_tst_info; | ||
4162 | + TS_RESP_verify_signature; | ||
4163 | + CRYPTO_THREADID_get_callback; | ||
4164 | + TS_TST_INFO_get_tsa; | ||
4165 | + TS_STATUS_INFO_new; | ||
4166 | + EVP_PKEY_CTX_get_cb; | ||
4167 | + TS_REQ_get_ext_d2i; | ||
4168 | + GENERAL_NAME_set0_othername; | ||
4169 | + TS_TST_INFO_get_ext_count; | ||
4170 | + TS_RESP_CTX_get_request; | ||
4171 | + i2d_NETSCAPE_X509; | ||
4172 | + ENGINE_get_pkey_meth_engine; | ||
4173 | + EVP_PKEY_meth_set_signctx; | ||
4174 | + EVP_PKEY_asn1_copy; | ||
4175 | + ASN1_TYPE_cmp; | ||
4176 | + EVP_CIPHER_do_all_sorted; | ||
4177 | + EVP_PKEY_CTX_free; | ||
4178 | + ISSUING_DIST_POINT_it; | ||
4179 | + d2i_TS_MSG_IMPRINT_fp; | ||
4180 | + X509_STORE_get1_certs; | ||
4181 | + EVP_PKEY_CTX_get_operation; | ||
4182 | + d2i_ESS_SIGNING_CERT; | ||
4183 | + TS_CONF_set_ordering; | ||
4184 | + EVP_PBE_alg_add_type; | ||
4185 | + TS_REQ_set_version; | ||
4186 | + EVP_PKEY_get0; | ||
4187 | + BIO_asn1_set_suffix; | ||
4188 | + i2d_TS_STATUS_INFO; | ||
4189 | + EVP_MD_do_all; | ||
4190 | + TS_TST_INFO_set_accuracy; | ||
4191 | + PKCS7_add_attrib_content_type; | ||
4192 | + ERR_remove_thread_state; | ||
4193 | + EVP_PKEY_meth_add0; | ||
4194 | + TS_TST_INFO_set_tsa; | ||
4195 | + EVP_PKEY_meth_new; | ||
4196 | + WHIRLPOOL_Update; | ||
4197 | + TS_CONF_set_accuracy; | ||
4198 | + ASN1_PCTX_set_oid_flags; | ||
4199 | + ESS_SIGNING_CERT_dup; | ||
4200 | + d2i_TS_REQ_bio; | ||
4201 | + X509_time_adj_ex; | ||
4202 | + TS_RESP_CTX_add_flags; | ||
4203 | + d2i_TS_STATUS_INFO; | ||
4204 | + TS_MSG_IMPRINT_set_msg; | ||
4205 | + BIO_asn1_get_suffix; | ||
4206 | + TS_REQ_free; | ||
4207 | + EVP_PKEY_meth_free; | ||
4208 | + TS_REQ_get_exts; | ||
4209 | + TS_RESP_CTX_set_clock_precision_digits; | ||
4210 | + TS_RESP_CTX_set_clk_prec_digits; | ||
4211 | + TS_RESP_CTX_add_failure_info; | ||
4212 | + i2d_TS_RESP_bio; | ||
4213 | + EVP_PKEY_CTX_get0_peerkey; | ||
4214 | + PEM_write_bio_CMS_stream; | ||
4215 | + TS_REQ_new; | ||
4216 | + TS_MSG_IMPRINT_new; | ||
4217 | + EVP_PKEY_meth_find; | ||
4218 | + EVP_PKEY_id; | ||
4219 | + TS_TST_INFO_set_serial; | ||
4220 | + a2i_GENERAL_NAME; | ||
4221 | + TS_CONF_set_crypto_device; | ||
4222 | + EVP_PKEY_verify_init; | ||
4223 | + TS_CONF_set_policies; | ||
4224 | + ASN1_PCTX_new; | ||
4225 | + ESS_CERT_ID_free; | ||
4226 | + ENGINE_unregister_pkey_meths; | ||
4227 | + TS_MSG_IMPRINT_free; | ||
4228 | + TS_VERIFY_CTX_init; | ||
4229 | + PKCS7_stream; | ||
4230 | + TS_RESP_CTX_set_certs; | ||
4231 | + TS_CONF_set_def_policy; | ||
4232 | + ASN1_GENERALIZEDTIME_adj; | ||
4233 | + NETSCAPE_X509_new; | ||
4234 | + TS_ACCURACY_free; | ||
4235 | + TS_RESP_get_tst_info; | ||
4236 | + EVP_PKEY_derive_set_peer; | ||
4237 | + PEM_read_bio_Parameters; | ||
4238 | + TS_CONF_set_clock_precision_digits; | ||
4239 | + TS_CONF_set_clk_prec_digits; | ||
4240 | + ESS_ISSUER_SERIAL_dup; | ||
4241 | + TS_ACCURACY_get_micros; | ||
4242 | + ASN1_PCTX_get_str_flags; | ||
4243 | + NAME_CONSTRAINTS_check; | ||
4244 | + ASN1_BIT_STRING_check; | ||
4245 | + X509_check_akid; | ||
4246 | + ENGINE_unregister_pkey_asn1_meths; | ||
4247 | + ENGINE_unreg_pkey_asn1_meths; | ||
4248 | + ASN1_PCTX_free; | ||
4249 | + PEM_write_bio_ASN1_stream; | ||
4250 | + i2d_ASN1_bio_stream; | ||
4251 | + TS_X509_ALGOR_print_bio; | ||
4252 | + EVP_PKEY_meth_set_cleanup; | ||
4253 | + EVP_PKEY_asn1_free; | ||
4254 | + ESS_SIGNING_CERT_free; | ||
4255 | + TS_TST_INFO_set_msg_imprint; | ||
4256 | + GENERAL_NAME_cmp; | ||
4257 | + d2i_ASN1_SET_ANY; | ||
4258 | + ENGINE_set_pkey_meths; | ||
4259 | + i2d_TS_REQ_fp; | ||
4260 | + d2i_ASN1_SEQUENCE_ANY; | ||
4261 | + GENERAL_NAME_get0_otherName; | ||
4262 | + d2i_ESS_CERT_ID; | ||
4263 | + OBJ_find_sigid_algs; | ||
4264 | + EVP_PKEY_meth_set_keygen; | ||
4265 | + PKCS5_PBKDF2_HMAC; | ||
4266 | + EVP_PKEY_paramgen; | ||
4267 | + EVP_PKEY_meth_set_paramgen; | ||
4268 | + BIO_new_PKCS7; | ||
4269 | + EVP_PKEY_verify_recover; | ||
4270 | + TS_ext_print_bio; | ||
4271 | + TS_ASN1_INTEGER_print_bio; | ||
4272 | + check_defer; | ||
4273 | + DSO_pathbyaddr; | ||
4274 | + EVP_PKEY_set_type; | ||
4275 | + TS_ACCURACY_set_micros; | ||
4276 | + TS_REQ_to_TS_VERIFY_CTX; | ||
4277 | + EVP_PKEY_meth_set_copy; | ||
4278 | + ASN1_PCTX_set_cert_flags; | ||
4279 | + TS_TST_INFO_get_ext; | ||
4280 | + EVP_PKEY_asn1_set_ctrl; | ||
4281 | + TS_TST_INFO_get_ext_by_critical; | ||
4282 | + EVP_PKEY_CTX_new_id; | ||
4283 | + TS_REQ_get_ext_by_OBJ; | ||
4284 | + TS_CONF_set_signer_cert; | ||
4285 | + X509_NAME_hash_old; | ||
4286 | + ASN1_TIME_set_string; | ||
4287 | + EVP_MD_flags; | ||
4288 | + TS_RESP_CTX_free; | ||
4289 | + DSAparams_dup; | ||
4290 | + DHparams_dup; | ||
4291 | + OCSP_REQ_CTX_add1_header; | ||
4292 | + OCSP_REQ_CTX_set1_req; | ||
4293 | + X509_STORE_set_verify_cb; | ||
4294 | + X509_STORE_CTX_get0_current_crl; | ||
4295 | + X509_STORE_CTX_get0_parent_ctx; | ||
4296 | + X509_STORE_CTX_get0_current_issuer; | ||
4297 | + X509_STORE_CTX_get0_cur_issuer; | ||
4298 | + X509_issuer_name_hash_old; | ||
4299 | + X509_subject_name_hash_old; | ||
4300 | + EVP_CIPHER_CTX_copy; | ||
4301 | + UI_method_get_prompt_constructor; | ||
4302 | + UI_method_get_prompt_constructr; | ||
4303 | + UI_method_set_prompt_constructor; | ||
4304 | + UI_method_set_prompt_constructr; | ||
4305 | + EVP_read_pw_string_min; | ||
4306 | + CRYPTO_cts128_encrypt; | ||
4307 | + CRYPTO_cts128_decrypt_block; | ||
4308 | + CRYPTO_cfb128_1_encrypt; | ||
4309 | + CRYPTO_cbc128_encrypt; | ||
4310 | + CRYPTO_ctr128_encrypt; | ||
4311 | + CRYPTO_ofb128_encrypt; | ||
4312 | + CRYPTO_cts128_decrypt; | ||
4313 | + CRYPTO_cts128_encrypt_block; | ||
4314 | + CRYPTO_cbc128_decrypt; | ||
4315 | + CRYPTO_cfb128_encrypt; | ||
4316 | + CRYPTO_cfb128_8_encrypt; | ||
4317 | + SSL_renegotiate_abbreviated; | ||
4318 | + TLSv1_1_method; | ||
4319 | + TLSv1_1_client_method; | ||
4320 | + TLSv1_1_server_method; | ||
4321 | + SSL_CTX_set_srp_client_pwd_callback; | ||
4322 | + SSL_CTX_set_srp_client_pwd_cb; | ||
4323 | + SSL_get_srp_g; | ||
4324 | + SSL_CTX_set_srp_username_callback; | ||
4325 | + SSL_CTX_set_srp_un_cb; | ||
4326 | + SSL_get_srp_userinfo; | ||
4327 | + SSL_set_srp_server_param; | ||
4328 | + SSL_set_srp_server_param_pw; | ||
4329 | + SSL_get_srp_N; | ||
4330 | + SSL_get_srp_username; | ||
4331 | + SSL_CTX_set_srp_password; | ||
4332 | + SSL_CTX_set_srp_strength; | ||
4333 | + SSL_CTX_set_srp_verify_param_callback; | ||
4334 | + SSL_CTX_set_srp_vfy_param_cb; | ||
4335 | + SSL_CTX_set_srp_cb_arg; | ||
4336 | + SSL_CTX_set_srp_username; | ||
4337 | + SSL_CTX_SRP_CTX_init; | ||
4338 | + SSL_SRP_CTX_init; | ||
4339 | + SRP_Calc_A_param; | ||
4340 | + SRP_generate_server_master_secret; | ||
4341 | + SRP_gen_server_master_secret; | ||
4342 | + SSL_CTX_SRP_CTX_free; | ||
4343 | + SRP_generate_client_master_secret; | ||
4344 | + SRP_gen_client_master_secret; | ||
4345 | + SSL_srp_server_param_with_username; | ||
4346 | + SSL_srp_server_param_with_un; | ||
4347 | + SSL_SRP_CTX_free; | ||
4348 | + SSL_set_debug; | ||
4349 | + SSL_SESSION_get0_peer; | ||
4350 | + TLSv1_2_client_method; | ||
4351 | + SSL_SESSION_set1_id_context; | ||
4352 | + TLSv1_2_server_method; | ||
4353 | + SSL_cache_hit; | ||
4354 | + SSL_get0_kssl_ctx; | ||
4355 | + SSL_set0_kssl_ctx; | ||
4356 | + SSL_set_state; | ||
4357 | + SSL_CIPHER_get_id; | ||
4358 | + TLSv1_2_method; | ||
4359 | + kssl_ctx_get0_client_princ; | ||
4360 | + SSL_export_keying_material; | ||
4361 | + SSL_set_tlsext_use_srtp; | ||
4362 | + SSL_CTX_set_next_protos_advertised_cb; | ||
4363 | + SSL_CTX_set_next_protos_adv_cb; | ||
4364 | + SSL_get0_next_proto_negotiated; | ||
4365 | + SSL_get_selected_srtp_profile; | ||
4366 | + SSL_CTX_set_tlsext_use_srtp; | ||
4367 | + SSL_select_next_proto; | ||
4368 | + SSL_get_srtp_profiles; | ||
4369 | + SSL_CTX_set_next_proto_select_cb; | ||
4370 | + SSL_CTX_set_next_proto_sel_cb; | ||
4371 | + SSL_SESSION_get_compress_id; | ||
4372 | + | ||
4373 | + SRP_VBASE_get_by_user; | ||
4374 | + SRP_Calc_server_key; | ||
4375 | + SRP_create_verifier; | ||
4376 | + SRP_create_verifier_BN; | ||
4377 | + SRP_Calc_u; | ||
4378 | + SRP_VBASE_free; | ||
4379 | + SRP_Calc_client_key; | ||
4380 | + SRP_get_default_gN; | ||
4381 | + SRP_Calc_x; | ||
4382 | + SRP_Calc_B; | ||
4383 | + SRP_VBASE_new; | ||
4384 | + SRP_check_known_gN_param; | ||
4385 | + SRP_Calc_A; | ||
4386 | + SRP_Verify_A_mod_N; | ||
4387 | + SRP_VBASE_init; | ||
4388 | + SRP_Verify_B_mod_N; | ||
4389 | + EC_KEY_set_public_key_affine_coordinates; | ||
4390 | + EC_KEY_set_pub_key_aff_coords; | ||
4391 | + EVP_aes_192_ctr; | ||
4392 | + EVP_PKEY_meth_get0_info; | ||
4393 | + EVP_PKEY_meth_copy; | ||
4394 | + ERR_add_error_vdata; | ||
4395 | + EVP_aes_128_ctr; | ||
4396 | + EVP_aes_256_ctr; | ||
4397 | + EC_GFp_nistp224_method; | ||
4398 | + EC_KEY_get_flags; | ||
4399 | + RSA_padding_add_PKCS1_PSS_mgf1; | ||
4400 | + EVP_aes_128_xts; | ||
4401 | + EVP_aes_256_xts; | ||
4402 | + EVP_aes_128_gcm; | ||
4403 | + EC_KEY_clear_flags; | ||
4404 | + EC_KEY_set_flags; | ||
4405 | + EVP_aes_256_ccm; | ||
4406 | + RSA_verify_PKCS1_PSS_mgf1; | ||
4407 | + EVP_aes_128_ccm; | ||
4408 | + EVP_aes_192_gcm; | ||
4409 | + X509_ALGOR_set_md; | ||
4410 | + RAND_init_fips; | ||
4411 | + EVP_aes_256_gcm; | ||
4412 | + EVP_aes_192_ccm; | ||
4413 | + CMAC_CTX_copy; | ||
4414 | + CMAC_CTX_free; | ||
4415 | + CMAC_CTX_get0_cipher_ctx; | ||
4416 | + CMAC_CTX_cleanup; | ||
4417 | + CMAC_Init; | ||
4418 | + CMAC_Update; | ||
4419 | + CMAC_resume; | ||
4420 | + CMAC_CTX_new; | ||
4421 | + CMAC_Final; | ||
4422 | + CRYPTO_ctr128_encrypt_ctr32; | ||
4423 | + CRYPTO_gcm128_release; | ||
4424 | + CRYPTO_ccm128_decrypt_ccm64; | ||
4425 | + CRYPTO_ccm128_encrypt; | ||
4426 | + CRYPTO_gcm128_encrypt; | ||
4427 | + CRYPTO_xts128_encrypt; | ||
4428 | + EVP_rc4_hmac_md5; | ||
4429 | + CRYPTO_nistcts128_decrypt_block; | ||
4430 | + CRYPTO_gcm128_setiv; | ||
4431 | + CRYPTO_nistcts128_encrypt; | ||
4432 | + EVP_aes_128_cbc_hmac_sha1; | ||
4433 | + CRYPTO_gcm128_tag; | ||
4434 | + CRYPTO_ccm128_encrypt_ccm64; | ||
4435 | + ENGINE_load_rdrand; | ||
4436 | + CRYPTO_ccm128_setiv; | ||
4437 | + CRYPTO_nistcts128_encrypt_block; | ||
4438 | + CRYPTO_gcm128_aad; | ||
4439 | + CRYPTO_ccm128_init; | ||
4440 | + CRYPTO_nistcts128_decrypt; | ||
4441 | + CRYPTO_gcm128_new; | ||
4442 | + CRYPTO_ccm128_tag; | ||
4443 | + CRYPTO_ccm128_decrypt; | ||
4444 | + CRYPTO_ccm128_aad; | ||
4445 | + CRYPTO_gcm128_init; | ||
4446 | + CRYPTO_gcm128_decrypt; | ||
4447 | + ENGINE_load_rsax; | ||
4448 | + CRYPTO_gcm128_decrypt_ctr32; | ||
4449 | + CRYPTO_gcm128_encrypt_ctr32; | ||
4450 | + CRYPTO_gcm128_finish; | ||
4451 | + EVP_aes_256_cbc_hmac_sha1; | ||
4452 | + PKCS5_pbkdf2_set; | ||
4453 | + CMS_add0_recipient_password; | ||
4454 | + CMS_decrypt_set1_password; | ||
4455 | + CMS_RecipientInfo_set0_password; | ||
4456 | + RAND_set_fips_drbg_type; | ||
4457 | + X509_REQ_sign_ctx; | ||
4458 | + RSA_PSS_PARAMS_new; | ||
4459 | + X509_CRL_sign_ctx; | ||
4460 | + X509_signature_dump; | ||
4461 | + d2i_RSA_PSS_PARAMS; | ||
4462 | + RSA_PSS_PARAMS_it; | ||
4463 | + RSA_PSS_PARAMS_free; | ||
4464 | + X509_sign_ctx; | ||
4465 | + i2d_RSA_PSS_PARAMS; | ||
4466 | + ASN1_item_sign_ctx; | ||
4467 | + EC_GFp_nistp521_method; | ||
4468 | + EC_GFp_nistp256_method; | ||
4469 | + OPENSSL_stderr; | ||
4470 | + OPENSSL_cpuid_setup; | ||
4471 | + OPENSSL_showfatal; | ||
4472 | + BIO_new_dgram_sctp; | ||
4473 | + BIO_dgram_sctp_msg_waiting; | ||
4474 | + BIO_dgram_sctp_wait_for_dry; | ||
4475 | + BIO_s_datagram_sctp; | ||
4476 | + BIO_dgram_is_sctp; | ||
4477 | + BIO_dgram_sctp_notification_cb; | ||
4478 | + CRYPTO_memcmp; | ||
4479 | + SSL_CTX_set_alpn_protos; | ||
4480 | + SSL_set_alpn_protos; | ||
4481 | + SSL_CTX_set_alpn_select_cb; | ||
4482 | + SSL_get0_alpn_selected; | ||
4483 | + SSL_CTX_set_custom_cli_ext; | ||
4484 | + SSL_CTX_set_custom_srv_ext; | ||
4485 | + SSL_CTX_set_srv_supp_data; | ||
4486 | + SSL_CTX_set_cli_supp_data; | ||
4487 | + SSL_set_cert_cb; | ||
4488 | + SSL_CTX_use_serverinfo; | ||
4489 | + SSL_CTX_use_serverinfo_file; | ||
4490 | + SSL_CTX_set_cert_cb; | ||
4491 | + SSL_CTX_get0_param; | ||
4492 | + SSL_get0_param; | ||
4493 | + SSL_certs_clear; | ||
4494 | + DTLSv1_2_method; | ||
4495 | + DTLSv1_2_server_method; | ||
4496 | + DTLSv1_2_client_method; | ||
4497 | + DTLS_method; | ||
4498 | + DTLS_server_method; | ||
4499 | + DTLS_client_method; | ||
4500 | + SSL_CTX_get_ssl_method; | ||
4501 | + SSL_CTX_get0_certificate; | ||
4502 | + SSL_CTX_get0_privatekey; | ||
4503 | + SSL_COMP_set0_compression_methods; | ||
4504 | + SSL_COMP_free_compression_methods; | ||
4505 | + SSL_CIPHER_find; | ||
4506 | + SSL_is_server; | ||
4507 | + SSL_CONF_CTX_new; | ||
4508 | + SSL_CONF_CTX_finish; | ||
4509 | + SSL_CONF_CTX_free; | ||
4510 | + SSL_CONF_CTX_set_flags; | ||
4511 | + SSL_CONF_CTX_clear_flags; | ||
4512 | + SSL_CONF_CTX_set1_prefix; | ||
4513 | + SSL_CONF_CTX_set_ssl; | ||
4514 | + SSL_CONF_CTX_set_ssl_ctx; | ||
4515 | + SSL_CONF_cmd; | ||
4516 | + SSL_CONF_cmd_argv; | ||
4517 | + SSL_CONF_cmd_value_type; | ||
4518 | + SSL_trace; | ||
4519 | + SSL_CIPHER_standard_name; | ||
4520 | + SSL_get_tlsa_record_byname; | ||
4521 | + ASN1_TIME_diff; | ||
4522 | + BIO_hex_string; | ||
4523 | + CMS_RecipientInfo_get0_pkey_ctx; | ||
4524 | + CMS_RecipientInfo_encrypt; | ||
4525 | + CMS_SignerInfo_get0_pkey_ctx; | ||
4526 | + CMS_SignerInfo_get0_md_ctx; | ||
4527 | + CMS_SignerInfo_get0_signature; | ||
4528 | + CMS_RecipientInfo_kari_get0_alg; | ||
4529 | + CMS_RecipientInfo_kari_get0_reks; | ||
4530 | + CMS_RecipientInfo_kari_get0_orig_id; | ||
4531 | + CMS_RecipientInfo_kari_orig_id_cmp; | ||
4532 | + CMS_RecipientEncryptedKey_get0_id; | ||
4533 | + CMS_RecipientEncryptedKey_cert_cmp; | ||
4534 | + CMS_RecipientInfo_kari_set0_pkey; | ||
4535 | + CMS_RecipientInfo_kari_get0_ctx; | ||
4536 | + CMS_RecipientInfo_kari_decrypt; | ||
4537 | + CMS_SharedInfo_encode; | ||
4538 | + DH_compute_key_padded; | ||
4539 | + d2i_DHxparams; | ||
4540 | + i2d_DHxparams; | ||
4541 | + DH_get_1024_160; | ||
4542 | + DH_get_2048_224; | ||
4543 | + DH_get_2048_256; | ||
4544 | + DH_KDF_X9_42; | ||
4545 | + ECDH_KDF_X9_62; | ||
4546 | + ECDSA_METHOD_new; | ||
4547 | + ECDSA_METHOD_free; | ||
4548 | + ECDSA_METHOD_set_app_data; | ||
4549 | + ECDSA_METHOD_get_app_data; | ||
4550 | + ECDSA_METHOD_set_sign; | ||
4551 | + ECDSA_METHOD_set_sign_setup; | ||
4552 | + ECDSA_METHOD_set_verify; | ||
4553 | + ECDSA_METHOD_set_flags; | ||
4554 | + ECDSA_METHOD_set_name; | ||
4555 | + EVP_des_ede3_wrap; | ||
4556 | + EVP_aes_128_wrap; | ||
4557 | + EVP_aes_192_wrap; | ||
4558 | + EVP_aes_256_wrap; | ||
4559 | + EVP_aes_128_cbc_hmac_sha256; | ||
4560 | + EVP_aes_256_cbc_hmac_sha256; | ||
4561 | + CRYPTO_128_wrap; | ||
4562 | + CRYPTO_128_unwrap; | ||
4563 | + OCSP_REQ_CTX_nbio; | ||
4564 | + OCSP_REQ_CTX_new; | ||
4565 | + OCSP_set_max_response_length; | ||
4566 | + OCSP_REQ_CTX_i2d; | ||
4567 | + OCSP_REQ_CTX_nbio_d2i; | ||
4568 | + OCSP_REQ_CTX_get0_mem_bio; | ||
4569 | + OCSP_REQ_CTX_http; | ||
4570 | + RSA_padding_add_PKCS1_OAEP_mgf1; | ||
4571 | + RSA_padding_check_PKCS1_OAEP_mgf1; | ||
4572 | + RSA_OAEP_PARAMS_free; | ||
4573 | + RSA_OAEP_PARAMS_it; | ||
4574 | + RSA_OAEP_PARAMS_new; | ||
4575 | + SSL_get_sigalgs; | ||
4576 | + SSL_get_shared_sigalgs; | ||
4577 | + SSL_check_chain; | ||
4578 | + X509_chain_up_ref; | ||
4579 | + X509_http_nbio; | ||
4580 | + X509_CRL_http_nbio; | ||
4581 | + X509_REVOKED_dup; | ||
4582 | + i2d_re_X509_tbs; | ||
4583 | + X509_get0_signature; | ||
4584 | + X509_get_signature_nid; | ||
4585 | + X509_CRL_diff; | ||
4586 | + X509_chain_check_suiteb; | ||
4587 | + X509_CRL_check_suiteb; | ||
4588 | + X509_check_host; | ||
4589 | + X509_check_email; | ||
4590 | + X509_check_ip; | ||
4591 | + X509_check_ip_asc; | ||
4592 | + X509_STORE_set_lookup_crls_cb; | ||
4593 | + X509_STORE_CTX_get0_store; | ||
4594 | + X509_VERIFY_PARAM_set1_host; | ||
4595 | + X509_VERIFY_PARAM_add1_host; | ||
4596 | + X509_VERIFY_PARAM_set_hostflags; | ||
4597 | + X509_VERIFY_PARAM_get0_peername; | ||
4598 | + X509_VERIFY_PARAM_set1_email; | ||
4599 | + X509_VERIFY_PARAM_set1_ip; | ||
4600 | + X509_VERIFY_PARAM_set1_ip_asc; | ||
4601 | + X509_VERIFY_PARAM_get0_name; | ||
4602 | + X509_VERIFY_PARAM_get_count; | ||
4603 | + X509_VERIFY_PARAM_get0; | ||
4604 | + X509V3_EXT_free; | ||
4605 | + EC_GROUP_get_mont_data; | ||
4606 | + EC_curve_nid2nist; | ||
4607 | + EC_curve_nist2nid; | ||
4608 | + PEM_write_bio_DHxparams; | ||
4609 | + PEM_write_DHxparams; | ||
4610 | + SSL_CTX_add_client_custom_ext; | ||
4611 | + SSL_CTX_add_server_custom_ext; | ||
4612 | + SSL_extension_supported; | ||
4613 | + BUF_strnlen; | ||
4614 | + sk_deep_copy; | ||
4615 | + SSL_test_functions; | ||
4616 | + | ||
4617 | + local: | ||
4618 | + *; | ||
4619 | +}; | ||
4620 | + | ||
4621 | +OPENSSL_1.0.2g { | ||
4622 | + global: | ||
4623 | + SRP_VBASE_get1_by_user; | ||
4624 | + SRP_user_pwd_free; | ||
4625 | +} OPENSSL_1.0.2d; | ||
4626 | + | ||
4627 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld | ||
4628 | =================================================================== | ||
4629 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
4630 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 | ||
4631 | @@ -0,0 +1,10 @@ | ||
4632 | +OPENSSL_1.0.2 { | ||
4633 | + global: | ||
4634 | + bind_engine; | ||
4635 | + v_check; | ||
4636 | + OPENSSL_init; | ||
4637 | + OPENSSL_finish; | ||
4638 | + local: | ||
4639 | + *; | ||
4640 | +}; | ||
4641 | + | ||
4642 | Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld | ||
4643 | =================================================================== | ||
4644 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
4645 | +++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 | ||
4646 | @@ -0,0 +1,10 @@ | ||
4647 | +OPENSSL_1.0.2 { | ||
4648 | + global: | ||
4649 | + bind_engine; | ||
4650 | + v_check; | ||
4651 | + OPENSSL_init; | ||
4652 | + OPENSSL_finish; | ||
4653 | + local: | ||
4654 | + *; | ||
4655 | +}; | ||
4656 | + | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch index d8a6f1a2..a5746483 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/engines-install-in-libdir-ssl.patch | |||
@@ -1,11 +1,11 @@ | |||
1 | Upstream-Status: Inappropriate [configuration] | 1 | Upstream-Status: Inappropriate [configuration] |
2 | 2 | ||
3 | 3 | ||
4 | Index: openssl-1.0.0/engines/Makefile | 4 | Index: openssl-1.0.2/engines/Makefile |
5 | =================================================================== | 5 | =================================================================== |
6 | --- openssl-1.0.0.orig/engines/Makefile | 6 | --- openssl-1.0.2.orig/engines/Makefile |
7 | +++ openssl-1.0.0/engines/Makefile | 7 | +++ openssl-1.0.2/engines/Makefile |
8 | @@ -107,7 +107,7 @@ | 8 | @@ -107,13 +107,13 @@ install: |
9 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | 9 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... |
10 | @if [ -n "$(SHARED_LIBS)" ]; then \ | 10 | @if [ -n "$(SHARED_LIBS)" ]; then \ |
11 | set -e; \ | 11 | set -e; \ |
@@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile | |||
14 | for l in $(LIBNAMES); do \ | 14 | for l in $(LIBNAMES); do \ |
15 | ( echo installing $$l; \ | 15 | ( echo installing $$l; \ |
16 | pfx=lib; \ | 16 | pfx=lib; \ |
17 | @@ -119,13 +119,13 @@ | 17 | if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ |
18 | sfx=".so"; \ | ||
19 | - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ | ||
20 | + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ | ||
21 | else \ | ||
22 | case "$(CFLAGS)" in \ | ||
23 | *DSO_BEOS*) sfx=".so";; \ | ||
24 | @@ -122,10 +122,10 @@ install: | ||
18 | *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ | 25 | *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ |
19 | *) sfx=".bad";; \ | 26 | *) sfx=".bad";; \ |
20 | esac; \ | 27 | esac; \ |
21 | - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ | 28 | - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ |
22 | + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ | 29 | + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ |
23 | else \ | ||
24 | sfx=".so"; \ | ||
25 | - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ | ||
26 | + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ | ||
27 | fi; \ | 30 | fi; \ |
28 | - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ | 31 | - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ |
29 | - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ | 32 | - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ |
@@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile | |||
32 | done; \ | 35 | done; \ |
33 | fi | 36 | fi |
34 | @target=install; $(RECURSIVE_MAKE) | 37 | @target=install; $(RECURSIVE_MAKE) |
35 | Index: openssl-1.0.0/engines/ccgost/Makefile | 38 | Index: openssl-1.0.2/engines/ccgost/Makefile |
36 | =================================================================== | 39 | =================================================================== |
37 | --- openssl-1.0.0.orig/engines/ccgost/Makefile | 40 | --- openssl-1.0.2.orig/engines/ccgost/Makefile |
38 | +++ openssl-1.0.0/engines/ccgost/Makefile | 41 | +++ openssl-1.0.2/engines/ccgost/Makefile |
39 | @@ -53,13 +53,13 @@ | 42 | @@ -47,7 +47,7 @@ install: |
43 | pfx=lib; \ | ||
44 | if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ | ||
45 | sfx=".so"; \ | ||
46 | - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | ||
47 | + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | ||
48 | else \ | ||
49 | case "$(CFLAGS)" in \ | ||
50 | *DSO_BEOS*) sfx=".so";; \ | ||
51 | @@ -56,10 +56,10 @@ install: | ||
40 | *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ | 52 | *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ |
41 | *) sfx=".bad";; \ | 53 | *) sfx=".bad";; \ |
42 | esac; \ | 54 | esac; \ |
43 | - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | 55 | - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ |
44 | + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | 56 | + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ |
45 | else \ | ||
46 | sfx=".so"; \ | ||
47 | - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | ||
48 | + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | ||
49 | fi; \ | 57 | fi; \ |
50 | - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ | 58 | - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ |
51 | - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ | 59 | - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch index f0e17784..2a318a45 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/fix-cipher-des-ede3-cfb1.patch | |||
@@ -4,19 +4,18 @@ This patch adds the fix for one of the ciphers used in openssl, namely | |||
4 | the cipher des-ede3-cfb1. Complete bug log and patch is present here: | 4 | the cipher des-ede3-cfb1. Complete bug log and patch is present here: |
5 | http://rt.openssl.org/Ticket/Display.html?id=2867 | 5 | http://rt.openssl.org/Ticket/Display.html?id=2867 |
6 | 6 | ||
7 | Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com> | 7 | Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> |
8 | 8 | ||
9 | diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c | 9 | Index: openssl-1.0.2/crypto/evp/e_des3.c |
10 | index 3232cfe..df84922 100644 | ||
11 | =================================================================== | 10 | =================================================================== |
12 | --- a/crypto/evp/e_des3.c | 11 | --- openssl-1.0.2.orig/crypto/evp/e_des3.c |
13 | +++ b/crypto/evp/e_des3.c | 12 | +++ openssl-1.0.2/crypto/evp/e_des3.c |
14 | @@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 13 | @@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH |
15 | size_t n; | 14 | size_t n; |
16 | unsigned char c[1],d[1]; | 15 | unsigned char c[1], d[1]; |
17 | 16 | ||
18 | - for(n=0 ; n < inl ; ++n) | 17 | - for (n = 0; n < inl; ++n) { |
19 | + for(n=0 ; n < inl*8 ; ++n) | 18 | + for (n = 0; n * 8 < inl; ++n) { |
20 | { | 19 | c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; |
21 | c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; | 20 | DES_ede3_cfb_encrypt(c, d, 1, 1, |
22 | DES_ede3_cfb_encrypt(c,d,1,1, | 21 | &data(ctx)->ks1, &data(ctx)->ks2, |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch b/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch deleted file mode 100644 index 2185ff8a..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/initial-aarch64-bits.patch +++ /dev/null | |||
@@ -1,119 +0,0 @@ | |||
1 | From: Andy Polyakov <appro@openssl.org> | ||
2 | Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200) | ||
3 | Subject: Initial aarch64 bits. | ||
4 | X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956 | ||
5 | |||
6 | Initial aarch64 bits. | ||
7 | --- | ||
8 | crypto/bn/bn_lcl.h | 9 +++++++++ | ||
9 | crypto/md32_common.h | 18 ++++++++++++++++++ | ||
10 | crypto/modes/modes_lcl.h | 8 ++++++++ | ||
11 | crypto/sha/sha512.c | 13 +++++++++++++ | ||
12 | 4 files changed, 48 insertions(+) | ||
13 | |||
14 | Index: openssl-1.0.1f/crypto/bn/bn_lcl.h | ||
15 | =================================================================== | ||
16 | --- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 | ||
17 | +++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 | ||
18 | @@ -300,6 +300,15 @@ | ||
19 | : "r"(a), "r"(b)); | ||
20 | # endif | ||
21 | # endif | ||
22 | +# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) | ||
23 | +# if defined(__GNUC__) && __GNUC__>=2 | ||
24 | +# define BN_UMULT_HIGH(a,b) ({ \ | ||
25 | + register BN_ULONG ret; \ | ||
26 | + asm ("umulh %0,%1,%2" \ | ||
27 | + : "=r"(ret) \ | ||
28 | + : "r"(a), "r"(b)); \ | ||
29 | + ret; }) | ||
30 | +# endif | ||
31 | # endif /* cpu */ | ||
32 | #endif /* OPENSSL_NO_ASM */ | ||
33 | |||
34 | Index: openssl-1.0.1f/crypto/md32_common.h | ||
35 | =================================================================== | ||
36 | --- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 | ||
37 | +++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 | ||
38 | @@ -213,6 +213,24 @@ | ||
39 | asm ("bswapl %0":"=r"(r):"0"(r)); \ | ||
40 | *((unsigned int *)(c))=r; (c)+=4; r; }) | ||
41 | # endif | ||
42 | +# elif defined(__aarch64__) | ||
43 | +# if defined(__BYTE_ORDER__) | ||
44 | +# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ | ||
45 | +# define HOST_c2l(c,l) ({ unsigned int r; \ | ||
46 | + asm ("rev %w0,%w1" \ | ||
47 | + :"=r"(r) \ | ||
48 | + :"r"(*((const unsigned int *)(c))));\ | ||
49 | + (c)+=4; (l)=r; }) | ||
50 | +# define HOST_l2c(l,c) ({ unsigned int r; \ | ||
51 | + asm ("rev %w0,%w1" \ | ||
52 | + :"=r"(r) \ | ||
53 | + :"r"((unsigned int)(l)));\ | ||
54 | + *((unsigned int *)(c))=r; (c)+=4; r; }) | ||
55 | +# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ | ||
56 | +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) | ||
57 | +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) | ||
58 | +# endif | ||
59 | +# endif | ||
60 | # endif | ||
61 | # endif | ||
62 | #endif | ||
63 | Index: openssl-1.0.1f/crypto/modes/modes_lcl.h | ||
64 | =================================================================== | ||
65 | --- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 | ||
66 | +++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 | ||
67 | @@ -29,6 +29,7 @@ | ||
68 | #if defined(__i386) || defined(__i386__) || \ | ||
69 | defined(__x86_64) || defined(__x86_64__) || \ | ||
70 | defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ | ||
71 | + defined(__aarch64__) || \ | ||
72 | defined(__s390__) || defined(__s390x__) | ||
73 | # undef STRICT_ALIGNMENT | ||
74 | #endif | ||
75 | @@ -50,6 +51,13 @@ | ||
76 | # define BSWAP4(x) ({ u32 ret=(x); \ | ||
77 | asm ("bswapl %0" \ | ||
78 | : "+r"(ret)); ret; }) | ||
79 | +# elif defined(__aarch64__) | ||
80 | +# define BSWAP8(x) ({ u64 ret; \ | ||
81 | + asm ("rev %0,%1" \ | ||
82 | + : "=r"(ret) : "r"(x)); ret; }) | ||
83 | +# define BSWAP4(x) ({ u32 ret; \ | ||
84 | + asm ("rev %w0,%w1" \ | ||
85 | + : "=r"(ret) : "r"(x)); ret; }) | ||
86 | # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) | ||
87 | # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ | ||
88 | asm ("rev %0,%0; rev %1,%1" \ | ||
89 | Index: openssl-1.0.1f/crypto/sha/sha512.c | ||
90 | =================================================================== | ||
91 | --- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 | ||
92 | +++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 | ||
93 | @@ -55,6 +55,7 @@ | ||
94 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ | ||
95 | defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ | ||
96 | defined(__s390__) || defined(__s390x__) || \ | ||
97 | + defined(__aarch64__) || \ | ||
98 | defined(SHA512_ASM) | ||
99 | #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA | ||
100 | #endif | ||
101 | @@ -347,6 +348,18 @@ | ||
102 | asm ("rotrdi %0,%1,%2" \ | ||
103 | : "=r"(ret) \ | ||
104 | : "r"(a),"K"(n)); ret; }) | ||
105 | +# elif defined(__aarch64__) | ||
106 | +# define ROTR(a,n) ({ SHA_LONG64 ret; \ | ||
107 | + asm ("ror %0,%1,%2" \ | ||
108 | + : "=r"(ret) \ | ||
109 | + : "r"(a),"I"(n)); ret; }) | ||
110 | +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ | ||
111 | + __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ | ||
112 | +# define PULL64(x) ({ SHA_LONG64 ret; \ | ||
113 | + asm ("rev %0,%1" \ | ||
114 | + : "=r"(ret) \ | ||
115 | + : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) | ||
116 | +# endif | ||
117 | # endif | ||
118 | # elif defined(_MSC_VER) | ||
119 | # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch new file mode 100644 index 00000000..1e5bfa17 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-1.0.2a-x32-asm.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest | ||
2 | |||
3 | From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 | ||
4 | From: Mike Frysinger <vapier@gentoo.org> | ||
5 | Date: Sat, 21 Mar 2015 06:01:25 -0400 | ||
6 | Subject: [PATCH] crypto: use bigint in x86-64 perl | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> | ||
10 | |||
11 | When building on x32 systems where the default type is 32bit, make sure | ||
12 | we can transparently represent 64bit integers. Otherwise we end up with | ||
13 | build errors like: | ||
14 | /usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s | ||
15 | Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. | ||
16 | ... | ||
17 | ghash-x86_64.s: Assembler messages: | ||
18 | ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression | ||
19 | |||
20 | We don't enable this globally as there are some cases where we'd get | ||
21 | 32bit values interpreted as unsigned when we need them as signed. | ||
22 | |||
23 | Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh> | ||
24 | URL: https://bugs.gentoo.org/542618 | ||
25 | --- | ||
26 | crypto/perlasm/x86_64-xlate.pl | 4 ++++ | ||
27 | 1 file changed, 4 insertions(+) | ||
28 | |||
29 | diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl | ||
30 | index aae8288..0bf9774 100755 | ||
31 | --- a/crypto/perlasm/x86_64-xlate.pl | ||
32 | +++ b/crypto/perlasm/x86_64-xlate.pl | ||
33 | @@ -195,6 +195,10 @@ my %globals; | ||
34 | sub out { | ||
35 | my $self = shift; | ||
36 | |||
37 | + # When building on x32 ABIs, the expanded hex value might be too | ||
38 | + # big to fit into 32bits. Enable transparent 64bit support here | ||
39 | + # so we can safely print it out. | ||
40 | + use bigint; | ||
41 | if ($gas) { | ||
42 | # Solaris /usr/ccs/bin/as can't handle multiplications | ||
43 | # in $self->{value} | ||
44 | -- | ||
45 | 2.3.3 | ||
46 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch index c161e62f..f736e5c0 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | |||
@@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html | |||
8 | 8 | ||
9 | Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> | 9 | Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> |
10 | --- | 10 | --- |
11 | --- a/crypto/evp/digest.c | 11 | Index: openssl-1.0.2h/crypto/evp/digest.c |
12 | +++ b/crypto/evp/digest.c | 12 | =================================================================== |
13 | @@ -199,7 +199,7 @@ | 13 | --- openssl-1.0.2h.orig/crypto/evp/digest.c |
14 | return 0; | 14 | +++ openssl-1.0.2h/crypto/evp/digest.c |
15 | } | 15 | @@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c |
16 | type = ctx->digest; | ||
17 | } | ||
16 | #endif | 18 | #endif |
17 | - if (ctx->digest != type) | 19 | - if (ctx->digest != type) { |
18 | + if (type && (ctx->digest != type)) | 20 | + if (type && (ctx->digest != type)) { |
19 | { | 21 | if (ctx->digest && ctx->digest->ctx_size) { |
20 | if (ctx->digest && ctx->digest->ctx_size) | 22 | OPENSSL_free(ctx->md_data); |
21 | OPENSSL_free(ctx->md_data); | 23 | ctx->md_data = NULL; |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch deleted file mode 100644 index 3e93fe4e..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() | ||
2 | |||
3 | We should avoid accessing the pointer if ASN1_STRING_new() | ||
4 | allocates memory failed. | ||
5 | |||
6 | Upstream-Status: Submitted | ||
7 | http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html | ||
8 | |||
9 | Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> | ||
10 | --- | ||
11 | --- a/crypto/dh/dh_ameth.c | ||
12 | +++ b/crypto/dh/dh_ameth.c | ||
13 | @@ -139,6 +139,12 @@ | ||
14 | dh=pkey->pkey.dh; | ||
15 | |||
16 | str = ASN1_STRING_new(); | ||
17 | + if (!str) | ||
18 | + { | ||
19 | + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); | ||
20 | + goto err; | ||
21 | + } | ||
22 | + | ||
23 | str->length = i2d_DHparams(dh, &str->data); | ||
24 | if (str->length <= 0) | ||
25 | { | ||
26 | --- a/crypto/dsa/dsa_ameth.c | ||
27 | +++ b/crypto/dsa/dsa_ameth.c | ||
28 | @@ -148,6 +148,11 @@ | ||
29 | { | ||
30 | ASN1_STRING *str; | ||
31 | str = ASN1_STRING_new(); | ||
32 | + if (!str) | ||
33 | + { | ||
34 | + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); | ||
35 | + goto err; | ||
36 | + } | ||
37 | str->length = i2d_DSAparams(dsa, &str->data); | ||
38 | if (str->length <= 0) | ||
39 | { | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh new file mode 100644 index 00000000..f67f4155 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh | |||
@@ -0,0 +1,210 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # Ben Secrest <blsecres@gmail.com> | ||
4 | # | ||
5 | # sh c_rehash script, scan all files in a directory | ||
6 | # and add symbolic links to their hash values. | ||
7 | # | ||
8 | # based on the c_rehash perl script distributed with openssl | ||
9 | # | ||
10 | # LICENSE: See OpenSSL license | ||
11 | # ^^acceptable?^^ | ||
12 | # | ||
13 | |||
14 | # default certificate location | ||
15 | DIR=/etc/openssl | ||
16 | |||
17 | # for filetype bitfield | ||
18 | IS_CERT=$(( 1 << 0 )) | ||
19 | IS_CRL=$(( 1 << 1 )) | ||
20 | |||
21 | |||
22 | # check to see if a file is a certificate file or a CRL file | ||
23 | # arguments: | ||
24 | # 1. the filename to be scanned | ||
25 | # returns: | ||
26 | # bitfield of file type; uses ${IS_CERT} and ${IS_CRL} | ||
27 | # | ||
28 | check_file() | ||
29 | { | ||
30 | local IS_TYPE=0 | ||
31 | |||
32 | # make IFS a newline so we can process grep output line by line | ||
33 | local OLDIFS=${IFS} | ||
34 | IFS=$( printf "\n" ) | ||
35 | |||
36 | # XXX: could be more efficient to have two 'grep -m' but is -m portable? | ||
37 | for LINE in $( grep '^-----BEGIN .*-----' ${1} ) | ||
38 | do | ||
39 | if echo ${LINE} \ | ||
40 | | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' | ||
41 | then | ||
42 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) | ||
43 | |||
44 | if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
45 | then | ||
46 | break | ||
47 | fi | ||
48 | elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' | ||
49 | then | ||
50 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) | ||
51 | |||
52 | if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
53 | then | ||
54 | break | ||
55 | fi | ||
56 | fi | ||
57 | done | ||
58 | |||
59 | # restore IFS | ||
60 | IFS=${OLDIFS} | ||
61 | |||
62 | return ${IS_TYPE} | ||
63 | } | ||
64 | |||
65 | |||
66 | # | ||
67 | # use openssl to fingerprint a file | ||
68 | # arguments: | ||
69 | # 1. the filename to fingerprint | ||
70 | # 2. the method to use (x509, crl) | ||
71 | # returns: | ||
72 | # none | ||
73 | # assumptions: | ||
74 | # user will capture output from last stage of pipeline | ||
75 | # | ||
76 | fingerprint() | ||
77 | { | ||
78 | ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' | ||
79 | } | ||
80 | |||
81 | |||
82 | # | ||
83 | # link_hash - create links to certificate files | ||
84 | # arguments: | ||
85 | # 1. the filename to create a link for | ||
86 | # 2. the type of certificate being linked (x509, crl) | ||
87 | # returns: | ||
88 | # 0 on success, 1 otherwise | ||
89 | # | ||
90 | link_hash() | ||
91 | { | ||
92 | local FINGERPRINT=$( fingerprint ${1} ${2} ) | ||
93 | local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) | ||
94 | local SUFFIX=0 | ||
95 | local LINKFILE='' | ||
96 | local TAG='' | ||
97 | |||
98 | if [ ${2} = "crl" ] | ||
99 | then | ||
100 | TAG='r' | ||
101 | fi | ||
102 | |||
103 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
104 | |||
105 | while [ -f ${LINKFILE} ] | ||
106 | do | ||
107 | if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] | ||
108 | then | ||
109 | echo "NOTE: Skipping duplicate file ${1}" >&2 | ||
110 | return 1 | ||
111 | fi | ||
112 | |||
113 | SUFFIX=$(( ${SUFFIX} + 1 )) | ||
114 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
115 | done | ||
116 | |||
117 | echo "${1} => ${LINKFILE}" | ||
118 | |||
119 | # assume any system with a POSIX shell will either support symlinks or | ||
120 | # do something to handle this gracefully | ||
121 | ln -s ${1} ${LINKFILE} | ||
122 | |||
123 | return 0 | ||
124 | } | ||
125 | |||
126 | |||
127 | # hash_dir create hash links in a given directory | ||
128 | hash_dir() | ||
129 | { | ||
130 | echo "Doing ${1}" | ||
131 | |||
132 | cd ${1} | ||
133 | |||
134 | ls -1 * 2>/dev/null | while read FILE | ||
135 | do | ||
136 | if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ | ||
137 | && [ -h "${FILE}" ] | ||
138 | then | ||
139 | rm ${FILE} | ||
140 | fi | ||
141 | done | ||
142 | |||
143 | ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE | ||
144 | do | ||
145 | check_file ${FILE} | ||
146 | local FILE_TYPE=${?} | ||
147 | local TYPE_STR='' | ||
148 | |||
149 | if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
150 | then | ||
151 | TYPE_STR='x509' | ||
152 | elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
153 | then | ||
154 | TYPE_STR='crl' | ||
155 | else | ||
156 | echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 | ||
157 | continue | ||
158 | fi | ||
159 | |||
160 | link_hash ${FILE} ${TYPE_STR} | ||
161 | done | ||
162 | } | ||
163 | |||
164 | |||
165 | # choose the name of an ssl application | ||
166 | if [ -n "${OPENSSL}" ] | ||
167 | then | ||
168 | SSL_CMD=$(which ${OPENSSL} 2>/dev/null) | ||
169 | else | ||
170 | SSL_CMD=/usr/bin/openssl | ||
171 | OPENSSL=${SSL_CMD} | ||
172 | export OPENSSL | ||
173 | fi | ||
174 | |||
175 | # fix paths | ||
176 | PATH=${PATH}:${DIR}/bin | ||
177 | export PATH | ||
178 | |||
179 | # confirm existance/executability of ssl command | ||
180 | if ! [ -x ${SSL_CMD} ] | ||
181 | then | ||
182 | echo "${0}: rehashing skipped ('openssl' program not available)" >&2 | ||
183 | exit 0 | ||
184 | fi | ||
185 | |||
186 | # determine which directories to process | ||
187 | old_IFS=$IFS | ||
188 | if [ ${#} -gt 0 ] | ||
189 | then | ||
190 | IFS=':' | ||
191 | DIRLIST=${*} | ||
192 | elif [ -n "${SSL_CERT_DIR}" ] | ||
193 | then | ||
194 | DIRLIST=$SSL_CERT_DIR | ||
195 | else | ||
196 | DIRLIST=${DIR}/certs | ||
197 | fi | ||
198 | |||
199 | IFS=':' | ||
200 | |||
201 | # process directories | ||
202 | for CERT_DIR in ${DIRLIST} | ||
203 | do | ||
204 | if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] | ||
205 | then | ||
206 | IFS=$old_IFS | ||
207 | hash_dir ${CERT_DIR} | ||
208 | IFS=':' | ||
209 | fi | ||
210 | done | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch deleted file mode 100644 index 154106cb..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/openssl-fix-link.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001 | ||
2 | From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | ||
3 | Date: Thu, 22 Sep 2011 08:55:26 +0200 | ||
4 | Subject: [PATCH] fix the parallel build regarding shared libraries. | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | --- | ||
8 | .../openssl-1.0.0e/Makefile.org | 8 ++++---- | ||
9 | 1 files changed, 4 insertions(+), 4 deletions(-) | ||
10 | |||
11 | diff --git a/Makefile.org | ||
12 | index 3c7aea1..6326cd6 100644 | ||
13 | --- a/Makefile.org | ||
14 | +++ b/Makefile.org | ||
15 | @@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines | ||
16 | |||
17 | build_crypto: | ||
18 | @dir=crypto; target=all; $(BUILD_ONE_CMD) | ||
19 | -build_ssl: | ||
20 | +build_ssl: build_crypto | ||
21 | @dir=ssl; target=all; $(BUILD_ONE_CMD) | ||
22 | -build_engines: | ||
23 | +build_engines: build_crypto | ||
24 | @dir=engines; target=all; $(BUILD_ONE_CMD) | ||
25 | -build_apps: | ||
26 | +build_apps: build_crypto build_ssl | ||
27 | @dir=apps; target=all; $(BUILD_ONE_CMD) | ||
28 | -build_tests: | ||
29 | +build_tests: build_crypto build_ssl | ||
30 | @dir=test; target=all; $(BUILD_ONE_CMD) | ||
31 | build_tools: | ||
32 | @dir=tools; target=all; $(BUILD_ONE_CMD) | ||
33 | -- | ||
34 | 1.6.6.1 | ||
35 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch index 93ce0343..0f08a642 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/openssl_fix_for_x32.patch | |||
@@ -2,68 +2,17 @@ Upstream-Status: Pending | |||
2 | 2 | ||
3 | Received from H J Liu @ Intel | 3 | Received from H J Liu @ Intel |
4 | Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. | 4 | Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors. |
5 | Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 | 5 | Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13 |
6 | 6 | ||
7 | ported the patch to the 1.0.0e version | 7 | ported the patch to the 1.0.0e version |
8 | Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 | 8 | Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 |
9 | Index: openssl-1.0.1e/Configure | 9 | Index: openssl-1.0.2/crypto/bn/bn.h |
10 | =================================================================== | 10 | =================================================================== |
11 | --- openssl-1.0.1e.orig/Configure | 11 | --- openssl-1.0.2.orig/crypto/bn/bn.h |
12 | +++ openssl-1.0.1e/Configure | 12 | +++ openssl-1.0.2/crypto/bn/bn.h |
13 | @@ -402,6 +402,7 @@ my %table=( | 13 | @@ -173,6 +173,13 @@ extern "C" { |
14 | "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 14 | # endif |
15 | "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
16 | "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | ||
17 | +"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", | ||
18 | "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", | ||
19 | #### So called "highgprs" target for z/Architecture CPUs | ||
20 | # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see | ||
21 | Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | ||
22 | =================================================================== | ||
23 | --- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c | ||
24 | +++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c | ||
25 | @@ -55,7 +55,7 @@ | ||
26 | * machine. | ||
27 | */ | ||
28 | |||
29 | -#ifdef _WIN64 | ||
30 | +#if defined _WIN64 || !defined __LP64__ | ||
31 | #define BN_ULONG unsigned long long | ||
32 | #else | ||
33 | #define BN_ULONG unsigned long | ||
34 | @@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con | ||
35 | asm ( | ||
36 | " subq %2,%2 \n" | ||
37 | ".p2align 4 \n" | ||
38 | - "1: movq (%4,%2,8),%0 \n" | ||
39 | - " adcq (%5,%2,8),%0 \n" | ||
40 | - " movq %0,(%3,%2,8) \n" | ||
41 | + "1: movq (%q4,%2,8),%0 \n" | ||
42 | + " adcq (%q5,%2,8),%0 \n" | ||
43 | + " movq %0,(%q3,%2,8) \n" | ||
44 | " leaq 1(%2),%2 \n" | ||
45 | " loop 1b \n" | ||
46 | " sbbq %0,%0 \n" | ||
47 | @@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con | ||
48 | asm ( | ||
49 | " subq %2,%2 \n" | ||
50 | ".p2align 4 \n" | ||
51 | - "1: movq (%4,%2,8),%0 \n" | ||
52 | - " sbbq (%5,%2,8),%0 \n" | ||
53 | - " movq %0,(%3,%2,8) \n" | ||
54 | + "1: movq (%q4,%2,8),%0 \n" | ||
55 | + " sbbq (%q5,%2,8),%0 \n" | ||
56 | + " movq %0,(%q3,%2,8) \n" | ||
57 | " leaq 1(%2),%2 \n" | ||
58 | " loop 1b \n" | ||
59 | " sbbq %0,%0 \n" | ||
60 | Index: openssl-1.0.1e/crypto/bn/bn.h | ||
61 | =================================================================== | ||
62 | --- openssl-1.0.1e.orig/crypto/bn/bn.h | ||
63 | +++ openssl-1.0.1e/crypto/bn/bn.h | ||
64 | @@ -172,6 +172,13 @@ extern "C" { | ||
65 | # endif | 15 | # endif |
66 | #endif | ||
67 | 16 | ||
68 | +/* Address type. */ | 17 | +/* Address type. */ |
69 | +#ifdef _WIN64 | 18 | +#ifdef _WIN64 |
@@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h | |||
72 | +#define BN_ADDR unsigned long | 21 | +#define BN_ADDR unsigned long |
73 | +#endif | 22 | +#endif |
74 | + | 23 | + |
75 | /* assuming long is 64bit - this is the DEC Alpha | 24 | /* |
76 | * unsigned long long is only 64 bits :-(, don't define | 25 | * assuming long is 64bit - this is the DEC Alpha unsigned long long is only |
77 | * BN_LLONG for the DEC Alpha */ | 26 | * 64 bits :-(, don't define BN_LLONG for the DEC Alpha |
78 | Index: openssl-1.0.1e/crypto/bn/bn_exp.c | 27 | Index: openssl-1.0.2/crypto/bn/bn_exp.c |
79 | =================================================================== | 28 | =================================================================== |
80 | --- openssl-1.0.1e.orig/crypto/bn/bn_exp.c | 29 | --- openssl-1.0.2.orig/crypto/bn/bn_exp.c |
81 | +++ openssl-1.0.1e/crypto/bn/bn_exp.c | 30 | +++ openssl-1.0.2/crypto/bn/bn_exp.c |
82 | @@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU | 31 | @@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU |
83 | 32 | * multiple. | |
84 | /* Given a pointer value, compute the next address that is a cache line multiple. */ | 33 | */ |
85 | #define MOD_EXP_CTIME_ALIGN(x_) \ | 34 | #define MOD_EXP_CTIME_ALIGN(x_) \ |
86 | - ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) | 35 | - ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) |
87 | + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) | 36 | + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) |
88 | 37 | ||
89 | /* This variant of BN_mod_exp_mont() uses fixed windows and the special | 38 | /* |
90 | * precomputation memory layout to limit data-dependency to a minimum | 39 | * This variant of BN_mod_exp_mont() uses fixed windows and the special |
diff --git a/recipes-connectivity/openssl/openssl-qoriq/parallel.patch b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch new file mode 100644 index 00000000..b6c2c148 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/parallel.patch | |||
@@ -0,0 +1,326 @@ | |||
1 | Fix the parallel races in the Makefiles. | ||
2 | |||
3 | This patch was taken from the Gentoo packaging: | ||
4 | https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
8 | |||
9 | --- openssl-1.0.2g/crypto/Makefile | ||
10 | +++ openssl-1.0.2g/crypto/Makefile | ||
11 | @@ -85,11 +85,11 @@ | ||
12 | @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi | ||
13 | |||
14 | subdirs: | ||
15 | - @target=all; $(RECURSIVE_MAKE) | ||
16 | + +@target=all; $(RECURSIVE_MAKE) | ||
17 | |||
18 | files: | ||
19 | $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO | ||
20 | - @target=files; $(RECURSIVE_MAKE) | ||
21 | + +@target=files; $(RECURSIVE_MAKE) | ||
22 | |||
23 | links: | ||
24 | @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) | ||
25 | @@ -100,7 +100,7 @@ | ||
26 | # lib: $(LIB): are splitted to avoid end-less loop | ||
27 | lib: $(LIB) | ||
28 | @touch lib | ||
29 | -$(LIB): $(LIBOBJ) | ||
30 | +$(LIB): $(LIBOBJ) | subdirs | ||
31 | $(AR) $(LIB) $(LIBOBJ) | ||
32 | test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o | ||
33 | $(RANLIB) $(LIB) || echo Never mind. | ||
34 | @@ -111,7 +111,7 @@ | ||
35 | fi | ||
36 | |||
37 | libs: | ||
38 | - @target=lib; $(RECURSIVE_MAKE) | ||
39 | + +@target=lib; $(RECURSIVE_MAKE) | ||
40 | |||
41 | install: | ||
42 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | ||
43 | @@ -120,7 +120,7 @@ | ||
44 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | ||
45 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | ||
46 | done; | ||
47 | - @target=install; $(RECURSIVE_MAKE) | ||
48 | + +@target=install; $(RECURSIVE_MAKE) | ||
49 | |||
50 | lint: | ||
51 | @target=lint; $(RECURSIVE_MAKE) | ||
52 | --- openssl-1.0.2g/engines/Makefile | ||
53 | +++ openssl-1.0.2g/engines/Makefile | ||
54 | @@ -72,7 +72,7 @@ | ||
55 | |||
56 | all: lib subdirs | ||
57 | |||
58 | -lib: $(LIBOBJ) | ||
59 | +lib: $(LIBOBJ) | subdirs | ||
60 | @if [ -n "$(SHARED_LIBS)" ]; then \ | ||
61 | set -e; \ | ||
62 | for l in $(LIBNAMES); do \ | ||
63 | @@ -89,7 +89,7 @@ | ||
64 | |||
65 | subdirs: | ||
66 | echo $(EDIRS) | ||
67 | - @target=all; $(RECURSIVE_MAKE) | ||
68 | + +@target=all; $(RECURSIVE_MAKE) | ||
69 | |||
70 | files: | ||
71 | $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO | ||
72 | @@ -128,7 +128,7 @@ | ||
73 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ | ||
74 | done; \ | ||
75 | fi | ||
76 | - @target=install; $(RECURSIVE_MAKE) | ||
77 | + +@target=install; $(RECURSIVE_MAKE) | ||
78 | |||
79 | tags: | ||
80 | ctags $(SRC) | ||
81 | --- openssl-1.0.2g/Makefile.org | ||
82 | +++ openssl-1.0.2g/Makefile.org | ||
83 | @@ -279,17 +279,17 @@ | ||
84 | build_libssl: build_ssl libssl.pc | ||
85 | |||
86 | build_crypto: | ||
87 | - @dir=crypto; target=all; $(BUILD_ONE_CMD) | ||
88 | + +@dir=crypto; target=all; $(BUILD_ONE_CMD) | ||
89 | build_ssl: build_crypto | ||
90 | - @dir=ssl; target=all; $(BUILD_ONE_CMD) | ||
91 | + +@dir=ssl; target=all; $(BUILD_ONE_CMD) | ||
92 | build_engines: build_crypto | ||
93 | - @dir=engines; target=all; $(BUILD_ONE_CMD) | ||
94 | + +@dir=engines; target=all; $(BUILD_ONE_CMD) | ||
95 | build_apps: build_libs | ||
96 | - @dir=apps; target=all; $(BUILD_ONE_CMD) | ||
97 | + +@dir=apps; target=all; $(BUILD_ONE_CMD) | ||
98 | build_tests: build_libs | ||
99 | - @dir=test; target=all; $(BUILD_ONE_CMD) | ||
100 | + +@dir=test; target=all; $(BUILD_ONE_CMD) | ||
101 | build_tools: build_libs | ||
102 | - @dir=tools; target=all; $(BUILD_ONE_CMD) | ||
103 | + +@dir=tools; target=all; $(BUILD_ONE_CMD) | ||
104 | |||
105 | all_testapps: build_libs build_testapps | ||
106 | build_testapps: | ||
107 | @@ -544,7 +544,7 @@ | ||
108 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | ||
109 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | ||
110 | done; | ||
111 | - @set -e; target=install; $(RECURSIVE_BUILD_CMD) | ||
112 | + +@set -e; target=install; $(RECURSIVE_BUILD_CMD) | ||
113 | @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ | ||
114 | do \ | ||
115 | if [ -f "$$i" ]; then \ | ||
116 | --- openssl-1.0.2g/Makefile.shared | ||
117 | +++ openssl-1.0.2g/Makefile.shared | ||
118 | @@ -105,6 +105,7 @@ | ||
119 | SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ | ||
120 | LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ | ||
121 | LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ | ||
122 | + [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ | ||
123 | LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ | ||
124 | $${SHAREDCMD} $${SHAREDFLAGS} \ | ||
125 | -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ | ||
126 | @@ -122,6 +123,7 @@ | ||
127 | done; \ | ||
128 | fi; \ | ||
129 | if [ -n "$$SHLIB_SOVER" ]; then \ | ||
130 | + [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ | ||
131 | ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ | ||
132 | ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ | ||
133 | fi; \ | ||
134 | --- openssl-1.0.2g/test/Makefile | ||
135 | +++ openssl-1.0.2g/test/Makefile | ||
136 | @@ -139,7 +139,7 @@ | ||
137 | tags: | ||
138 | ctags $(SRC) | ||
139 | |||
140 | -tests: exe apps $(TESTS) | ||
141 | +tests: exe $(TESTS) | ||
142 | |||
143 | apps: | ||
144 | @(cd ..; $(MAKE) DIRS=apps all) | ||
145 | @@ -421,130 +421,130 @@ | ||
146 | link_app.$${shlib_target} | ||
147 | |||
148 | $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) | ||
149 | - @target=$(RSATEST); $(BUILD_CMD) | ||
150 | + +@target=$(RSATEST); $(BUILD_CMD) | ||
151 | |||
152 | $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) | ||
153 | - @target=$(BNTEST); $(BUILD_CMD) | ||
154 | + +@target=$(BNTEST); $(BUILD_CMD) | ||
155 | |||
156 | $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) | ||
157 | - @target=$(ECTEST); $(BUILD_CMD) | ||
158 | + +@target=$(ECTEST); $(BUILD_CMD) | ||
159 | |||
160 | $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) | ||
161 | - @target=$(EXPTEST); $(BUILD_CMD) | ||
162 | + +@target=$(EXPTEST); $(BUILD_CMD) | ||
163 | |||
164 | $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) | ||
165 | - @target=$(IDEATEST); $(BUILD_CMD) | ||
166 | + +@target=$(IDEATEST); $(BUILD_CMD) | ||
167 | |||
168 | $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) | ||
169 | - @target=$(MD2TEST); $(BUILD_CMD) | ||
170 | + +@target=$(MD2TEST); $(BUILD_CMD) | ||
171 | |||
172 | $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) | ||
173 | - @target=$(SHATEST); $(BUILD_CMD) | ||
174 | + +@target=$(SHATEST); $(BUILD_CMD) | ||
175 | |||
176 | $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) | ||
177 | - @target=$(SHA1TEST); $(BUILD_CMD) | ||
178 | + +@target=$(SHA1TEST); $(BUILD_CMD) | ||
179 | |||
180 | $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) | ||
181 | - @target=$(SHA256TEST); $(BUILD_CMD) | ||
182 | + +@target=$(SHA256TEST); $(BUILD_CMD) | ||
183 | |||
184 | $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) | ||
185 | - @target=$(SHA512TEST); $(BUILD_CMD) | ||
186 | + +@target=$(SHA512TEST); $(BUILD_CMD) | ||
187 | |||
188 | $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) | ||
189 | - @target=$(RMDTEST); $(BUILD_CMD) | ||
190 | + +@target=$(RMDTEST); $(BUILD_CMD) | ||
191 | |||
192 | $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) | ||
193 | - @target=$(MDC2TEST); $(BUILD_CMD) | ||
194 | + +@target=$(MDC2TEST); $(BUILD_CMD) | ||
195 | |||
196 | $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) | ||
197 | - @target=$(MD4TEST); $(BUILD_CMD) | ||
198 | + +@target=$(MD4TEST); $(BUILD_CMD) | ||
199 | |||
200 | $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) | ||
201 | - @target=$(MD5TEST); $(BUILD_CMD) | ||
202 | + +@target=$(MD5TEST); $(BUILD_CMD) | ||
203 | |||
204 | $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) | ||
205 | - @target=$(HMACTEST); $(BUILD_CMD) | ||
206 | + +@target=$(HMACTEST); $(BUILD_CMD) | ||
207 | |||
208 | $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) | ||
209 | - @target=$(WPTEST); $(BUILD_CMD) | ||
210 | + +@target=$(WPTEST); $(BUILD_CMD) | ||
211 | |||
212 | $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) | ||
213 | - @target=$(RC2TEST); $(BUILD_CMD) | ||
214 | + +@target=$(RC2TEST); $(BUILD_CMD) | ||
215 | |||
216 | $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) | ||
217 | - @target=$(BFTEST); $(BUILD_CMD) | ||
218 | + +@target=$(BFTEST); $(BUILD_CMD) | ||
219 | |||
220 | $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) | ||
221 | - @target=$(CASTTEST); $(BUILD_CMD) | ||
222 | + +@target=$(CASTTEST); $(BUILD_CMD) | ||
223 | |||
224 | $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) | ||
225 | - @target=$(RC4TEST); $(BUILD_CMD) | ||
226 | + +@target=$(RC4TEST); $(BUILD_CMD) | ||
227 | |||
228 | $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) | ||
229 | - @target=$(RC5TEST); $(BUILD_CMD) | ||
230 | + +@target=$(RC5TEST); $(BUILD_CMD) | ||
231 | |||
232 | $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) | ||
233 | - @target=$(DESTEST); $(BUILD_CMD) | ||
234 | + +@target=$(DESTEST); $(BUILD_CMD) | ||
235 | |||
236 | $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) | ||
237 | - @target=$(RANDTEST); $(BUILD_CMD) | ||
238 | + +@target=$(RANDTEST); $(BUILD_CMD) | ||
239 | |||
240 | $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) | ||
241 | - @target=$(DHTEST); $(BUILD_CMD) | ||
242 | + +@target=$(DHTEST); $(BUILD_CMD) | ||
243 | |||
244 | $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) | ||
245 | - @target=$(DSATEST); $(BUILD_CMD) | ||
246 | + +@target=$(DSATEST); $(BUILD_CMD) | ||
247 | |||
248 | $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) | ||
249 | - @target=$(METHTEST); $(BUILD_CMD) | ||
250 | + +@target=$(METHTEST); $(BUILD_CMD) | ||
251 | |||
252 | $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) | ||
253 | - @target=$(SSLTEST); $(FIPS_BUILD_CMD) | ||
254 | + +@target=$(SSLTEST); $(FIPS_BUILD_CMD) | ||
255 | |||
256 | $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) | ||
257 | - @target=$(ENGINETEST); $(BUILD_CMD) | ||
258 | + +@target=$(ENGINETEST); $(BUILD_CMD) | ||
259 | |||
260 | $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) | ||
261 | - @target=$(EVPTEST); $(BUILD_CMD) | ||
262 | + +@target=$(EVPTEST); $(BUILD_CMD) | ||
263 | |||
264 | $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) | ||
265 | - @target=$(EVPEXTRATEST); $(BUILD_CMD) | ||
266 | + +@target=$(EVPEXTRATEST); $(BUILD_CMD) | ||
267 | |||
268 | $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) | ||
269 | - @target=$(ECDSATEST); $(BUILD_CMD) | ||
270 | + +@target=$(ECDSATEST); $(BUILD_CMD) | ||
271 | |||
272 | $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) | ||
273 | - @target=$(ECDHTEST); $(BUILD_CMD) | ||
274 | + +@target=$(ECDHTEST); $(BUILD_CMD) | ||
275 | |||
276 | $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) | ||
277 | - @target=$(IGETEST); $(BUILD_CMD) | ||
278 | + +@target=$(IGETEST); $(BUILD_CMD) | ||
279 | |||
280 | $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) | ||
281 | - @target=$(JPAKETEST); $(BUILD_CMD) | ||
282 | + +@target=$(JPAKETEST); $(BUILD_CMD) | ||
283 | |||
284 | $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) | ||
285 | - @target=$(ASN1TEST); $(BUILD_CMD) | ||
286 | + +@target=$(ASN1TEST); $(BUILD_CMD) | ||
287 | |||
288 | $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) | ||
289 | - @target=$(SRPTEST); $(BUILD_CMD) | ||
290 | + +@target=$(SRPTEST); $(BUILD_CMD) | ||
291 | |||
292 | $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO) | ||
293 | - @target=$(V3NAMETEST); $(BUILD_CMD) | ||
294 | + +@target=$(V3NAMETEST); $(BUILD_CMD) | ||
295 | |||
296 | $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) | ||
297 | - @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) | ||
298 | + +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) | ||
299 | |||
300 | $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o | ||
301 | - @target=$(CONSTTIMETEST) $(BUILD_CMD) | ||
302 | + +@target=$(CONSTTIMETEST) $(BUILD_CMD) | ||
303 | |||
304 | $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o | ||
305 | - @target=$(VERIFYEXTRATEST) $(BUILD_CMD) | ||
306 | + +@target=$(VERIFYEXTRATEST) $(BUILD_CMD) | ||
307 | |||
308 | $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o | ||
309 | - @target=$(CLIENTHELLOTEST) $(BUILD_CMD) | ||
310 | + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) | ||
311 | |||
312 | $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o | ||
313 | - @target=$(SSLV2CONFTEST) $(BUILD_CMD) | ||
314 | + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) | ||
315 | |||
316 | #$(AESTEST).o: $(AESTEST).c | ||
317 | # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c | ||
318 | @@ -557,7 +557,7 @@ | ||
319 | # fi | ||
320 | |||
321 | dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) | ||
322 | - @target=dummytest; $(BUILD_CMD) | ||
323 | + +@target=dummytest; $(BUILD_CMD) | ||
324 | |||
325 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
326 | \ No newline at end of file | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch new file mode 100644 index 00000000..ef6d1793 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/ptest-deps.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | Remove Makefile dependencies for test targets | ||
2 | |||
3 | These are probably here because the executables aren't always built for | ||
4 | other platforms (e.g. Windows); however we can safely assume they'll | ||
5 | always be there. None of the other test targets have such dependencies | ||
6 | and if we don't remove them, make tries to rebuild the executables and | ||
7 | fails during run-ptest. | ||
8 | |||
9 | Upstream-Status: Inappropriate [config] | ||
10 | |||
11 | Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | ||
12 | |||
13 | Index: openssl-1.0.2/test/Makefile | ||
14 | =================================================================== | ||
15 | --- openssl-1.0.2.orig/test/Makefile | ||
16 | +++ openssl-1.0.2/test/Makefile | ||
17 | @@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms- | ||
18 | @echo "CMS consistency test" | ||
19 | $(PERL) cms-test.pl | ||
20 | |||
21 | -test_srp: $(SRPTEST)$(EXE_EXT) | ||
22 | +test_srp: | ||
23 | @echo "Test SRP" | ||
24 | ../util/shlib_wrap.sh ./srptest | ||
25 | |||
26 | @@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT) | ||
27 | @echo "Test X509v3_check_*" | ||
28 | ../util/shlib_wrap.sh ./$(V3NAMETEST) | ||
29 | |||
30 | -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT) | ||
31 | +test_heartbeat: | ||
32 | ../util/shlib_wrap.sh ./$(HEARTBEATTEST) | ||
33 | |||
34 | test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch new file mode 100644 index 00000000..4202e61d --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/ptest_makefile_deps.patch | |||
@@ -0,0 +1,248 @@ | |||
1 | Additional Makefile dependencies removal for test targets | ||
2 | |||
3 | Removing the dependency check for test targets as these tests are | ||
4 | causing a number of failures and "noise" during ptest execution. | ||
5 | |||
6 | Upstream-Status: Inappropriate [config] | ||
7 | |||
8 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
9 | |||
10 | diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile | ||
11 | --- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300 | ||
12 | +++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300 | ||
13 | @@ -155,67 +155,67 @@ | ||
14 | ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ | ||
15 | done) | ||
16 | |||
17 | -test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt | ||
18 | +test_evp: | ||
19 | ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt | ||
20 | |||
21 | -test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT) | ||
22 | +test_evp_extra: | ||
23 | ../util/shlib_wrap.sh ./$(EVPEXTRATEST) | ||
24 | |||
25 | -test_des: $(DESTEST)$(EXE_EXT) | ||
26 | +test_des: | ||
27 | ../util/shlib_wrap.sh ./$(DESTEST) | ||
28 | |||
29 | -test_idea: $(IDEATEST)$(EXE_EXT) | ||
30 | +test_idea: | ||
31 | ../util/shlib_wrap.sh ./$(IDEATEST) | ||
32 | |||
33 | -test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) | ||
34 | +test_sha: | ||
35 | ../util/shlib_wrap.sh ./$(SHATEST) | ||
36 | ../util/shlib_wrap.sh ./$(SHA1TEST) | ||
37 | ../util/shlib_wrap.sh ./$(SHA256TEST) | ||
38 | ../util/shlib_wrap.sh ./$(SHA512TEST) | ||
39 | |||
40 | -test_mdc2: $(MDC2TEST)$(EXE_EXT) | ||
41 | +test_mdc2: | ||
42 | ../util/shlib_wrap.sh ./$(MDC2TEST) | ||
43 | |||
44 | -test_md5: $(MD5TEST)$(EXE_EXT) | ||
45 | +test_md5: | ||
46 | ../util/shlib_wrap.sh ./$(MD5TEST) | ||
47 | |||
48 | -test_md4: $(MD4TEST)$(EXE_EXT) | ||
49 | +test_md4: | ||
50 | ../util/shlib_wrap.sh ./$(MD4TEST) | ||
51 | |||
52 | -test_hmac: $(HMACTEST)$(EXE_EXT) | ||
53 | +test_hmac: | ||
54 | ../util/shlib_wrap.sh ./$(HMACTEST) | ||
55 | |||
56 | -test_wp: $(WPTEST)$(EXE_EXT) | ||
57 | +test_wp: | ||
58 | ../util/shlib_wrap.sh ./$(WPTEST) | ||
59 | |||
60 | -test_md2: $(MD2TEST)$(EXE_EXT) | ||
61 | +test_md2: | ||
62 | ../util/shlib_wrap.sh ./$(MD2TEST) | ||
63 | |||
64 | -test_rmd: $(RMDTEST)$(EXE_EXT) | ||
65 | +test_rmd: | ||
66 | ../util/shlib_wrap.sh ./$(RMDTEST) | ||
67 | |||
68 | -test_bf: $(BFTEST)$(EXE_EXT) | ||
69 | +test_bf: | ||
70 | ../util/shlib_wrap.sh ./$(BFTEST) | ||
71 | |||
72 | -test_cast: $(CASTTEST)$(EXE_EXT) | ||
73 | +test_cast: | ||
74 | ../util/shlib_wrap.sh ./$(CASTTEST) | ||
75 | |||
76 | -test_rc2: $(RC2TEST)$(EXE_EXT) | ||
77 | +test_rc2: | ||
78 | ../util/shlib_wrap.sh ./$(RC2TEST) | ||
79 | |||
80 | -test_rc4: $(RC4TEST)$(EXE_EXT) | ||
81 | +test_rc4: | ||
82 | ../util/shlib_wrap.sh ./$(RC4TEST) | ||
83 | |||
84 | -test_rc5: $(RC5TEST)$(EXE_EXT) | ||
85 | +test_rc5: | ||
86 | ../util/shlib_wrap.sh ./$(RC5TEST) | ||
87 | |||
88 | -test_rand: $(RANDTEST)$(EXE_EXT) | ||
89 | +test_rand: | ||
90 | ../util/shlib_wrap.sh ./$(RANDTEST) | ||
91 | |||
92 | -test_enc: ../apps/openssl$(EXE_EXT) testenc | ||
93 | +test_enc: | ||
94 | @sh ./testenc | ||
95 | |||
96 | -test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem | ||
97 | +test_x509: | ||
98 | echo test normal x509v1 certificate | ||
99 | sh ./tx509 2>/dev/null | ||
100 | echo test first x509v3 certificate | ||
101 | @@ -223,25 +223,25 @@ | ||
102 | echo test second x509v3 certificate | ||
103 | sh ./tx509 v3-cert2.pem 2>/dev/null | ||
104 | |||
105 | -test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem | ||
106 | +test_rsa: | ||
107 | @sh ./trsa 2>/dev/null | ||
108 | ../util/shlib_wrap.sh ./$(RSATEST) | ||
109 | |||
110 | -test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem | ||
111 | +test_crl: | ||
112 | @sh ./tcrl 2>/dev/null | ||
113 | |||
114 | -test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem | ||
115 | +test_sid: | ||
116 | @sh ./tsid 2>/dev/null | ||
117 | |||
118 | -test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem | ||
119 | +test_req: | ||
120 | @sh ./treq 2>/dev/null | ||
121 | @sh ./treq testreq2.pem 2>/dev/null | ||
122 | |||
123 | -test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem | ||
124 | +test_pkcs7: | ||
125 | @sh ./tpkcs7 2>/dev/null | ||
126 | @sh ./tpkcs7d 2>/dev/null | ||
127 | |||
128 | -test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest | ||
129 | +test_bn: | ||
130 | @echo starting big number library test, could take a while... | ||
131 | @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest | ||
132 | @echo quit >>tmp.bntest | ||
133 | @@ -250,33 +250,33 @@ | ||
134 | @echo 'test a^b%c implementations' | ||
135 | ../util/shlib_wrap.sh ./$(EXPTEST) | ||
136 | |||
137 | -test_ec: $(ECTEST)$(EXE_EXT) | ||
138 | +test_ec: | ||
139 | @echo 'test elliptic curves' | ||
140 | ../util/shlib_wrap.sh ./$(ECTEST) | ||
141 | |||
142 | -test_ecdsa: $(ECDSATEST)$(EXE_EXT) | ||
143 | +test_ecdsa: | ||
144 | @echo 'test ecdsa' | ||
145 | ../util/shlib_wrap.sh ./$(ECDSATEST) | ||
146 | |||
147 | -test_ecdh: $(ECDHTEST)$(EXE_EXT) | ||
148 | +test_ecdh: | ||
149 | @echo 'test ecdh' | ||
150 | ../util/shlib_wrap.sh ./$(ECDHTEST) | ||
151 | |||
152 | -test_verify: ../apps/openssl$(EXE_EXT) | ||
153 | +test_verify: | ||
154 | @echo "The following command should have some OK's and some failures" | ||
155 | @echo "There are definitly a few expired certificates" | ||
156 | ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem | ||
157 | |||
158 | -test_dh: $(DHTEST)$(EXE_EXT) | ||
159 | +test_dh: | ||
160 | @echo "Generate a set of DH parameters" | ||
161 | ../util/shlib_wrap.sh ./$(DHTEST) | ||
162 | |||
163 | -test_dsa: $(DSATEST)$(EXE_EXT) | ||
164 | +test_dsa: | ||
165 | @echo "Generate a set of DSA parameters" | ||
166 | ../util/shlib_wrap.sh ./$(DSATEST) | ||
167 | ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 | ||
168 | |||
169 | -test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf | ||
170 | +test_gen testreq.pem: | ||
171 | @echo "Generate and verify a certificate request" | ||
172 | @sh ./testgen | ||
173 | |||
174 | @@ -288,13 +288,11 @@ | ||
175 | @cat certCA.ss certU.ss > intP1.ss | ||
176 | @cat certCA.ss certU.ss certP1.ss > intP2.ss | ||
177 | |||
178 | -test_engine: $(ENGINETEST)$(EXE_EXT) | ||
179 | +test_engine: | ||
180 | @echo "Manipulate the ENGINE structures" | ||
181 | ../util/shlib_wrap.sh ./$(ENGINETEST) | ||
182 | |||
183 | -test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ | ||
184 | - intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \ | ||
185 | - ../apps/server2.pem serverinfo.pem | ||
186 | +test_ssl: | ||
187 | @echo "test SSL protocol" | ||
188 | @if [ -n "$(FIPSCANLIB)" ]; then \ | ||
189 | sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ | ||
190 | @@ -304,7 +302,7 @@ | ||
191 | @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss | ||
192 | @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss | ||
193 | |||
194 | -test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf | ||
195 | +test_ca: | ||
196 | @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ | ||
197 | echo "skipping CA.sh test -- requires RSA"; \ | ||
198 | else \ | ||
199 | @@ -312,11 +310,11 @@ | ||
200 | sh ./testca; \ | ||
201 | fi | ||
202 | |||
203 | -test_aes: #$(AESTEST) | ||
204 | +test_aes: | ||
205 | # @echo "test Rijndael" | ||
206 | # ../util/shlib_wrap.sh ./$(AESTEST) | ||
207 | |||
208 | -test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh | ||
209 | +test_tsa: | ||
210 | @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ | ||
211 | echo "skipping testtsa test -- requires RSA"; \ | ||
212 | else \ | ||
213 | @@ -331,7 +329,7 @@ | ||
214 | @echo "Test JPAKE" | ||
215 | ../util/shlib_wrap.sh ./$(JPAKETEST) | ||
216 | |||
217 | -test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt | ||
218 | +test_cms: | ||
219 | @echo "CMS consistency test" | ||
220 | $(PERL) cms-test.pl | ||
221 | |||
222 | @@ -339,22 +337,22 @@ | ||
223 | @echo "Test SRP" | ||
224 | ../util/shlib_wrap.sh ./srptest | ||
225 | |||
226 | -test_ocsp: ../apps/openssl$(EXE_EXT) tocsp | ||
227 | +test_ocsp: | ||
228 | @echo "Test OCSP" | ||
229 | @sh ./tocsp | ||
230 | |||
231 | -test_v3name: $(V3NAMETEST)$(EXE_EXT) | ||
232 | +test_v3name: | ||
233 | @echo "Test X509v3_check_*" | ||
234 | ../util/shlib_wrap.sh ./$(V3NAMETEST) | ||
235 | |||
236 | test_heartbeat: | ||
237 | ../util/shlib_wrap.sh ./$(HEARTBEATTEST) | ||
238 | |||
239 | -test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) | ||
240 | +test_constant_time: | ||
241 | @echo "Test constant time utilites" | ||
242 | ../util/shlib_wrap.sh ./$(CONSTTIMETEST) | ||
243 | |||
244 | -test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) | ||
245 | +test_verify_extra: | ||
246 | @echo $(START) $@ | ||
247 | ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) | ||
248 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch index e7b874f5..5e99d912 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 | 1 | From 45e4b0835ad965cf9cc813a31df354f1e6d14513 Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Tue, 10 Sep 2013 12:46:46 +0300 | 3 | Date: Tue, 10 Sep 2013 12:46:46 +0300 |
4 | Subject: [PATCH 01/26] remove double initialization of cryptodev engine | 4 | Subject: [PATCH 01/48] remove double initialization of cryptodev engine |
5 | 5 | ||
6 | cryptodev engine is initialized together with the other engines in | 6 | cryptodev engine is initialized together with the other engines in |
7 | ENGINE_load_builtin_engines. The initialization done through | 7 | ENGINE_load_builtin_engines. The initialization done through |
@@ -11,65 +11,66 @@ Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 | |||
11 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 11 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
12 | Reviewed-on: http://git.am.freescale.net:8181/17222 | 12 | Reviewed-on: http://git.am.freescale.net:8181/17222 |
13 | --- | 13 | --- |
14 | crypto/engine/eng_all.c | 11 ----------- | 14 | crypto/engine/eng_all.c | 12 ------------ |
15 | crypto/engine/engine.h | 4 ---- | 15 | crypto/engine/engine.h | 4 ---- |
16 | crypto/evp/c_all.c | 5 ----- | 16 | crypto/evp/c_all.c | 5 ----- |
17 | util/libeay.num | 2 +- | 17 | util/libeay.num | 2 +- |
18 | 4 files changed, 1 insertion(+), 21 deletions(-) | 18 | 4 files changed, 1 insertion(+), 22 deletions(-) |
19 | 19 | ||
20 | diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c | 20 | diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c |
21 | index 6093376..f16c043 100644 | 21 | index 48ad0d2..a198c5f 100644 |
22 | --- a/crypto/engine/eng_all.c | 22 | --- a/crypto/engine/eng_all.c |
23 | +++ b/crypto/engine/eng_all.c | 23 | +++ b/crypto/engine/eng_all.c |
24 | @@ -122,14 +122,3 @@ void ENGINE_load_builtin_engines(void) | 24 | @@ -122,15 +122,3 @@ void ENGINE_load_builtin_engines(void) |
25 | #endif | 25 | #endif |
26 | ENGINE_register_all_complete(); | 26 | ENGINE_register_all_complete(); |
27 | } | 27 | } |
28 | - | 28 | - |
29 | -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | 29 | -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) |
30 | -void ENGINE_setup_bsd_cryptodev(void) { | 30 | -void ENGINE_setup_bsd_cryptodev(void) |
31 | - static int bsd_cryptodev_default_loaded = 0; | 31 | -{ |
32 | - if (!bsd_cryptodev_default_loaded) { | 32 | - static int bsd_cryptodev_default_loaded = 0; |
33 | - ENGINE_load_cryptodev(); | 33 | - if (!bsd_cryptodev_default_loaded) { |
34 | - ENGINE_register_all_complete(); | 34 | - ENGINE_load_cryptodev(); |
35 | - } | 35 | - ENGINE_register_all_complete(); |
36 | - bsd_cryptodev_default_loaded=1; | 36 | - } |
37 | - bsd_cryptodev_default_loaded = 1; | ||
37 | -} | 38 | -} |
38 | -#endif | 39 | -#endif |
39 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h | 40 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h |
40 | index f8be497..237a6c9 100644 | 41 | index bd7b591..020d912 100644 |
41 | --- a/crypto/engine/engine.h | 42 | --- a/crypto/engine/engine.h |
42 | +++ b/crypto/engine/engine.h | 43 | +++ b/crypto/engine/engine.h |
43 | @@ -740,10 +740,6 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, | 44 | @@ -857,10 +857,6 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, |
44 | * values. */ | 45 | */ |
45 | void *ENGINE_get_static_state(void); | 46 | void *ENGINE_get_static_state(void); |
46 | 47 | ||
47 | -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | 48 | -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) |
48 | -void ENGINE_setup_bsd_cryptodev(void); | 49 | -void ENGINE_setup_bsd_cryptodev(void); |
49 | -#endif | 50 | -# endif |
50 | - | 51 | - |
51 | /* BEGIN ERROR CODES */ | 52 | /* BEGIN ERROR CODES */ |
52 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 53 | /* |
53 | * made after this point may be overwritten when the script is next run. | 54 | * The following lines are auto generated by the script mkerr.pl. Any changes |
54 | diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c | 55 | diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c |
55 | index 766c4ce..5d6c21b 100644 | 56 | index a3ed00d..719e34d 100644 |
56 | --- a/crypto/evp/c_all.c | 57 | --- a/crypto/evp/c_all.c |
57 | +++ b/crypto/evp/c_all.c | 58 | +++ b/crypto/evp/c_all.c |
58 | @@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void) | 59 | @@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void) |
59 | OPENSSL_cpuid_setup(); | 60 | OPENSSL_cpuid_setup(); |
60 | OpenSSL_add_all_ciphers(); | 61 | OpenSSL_add_all_ciphers(); |
61 | OpenSSL_add_all_digests(); | 62 | OpenSSL_add_all_digests(); |
62 | -#ifndef OPENSSL_NO_ENGINE | 63 | -#ifndef OPENSSL_NO_ENGINE |
63 | -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) | 64 | -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) |
64 | - ENGINE_setup_bsd_cryptodev(); | 65 | - ENGINE_setup_bsd_cryptodev(); |
65 | -# endif | 66 | -# endif |
66 | -#endif | 67 | -#endif |
67 | } | 68 | } |
68 | diff --git a/util/libeay.num b/util/libeay.num | 69 | diff --git a/util/libeay.num b/util/libeay.num |
69 | index aa86b2b..ae50040 100755 | 70 | index 2094ab3..2742cf5 100755 |
70 | --- a/util/libeay.num | 71 | --- a/util/libeay.num |
71 | +++ b/util/libeay.num | 72 | +++ b/util/libeay.num |
72 | @@ -2801,7 +2801,7 @@ BIO_indent 3242 EXIST::FUNCTION: | 73 | @@ -2805,7 +2805,7 @@ BIO_indent 3242 EXIST::FUNCTION: |
73 | BUF_strlcpy 3243 EXIST::FUNCTION: | 74 | BUF_strlcpy 3243 EXIST::FUNCTION: |
74 | OpenSSLDie 3244 EXIST::FUNCTION: | 75 | OpenSSLDie 3244 EXIST::FUNCTION: |
75 | OPENSSL_cleanse 3245 EXIST::FUNCTION: | 76 | OPENSSL_cleanse 3245 EXIST::FUNCTION: |
@@ -79,5 +80,5 @@ index aa86b2b..ae50040 100755 | |||
79 | EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES | 80 | EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES |
80 | FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: | 81 | FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: |
81 | -- | 82 | -- |
82 | 2.3.5 | 83 | 2.7.0 |
83 | 84 | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch index ab2b7ea9..d5907892 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 | 1 | From e7c630f8417b6f4e1bf2466e545ffe04af2eff00 Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Thu, 29 Aug 2013 16:51:18 +0300 | 3 | Date: Thu, 29 Aug 2013 16:51:18 +0300 |
4 | Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload | 4 | Subject: [PATCH 02/48] eng_cryptodev: add support for TLS algorithms offload |
5 | 5 | ||
6 | - aes-128-cbc-hmac-sha1 | 6 | - aes-128-cbc-hmac-sha1 |
7 | - aes-256-cbc-hmac-sha1 | 7 | - aes-256-cbc-hmac-sha1 |
@@ -9,309 +9,335 @@ Subject: [PATCH 02/26] eng_cryptodev: add support for TLS algorithms offload | |||
9 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | 9 | Requires TLS patches on cryptodev and TLS algorithm support in Linux |
10 | kernel driver. | 10 | kernel driver. |
11 | 11 | ||
12 | Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f | ||
13 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 12 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
14 | Reviewed-on: http://git.am.freescale.net:8181/17223 | ||
15 | --- | 13 | --- |
16 | crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- | 14 | crypto/engine/eng_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++++-- |
17 | 1 file changed, 211 insertions(+), 11 deletions(-) | 15 | 1 file changed, 215 insertions(+), 11 deletions(-) |
18 | 16 | ||
19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 17 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
20 | index 5a715ac..7588a28 100644 | 18 | index 8fb9c33..4d783d4 100644 |
21 | --- a/crypto/engine/eng_cryptodev.c | 19 | --- a/crypto/engine/eng_cryptodev.c |
22 | +++ b/crypto/engine/eng_cryptodev.c | 20 | +++ b/crypto/engine/eng_cryptodev.c |
23 | @@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) | 21 | @@ -71,6 +71,9 @@ void ENGINE_load_cryptodev(void) |
24 | struct dev_crypto_state { | 22 | struct dev_crypto_state { |
25 | struct session_op d_sess; | 23 | struct session_op d_sess; |
26 | int d_fd; | 24 | int d_fd; |
27 | + unsigned char *aad; | 25 | + unsigned char *aad; |
28 | + unsigned int aad_len; | 26 | + unsigned int aad_len; |
29 | + unsigned int len; | 27 | + unsigned int len; |
30 | 28 | # ifdef USE_CRYPTODEV_DIGESTS | |
31 | #ifdef USE_CRYPTODEV_DIGESTS | 29 | char dummy_mac_key[HASH_MAX_LEN]; |
32 | char dummy_mac_key[HASH_MAX_LEN]; | 30 | unsigned char digest_res[HASH_MAX_LEN]; |
33 | @@ -140,17 +143,20 @@ static struct { | 31 | @@ -141,24 +144,25 @@ static struct { |
34 | int nid; | 32 | int nid; |
35 | int ivmax; | 33 | int ivmax; |
36 | int keylen; | 34 | int keylen; |
37 | + int mackeylen; | 35 | + int mackeylen; |
38 | } ciphers[] = { | 36 | } ciphers[] = { |
39 | - { CRYPTO_ARC4, NID_rc4, 0, 16, }, | 37 | { |
40 | - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, | 38 | - CRYPTO_ARC4, NID_rc4, 0, 16, |
41 | - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, | 39 | + CRYPTO_ARC4, NID_rc4, 0, 16, 0 |
42 | - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, | 40 | }, |
43 | - { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, | 41 | { |
44 | - { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, | 42 | - CRYPTO_DES_CBC, NID_des_cbc, 8, 8, |
45 | - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, | 43 | + CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0 |
46 | - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, | 44 | }, |
47 | - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, | 45 | { |
48 | - { 0, NID_undef, 0, 0, }, | 46 | - CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, |
49 | + { CRYPTO_ARC4, NID_rc4, 0, 16, 0}, | 47 | + CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0 |
50 | + { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, 0}, | 48 | }, |
51 | + { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, 0}, | 49 | { |
52 | + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0}, | 50 | - CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, |
53 | + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0}, | 51 | + CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, 0 |
54 | + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0}, | 52 | }, |
55 | + { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, | 53 | { |
56 | + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, | 54 | - CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, |
57 | + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, | 55 | + CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, 0 |
58 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | 56 | }, |
59 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | 57 | { |
60 | + { 0, NID_undef, 0, 0, 0}, | 58 | - CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, |
59 | + CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, 0 | ||
60 | }, | ||
61 | # ifdef CRYPTO_AES_CTR | ||
62 | { | ||
63 | @@ -172,16 +176,22 @@ static struct { | ||
64 | }, | ||
65 | # endif | ||
66 | { | ||
67 | - CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, | ||
68 | + CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0 | ||
69 | }, | ||
70 | { | ||
71 | - CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, | ||
72 | + CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0 | ||
73 | }, | ||
74 | { | ||
75 | - CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, | ||
76 | + CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0 | ||
77 | }, | ||
78 | { | ||
79 | - 0, NID_undef, 0, 0, | ||
80 | + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20 | ||
81 | + }, | ||
82 | + { | ||
83 | + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 | ||
84 | + }, | ||
85 | + { | ||
86 | + 0, NID_undef, 0, 0, 0 | ||
87 | }, | ||
61 | }; | 88 | }; |
62 | 89 | ||
63 | #ifdef USE_CRYPTODEV_DIGESTS | 90 | @@ -295,13 +305,15 @@ static int get_cryptodev_ciphers(const int **cnids) |
64 | @@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) | 91 | } |
65 | } | 92 | memset(&sess, 0, sizeof(sess)); |
66 | memset(&sess, 0, sizeof(sess)); | 93 | sess.key = (caddr_t) "123456789abcdefghijklmno"; |
67 | sess.key = (caddr_t)"123456789abcdefghijklmno"; | 94 | + sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO"; |
68 | + sess.mackey = (caddr_t)"123456789ABCDEFGHIJKLMNO"; | ||
69 | 95 | ||
70 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | 96 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { |
71 | if (ciphers[i].nid == NID_undef) | 97 | if (ciphers[i].nid == NID_undef) |
72 | continue; | 98 | continue; |
73 | sess.cipher = ciphers[i].id; | 99 | sess.cipher = ciphers[i].id; |
74 | sess.keylen = ciphers[i].keylen; | 100 | sess.keylen = ciphers[i].keylen; |
75 | - sess.mac = 0; | 101 | - sess.mac = 0; |
76 | + sess.mackeylen = ciphers[i].mackeylen; | 102 | + sess.mackeylen = ciphers[i].mackeylen; |
77 | + | 103 | + |
78 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 104 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && |
79 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 105 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) |
80 | nids[count++] = ciphers[i].nid; | 106 | nids[count++] = ciphers[i].nid; |
81 | @@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 107 | @@ -457,6 +469,66 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
82 | return (1); | 108 | return (1); |
83 | } | 109 | } |
84 | 110 | ||
85 | + | ||
86 | +static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 111 | +static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
87 | + const unsigned char *in, size_t len) | 112 | + const unsigned char *in, size_t len) |
88 | +{ | 113 | +{ |
89 | + struct crypt_auth_op cryp; | 114 | + struct crypt_auth_op cryp; |
90 | + struct dev_crypto_state *state = ctx->cipher_data; | 115 | + struct dev_crypto_state *state = ctx->cipher_data; |
91 | + struct session_op *sess = &state->d_sess; | 116 | + struct session_op *sess = &state->d_sess; |
92 | + const void *iiv; | 117 | + const void *iiv; |
93 | + unsigned char save_iv[EVP_MAX_IV_LENGTH]; | 118 | + unsigned char save_iv[EVP_MAX_IV_LENGTH]; |
94 | + | 119 | + |
95 | + if (state->d_fd < 0) | 120 | + if (state->d_fd < 0) |
96 | + return (0); | 121 | + return (0); |
97 | + if (!len) | 122 | + if (!len) |
98 | + return (1); | 123 | + return (1); |
99 | + if ((len % ctx->cipher->block_size) != 0) | 124 | + if ((len % ctx->cipher->block_size) != 0) |
100 | + return (0); | 125 | + return (0); |
101 | + | 126 | + |
102 | + memset(&cryp, 0, sizeof(cryp)); | 127 | + memset(&cryp, 0, sizeof(cryp)); |
103 | + | 128 | + |
104 | + /* TODO: make a seamless integration with cryptodev flags */ | 129 | + /* TODO: make a seamless integration with cryptodev flags */ |
105 | + switch (ctx->cipher->nid) { | 130 | + switch (ctx->cipher->nid) { |
106 | + case NID_aes_128_cbc_hmac_sha1: | 131 | + case NID_aes_128_cbc_hmac_sha1: |
107 | + case NID_aes_256_cbc_hmac_sha1: | 132 | + case NID_aes_256_cbc_hmac_sha1: |
108 | + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | 133 | + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; |
109 | + } | 134 | + } |
110 | + cryp.ses = sess->ses; | 135 | + cryp.ses = sess->ses; |
111 | + cryp.len = state->len; | 136 | + cryp.len = state->len; |
112 | + cryp.src = (caddr_t) in; | 137 | + cryp.src = (caddr_t) in; |
113 | + cryp.dst = (caddr_t) out; | 138 | + cryp.dst = (caddr_t) out; |
114 | + cryp.auth_src = state->aad; | 139 | + cryp.auth_src = state->aad; |
115 | + cryp.auth_len = state->aad_len; | 140 | + cryp.auth_len = state->aad_len; |
116 | + | 141 | + |
117 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | 142 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; |
118 | + | 143 | + |
119 | + if (ctx->cipher->iv_len) { | 144 | + if (ctx->cipher->iv_len) { |
120 | + cryp.iv = (caddr_t) ctx->iv; | 145 | + cryp.iv = (caddr_t) ctx->iv; |
121 | + if (!ctx->encrypt) { | 146 | + if (!ctx->encrypt) { |
122 | + iiv = in + len - ctx->cipher->iv_len; | 147 | + iiv = in + len - ctx->cipher->iv_len; |
123 | + memcpy(save_iv, iiv, ctx->cipher->iv_len); | 148 | + memcpy(save_iv, iiv, ctx->cipher->iv_len); |
124 | + } | 149 | + } |
125 | + } else | 150 | + } else |
126 | + cryp.iv = NULL; | 151 | + cryp.iv = NULL; |
127 | + | 152 | + |
128 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | 153 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { |
129 | + /* XXX need better errror handling | 154 | + /* |
130 | + * this can fail for a number of different reasons. | 155 | + * XXX need better errror handling this can fail for a number of |
131 | + */ | 156 | + * different reasons. |
132 | + return (0); | 157 | + */ |
133 | + } | 158 | + return (0); |
159 | + } | ||
134 | + | 160 | + |
135 | + if (ctx->cipher->iv_len) { | 161 | + if (ctx->cipher->iv_len) { |
136 | + if (ctx->encrypt) | 162 | + if (ctx->encrypt) |
137 | + iiv = out + len - ctx->cipher->iv_len; | 163 | + iiv = out + len - ctx->cipher->iv_len; |
138 | + else | 164 | + else |
139 | + iiv = save_iv; | 165 | + iiv = save_iv; |
140 | + memcpy(ctx->iv, iiv, ctx->cipher->iv_len); | 166 | + memcpy(ctx->iv, iiv, ctx->cipher->iv_len); |
141 | + } | 167 | + } |
142 | + return (1); | 168 | + return (1); |
143 | +} | 169 | +} |
144 | + | 170 | + |
145 | + | ||
146 | static int | 171 | static int |
147 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 172 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
148 | const unsigned char *iv, int enc) | 173 | const unsigned char *iv, int enc) |
149 | @@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 174 | @@ -496,6 +568,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
150 | return (1); | ||
151 | } | 175 | } |
152 | 176 | ||
153 | +/* Save the encryption key provided by upper layers. | 177 | /* |
154 | + * | 178 | + * Save the encryption key provided by upper layers. This function is called |
155 | + * This function is called by EVP_CipherInit_ex to initialize the algorithm's | 179 | + * by EVP_CipherInit_ex to initialize the algorithm's extra data. We can't do |
156 | + * extra data. We can't do much here because the mac key is not available. | 180 | + * much here because the mac key is not available. The next call should/will |
157 | + * The next call should/will be to cryptodev_cbc_hmac_sha1_ctrl with parameter | 181 | + * be to cryptodev_cbc_hmac_sha1_ctrl with parameter |
158 | + * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION | 182 | + * EVP_CTRL_AEAD_SET_MAC_KEY, to set the hmac key. There we call CIOCGSESSION |
159 | + * with both the crypto and hmac keys. | 183 | + * with both the crypto and hmac keys. |
160 | + */ | 184 | + */ |
161 | +static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, | 185 | +static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, |
162 | + const unsigned char *key, const unsigned char *iv, int enc) | 186 | + const unsigned char *key, |
187 | + const unsigned char *iv, int enc) | ||
163 | +{ | 188 | +{ |
164 | + struct dev_crypto_state *state = ctx->cipher_data; | 189 | + struct dev_crypto_state *state = ctx->cipher_data; |
165 | + struct session_op *sess = &state->d_sess; | 190 | + struct session_op *sess = &state->d_sess; |
166 | + int cipher = -1, i; | 191 | + int cipher = -1, i; |
167 | + | 192 | + |
168 | + for (i = 0; ciphers[i].id; i++) | 193 | + for (i = 0; ciphers[i].id; i++) |
169 | + if (ctx->cipher->nid == ciphers[i].nid && | 194 | + if (ctx->cipher->nid == ciphers[i].nid && |
170 | + ctx->cipher->iv_len <= ciphers[i].ivmax && | 195 | + ctx->cipher->iv_len <= ciphers[i].ivmax && |
171 | + ctx->key_len == ciphers[i].keylen) { | 196 | + ctx->key_len == ciphers[i].keylen) { |
172 | + cipher = ciphers[i].id; | 197 | + cipher = ciphers[i].id; |
173 | + break; | 198 | + break; |
174 | + } | 199 | + } |
175 | + | 200 | + |
176 | + if (!ciphers[i].id) { | 201 | + if (!ciphers[i].id) { |
177 | + state->d_fd = -1; | 202 | + state->d_fd = -1; |
178 | + return (0); | 203 | + return (0); |
179 | + } | 204 | + } |
180 | + | 205 | + |
181 | + memset(sess, 0, sizeof(struct session_op)); | 206 | + memset(sess, 0, sizeof(struct session_op)); |
182 | + | 207 | + |
183 | + sess->key = (caddr_t)key; | 208 | + sess->key = (caddr_t) key; |
184 | + sess->keylen = ctx->key_len; | 209 | + sess->keylen = ctx->key_len; |
185 | + sess->cipher = cipher; | 210 | + sess->cipher = cipher; |
186 | + | 211 | + |
187 | + /* for whatever reason, (1) means success */ | 212 | + /* for whatever reason, (1) means success */ |
188 | + return (1); | 213 | + return (1); |
189 | +} | 214 | +} |
190 | + | 215 | + |
191 | + | 216 | +/* |
192 | /* | ||
193 | * free anything we allocated earlier when initting a | 217 | * free anything we allocated earlier when initting a |
194 | * session, and close the session. | 218 | * session, and close the session. |
195 | @@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) | 219 | */ |
196 | return (ret); | 220 | @@ -529,6 +640,63 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) |
221 | return (ret); | ||
197 | } | 222 | } |
198 | 223 | ||
199 | +static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | 224 | +static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, |
200 | + void *ptr) | 225 | + int arg, void *ptr) |
201 | +{ | 226 | +{ |
202 | + switch (type) { | 227 | + switch (type) { |
203 | + case EVP_CTRL_AEAD_SET_MAC_KEY: | 228 | + case EVP_CTRL_AEAD_SET_MAC_KEY: |
204 | + { | 229 | + { |
205 | + /* TODO: what happens with hmac keys larger than 64 bytes? */ | 230 | + /* TODO: what happens with hmac keys larger than 64 bytes? */ |
206 | + struct dev_crypto_state *state = ctx->cipher_data; | 231 | + struct dev_crypto_state *state = ctx->cipher_data; |
207 | + struct session_op *sess = &state->d_sess; | 232 | + struct session_op *sess = &state->d_sess; |
208 | + | 233 | + |
209 | + if ((state->d_fd = get_dev_crypto()) < 0) | 234 | + if ((state->d_fd = get_dev_crypto()) < 0) |
210 | + return (0); | 235 | + return (0); |
211 | + | 236 | + |
212 | + /* the rest should have been set in cryptodev_init_aead_key */ | 237 | + /* the rest should have been set in cryptodev_init_aead_key */ |
213 | + sess->mackey = ptr; | 238 | + sess->mackey = ptr; |
214 | + sess->mackeylen = arg; | 239 | + sess->mackeylen = arg; |
215 | + | 240 | + |
216 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | 241 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { |
217 | + put_dev_crypto(state->d_fd); | 242 | + put_dev_crypto(state->d_fd); |
218 | + state->d_fd = -1; | 243 | + state->d_fd = -1; |
219 | + return (0); | 244 | + return (0); |
220 | + } | 245 | + } |
221 | + return (1); | 246 | + return (1); |
222 | + } | 247 | + } |
223 | + case EVP_CTRL_AEAD_TLS1_AAD: | 248 | + case EVP_CTRL_AEAD_TLS1_AAD: |
224 | + { | 249 | + { |
225 | + /* ptr points to the associated data buffer of 13 bytes */ | 250 | + /* ptr points to the associated data buffer of 13 bytes */ |
226 | + struct dev_crypto_state *state = ctx->cipher_data; | 251 | + struct dev_crypto_state *state = ctx->cipher_data; |
227 | + unsigned char *p = ptr; | 252 | + unsigned char *p = ptr; |
228 | + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; | 253 | + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; |
229 | + unsigned int maclen, padlen; | 254 | + unsigned int maclen, padlen; |
230 | + unsigned int bs = ctx->cipher->block_size; | 255 | + unsigned int bs = ctx->cipher->block_size; |
231 | + | 256 | + |
232 | + state->aad = ptr; | 257 | + state->aad = ptr; |
233 | + state->aad_len = arg; | 258 | + state->aad_len = arg; |
234 | + state->len = cryptlen; | 259 | + state->len = cryptlen; |
235 | + | 260 | + |
236 | + /* TODO: this should be an extension of EVP_CIPHER struct */ | 261 | + /* TODO: this should be an extension of EVP_CIPHER struct */ |
237 | + switch (ctx->cipher->nid) { | 262 | + switch (ctx->cipher->nid) { |
238 | + case NID_aes_128_cbc_hmac_sha1: | 263 | + case NID_aes_128_cbc_hmac_sha1: |
239 | + case NID_aes_256_cbc_hmac_sha1: | 264 | + case NID_aes_256_cbc_hmac_sha1: |
240 | + maclen = SHA_DIGEST_LENGTH; | 265 | + maclen = SHA_DIGEST_LENGTH; |
241 | + } | 266 | + } |
242 | + | 267 | + |
243 | + /* space required for encryption (not only TLS padding) */ | 268 | + /* space required for encryption (not only TLS padding) */ |
244 | + padlen = maclen; | 269 | + padlen = maclen; |
245 | + if (ctx->encrypt) { | 270 | + if (ctx->encrypt) { |
246 | + cryptlen += maclen; | 271 | + cryptlen += maclen; |
247 | + padlen += bs - (cryptlen % bs); | 272 | + padlen += bs - (cryptlen % bs); |
248 | + } | 273 | + } |
249 | + return padlen; | 274 | + return padlen; |
250 | + } | 275 | + } |
251 | + default: | 276 | + default: |
252 | + return -1; | 277 | + return -1; |
253 | + } | 278 | + } |
254 | +} | 279 | +} |
255 | + | 280 | + |
256 | /* | 281 | /* |
257 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | 282 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine |
258 | * gets called when libcrypto requests a cipher NID. | 283 | * gets called when libcrypto requests a cipher NID. |
259 | @@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { | 284 | @@ -641,6 +809,34 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { |
260 | NULL | 285 | NULL |
261 | }; | 286 | }; |
262 | 287 | ||
263 | +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { | 288 | +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { |
264 | + NID_aes_128_cbc_hmac_sha1, | 289 | + NID_aes_128_cbc_hmac_sha1, |
265 | + 16, 16, 16, | 290 | + 16, 16, 16, |
266 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | 291 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, |
267 | + cryptodev_init_aead_key, | 292 | + cryptodev_init_aead_key, |
268 | + cryptodev_aead_cipher, | 293 | + cryptodev_aead_cipher, |
269 | + cryptodev_cleanup, | 294 | + cryptodev_cleanup, |
270 | + sizeof(struct dev_crypto_state), | 295 | + sizeof(struct dev_crypto_state), |
271 | + EVP_CIPHER_set_asn1_iv, | 296 | + EVP_CIPHER_set_asn1_iv, |
272 | + EVP_CIPHER_get_asn1_iv, | 297 | + EVP_CIPHER_get_asn1_iv, |
273 | + cryptodev_cbc_hmac_sha1_ctrl, | 298 | + cryptodev_cbc_hmac_sha1_ctrl, |
274 | + NULL | 299 | + NULL |
275 | +}; | 300 | +}; |
276 | + | 301 | + |
277 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | 302 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { |
278 | + NID_aes_256_cbc_hmac_sha1, | 303 | + NID_aes_256_cbc_hmac_sha1, |
279 | + 16, 32, 16, | 304 | + 16, 32, 16, |
280 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | 305 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, |
281 | + cryptodev_init_aead_key, | 306 | + cryptodev_init_aead_key, |
282 | + cryptodev_aead_cipher, | 307 | + cryptodev_aead_cipher, |
283 | + cryptodev_cleanup, | 308 | + cryptodev_cleanup, |
284 | + sizeof(struct dev_crypto_state), | 309 | + sizeof(struct dev_crypto_state), |
285 | + EVP_CIPHER_set_asn1_iv, | 310 | + EVP_CIPHER_set_asn1_iv, |
286 | + EVP_CIPHER_get_asn1_iv, | 311 | + EVP_CIPHER_get_asn1_iv, |
287 | + cryptodev_cbc_hmac_sha1_ctrl, | 312 | + cryptodev_cbc_hmac_sha1_ctrl, |
288 | + NULL | 313 | + NULL |
289 | +}; | 314 | +}; |
290 | /* | 315 | + |
291 | * Registered by the ENGINE when used to find out how to deal with | 316 | # ifdef CRYPTO_AES_CTR |
292 | * a particular NID in the ENGINE. this says what we'll do at the | 317 | const EVP_CIPHER cryptodev_aes_ctr = { |
293 | @@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | 318 | NID_aes_128_ctr, |
294 | case NID_aes_256_cbc: | 319 | @@ -729,6 +925,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
295 | *cipher = &cryptodev_aes_256_cbc; | 320 | *cipher = &cryptodev_aes_ctr_256; |
296 | break; | 321 | break; |
297 | + case NID_aes_128_cbc_hmac_sha1: | 322 | # endif |
298 | + *cipher = &cryptodev_aes_128_cbc_hmac_sha1; | 323 | + case NID_aes_128_cbc_hmac_sha1: |
299 | + break; | 324 | + *cipher = &cryptodev_aes_128_cbc_hmac_sha1; |
300 | + case NID_aes_256_cbc_hmac_sha1: | 325 | + break; |
301 | + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | 326 | + case NID_aes_256_cbc_hmac_sha1: |
302 | + break; | 327 | + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; |
303 | default: | 328 | + break; |
304 | *cipher = NULL; | 329 | default: |
305 | break; | 330 | *cipher = NULL; |
306 | @@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) | 331 | break; |
307 | } | 332 | @@ -1472,6 +1674,8 @@ void ENGINE_load_cryptodev(void) |
308 | put_dev_crypto(fd); | 333 | } |
334 | put_dev_crypto(fd); | ||
309 | 335 | ||
310 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | 336 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); |
311 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | 337 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); |
312 | if (!ENGINE_set_id(engine, "cryptodev") || | 338 | if (!ENGINE_set_id(engine, "cryptodev") || |
313 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | 339 | !ENGINE_set_name(engine, "BSD cryptodev engine") || |
314 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | 340 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || |
315 | -- | 341 | -- |
316 | 2.3.5 | 342 | 2.7.0 |
317 | 343 | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch index f0d97e9a..9d30cc32 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0003-cryptodev-fix-algorithm-registration.patch | |||
@@ -1,64 +1,61 @@ | |||
1 | From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 | 1 | From 36bb0879b498f8e87798848dafa058476f723165 Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Thu, 31 Jul 2014 14:06:19 +0300 | 3 | Date: Thu, 31 Jul 2014 14:06:19 +0300 |
4 | Subject: [PATCH 03/26] cryptodev: fix algorithm registration | 4 | Subject: [PATCH 03/48] cryptodev: fix algorithm registration |
5 | 5 | ||
6 | Cryptodev specific algorithms must register only if available in kernel. | 6 | Cryptodev specific algorithms must register only if available in kernel. |
7 | 7 | ||
8 | Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808 | ||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 8 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
10 | Reviewed-on: http://git.am.freescale.net:8181/15326 | ||
11 | Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com> | 9 | Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com> |
12 | Reviewed-on: http://git.am.freescale.net:8181/17224 | ||
13 | --- | 10 | --- |
14 | crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- | 11 | crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- |
15 | 1 file changed, 17 insertions(+), 3 deletions(-) | 12 | 1 file changed, 17 insertions(+), 3 deletions(-) |
16 | 13 | ||
17 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 14 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
18 | index 7588a28..e3eb98b 100644 | 15 | index 4d783d4..3b6515e 100644 |
19 | --- a/crypto/engine/eng_cryptodev.c | 16 | --- a/crypto/engine/eng_cryptodev.c |
20 | +++ b/crypto/engine/eng_cryptodev.c | 17 | +++ b/crypto/engine/eng_cryptodev.c |
21 | @@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, | 18 | @@ -134,6 +134,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, |
22 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | 19 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, |
23 | void (*f)(void)); | 20 | void (*f) (void)); |
24 | void ENGINE_load_cryptodev(void); | 21 | void ENGINE_load_cryptodev(void); |
25 | +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | 22 | +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; |
26 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | 23 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; |
27 | 24 | ||
28 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | 25 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { |
29 | { 0, NULL, NULL, 0 } | 26 | {0, NULL, NULL, 0} |
30 | @@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids) | 27 | @@ -389,7 +391,21 @@ static int get_cryptodev_digests(const int **cnids) |
31 | static int | 28 | */ |
32 | cryptodev_usable_ciphers(const int **nids) | 29 | static int cryptodev_usable_ciphers(const int **nids) |
33 | { | 30 | { |
34 | - return (get_cryptodev_ciphers(nids)); | 31 | - return (get_cryptodev_ciphers(nids)); |
35 | + int i, count; | 32 | + int i, count; |
36 | + | 33 | + |
37 | + count = get_cryptodev_ciphers(nids); | 34 | + count = get_cryptodev_ciphers(nids); |
38 | + /* add ciphers specific to cryptodev if found in kernel */ | 35 | + /* add ciphers specific to cryptodev if found in kernel */ |
39 | + for(i = 0; i < count; i++) { | 36 | + for (i = 0; i < count; i++) { |
40 | + switch (*(*nids + i)) { | 37 | + switch (*(*nids + i)) { |
41 | + case NID_aes_128_cbc_hmac_sha1: | 38 | + case NID_aes_128_cbc_hmac_sha1: |
42 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | 39 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); |
43 | + break; | 40 | + break; |
44 | + case NID_aes_256_cbc_hmac_sha1: | 41 | + case NID_aes_256_cbc_hmac_sha1: |
45 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | 42 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); |
46 | + break; | 43 | + break; |
47 | + } | 44 | + } |
48 | + } | 45 | + } |
49 | + return count; | 46 | + return count; |
50 | } | 47 | } |
51 | 48 | ||
52 | static int | 49 | static int cryptodev_usable_digests(const int **nids) |
53 | @@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void) | 50 | @@ -1674,8 +1690,6 @@ void ENGINE_load_cryptodev(void) |
54 | } | 51 | } |
55 | put_dev_crypto(fd); | 52 | put_dev_crypto(fd); |
56 | 53 | ||
57 | - EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | 54 | - EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); |
58 | - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | 55 | - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); |
59 | if (!ENGINE_set_id(engine, "cryptodev") || | 56 | if (!ENGINE_set_id(engine, "cryptodev") || |
60 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | 57 | !ENGINE_set_name(engine, "BSD cryptodev engine") || |
61 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | 58 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || |
62 | -- | 59 | -- |
63 | 2.3.5 | 60 | 2.7.0 |
64 | 61 | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch index c9ff5aa8..64a5c704 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-ECC-Support-header-for-Cryptodev-Engine.patch | |||
@@ -1,22 +1,22 @@ | |||
1 | From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 | 1 | From 0a9f99574266225c6fa1a10d91eb3fdc755140b8 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 11 Mar 2014 05:56:54 +0545 | 3 | Date: Tue, 11 Mar 2014 05:56:54 +0545 |
4 | Subject: [PATCH 05/26] ECC Support header for Cryptodev Engine | 4 | Subject: [PATCH 04/48] ECC Support header for Cryptodev Engine |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
9 | --- | 9 | --- |
10 | crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++ | 10 | crypto/engine/eng_cryptodev_ec.h | 297 +++++++++++++++++++++++++++++++++++++++ |
11 | 1 file changed, 296 insertions(+) | 11 | 1 file changed, 297 insertions(+) |
12 | create mode 100644 crypto/engine/eng_cryptodev_ec.h | 12 | create mode 100644 crypto/engine/eng_cryptodev_ec.h |
13 | 13 | ||
14 | diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h | 14 | diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h |
15 | new file mode 100644 | 15 | new file mode 100644 |
16 | index 0000000..77aee71 | 16 | index 0000000..af54c51 |
17 | --- /dev/null | 17 | --- /dev/null |
18 | +++ b/crypto/engine/eng_cryptodev_ec.h | 18 | +++ b/crypto/engine/eng_cryptodev_ec.h |
19 | @@ -0,0 +1,296 @@ | 19 | @@ -0,0 +1,297 @@ |
20 | +/* | 20 | +/* |
21 | + * Copyright (C) 2012 Freescale Semiconductor, Inc. | 21 | + * Copyright (C) 2012 Freescale Semiconductor, Inc. |
22 | + * | 22 | + * |
@@ -29,16 +29,17 @@ index 0000000..77aee71 | |||
29 | + * notice, this list of conditions and the following disclaimer in the | 29 | + * notice, this list of conditions and the following disclaimer in the |
30 | + * documentation and/or other materials provided with the distribution. | 30 | + * documentation and/or other materials provided with the distribution. |
31 | + * | 31 | + * |
32 | + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 32 | + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY |
33 | + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 33 | + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
34 | + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN | 34 | + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
35 | + * NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 35 | + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY |
36 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED | 36 | + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
37 | + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | 37 | + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
38 | + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | 38 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
39 | + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 39 | + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
40 | + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | 40 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
41 | + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 41 | + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
42 | + * | ||
42 | + */ | 43 | + */ |
43 | +#ifndef __ENG_EC_H | 44 | +#ifndef __ENG_EC_H |
44 | +#define __ENG_EC_H | 45 | +#define __ENG_EC_H |
@@ -314,5 +315,5 @@ index 0000000..77aee71 | |||
314 | +}; | 315 | +}; |
315 | +#endif | 316 | +#endif |
316 | -- | 317 | -- |
317 | 2.3.5 | 318 | 2.7.0 |
318 | 319 | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch deleted file mode 100644 index 2d722d8a..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch +++ /dev/null | |||
@@ -1,74 +0,0 @@ | |||
1 | From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andy Polyakov <appro@openssl.org> | ||
3 | Date: Sun, 21 Oct 2012 18:19:41 +0000 | ||
4 | Subject: [PATCH 04/26] linux-pcc: make it more robust and recognize | ||
5 | KERNEL_BITS variable. | ||
6 | |||
7 | (cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) | ||
8 | |||
9 | Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d | ||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | --- | ||
12 | config | 19 +++++++++++++------ | ||
13 | crypto/ppccap.c | 7 +++++++ | ||
14 | 2 files changed, 20 insertions(+), 6 deletions(-) | ||
15 | |||
16 | diff --git a/config b/config | ||
17 | index 41fa2a6..f37b9e6 100755 | ||
18 | --- a/config | ||
19 | +++ b/config | ||
20 | @@ -587,13 +587,20 @@ case "$GUESSOS" in | ||
21 | fi | ||
22 | ;; | ||
23 | ppc64-*-linux2) | ||
24 | - echo "WARNING! If you wish to build 64-bit library, then you have to" | ||
25 | - echo " invoke './Configure linux-ppc64' *manually*." | ||
26 | - if [ "$TEST" = "false" -a -t 1 ]; then | ||
27 | - echo " You have about 5 seconds to press Ctrl-C to abort." | ||
28 | - (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 | ||
29 | + if [ -z "$KERNEL_BITS" ]; then | ||
30 | + echo "WARNING! If you wish to build 64-bit library, then you have to" | ||
31 | + echo " invoke './Configure linux-ppc64' *manually*." | ||
32 | + if [ "$TEST" = "false" -a -t 1 ]; then | ||
33 | + echo " You have about 5 seconds to press Ctrl-C to abort." | ||
34 | + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 | ||
35 | + fi | ||
36 | + fi | ||
37 | + if [ "$KERNEL_BITS" = "64" ]; then | ||
38 | + OUT="linux-ppc64" | ||
39 | + else | ||
40 | + OUT="linux-ppc" | ||
41 | + (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" | ||
42 | fi | ||
43 | - OUT="linux-ppc" | ||
44 | ;; | ||
45 | ppc-*-linux2) OUT="linux-ppc" ;; | ||
46 | ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; | ||
47 | diff --git a/crypto/ppccap.c b/crypto/ppccap.c | ||
48 | index f71ba66..531f1b3 100644 | ||
49 | --- a/crypto/ppccap.c | ||
50 | +++ b/crypto/ppccap.c | ||
51 | @@ -4,6 +4,9 @@ | ||
52 | #include <setjmp.h> | ||
53 | #include <signal.h> | ||
54 | #include <unistd.h> | ||
55 | +#ifdef __linux | ||
56 | +#include <sys/utsname.h> | ||
57 | +#endif | ||
58 | #include <crypto.h> | ||
59 | #include <openssl/bn.h> | ||
60 | |||
61 | @@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void) | ||
62 | |||
63 | if (sizeof(size_t)==4) | ||
64 | { | ||
65 | +#ifdef __linux | ||
66 | + struct utsname uts; | ||
67 | + if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0) | ||
68 | +#endif | ||
69 | if (sigsetjmp(ill_jmp,1) == 0) | ||
70 | { | ||
71 | OPENSSL_ppc64_probe(); | ||
72 | -- | ||
73 | 2.3.5 | ||
74 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch new file mode 100644 index 00000000..ad253064 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0005-Initial-support-for-PKC-in-cryptodev-engine.patch | |||
@@ -0,0 +1,1578 @@ | |||
1 | From e28df2a5c63dc6195a6065bfd7de9fc860129f56 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 06:29:52 +0545 | ||
4 | Subject: [PATCH 05/48] Initial support for PKC in cryptodev engine | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | crypto/engine/eng_cryptodev.c | 1365 ++++++++++++++++++++++++++++++++++++----- | ||
11 | 1 file changed, 1202 insertions(+), 163 deletions(-) | ||
12 | |||
13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
14 | index 3b6515e..0b41bb2 100644 | ||
15 | --- a/crypto/engine/eng_cryptodev.c | ||
16 | +++ b/crypto/engine/eng_cryptodev.c | ||
17 | @@ -58,6 +58,10 @@ void ENGINE_load_cryptodev(void) | ||
18 | # include <openssl/dsa.h> | ||
19 | # include <openssl/err.h> | ||
20 | # include <openssl/rsa.h> | ||
21 | +# include <crypto/ecdsa/ecs_locl.h> | ||
22 | +# include <crypto/ecdh/ech_locl.h> | ||
23 | +# include <crypto/ec/ec_lcl.h> | ||
24 | +# include <crypto/ec/ec.h> | ||
25 | # include <sys/ioctl.h> | ||
26 | # include <errno.h> | ||
27 | # include <stdio.h> | ||
28 | @@ -67,6 +71,7 @@ void ENGINE_load_cryptodev(void) | ||
29 | # include <syslog.h> | ||
30 | # include <errno.h> | ||
31 | # include <string.h> | ||
32 | +# include "eng_cryptodev_ec.h" | ||
33 | |||
34 | struct dev_crypto_state { | ||
35 | struct session_op d_sess; | ||
36 | @@ -115,20 +120,10 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
37 | BN_CTX *ctx); | ||
38 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
39 | BN_CTX *ctx); | ||
40 | -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
41 | - const BIGNUM *p, const BIGNUM *m, | ||
42 | - BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
43 | -static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
44 | - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, | ||
45 | - BIGNUM *p, BN_CTX *ctx, | ||
46 | - BN_MONT_CTX *mont); | ||
47 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, | ||
48 | DSA *dsa); | ||
49 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
50 | DSA_SIG *sig, DSA *dsa); | ||
51 | -static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
52 | - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
53 | - BN_MONT_CTX *m_ctx); | ||
54 | static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, | ||
55 | DH *dh); | ||
56 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
57 | @@ -137,6 +132,105 @@ void ENGINE_load_cryptodev(void); | ||
58 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
59 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
60 | |||
61 | +inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
62 | +{ | ||
63 | + int len; | ||
64 | + unsigned char *p; | ||
65 | + | ||
66 | + len = BN_num_bytes(bn); | ||
67 | + | ||
68 | + if (!len) | ||
69 | + return -1; | ||
70 | + | ||
71 | + p = malloc(len); | ||
72 | + if (!p) | ||
73 | + return -1; | ||
74 | + | ||
75 | + BN_bn2bin(bn, p); | ||
76 | + | ||
77 | + *bin = p; | ||
78 | + *bin_len = len; | ||
79 | + | ||
80 | + return 0; | ||
81 | +} | ||
82 | + | ||
83 | +inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
84 | +{ | ||
85 | + int len; | ||
86 | + unsigned char *p; | ||
87 | + | ||
88 | + len = BN_num_bytes(bn); | ||
89 | + | ||
90 | + if (!len) | ||
91 | + return -1; | ||
92 | + | ||
93 | + if (len < *bin_len) | ||
94 | + p = malloc(*bin_len); | ||
95 | + else | ||
96 | + p = malloc(len); | ||
97 | + | ||
98 | + if (!p) | ||
99 | + return -ENOMEM; | ||
100 | + | ||
101 | + if (len < *bin_len) { | ||
102 | + /* place padding */ | ||
103 | + memset(p, 0, (*bin_len - len)); | ||
104 | + BN_bn2bin(bn, p + (*bin_len - len)); | ||
105 | + } else { | ||
106 | + BN_bn2bin(bn, p); | ||
107 | + } | ||
108 | + | ||
109 | + *bin = p; | ||
110 | + if (len >= *bin_len) | ||
111 | + *bin_len = len; | ||
112 | + | ||
113 | + return 0; | ||
114 | +} | ||
115 | + | ||
116 | +/** | ||
117 | + * Convert an ECC F2m 'b' parameter into the 'c' parameter. | ||
118 | + *Inputs: | ||
119 | + * q, the curve's modulus | ||
120 | + * b, the curve's b parameter | ||
121 | + * (a bignum for b, a buffer for c) | ||
122 | + * Output: | ||
123 | + * c, written into bin, right-adjusted to fill q_len bytes. | ||
124 | + */ | ||
125 | +static int | ||
126 | +eng_ec_compute_cparam(const BIGNUM *b, const BIGNUM *q, | ||
127 | + unsigned char **bin, int *bin_len) | ||
128 | +{ | ||
129 | + BIGNUM *c = BN_new(); | ||
130 | + BIGNUM *exp = BN_new(); | ||
131 | + BN_CTX *ctx = BN_CTX_new(); | ||
132 | + int m = BN_num_bits(q) - 1; | ||
133 | + int ok = 0; | ||
134 | + | ||
135 | + if (!c || !exp || !ctx || *bin) | ||
136 | + goto err; | ||
137 | + | ||
138 | + /* | ||
139 | + * We have to compute c, where b = c^4, i.e., the fourth root of b. | ||
140 | + * The equation for c is c = b^(2^(m-2)) | ||
141 | + * Compute exp = 2^(m-2) | ||
142 | + * (1 << x) == 2^x | ||
143 | + * and then compute c = b^exp | ||
144 | + */ | ||
145 | + BN_lshift(exp, BN_value_one(), m - 2); | ||
146 | + BN_GF2m_mod_exp(c, b, exp, q, ctx); | ||
147 | + /* Store c */ | ||
148 | + spcf_bn2bin_ex(c, bin, bin_len); | ||
149 | + ok = 1; | ||
150 | + err: | ||
151 | + if (ctx) | ||
152 | + BN_CTX_free(ctx); | ||
153 | + if (c) | ||
154 | + BN_free(c); | ||
155 | + if (exp) | ||
156 | + BN_free(exp); | ||
157 | + return ok; | ||
158 | +} | ||
159 | + | ||
160 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | ||
161 | {0, NULL, NULL, 0} | ||
162 | }; | ||
163 | @@ -1225,7 +1319,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
164 | */ | ||
165 | static int bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
166 | { | ||
167 | - int i, j, k; | ||
168 | ssize_t bytes, bits; | ||
169 | u_char *b; | ||
170 | |||
171 | @@ -1243,36 +1336,21 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
172 | crp->crp_p = (caddr_t) b; | ||
173 | crp->crp_nbits = bits; | ||
174 | |||
175 | - for (i = 0, j = 0; i < a->top; i++) { | ||
176 | - for (k = 0; k < BN_BITS2 / 8; k++) { | ||
177 | - if ((j + k) >= bytes) | ||
178 | - return (0); | ||
179 | - b[j + k] = a->d[i] >> (k * 8); | ||
180 | - } | ||
181 | - j += BN_BITS2 / 8; | ||
182 | - } | ||
183 | + BN_bn2bin(a, crp->crp_p); | ||
184 | return (0); | ||
185 | } | ||
186 | |||
187 | /* Convert a /dev/crypto parameter to a BIGNUM */ | ||
188 | static int crparam2bn(struct crparam *crp, BIGNUM *a) | ||
189 | { | ||
190 | - u_int8_t *pd; | ||
191 | - int i, bytes; | ||
192 | + int bytes; | ||
193 | |||
194 | bytes = (crp->crp_nbits + 7) / 8; | ||
195 | |||
196 | if (bytes == 0) | ||
197 | return (-1); | ||
198 | |||
199 | - if ((pd = (u_int8_t *) malloc(bytes)) == NULL) | ||
200 | - return (-1); | ||
201 | - | ||
202 | - for (i = 0; i < bytes; i++) | ||
203 | - pd[i] = crp->crp_p[bytes - i - 1]; | ||
204 | - | ||
205 | - BN_bin2bn(pd, bytes, a); | ||
206 | - free(pd); | ||
207 | + BN_bin2bn(crp->crp_p, bytes, a); | ||
208 | |||
209 | return (0); | ||
210 | } | ||
211 | @@ -1321,6 +1399,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
212 | return (ret); | ||
213 | } | ||
214 | |||
215 | +/* Close an opened instance of cryptodev engine */ | ||
216 | +void cryptodev_close_instance(void *handle) | ||
217 | +{ | ||
218 | + int fd; | ||
219 | + | ||
220 | + if (handle) { | ||
221 | + fd = *(int *)handle; | ||
222 | + close(fd); | ||
223 | + free(handle); | ||
224 | + } | ||
225 | +} | ||
226 | + | ||
227 | +/* Create an instance of cryptodev for asynchronous interface */ | ||
228 | +void *cryptodev_init_instance(void) | ||
229 | +{ | ||
230 | + int *fd = malloc(sizeof(int)); | ||
231 | + | ||
232 | + if (fd) { | ||
233 | + if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { | ||
234 | + free(fd); | ||
235 | + return NULL; | ||
236 | + } | ||
237 | + } | ||
238 | + return fd; | ||
239 | +} | ||
240 | + | ||
241 | static int | ||
242 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
243 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
244 | @@ -1337,8 +1441,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
245 | return (ret); | ||
246 | } | ||
247 | |||
248 | - memset(&kop, 0, sizeof kop); | ||
249 | kop.crk_op = CRK_MOD_EXP; | ||
250 | + kop.crk_oparams = 0; | ||
251 | + kop.crk_status = 0; | ||
252 | |||
253 | /* inputs: a^p % m */ | ||
254 | if (bn2crparam(a, &kop.crk_param[0])) | ||
255 | @@ -1381,28 +1486,39 @@ static int | ||
256 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
257 | { | ||
258 | struct crypt_kop kop; | ||
259 | - int ret = 1; | ||
260 | + int ret = 1, f_len, p_len, q_len; | ||
261 | + unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = | ||
262 | + NULL, *c = NULL; | ||
263 | |||
264 | if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | ||
265 | /* XXX 0 means failure?? */ | ||
266 | return (0); | ||
267 | } | ||
268 | |||
269 | - memset(&kop, 0, sizeof kop); | ||
270 | + kop.crk_oparams = 0; | ||
271 | + kop.crk_status = 0; | ||
272 | kop.crk_op = CRK_MOD_EXP_CRT; | ||
273 | + f_len = BN_num_bytes(rsa->n); | ||
274 | + spcf_bn2bin_ex(I, &f, &f_len); | ||
275 | + spcf_bn2bin(rsa->p, &p, &p_len); | ||
276 | + spcf_bn2bin(rsa->q, &q, &q_len); | ||
277 | + spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); | ||
278 | + spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); | ||
279 | + spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); | ||
280 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
281 | - if (bn2crparam(rsa->p, &kop.crk_param[0])) | ||
282 | - goto err; | ||
283 | - if (bn2crparam(rsa->q, &kop.crk_param[1])) | ||
284 | - goto err; | ||
285 | - if (bn2crparam(I, &kop.crk_param[2])) | ||
286 | - goto err; | ||
287 | - if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) | ||
288 | - goto err; | ||
289 | - if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) | ||
290 | - goto err; | ||
291 | - if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) | ||
292 | - goto err; | ||
293 | + kop.crk_param[0].crp_p = p; | ||
294 | + kop.crk_param[0].crp_nbits = p_len * 8; | ||
295 | + kop.crk_param[1].crp_p = q; | ||
296 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
297 | + kop.crk_param[2].crp_p = f; | ||
298 | + kop.crk_param[2].crp_nbits = f_len * 8; | ||
299 | + kop.crk_param[3].crp_p = dp; | ||
300 | + kop.crk_param[3].crp_nbits = p_len * 8; | ||
301 | + /* dq must of length q, rest all of length p */ | ||
302 | + kop.crk_param[4].crp_p = dq; | ||
303 | + kop.crk_param[4].crp_nbits = q_len * 8; | ||
304 | + kop.crk_param[5].crp_p = c; | ||
305 | + kop.crk_param[5].crp_nbits = p_len * 8; | ||
306 | kop.crk_iparams = 6; | ||
307 | |||
308 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { | ||
309 | @@ -1438,93 +1554,120 @@ static RSA_METHOD cryptodev_rsa = { | ||
310 | NULL /* rsa_verify */ | ||
311 | }; | ||
312 | |||
313 | -static int | ||
314 | -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
315 | - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
316 | -{ | ||
317 | - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
318 | -} | ||
319 | - | ||
320 | -static int | ||
321 | -cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
322 | - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
323 | - BN_CTX *ctx, BN_MONT_CTX *mont) | ||
324 | +static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, | ||
325 | + DSA *dsa) | ||
326 | { | ||
327 | - BIGNUM t2; | ||
328 | - int ret = 0; | ||
329 | - | ||
330 | - BN_init(&t2); | ||
331 | - | ||
332 | - /* v = ( g^u1 * y^u2 mod p ) mod q */ | ||
333 | - /* let t1 = g ^ u1 mod p */ | ||
334 | - ret = 0; | ||
335 | + struct crypt_kop kop; | ||
336 | + BIGNUM *c = NULL, *d = NULL; | ||
337 | + DSA_SIG *dsaret = NULL; | ||
338 | + int q_len = 0, r_len = 0, g_len = 0; | ||
339 | + int priv_key_len = 0, ret; | ||
340 | + unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = | ||
341 | + NULL; | ||
342 | |||
343 | - if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont)) | ||
344 | + memset(&kop, 0, sizeof kop); | ||
345 | + if ((c = BN_new()) == NULL) { | ||
346 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
347 | goto err; | ||
348 | + } | ||
349 | |||
350 | - /* let t2 = y ^ u2 mod p */ | ||
351 | - if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont)) | ||
352 | + if ((d = BN_new()) == NULL) { | ||
353 | + BN_free(c); | ||
354 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
355 | goto err; | ||
356 | - /* let u1 = t1 * t2 mod p */ | ||
357 | - if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx)) | ||
358 | + } | ||
359 | + | ||
360 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
361 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
362 | goto err; | ||
363 | + } | ||
364 | |||
365 | - BN_copy(t1, u1); | ||
366 | + /* Get order of the field of private keys into plain buffer */ | ||
367 | + if (spcf_bn2bin(dsa->q, &r, &r_len)) { | ||
368 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
369 | + goto err; | ||
370 | + } | ||
371 | |||
372 | - ret = 1; | ||
373 | - err: | ||
374 | - BN_free(&t2); | ||
375 | - return (ret); | ||
376 | -} | ||
377 | + /* sanity test */ | ||
378 | + if (dlen > r_len) { | ||
379 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
380 | + goto err; | ||
381 | + } | ||
382 | |||
383 | -static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, | ||
384 | - DSA *dsa) | ||
385 | -{ | ||
386 | - struct crypt_kop kop; | ||
387 | - BIGNUM *r = NULL, *s = NULL; | ||
388 | - DSA_SIG *dsaret = NULL; | ||
389 | + g_len = q_len; | ||
390 | + /** | ||
391 | + * Get generator into a plain buffer. If length is less than | ||
392 | + * q_len then add leading padding bytes. | ||
393 | + */ | ||
394 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
395 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
396 | + goto err; | ||
397 | + } | ||
398 | |||
399 | - if ((r = BN_new()) == NULL) | ||
400 | + priv_key_len = r_len; | ||
401 | + /** | ||
402 | + * Get private key into a plain buffer. If length is less than | ||
403 | + * r_len then add leading padding bytes. | ||
404 | + */ | ||
405 | + if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { | ||
406 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
407 | goto err; | ||
408 | - if ((s = BN_new()) == NULL) { | ||
409 | - BN_free(r); | ||
410 | + } | ||
411 | + | ||
412 | + /* Allocate memory to store hash. */ | ||
413 | + f = OPENSSL_malloc(r_len); | ||
414 | + if (!f) { | ||
415 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
416 | goto err; | ||
417 | } | ||
418 | |||
419 | - memset(&kop, 0, sizeof kop); | ||
420 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
421 | + if (dlen < r_len) | ||
422 | + memset(f, 0, r_len - dlen); | ||
423 | + | ||
424 | + /* Skip leading bytes if dgst_len < r_len */ | ||
425 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
426 | + | ||
427 | kop.crk_op = CRK_DSA_SIGN; | ||
428 | |||
429 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
430 | - kop.crk_param[0].crp_p = (caddr_t) dgst; | ||
431 | - kop.crk_param[0].crp_nbits = dlen * 8; | ||
432 | - if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
433 | - goto err; | ||
434 | - if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
435 | - goto err; | ||
436 | - if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
437 | + kop.crk_param[0].crp_p = (void *)f; | ||
438 | + kop.crk_param[0].crp_nbits = r_len * 8; | ||
439 | + kop.crk_param[1].crp_p = (void *)q; | ||
440 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
441 | + kop.crk_param[2].crp_p = (void *)r; | ||
442 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
443 | + kop.crk_param[3].crp_p = (void *)g; | ||
444 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
445 | + kop.crk_param[4].crp_p = (void *)priv_key; | ||
446 | + kop.crk_param[4].crp_nbits = priv_key_len * 8; | ||
447 | + kop.crk_iparams = 5; | ||
448 | + | ||
449 | + ret = cryptodev_asym(&kop, r_len, c, r_len, d); | ||
450 | + | ||
451 | + if (ret) { | ||
452 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR); | ||
453 | goto err; | ||
454 | - if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) | ||
455 | + } | ||
456 | + | ||
457 | + dsaret = DSA_SIG_new(); | ||
458 | + if (dsaret == NULL) | ||
459 | goto err; | ||
460 | - kop.crk_iparams = 5; | ||
461 | + dsaret->r = c; | ||
462 | + dsaret->s = d; | ||
463 | |||
464 | - if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, | ||
465 | - BN_num_bytes(dsa->q), s) == 0) { | ||
466 | - dsaret = DSA_SIG_new(); | ||
467 | - if (dsaret == NULL) | ||
468 | - goto err; | ||
469 | - dsaret->r = r; | ||
470 | - dsaret->s = s; | ||
471 | - r = s = NULL; | ||
472 | - } else { | ||
473 | + zapparams(&kop); | ||
474 | + return (dsaret); | ||
475 | + err: | ||
476 | + { | ||
477 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
478 | + if (c) | ||
479 | + BN_free(c); | ||
480 | + if (d) | ||
481 | + BN_free(d); | ||
482 | dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); | ||
483 | + return (dsaret); | ||
484 | } | ||
485 | - err: | ||
486 | - BN_free(r); | ||
487 | - BN_free(s); | ||
488 | - kop.crk_param[0].crp_p = NULL; | ||
489 | - zapparams(&kop); | ||
490 | - return (dsaret); | ||
491 | } | ||
492 | |||
493 | static int | ||
494 | @@ -1532,43 +1675,175 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | ||
495 | DSA_SIG *sig, DSA *dsa) | ||
496 | { | ||
497 | struct crypt_kop kop; | ||
498 | - int dsaret = 1; | ||
499 | + int dsaret = 1, q_len = 0, r_len = 0, g_len = 0; | ||
500 | + int w_len = 0, c_len = 0, d_len = 0, ret = -1; | ||
501 | + unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL; | ||
502 | + unsigned char *c = NULL, *d = NULL, *f = NULL; | ||
503 | |||
504 | memset(&kop, 0, sizeof kop); | ||
505 | kop.crk_op = CRK_DSA_VERIFY; | ||
506 | |||
507 | - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
508 | - kop.crk_param[0].crp_p = (caddr_t) dgst; | ||
509 | - kop.crk_param[0].crp_nbits = dlen * 8; | ||
510 | - if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
511 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
512 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
513 | + return ret; | ||
514 | + } | ||
515 | + | ||
516 | + /* Get Order of field of private keys */ | ||
517 | + if (spcf_bn2bin(dsa->q, &r, &r_len)) { | ||
518 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
519 | + goto err; | ||
520 | + } | ||
521 | + | ||
522 | + g_len = q_len; | ||
523 | + /** | ||
524 | + * Get generator into a plain buffer. If length is less than | ||
525 | + * q_len then add leading padding bytes. | ||
526 | + */ | ||
527 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
528 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
529 | goto err; | ||
530 | - if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
531 | + } | ||
532 | + w_len = q_len; | ||
533 | + /** | ||
534 | + * Get public key into a plain buffer. If length is less than | ||
535 | + * q_len then add leading padding bytes. | ||
536 | + */ | ||
537 | + if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { | ||
538 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
539 | goto err; | ||
540 | - if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
541 | + } | ||
542 | + /** | ||
543 | + * Get the 1st part of signature into a flat buffer with | ||
544 | + * appropriate padding | ||
545 | + */ | ||
546 | + c_len = r_len; | ||
547 | + | ||
548 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
549 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
550 | goto err; | ||
551 | - if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) | ||
552 | + } | ||
553 | + | ||
554 | + /** | ||
555 | + * Get the 2nd part of signature into a flat buffer with | ||
556 | + * appropriate padding | ||
557 | + */ | ||
558 | + d_len = r_len; | ||
559 | + | ||
560 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
561 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
562 | goto err; | ||
563 | - if (bn2crparam(sig->r, &kop.crk_param[5])) | ||
564 | + } | ||
565 | + | ||
566 | + /* Sanity test */ | ||
567 | + if (dlen > r_len) { | ||
568 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
569 | goto err; | ||
570 | - if (bn2crparam(sig->s, &kop.crk_param[6])) | ||
571 | + } | ||
572 | + | ||
573 | + /* Allocate memory to store hash. */ | ||
574 | + f = OPENSSL_malloc(r_len); | ||
575 | + if (!f) { | ||
576 | + DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
577 | goto err; | ||
578 | + } | ||
579 | + | ||
580 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
581 | + if (dlen < r_len) | ||
582 | + memset(f, 0, r_len - dlen); | ||
583 | + | ||
584 | + /* Skip leading bytes if dgst_len < r_len */ | ||
585 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
586 | + | ||
587 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
588 | + kop.crk_param[0].crp_p = (void *)f; | ||
589 | + kop.crk_param[0].crp_nbits = r_len * 8; | ||
590 | + kop.crk_param[1].crp_p = q; | ||
591 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
592 | + kop.crk_param[2].crp_p = r; | ||
593 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
594 | + kop.crk_param[3].crp_p = g; | ||
595 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
596 | + kop.crk_param[4].crp_p = w; | ||
597 | + kop.crk_param[4].crp_nbits = w_len * 8; | ||
598 | + kop.crk_param[5].crp_p = c; | ||
599 | + kop.crk_param[5].crp_nbits = c_len * 8; | ||
600 | + kop.crk_param[6].crp_p = d; | ||
601 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
602 | kop.crk_iparams = 7; | ||
603 | |||
604 | - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
605 | - /* | ||
606 | - * OCF success value is 0, if not zero, change dsaret to fail | ||
607 | - */ | ||
608 | - if (0 != kop.crk_status) | ||
609 | - dsaret = 0; | ||
610 | - } else { | ||
611 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
612 | + if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) { | ||
613 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); | ||
614 | + goto err; | ||
615 | + } | ||
616 | |||
617 | - dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); | ||
618 | + /* | ||
619 | + * OCF success value is 0, if not zero, change dsaret to fail | ||
620 | + */ | ||
621 | + if (0 != kop.crk_status) { | ||
622 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); | ||
623 | + goto err; | ||
624 | } | ||
625 | - err: | ||
626 | - kop.crk_param[0].crp_p = NULL; | ||
627 | + | ||
628 | zapparams(&kop); | ||
629 | return (dsaret); | ||
630 | + err: | ||
631 | + { | ||
632 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
633 | + dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); | ||
634 | + return dsaret; | ||
635 | + } | ||
636 | +} | ||
637 | + | ||
638 | +/* Cryptodev DSA Key Gen routine */ | ||
639 | +static int cryptodev_dsa_keygen(DSA *dsa) | ||
640 | +{ | ||
641 | + struct crypt_kop kop; | ||
642 | + int ret = 1, g_len; | ||
643 | + unsigned char *g = NULL; | ||
644 | + | ||
645 | + if (dsa->priv_key == NULL) { | ||
646 | + if ((dsa->priv_key = BN_new()) == NULL) | ||
647 | + goto sw_try; | ||
648 | + } | ||
649 | + | ||
650 | + if (dsa->pub_key == NULL) { | ||
651 | + if ((dsa->pub_key = BN_new()) == NULL) | ||
652 | + goto sw_try; | ||
653 | + } | ||
654 | + | ||
655 | + g_len = BN_num_bytes(dsa->p); | ||
656 | + /** | ||
657 | + * Get generator into a plain buffer. If length is less than | ||
658 | + * p_len then add leading padding bytes. | ||
659 | + */ | ||
660 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
661 | + DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
662 | + goto sw_try; | ||
663 | + } | ||
664 | + | ||
665 | + memset(&kop, 0, sizeof kop); | ||
666 | + | ||
667 | + kop.crk_op = CRK_DSA_GENERATE_KEY; | ||
668 | + if (bn2crparam(dsa->p, &kop.crk_param[0])) | ||
669 | + goto sw_try; | ||
670 | + if (bn2crparam(dsa->q, &kop.crk_param[1])) | ||
671 | + goto sw_try; | ||
672 | + kop.crk_param[2].crp_p = g; | ||
673 | + kop.crk_param[2].crp_nbits = g_len * 8; | ||
674 | + kop.crk_iparams = 3; | ||
675 | + | ||
676 | + /* pub_key is or prime length while priv key is of length of order */ | ||
677 | + if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key, | ||
678 | + BN_num_bytes(dsa->q), dsa->priv_key)) | ||
679 | + goto sw_try; | ||
680 | + | ||
681 | + return ret; | ||
682 | + sw_try: | ||
683 | + { | ||
684 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
685 | + ret = (meth->dsa_keygen) (dsa); | ||
686 | + } | ||
687 | + return ret; | ||
688 | } | ||
689 | |||
690 | static DSA_METHOD cryptodev_dsa = { | ||
691 | @@ -1584,12 +1859,558 @@ static DSA_METHOD cryptodev_dsa = { | ||
692 | NULL /* app_data */ | ||
693 | }; | ||
694 | |||
695 | -static int | ||
696 | -cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
697 | - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
698 | - BN_MONT_CTX *m_ctx) | ||
699 | +static ECDSA_METHOD cryptodev_ecdsa = { | ||
700 | + "cryptodev ECDSA method", | ||
701 | + NULL, | ||
702 | + NULL, /* ecdsa_sign_setup */ | ||
703 | + NULL, | ||
704 | + NULL, | ||
705 | + 0, /* flags */ | ||
706 | + NULL /* app_data */ | ||
707 | +}; | ||
708 | + | ||
709 | +typedef enum ec_curve_s { | ||
710 | + EC_PRIME, | ||
711 | + EC_BINARY | ||
712 | +} ec_curve_t; | ||
713 | + | ||
714 | +/* ENGINE handler for ECDSA Sign */ | ||
715 | +static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
716 | + int dgst_len, const BIGNUM *in_kinv, | ||
717 | + const BIGNUM *in_r, EC_KEY *eckey) | ||
718 | { | ||
719 | - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
720 | + BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
721 | + BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
722 | + BN_CTX *ctx = NULL; | ||
723 | + ECDSA_SIG *ret = NULL; | ||
724 | + ECDSA_DATA *ecdsa = NULL; | ||
725 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
726 | + unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = | ||
727 | + NULL; | ||
728 | + int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
729 | + int g_len = 0, d_len = 0, ab_len = 0; | ||
730 | + const BIGNUM *order = NULL, *priv_key = NULL; | ||
731 | + const EC_GROUP *group = NULL; | ||
732 | + struct crypt_kop kop; | ||
733 | + ec_curve_t ec_crv = EC_PRIME; | ||
734 | + | ||
735 | + memset(&kop, 0, sizeof(kop)); | ||
736 | + ecdsa = ecdsa_check(eckey); | ||
737 | + if (!ecdsa) { | ||
738 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
739 | + return NULL; | ||
740 | + } | ||
741 | + | ||
742 | + group = EC_KEY_get0_group(eckey); | ||
743 | + priv_key = EC_KEY_get0_private_key(eckey); | ||
744 | + | ||
745 | + if (!group || !priv_key) { | ||
746 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
747 | + return NULL; | ||
748 | + } | ||
749 | + | ||
750 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
751 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
752 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
753 | + (y = BN_new()) == NULL) { | ||
754 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
755 | + goto err; | ||
756 | + } | ||
757 | + | ||
758 | + order = &group->order; | ||
759 | + if (!order || BN_is_zero(order)) { | ||
760 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
761 | + goto err; | ||
762 | + } | ||
763 | + | ||
764 | + i = BN_num_bits(order); | ||
765 | + /* | ||
766 | + * Need to truncate digest if it is too long: first truncate whole bytes | ||
767 | + */ | ||
768 | + if (8 * dgst_len > i) | ||
769 | + dgst_len = (i + 7) / 8; | ||
770 | + | ||
771 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
772 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
773 | + goto err; | ||
774 | + } | ||
775 | + | ||
776 | + /* If still too long truncate remaining bits with a shift */ | ||
777 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
778 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
779 | + goto err; | ||
780 | + } | ||
781 | + | ||
782 | + /* copy the truncated bits into plain buffer */ | ||
783 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
784 | + fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, | ||
785 | + __LINE__); | ||
786 | + goto err; | ||
787 | + } | ||
788 | + | ||
789 | + ret = ECDSA_SIG_new(); | ||
790 | + if (!ret) { | ||
791 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
792 | + goto err; | ||
793 | + } | ||
794 | + | ||
795 | + /* check if this is prime or binary EC request */ | ||
796 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
797 | + NID_X9_62_prime_field) { | ||
798 | + ec_crv = EC_PRIME; | ||
799 | + /* get the generator point pair */ | ||
800 | + if (!EC_POINT_get_affine_coordinates_GFp | ||
801 | + (group, EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
802 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
803 | + goto err; | ||
804 | + } | ||
805 | + | ||
806 | + /* get the ECC curve parameters */ | ||
807 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
808 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
809 | + goto err; | ||
810 | + } | ||
811 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
812 | + NID_X9_62_characteristic_two_field) { | ||
813 | + ec_crv = EC_BINARY; | ||
814 | + /* get the ECC curve parameters */ | ||
815 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { | ||
816 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
817 | + goto err; | ||
818 | + } | ||
819 | + | ||
820 | + /* get the generator point pair */ | ||
821 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
822 | + EC_GROUP_get0_generator | ||
823 | + (group), x, y, ctx)) { | ||
824 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
825 | + goto err; | ||
826 | + } | ||
827 | + } else { | ||
828 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
829 | + goto err; | ||
830 | + } | ||
831 | + | ||
832 | + if (spcf_bn2bin(order, &r, &r_len)) { | ||
833 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
834 | + goto err; | ||
835 | + } | ||
836 | + | ||
837 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
838 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
839 | + goto err; | ||
840 | + } | ||
841 | + | ||
842 | + priv_key_len = r_len; | ||
843 | + | ||
844 | + /** | ||
845 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
846 | + * add padding bytes before the key | ||
847 | + */ | ||
848 | + if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { | ||
849 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
850 | + goto err; | ||
851 | + } | ||
852 | + | ||
853 | + /* Generation of ECC curve parameters */ | ||
854 | + ab_len = 2 * q_len; | ||
855 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
856 | + if (!ab) { | ||
857 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
858 | + goto err; | ||
859 | + } | ||
860 | + | ||
861 | + if (ec_crv == EC_BINARY) { | ||
862 | + if (eng_ec_get_cparam | ||
863 | + (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { | ||
864 | + unsigned char *c_temp = NULL; | ||
865 | + int c_temp_len = q_len; | ||
866 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
867 | + memcpy(ab + q_len, c_temp, q_len); | ||
868 | + else | ||
869 | + goto err; | ||
870 | + } | ||
871 | + kop.curve_type = ECC_BINARY; | ||
872 | + } | ||
873 | + | ||
874 | + /* Calculation of Generator point */ | ||
875 | + g_len = 2 * q_len; | ||
876 | + g_xy = eng_copy_curve_points(x, y, g_len, q_len); | ||
877 | + if (!g_xy) { | ||
878 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
879 | + goto err; | ||
880 | + } | ||
881 | + | ||
882 | + /* Memory allocation for first part of digital signature */ | ||
883 | + c = malloc(r_len); | ||
884 | + if (!c) { | ||
885 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
886 | + goto err; | ||
887 | + } | ||
888 | + | ||
889 | + d_len = r_len; | ||
890 | + | ||
891 | + /* Memory allocation for second part of digital signature */ | ||
892 | + d = malloc(d_len); | ||
893 | + if (!d) { | ||
894 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
895 | + goto err; | ||
896 | + } | ||
897 | + | ||
898 | + /* memory for message representative */ | ||
899 | + f = malloc(r_len); | ||
900 | + if (!f) { | ||
901 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
902 | + goto err; | ||
903 | + } | ||
904 | + | ||
905 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
906 | + memset(f, 0, r_len - dgst_len); | ||
907 | + | ||
908 | + /* Skip leading bytes if dgst_len < r_len */ | ||
909 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
910 | + | ||
911 | + dgst_len += r_len - dgst_len; | ||
912 | + kop.crk_op = CRK_DSA_SIGN; | ||
913 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
914 | + kop.crk_param[0].crp_p = f; | ||
915 | + kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
916 | + kop.crk_param[1].crp_p = q; | ||
917 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
918 | + kop.crk_param[2].crp_p = r; | ||
919 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
920 | + kop.crk_param[3].crp_p = g_xy; | ||
921 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
922 | + kop.crk_param[4].crp_p = s; | ||
923 | + kop.crk_param[4].crp_nbits = priv_key_len * 8; | ||
924 | + kop.crk_param[5].crp_p = ab; | ||
925 | + kop.crk_param[5].crp_nbits = ab_len * 8; | ||
926 | + kop.crk_iparams = 6; | ||
927 | + kop.crk_param[6].crp_p = c; | ||
928 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
929 | + kop.crk_param[7].crp_p = d; | ||
930 | + kop.crk_param[7].crp_nbits = d_len * 8; | ||
931 | + kop.crk_oparams = 2; | ||
932 | + | ||
933 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
934 | + /* Check if ret->r and s needs to allocated */ | ||
935 | + crparam2bn(&kop.crk_param[6], ret->r); | ||
936 | + crparam2bn(&kop.crk_param[7], ret->s); | ||
937 | + } else { | ||
938 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
939 | + ret = (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey); | ||
940 | + } | ||
941 | + kop.crk_param[0].crp_p = NULL; | ||
942 | + zapparams(&kop); | ||
943 | + err: | ||
944 | + if (!ret) { | ||
945 | + ECDSA_SIG_free(ret); | ||
946 | + ret = NULL; | ||
947 | + } | ||
948 | + return ret; | ||
949 | +} | ||
950 | + | ||
951 | +static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
952 | + ECDSA_SIG *sig, EC_KEY *eckey) | ||
953 | +{ | ||
954 | + BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; | ||
955 | + BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; | ||
956 | + BN_CTX *ctx = NULL; | ||
957 | + ECDSA_DATA *ecdsa = NULL; | ||
958 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = | ||
959 | + NULL; | ||
960 | + unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
961 | + int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; | ||
962 | + int d_len = 0, ab_len = 0, ret = -1; | ||
963 | + const EC_POINT *pub_key = NULL; | ||
964 | + const BIGNUM *order = NULL; | ||
965 | + const EC_GROUP *group = NULL; | ||
966 | + ec_curve_t ec_crv = EC_PRIME; | ||
967 | + struct crypt_kop kop; | ||
968 | + | ||
969 | + memset(&kop, 0, sizeof kop); | ||
970 | + ecdsa = ecdsa_check(eckey); | ||
971 | + if (!ecdsa) { | ||
972 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
973 | + return ret; | ||
974 | + } | ||
975 | + | ||
976 | + group = EC_KEY_get0_group(eckey); | ||
977 | + pub_key = EC_KEY_get0_public_key(eckey); | ||
978 | + | ||
979 | + if (!group || !pub_key) { | ||
980 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
981 | + return ret; | ||
982 | + } | ||
983 | + | ||
984 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
985 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
986 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
987 | + (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || | ||
988 | + (w_y = BN_new()) == NULL) { | ||
989 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
990 | + goto err; | ||
991 | + } | ||
992 | + | ||
993 | + order = &group->order; | ||
994 | + if (!order || BN_is_zero(order)) { | ||
995 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); | ||
996 | + goto err; | ||
997 | + } | ||
998 | + | ||
999 | + i = BN_num_bits(order); | ||
1000 | + /* | ||
1001 | + * Need to truncate digest if it is too long: first truncate whole * | ||
1002 | + * bytes | ||
1003 | + */ | ||
1004 | + if (8 * dgst_len > i) | ||
1005 | + dgst_len = (i + 7) / 8; | ||
1006 | + | ||
1007 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
1008 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1009 | + goto err; | ||
1010 | + } | ||
1011 | + | ||
1012 | + /* If still too long truncate remaining bits with a shift */ | ||
1013 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
1014 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1015 | + goto err; | ||
1016 | + } | ||
1017 | + /* copy the truncated bits into plain buffer */ | ||
1018 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
1019 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1020 | + goto err; | ||
1021 | + } | ||
1022 | + | ||
1023 | + /* check if this is prime or binary EC request */ | ||
1024 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1025 | + NID_X9_62_prime_field) { | ||
1026 | + ec_crv = EC_PRIME; | ||
1027 | + | ||
1028 | + /* get the generator point pair */ | ||
1029 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1030 | + EC_GROUP_get0_generator | ||
1031 | + (group), x, y, ctx)) { | ||
1032 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1033 | + goto err; | ||
1034 | + } | ||
1035 | + | ||
1036 | + /* get the public key pair for prime curve */ | ||
1037 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1038 | + pub_key, w_x, w_y, ctx)) { | ||
1039 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1040 | + goto err; | ||
1041 | + } | ||
1042 | + | ||
1043 | + /* get the ECC curve parameters */ | ||
1044 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1045 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1046 | + goto err; | ||
1047 | + } | ||
1048 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1049 | + NID_X9_62_characteristic_two_field) { | ||
1050 | + ec_crv = EC_BINARY; | ||
1051 | + /* get the ECC curve parameters */ | ||
1052 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { | ||
1053 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1054 | + goto err; | ||
1055 | + } | ||
1056 | + | ||
1057 | + /* get the generator point pair */ | ||
1058 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1059 | + EC_GROUP_get0_generator | ||
1060 | + (group), x, y, ctx)) { | ||
1061 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1062 | + goto err; | ||
1063 | + } | ||
1064 | + | ||
1065 | + /* get the public key pair for binary curve */ | ||
1066 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1067 | + pub_key, w_x, w_y, ctx)) { | ||
1068 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1069 | + goto err; | ||
1070 | + } | ||
1071 | + } else { | ||
1072 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1073 | + goto err; | ||
1074 | + } | ||
1075 | + | ||
1076 | + /* Get the order of the subgroup of private keys */ | ||
1077 | + if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) { | ||
1078 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1079 | + goto err; | ||
1080 | + } | ||
1081 | + | ||
1082 | + /* Get the irreducible polynomial that creates the field */ | ||
1083 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1084 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1085 | + goto err; | ||
1086 | + } | ||
1087 | + | ||
1088 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1089 | + pub_key_len = 2 * q_len; | ||
1090 | + | ||
1091 | + w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); | ||
1092 | + if (!w_xy) { | ||
1093 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1094 | + goto err; | ||
1095 | + } | ||
1096 | + | ||
1097 | + /* Generation of ECC curve parameters */ | ||
1098 | + ab_len = 2 * q_len; | ||
1099 | + | ||
1100 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
1101 | + if (!ab) { | ||
1102 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1103 | + goto err; | ||
1104 | + } | ||
1105 | + | ||
1106 | + if (ec_crv == EC_BINARY) { | ||
1107 | + /* copy b' i.e c(b), instead of only b */ | ||
1108 | + if (eng_ec_get_cparam | ||
1109 | + (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { | ||
1110 | + unsigned char *c_temp = NULL; | ||
1111 | + int c_temp_len = q_len; | ||
1112 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1113 | + memcpy(ab + q_len, c_temp, q_len); | ||
1114 | + else | ||
1115 | + goto err; | ||
1116 | + } | ||
1117 | + kop.curve_type = ECC_BINARY; | ||
1118 | + } | ||
1119 | + | ||
1120 | + /* Calculation of Generator point */ | ||
1121 | + g_len = 2 * q_len; | ||
1122 | + | ||
1123 | + g_xy = eng_copy_curve_points(x, y, g_len, q_len); | ||
1124 | + if (!g_xy) { | ||
1125 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1126 | + goto err; | ||
1127 | + } | ||
1128 | + | ||
1129 | + /** | ||
1130 | + * Get the 1st part of signature into a flat buffer with | ||
1131 | + * appropriate padding | ||
1132 | + */ | ||
1133 | + if (BN_num_bytes(sig->r) < r_len) | ||
1134 | + c_len = r_len; | ||
1135 | + | ||
1136 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
1137 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1138 | + goto err; | ||
1139 | + } | ||
1140 | + | ||
1141 | + /** | ||
1142 | + * Get the 2nd part of signature into a flat buffer with | ||
1143 | + * appropriate padding | ||
1144 | + */ | ||
1145 | + if (BN_num_bytes(sig->s) < r_len) | ||
1146 | + d_len = r_len; | ||
1147 | + | ||
1148 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
1149 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1150 | + goto err; | ||
1151 | + } | ||
1152 | + | ||
1153 | + /* memory for message representative */ | ||
1154 | + f = malloc(r_len); | ||
1155 | + if (!f) { | ||
1156 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1157 | + goto err; | ||
1158 | + } | ||
1159 | + | ||
1160 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
1161 | + memset(f, 0, r_len - dgst_len); | ||
1162 | + | ||
1163 | + /* Skip leading bytes if dgst_len < r_len */ | ||
1164 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
1165 | + dgst_len += r_len - dgst_len; | ||
1166 | + kop.crk_op = CRK_DSA_VERIFY; | ||
1167 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1168 | + kop.crk_param[0].crp_p = f; | ||
1169 | + kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
1170 | + kop.crk_param[1].crp_p = q; | ||
1171 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
1172 | + kop.crk_param[2].crp_p = r; | ||
1173 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
1174 | + kop.crk_param[3].crp_p = g_xy; | ||
1175 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
1176 | + kop.crk_param[4].crp_p = w_xy; | ||
1177 | + kop.crk_param[4].crp_nbits = pub_key_len * 8; | ||
1178 | + kop.crk_param[5].crp_p = ab; | ||
1179 | + kop.crk_param[5].crp_nbits = ab_len * 8; | ||
1180 | + kop.crk_param[6].crp_p = c; | ||
1181 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
1182 | + kop.crk_param[7].crp_p = d; | ||
1183 | + kop.crk_param[7].crp_nbits = d_len * 8; | ||
1184 | + kop.crk_iparams = 8; | ||
1185 | + | ||
1186 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
1187 | + /* | ||
1188 | + * OCF success value is 0, if not zero, change ret to fail | ||
1189 | + */ | ||
1190 | + if (0 == kop.crk_status) | ||
1191 | + ret = 1; | ||
1192 | + } else { | ||
1193 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1194 | + | ||
1195 | + ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); | ||
1196 | + } | ||
1197 | + kop.crk_param[0].crp_p = NULL; | ||
1198 | + zapparams(&kop); | ||
1199 | + | ||
1200 | + err: | ||
1201 | + return ret; | ||
1202 | +} | ||
1203 | + | ||
1204 | +static int cryptodev_dh_keygen(DH *dh) | ||
1205 | +{ | ||
1206 | + struct crypt_kop kop; | ||
1207 | + int ret = 1, g_len; | ||
1208 | + unsigned char *g = NULL; | ||
1209 | + | ||
1210 | + if (dh->priv_key == NULL) { | ||
1211 | + if ((dh->priv_key = BN_new()) == NULL) | ||
1212 | + goto sw_try; | ||
1213 | + } | ||
1214 | + | ||
1215 | + if (dh->pub_key == NULL) { | ||
1216 | + if ((dh->pub_key = BN_new()) == NULL) | ||
1217 | + goto sw_try; | ||
1218 | + } | ||
1219 | + | ||
1220 | + g_len = BN_num_bytes(dh->p); | ||
1221 | + /** | ||
1222 | + * Get generator into a plain buffer. If length is less than | ||
1223 | + * q_len then add leading padding bytes. | ||
1224 | + */ | ||
1225 | + if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { | ||
1226 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
1227 | + goto sw_try; | ||
1228 | + } | ||
1229 | + | ||
1230 | + memset(&kop, 0, sizeof kop); | ||
1231 | + kop.crk_op = CRK_DH_GENERATE_KEY; | ||
1232 | + if (bn2crparam(dh->p, &kop.crk_param[0])) | ||
1233 | + goto sw_try; | ||
1234 | + if (bn2crparam(dh->q, &kop.crk_param[1])) | ||
1235 | + goto sw_try; | ||
1236 | + kop.crk_param[2].crp_p = g; | ||
1237 | + kop.crk_param[2].crp_nbits = g_len * 8; | ||
1238 | + kop.crk_iparams = 3; | ||
1239 | + | ||
1240 | + /* pub_key is or prime length while priv key is of length of order */ | ||
1241 | + if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, | ||
1242 | + BN_num_bytes(dh->q), dh->priv_key)) | ||
1243 | + goto sw_try; | ||
1244 | + | ||
1245 | + return ret; | ||
1246 | + sw_try: | ||
1247 | + { | ||
1248 | + const DH_METHOD *meth = DH_OpenSSL(); | ||
1249 | + ret = (meth->generate_key) (dh); | ||
1250 | + } | ||
1251 | + return ret; | ||
1252 | } | ||
1253 | |||
1254 | static int | ||
1255 | @@ -1597,41 +2418,236 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
1256 | { | ||
1257 | struct crypt_kop kop; | ||
1258 | int dhret = 1; | ||
1259 | - int fd, keylen; | ||
1260 | + int fd, p_len; | ||
1261 | + BIGNUM *temp = NULL; | ||
1262 | + unsigned char *padded_pub_key = NULL, *p = NULL; | ||
1263 | + | ||
1264 | + if ((fd = get_asym_dev_crypto()) < 0) | ||
1265 | + goto sw_try; | ||
1266 | + | ||
1267 | + memset(&kop, 0, sizeof kop); | ||
1268 | + kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
1269 | + /* inputs: dh->priv_key pub_key dh->p key */ | ||
1270 | + spcf_bn2bin(dh->p, &p, &p_len); | ||
1271 | + spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); | ||
1272 | + if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
1273 | + goto sw_try; | ||
1274 | + | ||
1275 | + kop.crk_param[1].crp_p = padded_pub_key; | ||
1276 | + kop.crk_param[1].crp_nbits = p_len * 8; | ||
1277 | + kop.crk_param[2].crp_p = p; | ||
1278 | + kop.crk_param[2].crp_nbits = p_len * 8; | ||
1279 | + kop.crk_iparams = 3; | ||
1280 | + kop.crk_param[3].crp_p = (void *)key; | ||
1281 | + kop.crk_param[3].crp_nbits = p_len * 8; | ||
1282 | + kop.crk_oparams = 1; | ||
1283 | + dhret = p_len; | ||
1284 | + | ||
1285 | + if (ioctl(fd, CIOCKEY, &kop)) | ||
1286 | + goto sw_try; | ||
1287 | + | ||
1288 | + if ((temp = BN_new())) { | ||
1289 | + if (!BN_bin2bn(key, p_len, temp)) { | ||
1290 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
1291 | + goto sw_try; | ||
1292 | + } | ||
1293 | + if (dhret > BN_num_bytes(temp)) | ||
1294 | + dhret = BN_bn2bin(temp, key); | ||
1295 | + BN_free(temp); | ||
1296 | + } | ||
1297 | |||
1298 | - if ((fd = get_asym_dev_crypto()) < 0) { | ||
1299 | + kop.crk_param[3].crp_p = NULL; | ||
1300 | + zapparams(&kop); | ||
1301 | + return (dhret); | ||
1302 | + sw_try: | ||
1303 | + { | ||
1304 | const DH_METHOD *meth = DH_OpenSSL(); | ||
1305 | |||
1306 | - return ((meth->compute_key) (key, pub_key, dh)); | ||
1307 | + dhret = (meth->compute_key) (key, pub_key, dh); | ||
1308 | } | ||
1309 | + return (dhret); | ||
1310 | +} | ||
1311 | |||
1312 | - keylen = BN_num_bits(dh->p); | ||
1313 | +int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
1314 | + const EC_POINT *pub_key, EC_KEY *ecdh, | ||
1315 | + void *(*KDF) (const void *in, size_t inlen, | ||
1316 | + void *out, size_t *outlen)) | ||
1317 | +{ | ||
1318 | + ec_curve_t ec_crv = EC_PRIME; | ||
1319 | + unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
1320 | + BIGNUM *w_x = NULL, *w_y = NULL; | ||
1321 | + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
1322 | + BIGNUM *p = NULL, *a = NULL, *b = NULL; | ||
1323 | + BN_CTX *ctx; | ||
1324 | + EC_POINT *tmp = NULL; | ||
1325 | + BIGNUM *x = NULL, *y = NULL; | ||
1326 | + const BIGNUM *priv_key; | ||
1327 | + const EC_GROUP *group = NULL; | ||
1328 | + int ret = -1; | ||
1329 | + size_t buflen, len; | ||
1330 | + struct crypt_kop kop; | ||
1331 | |||
1332 | memset(&kop, 0, sizeof kop); | ||
1333 | - kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
1334 | |||
1335 | - /* inputs: dh->priv_key pub_key dh->p key */ | ||
1336 | - if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
1337 | + if ((ctx = BN_CTX_new()) == NULL) | ||
1338 | goto err; | ||
1339 | - if (bn2crparam(pub_key, &kop.crk_param[1])) | ||
1340 | + BN_CTX_start(ctx); | ||
1341 | + x = BN_CTX_get(ctx); | ||
1342 | + y = BN_CTX_get(ctx); | ||
1343 | + p = BN_CTX_get(ctx); | ||
1344 | + a = BN_CTX_get(ctx); | ||
1345 | + b = BN_CTX_get(ctx); | ||
1346 | + w_x = BN_CTX_get(ctx); | ||
1347 | + w_y = BN_CTX_get(ctx); | ||
1348 | + | ||
1349 | + if (!x || !y || !p || !a || !b || !w_x || !w_y) { | ||
1350 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); | ||
1351 | goto err; | ||
1352 | - if (bn2crparam(dh->p, &kop.crk_param[2])) | ||
1353 | + } | ||
1354 | + | ||
1355 | + priv_key = EC_KEY_get0_private_key(ecdh); | ||
1356 | + if (priv_key == NULL) { | ||
1357 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); | ||
1358 | goto err; | ||
1359 | - kop.crk_iparams = 3; | ||
1360 | + } | ||
1361 | |||
1362 | - kop.crk_param[3].crp_p = (caddr_t) key; | ||
1363 | - kop.crk_param[3].crp_nbits = keylen * 8; | ||
1364 | - kop.crk_oparams = 1; | ||
1365 | + group = EC_KEY_get0_group(ecdh); | ||
1366 | + if ((tmp = EC_POINT_new(group)) == NULL) { | ||
1367 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); | ||
1368 | + goto err; | ||
1369 | + } | ||
1370 | |||
1371 | - if (ioctl(fd, CIOCKEY, &kop) == -1) { | ||
1372 | - const DH_METHOD *meth = DH_OpenSSL(); | ||
1373 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1374 | + NID_X9_62_prime_field) { | ||
1375 | + ec_crv = EC_PRIME; | ||
1376 | |||
1377 | - dhret = (meth->compute_key) (key, pub_key, dh); | ||
1378 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1379 | + EC_GROUP_get0_generator | ||
1380 | + (group), x, y, ctx)) { | ||
1381 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1382 | + goto err; | ||
1383 | + } | ||
1384 | + | ||
1385 | + /* get the ECC curve parameters */ | ||
1386 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1387 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1388 | + goto err; | ||
1389 | + } | ||
1390 | + | ||
1391 | + /* get the public key pair for prime curve */ | ||
1392 | + if (!EC_POINT_get_affine_coordinates_GFp | ||
1393 | + (group, pub_key, w_x, w_y, ctx)) { | ||
1394 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1395 | + goto err; | ||
1396 | + } | ||
1397 | + } else { | ||
1398 | + ec_crv = EC_BINARY; | ||
1399 | + | ||
1400 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1401 | + EC_GROUP_get0_generator | ||
1402 | + (group), x, y, ctx)) { | ||
1403 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1404 | + goto err; | ||
1405 | + } | ||
1406 | + | ||
1407 | + /* get the ECC curve parameters */ | ||
1408 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { | ||
1409 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1410 | + goto err; | ||
1411 | + } | ||
1412 | + | ||
1413 | + /* get the public key pair for binary curve */ | ||
1414 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1415 | + pub_key, w_x, w_y, ctx)) { | ||
1416 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1417 | + goto err; | ||
1418 | + } | ||
1419 | + } | ||
1420 | + | ||
1421 | + /* irreducible polynomial that creates the field */ | ||
1422 | + if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) { | ||
1423 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1424 | + goto err; | ||
1425 | + } | ||
1426 | + | ||
1427 | + /* Get the irreducible polynomial that creates the field */ | ||
1428 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1429 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1430 | + goto err; | ||
1431 | + } | ||
1432 | + | ||
1433 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1434 | + pub_key_len = 2 * q_len; | ||
1435 | + w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); | ||
1436 | + if (!w_xy) { | ||
1437 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1438 | + goto err; | ||
1439 | + } | ||
1440 | + | ||
1441 | + /* Generation of ECC curve parameters */ | ||
1442 | + ab_len = 2 * q_len; | ||
1443 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
1444 | + if (!ab) { | ||
1445 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1446 | + goto err; | ||
1447 | + } | ||
1448 | + | ||
1449 | + if (ec_crv == EC_BINARY) { | ||
1450 | + /* copy b' i.e c(b), instead of only b */ | ||
1451 | + if (eng_ec_get_cparam | ||
1452 | + (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { | ||
1453 | + unsigned char *c_temp = NULL; | ||
1454 | + int c_temp_len = q_len; | ||
1455 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1456 | + memcpy(ab + q_len, c_temp, q_len); | ||
1457 | + else | ||
1458 | + goto err; | ||
1459 | + } | ||
1460 | + kop.curve_type = ECC_BINARY; | ||
1461 | + } else | ||
1462 | + kop.curve_type = ECC_PRIME; | ||
1463 | + | ||
1464 | + priv_key_len = r_len; | ||
1465 | + | ||
1466 | + /* | ||
1467 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
1468 | + * add padding bytes before the key | ||
1469 | + */ | ||
1470 | + if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { | ||
1471 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1472 | + goto err; | ||
1473 | + } | ||
1474 | + | ||
1475 | + buflen = (EC_GROUP_get_degree(group) + 7) / 8; | ||
1476 | + len = BN_num_bytes(x); | ||
1477 | + if (len > buflen || q_len < buflen) { | ||
1478 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); | ||
1479 | + goto err; | ||
1480 | } | ||
1481 | + | ||
1482 | + kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
1483 | + kop.crk_param[0].crp_p = (void *)s; | ||
1484 | + kop.crk_param[0].crp_nbits = priv_key_len * 8; | ||
1485 | + kop.crk_param[1].crp_p = (void *)w_xy; | ||
1486 | + kop.crk_param[1].crp_nbits = pub_key_len * 8; | ||
1487 | + kop.crk_param[2].crp_p = (void *)q; | ||
1488 | + kop.crk_param[2].crp_nbits = q_len * 8; | ||
1489 | + kop.crk_param[3].crp_p = (void *)ab; | ||
1490 | + kop.crk_param[3].crp_nbits = ab_len * 8; | ||
1491 | + kop.crk_iparams = 4; | ||
1492 | + kop.crk_param[4].crp_p = (void *)out; | ||
1493 | + kop.crk_param[4].crp_nbits = q_len * 8; | ||
1494 | + kop.crk_oparams = 1; | ||
1495 | + ret = q_len; | ||
1496 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) { | ||
1497 | + const ECDH_METHOD *meth = ECDH_OpenSSL(); | ||
1498 | + ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF); | ||
1499 | + } else | ||
1500 | + ret = q_len; | ||
1501 | err: | ||
1502 | - kop.crk_param[3].crp_p = NULL; | ||
1503 | + kop.crk_param[4].crp_p = NULL; | ||
1504 | zapparams(&kop); | ||
1505 | - return (dhret); | ||
1506 | + return ret; | ||
1507 | } | ||
1508 | |||
1509 | static DH_METHOD cryptodev_dh = { | ||
1510 | @@ -1645,6 +2661,14 @@ static DH_METHOD cryptodev_dh = { | ||
1511 | NULL /* app_data */ | ||
1512 | }; | ||
1513 | |||
1514 | +static ECDH_METHOD cryptodev_ecdh = { | ||
1515 | + "cryptodev ECDH method", | ||
1516 | + NULL, /* cryptodev_ecdh_compute_key */ | ||
1517 | + NULL, | ||
1518 | + 0, /* flags */ | ||
1519 | + NULL /* app_data */ | ||
1520 | +}; | ||
1521 | + | ||
1522 | /* | ||
1523 | * ctrl right now is just a wrapper that doesn't do much | ||
1524 | * but I expect we'll want some options soon. | ||
1525 | @@ -1724,24 +2748,39 @@ void ENGINE_load_cryptodev(void) | ||
1526 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | ||
1527 | if (cryptodev_asymfeat & CRF_DSA_SIGN) | ||
1528 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | ||
1529 | - if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
1530 | - cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; | ||
1531 | - cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; | ||
1532 | - } | ||
1533 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) | ||
1534 | cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | ||
1535 | + if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) | ||
1536 | + cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; | ||
1537 | } | ||
1538 | |||
1539 | if (ENGINE_set_DH(engine, &cryptodev_dh)) { | ||
1540 | const DH_METHOD *dh_meth = DH_OpenSSL(); | ||
1541 | + memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); | ||
1542 | + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1543 | + cryptodev_dh.compute_key = cryptodev_dh_compute_key; | ||
1544 | + } | ||
1545 | + if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { | ||
1546 | + cryptodev_dh.generate_key = cryptodev_dh_keygen; | ||
1547 | + } | ||
1548 | + } | ||
1549 | |||
1550 | - cryptodev_dh.generate_key = dh_meth->generate_key; | ||
1551 | - cryptodev_dh.compute_key = dh_meth->compute_key; | ||
1552 | - cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; | ||
1553 | - if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
1554 | - cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; | ||
1555 | - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) | ||
1556 | - cryptodev_dh.compute_key = cryptodev_dh_compute_key; | ||
1557 | + if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) { | ||
1558 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1559 | + memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); | ||
1560 | + if (cryptodev_asymfeat & CRF_DSA_SIGN) { | ||
1561 | + cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; | ||
1562 | + } | ||
1563 | + if (cryptodev_asymfeat & CRF_DSA_VERIFY) { | ||
1564 | + cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify; | ||
1565 | + } | ||
1566 | + } | ||
1567 | + | ||
1568 | + if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) { | ||
1569 | + const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL(); | ||
1570 | + memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); | ||
1571 | + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1572 | + cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; | ||
1573 | } | ||
1574 | } | ||
1575 | |||
1576 | -- | ||
1577 | 2.7.0 | ||
1578 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch new file mode 100644 index 00000000..61469dcf --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Added-hwrng-dev-file-as-source-of-RNG.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From c3b1f595607fe4e431dab12b7d8ceda6742547d5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 06:42:59 +0545 | ||
4 | Subject: [PATCH 06/48] Added hwrng dev file as source of RNG | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | e_os.h | 2 +- | ||
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/e_os.h b/e_os.h | ||
14 | index 1fa36c1..6c0917b 100644 | ||
15 | --- a/e_os.h | ||
16 | +++ b/e_os.h | ||
17 | @@ -82,7 +82,7 @@ extern "C" { | ||
18 | * set this to a comma-separated list of 'random' device files to try out. My | ||
19 | * default, we will try to read at least one of these files | ||
20 | */ | ||
21 | -# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" | ||
22 | +# define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom" | ||
23 | # endif | ||
24 | # ifndef DEVRANDOM_EGD | ||
25 | /* | ||
26 | -- | ||
27 | 2.7.0 | ||
28 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch deleted file mode 100644 index 01c268b6..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0006-Fixed-private-key-support-for-DH.patch +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 05:57:47 +0545 | ||
4 | Subject: [PATCH 06/26] Fixed private key support for DH | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | crypto/dh/dh_ameth.c | 7 +++++++ | ||
11 | 1 file changed, 7 insertions(+) | ||
12 | |||
13 | diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c | ||
14 | index 02ec2d4..ed32004 100644 | ||
15 | --- a/crypto/dh/dh_ameth.c | ||
16 | +++ b/crypto/dh/dh_ameth.c | ||
17 | @@ -422,6 +422,13 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) | ||
18 | if (to->pkey.dh->g != NULL) | ||
19 | BN_free(to->pkey.dh->g); | ||
20 | to->pkey.dh->g=a; | ||
21 | + if ((a=BN_dup(from->pkey.dh->q)) != NULL) { | ||
22 | + if (to->pkey.dh->q != NULL) | ||
23 | + BN_free(to->pkey.dh->q); | ||
24 | + to->pkey.dh->q=a; | ||
25 | + } | ||
26 | + | ||
27 | + to->pkey.dh->length = from->pkey.dh->length; | ||
28 | |||
29 | return 1; | ||
30 | } | ||
31 | -- | ||
32 | 2.3.5 | ||
33 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch new file mode 100644 index 00000000..192cd184 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch | |||
@@ -0,0 +1,2050 @@ | |||
1 | From 45cfc01ade9eeb43fdb5950d3db152cae1b41059 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 07:14:30 +0545 | ||
4 | Subject: [PATCH 07/48] Asynchronous interface added for PKC cryptodev | ||
5 | interface | ||
6 | |||
7 | Upstream-status: Pending | ||
8 | |||
9 | Change-Id: Ia8974f793dc18a959ed6798dcdd7d3fad81cb7da | ||
10 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
11 | --- | ||
12 | crypto/crypto.h | 16 + | ||
13 | crypto/dh/dh.h | 3 + | ||
14 | crypto/dsa/dsa.h | 5 + | ||
15 | crypto/ecdh/ech_locl.h | 3 + | ||
16 | crypto/ecdsa/ecs_locl.h | 5 + | ||
17 | crypto/engine/eng_cryptodev.c | 1598 +++++++++++++++++++++++++++++++++++++---- | ||
18 | crypto/engine/eng_int.h | 23 + | ||
19 | crypto/engine/eng_lib.c | 46 ++ | ||
20 | crypto/engine/engine.h | 24 + | ||
21 | crypto/rsa/rsa.h | 23 + | ||
22 | 10 files changed, 1605 insertions(+), 141 deletions(-) | ||
23 | |||
24 | diff --git a/crypto/crypto.h b/crypto/crypto.h | ||
25 | index 6c644ce..2b4ec59 100644 | ||
26 | --- a/crypto/crypto.h | ||
27 | +++ b/crypto/crypto.h | ||
28 | @@ -655,6 +655,22 @@ void ERR_load_CRYPTO_strings(void); | ||
29 | # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 | ||
30 | # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 | ||
31 | |||
32 | +/* Additions for Asynchronous PKC Infrastructure */ | ||
33 | +struct pkc_cookie_s { | ||
34 | + void *cookie; /* To be filled by openssl library primitive method function caller */ | ||
35 | + void *eng_cookie; /* To be filled by Engine */ | ||
36 | + /* | ||
37 | + * Callback handler to be provided by caller. Ensure to pass a | ||
38 | + * handler which takes the crypto operation to completion. | ||
39 | + * cookie: Container cookie from library | ||
40 | + * status: Status of the crypto Job completion. | ||
41 | + * 0: Job handled without any issue | ||
42 | + * -EINVAL: Parameters Invalid | ||
43 | + */ | ||
44 | + void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); | ||
45 | + void *eng_handle; | ||
46 | +}; | ||
47 | + | ||
48 | #ifdef __cplusplus | ||
49 | } | ||
50 | #endif | ||
51 | diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h | ||
52 | index a5bd901..31dd762 100644 | ||
53 | --- a/crypto/dh/dh.h | ||
54 | +++ b/crypto/dh/dh.h | ||
55 | @@ -123,6 +123,9 @@ struct dh_method { | ||
56 | int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
57 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
58 | BN_MONT_CTX *m_ctx); | ||
59 | + int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, | ||
60 | + struct pkc_cookie_s *cookie); | ||
61 | + int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); | ||
62 | int (*init) (DH *dh); | ||
63 | int (*finish) (DH *dh); | ||
64 | int flags; | ||
65 | diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h | ||
66 | index 545358f..8584731 100644 | ||
67 | --- a/crypto/dsa/dsa.h | ||
68 | +++ b/crypto/dsa/dsa.h | ||
69 | @@ -139,6 +139,10 @@ struct dsa_method { | ||
70 | /* Can be null */ | ||
71 | int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
72 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
73 | + int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, | ||
74 | + DSA_SIG *sig, struct pkc_cookie_s *cookie); | ||
75 | + int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
76 | + DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); | ||
77 | int (*init) (DSA *dsa); | ||
78 | int (*finish) (DSA *dsa); | ||
79 | int flags; | ||
80 | @@ -150,6 +154,7 @@ struct dsa_method { | ||
81 | BN_GENCB *cb); | ||
82 | /* If this is non-NULL, it is used to generate DSA keys */ | ||
83 | int (*dsa_keygen) (DSA *dsa); | ||
84 | + int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); | ||
85 | }; | ||
86 | |||
87 | struct dsa_st { | ||
88 | diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h | ||
89 | index 4e66024..502507b 100644 | ||
90 | --- a/crypto/ecdh/ech_locl.h | ||
91 | +++ b/crypto/ecdh/ech_locl.h | ||
92 | @@ -68,6 +68,9 @@ struct ecdh_method { | ||
93 | EC_KEY *ecdh, void *(*KDF) (const void *in, | ||
94 | size_t inlen, void *out, | ||
95 | size_t *outlen)); | ||
96 | + int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, | ||
97 | + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), | ||
98 | + struct pkc_cookie_s *cookie); | ||
99 | # if 0 | ||
100 | int (*init) (EC_KEY *eckey); | ||
101 | int (*finish) (EC_KEY *eckey); | ||
102 | diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h | ||
103 | index d3a5efc..9b28c04 100644 | ||
104 | --- a/crypto/ecdsa/ecs_locl.h | ||
105 | +++ b/crypto/ecdsa/ecs_locl.h | ||
106 | @@ -74,6 +74,11 @@ struct ecdsa_method { | ||
107 | BIGNUM **r); | ||
108 | int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len, | ||
109 | const ECDSA_SIG *sig, EC_KEY *eckey); | ||
110 | + int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, | ||
111 | + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, | ||
112 | + ECDSA_SIG *sig, struct pkc_cookie_s *cookie); | ||
113 | + int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
114 | + const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); | ||
115 | # if 0 | ||
116 | int (*init) (EC_KEY *eckey); | ||
117 | int (*finish) (EC_KEY *eckey); | ||
118 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
119 | index 0b41bb2..8303630 100644 | ||
120 | --- a/crypto/engine/eng_cryptodev.c | ||
121 | +++ b/crypto/engine/eng_cryptodev.c | ||
122 | @@ -1367,6 +1367,60 @@ static void zapparams(struct crypt_kop *kop) | ||
123 | } | ||
124 | } | ||
125 | |||
126 | +/* | ||
127 | + * Any PKC request has at max 2 output parameters and they are stored here to | ||
128 | + * be used while copying in the check availability | ||
129 | + */ | ||
130 | +struct cryptodev_cookie_s { | ||
131 | + BIGNUM *r; | ||
132 | + struct crparam r_param; | ||
133 | + BIGNUM *s; | ||
134 | + struct crparam s_param; | ||
135 | + struct crypt_kop *kop; | ||
136 | +}; | ||
137 | + | ||
138 | +static int | ||
139 | +cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
140 | + BIGNUM *s) | ||
141 | +{ | ||
142 | + int fd; | ||
143 | + struct pkc_cookie_s *cookie = kop->cookie; | ||
144 | + struct cryptodev_cookie_s *eng_cookie; | ||
145 | + | ||
146 | + fd = *(int *)cookie->eng_handle; | ||
147 | + | ||
148 | + eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); | ||
149 | + | ||
150 | + if (eng_cookie) { | ||
151 | + memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); | ||
152 | + if (r) { | ||
153 | + kop->crk_param[kop->crk_iparams].crp_p = | ||
154 | + calloc(rlen, sizeof(char)); | ||
155 | + if (!kop->crk_param[kop->crk_iparams].crp_p) | ||
156 | + return -ENOMEM; | ||
157 | + kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
158 | + kop->crk_oparams++; | ||
159 | + eng_cookie->r = r; | ||
160 | + eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; | ||
161 | + } | ||
162 | + if (s) { | ||
163 | + kop->crk_param[kop->crk_iparams + 1].crp_p = | ||
164 | + calloc(slen, sizeof(char)); | ||
165 | + if (!kop->crk_param[kop->crk_iparams + 1].crp_p) | ||
166 | + return -ENOMEM; | ||
167 | + kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; | ||
168 | + kop->crk_oparams++; | ||
169 | + eng_cookie->s = s; | ||
170 | + eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; | ||
171 | + } | ||
172 | + } else | ||
173 | + return -ENOMEM; | ||
174 | + | ||
175 | + eng_cookie->kop = kop; | ||
176 | + cookie->eng_cookie = eng_cookie; | ||
177 | + return ioctl(fd, CIOCASYMASYNCRYPT, kop); | ||
178 | +} | ||
179 | + | ||
180 | static int | ||
181 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
182 | BIGNUM *s) | ||
183 | @@ -1425,6 +1479,44 @@ void *cryptodev_init_instance(void) | ||
184 | return fd; | ||
185 | } | ||
186 | |||
187 | +# include <poll.h> | ||
188 | + | ||
189 | +/* Return 0 on success and 1 on failure */ | ||
190 | +int cryptodev_check_availability(void *eng_handle) | ||
191 | +{ | ||
192 | + int fd = *(int *)eng_handle; | ||
193 | + struct pkc_cookie_list_s cookie_list; | ||
194 | + struct pkc_cookie_s *cookie; | ||
195 | + int i; | ||
196 | + | ||
197 | + /* FETCH COOKIE returns number of cookies extracted */ | ||
198 | + if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0) | ||
199 | + return 1; | ||
200 | + | ||
201 | + for (i = 0; i < cookie_list.cookie_available; i++) { | ||
202 | + cookie = cookie_list.cookie[i]; | ||
203 | + if (cookie) { | ||
204 | + struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie; | ||
205 | + if (eng_cookie) { | ||
206 | + struct crypt_kop *kop = eng_cookie->kop; | ||
207 | + | ||
208 | + if (eng_cookie->r) | ||
209 | + crparam2bn(&eng_cookie->r_param, eng_cookie->r); | ||
210 | + if (eng_cookie->s) | ||
211 | + crparam2bn(&eng_cookie->s_param, eng_cookie->s); | ||
212 | + if (kop->crk_op == CRK_DH_COMPUTE_KEY) | ||
213 | + kop->crk_oparams = 0; | ||
214 | + | ||
215 | + zapparams(eng_cookie->kop); | ||
216 | + free(eng_cookie->kop); | ||
217 | + free(eng_cookie); | ||
218 | + } | ||
219 | + cookie->pkc_callback(cookie, cookie_list.status[i]); | ||
220 | + } | ||
221 | + } | ||
222 | + return 0; | ||
223 | +} | ||
224 | + | ||
225 | static int | ||
226 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
227 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
228 | @@ -1472,6 +1564,66 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
229 | } | ||
230 | |||
231 | static int | ||
232 | +cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
233 | + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, | ||
234 | + struct pkc_cookie_s *cookie) | ||
235 | +{ | ||
236 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
237 | + int ret = 1; | ||
238 | + | ||
239 | + /* | ||
240 | + * Currently, we know we can do mod exp iff we can do any asymmetric | ||
241 | + * operations at all. | ||
242 | + */ | ||
243 | + if (cryptodev_asymfeat == 0 || !kop) { | ||
244 | + ret = BN_mod_exp(r, a, p, m, ctx); | ||
245 | + return (ret); | ||
246 | + } | ||
247 | + | ||
248 | + kop->crk_oparams = 0; | ||
249 | + kop->crk_status = 0; | ||
250 | + kop->crk_op = CRK_MOD_EXP; | ||
251 | + kop->cookie = cookie; | ||
252 | + /* inputs: a^p % m */ | ||
253 | + if (bn2crparam(a, &kop->crk_param[0])) | ||
254 | + goto err; | ||
255 | + if (bn2crparam(p, &kop->crk_param[1])) | ||
256 | + goto err; | ||
257 | + if (bn2crparam(m, &kop->crk_param[2])) | ||
258 | + goto err; | ||
259 | + | ||
260 | + kop->crk_iparams = 3; | ||
261 | + if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL)) | ||
262 | + goto err; | ||
263 | + | ||
264 | + return ret; | ||
265 | + err: | ||
266 | + { | ||
267 | + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
268 | + | ||
269 | + if (kop) | ||
270 | + free(kop); | ||
271 | + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); | ||
272 | + if (ret) | ||
273 | + /* Call the completion handler immediately */ | ||
274 | + cookie->pkc_callback(cookie, 0); | ||
275 | + } | ||
276 | + return ret; | ||
277 | +} | ||
278 | + | ||
279 | +static int | ||
280 | +cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I, | ||
281 | + RSA *rsa, BN_CTX *ctx, | ||
282 | + struct pkc_cookie_s *cookie) | ||
283 | +{ | ||
284 | + int r; | ||
285 | + ctx = BN_CTX_new(); | ||
286 | + r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie); | ||
287 | + BN_CTX_free(ctx); | ||
288 | + return r; | ||
289 | +} | ||
290 | + | ||
291 | +static int | ||
292 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
293 | BN_CTX *ctx) | ||
294 | { | ||
295 | @@ -1538,6 +1690,63 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
296 | return (ret); | ||
297 | } | ||
298 | |||
299 | +static int | ||
300 | +cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
301 | + BN_CTX *ctx, struct pkc_cookie_s *cookie) | ||
302 | +{ | ||
303 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
304 | + int ret = 1, f_len, p_len, q_len; | ||
305 | + unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = | ||
306 | + NULL, *c = NULL; | ||
307 | + | ||
308 | + if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { | ||
309 | + return (0); | ||
310 | + } | ||
311 | + | ||
312 | + kop->crk_oparams = 0; | ||
313 | + kop->crk_status = 0; | ||
314 | + kop->crk_op = CRK_MOD_EXP_CRT; | ||
315 | + f_len = BN_num_bytes(rsa->n); | ||
316 | + spcf_bn2bin_ex(I, &f, &f_len); | ||
317 | + spcf_bn2bin(rsa->p, &p, &p_len); | ||
318 | + spcf_bn2bin(rsa->q, &q, &q_len); | ||
319 | + spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); | ||
320 | + spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); | ||
321 | + spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); | ||
322 | + /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
323 | + kop->crk_param[0].crp_p = p; | ||
324 | + kop->crk_param[0].crp_nbits = p_len * 8; | ||
325 | + kop->crk_param[1].crp_p = q; | ||
326 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
327 | + kop->crk_param[2].crp_p = f; | ||
328 | + kop->crk_param[2].crp_nbits = f_len * 8; | ||
329 | + kop->crk_param[3].crp_p = dp; | ||
330 | + kop->crk_param[3].crp_nbits = p_len * 8; | ||
331 | + /* dq must of length q, rest all of length p */ | ||
332 | + kop->crk_param[4].crp_p = dq; | ||
333 | + kop->crk_param[4].crp_nbits = q_len * 8; | ||
334 | + kop->crk_param[5].crp_p = c; | ||
335 | + kop->crk_param[5].crp_nbits = p_len * 8; | ||
336 | + kop->crk_iparams = 6; | ||
337 | + kop->cookie = cookie; | ||
338 | + if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL)) | ||
339 | + goto err; | ||
340 | + | ||
341 | + return ret; | ||
342 | + err: | ||
343 | + { | ||
344 | + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
345 | + | ||
346 | + if (kop) | ||
347 | + free(kop); | ||
348 | + ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); | ||
349 | + if (ret) | ||
350 | + /* Call user completion handler immediately */ | ||
351 | + cookie->pkc_callback(cookie, 0); | ||
352 | + } | ||
353 | + return (ret); | ||
354 | +} | ||
355 | + | ||
356 | static RSA_METHOD cryptodev_rsa = { | ||
357 | "cryptodev RSA method", | ||
358 | NULL, /* rsa_pub_enc */ | ||
359 | @@ -1546,6 +1755,12 @@ static RSA_METHOD cryptodev_rsa = { | ||
360 | NULL, /* rsa_priv_dec */ | ||
361 | NULL, | ||
362 | NULL, | ||
363 | + NULL, /* rsa_pub_enc */ | ||
364 | + NULL, /* rsa_pub_dec */ | ||
365 | + NULL, /* rsa_priv_enc */ | ||
366 | + NULL, /* rsa_priv_dec */ | ||
367 | + NULL, | ||
368 | + NULL, | ||
369 | NULL, /* init */ | ||
370 | NULL, /* finish */ | ||
371 | 0, /* flags */ | ||
372 | @@ -1846,128 +2061,428 @@ static int cryptodev_dsa_keygen(DSA *dsa) | ||
373 | return ret; | ||
374 | } | ||
375 | |||
376 | -static DSA_METHOD cryptodev_dsa = { | ||
377 | - "cryptodev DSA method", | ||
378 | - NULL, | ||
379 | - NULL, /* dsa_sign_setup */ | ||
380 | - NULL, | ||
381 | - NULL, /* dsa_mod_exp */ | ||
382 | - NULL, | ||
383 | - NULL, /* init */ | ||
384 | - NULL, /* finish */ | ||
385 | - 0, /* flags */ | ||
386 | - NULL /* app_data */ | ||
387 | -}; | ||
388 | +/* Cryptodev DSA Key Gen routine */ | ||
389 | +static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) | ||
390 | +{ | ||
391 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
392 | + int ret = 1, g_len; | ||
393 | + unsigned char *g = NULL; | ||
394 | |||
395 | -static ECDSA_METHOD cryptodev_ecdsa = { | ||
396 | - "cryptodev ECDSA method", | ||
397 | - NULL, | ||
398 | - NULL, /* ecdsa_sign_setup */ | ||
399 | - NULL, | ||
400 | - NULL, | ||
401 | - 0, /* flags */ | ||
402 | - NULL /* app_data */ | ||
403 | -}; | ||
404 | + if (!kop) | ||
405 | + goto sw_try; | ||
406 | |||
407 | -typedef enum ec_curve_s { | ||
408 | - EC_PRIME, | ||
409 | - EC_BINARY | ||
410 | -} ec_curve_t; | ||
411 | + if (dsa->priv_key == NULL) { | ||
412 | + if ((dsa->priv_key = BN_new()) == NULL) | ||
413 | + goto sw_try; | ||
414 | + } | ||
415 | |||
416 | -/* ENGINE handler for ECDSA Sign */ | ||
417 | -static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
418 | - int dgst_len, const BIGNUM *in_kinv, | ||
419 | - const BIGNUM *in_r, EC_KEY *eckey) | ||
420 | -{ | ||
421 | - BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
422 | - BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
423 | - BN_CTX *ctx = NULL; | ||
424 | - ECDSA_SIG *ret = NULL; | ||
425 | - ECDSA_DATA *ecdsa = NULL; | ||
426 | - unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
427 | - unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = | ||
428 | - NULL; | ||
429 | - int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
430 | - int g_len = 0, d_len = 0, ab_len = 0; | ||
431 | - const BIGNUM *order = NULL, *priv_key = NULL; | ||
432 | - const EC_GROUP *group = NULL; | ||
433 | - struct crypt_kop kop; | ||
434 | - ec_curve_t ec_crv = EC_PRIME; | ||
435 | + if (dsa->pub_key == NULL) { | ||
436 | + if ((dsa->pub_key = BN_new()) == NULL) | ||
437 | + goto sw_try; | ||
438 | + } | ||
439 | |||
440 | - memset(&kop, 0, sizeof(kop)); | ||
441 | - ecdsa = ecdsa_check(eckey); | ||
442 | - if (!ecdsa) { | ||
443 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
444 | - return NULL; | ||
445 | + g_len = BN_num_bytes(dsa->p); | ||
446 | + /** | ||
447 | + * Get generator into a plain buffer. If length is less than | ||
448 | + * q_len then add leading padding bytes. | ||
449 | + */ | ||
450 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
451 | + DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
452 | + goto sw_try; | ||
453 | } | ||
454 | |||
455 | - group = EC_KEY_get0_group(eckey); | ||
456 | - priv_key = EC_KEY_get0_private_key(eckey); | ||
457 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
458 | + kop->crk_op = CRK_DSA_GENERATE_KEY; | ||
459 | + if (bn2crparam(dsa->p, &kop->crk_param[0])) | ||
460 | + goto sw_try; | ||
461 | + if (bn2crparam(dsa->q, &kop->crk_param[1])) | ||
462 | + goto sw_try; | ||
463 | + kop->crk_param[2].crp_p = g; | ||
464 | + kop->crk_param[2].crp_nbits = g_len * 8; | ||
465 | + kop->crk_iparams = 3; | ||
466 | + kop->cookie = cookie; | ||
467 | |||
468 | - if (!group || !priv_key) { | ||
469 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
470 | - return NULL; | ||
471 | + /* pub_key is or prime length while priv key is of length of order */ | ||
472 | + if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key, | ||
473 | + BN_num_bytes(dsa->q), dsa->priv_key)) | ||
474 | + goto sw_try; | ||
475 | + | ||
476 | + return ret; | ||
477 | + sw_try: | ||
478 | + { | ||
479 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
480 | + | ||
481 | + if (kop) | ||
482 | + free(kop); | ||
483 | + ret = (meth->dsa_keygen) (dsa); | ||
484 | + cookie->pkc_callback(cookie, 0); | ||
485 | } | ||
486 | + return ret; | ||
487 | +} | ||
488 | |||
489 | - if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
490 | - (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
491 | - (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
492 | - (y = BN_new()) == NULL) { | ||
493 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
494 | +static int | ||
495 | +cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, | ||
496 | + DSA_SIG *sig, struct pkc_cookie_s *cookie) | ||
497 | +{ | ||
498 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
499 | + DSA_SIG *dsaret = NULL; | ||
500 | + int q_len = 0, r_len = 0, g_len = 0; | ||
501 | + int priv_key_len = 0, ret = 1; | ||
502 | + unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = | ||
503 | + NULL; | ||
504 | + if (((sig->r = BN_new()) == NULL) || !kop) { | ||
505 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
506 | goto err; | ||
507 | } | ||
508 | |||
509 | - order = &group->order; | ||
510 | - if (!order || BN_is_zero(order)) { | ||
511 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
512 | + if ((sig->s = BN_new()) == NULL) { | ||
513 | + BN_free(sig->r); | ||
514 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
515 | goto err; | ||
516 | } | ||
517 | |||
518 | - i = BN_num_bits(order); | ||
519 | - /* | ||
520 | - * Need to truncate digest if it is too long: first truncate whole bytes | ||
521 | - */ | ||
522 | - if (8 * dgst_len > i) | ||
523 | - dgst_len = (i + 7) / 8; | ||
524 | - | ||
525 | - if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
526 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
527 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
528 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
529 | goto err; | ||
530 | } | ||
531 | |||
532 | - /* If still too long truncate remaining bits with a shift */ | ||
533 | - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
534 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
535 | + /* Get order of the field of private keys into plain buffer */ | ||
536 | + if (spcf_bn2bin(dsa->q, &r, &r_len)) { | ||
537 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
538 | goto err; | ||
539 | } | ||
540 | |||
541 | - /* copy the truncated bits into plain buffer */ | ||
542 | - if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
543 | - fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, | ||
544 | - __LINE__); | ||
545 | + /* sanity test */ | ||
546 | + if (dlen > r_len) { | ||
547 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
548 | goto err; | ||
549 | } | ||
550 | |||
551 | - ret = ECDSA_SIG_new(); | ||
552 | - if (!ret) { | ||
553 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
554 | + g_len = q_len; | ||
555 | + /** | ||
556 | + * Get generator into a plain buffer. If length is less than | ||
557 | + * q_len then add leading padding bytes. | ||
558 | + */ | ||
559 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
560 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
561 | goto err; | ||
562 | } | ||
563 | |||
564 | - /* check if this is prime or binary EC request */ | ||
565 | - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
566 | - NID_X9_62_prime_field) { | ||
567 | - ec_crv = EC_PRIME; | ||
568 | - /* get the generator point pair */ | ||
569 | - if (!EC_POINT_get_affine_coordinates_GFp | ||
570 | - (group, EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
571 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
572 | - goto err; | ||
573 | - } | ||
574 | + priv_key_len = r_len; | ||
575 | + /** | ||
576 | + * Get private key into a plain buffer. If length is less than | ||
577 | + * r_len then add leading padding bytes. | ||
578 | + */ | ||
579 | + if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { | ||
580 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
581 | + goto err; | ||
582 | + } | ||
583 | |||
584 | - /* get the ECC curve parameters */ | ||
585 | - if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
586 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
587 | + /* Allocate memory to store hash. */ | ||
588 | + f = OPENSSL_malloc(r_len); | ||
589 | + if (!f) { | ||
590 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
591 | + goto err; | ||
592 | + } | ||
593 | + | ||
594 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
595 | + if (dlen < r_len) | ||
596 | + memset(f, 0, r_len - dlen); | ||
597 | + | ||
598 | + /* Skip leading bytes if dgst_len < r_len */ | ||
599 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
600 | + | ||
601 | + dlen = r_len; | ||
602 | + | ||
603 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
604 | + kop->crk_op = CRK_DSA_SIGN; | ||
605 | + | ||
606 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
607 | + kop->crk_param[0].crp_p = (void *)f; | ||
608 | + kop->crk_param[0].crp_nbits = dlen * 8; | ||
609 | + kop->crk_param[1].crp_p = (void *)q; | ||
610 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
611 | + kop->crk_param[2].crp_p = (void *)r; | ||
612 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
613 | + kop->crk_param[3].crp_p = (void *)g; | ||
614 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
615 | + kop->crk_param[4].crp_p = (void *)priv_key; | ||
616 | + kop->crk_param[4].crp_nbits = priv_key_len * 8; | ||
617 | + kop->crk_iparams = 5; | ||
618 | + kop->cookie = cookie; | ||
619 | + | ||
620 | + if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) | ||
621 | + goto err; | ||
622 | + | ||
623 | + return ret; | ||
624 | + err: | ||
625 | + { | ||
626 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
627 | + | ||
628 | + if (kop) | ||
629 | + free(kop); | ||
630 | + BN_free(sig->r); | ||
631 | + BN_free(sig->s); | ||
632 | + dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); | ||
633 | + sig->r = dsaret->r; | ||
634 | + sig->s = dsaret->s; | ||
635 | + /* Call user callback immediately */ | ||
636 | + cookie->pkc_callback(cookie, 0); | ||
637 | + ret = dsaret; | ||
638 | + } | ||
639 | + return ret; | ||
640 | +} | ||
641 | + | ||
642 | +static int | ||
643 | +cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen, | ||
644 | + DSA_SIG *sig, DSA *dsa, | ||
645 | + struct pkc_cookie_s *cookie) | ||
646 | +{ | ||
647 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
648 | + int q_len = 0, r_len = 0, g_len = 0; | ||
649 | + int w_len = 0, c_len = 0, d_len = 0, ret = 1; | ||
650 | + unsigned char *q = NULL, *r = NULL, *w = NULL, *g = NULL; | ||
651 | + unsigned char *c = NULL, *d = NULL, *f = NULL; | ||
652 | + | ||
653 | + if (!kop) | ||
654 | + goto err; | ||
655 | + | ||
656 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
657 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
658 | + return ret; | ||
659 | + } | ||
660 | + | ||
661 | + /* Get Order of field of private keys */ | ||
662 | + if (spcf_bn2bin(dsa->q, &r, &r_len)) { | ||
663 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
664 | + goto err; | ||
665 | + } | ||
666 | + | ||
667 | + g_len = q_len; | ||
668 | + /** | ||
669 | + * Get generator into a plain buffer. If length is less than | ||
670 | + * q_len then add leading padding bytes. | ||
671 | + */ | ||
672 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
673 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
674 | + goto err; | ||
675 | + } | ||
676 | + w_len = q_len; | ||
677 | + /** | ||
678 | + * Get public key into a plain buffer. If length is less than | ||
679 | + * q_len then add leading padding bytes. | ||
680 | + */ | ||
681 | + if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { | ||
682 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
683 | + goto err; | ||
684 | + } | ||
685 | + /** | ||
686 | + * Get the 1st part of signature into a flat buffer with | ||
687 | + * appropriate padding | ||
688 | + */ | ||
689 | + c_len = r_len; | ||
690 | + | ||
691 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
692 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
693 | + goto err; | ||
694 | + } | ||
695 | + | ||
696 | + /** | ||
697 | + * Get the 2nd part of signature into a flat buffer with | ||
698 | + * appropriate padding | ||
699 | + */ | ||
700 | + d_len = r_len; | ||
701 | + | ||
702 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
703 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
704 | + goto err; | ||
705 | + } | ||
706 | + | ||
707 | + /* Sanity test */ | ||
708 | + if (dlen > r_len) { | ||
709 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
710 | + goto err; | ||
711 | + } | ||
712 | + | ||
713 | + /* Allocate memory to store hash. */ | ||
714 | + f = OPENSSL_malloc(r_len); | ||
715 | + if (!f) { | ||
716 | + DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
717 | + goto err; | ||
718 | + } | ||
719 | + | ||
720 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
721 | + if (dlen < r_len) | ||
722 | + memset(f, 0, r_len - dlen); | ||
723 | + | ||
724 | + /* Skip leading bytes if dgst_len < r_len */ | ||
725 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
726 | + | ||
727 | + dlen = r_len; | ||
728 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
729 | + | ||
730 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
731 | + kop->crk_param[0].crp_p = (void *)f; | ||
732 | + kop->crk_param[0].crp_nbits = dlen * 8; | ||
733 | + kop->crk_param[1].crp_p = q; | ||
734 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
735 | + kop->crk_param[2].crp_p = r; | ||
736 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
737 | + kop->crk_param[3].crp_p = g; | ||
738 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
739 | + kop->crk_param[4].crp_p = w; | ||
740 | + kop->crk_param[4].crp_nbits = w_len * 8; | ||
741 | + kop->crk_param[5].crp_p = c; | ||
742 | + kop->crk_param[5].crp_nbits = c_len * 8; | ||
743 | + kop->crk_param[6].crp_p = d; | ||
744 | + kop->crk_param[6].crp_nbits = d_len * 8; | ||
745 | + kop->crk_iparams = 7; | ||
746 | + kop->crk_op = CRK_DSA_VERIFY; | ||
747 | + kop->cookie = cookie; | ||
748 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
749 | + goto err; | ||
750 | + | ||
751 | + return ret; | ||
752 | + err: | ||
753 | + { | ||
754 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
755 | + | ||
756 | + if (kop) | ||
757 | + free(kop); | ||
758 | + | ||
759 | + ret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); | ||
760 | + cookie->pkc_callback(cookie, 0); | ||
761 | + } | ||
762 | + return ret; | ||
763 | +} | ||
764 | + | ||
765 | +static DSA_METHOD cryptodev_dsa = { | ||
766 | + "cryptodev DSA method", | ||
767 | + NULL, | ||
768 | + NULL, /* dsa_sign_setup */ | ||
769 | + NULL, | ||
770 | + NULL, /* dsa_mod_exp */ | ||
771 | + NULL, | ||
772 | + NULL, | ||
773 | + NULL, | ||
774 | + NULL, | ||
775 | + NULL, /* init */ | ||
776 | + NULL, /* finish */ | ||
777 | + 0, /* flags */ | ||
778 | + NULL /* app_data */ | ||
779 | +}; | ||
780 | + | ||
781 | +static ECDSA_METHOD cryptodev_ecdsa = { | ||
782 | + "cryptodev ECDSA method", | ||
783 | + NULL, | ||
784 | + NULL, /* ecdsa_sign_setup */ | ||
785 | + NULL, | ||
786 | + NULL, | ||
787 | + NULL, | ||
788 | + NULL, | ||
789 | + 0, /* flags */ | ||
790 | + NULL /* app_data */ | ||
791 | +}; | ||
792 | + | ||
793 | +typedef enum ec_curve_s { | ||
794 | + EC_PRIME, | ||
795 | + EC_BINARY | ||
796 | +} ec_curve_t; | ||
797 | + | ||
798 | +/* ENGINE handler for ECDSA Sign */ | ||
799 | +static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
800 | + int dgst_len, const BIGNUM *in_kinv, | ||
801 | + const BIGNUM *in_r, EC_KEY *eckey) | ||
802 | +{ | ||
803 | + BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
804 | + BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
805 | + BN_CTX *ctx = NULL; | ||
806 | + ECDSA_SIG *ret = NULL; | ||
807 | + ECDSA_DATA *ecdsa = NULL; | ||
808 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
809 | + unsigned char *s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = | ||
810 | + NULL; | ||
811 | + int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
812 | + int g_len = 0, d_len = 0, ab_len = 0; | ||
813 | + const BIGNUM *order = NULL, *priv_key = NULL; | ||
814 | + const EC_GROUP *group = NULL; | ||
815 | + struct crypt_kop kop; | ||
816 | + ec_curve_t ec_crv = EC_PRIME; | ||
817 | + | ||
818 | + memset(&kop, 0, sizeof(kop)); | ||
819 | + ecdsa = ecdsa_check(eckey); | ||
820 | + if (!ecdsa) { | ||
821 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
822 | + return NULL; | ||
823 | + } | ||
824 | + | ||
825 | + group = EC_KEY_get0_group(eckey); | ||
826 | + priv_key = EC_KEY_get0_private_key(eckey); | ||
827 | + | ||
828 | + if (!group || !priv_key) { | ||
829 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
830 | + return NULL; | ||
831 | + } | ||
832 | + | ||
833 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
834 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
835 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
836 | + (y = BN_new()) == NULL) { | ||
837 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
838 | + goto err; | ||
839 | + } | ||
840 | + | ||
841 | + order = &group->order; | ||
842 | + if (!order || BN_is_zero(order)) { | ||
843 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
844 | + goto err; | ||
845 | + } | ||
846 | + | ||
847 | + i = BN_num_bits(order); | ||
848 | + /* | ||
849 | + * Need to truncate digest if it is too long: first truncate whole bytes | ||
850 | + */ | ||
851 | + if (8 * dgst_len > i) | ||
852 | + dgst_len = (i + 7) / 8; | ||
853 | + | ||
854 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
855 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
856 | + goto err; | ||
857 | + } | ||
858 | + | ||
859 | + /* If still too long truncate remaining bits with a shift */ | ||
860 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
861 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
862 | + goto err; | ||
863 | + } | ||
864 | + | ||
865 | + /* copy the truncated bits into plain buffer */ | ||
866 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
867 | + fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, | ||
868 | + __LINE__); | ||
869 | + goto err; | ||
870 | + } | ||
871 | + | ||
872 | + ret = ECDSA_SIG_new(); | ||
873 | + if (!ret) { | ||
874 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
875 | + goto err; | ||
876 | + } | ||
877 | + | ||
878 | + /* check if this is prime or binary EC request */ | ||
879 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
880 | + NID_X9_62_prime_field) { | ||
881 | + ec_crv = EC_PRIME; | ||
882 | + /* get the generator point pair */ | ||
883 | + if (!EC_POINT_get_affine_coordinates_GFp | ||
884 | + (group, EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
885 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
886 | + goto err; | ||
887 | + } | ||
888 | + | ||
889 | + /* get the ECC curve parameters */ | ||
890 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
891 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
892 | goto err; | ||
893 | } | ||
894 | } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
895 | @@ -2312,54 +2827,588 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
896 | goto err; | ||
897 | } | ||
898 | |||
899 | - /* memory for message representative */ | ||
900 | - f = malloc(r_len); | ||
901 | - if (!f) { | ||
902 | - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
903 | - goto err; | ||
904 | + /* memory for message representative */ | ||
905 | + f = malloc(r_len); | ||
906 | + if (!f) { | ||
907 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
908 | + goto err; | ||
909 | + } | ||
910 | + | ||
911 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
912 | + memset(f, 0, r_len - dgst_len); | ||
913 | + | ||
914 | + /* Skip leading bytes if dgst_len < r_len */ | ||
915 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
916 | + dgst_len += r_len - dgst_len; | ||
917 | + kop.crk_op = CRK_DSA_VERIFY; | ||
918 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
919 | + kop.crk_param[0].crp_p = f; | ||
920 | + kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
921 | + kop.crk_param[1].crp_p = q; | ||
922 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
923 | + kop.crk_param[2].crp_p = r; | ||
924 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
925 | + kop.crk_param[3].crp_p = g_xy; | ||
926 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
927 | + kop.crk_param[4].crp_p = w_xy; | ||
928 | + kop.crk_param[4].crp_nbits = pub_key_len * 8; | ||
929 | + kop.crk_param[5].crp_p = ab; | ||
930 | + kop.crk_param[5].crp_nbits = ab_len * 8; | ||
931 | + kop.crk_param[6].crp_p = c; | ||
932 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
933 | + kop.crk_param[7].crp_p = d; | ||
934 | + kop.crk_param[7].crp_nbits = d_len * 8; | ||
935 | + kop.crk_iparams = 8; | ||
936 | + | ||
937 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
938 | + /* | ||
939 | + * OCF success value is 0, if not zero, change ret to fail | ||
940 | + */ | ||
941 | + if (0 == kop.crk_status) | ||
942 | + ret = 1; | ||
943 | + } else { | ||
944 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
945 | + | ||
946 | + ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); | ||
947 | + } | ||
948 | + kop.crk_param[0].crp_p = NULL; | ||
949 | + zapparams(&kop); | ||
950 | + | ||
951 | + err: | ||
952 | + return ret; | ||
953 | +} | ||
954 | + | ||
955 | +static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, | ||
956 | + int dgst_len, const BIGNUM *in_kinv, | ||
957 | + const BIGNUM *in_r, EC_KEY *eckey, | ||
958 | + ECDSA_SIG *sig, | ||
959 | + struct pkc_cookie_s *cookie) | ||
960 | +{ | ||
961 | + BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
962 | + BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
963 | + BN_CTX *ctx = NULL; | ||
964 | + ECDSA_SIG *sig_ret = NULL; | ||
965 | + ECDSA_DATA *ecdsa = NULL; | ||
966 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
967 | + unsigned char *s = NULL, *f = NULL, *tmp_dgst = NULL; | ||
968 | + int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
969 | + int g_len = 0, ab_len = 0, ret = 1; | ||
970 | + const BIGNUM *order = NULL, *priv_key = NULL; | ||
971 | + const EC_GROUP *group = NULL; | ||
972 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
973 | + ec_curve_t ec_crv = EC_PRIME; | ||
974 | + | ||
975 | + if (!(sig->r = BN_new()) || !kop) | ||
976 | + goto err; | ||
977 | + if ((sig->s = BN_new()) == NULL) { | ||
978 | + BN_free(r); | ||
979 | + goto err; | ||
980 | + } | ||
981 | + | ||
982 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
983 | + ecdsa = ecdsa_check(eckey); | ||
984 | + if (!ecdsa) { | ||
985 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
986 | + goto err; | ||
987 | + } | ||
988 | + | ||
989 | + group = EC_KEY_get0_group(eckey); | ||
990 | + priv_key = EC_KEY_get0_private_key(eckey); | ||
991 | + | ||
992 | + if (!group || !priv_key) { | ||
993 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
994 | + goto err; | ||
995 | + } | ||
996 | + | ||
997 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
998 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
999 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
1000 | + (y = BN_new()) == NULL) { | ||
1001 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1002 | + goto err; | ||
1003 | + } | ||
1004 | + | ||
1005 | + order = &group->order; | ||
1006 | + if (!order || BN_is_zero(order)) { | ||
1007 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
1008 | + goto err; | ||
1009 | + } | ||
1010 | + | ||
1011 | + i = BN_num_bits(order); | ||
1012 | + /* | ||
1013 | + * Need to truncate digest if it is too long: first truncate whole bytes | ||
1014 | + */ | ||
1015 | + if (8 * dgst_len > i) | ||
1016 | + dgst_len = (i + 7) / 8; | ||
1017 | + | ||
1018 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
1019 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
1020 | + goto err; | ||
1021 | + } | ||
1022 | + | ||
1023 | + /* If still too long truncate remaining bits with a shift */ | ||
1024 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
1025 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
1026 | + goto err; | ||
1027 | + } | ||
1028 | + | ||
1029 | + /* copy the truncated bits into plain buffer */ | ||
1030 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
1031 | + fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, | ||
1032 | + __LINE__); | ||
1033 | + goto err; | ||
1034 | + } | ||
1035 | + | ||
1036 | + /* check if this is prime or binary EC request */ | ||
1037 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) | ||
1038 | + == NID_X9_62_prime_field) { | ||
1039 | + ec_crv = EC_PRIME; | ||
1040 | + /* get the generator point pair */ | ||
1041 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1042 | + EC_GROUP_get0_generator | ||
1043 | + (group), x, y, ctx)) { | ||
1044 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1045 | + goto err; | ||
1046 | + } | ||
1047 | + | ||
1048 | + /* get the ECC curve parameters */ | ||
1049 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1050 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1051 | + goto err; | ||
1052 | + } | ||
1053 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1054 | + NID_X9_62_characteristic_two_field) { | ||
1055 | + ec_crv = EC_BINARY; | ||
1056 | + /* get the ECC curve parameters */ | ||
1057 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { | ||
1058 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1059 | + goto err; | ||
1060 | + } | ||
1061 | + | ||
1062 | + /* get the generator point pair */ | ||
1063 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1064 | + EC_GROUP_get0_generator | ||
1065 | + (group), x, y, ctx)) { | ||
1066 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1067 | + goto err; | ||
1068 | + } | ||
1069 | + } else { | ||
1070 | + printf("Unsupported Curve\n"); | ||
1071 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1072 | + goto err; | ||
1073 | + } | ||
1074 | + | ||
1075 | + if (spcf_bn2bin(order, &r, &r_len)) { | ||
1076 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1077 | + goto err; | ||
1078 | + } | ||
1079 | + | ||
1080 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1081 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1082 | + goto err; | ||
1083 | + } | ||
1084 | + | ||
1085 | + priv_key_len = r_len; | ||
1086 | + | ||
1087 | + /** | ||
1088 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
1089 | + * add padding bytes before the key | ||
1090 | + */ | ||
1091 | + if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { | ||
1092 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1093 | + goto err; | ||
1094 | + } | ||
1095 | + | ||
1096 | + /* Generation of ECC curve parameters */ | ||
1097 | + ab_len = 2 * q_len; | ||
1098 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
1099 | + if (!ab) { | ||
1100 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1101 | + goto err; | ||
1102 | + } | ||
1103 | + | ||
1104 | + if (ec_crv == EC_BINARY) { | ||
1105 | + if (eng_ec_get_cparam | ||
1106 | + (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { | ||
1107 | + unsigned char *c_temp = NULL; | ||
1108 | + int c_temp_len = q_len; | ||
1109 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1110 | + memcpy(ab + q_len, c_temp, q_len); | ||
1111 | + else | ||
1112 | + goto err; | ||
1113 | + } | ||
1114 | + kop->curve_type = ECC_BINARY; | ||
1115 | + } | ||
1116 | + | ||
1117 | + /* Calculation of Generator point */ | ||
1118 | + g_len = 2 * q_len; | ||
1119 | + g_xy = eng_copy_curve_points(x, y, g_len, q_len); | ||
1120 | + if (!g_xy) { | ||
1121 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1122 | + goto err; | ||
1123 | + } | ||
1124 | + | ||
1125 | + /* memory for message representative */ | ||
1126 | + f = malloc(r_len); | ||
1127 | + if (!f) { | ||
1128 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1129 | + goto err; | ||
1130 | + } | ||
1131 | + | ||
1132 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
1133 | + memset(f, 0, r_len - dgst_len); | ||
1134 | + | ||
1135 | + /* Skip leading bytes if dgst_len < r_len */ | ||
1136 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
1137 | + | ||
1138 | + dgst_len += r_len - dgst_len; | ||
1139 | + | ||
1140 | + kop->crk_op = CRK_DSA_SIGN; | ||
1141 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1142 | + kop->crk_param[0].crp_p = f; | ||
1143 | + kop->crk_param[0].crp_nbits = dgst_len * 8; | ||
1144 | + kop->crk_param[1].crp_p = q; | ||
1145 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
1146 | + kop->crk_param[2].crp_p = r; | ||
1147 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
1148 | + kop->crk_param[3].crp_p = g_xy; | ||
1149 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
1150 | + kop->crk_param[4].crp_p = s; | ||
1151 | + kop->crk_param[4].crp_nbits = priv_key_len * 8; | ||
1152 | + kop->crk_param[5].crp_p = ab; | ||
1153 | + kop->crk_param[5].crp_nbits = ab_len * 8; | ||
1154 | + kop->crk_iparams = 6; | ||
1155 | + kop->cookie = cookie; | ||
1156 | + | ||
1157 | + if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) | ||
1158 | + goto err; | ||
1159 | + | ||
1160 | + return ret; | ||
1161 | + err: | ||
1162 | + { | ||
1163 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1164 | + BN_free(sig->r); | ||
1165 | + BN_free(sig->s); | ||
1166 | + if (kop) | ||
1167 | + free(kop); | ||
1168 | + sig_ret = | ||
1169 | + (meth->ecdsa_do_sign) (dgst, dgst_len, in_kinv, in_r, eckey); | ||
1170 | + sig->r = sig_ret->r; | ||
1171 | + sig->s = sig_ret->s; | ||
1172 | + cookie->pkc_callback(cookie, 0); | ||
1173 | + } | ||
1174 | + return ret; | ||
1175 | +} | ||
1176 | + | ||
1177 | +static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, | ||
1178 | + int dgst_len, const ECDSA_SIG *sig, | ||
1179 | + EC_KEY *eckey, | ||
1180 | + struct pkc_cookie_s *cookie) | ||
1181 | +{ | ||
1182 | + BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; | ||
1183 | + BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; | ||
1184 | + BN_CTX *ctx = NULL; | ||
1185 | + ECDSA_DATA *ecdsa = NULL; | ||
1186 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = | ||
1187 | + NULL; | ||
1188 | + unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
1189 | + int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; | ||
1190 | + int d_len = 0, ab_len = 0, ret = 1; | ||
1191 | + const EC_POINT *pub_key = NULL; | ||
1192 | + const BIGNUM *order = NULL; | ||
1193 | + const EC_GROUP *group = NULL; | ||
1194 | + ec_curve_t ec_crv = EC_PRIME; | ||
1195 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1196 | + | ||
1197 | + if (!kop) | ||
1198 | + goto err; | ||
1199 | + | ||
1200 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1201 | + ecdsa = ecdsa_check(eckey); | ||
1202 | + if (!ecdsa) { | ||
1203 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
1204 | + goto err; | ||
1205 | + } | ||
1206 | + | ||
1207 | + group = EC_KEY_get0_group(eckey); | ||
1208 | + pub_key = EC_KEY_get0_public_key(eckey); | ||
1209 | + | ||
1210 | + if (!group || !pub_key) { | ||
1211 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
1212 | + goto err; | ||
1213 | + } | ||
1214 | + | ||
1215 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
1216 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
1217 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
1218 | + (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || | ||
1219 | + (w_y = BN_new()) == NULL) { | ||
1220 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1221 | + goto err; | ||
1222 | + } | ||
1223 | + | ||
1224 | + order = &group->order; | ||
1225 | + if (!order || BN_is_zero(order)) { | ||
1226 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); | ||
1227 | + goto err; | ||
1228 | + } | ||
1229 | + | ||
1230 | + i = BN_num_bits(order); | ||
1231 | + /* | ||
1232 | + * Need to truncate digest if it is too long: first truncate whole * | ||
1233 | + * bytes | ||
1234 | + */ | ||
1235 | + if (8 * dgst_len > i) | ||
1236 | + dgst_len = (i + 7) / 8; | ||
1237 | + | ||
1238 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
1239 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1240 | + goto err; | ||
1241 | + } | ||
1242 | + | ||
1243 | + /* If still too long truncate remaining bits with a shift */ | ||
1244 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
1245 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1246 | + goto err; | ||
1247 | + } | ||
1248 | + /* copy the truncated bits into plain buffer */ | ||
1249 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
1250 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1251 | + goto err; | ||
1252 | + } | ||
1253 | + | ||
1254 | + /* check if this is prime or binary EC request */ | ||
1255 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1256 | + NID_X9_62_prime_field) { | ||
1257 | + ec_crv = EC_PRIME; | ||
1258 | + | ||
1259 | + /* get the generator point pair */ | ||
1260 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1261 | + EC_GROUP_get0_generator | ||
1262 | + (group), x, y, ctx)) { | ||
1263 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1264 | + goto err; | ||
1265 | + } | ||
1266 | + | ||
1267 | + /* get the public key pair for prime curve */ | ||
1268 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1269 | + pub_key, w_x, w_y, ctx)) { | ||
1270 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1271 | + goto err; | ||
1272 | + } | ||
1273 | + | ||
1274 | + /* get the ECC curve parameters */ | ||
1275 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1276 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1277 | + goto err; | ||
1278 | + } | ||
1279 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1280 | + NID_X9_62_characteristic_two_field) { | ||
1281 | + ec_crv = EC_BINARY; | ||
1282 | + /* get the ECC curve parameters */ | ||
1283 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { | ||
1284 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1285 | + goto err; | ||
1286 | + } | ||
1287 | + | ||
1288 | + /* get the generator point pair */ | ||
1289 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1290 | + EC_GROUP_get0_generator | ||
1291 | + (group), x, y, ctx)) { | ||
1292 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1293 | + goto err; | ||
1294 | + } | ||
1295 | + | ||
1296 | + /* get the public key pair for binary curve */ | ||
1297 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1298 | + pub_key, w_x, w_y, ctx)) { | ||
1299 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1300 | + goto err; | ||
1301 | + } | ||
1302 | + } else { | ||
1303 | + printf("Unsupported Curve\n"); | ||
1304 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1305 | + goto err; | ||
1306 | + } | ||
1307 | + | ||
1308 | + /* Get the order of the subgroup of private keys */ | ||
1309 | + if (spcf_bn2bin((BIGNUM *)order, &r, &r_len)) { | ||
1310 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1311 | + goto err; | ||
1312 | + } | ||
1313 | + | ||
1314 | + /* Get the irreducible polynomial that creates the field */ | ||
1315 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1316 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1317 | + goto err; | ||
1318 | + } | ||
1319 | + | ||
1320 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1321 | + pub_key_len = 2 * q_len; | ||
1322 | + | ||
1323 | + w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); | ||
1324 | + if (!w_xy) { | ||
1325 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1326 | + goto err; | ||
1327 | + } | ||
1328 | + | ||
1329 | + /* Generation of ECC curve parameters */ | ||
1330 | + ab_len = 2 * q_len; | ||
1331 | + | ||
1332 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
1333 | + if (!ab) { | ||
1334 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1335 | + goto err; | ||
1336 | + } | ||
1337 | + | ||
1338 | + if (ec_crv == EC_BINARY) { | ||
1339 | + /* copy b' i.e c(b), instead of only b */ | ||
1340 | + eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len); | ||
1341 | + kop->curve_type = ECC_BINARY; | ||
1342 | + } | ||
1343 | + | ||
1344 | + /* Calculation of Generator point */ | ||
1345 | + g_len = 2 * q_len; | ||
1346 | + | ||
1347 | + g_xy = eng_copy_curve_points(x, y, g_len, q_len); | ||
1348 | + if (!g_xy) { | ||
1349 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1350 | + goto err; | ||
1351 | + } | ||
1352 | + | ||
1353 | + /** | ||
1354 | + * Get the 1st part of signature into a flat buffer with | ||
1355 | + * appropriate padding | ||
1356 | + */ | ||
1357 | + if (BN_num_bytes(sig->r) < r_len) | ||
1358 | + c_len = r_len; | ||
1359 | + | ||
1360 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
1361 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1362 | + goto err; | ||
1363 | + } | ||
1364 | + | ||
1365 | + /** | ||
1366 | + * Get the 2nd part of signature into a flat buffer with | ||
1367 | + * appropriate padding | ||
1368 | + */ | ||
1369 | + if (BN_num_bytes(sig->s) < r_len) | ||
1370 | + d_len = r_len; | ||
1371 | + | ||
1372 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
1373 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1374 | + goto err; | ||
1375 | + } | ||
1376 | + | ||
1377 | + /* memory for message representative */ | ||
1378 | + f = malloc(r_len); | ||
1379 | + if (!f) { | ||
1380 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1381 | + goto err; | ||
1382 | + } | ||
1383 | + | ||
1384 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
1385 | + memset(f, 0, r_len - dgst_len); | ||
1386 | + | ||
1387 | + /* Skip leading bytes if dgst_len < r_len */ | ||
1388 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
1389 | + | ||
1390 | + dgst_len += r_len - dgst_len; | ||
1391 | + | ||
1392 | + kop->crk_op = CRK_DSA_VERIFY; | ||
1393 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1394 | + kop->crk_param[0].crp_p = f; | ||
1395 | + kop->crk_param[0].crp_nbits = dgst_len * 8; | ||
1396 | + kop->crk_param[1].crp_p = q; | ||
1397 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
1398 | + kop->crk_param[2].crp_p = r; | ||
1399 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
1400 | + kop->crk_param[3].crp_p = g_xy; | ||
1401 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
1402 | + kop->crk_param[4].crp_p = w_xy; | ||
1403 | + kop->crk_param[4].crp_nbits = pub_key_len * 8; | ||
1404 | + kop->crk_param[5].crp_p = ab; | ||
1405 | + kop->crk_param[5].crp_nbits = ab_len * 8; | ||
1406 | + kop->crk_param[6].crp_p = c; | ||
1407 | + kop->crk_param[6].crp_nbits = d_len * 8; | ||
1408 | + kop->crk_param[7].crp_p = d; | ||
1409 | + kop->crk_param[7].crp_nbits = d_len * 8; | ||
1410 | + kop->crk_iparams = 8; | ||
1411 | + kop->cookie = cookie; | ||
1412 | + | ||
1413 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
1414 | + goto err; | ||
1415 | + | ||
1416 | + return ret; | ||
1417 | + err: | ||
1418 | + { | ||
1419 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1420 | + | ||
1421 | + if (kop) | ||
1422 | + free(kop); | ||
1423 | + ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); | ||
1424 | + cookie->pkc_callback(cookie, 0); | ||
1425 | + } | ||
1426 | + | ||
1427 | + return ret; | ||
1428 | +} | ||
1429 | + | ||
1430 | +/* Cryptodev DH Key Gen routine */ | ||
1431 | +static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) | ||
1432 | +{ | ||
1433 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1434 | + int ret = 1, g_len; | ||
1435 | + unsigned char *g = NULL; | ||
1436 | + | ||
1437 | + if (!kop) | ||
1438 | + goto sw_try; | ||
1439 | + | ||
1440 | + if (dh->priv_key == NULL) { | ||
1441 | + if ((dh->priv_key = BN_new()) == NULL) | ||
1442 | + goto sw_try; | ||
1443 | + } | ||
1444 | + | ||
1445 | + if (dh->pub_key == NULL) { | ||
1446 | + if ((dh->pub_key = BN_new()) == NULL) | ||
1447 | + goto sw_try; | ||
1448 | + } | ||
1449 | + | ||
1450 | + g_len = BN_num_bytes(dh->p); | ||
1451 | + /** | ||
1452 | + * Get generator into a plain buffer. If length is less than | ||
1453 | + * q_len then add leading padding bytes. | ||
1454 | + */ | ||
1455 | + if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { | ||
1456 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
1457 | + goto sw_try; | ||
1458 | } | ||
1459 | |||
1460 | - /* Add padding, since SEC expects hash to of size r_len */ | ||
1461 | - memset(f, 0, r_len - dgst_len); | ||
1462 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1463 | + kop->crk_op = CRK_DH_GENERATE_KEY; | ||
1464 | + if (bn2crparam(dh->p, &kop->crk_param[0])) | ||
1465 | + goto sw_try; | ||
1466 | + if (bn2crparam(dh->q, &kop->crk_param[1])) | ||
1467 | + goto sw_try; | ||
1468 | + kop->crk_param[2].crp_p = g; | ||
1469 | + kop->crk_param[2].crp_nbits = g_len * 8; | ||
1470 | + kop->crk_iparams = 3; | ||
1471 | + kop->cookie = cookie; | ||
1472 | |||
1473 | - /* Skip leading bytes if dgst_len < r_len */ | ||
1474 | - memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
1475 | - dgst_len += r_len - dgst_len; | ||
1476 | - kop.crk_op = CRK_DSA_VERIFY; | ||
1477 | - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1478 | - kop.crk_param[0].crp_p = f; | ||
1479 | - kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
1480 | - kop.crk_param[1].crp_p = q; | ||
1481 | - kop.crk_param[1].crp_nbits = q_len * 8; | ||
1482 | - kop.crk_param[2].crp_p = r; | ||
1483 | - kop.crk_param[2].crp_nbits = r_len * 8; | ||
1484 | - kop.crk_param[3].crp_p = g_xy; | ||
1485 | - kop.crk_param[3].crp_nbits = g_len * 8; | ||
1486 | - kop.crk_param[4].crp_p = w_xy; | ||
1487 | - kop.crk_param[4].crp_nbits = pub_key_len * 8; | ||
1488 | - kop.crk_param[5].crp_p = ab; | ||
1489 | - kop.crk_param[5].crp_nbits = ab_len * 8; | ||
1490 | - kop.crk_param[6].crp_p = c; | ||
1491 | - kop.crk_param[6].crp_nbits = d_len * 8; | ||
1492 | - kop.crk_param[7].crp_p = d; | ||
1493 | - kop.crk_param[7].crp_nbits = d_len * 8; | ||
1494 | - kop.crk_iparams = 8; | ||
1495 | + /* pub_key is or prime length while priv key is of length of order */ | ||
1496 | + if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key, | ||
1497 | + BN_num_bytes(dh->q), dh->priv_key)) | ||
1498 | + goto sw_try; | ||
1499 | |||
1500 | - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
1501 | - /* | ||
1502 | - * OCF success value is 0, if not zero, change ret to fail | ||
1503 | - */ | ||
1504 | - if (0 == kop.crk_status) | ||
1505 | - ret = 1; | ||
1506 | - } else { | ||
1507 | - const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1508 | + return ret; | ||
1509 | + sw_try: | ||
1510 | + { | ||
1511 | + const DH_METHOD *meth = DH_OpenSSL(); | ||
1512 | |||
1513 | - ret = (meth->ecdsa_do_verify) (dgst, dgst_len, sig, eckey); | ||
1514 | + if (kop) | ||
1515 | + free(kop); | ||
1516 | + ret = (meth->generate_key) (dh); | ||
1517 | + cookie->pkc_callback(cookie, 0); | ||
1518 | } | ||
1519 | - kop.crk_param[0].crp_p = NULL; | ||
1520 | - zapparams(&kop); | ||
1521 | - | ||
1522 | - err: | ||
1523 | return ret; | ||
1524 | } | ||
1525 | |||
1526 | @@ -2468,6 +3517,54 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
1527 | return (dhret); | ||
1528 | } | ||
1529 | |||
1530 | +/* Return Length if successful and 0 on failure */ | ||
1531 | +static int | ||
1532 | +cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, | ||
1533 | + DH *dh, struct pkc_cookie_s *cookie) | ||
1534 | +{ | ||
1535 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1536 | + int ret = 1; | ||
1537 | + int fd, p_len; | ||
1538 | + unsigned char *padded_pub_key = NULL, *p = NULL; | ||
1539 | + | ||
1540 | + fd = *(int *)cookie->eng_handle; | ||
1541 | + | ||
1542 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1543 | + kop->crk_op = CRK_DH_COMPUTE_KEY; | ||
1544 | + /* inputs: dh->priv_key pub_key dh->p key */ | ||
1545 | + spcf_bn2bin(dh->p, &p, &p_len); | ||
1546 | + spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); | ||
1547 | + | ||
1548 | + if (bn2crparam(dh->priv_key, &kop->crk_param[0])) | ||
1549 | + goto err; | ||
1550 | + kop->crk_param[1].crp_p = padded_pub_key; | ||
1551 | + kop->crk_param[1].crp_nbits = p_len * 8; | ||
1552 | + kop->crk_param[2].crp_p = p; | ||
1553 | + kop->crk_param[2].crp_nbits = p_len * 8; | ||
1554 | + kop->crk_iparams = 3; | ||
1555 | + | ||
1556 | + kop->cookie = cookie; | ||
1557 | + kop->crk_param[3].crp_p = (void *)key; | ||
1558 | + kop->crk_param[3].crp_nbits = p_len * 8; | ||
1559 | + kop->crk_oparams = 1; | ||
1560 | + | ||
1561 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
1562 | + goto err; | ||
1563 | + | ||
1564 | + return p_len; | ||
1565 | + err: | ||
1566 | + { | ||
1567 | + const DH_METHOD *meth = DH_OpenSSL(); | ||
1568 | + | ||
1569 | + if (kop) | ||
1570 | + free(kop); | ||
1571 | + ret = (meth->compute_key) (key, pub_key, dh); | ||
1572 | + /* Call user cookie handler */ | ||
1573 | + cookie->pkc_callback(cookie, 0); | ||
1574 | + } | ||
1575 | + return (ret); | ||
1576 | +} | ||
1577 | + | ||
1578 | int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
1579 | const EC_POINT *pub_key, EC_KEY *ecdh, | ||
1580 | void *(*KDF) (const void *in, size_t inlen, | ||
1581 | @@ -2650,6 +3747,197 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
1582 | return ret; | ||
1583 | } | ||
1584 | |||
1585 | +int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | ||
1586 | + const EC_POINT *pub_key, EC_KEY *ecdh, | ||
1587 | + void *(*KDF) (const void *in, | ||
1588 | + size_t inlen, void *out, | ||
1589 | + size_t *outlen), | ||
1590 | + struct pkc_cookie_s *cookie) | ||
1591 | +{ | ||
1592 | + ec_curve_t ec_crv = EC_PRIME; | ||
1593 | + unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
1594 | + BIGNUM *w_x = NULL, *w_y = NULL; | ||
1595 | + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
1596 | + BIGNUM *p = NULL, *a = NULL, *b = NULL; | ||
1597 | + BN_CTX *ctx; | ||
1598 | + EC_POINT *tmp = NULL; | ||
1599 | + BIGNUM *x = NULL, *y = NULL; | ||
1600 | + const BIGNUM *priv_key; | ||
1601 | + const EC_GROUP *group = NULL; | ||
1602 | + int ret = 1; | ||
1603 | + size_t buflen, len; | ||
1604 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1605 | + | ||
1606 | + if (!(ctx = BN_CTX_new()) || !kop) | ||
1607 | + goto err; | ||
1608 | + | ||
1609 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1610 | + | ||
1611 | + BN_CTX_start(ctx); | ||
1612 | + x = BN_CTX_get(ctx); | ||
1613 | + y = BN_CTX_get(ctx); | ||
1614 | + p = BN_CTX_get(ctx); | ||
1615 | + a = BN_CTX_get(ctx); | ||
1616 | + b = BN_CTX_get(ctx); | ||
1617 | + w_x = BN_CTX_get(ctx); | ||
1618 | + w_y = BN_CTX_get(ctx); | ||
1619 | + | ||
1620 | + if (!x || !y || !p || !a || !b || !w_x || !w_y) { | ||
1621 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); | ||
1622 | + goto err; | ||
1623 | + } | ||
1624 | + | ||
1625 | + priv_key = EC_KEY_get0_private_key(ecdh); | ||
1626 | + if (priv_key == NULL) { | ||
1627 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); | ||
1628 | + goto err; | ||
1629 | + } | ||
1630 | + | ||
1631 | + group = EC_KEY_get0_group(ecdh); | ||
1632 | + if ((tmp = EC_POINT_new(group)) == NULL) { | ||
1633 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); | ||
1634 | + goto err; | ||
1635 | + } | ||
1636 | + | ||
1637 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1638 | + NID_X9_62_prime_field) { | ||
1639 | + ec_crv = EC_PRIME; | ||
1640 | + | ||
1641 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1642 | + EC_GROUP_get0_generator | ||
1643 | + (group), x, y, ctx)) { | ||
1644 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1645 | + goto err; | ||
1646 | + } | ||
1647 | + | ||
1648 | + /* get the ECC curve parameters */ | ||
1649 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1650 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1651 | + goto err; | ||
1652 | + } | ||
1653 | + | ||
1654 | + /* get the public key pair for prime curve */ | ||
1655 | + if (!EC_POINT_get_affine_coordinates_GFp | ||
1656 | + (group, pub_key, w_x, w_y, ctx)) { | ||
1657 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1658 | + goto err; | ||
1659 | + } | ||
1660 | + } else { | ||
1661 | + ec_crv = EC_BINARY; | ||
1662 | + | ||
1663 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1664 | + EC_GROUP_get0_generator | ||
1665 | + (group), x, y, ctx)) { | ||
1666 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1667 | + goto err; | ||
1668 | + } | ||
1669 | + | ||
1670 | + /* get the ECC curve parameters */ | ||
1671 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) { | ||
1672 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1673 | + goto err; | ||
1674 | + } | ||
1675 | + | ||
1676 | + /* get the public key pair for binary curve */ | ||
1677 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1678 | + pub_key, w_x, w_y, ctx)) { | ||
1679 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1680 | + goto err; | ||
1681 | + } | ||
1682 | + } | ||
1683 | + | ||
1684 | + /* irreducible polynomial that creates the field */ | ||
1685 | + if (spcf_bn2bin((BIGNUM *)&group->order, &r, &r_len)) { | ||
1686 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1687 | + goto err; | ||
1688 | + } | ||
1689 | + | ||
1690 | + /* Get the irreducible polynomial that creates the field */ | ||
1691 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1692 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1693 | + goto err; | ||
1694 | + } | ||
1695 | + | ||
1696 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1697 | + pub_key_len = 2 * q_len; | ||
1698 | + w_xy = eng_copy_curve_points(w_x, w_y, pub_key_len, q_len); | ||
1699 | + if (!w_xy) { | ||
1700 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1701 | + goto err; | ||
1702 | + } | ||
1703 | + | ||
1704 | + /* Generation of ECC curve parameters */ | ||
1705 | + ab_len = 2 * q_len; | ||
1706 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
1707 | + if (!ab) { | ||
1708 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); | ||
1709 | + goto err; | ||
1710 | + } | ||
1711 | + | ||
1712 | + if (ec_crv == EC_BINARY) { | ||
1713 | + /* copy b' i.e c(b), instead of only b */ | ||
1714 | + if (eng_ec_get_cparam | ||
1715 | + (EC_GROUP_get_curve_name(group), ab + q_len, q_len)) { | ||
1716 | + unsigned char *c_temp = NULL; | ||
1717 | + int c_temp_len = q_len; | ||
1718 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1719 | + memcpy(ab + q_len, c_temp, q_len); | ||
1720 | + else | ||
1721 | + goto err; | ||
1722 | + } | ||
1723 | + kop->curve_type = ECC_BINARY; | ||
1724 | + } else | ||
1725 | + kop->curve_type = ECC_PRIME; | ||
1726 | + | ||
1727 | + priv_key_len = r_len; | ||
1728 | + | ||
1729 | + /* | ||
1730 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
1731 | + * add padding bytes before the key | ||
1732 | + */ | ||
1733 | + if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { | ||
1734 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1735 | + goto err; | ||
1736 | + } | ||
1737 | + | ||
1738 | + buflen = (EC_GROUP_get_degree(group) + 7) / 8; | ||
1739 | + len = BN_num_bytes(x); | ||
1740 | + if (len > buflen || q_len < buflen) { | ||
1741 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); | ||
1742 | + goto err; | ||
1743 | + } | ||
1744 | + | ||
1745 | + kop->crk_op = CRK_DH_COMPUTE_KEY; | ||
1746 | + kop->crk_param[0].crp_p = (void *)s; | ||
1747 | + kop->crk_param[0].crp_nbits = priv_key_len * 8; | ||
1748 | + kop->crk_param[1].crp_p = (void *)w_xy; | ||
1749 | + kop->crk_param[1].crp_nbits = pub_key_len * 8; | ||
1750 | + kop->crk_param[2].crp_p = (void *)q; | ||
1751 | + kop->crk_param[2].crp_nbits = q_len * 8; | ||
1752 | + kop->crk_param[3].crp_p = (void *)ab; | ||
1753 | + kop->crk_param[3].crp_nbits = ab_len * 8; | ||
1754 | + kop->crk_iparams = 4; | ||
1755 | + kop->crk_param[4].crp_p = (void *)out; | ||
1756 | + kop->crk_param[4].crp_nbits = q_len * 8; | ||
1757 | + kop->crk_oparams = 1; | ||
1758 | + kop->cookie = cookie; | ||
1759 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
1760 | + goto err; | ||
1761 | + | ||
1762 | + return q_len; | ||
1763 | + err: | ||
1764 | + { | ||
1765 | + const ECDH_METHOD *meth = ECDH_OpenSSL(); | ||
1766 | + | ||
1767 | + if (kop) | ||
1768 | + free(kop); | ||
1769 | + ret = (meth->compute_key) (out, outlen, pub_key, ecdh, KDF); | ||
1770 | + /* Call user cookie handler */ | ||
1771 | + cookie->pkc_callback(cookie, 0); | ||
1772 | + } | ||
1773 | + return ret; | ||
1774 | +} | ||
1775 | + | ||
1776 | static DH_METHOD cryptodev_dh = { | ||
1777 | "cryptodev DH method", | ||
1778 | NULL, /* cryptodev_dh_generate_key */ | ||
1779 | @@ -2657,6 +3945,8 @@ static DH_METHOD cryptodev_dh = { | ||
1780 | NULL, | ||
1781 | NULL, | ||
1782 | NULL, | ||
1783 | + NULL, | ||
1784 | + NULL, | ||
1785 | 0, /* flags */ | ||
1786 | NULL /* app_data */ | ||
1787 | }; | ||
1788 | @@ -2665,6 +3955,7 @@ static ECDH_METHOD cryptodev_ecdh = { | ||
1789 | "cryptodev ECDH method", | ||
1790 | NULL, /* cryptodev_ecdh_compute_key */ | ||
1791 | NULL, | ||
1792 | + NULL, | ||
1793 | 0, /* flags */ | ||
1794 | NULL /* app_data */ | ||
1795 | }; | ||
1796 | @@ -2735,10 +4026,15 @@ void ENGINE_load_cryptodev(void) | ||
1797 | cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; | ||
1798 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
1799 | cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; | ||
1800 | - if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) | ||
1801 | + cryptodev_rsa.bn_mod_exp_async = cryptodev_bn_mod_exp_async; | ||
1802 | + if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) { | ||
1803 | cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; | ||
1804 | - else | ||
1805 | + cryptodev_rsa.rsa_mod_exp_async = cryptodev_rsa_mod_exp_async; | ||
1806 | + } else { | ||
1807 | cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; | ||
1808 | + cryptodev_rsa.rsa_mod_exp_async = | ||
1809 | + cryptodev_rsa_nocrt_mod_exp_async; | ||
1810 | + } | ||
1811 | } | ||
1812 | } | ||
1813 | |||
1814 | @@ -2746,12 +4042,18 @@ void ENGINE_load_cryptodev(void) | ||
1815 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
1816 | |||
1817 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | ||
1818 | - if (cryptodev_asymfeat & CRF_DSA_SIGN) | ||
1819 | + if (cryptodev_asymfeat & CRF_DSA_SIGN) { | ||
1820 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | ||
1821 | - if (cryptodev_asymfeat & CRF_DSA_VERIFY) | ||
1822 | + cryptodev_dsa.dsa_do_sign_async = cryptodev_dsa_do_sign_async; | ||
1823 | + } | ||
1824 | + if (cryptodev_asymfeat & CRF_DSA_VERIFY) { | ||
1825 | cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | ||
1826 | - if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) | ||
1827 | + cryptodev_dsa.dsa_do_verify_async = cryptodev_dsa_verify_async; | ||
1828 | + } | ||
1829 | + if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) { | ||
1830 | cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; | ||
1831 | + cryptodev_dsa.dsa_keygen_async = cryptodev_dsa_keygen_async; | ||
1832 | + } | ||
1833 | } | ||
1834 | |||
1835 | if (ENGINE_set_DH(engine, &cryptodev_dh)) { | ||
1836 | @@ -2759,9 +4061,12 @@ void ENGINE_load_cryptodev(void) | ||
1837 | memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); | ||
1838 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1839 | cryptodev_dh.compute_key = cryptodev_dh_compute_key; | ||
1840 | + cryptodev_dh.compute_key_async = cryptodev_dh_compute_key_async; | ||
1841 | } | ||
1842 | if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { | ||
1843 | cryptodev_dh.generate_key = cryptodev_dh_keygen; | ||
1844 | + cryptodev_dh.generate_key_async = cryptodev_dh_keygen_async; | ||
1845 | + | ||
1846 | } | ||
1847 | } | ||
1848 | |||
1849 | @@ -2770,9 +4075,13 @@ void ENGINE_load_cryptodev(void) | ||
1850 | memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); | ||
1851 | if (cryptodev_asymfeat & CRF_DSA_SIGN) { | ||
1852 | cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; | ||
1853 | + cryptodev_ecdsa.ecdsa_do_sign_async = | ||
1854 | + cryptodev_ecdsa_do_sign_async; | ||
1855 | } | ||
1856 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) { | ||
1857 | cryptodev_ecdsa.ecdsa_do_verify = cryptodev_ecdsa_verify; | ||
1858 | + cryptodev_ecdsa.ecdsa_do_verify_async = | ||
1859 | + cryptodev_ecdsa_verify_async; | ||
1860 | } | ||
1861 | } | ||
1862 | |||
1863 | @@ -2781,9 +4090,16 @@ void ENGINE_load_cryptodev(void) | ||
1864 | memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); | ||
1865 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1866 | cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; | ||
1867 | + cryptodev_ecdh.compute_key_async = | ||
1868 | + cryptodev_ecdh_compute_key_async; | ||
1869 | } | ||
1870 | } | ||
1871 | |||
1872 | + ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); | ||
1873 | + ENGINE_set_close_instance(engine, cryptodev_close_instance); | ||
1874 | + ENGINE_set_init_instance(engine, cryptodev_init_instance); | ||
1875 | + ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); | ||
1876 | + | ||
1877 | ENGINE_add(engine); | ||
1878 | ENGINE_free(engine); | ||
1879 | ERR_clear_error(); | ||
1880 | diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h | ||
1881 | index 46f163b..b698a0c 100644 | ||
1882 | --- a/crypto/engine/eng_int.h | ||
1883 | +++ b/crypto/engine/eng_int.h | ||
1884 | @@ -198,6 +198,29 @@ struct engine_st { | ||
1885 | ENGINE_LOAD_KEY_PTR load_privkey; | ||
1886 | ENGINE_LOAD_KEY_PTR load_pubkey; | ||
1887 | ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; | ||
1888 | + /* | ||
1889 | + * Instantiate Engine handle to be passed in check_pkc_availability | ||
1890 | + * Ensure that Engine is instantiated before any pkc asynchronous call. | ||
1891 | + */ | ||
1892 | + void *(*engine_init_instance)(void); | ||
1893 | + /* | ||
1894 | + * Instantiated Engine handle will be closed with this call. | ||
1895 | + * Ensure that no pkc asynchronous call is made after this call | ||
1896 | + */ | ||
1897 | + void (*engine_close_instance)(void *handle); | ||
1898 | + /* | ||
1899 | + * Check availability will extract the data from kernel. | ||
1900 | + * eng_handle: This is the Engine handle corresponds to which | ||
1901 | + * the cookies needs to be polled. | ||
1902 | + * return 0 if cookie available else 1 | ||
1903 | + */ | ||
1904 | + int (*check_pkc_availability)(void *eng_handle); | ||
1905 | + /* | ||
1906 | + * The following map is used to check if the engine supports asynchronous implementation | ||
1907 | + * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous | ||
1908 | + * implementation need to check this features using "int ENGINE_get_async_map(engine *)"; | ||
1909 | + */ | ||
1910 | + int async_map; | ||
1911 | const ENGINE_CMD_DEFN *cmd_defns; | ||
1912 | int flags; | ||
1913 | /* reference count on the structure itself */ | ||
1914 | diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c | ||
1915 | index dc2abd2..0c57e12 100644 | ||
1916 | --- a/crypto/engine/eng_lib.c | ||
1917 | +++ b/crypto/engine/eng_lib.c | ||
1918 | @@ -100,7 +100,11 @@ void engine_set_all_null(ENGINE *e) | ||
1919 | e->ctrl = NULL; | ||
1920 | e->load_privkey = NULL; | ||
1921 | e->load_pubkey = NULL; | ||
1922 | + e->check_pkc_availability = NULL; | ||
1923 | + e->engine_init_instance = NULL; | ||
1924 | + e->engine_close_instance = NULL; | ||
1925 | e->cmd_defns = NULL; | ||
1926 | + e->async_map = 0; | ||
1927 | e->flags = 0; | ||
1928 | } | ||
1929 | |||
1930 | @@ -246,6 +250,48 @@ int ENGINE_set_id(ENGINE *e, const char *id) | ||
1931 | } | ||
1932 | e->id = id; | ||
1933 | return 1; | ||
1934 | + } | ||
1935 | + | ||
1936 | +void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) | ||
1937 | + { | ||
1938 | + e->engine_init_instance = engine_init_instance; | ||
1939 | + } | ||
1940 | + | ||
1941 | +void ENGINE_set_close_instance(ENGINE *e, | ||
1942 | + void (*engine_close_instance)(void *)) | ||
1943 | + { | ||
1944 | + e->engine_close_instance = engine_close_instance; | ||
1945 | + } | ||
1946 | + | ||
1947 | +void ENGINE_set_async_map(ENGINE *e, int async_map) | ||
1948 | + { | ||
1949 | + e->async_map = async_map; | ||
1950 | + } | ||
1951 | + | ||
1952 | +void *ENGINE_init_instance(ENGINE *e) | ||
1953 | + { | ||
1954 | + return e->engine_init_instance(); | ||
1955 | + } | ||
1956 | + | ||
1957 | +void ENGINE_close_instance(ENGINE *e, void *eng_handle) | ||
1958 | + { | ||
1959 | + e->engine_close_instance(eng_handle); | ||
1960 | + } | ||
1961 | + | ||
1962 | +int ENGINE_get_async_map(ENGINE *e) | ||
1963 | + { | ||
1964 | + return e->async_map; | ||
1965 | + } | ||
1966 | + | ||
1967 | +void ENGINE_set_check_pkc_availability(ENGINE *e, | ||
1968 | + int (*check_pkc_availability)(void *eng_handle)) | ||
1969 | + { | ||
1970 | + e->check_pkc_availability = check_pkc_availability; | ||
1971 | + } | ||
1972 | + | ||
1973 | +int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) | ||
1974 | + { | ||
1975 | + return e->check_pkc_availability(eng_handle); | ||
1976 | } | ||
1977 | |||
1978 | int ENGINE_set_name(ENGINE *e, const char *name) | ||
1979 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h | ||
1980 | index 020d912..4527aa1 100644 | ||
1981 | --- a/crypto/engine/engine.h | ||
1982 | +++ b/crypto/engine/engine.h | ||
1983 | @@ -551,6 +551,30 @@ ENGINE *ENGINE_new(void); | ||
1984 | int ENGINE_free(ENGINE *e); | ||
1985 | int ENGINE_up_ref(ENGINE *e); | ||
1986 | int ENGINE_set_id(ENGINE *e, const char *id); | ||
1987 | +void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); | ||
1988 | +void ENGINE_set_close_instance(ENGINE *e, | ||
1989 | + void (*engine_free_instance)(void *)); | ||
1990 | +/* | ||
1991 | + * Following FLAGS are bitmap store in async_map to set asynchronous interface capability | ||
1992 | + *of the engine | ||
1993 | + */ | ||
1994 | +#define ENGINE_RSA_ASYNC 0x0001 | ||
1995 | +#define ENGINE_DSA_ASYNC 0x0002 | ||
1996 | +#define ENGINE_DH_ASYNC 0x0004 | ||
1997 | +#define ENGINE_ECDSA_ASYNC 0x0008 | ||
1998 | +#define ENGINE_ECDH_ASYNC 0x0010 | ||
1999 | +#define ENGINE_ALLPKC_ASYNC 0x001F | ||
2000 | +/* Engine implementation will set the bitmap based on above flags using following API */ | ||
2001 | +void ENGINE_set_async_map(ENGINE *e, int async_map); | ||
2002 | + /* Application need to check the bitmap based on above flags using following API | ||
2003 | + * to confirm asynchronous methods supported | ||
2004 | + */ | ||
2005 | +int ENGINE_get_async_map(ENGINE *e); | ||
2006 | +void *ENGINE_init_instance(ENGINE *e); | ||
2007 | +void ENGINE_close_instance(ENGINE *e, void *eng_handle); | ||
2008 | +void ENGINE_set_check_pkc_availability(ENGINE *e, | ||
2009 | + int (*check_pkc_availability)(void *eng_handle)); | ||
2010 | +int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); | ||
2011 | int ENGINE_set_name(ENGINE *e, const char *name); | ||
2012 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); | ||
2013 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); | ||
2014 | diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h | ||
2015 | index d2ee374..7c539fc 100644 | ||
2016 | --- a/crypto/rsa/rsa.h | ||
2017 | +++ b/crypto/rsa/rsa.h | ||
2018 | @@ -97,6 +97,29 @@ struct rsa_meth_st { | ||
2019 | /* Can be null */ | ||
2020 | int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
2021 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
2022 | + /* | ||
2023 | + * Cookie in the following _async variant must be allocated before | ||
2024 | + * submission and can be freed once its corresponding callback | ||
2025 | + * handler is called | ||
2026 | + */ | ||
2027 | + int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from, | ||
2028 | + unsigned char *to, RSA *rsa, int padding, | ||
2029 | + struct pkc_cookie_s *cookie); | ||
2030 | + int (*rsa_pub_dec_async)(int flen,const unsigned char *from, | ||
2031 | + unsigned char *to, RSA *rsa, int padding, | ||
2032 | + struct pkc_cookie_s *cookie); | ||
2033 | + int (*rsa_priv_enc_async)(int flen,const unsigned char *from, | ||
2034 | + unsigned char *to, RSA *rsa, int padding, | ||
2035 | + struct pkc_cookie_s *cookie); | ||
2036 | + int (*rsa_priv_dec_async)(int flen,const unsigned char *from, | ||
2037 | + unsigned char *to, RSA *rsa, int padding, | ||
2038 | + struct pkc_cookie_s *cookie); | ||
2039 | + int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
2040 | + BN_CTX *ctx, struct pkc_cookie_s *cookie); | ||
2041 | + int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
2042 | + const BIGNUM *m, BN_CTX *ctx, | ||
2043 | + BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie); | ||
2044 | + | ||
2045 | /* called at new */ | ||
2046 | int (*init) (RSA *rsa); | ||
2047 | /* called at free */ | ||
2048 | -- | ||
2049 | 2.7.0 | ||
2050 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch deleted file mode 100644 index 12fcd7df..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0007-Fixed-private-key-support-for-DH.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 20 Mar 2014 19:55:51 -0500 | ||
4 | Subject: [PATCH 07/26] Fixed private key support for DH | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Required Length of the DH result is not returned in dh method in openssl | ||
9 | |||
10 | Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
11 | --- | ||
12 | crypto/dh/dh_ameth.c | 7 ------- | ||
13 | 1 file changed, 7 deletions(-) | ||
14 | |||
15 | diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c | ||
16 | index ed32004..02ec2d4 100644 | ||
17 | --- a/crypto/dh/dh_ameth.c | ||
18 | +++ b/crypto/dh/dh_ameth.c | ||
19 | @@ -422,13 +422,6 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) | ||
20 | if (to->pkey.dh->g != NULL) | ||
21 | BN_free(to->pkey.dh->g); | ||
22 | to->pkey.dh->g=a; | ||
23 | - if ((a=BN_dup(from->pkey.dh->q)) != NULL) { | ||
24 | - if (to->pkey.dh->q != NULL) | ||
25 | - BN_free(to->pkey.dh->q); | ||
26 | - to->pkey.dh->q=a; | ||
27 | - } | ||
28 | - | ||
29 | - to->pkey.dh->length = from->pkey.dh->length; | ||
30 | |||
31 | return 1; | ||
32 | } | ||
33 | -- | ||
34 | 2.3.5 | ||
35 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch new file mode 100644 index 00000000..ccd24e31 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch | |||
@@ -0,0 +1,155 @@ | |||
1 | From 94a3fc9f437c20726209cea19256c419837055a2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hou Zhiqiang <B48286@freescale.com> | ||
3 | Date: Wed, 2 Apr 2014 16:10:43 +0800 | ||
4 | Subject: [PATCH 08/48] Add RSA keygen operation and support gendsa command | ||
5 | with hardware engine | ||
6 | |||
7 | Upstream-status: Pending | ||
8 | |||
9 | Signed-off-by: Hou Zhiqiang <B48286@freescale.com> | ||
10 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | --- | ||
12 | crypto/engine/eng_cryptodev.c | 120 ++++++++++++++++++++++++++++++++++++++++++ | ||
13 | 1 file changed, 120 insertions(+) | ||
14 | |||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
16 | index 8303630..44017a3 100644 | ||
17 | --- a/crypto/engine/eng_cryptodev.c | ||
18 | +++ b/crypto/engine/eng_cryptodev.c | ||
19 | @@ -2009,6 +2009,124 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | ||
20 | } | ||
21 | } | ||
22 | |||
23 | +/* Cryptodev RSA Key Gen routine */ | ||
24 | +static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
25 | +{ | ||
26 | + struct crypt_kop kop; | ||
27 | + int ret, fd; | ||
28 | + int p_len, q_len; | ||
29 | + int i; | ||
30 | + | ||
31 | + if ((fd = get_asym_dev_crypto()) < 0) | ||
32 | + return fd; | ||
33 | + | ||
34 | + if (!rsa->n && ((rsa->n = BN_new()) == NULL)) | ||
35 | + goto err; | ||
36 | + if (!rsa->d && ((rsa->d = BN_new()) == NULL)) | ||
37 | + goto err; | ||
38 | + if (!rsa->e && ((rsa->e = BN_new()) == NULL)) | ||
39 | + goto err; | ||
40 | + if (!rsa->p && ((rsa->p = BN_new()) == NULL)) | ||
41 | + goto err; | ||
42 | + if (!rsa->q && ((rsa->q = BN_new()) == NULL)) | ||
43 | + goto err; | ||
44 | + if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) | ||
45 | + goto err; | ||
46 | + if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) | ||
47 | + goto err; | ||
48 | + if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) | ||
49 | + goto err; | ||
50 | + | ||
51 | + BN_copy(rsa->e, e); | ||
52 | + | ||
53 | + p_len = (bits + 1) / (2 * 8); | ||
54 | + q_len = (bits - p_len * 8) / 8; | ||
55 | + memset(&kop, 0, sizeof kop); | ||
56 | + kop.crk_op = CRK_RSA_GENERATE_KEY; | ||
57 | + | ||
58 | + /* p length */ | ||
59 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
60 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
61 | + goto err; | ||
62 | + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
63 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
64 | + kop.crk_iparams++; | ||
65 | + kop.crk_oparams++; | ||
66 | + /* q length */ | ||
67 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | ||
68 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
69 | + goto err; | ||
70 | + kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | ||
71 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | ||
72 | + kop.crk_iparams++; | ||
73 | + kop.crk_oparams++; | ||
74 | + /* n length */ | ||
75 | + kop.crk_param[kop.crk_iparams].crp_p = | ||
76 | + calloc(p_len + q_len + 1, sizeof(char)); | ||
77 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
78 | + goto err; | ||
79 | + kop.crk_param[kop.crk_iparams].crp_nbits = bits; | ||
80 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1); | ||
81 | + kop.crk_iparams++; | ||
82 | + kop.crk_oparams++; | ||
83 | + /* d length */ | ||
84 | + kop.crk_param[kop.crk_iparams].crp_p = | ||
85 | + calloc(p_len + q_len + 1, sizeof(char)); | ||
86 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
87 | + goto err; | ||
88 | + kop.crk_param[kop.crk_iparams].crp_nbits = bits; | ||
89 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1); | ||
90 | + kop.crk_iparams++; | ||
91 | + kop.crk_oparams++; | ||
92 | + /* dp1 length */ | ||
93 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
94 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
95 | + goto err; | ||
96 | + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
97 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
98 | + kop.crk_iparams++; | ||
99 | + kop.crk_oparams++; | ||
100 | + /* dq1 length */ | ||
101 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | ||
102 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
103 | + goto err; | ||
104 | + kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | ||
105 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | ||
106 | + kop.crk_iparams++; | ||
107 | + kop.crk_oparams++; | ||
108 | + /* i length */ | ||
109 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
110 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
111 | + goto err; | ||
112 | + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
113 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
114 | + kop.crk_iparams++; | ||
115 | + kop.crk_oparams++; | ||
116 | + | ||
117 | + if (ioctl(fd, CIOCKEY, &kop) == 0) { | ||
118 | + BN_bin2bn(kop.crk_param[0].crp_p, p_len, rsa->p); | ||
119 | + BN_bin2bn(kop.crk_param[1].crp_p, q_len, rsa->q); | ||
120 | + BN_bin2bn(kop.crk_param[2].crp_p, bits / 8, rsa->n); | ||
121 | + BN_bin2bn(kop.crk_param[3].crp_p, bits / 8, rsa->d); | ||
122 | + BN_bin2bn(kop.crk_param[4].crp_p, p_len, rsa->dmp1); | ||
123 | + BN_bin2bn(kop.crk_param[5].crp_p, q_len, rsa->dmq1); | ||
124 | + BN_bin2bn(kop.crk_param[6].crp_p, p_len, rsa->iqmp); | ||
125 | + return 1; | ||
126 | + } | ||
127 | + sw_try: | ||
128 | + { | ||
129 | + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
130 | + ret = (meth->rsa_keygen) (rsa, bits, e, cb); | ||
131 | + } | ||
132 | + return ret; | ||
133 | + | ||
134 | + err: | ||
135 | + for (i = 0; i < CRK_MAXPARAM; i++) | ||
136 | + free(kop.crk_param[i].crp_p); | ||
137 | + return 0; | ||
138 | + | ||
139 | +} | ||
140 | + | ||
141 | /* Cryptodev DSA Key Gen routine */ | ||
142 | static int cryptodev_dsa_keygen(DSA *dsa) | ||
143 | { | ||
144 | @@ -4035,6 +4153,8 @@ void ENGINE_load_cryptodev(void) | ||
145 | cryptodev_rsa.rsa_mod_exp_async = | ||
146 | cryptodev_rsa_nocrt_mod_exp_async; | ||
147 | } | ||
148 | + if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY) | ||
149 | + cryptodev_rsa.rsa_keygen = cryptodev_rsa_keygen; | ||
150 | } | ||
151 | } | ||
152 | |||
153 | -- | ||
154 | 2.7.0 | ||
155 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch deleted file mode 100644 index 98272abf..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch +++ /dev/null | |||
@@ -1,1564 +0,0 @@ | |||
1 | From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 06:29:52 +0545 | ||
4 | Subject: [PATCH 08/26] Initial support for PKC in cryptodev engine | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | crypto/engine/eng_cryptodev.c | 1343 ++++++++++++++++++++++++++++++++++++----- | ||
11 | 1 file changed, 1183 insertions(+), 160 deletions(-) | ||
12 | |||
13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
14 | index e3eb98b..7ee314b 100644 | ||
15 | --- a/crypto/engine/eng_cryptodev.c | ||
16 | +++ b/crypto/engine/eng_cryptodev.c | ||
17 | @@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) | ||
18 | #else | ||
19 | |||
20 | #include <sys/types.h> | ||
21 | -#include <crypto/cryptodev.h> | ||
22 | #include <crypto/dh/dh.h> | ||
23 | #include <crypto/dsa/dsa.h> | ||
24 | #include <crypto/err/err.h> | ||
25 | #include <crypto/rsa/rsa.h> | ||
26 | +#include <crypto/ecdsa/ecs_locl.h> | ||
27 | +#include <crypto/ecdh/ech_locl.h> | ||
28 | +#include <crypto/ec/ec_lcl.h> | ||
29 | +#include <crypto/ec/ec.h> | ||
30 | #include <sys/ioctl.h> | ||
31 | #include <errno.h> | ||
32 | #include <stdio.h> | ||
33 | @@ -68,6 +71,8 @@ ENGINE_load_cryptodev(void) | ||
34 | #include <syslog.h> | ||
35 | #include <errno.h> | ||
36 | #include <string.h> | ||
37 | +#include "eng_cryptodev_ec.h" | ||
38 | +#include <crypto/cryptodev.h> | ||
39 | |||
40 | struct dev_crypto_state { | ||
41 | struct session_op d_sess; | ||
42 | @@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | ||
43 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, | ||
44 | RSA *rsa, BN_CTX *ctx); | ||
45 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); | ||
46 | -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
47 | - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
48 | -static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
49 | - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
50 | - BN_CTX *ctx, BN_MONT_CTX *mont); | ||
51 | static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, | ||
52 | int dlen, DSA *dsa); | ||
53 | static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
54 | DSA_SIG *sig, DSA *dsa); | ||
55 | -static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
56 | - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
57 | - BN_MONT_CTX *m_ctx); | ||
58 | static int cryptodev_dh_compute_key(unsigned char *key, | ||
59 | const BIGNUM *pub_key, DH *dh); | ||
60 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
61 | @@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void); | ||
62 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
63 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
64 | |||
65 | +static int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
66 | +{ | ||
67 | + int len; | ||
68 | + unsigned char *p; | ||
69 | + | ||
70 | + len = BN_num_bytes(bn); | ||
71 | + | ||
72 | + if (!len) | ||
73 | + return -1; | ||
74 | + | ||
75 | + p = malloc(len); | ||
76 | + if (!p) | ||
77 | + return -1; | ||
78 | + | ||
79 | + BN_bn2bin(bn,p); | ||
80 | + | ||
81 | + *bin = p; | ||
82 | + *bin_len = len; | ||
83 | + | ||
84 | + return 0; | ||
85 | +} | ||
86 | + | ||
87 | +static int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
88 | +{ | ||
89 | + int len; | ||
90 | + unsigned char *p; | ||
91 | + | ||
92 | + len = BN_num_bytes(bn); | ||
93 | + | ||
94 | + if (!len) | ||
95 | + return -1; | ||
96 | + | ||
97 | + if (len < *bin_len) | ||
98 | + p = malloc(*bin_len); | ||
99 | + else | ||
100 | + p = malloc(len); | ||
101 | + | ||
102 | + if (!p) | ||
103 | + return -ENOMEM; | ||
104 | + | ||
105 | + if (len < *bin_len) { | ||
106 | + /* place padding */ | ||
107 | + memset(p, 0, (*bin_len - len)); | ||
108 | + BN_bn2bin(bn,p+(*bin_len-len)); | ||
109 | + } else { | ||
110 | + BN_bn2bin(bn,p); | ||
111 | + } | ||
112 | + | ||
113 | + *bin = p; | ||
114 | + if (len >= *bin_len) | ||
115 | + *bin_len = len; | ||
116 | + | ||
117 | + return 0; | ||
118 | +} | ||
119 | + | ||
120 | +/** | ||
121 | + * Convert an ECC F2m 'b' parameter into the 'c' parameter. | ||
122 | + *Inputs: | ||
123 | + * q, the curve's modulus | ||
124 | + * b, the curve's b parameter | ||
125 | + * (a bignum for b, a buffer for c) | ||
126 | + * Output: | ||
127 | + * c, written into bin, right-adjusted to fill q_len bytes. | ||
128 | + */ | ||
129 | +static int | ||
130 | +eng_ec_compute_cparam(const BIGNUM* b, const BIGNUM* q, | ||
131 | + unsigned char **bin, int *bin_len) | ||
132 | +{ | ||
133 | + BIGNUM* c = BN_new(); | ||
134 | + BIGNUM* exp = BN_new(); | ||
135 | + BN_CTX *ctx = BN_CTX_new(); | ||
136 | + int m = BN_num_bits(q) - 1; | ||
137 | + int ok = 0; | ||
138 | + | ||
139 | + if (!c || !exp || !ctx || *bin) | ||
140 | + goto err; | ||
141 | + | ||
142 | + /* | ||
143 | + * We have to compute c, where b = c^4, i.e., the fourth root of b. | ||
144 | + * The equation for c is c = b^(2^(m-2)) | ||
145 | + * Compute exp = 2^(m-2) | ||
146 | + * (1 << x) == 2^x | ||
147 | + * and then compute c = b^exp | ||
148 | + */ | ||
149 | + BN_lshift(exp, BN_value_one(), m-2); | ||
150 | + BN_GF2m_mod_exp(c, b, exp, q, ctx); | ||
151 | + /* Store c */ | ||
152 | + spcf_bn2bin_ex(c, bin, bin_len); | ||
153 | + ok = 1; | ||
154 | +err: | ||
155 | + if (ctx) BN_CTX_free(ctx); | ||
156 | + if (c) BN_free(c); | ||
157 | + if (exp) BN_free(exp); | ||
158 | + return ok; | ||
159 | +} | ||
160 | + | ||
161 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | ||
162 | { 0, NULL, NULL, 0 } | ||
163 | }; | ||
164 | @@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
165 | static int | ||
166 | bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
167 | { | ||
168 | - int i, j, k; | ||
169 | ssize_t bytes, bits; | ||
170 | u_char *b; | ||
171 | |||
172 | @@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
173 | |||
174 | crp->crp_p = (caddr_t) b; | ||
175 | crp->crp_nbits = bits; | ||
176 | - | ||
177 | - for (i = 0, j = 0; i < a->top; i++) { | ||
178 | - for (k = 0; k < BN_BITS2 / 8; k++) { | ||
179 | - if ((j + k) >= bytes) | ||
180 | - return (0); | ||
181 | - b[j + k] = a->d[i] >> (k * 8); | ||
182 | - } | ||
183 | - j += BN_BITS2 / 8; | ||
184 | - } | ||
185 | + BN_bn2bin(a, crp->crp_p); | ||
186 | return (0); | ||
187 | } | ||
188 | |||
189 | @@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
190 | static int | ||
191 | crparam2bn(struct crparam *crp, BIGNUM *a) | ||
192 | { | ||
193 | - u_int8_t *pd; | ||
194 | - int i, bytes; | ||
195 | + int bytes; | ||
196 | |||
197 | bytes = (crp->crp_nbits + 7) / 8; | ||
198 | |||
199 | if (bytes == 0) | ||
200 | return (-1); | ||
201 | |||
202 | - if ((pd = (u_int8_t *) malloc(bytes)) == NULL) | ||
203 | - return (-1); | ||
204 | - | ||
205 | - for (i = 0; i < bytes; i++) | ||
206 | - pd[i] = crp->crp_p[bytes - i - 1]; | ||
207 | - | ||
208 | - BN_bin2bn(pd, bytes, a); | ||
209 | - free(pd); | ||
210 | + BN_bin2bn(crp->crp_p, bytes, a); | ||
211 | |||
212 | return (0); | ||
213 | } | ||
214 | @@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | ||
215 | return (ret); | ||
216 | } | ||
217 | |||
218 | +/* Close an opened instance of cryptodev engine */ | ||
219 | +void cryptodev_close_instance(void *handle) | ||
220 | +{ | ||
221 | + int fd; | ||
222 | + | ||
223 | + if (handle) { | ||
224 | + fd = *(int *)handle; | ||
225 | + close(fd); | ||
226 | + free(handle); | ||
227 | + } | ||
228 | +} | ||
229 | + | ||
230 | +/* Create an instance of cryptodev for asynchronous interface */ | ||
231 | +void *cryptodev_init_instance(void) | ||
232 | +{ | ||
233 | + int *fd = malloc(sizeof(int)); | ||
234 | + | ||
235 | + if (fd) { | ||
236 | + if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { | ||
237 | + free(fd); | ||
238 | + return NULL; | ||
239 | + } | ||
240 | + } | ||
241 | + return fd; | ||
242 | +} | ||
243 | + | ||
244 | static int | ||
245 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
246 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
247 | @@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
248 | return (ret); | ||
249 | } | ||
250 | |||
251 | - memset(&kop, 0, sizeof kop); | ||
252 | kop.crk_op = CRK_MOD_EXP; | ||
253 | - | ||
254 | + kop.crk_oparams = 0; | ||
255 | + kop.crk_status = 0; | ||
256 | /* inputs: a^p % m */ | ||
257 | if (bn2crparam(a, &kop.crk_param[0])) | ||
258 | goto err; | ||
259 | @@ -1293,28 +1395,38 @@ static int | ||
260 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
261 | { | ||
262 | struct crypt_kop kop; | ||
263 | - int ret = 1; | ||
264 | + int ret = 1, f_len, p_len, q_len; | ||
265 | + unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; | ||
266 | |||
267 | if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | ||
268 | /* XXX 0 means failure?? */ | ||
269 | return (0); | ||
270 | } | ||
271 | |||
272 | - memset(&kop, 0, sizeof kop); | ||
273 | + kop.crk_oparams = 0; | ||
274 | + kop.crk_status = 0; | ||
275 | kop.crk_op = CRK_MOD_EXP_CRT; | ||
276 | + f_len = BN_num_bytes(rsa->n); | ||
277 | + spcf_bn2bin_ex(I, &f, &f_len); | ||
278 | + spcf_bn2bin(rsa->p, &p, &p_len); | ||
279 | + spcf_bn2bin(rsa->q, &q, &q_len); | ||
280 | + spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); | ||
281 | + spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); | ||
282 | + spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); | ||
283 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
284 | - if (bn2crparam(rsa->p, &kop.crk_param[0])) | ||
285 | - goto err; | ||
286 | - if (bn2crparam(rsa->q, &kop.crk_param[1])) | ||
287 | - goto err; | ||
288 | - if (bn2crparam(I, &kop.crk_param[2])) | ||
289 | - goto err; | ||
290 | - if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) | ||
291 | - goto err; | ||
292 | - if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) | ||
293 | - goto err; | ||
294 | - if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) | ||
295 | - goto err; | ||
296 | + kop.crk_param[0].crp_p = p; | ||
297 | + kop.crk_param[0].crp_nbits = p_len * 8; | ||
298 | + kop.crk_param[1].crp_p = q; | ||
299 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
300 | + kop.crk_param[2].crp_p = f; | ||
301 | + kop.crk_param[2].crp_nbits = f_len * 8; | ||
302 | + kop.crk_param[3].crp_p = dp; | ||
303 | + kop.crk_param[3].crp_nbits = p_len * 8; | ||
304 | + /* dq must of length q, rest all of length p*/ | ||
305 | + kop.crk_param[4].crp_p = dq; | ||
306 | + kop.crk_param[4].crp_nbits = q_len * 8; | ||
307 | + kop.crk_param[5].crp_p = c; | ||
308 | + kop.crk_param[5].crp_nbits = p_len * 8; | ||
309 | kop.crk_iparams = 6; | ||
310 | |||
311 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { | ||
312 | @@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = { | ||
313 | NULL /* rsa_verify */ | ||
314 | }; | ||
315 | |||
316 | -static int | ||
317 | -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
318 | - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
319 | -{ | ||
320 | - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
321 | -} | ||
322 | - | ||
323 | -static int | ||
324 | -cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, | ||
325 | - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, | ||
326 | - BN_CTX *ctx, BN_MONT_CTX *mont) | ||
327 | +static DSA_SIG * | ||
328 | +cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | ||
329 | { | ||
330 | - BIGNUM t2; | ||
331 | - int ret = 0; | ||
332 | - | ||
333 | - BN_init(&t2); | ||
334 | - | ||
335 | - /* v = ( g^u1 * y^u2 mod p ) mod q */ | ||
336 | - /* let t1 = g ^ u1 mod p */ | ||
337 | - ret = 0; | ||
338 | + struct crypt_kop kop; | ||
339 | + BIGNUM *c = NULL, *d = NULL; | ||
340 | + DSA_SIG *dsaret = NULL; | ||
341 | + int q_len = 0, r_len = 0, g_len = 0; | ||
342 | + int priv_key_len = 0, ret; | ||
343 | + unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; | ||
344 | |||
345 | - if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) | ||
346 | + memset(&kop, 0, sizeof kop); | ||
347 | + if ((c = BN_new()) == NULL) { | ||
348 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
349 | goto err; | ||
350 | + } | ||
351 | |||
352 | - /* let t2 = y ^ u2 mod p */ | ||
353 | - if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) | ||
354 | + if ((d = BN_new()) == NULL) { | ||
355 | + BN_free(c); | ||
356 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
357 | goto err; | ||
358 | - /* let u1 = t1 * t2 mod p */ | ||
359 | - if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) | ||
360 | + } | ||
361 | + | ||
362 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
363 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
364 | goto err; | ||
365 | + } | ||
366 | |||
367 | - BN_copy(t1,u1); | ||
368 | + /* Get order of the field of private keys into plain buffer */ | ||
369 | + if (spcf_bn2bin (dsa->q, &r, &r_len)) { | ||
370 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
371 | + goto err; | ||
372 | + } | ||
373 | |||
374 | - ret = 1; | ||
375 | -err: | ||
376 | - BN_free(&t2); | ||
377 | - return(ret); | ||
378 | -} | ||
379 | + /* sanity test */ | ||
380 | + if (dlen > r_len) { | ||
381 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
382 | + goto err; | ||
383 | + } | ||
384 | |||
385 | -static DSA_SIG * | ||
386 | -cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | ||
387 | -{ | ||
388 | - struct crypt_kop kop; | ||
389 | - BIGNUM *r = NULL, *s = NULL; | ||
390 | - DSA_SIG *dsaret = NULL; | ||
391 | + g_len = q_len; | ||
392 | + /** | ||
393 | + * Get generator into a plain buffer. If length is less than | ||
394 | + * q_len then add leading padding bytes. | ||
395 | + */ | ||
396 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
397 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
398 | + goto err; | ||
399 | + } | ||
400 | |||
401 | - if ((r = BN_new()) == NULL) | ||
402 | + priv_key_len = r_len; | ||
403 | + /** | ||
404 | + * Get private key into a plain buffer. If length is less than | ||
405 | + * r_len then add leading padding bytes. | ||
406 | + */ | ||
407 | + if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { | ||
408 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
409 | goto err; | ||
410 | - if ((s = BN_new()) == NULL) { | ||
411 | - BN_free(r); | ||
412 | + } | ||
413 | + | ||
414 | + /* Allocate memory to store hash. */ | ||
415 | + f = OPENSSL_malloc (r_len); | ||
416 | + if (!f) { | ||
417 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
418 | goto err; | ||
419 | } | ||
420 | |||
421 | - memset(&kop, 0, sizeof kop); | ||
422 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
423 | + if (dlen < r_len) | ||
424 | + memset(f, 0, r_len - dlen); | ||
425 | + | ||
426 | + /* Skip leading bytes if dgst_len < r_len */ | ||
427 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
428 | + | ||
429 | kop.crk_op = CRK_DSA_SIGN; | ||
430 | |||
431 | /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
432 | - kop.crk_param[0].crp_p = (caddr_t)dgst; | ||
433 | - kop.crk_param[0].crp_nbits = dlen * 8; | ||
434 | - if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
435 | - goto err; | ||
436 | - if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
437 | - goto err; | ||
438 | - if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
439 | - goto err; | ||
440 | - if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) | ||
441 | - goto err; | ||
442 | + kop.crk_param[0].crp_p = (void*)f; | ||
443 | + kop.crk_param[0].crp_nbits = r_len * 8; | ||
444 | + kop.crk_param[1].crp_p = (void*)q; | ||
445 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
446 | + kop.crk_param[2].crp_p = (void*)r; | ||
447 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
448 | + kop.crk_param[3].crp_p = (void*)g; | ||
449 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
450 | + kop.crk_param[4].crp_p = (void*)priv_key; | ||
451 | + kop.crk_param[4].crp_nbits = priv_key_len * 8; | ||
452 | kop.crk_iparams = 5; | ||
453 | |||
454 | - if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, | ||
455 | - BN_num_bytes(dsa->q), s) == 0) { | ||
456 | - dsaret = DSA_SIG_new(); | ||
457 | - dsaret->r = r; | ||
458 | - dsaret->s = s; | ||
459 | - } else { | ||
460 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
461 | - BN_free(r); | ||
462 | - BN_free(s); | ||
463 | - dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); | ||
464 | + ret = cryptodev_asym(&kop, r_len, c, r_len, d); | ||
465 | + | ||
466 | + if (ret) { | ||
467 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DECODE_ERROR); | ||
468 | + goto err; | ||
469 | } | ||
470 | -err: | ||
471 | - kop.crk_param[0].crp_p = NULL; | ||
472 | + | ||
473 | + dsaret = DSA_SIG_new(); | ||
474 | + dsaret->r = c; | ||
475 | + dsaret->s = d; | ||
476 | + | ||
477 | zapparams(&kop); | ||
478 | return (dsaret); | ||
479 | +err: | ||
480 | + { | ||
481 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
482 | + if (c) | ||
483 | + BN_free(c); | ||
484 | + if (d) | ||
485 | + BN_free(d); | ||
486 | + dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); | ||
487 | + return (dsaret); | ||
488 | + } | ||
489 | } | ||
490 | |||
491 | static int | ||
492 | @@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | ||
493 | DSA_SIG *sig, DSA *dsa) | ||
494 | { | ||
495 | struct crypt_kop kop; | ||
496 | - int dsaret = 1; | ||
497 | + int dsaret = 1, q_len = 0, r_len = 0, g_len = 0; | ||
498 | + int w_len = 0 ,c_len = 0, d_len = 0, ret = -1; | ||
499 | + unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; | ||
500 | + unsigned char * c = NULL, * d = NULL, *f = NULL; | ||
501 | |||
502 | memset(&kop, 0, sizeof kop); | ||
503 | kop.crk_op = CRK_DSA_VERIFY; | ||
504 | |||
505 | - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
506 | - kop.crk_param[0].crp_p = (caddr_t)dgst; | ||
507 | - kop.crk_param[0].crp_nbits = dlen * 8; | ||
508 | - if (bn2crparam(dsa->p, &kop.crk_param[1])) | ||
509 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
510 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
511 | + return ret; | ||
512 | + } | ||
513 | + | ||
514 | + /* Get Order of field of private keys */ | ||
515 | + if (spcf_bn2bin(dsa->q, &r, &r_len)) { | ||
516 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
517 | goto err; | ||
518 | - if (bn2crparam(dsa->q, &kop.crk_param[2])) | ||
519 | + } | ||
520 | + | ||
521 | + g_len = q_len; | ||
522 | + /** | ||
523 | + * Get generator into a plain buffer. If length is less than | ||
524 | + * q_len then add leading padding bytes. | ||
525 | + */ | ||
526 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
527 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
528 | goto err; | ||
529 | - if (bn2crparam(dsa->g, &kop.crk_param[3])) | ||
530 | + } | ||
531 | + w_len = q_len; | ||
532 | + /** | ||
533 | + * Get public key into a plain buffer. If length is less than | ||
534 | + * q_len then add leading padding bytes. | ||
535 | + */ | ||
536 | + if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { | ||
537 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
538 | + goto err; | ||
539 | + } | ||
540 | + /** | ||
541 | + * Get the 1st part of signature into a flat buffer with | ||
542 | + * appropriate padding | ||
543 | + */ | ||
544 | + c_len = r_len; | ||
545 | + | ||
546 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
547 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
548 | goto err; | ||
549 | - if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) | ||
550 | + } | ||
551 | + | ||
552 | + /** | ||
553 | + * Get the 2nd part of signature into a flat buffer with | ||
554 | + * appropriate padding | ||
555 | + */ | ||
556 | + d_len = r_len; | ||
557 | + | ||
558 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
559 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
560 | goto err; | ||
561 | - if (bn2crparam(sig->r, &kop.crk_param[5])) | ||
562 | + } | ||
563 | + | ||
564 | + | ||
565 | + /* Sanity test */ | ||
566 | + if (dlen > r_len) { | ||
567 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
568 | goto err; | ||
569 | - if (bn2crparam(sig->s, &kop.crk_param[6])) | ||
570 | + } | ||
571 | + | ||
572 | + /* Allocate memory to store hash. */ | ||
573 | + f = OPENSSL_malloc (r_len); | ||
574 | + if (!f) { | ||
575 | + DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
576 | goto err; | ||
577 | + } | ||
578 | + | ||
579 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
580 | + if (dlen < r_len) | ||
581 | + memset(f, 0, r_len - dlen); | ||
582 | + | ||
583 | + /* Skip leading bytes if dgst_len < r_len */ | ||
584 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
585 | + | ||
586 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
587 | + kop.crk_param[0].crp_p = (void*)f; | ||
588 | + kop.crk_param[0].crp_nbits = r_len * 8; | ||
589 | + kop.crk_param[1].crp_p = q; | ||
590 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
591 | + kop.crk_param[2].crp_p = r; | ||
592 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
593 | + kop.crk_param[3].crp_p = g; | ||
594 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
595 | + kop.crk_param[4].crp_p = w; | ||
596 | + kop.crk_param[4].crp_nbits = w_len * 8; | ||
597 | + kop.crk_param[5].crp_p = c; | ||
598 | + kop.crk_param[5].crp_nbits = c_len * 8; | ||
599 | + kop.crk_param[6].crp_p = d; | ||
600 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
601 | kop.crk_iparams = 7; | ||
602 | |||
603 | - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
604 | -/*OCF success value is 0, if not zero, change dsaret to fail*/ | ||
605 | - if(0 != kop.crk_status) dsaret = 0; | ||
606 | - } else { | ||
607 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
608 | + if ((cryptodev_asym(&kop, 0, NULL, 0, NULL))) { | ||
609 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); | ||
610 | + goto err; | ||
611 | + } | ||
612 | |||
613 | - dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); | ||
614 | + /*OCF success value is 0, if not zero, change dsaret to fail*/ | ||
615 | + if(0 != kop.crk_status) { | ||
616 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, DSA_R_DECODE_ERROR); | ||
617 | + goto err; | ||
618 | } | ||
619 | -err: | ||
620 | - kop.crk_param[0].crp_p = NULL; | ||
621 | + | ||
622 | zapparams(&kop); | ||
623 | return (dsaret); | ||
624 | +err: | ||
625 | + { | ||
626 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
627 | + | ||
628 | + dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); | ||
629 | + } | ||
630 | + return dsaret; | ||
631 | } | ||
632 | |||
633 | +/* Cryptodev DSA Key Gen routine */ | ||
634 | +static int cryptodev_dsa_keygen(DSA *dsa) | ||
635 | +{ | ||
636 | + struct crypt_kop kop; | ||
637 | + int ret = 1, g_len; | ||
638 | + unsigned char *g = NULL; | ||
639 | + | ||
640 | + if (dsa->priv_key == NULL) { | ||
641 | + if ((dsa->priv_key=BN_new()) == NULL) | ||
642 | + goto sw_try; | ||
643 | + } | ||
644 | + | ||
645 | + if (dsa->pub_key == NULL) { | ||
646 | + if ((dsa->pub_key=BN_new()) == NULL) | ||
647 | + goto sw_try; | ||
648 | + } | ||
649 | + | ||
650 | + g_len = BN_num_bytes(dsa->p); | ||
651 | + /** | ||
652 | + * Get generator into a plain buffer. If length is less than | ||
653 | + * p_len then add leading padding bytes. | ||
654 | + */ | ||
655 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
656 | + DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
657 | + goto sw_try; | ||
658 | + } | ||
659 | + | ||
660 | + memset(&kop, 0, sizeof kop); | ||
661 | + | ||
662 | + kop.crk_op = CRK_DSA_GENERATE_KEY; | ||
663 | + if (bn2crparam(dsa->p, &kop.crk_param[0])) | ||
664 | + goto sw_try; | ||
665 | + if (bn2crparam(dsa->q, &kop.crk_param[1])) | ||
666 | + goto sw_try; | ||
667 | + kop.crk_param[2].crp_p = g; | ||
668 | + kop.crk_param[2].crp_nbits = g_len * 8; | ||
669 | + kop.crk_iparams = 3; | ||
670 | + | ||
671 | + /* pub_key is or prime length while priv key is of length of order */ | ||
672 | + if (cryptodev_asym(&kop, BN_num_bytes(dsa->p), dsa->pub_key, | ||
673 | + BN_num_bytes(dsa->q), dsa->priv_key)) | ||
674 | + goto sw_try; | ||
675 | + | ||
676 | + return ret; | ||
677 | +sw_try: | ||
678 | + { | ||
679 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
680 | + ret = (meth->dsa_keygen)(dsa); | ||
681 | + } | ||
682 | + return ret; | ||
683 | +} | ||
684 | + | ||
685 | + | ||
686 | + | ||
687 | static DSA_METHOD cryptodev_dsa = { | ||
688 | "cryptodev DSA method", | ||
689 | NULL, | ||
690 | @@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = { | ||
691 | NULL /* app_data */ | ||
692 | }; | ||
693 | |||
694 | -static int | ||
695 | -cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
696 | - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
697 | - BN_MONT_CTX *m_ctx) | ||
698 | +static ECDSA_METHOD cryptodev_ecdsa = { | ||
699 | + "cryptodev ECDSA method", | ||
700 | + NULL, | ||
701 | + NULL, /* ecdsa_sign_setup */ | ||
702 | + NULL, | ||
703 | + NULL, | ||
704 | + 0, /* flags */ | ||
705 | + NULL /* app_data */ | ||
706 | +}; | ||
707 | + | ||
708 | +typedef enum ec_curve_s | ||
709 | +{ | ||
710 | + EC_PRIME, | ||
711 | + EC_BINARY | ||
712 | +} ec_curve_t; | ||
713 | + | ||
714 | +/* ENGINE handler for ECDSA Sign */ | ||
715 | +static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | ||
716 | + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | ||
717 | { | ||
718 | - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); | ||
719 | + BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
720 | + BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
721 | + BN_CTX *ctx = NULL; | ||
722 | + ECDSA_SIG *ret = NULL; | ||
723 | + ECDSA_DATA *ecdsa = NULL; | ||
724 | + unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
725 | + unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
726 | + int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
727 | + int g_len = 0, d_len = 0, ab_len = 0; | ||
728 | + const BIGNUM *order = NULL, *priv_key=NULL; | ||
729 | + const EC_GROUP *group = NULL; | ||
730 | + struct crypt_kop kop; | ||
731 | + ec_curve_t ec_crv = EC_PRIME; | ||
732 | + | ||
733 | + memset(&kop, 0, sizeof(kop)); | ||
734 | + ecdsa = ecdsa_check(eckey); | ||
735 | + if (!ecdsa) { | ||
736 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
737 | + return NULL; | ||
738 | + } | ||
739 | + | ||
740 | + group = EC_KEY_get0_group(eckey); | ||
741 | + priv_key = EC_KEY_get0_private_key(eckey); | ||
742 | + | ||
743 | + if (!group || !priv_key) { | ||
744 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
745 | + return NULL; | ||
746 | + } | ||
747 | + | ||
748 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
749 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
750 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
751 | + (y = BN_new()) == NULL) { | ||
752 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
753 | + goto err; | ||
754 | + } | ||
755 | + | ||
756 | + order = &group->order; | ||
757 | + if (!order || BN_is_zero(order)) { | ||
758 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
759 | + goto err; | ||
760 | + } | ||
761 | + | ||
762 | + i = BN_num_bits(order); | ||
763 | + /* Need to truncate digest if it is too long: first truncate whole | ||
764 | + bytes */ | ||
765 | + if (8 * dgst_len > i) | ||
766 | + dgst_len = (i + 7)/8; | ||
767 | + | ||
768 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
769 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
770 | + goto err; | ||
771 | + } | ||
772 | + | ||
773 | + /* If still too long truncate remaining bits with a shift */ | ||
774 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
775 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
776 | + goto err; | ||
777 | + } | ||
778 | + | ||
779 | + /* copy the truncated bits into plain buffer */ | ||
780 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
781 | + fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); | ||
782 | + goto err; | ||
783 | + } | ||
784 | + | ||
785 | + ret = ECDSA_SIG_new(); | ||
786 | + if (!ret) { | ||
787 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
788 | + goto err; | ||
789 | + } | ||
790 | + | ||
791 | + /* check if this is prime or binary EC request */ | ||
792 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { | ||
793 | + ec_crv = EC_PRIME; | ||
794 | + /* get the generator point pair */ | ||
795 | + if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), | ||
796 | + x, y,ctx)) { | ||
797 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
798 | + goto err; | ||
799 | + } | ||
800 | + | ||
801 | + /* get the ECC curve parameters */ | ||
802 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { | ||
803 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
804 | + goto err; | ||
805 | + } | ||
806 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { | ||
807 | + ec_crv = EC_BINARY; | ||
808 | + /* get the ECC curve parameters */ | ||
809 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { | ||
810 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
811 | + goto err; | ||
812 | + } | ||
813 | + | ||
814 | + /* get the generator point pair */ | ||
815 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
816 | + EC_GROUP_get0_generator(group), x, y,ctx)) { | ||
817 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
818 | + goto err; | ||
819 | + } | ||
820 | + } else { | ||
821 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
822 | + goto err; | ||
823 | + } | ||
824 | + | ||
825 | + if (spcf_bn2bin(order, &r, &r_len)) { | ||
826 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
827 | + goto err; | ||
828 | + } | ||
829 | + | ||
830 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
831 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
832 | + goto err; | ||
833 | + } | ||
834 | + | ||
835 | + priv_key_len = r_len; | ||
836 | + | ||
837 | + /** | ||
838 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
839 | + * add padding bytes before the key | ||
840 | + */ | ||
841 | + if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { | ||
842 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
843 | + goto err; | ||
844 | + } | ||
845 | + | ||
846 | + /* Generation of ECC curve parameters */ | ||
847 | + ab_len = 2*q_len; | ||
848 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
849 | + if (!ab) { | ||
850 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
851 | + goto err; | ||
852 | + } | ||
853 | + | ||
854 | + if (ec_crv == EC_BINARY) { | ||
855 | + if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) | ||
856 | + { | ||
857 | + unsigned char *c_temp = NULL; | ||
858 | + int c_temp_len = q_len; | ||
859 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
860 | + memcpy(ab+q_len, c_temp, q_len); | ||
861 | + else | ||
862 | + goto err; | ||
863 | + } | ||
864 | + kop.curve_type = ECC_BINARY; | ||
865 | + } | ||
866 | + | ||
867 | + /* Calculation of Generator point */ | ||
868 | + g_len = 2*q_len; | ||
869 | + g_xy = eng_copy_curve_points(x, y, g_len, q_len); | ||
870 | + if (!g_xy) { | ||
871 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
872 | + goto err; | ||
873 | + } | ||
874 | + | ||
875 | + /* Memory allocation for first part of digital signature */ | ||
876 | + c = malloc(r_len); | ||
877 | + if (!c) { | ||
878 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
879 | + goto err; | ||
880 | + } | ||
881 | + | ||
882 | + d_len = r_len; | ||
883 | + | ||
884 | + /* Memory allocation for second part of digital signature */ | ||
885 | + d = malloc(d_len); | ||
886 | + if (!d) { | ||
887 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
888 | + goto err; | ||
889 | + } | ||
890 | + | ||
891 | + /* memory for message representative */ | ||
892 | + f = malloc(r_len); | ||
893 | + if (!f) { | ||
894 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
895 | + goto err; | ||
896 | + } | ||
897 | + | ||
898 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
899 | + memset(f, 0, r_len - dgst_len); | ||
900 | + | ||
901 | + /* Skip leading bytes if dgst_len < r_len */ | ||
902 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
903 | + | ||
904 | + dgst_len += r_len - dgst_len; | ||
905 | + kop.crk_op = CRK_DSA_SIGN; | ||
906 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
907 | + kop.crk_param[0].crp_p = f; | ||
908 | + kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
909 | + kop.crk_param[1].crp_p = q; | ||
910 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
911 | + kop.crk_param[2].crp_p = r; | ||
912 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
913 | + kop.crk_param[3].crp_p = g_xy; | ||
914 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
915 | + kop.crk_param[4].crp_p = s; | ||
916 | + kop.crk_param[4].crp_nbits = priv_key_len * 8; | ||
917 | + kop.crk_param[5].crp_p = ab; | ||
918 | + kop.crk_param[5].crp_nbits = ab_len * 8; | ||
919 | + kop.crk_iparams = 6; | ||
920 | + kop.crk_param[6].crp_p = c; | ||
921 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
922 | + kop.crk_param[7].crp_p = d; | ||
923 | + kop.crk_param[7].crp_nbits = d_len * 8; | ||
924 | + kop.crk_oparams = 2; | ||
925 | + | ||
926 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
927 | + /* Check if ret->r and s needs to allocated */ | ||
928 | + crparam2bn(&kop.crk_param[6], ret->r); | ||
929 | + crparam2bn(&kop.crk_param[7], ret->s); | ||
930 | + } else { | ||
931 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
932 | + ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); | ||
933 | + } | ||
934 | + kop.crk_param[0].crp_p = NULL; | ||
935 | + zapparams(&kop); | ||
936 | +err: | ||
937 | + if (!ret) { | ||
938 | + ECDSA_SIG_free(ret); | ||
939 | + ret = NULL; | ||
940 | + } | ||
941 | + return ret; | ||
942 | +} | ||
943 | + | ||
944 | +static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
945 | + ECDSA_SIG *sig, EC_KEY *eckey) | ||
946 | +{ | ||
947 | + BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; | ||
948 | + BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; | ||
949 | + BN_CTX *ctx = NULL; | ||
950 | + ECDSA_DATA *ecdsa = NULL; | ||
951 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; | ||
952 | + unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
953 | + int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; | ||
954 | + int d_len = 0, ab_len = 0, ret = -1; | ||
955 | + const EC_POINT *pub_key = NULL; | ||
956 | + const BIGNUM *order = NULL; | ||
957 | + const EC_GROUP *group=NULL; | ||
958 | + ec_curve_t ec_crv = EC_PRIME; | ||
959 | + struct crypt_kop kop; | ||
960 | + | ||
961 | + memset(&kop, 0, sizeof kop); | ||
962 | + ecdsa = ecdsa_check(eckey); | ||
963 | + if (!ecdsa) { | ||
964 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
965 | + return ret; | ||
966 | + } | ||
967 | + | ||
968 | + group = EC_KEY_get0_group(eckey); | ||
969 | + pub_key = EC_KEY_get0_public_key(eckey); | ||
970 | + | ||
971 | + if (!group || !pub_key) { | ||
972 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
973 | + return ret; | ||
974 | + } | ||
975 | + | ||
976 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
977 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
978 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
979 | + (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || | ||
980 | + (w_y = BN_new()) == NULL) { | ||
981 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
982 | + goto err; | ||
983 | + } | ||
984 | + | ||
985 | + order = &group->order; | ||
986 | + if (!order || BN_is_zero(order)) { | ||
987 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); | ||
988 | + goto err; | ||
989 | + } | ||
990 | + | ||
991 | + i = BN_num_bits(order); | ||
992 | + /* Need to truncate digest if it is too long: first truncate whole | ||
993 | + * bytes */ | ||
994 | + if (8 * dgst_len > i) | ||
995 | + dgst_len = (i + 7)/8; | ||
996 | + | ||
997 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
998 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
999 | + goto err; | ||
1000 | + } | ||
1001 | + | ||
1002 | + /* If still too long truncate remaining bits with a shift */ | ||
1003 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
1004 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1005 | + goto err; | ||
1006 | + } | ||
1007 | + /* copy the truncated bits into plain buffer */ | ||
1008 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
1009 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1010 | + goto err; | ||
1011 | + } | ||
1012 | + | ||
1013 | + /* check if this is prime or binary EC request */ | ||
1014 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { | ||
1015 | + ec_crv = EC_PRIME; | ||
1016 | + | ||
1017 | + /* get the generator point pair */ | ||
1018 | + if (!EC_POINT_get_affine_coordinates_GFp (group, | ||
1019 | + EC_GROUP_get0_generator(group), x, y,ctx)) { | ||
1020 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1021 | + goto err; | ||
1022 | + } | ||
1023 | + | ||
1024 | + /* get the public key pair for prime curve */ | ||
1025 | + if (!EC_POINT_get_affine_coordinates_GFp (group, | ||
1026 | + pub_key, w_x, w_y,ctx)) { | ||
1027 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1028 | + goto err; | ||
1029 | + } | ||
1030 | + | ||
1031 | + /* get the ECC curve parameters */ | ||
1032 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1033 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1034 | + goto err; | ||
1035 | + } | ||
1036 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ | ||
1037 | + ec_crv = EC_BINARY; | ||
1038 | + /* get the ECC curve parameters */ | ||
1039 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { | ||
1040 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1041 | + goto err; | ||
1042 | + } | ||
1043 | + | ||
1044 | + /* get the generator point pair */ | ||
1045 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1046 | + EC_GROUP_get0_generator(group),x, y,ctx)) { | ||
1047 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1048 | + goto err; | ||
1049 | + } | ||
1050 | + | ||
1051 | + /* get the public key pair for binary curve */ | ||
1052 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1053 | + pub_key, w_x, w_y,ctx)) { | ||
1054 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1055 | + goto err; | ||
1056 | + } | ||
1057 | + }else { | ||
1058 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1059 | + goto err; | ||
1060 | + } | ||
1061 | + | ||
1062 | + /* Get the order of the subgroup of private keys */ | ||
1063 | + if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { | ||
1064 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1065 | + goto err; | ||
1066 | + } | ||
1067 | + | ||
1068 | + /* Get the irreducible polynomial that creates the field */ | ||
1069 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1070 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1071 | + goto err; | ||
1072 | + } | ||
1073 | + | ||
1074 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1075 | + pub_key_len = 2 * q_len; | ||
1076 | + | ||
1077 | + w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); | ||
1078 | + if (!w_xy) { | ||
1079 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1080 | + goto err; | ||
1081 | + } | ||
1082 | + | ||
1083 | + /* Generation of ECC curve parameters */ | ||
1084 | + ab_len = 2*q_len; | ||
1085 | + | ||
1086 | + ab = eng_copy_curve_points (a, b, ab_len, q_len); | ||
1087 | + if (!ab) { | ||
1088 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1089 | + goto err; | ||
1090 | + } | ||
1091 | + | ||
1092 | + if (ec_crv == EC_BINARY) { | ||
1093 | + /* copy b' i.e c(b), instead of only b */ | ||
1094 | + if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) | ||
1095 | + { | ||
1096 | + unsigned char *c_temp = NULL; | ||
1097 | + int c_temp_len = q_len; | ||
1098 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1099 | + memcpy(ab+q_len, c_temp, q_len); | ||
1100 | + else | ||
1101 | + goto err; | ||
1102 | + } | ||
1103 | + kop.curve_type = ECC_BINARY; | ||
1104 | + } | ||
1105 | + | ||
1106 | + /* Calculation of Generator point */ | ||
1107 | + g_len = 2 * q_len; | ||
1108 | + | ||
1109 | + g_xy = eng_copy_curve_points (x, y, g_len, q_len); | ||
1110 | + if (!g_xy) { | ||
1111 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1112 | + goto err; | ||
1113 | + } | ||
1114 | + | ||
1115 | + /** | ||
1116 | + * Get the 1st part of signature into a flat buffer with | ||
1117 | + * appropriate padding | ||
1118 | + */ | ||
1119 | + if (BN_num_bytes(sig->r) < r_len) | ||
1120 | + c_len = r_len; | ||
1121 | + | ||
1122 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
1123 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1124 | + goto err; | ||
1125 | + } | ||
1126 | + | ||
1127 | + /** | ||
1128 | + * Get the 2nd part of signature into a flat buffer with | ||
1129 | + * appropriate padding | ||
1130 | + */ | ||
1131 | + if (BN_num_bytes(sig->s) < r_len) | ||
1132 | + d_len = r_len; | ||
1133 | + | ||
1134 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
1135 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1136 | + goto err; | ||
1137 | + } | ||
1138 | + | ||
1139 | + /* memory for message representative */ | ||
1140 | + f = malloc(r_len); | ||
1141 | + if (!f) { | ||
1142 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1143 | + goto err; | ||
1144 | + } | ||
1145 | + | ||
1146 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
1147 | + memset(f, 0, r_len-dgst_len); | ||
1148 | + | ||
1149 | + /* Skip leading bytes if dgst_len < r_len */ | ||
1150 | + memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); | ||
1151 | + dgst_len += r_len-dgst_len; | ||
1152 | + kop.crk_op = CRK_DSA_VERIFY; | ||
1153 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1154 | + kop.crk_param[0].crp_p = f; | ||
1155 | + kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
1156 | + kop.crk_param[1].crp_p = q; | ||
1157 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
1158 | + kop.crk_param[2].crp_p = r; | ||
1159 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
1160 | + kop.crk_param[3].crp_p = g_xy; | ||
1161 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
1162 | + kop.crk_param[4].crp_p = w_xy; | ||
1163 | + kop.crk_param[4].crp_nbits = pub_key_len * 8; | ||
1164 | + kop.crk_param[5].crp_p = ab; | ||
1165 | + kop.crk_param[5].crp_nbits = ab_len * 8; | ||
1166 | + kop.crk_param[6].crp_p = c; | ||
1167 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
1168 | + kop.crk_param[7].crp_p = d; | ||
1169 | + kop.crk_param[7].crp_nbits = d_len * 8; | ||
1170 | + kop.crk_iparams = 8; | ||
1171 | + | ||
1172 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
1173 | + /*OCF success value is 0, if not zero, change ret to fail*/ | ||
1174 | + if(0 == kop.crk_status) | ||
1175 | + ret = 1; | ||
1176 | + } else { | ||
1177 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1178 | + | ||
1179 | + ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); | ||
1180 | + } | ||
1181 | + kop.crk_param[0].crp_p = NULL; | ||
1182 | + zapparams(&kop); | ||
1183 | + | ||
1184 | +err: | ||
1185 | + return ret; | ||
1186 | +} | ||
1187 | + | ||
1188 | +static int cryptodev_dh_keygen(DH *dh) | ||
1189 | +{ | ||
1190 | + struct crypt_kop kop; | ||
1191 | + int ret = 1, g_len; | ||
1192 | + unsigned char *g = NULL; | ||
1193 | + | ||
1194 | + if (dh->priv_key == NULL) { | ||
1195 | + if ((dh->priv_key=BN_new()) == NULL) | ||
1196 | + goto sw_try; | ||
1197 | + } | ||
1198 | + | ||
1199 | + if (dh->pub_key == NULL) { | ||
1200 | + if ((dh->pub_key=BN_new()) == NULL) | ||
1201 | + goto sw_try; | ||
1202 | + } | ||
1203 | + | ||
1204 | + g_len = BN_num_bytes(dh->p); | ||
1205 | + /** | ||
1206 | + * Get generator into a plain buffer. If length is less than | ||
1207 | + * q_len then add leading padding bytes. | ||
1208 | + */ | ||
1209 | + if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { | ||
1210 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
1211 | + goto sw_try; | ||
1212 | + } | ||
1213 | + | ||
1214 | + memset(&kop, 0, sizeof kop); | ||
1215 | + kop.crk_op = CRK_DH_GENERATE_KEY; | ||
1216 | + if (bn2crparam(dh->p, &kop.crk_param[0])) | ||
1217 | + goto sw_try; | ||
1218 | + if (bn2crparam(dh->q, &kop.crk_param[1])) | ||
1219 | + goto sw_try; | ||
1220 | + kop.crk_param[2].crp_p = g; | ||
1221 | + kop.crk_param[2].crp_nbits = g_len * 8; | ||
1222 | + kop.crk_iparams = 3; | ||
1223 | + | ||
1224 | + /* pub_key is or prime length while priv key is of length of order */ | ||
1225 | + if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, | ||
1226 | + BN_num_bytes(dh->q), dh->priv_key)) | ||
1227 | + goto sw_try; | ||
1228 | + | ||
1229 | + return ret; | ||
1230 | +sw_try: | ||
1231 | + { | ||
1232 | + const DH_METHOD *meth = DH_OpenSSL(); | ||
1233 | + ret = (meth->generate_key)(dh); | ||
1234 | + } | ||
1235 | + return ret; | ||
1236 | } | ||
1237 | |||
1238 | static int | ||
1239 | @@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
1240 | { | ||
1241 | struct crypt_kop kop; | ||
1242 | int dhret = 1; | ||
1243 | - int fd, keylen; | ||
1244 | + int fd, p_len; | ||
1245 | + BIGNUM *temp = NULL; | ||
1246 | + unsigned char *padded_pub_key = NULL, *p = NULL; | ||
1247 | + | ||
1248 | + if ((fd = get_asym_dev_crypto()) < 0) | ||
1249 | + goto sw_try; | ||
1250 | + | ||
1251 | + memset(&kop, 0, sizeof kop); | ||
1252 | + kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
1253 | + /* inputs: dh->priv_key pub_key dh->p key */ | ||
1254 | + spcf_bn2bin(dh->p, &p, &p_len); | ||
1255 | + spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); | ||
1256 | + if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
1257 | + goto sw_try; | ||
1258 | + | ||
1259 | + kop.crk_param[1].crp_p = padded_pub_key; | ||
1260 | + kop.crk_param[1].crp_nbits = p_len * 8; | ||
1261 | + kop.crk_param[2].crp_p = p; | ||
1262 | + kop.crk_param[2].crp_nbits = p_len * 8; | ||
1263 | + kop.crk_iparams = 3; | ||
1264 | + kop.crk_param[3].crp_p = (void*) key; | ||
1265 | + kop.crk_param[3].crp_nbits = p_len * 8; | ||
1266 | + kop.crk_oparams = 1; | ||
1267 | + dhret = p_len; | ||
1268 | + | ||
1269 | + if (ioctl(fd, CIOCKEY, &kop)) | ||
1270 | + goto sw_try; | ||
1271 | |||
1272 | - if ((fd = get_asym_dev_crypto()) < 0) { | ||
1273 | + if ((temp = BN_new())) { | ||
1274 | + if (!BN_bin2bn(key, p_len, temp)) { | ||
1275 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
1276 | + goto sw_try; | ||
1277 | + } | ||
1278 | + if (dhret > BN_num_bytes(temp)) | ||
1279 | + dhret=BN_bn2bin(temp,key); | ||
1280 | + BN_free(temp); | ||
1281 | + } | ||
1282 | + | ||
1283 | + kop.crk_param[3].crp_p = NULL; | ||
1284 | + zapparams(&kop); | ||
1285 | + return (dhret); | ||
1286 | +sw_try: | ||
1287 | + { | ||
1288 | const DH_METHOD *meth = DH_OpenSSL(); | ||
1289 | |||
1290 | - return ((meth->compute_key)(key, pub_key, dh)); | ||
1291 | + dhret = (meth->compute_key)(key, pub_key, dh); | ||
1292 | } | ||
1293 | + return (dhret); | ||
1294 | +} | ||
1295 | |||
1296 | - keylen = BN_num_bits(dh->p); | ||
1297 | +int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
1298 | + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | ||
1299 | + void *out, size_t *outlen)) | ||
1300 | +{ | ||
1301 | + ec_curve_t ec_crv = EC_PRIME; | ||
1302 | + unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
1303 | + BIGNUM * w_x = NULL, *w_y = NULL; | ||
1304 | + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
1305 | + BIGNUM * p = NULL, *a = NULL, *b = NULL; | ||
1306 | + BN_CTX *ctx; | ||
1307 | + EC_POINT *tmp=NULL; | ||
1308 | + BIGNUM *x=NULL, *y=NULL; | ||
1309 | + const BIGNUM *priv_key; | ||
1310 | + const EC_GROUP* group = NULL; | ||
1311 | + int ret = -1; | ||
1312 | + size_t buflen, len; | ||
1313 | + struct crypt_kop kop; | ||
1314 | |||
1315 | memset(&kop, 0, sizeof kop); | ||
1316 | - kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
1317 | |||
1318 | - /* inputs: dh->priv_key pub_key dh->p key */ | ||
1319 | - if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
1320 | + if ((ctx = BN_CTX_new()) == NULL) goto err; | ||
1321 | + BN_CTX_start(ctx); | ||
1322 | + x = BN_CTX_get(ctx); | ||
1323 | + y = BN_CTX_get(ctx); | ||
1324 | + p = BN_CTX_get(ctx); | ||
1325 | + a = BN_CTX_get(ctx); | ||
1326 | + b = BN_CTX_get(ctx); | ||
1327 | + w_x = BN_CTX_get(ctx); | ||
1328 | + w_y = BN_CTX_get(ctx); | ||
1329 | + | ||
1330 | + if (!x || !y || !p || !a || !b || !w_x || !w_y) { | ||
1331 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); | ||
1332 | goto err; | ||
1333 | - if (bn2crparam(pub_key, &kop.crk_param[1])) | ||
1334 | + } | ||
1335 | + | ||
1336 | + priv_key = EC_KEY_get0_private_key(ecdh); | ||
1337 | + if (priv_key == NULL) { | ||
1338 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); | ||
1339 | goto err; | ||
1340 | - if (bn2crparam(dh->p, &kop.crk_param[2])) | ||
1341 | + } | ||
1342 | + | ||
1343 | + group = EC_KEY_get0_group(ecdh); | ||
1344 | + if ((tmp=EC_POINT_new(group)) == NULL) { | ||
1345 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); | ||
1346 | goto err; | ||
1347 | - kop.crk_iparams = 3; | ||
1348 | + } | ||
1349 | |||
1350 | - kop.crk_param[3].crp_p = (caddr_t) key; | ||
1351 | - kop.crk_param[3].crp_nbits = keylen * 8; | ||
1352 | - kop.crk_oparams = 1; | ||
1353 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1354 | + NID_X9_62_prime_field) { | ||
1355 | + ec_crv = EC_PRIME; | ||
1356 | |||
1357 | - if (ioctl(fd, CIOCKEY, &kop) == -1) { | ||
1358 | - const DH_METHOD *meth = DH_OpenSSL(); | ||
1359 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1360 | + EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
1361 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1362 | + goto err; | ||
1363 | + } | ||
1364 | |||
1365 | - dhret = (meth->compute_key)(key, pub_key, dh); | ||
1366 | + /* get the ECC curve parameters */ | ||
1367 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1368 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1369 | + goto err; | ||
1370 | + } | ||
1371 | + | ||
1372 | + /* get the public key pair for prime curve */ | ||
1373 | + if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { | ||
1374 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1375 | + goto err; | ||
1376 | + } | ||
1377 | + } else { | ||
1378 | + ec_crv = EC_BINARY; | ||
1379 | + | ||
1380 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1381 | + EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
1382 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1383 | + goto err; | ||
1384 | + } | ||
1385 | + | ||
1386 | + /* get the ECC curve parameters */ | ||
1387 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { | ||
1388 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1389 | + goto err; | ||
1390 | + } | ||
1391 | + | ||
1392 | + /* get the public key pair for binary curve */ | ||
1393 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1394 | + pub_key, w_x, w_y,ctx)) { | ||
1395 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1396 | + goto err; | ||
1397 | + } | ||
1398 | + } | ||
1399 | + | ||
1400 | + /* irreducible polynomial that creates the field */ | ||
1401 | + if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { | ||
1402 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1403 | + goto err; | ||
1404 | + } | ||
1405 | + | ||
1406 | + /* Get the irreducible polynomial that creates the field */ | ||
1407 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1408 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1409 | + goto err; | ||
1410 | } | ||
1411 | + | ||
1412 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1413 | + pub_key_len = 2 * q_len; | ||
1414 | + w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); | ||
1415 | + if (!w_xy) { | ||
1416 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1417 | + goto err; | ||
1418 | + } | ||
1419 | + | ||
1420 | + /* Generation of ECC curve parameters */ | ||
1421 | + ab_len = 2*q_len; | ||
1422 | + ab = eng_copy_curve_points (a, b, ab_len, q_len); | ||
1423 | + if (!ab) { | ||
1424 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1425 | + goto err; | ||
1426 | + } | ||
1427 | + | ||
1428 | + if (ec_crv == EC_BINARY) { | ||
1429 | + /* copy b' i.e c(b), instead of only b */ | ||
1430 | + if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) | ||
1431 | + { | ||
1432 | + unsigned char *c_temp = NULL; | ||
1433 | + int c_temp_len = q_len; | ||
1434 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1435 | + memcpy(ab+q_len, c_temp, q_len); | ||
1436 | + else | ||
1437 | + goto err; | ||
1438 | + } | ||
1439 | + kop.curve_type = ECC_BINARY; | ||
1440 | + } else | ||
1441 | + kop.curve_type = ECC_PRIME; | ||
1442 | + | ||
1443 | + priv_key_len = r_len; | ||
1444 | + | ||
1445 | + /* | ||
1446 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
1447 | + * add padding bytes before the key | ||
1448 | + */ | ||
1449 | + if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { | ||
1450 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1451 | + goto err; | ||
1452 | + } | ||
1453 | + | ||
1454 | + buflen = (EC_GROUP_get_degree(group) + 7)/8; | ||
1455 | + len = BN_num_bytes(x); | ||
1456 | + if (len > buflen || q_len < buflen) { | ||
1457 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); | ||
1458 | + goto err; | ||
1459 | + } | ||
1460 | + | ||
1461 | + kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
1462 | + kop.crk_param[0].crp_p = (void*) s; | ||
1463 | + kop.crk_param[0].crp_nbits = priv_key_len*8; | ||
1464 | + kop.crk_param[1].crp_p = (void*) w_xy; | ||
1465 | + kop.crk_param[1].crp_nbits = pub_key_len*8; | ||
1466 | + kop.crk_param[2].crp_p = (void*) q; | ||
1467 | + kop.crk_param[2].crp_nbits = q_len*8; | ||
1468 | + kop.crk_param[3].crp_p = (void*) ab; | ||
1469 | + kop.crk_param[3].crp_nbits = ab_len*8; | ||
1470 | + kop.crk_iparams = 4; | ||
1471 | + kop.crk_param[4].crp_p = (void*) out; | ||
1472 | + kop.crk_param[4].crp_nbits = q_len*8; | ||
1473 | + kop.crk_oparams = 1; | ||
1474 | + ret = q_len; | ||
1475 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL)) { | ||
1476 | + const ECDH_METHOD *meth = ECDH_OpenSSL(); | ||
1477 | + ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); | ||
1478 | + } else | ||
1479 | + ret = q_len; | ||
1480 | err: | ||
1481 | - kop.crk_param[3].crp_p = NULL; | ||
1482 | + kop.crk_param[4].crp_p = NULL; | ||
1483 | zapparams(&kop); | ||
1484 | - return (dhret); | ||
1485 | + return ret; | ||
1486 | } | ||
1487 | |||
1488 | + | ||
1489 | static DH_METHOD cryptodev_dh = { | ||
1490 | "cryptodev DH method", | ||
1491 | NULL, /* cryptodev_dh_generate_key */ | ||
1492 | @@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = { | ||
1493 | NULL /* app_data */ | ||
1494 | }; | ||
1495 | |||
1496 | +static ECDH_METHOD cryptodev_ecdh = { | ||
1497 | + "cryptodev ECDH method", | ||
1498 | + NULL, /* cryptodev_ecdh_compute_key */ | ||
1499 | + NULL, | ||
1500 | + 0, /* flags */ | ||
1501 | + NULL /* app_data */ | ||
1502 | +}; | ||
1503 | + | ||
1504 | /* | ||
1505 | * ctrl right now is just a wrapper that doesn't do much | ||
1506 | * but I expect we'll want some options soon. | ||
1507 | @@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void) | ||
1508 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | ||
1509 | if (cryptodev_asymfeat & CRF_DSA_SIGN) | ||
1510 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | ||
1511 | - if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
1512 | - cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; | ||
1513 | - cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; | ||
1514 | - } | ||
1515 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) | ||
1516 | cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | ||
1517 | + if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) | ||
1518 | + cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; | ||
1519 | } | ||
1520 | |||
1521 | if (ENGINE_set_DH(engine, &cryptodev_dh)){ | ||
1522 | const DH_METHOD *dh_meth = DH_OpenSSL(); | ||
1523 | + memcpy(&cryptodev_dh, dh_meth, sizeof(DH_METHOD)); | ||
1524 | + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1525 | + cryptodev_dh.compute_key = | ||
1526 | + cryptodev_dh_compute_key; | ||
1527 | + } | ||
1528 | + if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { | ||
1529 | + cryptodev_dh.generate_key = | ||
1530 | + cryptodev_dh_keygen; | ||
1531 | + } | ||
1532 | + } | ||
1533 | |||
1534 | - cryptodev_dh.generate_key = dh_meth->generate_key; | ||
1535 | - cryptodev_dh.compute_key = dh_meth->compute_key; | ||
1536 | - cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; | ||
1537 | - if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
1538 | - cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; | ||
1539 | - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) | ||
1540 | - cryptodev_dh.compute_key = | ||
1541 | - cryptodev_dh_compute_key; | ||
1542 | + if (ENGINE_set_ECDSA(engine, &cryptodev_ecdsa)) { | ||
1543 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1544 | + memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); | ||
1545 | + if (cryptodev_asymfeat & CRF_DSA_SIGN) { | ||
1546 | + cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; | ||
1547 | + } | ||
1548 | + if (cryptodev_asymfeat & CRF_DSA_VERIFY) { | ||
1549 | + cryptodev_ecdsa.ecdsa_do_verify = | ||
1550 | + cryptodev_ecdsa_verify; | ||
1551 | + } | ||
1552 | + } | ||
1553 | + | ||
1554 | + if (ENGINE_set_ECDH(engine, &cryptodev_ecdh)) { | ||
1555 | + const ECDH_METHOD *ecdh_meth = ECDH_OpenSSL(); | ||
1556 | + memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); | ||
1557 | + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1558 | + cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; | ||
1559 | } | ||
1560 | } | ||
1561 | |||
1562 | -- | ||
1563 | 2.3.5 | ||
1564 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch deleted file mode 100644 index 0fb01821..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 06:42:59 +0545 | ||
4 | Subject: [PATCH 09/26] Added hwrng dev file as source of RNG | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | e_os.h | 2 +- | ||
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/e_os.h b/e_os.h | ||
14 | index 6a0aad1..57c0563 100644 | ||
15 | --- a/e_os.h | ||
16 | +++ b/e_os.h | ||
17 | @@ -79,7 +79,7 @@ extern "C" { | ||
18 | #ifndef DEVRANDOM | ||
19 | /* set this to a comma-separated list of 'random' device files to try out. | ||
20 | * My default, we will try to read at least one of these files */ | ||
21 | -#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" | ||
22 | +#define DEVRANDOM "/dev/hwrng","/dev/urandom","/dev/random","/dev/srandom" | ||
23 | #endif | ||
24 | #ifndef DEVRANDOM_EGD | ||
25 | /* set this to a comma-seperated list of 'egd' sockets to try out. These | ||
26 | -- | ||
27 | 2.3.5 | ||
28 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch new file mode 100644 index 00000000..d4cd02fd --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0009-RSA-Keygen-Fix.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From ca7adb9cf57497d27136a599531ea5b9671876c7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Wed, 16 Apr 2014 22:53:04 +0545 | ||
4 | Subject: [PATCH 09/48] RSA Keygen Fix | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | If Kernel driver doesn't support RSA Keygen or same returns | ||
9 | error handling the keygen operation, the keygen is gracefully | ||
10 | handled by software supported rsa_keygen handler | ||
11 | |||
12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
14 | --- | ||
15 | crypto/engine/eng_cryptodev.c | 12 +++++++----- | ||
16 | 1 file changed, 7 insertions(+), 5 deletions(-) | ||
17 | |||
18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
19 | index 44017a3..eac5fb6 100644 | ||
20 | --- a/crypto/engine/eng_cryptodev.c | ||
21 | +++ b/crypto/engine/eng_cryptodev.c | ||
22 | @@ -2018,7 +2018,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
23 | int i; | ||
24 | |||
25 | if ((fd = get_asym_dev_crypto()) < 0) | ||
26 | - return fd; | ||
27 | + goto sw_try; | ||
28 | |||
29 | if (!rsa->n && ((rsa->n = BN_new()) == NULL)) | ||
30 | goto err; | ||
31 | @@ -2047,7 +2047,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
32 | /* p length */ | ||
33 | kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
34 | if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
35 | - goto err; | ||
36 | + goto sw_try; | ||
37 | kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
38 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
39 | kop.crk_iparams++; | ||
40 | @@ -2055,7 +2055,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
41 | /* q length */ | ||
42 | kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | ||
43 | if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
44 | - goto err; | ||
45 | + goto sw_try; | ||
46 | kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | ||
47 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | ||
48 | kop.crk_iparams++; | ||
49 | @@ -2115,8 +2115,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
50 | } | ||
51 | sw_try: | ||
52 | { | ||
53 | - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
54 | - ret = (meth->rsa_keygen) (rsa, bits, e, cb); | ||
55 | + const RSA_METHOD *meth = rsa->meth; | ||
56 | + rsa->meth = RSA_PKCS1_SSLeay(); | ||
57 | + ret = RSA_generate_key_ex(rsa, bits, e, cb); | ||
58 | + rsa->meth = meth; | ||
59 | } | ||
60 | return ret; | ||
61 | |||
62 | -- | ||
63 | 2.7.0 | ||
64 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch deleted file mode 100644 index 0f889c0f..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch +++ /dev/null | |||
@@ -1,2039 +0,0 @@ | |||
1 | From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 11 Mar 2014 07:14:30 +0545 | ||
4 | Subject: [PATCH 10/26] Asynchronous interface added for PKC cryptodev | ||
5 | interface | ||
6 | |||
7 | Upstream-status: Pending | ||
8 | |||
9 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
10 | --- | ||
11 | crypto/crypto.h | 16 + | ||
12 | crypto/dh/dh.h | 4 +- | ||
13 | crypto/dsa/dsa.h | 5 + | ||
14 | crypto/ecdh/ech_locl.h | 3 + | ||
15 | crypto/ecdsa/ecs_locl.h | 5 + | ||
16 | crypto/engine/eng_cryptodev.c | 1578 +++++++++++++++++++++++++++++++++++++---- | ||
17 | crypto/engine/eng_int.h | 24 +- | ||
18 | crypto/engine/eng_lib.c | 46 ++ | ||
19 | crypto/engine/engine.h | 24 + | ||
20 | crypto/rsa/rsa.h | 23 + | ||
21 | 10 files changed, 1582 insertions(+), 146 deletions(-) | ||
22 | |||
23 | diff --git a/crypto/crypto.h b/crypto/crypto.h | ||
24 | index f92fc51..ce12731 100644 | ||
25 | --- a/crypto/crypto.h | ||
26 | +++ b/crypto/crypto.h | ||
27 | @@ -605,6 +605,22 @@ void ERR_load_CRYPTO_strings(void); | ||
28 | #define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 | ||
29 | #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 | ||
30 | |||
31 | +/* Additions for Asynchronous PKC Infrastructure */ | ||
32 | +struct pkc_cookie_s { | ||
33 | + void *cookie; /* To be filled by openssl library primitive method function caller */ | ||
34 | + void *eng_cookie; /* To be filled by Engine */ | ||
35 | + /* | ||
36 | + * Callback handler to be provided by caller. Ensure to pass a | ||
37 | + * handler which takes the crypto operation to completion. | ||
38 | + * cookie: Container cookie from library | ||
39 | + * status: Status of the crypto Job completion. | ||
40 | + * 0: Job handled without any issue | ||
41 | + * -EINVAL: Parameters Invalid | ||
42 | + */ | ||
43 | + void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); | ||
44 | + void *eng_handle; | ||
45 | +}; | ||
46 | + | ||
47 | #ifdef __cplusplus | ||
48 | } | ||
49 | #endif | ||
50 | diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h | ||
51 | index ea59e61..20ffad2 100644 | ||
52 | --- a/crypto/dh/dh.h | ||
53 | +++ b/crypto/dh/dh.h | ||
54 | @@ -118,7 +118,9 @@ struct dh_method | ||
55 | int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
56 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
57 | BN_MONT_CTX *m_ctx); /* Can be null */ | ||
58 | - | ||
59 | + int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, | ||
60 | + struct pkc_cookie_s *cookie); | ||
61 | + int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); | ||
62 | int (*init)(DH *dh); | ||
63 | int (*finish)(DH *dh); | ||
64 | int flags; | ||
65 | diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h | ||
66 | index a6f6d0b..b04a029 100644 | ||
67 | --- a/crypto/dsa/dsa.h | ||
68 | +++ b/crypto/dsa/dsa.h | ||
69 | @@ -140,6 +140,10 @@ struct dsa_method | ||
70 | int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
71 | const BIGNUM *m, BN_CTX *ctx, | ||
72 | BN_MONT_CTX *m_ctx); /* Can be null */ | ||
73 | + int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, | ||
74 | + DSA_SIG *sig, struct pkc_cookie_s *cookie); | ||
75 | + int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
76 | + DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); | ||
77 | int (*init)(DSA *dsa); | ||
78 | int (*finish)(DSA *dsa); | ||
79 | int flags; | ||
80 | @@ -151,6 +155,7 @@ struct dsa_method | ||
81 | BN_GENCB *cb); | ||
82 | /* If this is non-NULL, it is used to generate DSA keys */ | ||
83 | int (*dsa_keygen)(DSA *dsa); | ||
84 | + int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); | ||
85 | }; | ||
86 | |||
87 | struct dsa_st | ||
88 | diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h | ||
89 | index f6cad6a..adce6b3 100644 | ||
90 | --- a/crypto/ecdh/ech_locl.h | ||
91 | +++ b/crypto/ecdh/ech_locl.h | ||
92 | @@ -67,6 +67,9 @@ struct ecdh_method | ||
93 | const char *name; | ||
94 | int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, | ||
95 | void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); | ||
96 | + int (*compute_key_async)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, | ||
97 | + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen), | ||
98 | + struct pkc_cookie_s *cookie); | ||
99 | #if 0 | ||
100 | int (*init)(EC_KEY *eckey); | ||
101 | int (*finish)(EC_KEY *eckey); | ||
102 | diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h | ||
103 | index cb3be13..eb0ebe0 100644 | ||
104 | --- a/crypto/ecdsa/ecs_locl.h | ||
105 | +++ b/crypto/ecdsa/ecs_locl.h | ||
106 | @@ -74,6 +74,11 @@ struct ecdsa_method | ||
107 | BIGNUM **r); | ||
108 | int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, | ||
109 | const ECDSA_SIG *sig, EC_KEY *eckey); | ||
110 | + int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, | ||
111 | + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, | ||
112 | + ECDSA_SIG *sig, struct pkc_cookie_s *cookie); | ||
113 | + int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
114 | + const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); | ||
115 | #if 0 | ||
116 | int (*init)(EC_KEY *eckey); | ||
117 | int (*finish)(EC_KEY *eckey); | ||
118 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
119 | index 7ee314b..9f2416e 100644 | ||
120 | --- a/crypto/engine/eng_cryptodev.c | ||
121 | +++ b/crypto/engine/eng_cryptodev.c | ||
122 | @@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop) | ||
123 | } | ||
124 | } | ||
125 | |||
126 | +/* Any PKC request has at max 2 output parameters and they are stored here to | ||
127 | +be used while copying in the check availability */ | ||
128 | +struct cryptodev_cookie_s { | ||
129 | + BIGNUM *r; | ||
130 | + struct crparam r_param; | ||
131 | + BIGNUM *s; | ||
132 | + struct crparam s_param; | ||
133 | + struct crypt_kop *kop; | ||
134 | +}; | ||
135 | + | ||
136 | +static int | ||
137 | +cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
138 | + BIGNUM *s) | ||
139 | +{ | ||
140 | + int fd; | ||
141 | + struct pkc_cookie_s *cookie = kop->cookie; | ||
142 | + struct cryptodev_cookie_s *eng_cookie; | ||
143 | + | ||
144 | + fd = *(int *)cookie->eng_handle; | ||
145 | + | ||
146 | + eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); | ||
147 | + | ||
148 | + if (eng_cookie) { | ||
149 | + memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); | ||
150 | + if (r) { | ||
151 | + kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); | ||
152 | + if (!kop->crk_param[kop->crk_iparams].crp_p) | ||
153 | + return -ENOMEM; | ||
154 | + kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
155 | + kop->crk_oparams++; | ||
156 | + eng_cookie->r = r; | ||
157 | + eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; | ||
158 | + } | ||
159 | + if (s) { | ||
160 | + kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); | ||
161 | + if (!kop->crk_param[kop->crk_iparams+1].crp_p) | ||
162 | + return -ENOMEM; | ||
163 | + kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; | ||
164 | + kop->crk_oparams++; | ||
165 | + eng_cookie->s = s; | ||
166 | + eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; | ||
167 | + } | ||
168 | + } else | ||
169 | + return -ENOMEM; | ||
170 | + | ||
171 | + eng_cookie->kop = kop; | ||
172 | + cookie->eng_cookie = eng_cookie; | ||
173 | + return ioctl(fd, CIOCASYMASYNCRYPT, kop); | ||
174 | +} | ||
175 | + | ||
176 | static int | ||
177 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | ||
178 | { | ||
179 | @@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void) | ||
180 | return fd; | ||
181 | } | ||
182 | |||
183 | +#include <poll.h> | ||
184 | + | ||
185 | +/* Return 0 on success and 1 on failure */ | ||
186 | +int cryptodev_check_availability(void *eng_handle) | ||
187 | +{ | ||
188 | + int fd = *(int *)eng_handle; | ||
189 | + struct pkc_cookie_list_s cookie_list; | ||
190 | + struct pkc_cookie_s *cookie; | ||
191 | + int i; | ||
192 | + | ||
193 | + /* FETCH COOKIE returns number of cookies extracted */ | ||
194 | + if (ioctl(fd, CIOCASYMFETCHCOOKIE, &cookie_list) <= 0) | ||
195 | + return 1; | ||
196 | + | ||
197 | + for (i = 0; i < cookie_list.cookie_available; i++) { | ||
198 | + cookie = cookie_list.cookie[i]; | ||
199 | + if (cookie) { | ||
200 | + struct cryptodev_cookie_s *eng_cookie = cookie->eng_cookie; | ||
201 | + if (eng_cookie) { | ||
202 | + struct crypt_kop *kop = eng_cookie->kop; | ||
203 | + | ||
204 | + if (eng_cookie->r) | ||
205 | + crparam2bn(&eng_cookie->r_param, eng_cookie->r); | ||
206 | + if (eng_cookie->s) | ||
207 | + crparam2bn(&eng_cookie->s_param, eng_cookie->s); | ||
208 | + if (kop->crk_op == CRK_DH_COMPUTE_KEY) | ||
209 | + kop->crk_oparams = 0; | ||
210 | + | ||
211 | + zapparams(eng_cookie->kop); | ||
212 | + free(eng_cookie->kop); | ||
213 | + free (eng_cookie); | ||
214 | + } | ||
215 | + cookie->pkc_callback(cookie, cookie_list.status[i]); | ||
216 | + } | ||
217 | + } | ||
218 | + return 0; | ||
219 | +} | ||
220 | + | ||
221 | static int | ||
222 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
223 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
224 | @@ -1382,6 +1470,63 @@ err: | ||
225 | } | ||
226 | |||
227 | static int | ||
228 | +cryptodev_bn_mod_exp_async(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
229 | + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont, struct pkc_cookie_s *cookie) | ||
230 | +{ | ||
231 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
232 | + int ret = 1; | ||
233 | + | ||
234 | + /* Currently, we know we can do mod exp iff we can do any | ||
235 | + * asymmetric operations at all. | ||
236 | + */ | ||
237 | + if (cryptodev_asymfeat == 0 || !kop) { | ||
238 | + ret = BN_mod_exp(r, a, p, m, ctx); | ||
239 | + return (ret); | ||
240 | + } | ||
241 | + | ||
242 | + kop->crk_oparams = 0; | ||
243 | + kop->crk_status = 0; | ||
244 | + kop->crk_op = CRK_MOD_EXP; | ||
245 | + kop->cookie = cookie; | ||
246 | + /* inputs: a^p % m */ | ||
247 | + if (bn2crparam(a, &kop->crk_param[0])) | ||
248 | + goto err; | ||
249 | + if (bn2crparam(p, &kop->crk_param[1])) | ||
250 | + goto err; | ||
251 | + if (bn2crparam(m, &kop->crk_param[2])) | ||
252 | + goto err; | ||
253 | + | ||
254 | + kop->crk_iparams = 3; | ||
255 | + if (cryptodev_asym_async(kop, BN_num_bytes(m), r, 0, NULL)) | ||
256 | + goto err; | ||
257 | + | ||
258 | + return ret; | ||
259 | +err: | ||
260 | + { | ||
261 | + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
262 | + | ||
263 | + if (kop) | ||
264 | + free(kop); | ||
265 | + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); | ||
266 | + if (ret) | ||
267 | + /* Call the completion handler immediately */ | ||
268 | + cookie->pkc_callback(cookie, 0); | ||
269 | + } | ||
270 | + return ret; | ||
271 | +} | ||
272 | + | ||
273 | +static int | ||
274 | +cryptodev_rsa_nocrt_mod_exp_async(BIGNUM *r0, const BIGNUM *I, | ||
275 | + RSA *rsa, BN_CTX *ctx, struct pkc_cookie_s *cookie) | ||
276 | +{ | ||
277 | + int r; | ||
278 | + ctx = BN_CTX_new(); | ||
279 | + r = cryptodev_bn_mod_exp_async(r0, I, rsa->d, rsa->n, ctx, NULL, cookie); | ||
280 | + BN_CTX_free(ctx); | ||
281 | + return r; | ||
282 | +} | ||
283 | + | ||
284 | +static int | ||
285 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
286 | { | ||
287 | int r; | ||
288 | @@ -1446,6 +1591,62 @@ err: | ||
289 | return (ret); | ||
290 | } | ||
291 | |||
292 | +static int | ||
293 | +cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx, | ||
294 | + struct pkc_cookie_s *cookie) | ||
295 | +{ | ||
296 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
297 | + int ret = 1, f_len, p_len, q_len; | ||
298 | + unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = NULL, *c = NULL; | ||
299 | + | ||
300 | + if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { | ||
301 | + return (0); | ||
302 | + } | ||
303 | + | ||
304 | + kop->crk_oparams = 0; | ||
305 | + kop->crk_status = 0; | ||
306 | + kop->crk_op = CRK_MOD_EXP_CRT; | ||
307 | + f_len = BN_num_bytes(rsa->n); | ||
308 | + spcf_bn2bin_ex(I, &f, &f_len); | ||
309 | + spcf_bn2bin(rsa->p, &p, &p_len); | ||
310 | + spcf_bn2bin(rsa->q, &q, &q_len); | ||
311 | + spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); | ||
312 | + spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); | ||
313 | + spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); | ||
314 | + /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
315 | + kop->crk_param[0].crp_p = p; | ||
316 | + kop->crk_param[0].crp_nbits = p_len * 8; | ||
317 | + kop->crk_param[1].crp_p = q; | ||
318 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
319 | + kop->crk_param[2].crp_p = f; | ||
320 | + kop->crk_param[2].crp_nbits = f_len * 8; | ||
321 | + kop->crk_param[3].crp_p = dp; | ||
322 | + kop->crk_param[3].crp_nbits = p_len * 8; | ||
323 | + /* dq must of length q, rest all of length p*/ | ||
324 | + kop->crk_param[4].crp_p = dq; | ||
325 | + kop->crk_param[4].crp_nbits = q_len * 8; | ||
326 | + kop->crk_param[5].crp_p = c; | ||
327 | + kop->crk_param[5].crp_nbits = p_len * 8; | ||
328 | + kop->crk_iparams = 6; | ||
329 | + kop->cookie = cookie; | ||
330 | + if (cryptodev_asym_async(kop, BN_num_bytes(rsa->n), r0, 0, NULL)) | ||
331 | + goto err; | ||
332 | + | ||
333 | + return ret; | ||
334 | +err: | ||
335 | + { | ||
336 | + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
337 | + | ||
338 | + if (kop) | ||
339 | + free(kop); | ||
340 | + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); | ||
341 | + if (ret) | ||
342 | + /* Call user completion handler immediately */ | ||
343 | + cookie->pkc_callback(cookie, 0); | ||
344 | + } | ||
345 | + return (ret); | ||
346 | +} | ||
347 | + | ||
348 | static RSA_METHOD cryptodev_rsa = { | ||
349 | "cryptodev RSA method", | ||
350 | NULL, /* rsa_pub_enc */ | ||
351 | @@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = { | ||
352 | NULL, /* rsa_priv_dec */ | ||
353 | NULL, | ||
354 | NULL, | ||
355 | + NULL, /* rsa_pub_enc */ | ||
356 | + NULL, /* rsa_pub_dec */ | ||
357 | + NULL, /* rsa_priv_enc */ | ||
358 | + NULL, /* rsa_priv_dec */ | ||
359 | + NULL, | ||
360 | + NULL, | ||
361 | NULL, /* init */ | ||
362 | NULL, /* finish */ | ||
363 | 0, /* flags */ | ||
364 | @@ -1751,126 +1958,424 @@ sw_try: | ||
365 | return ret; | ||
366 | } | ||
367 | |||
368 | +/* Cryptodev DSA Key Gen routine */ | ||
369 | +static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) | ||
370 | +{ | ||
371 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
372 | + int ret = 1, g_len; | ||
373 | + unsigned char *g = NULL; | ||
374 | |||
375 | + if (!kop) | ||
376 | + goto sw_try; | ||
377 | |||
378 | -static DSA_METHOD cryptodev_dsa = { | ||
379 | - "cryptodev DSA method", | ||
380 | - NULL, | ||
381 | - NULL, /* dsa_sign_setup */ | ||
382 | - NULL, | ||
383 | - NULL, /* dsa_mod_exp */ | ||
384 | - NULL, | ||
385 | - NULL, /* init */ | ||
386 | - NULL, /* finish */ | ||
387 | - 0, /* flags */ | ||
388 | - NULL /* app_data */ | ||
389 | -}; | ||
390 | + if (dsa->priv_key == NULL) { | ||
391 | + if ((dsa->priv_key=BN_new()) == NULL) | ||
392 | + goto sw_try; | ||
393 | + } | ||
394 | |||
395 | -static ECDSA_METHOD cryptodev_ecdsa = { | ||
396 | - "cryptodev ECDSA method", | ||
397 | - NULL, | ||
398 | - NULL, /* ecdsa_sign_setup */ | ||
399 | - NULL, | ||
400 | - NULL, | ||
401 | - 0, /* flags */ | ||
402 | - NULL /* app_data */ | ||
403 | -}; | ||
404 | + if (dsa->pub_key == NULL) { | ||
405 | + if ((dsa->pub_key=BN_new()) == NULL) | ||
406 | + goto sw_try; | ||
407 | + } | ||
408 | |||
409 | -typedef enum ec_curve_s | ||
410 | -{ | ||
411 | - EC_PRIME, | ||
412 | - EC_BINARY | ||
413 | -} ec_curve_t; | ||
414 | + g_len = BN_num_bytes(dsa->p); | ||
415 | + /** | ||
416 | + * Get generator into a plain buffer. If length is less than | ||
417 | + * q_len then add leading padding bytes. | ||
418 | + */ | ||
419 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
420 | + DSAerr(DSA_F_DSA_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
421 | + goto sw_try; | ||
422 | + } | ||
423 | |||
424 | -/* ENGINE handler for ECDSA Sign */ | ||
425 | -static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | ||
426 | - int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | ||
427 | -{ | ||
428 | - BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
429 | - BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
430 | - BN_CTX *ctx = NULL; | ||
431 | - ECDSA_SIG *ret = NULL; | ||
432 | - ECDSA_DATA *ecdsa = NULL; | ||
433 | - unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
434 | - unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
435 | - int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
436 | - int g_len = 0, d_len = 0, ab_len = 0; | ||
437 | - const BIGNUM *order = NULL, *priv_key=NULL; | ||
438 | - const EC_GROUP *group = NULL; | ||
439 | - struct crypt_kop kop; | ||
440 | - ec_curve_t ec_crv = EC_PRIME; | ||
441 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
442 | + kop->crk_op = CRK_DSA_GENERATE_KEY; | ||
443 | + if (bn2crparam(dsa->p, &kop->crk_param[0])) | ||
444 | + goto sw_try; | ||
445 | + if (bn2crparam(dsa->q, &kop->crk_param[1])) | ||
446 | + goto sw_try; | ||
447 | + kop->crk_param[2].crp_p = g; | ||
448 | + kop->crk_param[2].crp_nbits = g_len * 8; | ||
449 | + kop->crk_iparams = 3; | ||
450 | + kop->cookie = cookie; | ||
451 | |||
452 | - memset(&kop, 0, sizeof(kop)); | ||
453 | - ecdsa = ecdsa_check(eckey); | ||
454 | - if (!ecdsa) { | ||
455 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
456 | - return NULL; | ||
457 | + /* pub_key is or prime length while priv key is of length of order */ | ||
458 | + if (cryptodev_asym_async(kop, BN_num_bytes(dsa->p), dsa->pub_key, | ||
459 | + BN_num_bytes(dsa->q), dsa->priv_key)) | ||
460 | + goto sw_try; | ||
461 | + | ||
462 | + return ret; | ||
463 | +sw_try: | ||
464 | + { | ||
465 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
466 | + | ||
467 | + if (kop) | ||
468 | + free(kop); | ||
469 | + ret = (meth->dsa_keygen)(dsa); | ||
470 | + cookie->pkc_callback(cookie, 0); | ||
471 | } | ||
472 | + return ret; | ||
473 | +} | ||
474 | |||
475 | - group = EC_KEY_get0_group(eckey); | ||
476 | - priv_key = EC_KEY_get0_private_key(eckey); | ||
477 | +static int | ||
478 | +cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, | ||
479 | + DSA_SIG *sig, struct pkc_cookie_s *cookie) | ||
480 | +{ | ||
481 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
482 | + DSA_SIG *dsaret = NULL; | ||
483 | + int q_len = 0, r_len = 0, g_len = 0; | ||
484 | + int priv_key_len = 0, ret = 1; | ||
485 | + unsigned char *q = NULL, *r = NULL, *g = NULL, *priv_key = NULL, *f = NULL; | ||
486 | |||
487 | - if (!group || !priv_key) { | ||
488 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
489 | - return NULL; | ||
490 | + if (((sig->r = BN_new()) == NULL) || !kop) { | ||
491 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
492 | + goto err; | ||
493 | } | ||
494 | |||
495 | - if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
496 | - (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
497 | - (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
498 | - (y = BN_new()) == NULL) { | ||
499 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
500 | + if ((sig->s = BN_new()) == NULL) { | ||
501 | + BN_free(sig->r); | ||
502 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
503 | goto err; | ||
504 | } | ||
505 | |||
506 | - order = &group->order; | ||
507 | - if (!order || BN_is_zero(order)) { | ||
508 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
509 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
510 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
511 | goto err; | ||
512 | } | ||
513 | |||
514 | - i = BN_num_bits(order); | ||
515 | - /* Need to truncate digest if it is too long: first truncate whole | ||
516 | - bytes */ | ||
517 | - if (8 * dgst_len > i) | ||
518 | - dgst_len = (i + 7)/8; | ||
519 | + /* Get order of the field of private keys into plain buffer */ | ||
520 | + if (spcf_bn2bin (dsa->q, &r, &r_len)) { | ||
521 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
522 | + goto err; | ||
523 | + } | ||
524 | |||
525 | - if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
526 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
527 | + /* sanity test */ | ||
528 | + if (dlen > r_len) { | ||
529 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
530 | goto err; | ||
531 | } | ||
532 | |||
533 | - /* If still too long truncate remaining bits with a shift */ | ||
534 | - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
535 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
536 | + g_len = q_len; | ||
537 | + /** | ||
538 | + * Get generator into a plain buffer. If length is less than | ||
539 | + * q_len then add leading padding bytes. | ||
540 | + */ | ||
541 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
542 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
543 | goto err; | ||
544 | } | ||
545 | |||
546 | - /* copy the truncated bits into plain buffer */ | ||
547 | - if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
548 | - fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); | ||
549 | + priv_key_len = r_len; | ||
550 | + /** | ||
551 | + * Get private key into a plain buffer. If length is less than | ||
552 | + * r_len then add leading padding bytes. | ||
553 | + */ | ||
554 | + if (spcf_bn2bin_ex(dsa->priv_key, &priv_key, &priv_key_len)) { | ||
555 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
556 | goto err; | ||
557 | } | ||
558 | |||
559 | - ret = ECDSA_SIG_new(); | ||
560 | - if (!ret) { | ||
561 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
562 | + /* Allocate memory to store hash. */ | ||
563 | + f = OPENSSL_malloc (r_len); | ||
564 | + if (!f) { | ||
565 | + DSAerr(DSA_F_DSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
566 | goto err; | ||
567 | } | ||
568 | |||
569 | - /* check if this is prime or binary EC request */ | ||
570 | - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { | ||
571 | - ec_crv = EC_PRIME; | ||
572 | - /* get the generator point pair */ | ||
573 | - if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), | ||
574 | - x, y,ctx)) { | ||
575 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
576 | - goto err; | ||
577 | - } | ||
578 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
579 | + if (dlen < r_len) | ||
580 | + memset(f, 0, r_len - dlen); | ||
581 | |||
582 | - /* get the ECC curve parameters */ | ||
583 | - if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { | ||
584 | - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
585 | + /* Skip leading bytes if dgst_len < r_len */ | ||
586 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
587 | + | ||
588 | + dlen = r_len; | ||
589 | + | ||
590 | + memset(kop, 0, sizeof( struct crypt_kop)); | ||
591 | + kop->crk_op = CRK_DSA_SIGN; | ||
592 | + | ||
593 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
594 | + kop->crk_param[0].crp_p = (void*)f; | ||
595 | + kop->crk_param[0].crp_nbits = dlen * 8; | ||
596 | + kop->crk_param[1].crp_p = (void*)q; | ||
597 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
598 | + kop->crk_param[2].crp_p = (void*)r; | ||
599 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
600 | + kop->crk_param[3].crp_p = (void*)g; | ||
601 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
602 | + kop->crk_param[4].crp_p = (void*)priv_key; | ||
603 | + kop->crk_param[4].crp_nbits = priv_key_len * 8; | ||
604 | + kop->crk_iparams = 5; | ||
605 | + kop->cookie = cookie; | ||
606 | + | ||
607 | + if (cryptodev_asym_async(kop, r_len, sig->r, r_len, sig->s)) | ||
608 | + goto err; | ||
609 | + | ||
610 | + return ret; | ||
611 | +err: | ||
612 | + { | ||
613 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
614 | + | ||
615 | + if (kop) | ||
616 | + free(kop); | ||
617 | + BN_free(sig->r); | ||
618 | + BN_free(sig->s); | ||
619 | + dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); | ||
620 | + sig->r = dsaret->r; | ||
621 | + sig->s = dsaret->s; | ||
622 | + /* Call user callback immediately */ | ||
623 | + cookie->pkc_callback(cookie, 0); | ||
624 | + ret = dsaret; | ||
625 | + } | ||
626 | + return ret; | ||
627 | +} | ||
628 | + | ||
629 | +static int | ||
630 | +cryptodev_dsa_verify_async(const unsigned char *dgst, int dlen, | ||
631 | + DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie) | ||
632 | +{ | ||
633 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
634 | + int q_len = 0, r_len = 0, g_len = 0; | ||
635 | + int w_len = 0 ,c_len = 0, d_len = 0, ret = 1; | ||
636 | + unsigned char * q = NULL, * r = NULL, * w = NULL, * g = NULL; | ||
637 | + unsigned char *c = NULL, * d = NULL, *f = NULL; | ||
638 | + | ||
639 | + if (!kop) | ||
640 | + goto err; | ||
641 | + | ||
642 | + if (spcf_bn2bin(dsa->p, &q, &q_len)) { | ||
643 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
644 | + return ret; | ||
645 | + } | ||
646 | + | ||
647 | + /* Get Order of field of private keys */ | ||
648 | + if (spcf_bn2bin(dsa->q, &r, &r_len)) { | ||
649 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
650 | + goto err; | ||
651 | + } | ||
652 | + | ||
653 | + g_len = q_len; | ||
654 | + /** | ||
655 | + * Get generator into a plain buffer. If length is less than | ||
656 | + * q_len then add leading padding bytes. | ||
657 | + */ | ||
658 | + if (spcf_bn2bin_ex(dsa->g, &g, &g_len)) { | ||
659 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
660 | + goto err; | ||
661 | + } | ||
662 | + w_len = q_len; | ||
663 | + /** | ||
664 | + * Get public key into a plain buffer. If length is less than | ||
665 | + * q_len then add leading padding bytes. | ||
666 | + */ | ||
667 | + if (spcf_bn2bin_ex(dsa->pub_key, &w, &w_len)) { | ||
668 | + DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
669 | + goto err; | ||
670 | + } | ||
671 | + /** | ||
672 | + * Get the 1st part of signature into a flat buffer with | ||
673 | + * appropriate padding | ||
674 | + */ | ||
675 | + c_len = r_len; | ||
676 | + | ||
677 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
678 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
679 | + goto err; | ||
680 | + } | ||
681 | + | ||
682 | + /** | ||
683 | + * Get the 2nd part of signature into a flat buffer with | ||
684 | + * appropriate padding | ||
685 | + */ | ||
686 | + d_len = r_len; | ||
687 | + | ||
688 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
689 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
690 | + goto err; | ||
691 | + } | ||
692 | + | ||
693 | + | ||
694 | + /* Sanity test */ | ||
695 | + if (dlen > r_len) { | ||
696 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
697 | + goto err; | ||
698 | + } | ||
699 | + | ||
700 | + /* Allocate memory to store hash. */ | ||
701 | + f = OPENSSL_malloc (r_len); | ||
702 | + if (!f) { | ||
703 | + DSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
704 | + goto err; | ||
705 | + } | ||
706 | + | ||
707 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
708 | + if (dlen < r_len) | ||
709 | + memset(f, 0, r_len - dlen); | ||
710 | + | ||
711 | + /* Skip leading bytes if dgst_len < r_len */ | ||
712 | + memcpy(f + r_len - dlen, dgst, dlen); | ||
713 | + | ||
714 | + dlen = r_len; | ||
715 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
716 | + | ||
717 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ | ||
718 | + kop->crk_param[0].crp_p = (void*)f; | ||
719 | + kop->crk_param[0].crp_nbits = dlen * 8; | ||
720 | + kop->crk_param[1].crp_p = q; | ||
721 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
722 | + kop->crk_param[2].crp_p = r; | ||
723 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
724 | + kop->crk_param[3].crp_p = g; | ||
725 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
726 | + kop->crk_param[4].crp_p = w; | ||
727 | + kop->crk_param[4].crp_nbits = w_len * 8; | ||
728 | + kop->crk_param[5].crp_p = c; | ||
729 | + kop->crk_param[5].crp_nbits = c_len * 8; | ||
730 | + kop->crk_param[6].crp_p = d; | ||
731 | + kop->crk_param[6].crp_nbits = d_len * 8; | ||
732 | + kop->crk_iparams = 7; | ||
733 | + kop->crk_op = CRK_DSA_VERIFY; | ||
734 | + kop->cookie = cookie; | ||
735 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
736 | + goto err; | ||
737 | + | ||
738 | + return ret; | ||
739 | +err: | ||
740 | + { | ||
741 | + const DSA_METHOD *meth = DSA_OpenSSL(); | ||
742 | + | ||
743 | + if (kop) | ||
744 | + free(kop); | ||
745 | + | ||
746 | + ret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); | ||
747 | + cookie->pkc_callback(cookie, 0); | ||
748 | + } | ||
749 | + return ret; | ||
750 | +} | ||
751 | + | ||
752 | +static DSA_METHOD cryptodev_dsa = { | ||
753 | + "cryptodev DSA method", | ||
754 | + NULL, | ||
755 | + NULL, /* dsa_sign_setup */ | ||
756 | + NULL, | ||
757 | + NULL, /* dsa_mod_exp */ | ||
758 | + NULL, | ||
759 | + NULL, | ||
760 | + NULL, | ||
761 | + NULL, | ||
762 | + NULL, /* init */ | ||
763 | + NULL, /* finish */ | ||
764 | + 0, /* flags */ | ||
765 | + NULL /* app_data */ | ||
766 | +}; | ||
767 | + | ||
768 | +static ECDSA_METHOD cryptodev_ecdsa = { | ||
769 | + "cryptodev ECDSA method", | ||
770 | + NULL, | ||
771 | + NULL, /* ecdsa_sign_setup */ | ||
772 | + NULL, | ||
773 | + NULL, | ||
774 | + NULL, | ||
775 | + NULL, | ||
776 | + 0, /* flags */ | ||
777 | + NULL /* app_data */ | ||
778 | +}; | ||
779 | + | ||
780 | +typedef enum ec_curve_s | ||
781 | +{ | ||
782 | + EC_PRIME, | ||
783 | + EC_BINARY | ||
784 | +} ec_curve_t; | ||
785 | + | ||
786 | +/* ENGINE handler for ECDSA Sign */ | ||
787 | +static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | ||
788 | + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | ||
789 | +{ | ||
790 | + BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
791 | + BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
792 | + BN_CTX *ctx = NULL; | ||
793 | + ECDSA_SIG *ret = NULL; | ||
794 | + ECDSA_DATA *ecdsa = NULL; | ||
795 | + unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
796 | + unsigned char * s = NULL, *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
797 | + int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
798 | + int g_len = 0, d_len = 0, ab_len = 0; | ||
799 | + const BIGNUM *order = NULL, *priv_key=NULL; | ||
800 | + const EC_GROUP *group = NULL; | ||
801 | + struct crypt_kop kop; | ||
802 | + ec_curve_t ec_crv = EC_PRIME; | ||
803 | + | ||
804 | + memset(&kop, 0, sizeof(kop)); | ||
805 | + ecdsa = ecdsa_check(eckey); | ||
806 | + if (!ecdsa) { | ||
807 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
808 | + return NULL; | ||
809 | + } | ||
810 | + | ||
811 | + group = EC_KEY_get0_group(eckey); | ||
812 | + priv_key = EC_KEY_get0_private_key(eckey); | ||
813 | + | ||
814 | + if (!group || !priv_key) { | ||
815 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
816 | + return NULL; | ||
817 | + } | ||
818 | + | ||
819 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
820 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
821 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
822 | + (y = BN_new()) == NULL) { | ||
823 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
824 | + goto err; | ||
825 | + } | ||
826 | + | ||
827 | + order = &group->order; | ||
828 | + if (!order || BN_is_zero(order)) { | ||
829 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
830 | + goto err; | ||
831 | + } | ||
832 | + | ||
833 | + i = BN_num_bits(order); | ||
834 | + /* Need to truncate digest if it is too long: first truncate whole | ||
835 | + bytes */ | ||
836 | + if (8 * dgst_len > i) | ||
837 | + dgst_len = (i + 7)/8; | ||
838 | + | ||
839 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
840 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
841 | + goto err; | ||
842 | + } | ||
843 | + | ||
844 | + /* If still too long truncate remaining bits with a shift */ | ||
845 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
846 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
847 | + goto err; | ||
848 | + } | ||
849 | + | ||
850 | + /* copy the truncated bits into plain buffer */ | ||
851 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
852 | + fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); | ||
853 | + goto err; | ||
854 | + } | ||
855 | + | ||
856 | + ret = ECDSA_SIG_new(); | ||
857 | + if (!ret) { | ||
858 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
859 | + goto err; | ||
860 | + } | ||
861 | + | ||
862 | + /* check if this is prime or binary EC request */ | ||
863 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { | ||
864 | + ec_crv = EC_PRIME; | ||
865 | + /* get the generator point pair */ | ||
866 | + if (!EC_POINT_get_affine_coordinates_GFp (group, EC_GROUP_get0_generator(group), | ||
867 | + x, y,ctx)) { | ||
868 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
869 | + goto err; | ||
870 | + } | ||
871 | + | ||
872 | + /* get the ECC curve parameters */ | ||
873 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { | ||
874 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
875 | goto err; | ||
876 | } | ||
877 | } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { | ||
878 | @@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
879 | } | ||
880 | |||
881 | /** | ||
882 | - * Get the 2nd part of signature into a flat buffer with | ||
883 | - * appropriate padding | ||
884 | + * Get the 2nd part of signature into a flat buffer with | ||
885 | + * appropriate padding | ||
886 | + */ | ||
887 | + if (BN_num_bytes(sig->s) < r_len) | ||
888 | + d_len = r_len; | ||
889 | + | ||
890 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
891 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
892 | + goto err; | ||
893 | + } | ||
894 | + | ||
895 | + /* memory for message representative */ | ||
896 | + f = malloc(r_len); | ||
897 | + if (!f) { | ||
898 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
899 | + goto err; | ||
900 | + } | ||
901 | + | ||
902 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
903 | + memset(f, 0, r_len-dgst_len); | ||
904 | + | ||
905 | + /* Skip leading bytes if dgst_len < r_len */ | ||
906 | + memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); | ||
907 | + dgst_len += r_len-dgst_len; | ||
908 | + kop.crk_op = CRK_DSA_VERIFY; | ||
909 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
910 | + kop.crk_param[0].crp_p = f; | ||
911 | + kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
912 | + kop.crk_param[1].crp_p = q; | ||
913 | + kop.crk_param[1].crp_nbits = q_len * 8; | ||
914 | + kop.crk_param[2].crp_p = r; | ||
915 | + kop.crk_param[2].crp_nbits = r_len * 8; | ||
916 | + kop.crk_param[3].crp_p = g_xy; | ||
917 | + kop.crk_param[3].crp_nbits = g_len * 8; | ||
918 | + kop.crk_param[4].crp_p = w_xy; | ||
919 | + kop.crk_param[4].crp_nbits = pub_key_len * 8; | ||
920 | + kop.crk_param[5].crp_p = ab; | ||
921 | + kop.crk_param[5].crp_nbits = ab_len * 8; | ||
922 | + kop.crk_param[6].crp_p = c; | ||
923 | + kop.crk_param[6].crp_nbits = d_len * 8; | ||
924 | + kop.crk_param[7].crp_p = d; | ||
925 | + kop.crk_param[7].crp_nbits = d_len * 8; | ||
926 | + kop.crk_iparams = 8; | ||
927 | + | ||
928 | + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
929 | + /*OCF success value is 0, if not zero, change ret to fail*/ | ||
930 | + if(0 == kop.crk_status) | ||
931 | + ret = 1; | ||
932 | + } else { | ||
933 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
934 | + | ||
935 | + ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); | ||
936 | + } | ||
937 | + kop.crk_param[0].crp_p = NULL; | ||
938 | + zapparams(&kop); | ||
939 | + | ||
940 | +err: | ||
941 | + return ret; | ||
942 | +} | ||
943 | + | ||
944 | +static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, | ||
945 | + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey, | ||
946 | + ECDSA_SIG *sig, struct pkc_cookie_s *cookie) | ||
947 | +{ | ||
948 | + BIGNUM *m = NULL, *p = NULL, *a = NULL; | ||
949 | + BIGNUM *b = NULL, *x = NULL, *y = NULL; | ||
950 | + BN_CTX *ctx = NULL; | ||
951 | + ECDSA_SIG *sig_ret = NULL; | ||
952 | + ECDSA_DATA *ecdsa = NULL; | ||
953 | + unsigned char * q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL; | ||
954 | + unsigned char * s = NULL, *f = NULL, *tmp_dgst = NULL; | ||
955 | + int i = 0, q_len = 0, priv_key_len = 0, r_len = 0; | ||
956 | + int g_len = 0, ab_len = 0, ret = 1; | ||
957 | + const BIGNUM *order = NULL, *priv_key=NULL; | ||
958 | + const EC_GROUP *group = NULL; | ||
959 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
960 | + ec_curve_t ec_crv = EC_PRIME; | ||
961 | + | ||
962 | + if (!(sig->r = BN_new()) || !kop) | ||
963 | + goto err; | ||
964 | + if ((sig->s = BN_new()) == NULL) { | ||
965 | + BN_free(r); | ||
966 | + goto err; | ||
967 | + } | ||
968 | + | ||
969 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
970 | + ecdsa = ecdsa_check(eckey); | ||
971 | + if (!ecdsa) { | ||
972 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
973 | + goto err; | ||
974 | + } | ||
975 | + | ||
976 | + group = EC_KEY_get0_group(eckey); | ||
977 | + priv_key = EC_KEY_get0_private_key(eckey); | ||
978 | + | ||
979 | + if (!group || !priv_key) { | ||
980 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); | ||
981 | + goto err; | ||
982 | + } | ||
983 | + | ||
984 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
985 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
986 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
987 | + (y = BN_new()) == NULL) { | ||
988 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
989 | + goto err; | ||
990 | + } | ||
991 | + | ||
992 | + order = &group->order; | ||
993 | + if (!order || BN_is_zero(order)) { | ||
994 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_MISSING_PARAMETERS); | ||
995 | + goto err; | ||
996 | + } | ||
997 | + | ||
998 | + i = BN_num_bits(order); | ||
999 | + /* Need to truncate digest if it is too long: first truncate whole | ||
1000 | + bytes */ | ||
1001 | + if (8 * dgst_len > i) | ||
1002 | + dgst_len = (i + 7)/8; | ||
1003 | + | ||
1004 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
1005 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
1006 | + goto err; | ||
1007 | + } | ||
1008 | + | ||
1009 | + /* If still too long truncate remaining bits with a shift */ | ||
1010 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
1011 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); | ||
1012 | + goto err; | ||
1013 | + } | ||
1014 | + | ||
1015 | + /* copy the truncated bits into plain buffer */ | ||
1016 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
1017 | + fprintf(stderr, "%s:%d: OPENSSL_malloc failec\n", __FUNCTION__, __LINE__); | ||
1018 | + goto err; | ||
1019 | + } | ||
1020 | + | ||
1021 | + /* check if this is prime or binary EC request */ | ||
1022 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) | ||
1023 | + == NID_X9_62_prime_field) { | ||
1024 | + ec_crv = EC_PRIME; | ||
1025 | + /* get the generator point pair */ | ||
1026 | + if (!EC_POINT_get_affine_coordinates_GFp (group, | ||
1027 | + EC_GROUP_get0_generator(group), x, y,ctx)) { | ||
1028 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1029 | + goto err; | ||
1030 | + } | ||
1031 | + | ||
1032 | + /* get the ECC curve parameters */ | ||
1033 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b , ctx)) { | ||
1034 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1035 | + goto err; | ||
1036 | + } | ||
1037 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { | ||
1038 | + ec_crv = EC_BINARY; | ||
1039 | + /* get the ECC curve parameters */ | ||
1040 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { | ||
1041 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1042 | + goto err; | ||
1043 | + } | ||
1044 | + | ||
1045 | + /* get the generator point pair */ | ||
1046 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1047 | + EC_GROUP_get0_generator(group), x, y,ctx)) { | ||
1048 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1049 | + goto err; | ||
1050 | + } | ||
1051 | + } else { | ||
1052 | + printf("Unsupported Curve\n"); | ||
1053 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1054 | + goto err; | ||
1055 | + } | ||
1056 | + | ||
1057 | + if (spcf_bn2bin(order, &r, &r_len)) { | ||
1058 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1059 | + goto err; | ||
1060 | + } | ||
1061 | + | ||
1062 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1063 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1064 | + goto err; | ||
1065 | + } | ||
1066 | + | ||
1067 | + priv_key_len = r_len; | ||
1068 | + | ||
1069 | + /** | ||
1070 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
1071 | + * add padding bytes before the key | ||
1072 | + */ | ||
1073 | + if (spcf_bn2bin_ex(priv_key, &s, &priv_key_len)) { | ||
1074 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1075 | + goto err; | ||
1076 | + } | ||
1077 | + | ||
1078 | + /* Generation of ECC curve parameters */ | ||
1079 | + ab_len = 2*q_len; | ||
1080 | + ab = eng_copy_curve_points(a, b, ab_len, q_len); | ||
1081 | + if (!ab) { | ||
1082 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1083 | + goto err; | ||
1084 | + } | ||
1085 | + | ||
1086 | + if (ec_crv == EC_BINARY) { | ||
1087 | + if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) | ||
1088 | + { | ||
1089 | + unsigned char *c_temp = NULL; | ||
1090 | + int c_temp_len = q_len; | ||
1091 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1092 | + memcpy(ab+q_len, c_temp, q_len); | ||
1093 | + else | ||
1094 | + goto err; | ||
1095 | + } | ||
1096 | + kop->curve_type = ECC_BINARY; | ||
1097 | + } | ||
1098 | + | ||
1099 | + /* Calculation of Generator point */ | ||
1100 | + g_len = 2*q_len; | ||
1101 | + g_xy = eng_copy_curve_points(x, y, g_len, q_len); | ||
1102 | + if (!g_xy) { | ||
1103 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1104 | + goto err; | ||
1105 | + } | ||
1106 | + | ||
1107 | + /* memory for message representative */ | ||
1108 | + f = malloc(r_len); | ||
1109 | + if (!f) { | ||
1110 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1111 | + goto err; | ||
1112 | + } | ||
1113 | + | ||
1114 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
1115 | + memset(f, 0, r_len - dgst_len); | ||
1116 | + | ||
1117 | + /* Skip leading bytes if dgst_len < r_len */ | ||
1118 | + memcpy(f + r_len - dgst_len, tmp_dgst, dgst_len); | ||
1119 | + | ||
1120 | + dgst_len += r_len - dgst_len; | ||
1121 | + | ||
1122 | + kop->crk_op = CRK_DSA_SIGN; | ||
1123 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1124 | + kop->crk_param[0].crp_p = f; | ||
1125 | + kop->crk_param[0].crp_nbits = dgst_len * 8; | ||
1126 | + kop->crk_param[1].crp_p = q; | ||
1127 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
1128 | + kop->crk_param[2].crp_p = r; | ||
1129 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
1130 | + kop->crk_param[3].crp_p = g_xy; | ||
1131 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
1132 | + kop->crk_param[4].crp_p = s; | ||
1133 | + kop->crk_param[4].crp_nbits = priv_key_len * 8; | ||
1134 | + kop->crk_param[5].crp_p = ab; | ||
1135 | + kop->crk_param[5].crp_nbits = ab_len * 8; | ||
1136 | + kop->crk_iparams = 6; | ||
1137 | + kop->cookie = cookie; | ||
1138 | + | ||
1139 | + if (cryptodev_asym_async(kop, r_len, sig->r , r_len, sig->s)) | ||
1140 | + goto err; | ||
1141 | + | ||
1142 | + return ret; | ||
1143 | +err: | ||
1144 | + { | ||
1145 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1146 | + BN_free(sig->r); | ||
1147 | + BN_free(sig->s); | ||
1148 | + if (kop) | ||
1149 | + free(kop); | ||
1150 | + sig_ret = (meth->ecdsa_do_sign)(dgst, dgst_len, in_kinv, in_r, eckey); | ||
1151 | + sig->r = sig_ret->r; | ||
1152 | + sig->s = sig_ret->s; | ||
1153 | + cookie->pkc_callback(cookie, 0); | ||
1154 | + } | ||
1155 | + return ret; | ||
1156 | +} | ||
1157 | + | ||
1158 | +static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, | ||
1159 | + const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie) | ||
1160 | +{ | ||
1161 | + BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; | ||
1162 | + BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; | ||
1163 | + BN_CTX *ctx = NULL; | ||
1164 | + ECDSA_DATA *ecdsa = NULL; | ||
1165 | + unsigned char *q = NULL, *r = NULL, *ab = NULL, *g_xy = NULL, *w_xy = NULL; | ||
1166 | + unsigned char *c = NULL, *d = NULL, *f = NULL, *tmp_dgst = NULL; | ||
1167 | + int i = 0, q_len = 0, pub_key_len = 0, r_len = 0, c_len = 0, g_len = 0; | ||
1168 | + int d_len = 0, ab_len = 0, ret = 1; | ||
1169 | + const EC_POINT *pub_key = NULL; | ||
1170 | + const BIGNUM *order = NULL; | ||
1171 | + const EC_GROUP *group=NULL; | ||
1172 | + ec_curve_t ec_crv = EC_PRIME; | ||
1173 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1174 | + | ||
1175 | + if (!kop) | ||
1176 | + goto err; | ||
1177 | + | ||
1178 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1179 | + ecdsa = ecdsa_check(eckey); | ||
1180 | + if (!ecdsa) { | ||
1181 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
1182 | + goto err; | ||
1183 | + } | ||
1184 | + | ||
1185 | + group = EC_KEY_get0_group(eckey); | ||
1186 | + pub_key = EC_KEY_get0_public_key(eckey); | ||
1187 | + | ||
1188 | + if (!group || !pub_key) { | ||
1189 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER); | ||
1190 | + goto err; | ||
1191 | + } | ||
1192 | + | ||
1193 | + if ((ctx = BN_CTX_new()) == NULL || (m = BN_new()) == NULL || | ||
1194 | + (a = BN_new()) == NULL || (b = BN_new()) == NULL || | ||
1195 | + (p = BN_new()) == NULL || (x = BN_new()) == NULL || | ||
1196 | + (y = BN_new()) == NULL || (w_x = BN_new()) == NULL || | ||
1197 | + (w_y = BN_new()) == NULL) { | ||
1198 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1199 | + goto err; | ||
1200 | + } | ||
1201 | + | ||
1202 | + order = &group->order; | ||
1203 | + if (!order || BN_is_zero(order)) { | ||
1204 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); | ||
1205 | + goto err; | ||
1206 | + } | ||
1207 | + | ||
1208 | + i = BN_num_bits(order); | ||
1209 | + /* Need to truncate digest if it is too long: first truncate whole | ||
1210 | + * bytes */ | ||
1211 | + if (8 * dgst_len > i) | ||
1212 | + dgst_len = (i + 7)/8; | ||
1213 | + | ||
1214 | + if (!BN_bin2bn(dgst, dgst_len, m)) { | ||
1215 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1216 | + goto err; | ||
1217 | + } | ||
1218 | + | ||
1219 | + /* If still too long truncate remaining bits with a shift */ | ||
1220 | + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { | ||
1221 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); | ||
1222 | + goto err; | ||
1223 | + } | ||
1224 | + /* copy the truncated bits into plain buffer */ | ||
1225 | + if (spcf_bn2bin(m, &tmp_dgst, &dgst_len)) { | ||
1226 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1227 | + goto err; | ||
1228 | + } | ||
1229 | + | ||
1230 | + /* check if this is prime or binary EC request */ | ||
1231 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { | ||
1232 | + ec_crv = EC_PRIME; | ||
1233 | + | ||
1234 | + /* get the generator point pair */ | ||
1235 | + if (!EC_POINT_get_affine_coordinates_GFp (group, | ||
1236 | + EC_GROUP_get0_generator(group), x, y,ctx)) { | ||
1237 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1238 | + goto err; | ||
1239 | + } | ||
1240 | + | ||
1241 | + /* get the public key pair for prime curve */ | ||
1242 | + if (!EC_POINT_get_affine_coordinates_GFp (group, | ||
1243 | + pub_key, w_x, w_y,ctx)) { | ||
1244 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1245 | + goto err; | ||
1246 | + } | ||
1247 | + | ||
1248 | + /* get the ECC curve parameters */ | ||
1249 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1250 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1251 | + goto err; | ||
1252 | + } | ||
1253 | + } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field){ | ||
1254 | + ec_crv = EC_BINARY; | ||
1255 | + /* get the ECC curve parameters */ | ||
1256 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { | ||
1257 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1258 | + goto err; | ||
1259 | + } | ||
1260 | + | ||
1261 | + /* get the generator point pair */ | ||
1262 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1263 | + EC_GROUP_get0_generator(group),x, y,ctx)) { | ||
1264 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1265 | + goto err; | ||
1266 | + } | ||
1267 | + | ||
1268 | + /* get the public key pair for binary curve */ | ||
1269 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1270 | + pub_key, w_x, w_y,ctx)) { | ||
1271 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1272 | + goto err; | ||
1273 | + } | ||
1274 | + }else { | ||
1275 | + printf("Unsupported Curve\n"); | ||
1276 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); | ||
1277 | + goto err; | ||
1278 | + } | ||
1279 | + | ||
1280 | + /* Get the order of the subgroup of private keys */ | ||
1281 | + if (spcf_bn2bin((BIGNUM*)order, &r, &r_len)) { | ||
1282 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1283 | + goto err; | ||
1284 | + } | ||
1285 | + | ||
1286 | + /* Get the irreducible polynomial that creates the field */ | ||
1287 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1288 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1289 | + goto err; | ||
1290 | + } | ||
1291 | + | ||
1292 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1293 | + pub_key_len = 2 * q_len; | ||
1294 | + | ||
1295 | + w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); | ||
1296 | + if (!w_xy) { | ||
1297 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1298 | + goto err; | ||
1299 | + } | ||
1300 | + | ||
1301 | + /* Generation of ECC curve parameters */ | ||
1302 | + ab_len = 2*q_len; | ||
1303 | + | ||
1304 | + ab = eng_copy_curve_points (a, b, ab_len, q_len); | ||
1305 | + if (!ab) { | ||
1306 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1307 | + goto err; | ||
1308 | + } | ||
1309 | + | ||
1310 | + if (ec_crv == EC_BINARY) { | ||
1311 | + /* copy b' i.e c(b), instead of only b */ | ||
1312 | + eng_ec_get_cparam (EC_GROUP_get_curve_name(group), | ||
1313 | + ab+q_len, q_len); | ||
1314 | + kop->curve_type = ECC_BINARY; | ||
1315 | + } | ||
1316 | + | ||
1317 | + /* Calculation of Generator point */ | ||
1318 | + g_len = 2 * q_len; | ||
1319 | + | ||
1320 | + g_xy = eng_copy_curve_points (x, y, g_len, q_len); | ||
1321 | + if (!g_xy) { | ||
1322 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1323 | + goto err; | ||
1324 | + } | ||
1325 | + | ||
1326 | + /** | ||
1327 | + * Get the 1st part of signature into a flat buffer with | ||
1328 | + * appropriate padding | ||
1329 | + */ | ||
1330 | + if (BN_num_bytes(sig->r) < r_len) | ||
1331 | + c_len = r_len; | ||
1332 | + | ||
1333 | + if (spcf_bn2bin_ex(sig->r, &c, &c_len)) { | ||
1334 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1335 | + goto err; | ||
1336 | + } | ||
1337 | + | ||
1338 | + /** | ||
1339 | + * Get the 2nd part of signature into a flat buffer with | ||
1340 | + * appropriate padding | ||
1341 | + */ | ||
1342 | + if (BN_num_bytes(sig->s) < r_len) | ||
1343 | + d_len = r_len; | ||
1344 | + | ||
1345 | + if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
1346 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1347 | + goto err; | ||
1348 | + } | ||
1349 | + | ||
1350 | + /* memory for message representative */ | ||
1351 | + f = malloc(r_len); | ||
1352 | + if (!f) { | ||
1353 | + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1354 | + goto err; | ||
1355 | + } | ||
1356 | + | ||
1357 | + /* Add padding, since SEC expects hash to of size r_len */ | ||
1358 | + memset(f, 0, r_len-dgst_len); | ||
1359 | + | ||
1360 | + /* Skip leading bytes if dgst_len < r_len */ | ||
1361 | + memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); | ||
1362 | + | ||
1363 | + dgst_len += r_len-dgst_len; | ||
1364 | + | ||
1365 | + kop->crk_op = CRK_DSA_VERIFY; | ||
1366 | + /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1367 | + kop->crk_param[0].crp_p = f; | ||
1368 | + kop->crk_param[0].crp_nbits = dgst_len * 8; | ||
1369 | + kop->crk_param[1].crp_p = q; | ||
1370 | + kop->crk_param[1].crp_nbits = q_len * 8; | ||
1371 | + kop->crk_param[2].crp_p = r; | ||
1372 | + kop->crk_param[2].crp_nbits = r_len * 8; | ||
1373 | + kop->crk_param[3].crp_p = g_xy; | ||
1374 | + kop->crk_param[3].crp_nbits = g_len * 8; | ||
1375 | + kop->crk_param[4].crp_p = w_xy; | ||
1376 | + kop->crk_param[4].crp_nbits = pub_key_len * 8; | ||
1377 | + kop->crk_param[5].crp_p = ab; | ||
1378 | + kop->crk_param[5].crp_nbits = ab_len * 8; | ||
1379 | + kop->crk_param[6].crp_p = c; | ||
1380 | + kop->crk_param[6].crp_nbits = d_len * 8; | ||
1381 | + kop->crk_param[7].crp_p = d; | ||
1382 | + kop->crk_param[7].crp_nbits = d_len * 8; | ||
1383 | + kop->crk_iparams = 8; | ||
1384 | + kop->cookie = cookie; | ||
1385 | + | ||
1386 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
1387 | + goto err; | ||
1388 | + | ||
1389 | + return ret; | ||
1390 | +err: | ||
1391 | + { | ||
1392 | + const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1393 | + | ||
1394 | + if (kop) | ||
1395 | + free(kop); | ||
1396 | + ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); | ||
1397 | + cookie->pkc_callback(cookie, 0); | ||
1398 | + } | ||
1399 | + | ||
1400 | + return ret; | ||
1401 | +} | ||
1402 | + | ||
1403 | +/* Cryptodev DH Key Gen routine */ | ||
1404 | +static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) | ||
1405 | +{ | ||
1406 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1407 | + int ret = 1, g_len; | ||
1408 | + unsigned char *g = NULL; | ||
1409 | + | ||
1410 | + if (!kop) | ||
1411 | + goto sw_try; | ||
1412 | + | ||
1413 | + if (dh->priv_key == NULL) { | ||
1414 | + if ((dh->priv_key=BN_new()) == NULL) | ||
1415 | + goto sw_try; | ||
1416 | + } | ||
1417 | + | ||
1418 | + if (dh->pub_key == NULL) { | ||
1419 | + if ((dh->pub_key=BN_new()) == NULL) | ||
1420 | + goto sw_try; | ||
1421 | + } | ||
1422 | + | ||
1423 | + g_len = BN_num_bytes(dh->p); | ||
1424 | + /** | ||
1425 | + * Get generator into a plain buffer. If length is less than | ||
1426 | + * q_len then add leading padding bytes. | ||
1427 | */ | ||
1428 | - if (BN_num_bytes(sig->s) < r_len) | ||
1429 | - d_len = r_len; | ||
1430 | - | ||
1431 | - if (spcf_bn2bin_ex(sig->s, &d, &d_len)) { | ||
1432 | - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1433 | - goto err; | ||
1434 | - } | ||
1435 | - | ||
1436 | - /* memory for message representative */ | ||
1437 | - f = malloc(r_len); | ||
1438 | - if (!f) { | ||
1439 | - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); | ||
1440 | - goto err; | ||
1441 | + if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { | ||
1442 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
1443 | + goto sw_try; | ||
1444 | } | ||
1445 | |||
1446 | - /* Add padding, since SEC expects hash to of size r_len */ | ||
1447 | - memset(f, 0, r_len-dgst_len); | ||
1448 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1449 | + kop->crk_op = CRK_DH_GENERATE_KEY; | ||
1450 | + if (bn2crparam(dh->p, &kop->crk_param[0])) | ||
1451 | + goto sw_try; | ||
1452 | + if (bn2crparam(dh->q, &kop->crk_param[1])) | ||
1453 | + goto sw_try; | ||
1454 | + kop->crk_param[2].crp_p = g; | ||
1455 | + kop->crk_param[2].crp_nbits = g_len * 8; | ||
1456 | + kop->crk_iparams = 3; | ||
1457 | + kop->cookie = cookie; | ||
1458 | |||
1459 | - /* Skip leading bytes if dgst_len < r_len */ | ||
1460 | - memcpy(f + r_len-dgst_len, tmp_dgst, dgst_len); | ||
1461 | - dgst_len += r_len-dgst_len; | ||
1462 | - kop.crk_op = CRK_DSA_VERIFY; | ||
1463 | - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ | ||
1464 | - kop.crk_param[0].crp_p = f; | ||
1465 | - kop.crk_param[0].crp_nbits = dgst_len * 8; | ||
1466 | - kop.crk_param[1].crp_p = q; | ||
1467 | - kop.crk_param[1].crp_nbits = q_len * 8; | ||
1468 | - kop.crk_param[2].crp_p = r; | ||
1469 | - kop.crk_param[2].crp_nbits = r_len * 8; | ||
1470 | - kop.crk_param[3].crp_p = g_xy; | ||
1471 | - kop.crk_param[3].crp_nbits = g_len * 8; | ||
1472 | - kop.crk_param[4].crp_p = w_xy; | ||
1473 | - kop.crk_param[4].crp_nbits = pub_key_len * 8; | ||
1474 | - kop.crk_param[5].crp_p = ab; | ||
1475 | - kop.crk_param[5].crp_nbits = ab_len * 8; | ||
1476 | - kop.crk_param[6].crp_p = c; | ||
1477 | - kop.crk_param[6].crp_nbits = d_len * 8; | ||
1478 | - kop.crk_param[7].crp_p = d; | ||
1479 | - kop.crk_param[7].crp_nbits = d_len * 8; | ||
1480 | - kop.crk_iparams = 8; | ||
1481 | + /* pub_key is or prime length while priv key is of length of order */ | ||
1482 | + if (cryptodev_asym_async(kop, BN_num_bytes(dh->p), dh->pub_key, | ||
1483 | + BN_num_bytes(dh->q), dh->priv_key)) | ||
1484 | + goto sw_try; | ||
1485 | |||
1486 | - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { | ||
1487 | - /*OCF success value is 0, if not zero, change ret to fail*/ | ||
1488 | - if(0 == kop.crk_status) | ||
1489 | - ret = 1; | ||
1490 | - } else { | ||
1491 | - const ECDSA_METHOD *meth = ECDSA_OpenSSL(); | ||
1492 | + return ret; | ||
1493 | +sw_try: | ||
1494 | + { | ||
1495 | + const DH_METHOD *meth = DH_OpenSSL(); | ||
1496 | |||
1497 | - ret = (meth->ecdsa_do_verify)(dgst, dgst_len, sig, eckey); | ||
1498 | + if (kop) | ||
1499 | + free(kop); | ||
1500 | + ret = (meth->generate_key)(dh); | ||
1501 | + cookie->pkc_callback(cookie, 0); | ||
1502 | } | ||
1503 | - kop.crk_param[0].crp_p = NULL; | ||
1504 | - zapparams(&kop); | ||
1505 | - | ||
1506 | -err: | ||
1507 | return ret; | ||
1508 | } | ||
1509 | |||
1510 | @@ -2360,6 +3383,54 @@ sw_try: | ||
1511 | return (dhret); | ||
1512 | } | ||
1513 | |||
1514 | +/* Return Length if successful and 0 on failure */ | ||
1515 | +static int | ||
1516 | +cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, | ||
1517 | + DH *dh, struct pkc_cookie_s *cookie) | ||
1518 | +{ | ||
1519 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1520 | + int ret = 1; | ||
1521 | + int fd, p_len; | ||
1522 | + unsigned char *padded_pub_key = NULL, *p = NULL; | ||
1523 | + | ||
1524 | + fd = *(int *)cookie->eng_handle; | ||
1525 | + | ||
1526 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1527 | + kop->crk_op = CRK_DH_COMPUTE_KEY; | ||
1528 | + /* inputs: dh->priv_key pub_key dh->p key */ | ||
1529 | + spcf_bn2bin(dh->p, &p, &p_len); | ||
1530 | + spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); | ||
1531 | + | ||
1532 | + if (bn2crparam(dh->priv_key, &kop->crk_param[0])) | ||
1533 | + goto err; | ||
1534 | + kop->crk_param[1].crp_p = padded_pub_key; | ||
1535 | + kop->crk_param[1].crp_nbits = p_len * 8; | ||
1536 | + kop->crk_param[2].crp_p = p; | ||
1537 | + kop->crk_param[2].crp_nbits = p_len * 8; | ||
1538 | + kop->crk_iparams = 3; | ||
1539 | + | ||
1540 | + kop->cookie = cookie; | ||
1541 | + kop->crk_param[3].crp_p = (void*) key; | ||
1542 | + kop->crk_param[3].crp_nbits = p_len * 8; | ||
1543 | + kop->crk_oparams = 1; | ||
1544 | + | ||
1545 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
1546 | + goto err; | ||
1547 | + | ||
1548 | + return p_len; | ||
1549 | +err: | ||
1550 | + { | ||
1551 | + const DH_METHOD *meth = DH_OpenSSL(); | ||
1552 | + | ||
1553 | + if (kop) | ||
1554 | + free(kop); | ||
1555 | + ret = (meth->compute_key)(key, pub_key, dh); | ||
1556 | + /* Call user cookie handler */ | ||
1557 | + cookie->pkc_callback(cookie, 0); | ||
1558 | + } | ||
1559 | + return (ret); | ||
1560 | +} | ||
1561 | + | ||
1562 | int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
1563 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | ||
1564 | void *out, size_t *outlen)) | ||
1565 | @@ -2537,6 +3608,190 @@ err: | ||
1566 | return ret; | ||
1567 | } | ||
1568 | |||
1569 | +int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | ||
1570 | + const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | ||
1571 | + void *out, size_t *outlen), struct pkc_cookie_s *cookie) | ||
1572 | +{ | ||
1573 | + ec_curve_t ec_crv = EC_PRIME; | ||
1574 | + unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
1575 | + BIGNUM * w_x = NULL, *w_y = NULL; | ||
1576 | + int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
1577 | + BIGNUM * p = NULL, *a = NULL, *b = NULL; | ||
1578 | + BN_CTX *ctx; | ||
1579 | + EC_POINT *tmp=NULL; | ||
1580 | + BIGNUM *x=NULL, *y=NULL; | ||
1581 | + const BIGNUM *priv_key; | ||
1582 | + const EC_GROUP* group = NULL; | ||
1583 | + int ret = 1; | ||
1584 | + size_t buflen, len; | ||
1585 | + struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
1586 | + | ||
1587 | + if (!(ctx = BN_CTX_new()) || !kop) | ||
1588 | + goto err; | ||
1589 | + | ||
1590 | + memset(kop, 0, sizeof(struct crypt_kop)); | ||
1591 | + | ||
1592 | + BN_CTX_start(ctx); | ||
1593 | + x = BN_CTX_get(ctx); | ||
1594 | + y = BN_CTX_get(ctx); | ||
1595 | + p = BN_CTX_get(ctx); | ||
1596 | + a = BN_CTX_get(ctx); | ||
1597 | + b = BN_CTX_get(ctx); | ||
1598 | + w_x = BN_CTX_get(ctx); | ||
1599 | + w_y = BN_CTX_get(ctx); | ||
1600 | + | ||
1601 | + if (!x || !y || !p || !a || !b || !w_x || !w_y) { | ||
1602 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); | ||
1603 | + goto err; | ||
1604 | + } | ||
1605 | + | ||
1606 | + priv_key = EC_KEY_get0_private_key(ecdh); | ||
1607 | + if (priv_key == NULL) { | ||
1608 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); | ||
1609 | + goto err; | ||
1610 | + } | ||
1611 | + | ||
1612 | + group = EC_KEY_get0_group(ecdh); | ||
1613 | + if ((tmp=EC_POINT_new(group)) == NULL) { | ||
1614 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); | ||
1615 | + goto err; | ||
1616 | + } | ||
1617 | + | ||
1618 | + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == | ||
1619 | + NID_X9_62_prime_field) { | ||
1620 | + ec_crv = EC_PRIME; | ||
1621 | + | ||
1622 | + if (!EC_POINT_get_affine_coordinates_GFp(group, | ||
1623 | + EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
1624 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1625 | + goto err; | ||
1626 | + } | ||
1627 | + | ||
1628 | + /* get the ECC curve parameters */ | ||
1629 | + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { | ||
1630 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1631 | + goto err; | ||
1632 | + } | ||
1633 | + | ||
1634 | + /* get the public key pair for prime curve */ | ||
1635 | + if (!EC_POINT_get_affine_coordinates_GFp (group, pub_key, w_x, w_y,ctx)) { | ||
1636 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1637 | + goto err; | ||
1638 | + } | ||
1639 | + } else { | ||
1640 | + ec_crv = EC_BINARY; | ||
1641 | + | ||
1642 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1643 | + EC_GROUP_get0_generator(group), x, y, ctx)) { | ||
1644 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
1645 | + goto err; | ||
1646 | + } | ||
1647 | + | ||
1648 | + /* get the ECC curve parameters */ | ||
1649 | + if (!EC_GROUP_get_curve_GF2m(group, p, a, b , ctx)) { | ||
1650 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1651 | + goto err; | ||
1652 | + } | ||
1653 | + | ||
1654 | + /* get the public key pair for binary curve */ | ||
1655 | + if (!EC_POINT_get_affine_coordinates_GF2m(group, | ||
1656 | + pub_key, w_x, w_y,ctx)) { | ||
1657 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); | ||
1658 | + goto err; | ||
1659 | + } | ||
1660 | + } | ||
1661 | + | ||
1662 | + /* irreducible polynomial that creates the field */ | ||
1663 | + if (spcf_bn2bin((BIGNUM*)&group->order, &r, &r_len)) { | ||
1664 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1665 | + goto err; | ||
1666 | + } | ||
1667 | + | ||
1668 | + /* Get the irreducible polynomial that creates the field */ | ||
1669 | + if (spcf_bn2bin(p, &q, &q_len)) { | ||
1670 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1671 | + goto err; | ||
1672 | + } | ||
1673 | + | ||
1674 | + /* Get the public key into a flat buffer with appropriate padding */ | ||
1675 | + pub_key_len = 2 * q_len; | ||
1676 | + w_xy = eng_copy_curve_points (w_x, w_y, pub_key_len, q_len); | ||
1677 | + if (!w_xy) { | ||
1678 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1679 | + goto err; | ||
1680 | + } | ||
1681 | + | ||
1682 | + /* Generation of ECC curve parameters */ | ||
1683 | + ab_len = 2*q_len; | ||
1684 | + ab = eng_copy_curve_points (a, b, ab_len, q_len); | ||
1685 | + if (!ab) { | ||
1686 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
1687 | + goto err; | ||
1688 | + } | ||
1689 | + | ||
1690 | + if (ec_crv == EC_BINARY) { | ||
1691 | + /* copy b' i.e c(b), instead of only b */ | ||
1692 | + if (eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab+q_len, q_len)) | ||
1693 | + { | ||
1694 | + unsigned char *c_temp = NULL; | ||
1695 | + int c_temp_len = q_len; | ||
1696 | + if (eng_ec_compute_cparam(b, p, &c_temp, &c_temp_len)) | ||
1697 | + memcpy(ab+q_len, c_temp, q_len); | ||
1698 | + else | ||
1699 | + goto err; | ||
1700 | + } | ||
1701 | + kop->curve_type = ECC_BINARY; | ||
1702 | + } else | ||
1703 | + kop->curve_type = ECC_PRIME; | ||
1704 | + | ||
1705 | + priv_key_len = r_len; | ||
1706 | + | ||
1707 | + /* | ||
1708 | + * If BN_num_bytes of priv_key returns less then r_len then | ||
1709 | + * add padding bytes before the key | ||
1710 | + */ | ||
1711 | + if (spcf_bn2bin_ex((BIGNUM *)priv_key, &s, &priv_key_len)) { | ||
1712 | + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); | ||
1713 | + goto err; | ||
1714 | + } | ||
1715 | + | ||
1716 | + buflen = (EC_GROUP_get_degree(group) + 7)/8; | ||
1717 | + len = BN_num_bytes(x); | ||
1718 | + if (len > buflen || q_len < buflen) { | ||
1719 | + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); | ||
1720 | + goto err; | ||
1721 | + } | ||
1722 | + | ||
1723 | + kop->crk_op = CRK_DH_COMPUTE_KEY; | ||
1724 | + kop->crk_param[0].crp_p = (void *) s; | ||
1725 | + kop->crk_param[0].crp_nbits = priv_key_len*8; | ||
1726 | + kop->crk_param[1].crp_p = (void *) w_xy; | ||
1727 | + kop->crk_param[1].crp_nbits = pub_key_len*8; | ||
1728 | + kop->crk_param[2].crp_p = (void *) q; | ||
1729 | + kop->crk_param[2].crp_nbits = q_len*8; | ||
1730 | + kop->crk_param[3].crp_p = (void *) ab; | ||
1731 | + kop->crk_param[3].crp_nbits = ab_len*8; | ||
1732 | + kop->crk_iparams = 4; | ||
1733 | + kop->crk_param[4].crp_p = (void *) out; | ||
1734 | + kop->crk_param[4].crp_nbits = q_len*8; | ||
1735 | + kop->crk_oparams = 1; | ||
1736 | + kop->cookie = cookie; | ||
1737 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
1738 | + goto err; | ||
1739 | + | ||
1740 | + return q_len; | ||
1741 | +err: | ||
1742 | + { | ||
1743 | + const ECDH_METHOD *meth = ECDH_OpenSSL(); | ||
1744 | + | ||
1745 | + if (kop) | ||
1746 | + free(kop); | ||
1747 | + ret = (meth->compute_key)(out, outlen, pub_key, ecdh, KDF); | ||
1748 | + /* Call user cookie handler */ | ||
1749 | + cookie->pkc_callback(cookie, 0); | ||
1750 | + } | ||
1751 | + return ret; | ||
1752 | +} | ||
1753 | |||
1754 | static DH_METHOD cryptodev_dh = { | ||
1755 | "cryptodev DH method", | ||
1756 | @@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = { | ||
1757 | NULL, | ||
1758 | NULL, | ||
1759 | NULL, | ||
1760 | + NULL, | ||
1761 | + NULL, | ||
1762 | 0, /* flags */ | ||
1763 | NULL /* app_data */ | ||
1764 | }; | ||
1765 | @@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = { | ||
1766 | "cryptodev ECDH method", | ||
1767 | NULL, /* cryptodev_ecdh_compute_key */ | ||
1768 | NULL, | ||
1769 | + NULL, | ||
1770 | 0, /* flags */ | ||
1771 | NULL /* app_data */ | ||
1772 | }; | ||
1773 | @@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void) | ||
1774 | cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; | ||
1775 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | ||
1776 | cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; | ||
1777 | - if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) | ||
1778 | + cryptodev_rsa.bn_mod_exp_async = | ||
1779 | + cryptodev_bn_mod_exp_async; | ||
1780 | + if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) { | ||
1781 | cryptodev_rsa.rsa_mod_exp = | ||
1782 | cryptodev_rsa_mod_exp; | ||
1783 | - else | ||
1784 | + cryptodev_rsa.rsa_mod_exp_async = | ||
1785 | + cryptodev_rsa_mod_exp_async; | ||
1786 | + } else { | ||
1787 | cryptodev_rsa.rsa_mod_exp = | ||
1788 | cryptodev_rsa_nocrt_mod_exp; | ||
1789 | + cryptodev_rsa.rsa_mod_exp_async = | ||
1790 | + cryptodev_rsa_nocrt_mod_exp_async; | ||
1791 | + } | ||
1792 | } | ||
1793 | } | ||
1794 | |||
1795 | @@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void) | ||
1796 | const DSA_METHOD *meth = DSA_OpenSSL(); | ||
1797 | |||
1798 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | ||
1799 | - if (cryptodev_asymfeat & CRF_DSA_SIGN) | ||
1800 | + if (cryptodev_asymfeat & CRF_DSA_SIGN) { | ||
1801 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | ||
1802 | - if (cryptodev_asymfeat & CRF_DSA_VERIFY) | ||
1803 | + cryptodev_dsa.dsa_do_sign_async = | ||
1804 | + cryptodev_dsa_do_sign_async; | ||
1805 | + } | ||
1806 | + if (cryptodev_asymfeat & CRF_DSA_VERIFY) { | ||
1807 | cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; | ||
1808 | - if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) | ||
1809 | + cryptodev_dsa.dsa_do_verify_async = | ||
1810 | + cryptodev_dsa_verify_async; | ||
1811 | + } | ||
1812 | + if (cryptodev_asymfeat & CRF_DSA_GENERATE_KEY) { | ||
1813 | cryptodev_dsa.dsa_keygen = cryptodev_dsa_keygen; | ||
1814 | + cryptodev_dsa.dsa_keygen_async = | ||
1815 | + cryptodev_dsa_keygen_async; | ||
1816 | + } | ||
1817 | } | ||
1818 | |||
1819 | if (ENGINE_set_DH(engine, &cryptodev_dh)){ | ||
1820 | @@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void) | ||
1821 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1822 | cryptodev_dh.compute_key = | ||
1823 | cryptodev_dh_compute_key; | ||
1824 | + cryptodev_dh.compute_key_async = | ||
1825 | + cryptodev_dh_compute_key_async; | ||
1826 | } | ||
1827 | if (cryptodev_asymfeat & CRF_DH_GENERATE_KEY) { | ||
1828 | cryptodev_dh.generate_key = | ||
1829 | cryptodev_dh_keygen; | ||
1830 | + cryptodev_dh.generate_key_async = | ||
1831 | + cryptodev_dh_keygen_async; | ||
1832 | + | ||
1833 | } | ||
1834 | } | ||
1835 | |||
1836 | @@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void) | ||
1837 | memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); | ||
1838 | if (cryptodev_asymfeat & CRF_DSA_SIGN) { | ||
1839 | cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; | ||
1840 | + cryptodev_ecdsa.ecdsa_do_sign_async = | ||
1841 | + cryptodev_ecdsa_do_sign_async; | ||
1842 | } | ||
1843 | if (cryptodev_asymfeat & CRF_DSA_VERIFY) { | ||
1844 | cryptodev_ecdsa.ecdsa_do_verify = | ||
1845 | cryptodev_ecdsa_verify; | ||
1846 | + cryptodev_ecdsa.ecdsa_do_verify_async = | ||
1847 | + cryptodev_ecdsa_verify_async; | ||
1848 | } | ||
1849 | } | ||
1850 | |||
1851 | @@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void) | ||
1852 | memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); | ||
1853 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | ||
1854 | cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; | ||
1855 | + cryptodev_ecdh.compute_key_async = | ||
1856 | + cryptodev_ecdh_compute_key_async; | ||
1857 | } | ||
1858 | } | ||
1859 | |||
1860 | + ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); | ||
1861 | + ENGINE_set_close_instance(engine, cryptodev_close_instance); | ||
1862 | + ENGINE_set_init_instance(engine, cryptodev_init_instance); | ||
1863 | + ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); | ||
1864 | + | ||
1865 | ENGINE_add(engine); | ||
1866 | ENGINE_free(engine); | ||
1867 | ERR_clear_error(); | ||
1868 | diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h | ||
1869 | index 451ef8f..8fc3077 100644 | ||
1870 | --- a/crypto/engine/eng_int.h | ||
1871 | +++ b/crypto/engine/eng_int.h | ||
1872 | @@ -181,7 +181,29 @@ struct engine_st | ||
1873 | ENGINE_LOAD_KEY_PTR load_pubkey; | ||
1874 | |||
1875 | ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; | ||
1876 | - | ||
1877 | + /* | ||
1878 | + * Instantiate Engine handle to be passed in check_pkc_availability | ||
1879 | + * Ensure that Engine is instantiated before any pkc asynchronous call. | ||
1880 | + */ | ||
1881 | + void *(*engine_init_instance)(void); | ||
1882 | + /* | ||
1883 | + * Instantiated Engine handle will be closed with this call. | ||
1884 | + * Ensure that no pkc asynchronous call is made after this call | ||
1885 | + */ | ||
1886 | + void (*engine_close_instance)(void *handle); | ||
1887 | + /* | ||
1888 | + * Check availability will extract the data from kernel. | ||
1889 | + * eng_handle: This is the Engine handle corresponds to which | ||
1890 | + * the cookies needs to be polled. | ||
1891 | + * return 0 if cookie available else 1 | ||
1892 | + */ | ||
1893 | + int (*check_pkc_availability)(void *eng_handle); | ||
1894 | + /* | ||
1895 | + * The following map is used to check if the engine supports asynchronous implementation | ||
1896 | + * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous | ||
1897 | + * implementation need to check this features using "int ENGINE_get_async_map(engine *)"; | ||
1898 | + */ | ||
1899 | + int async_map; | ||
1900 | const ENGINE_CMD_DEFN *cmd_defns; | ||
1901 | int flags; | ||
1902 | /* reference count on the structure itself */ | ||
1903 | diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c | ||
1904 | index 18a6664..6fa621c 100644 | ||
1905 | --- a/crypto/engine/eng_lib.c | ||
1906 | +++ b/crypto/engine/eng_lib.c | ||
1907 | @@ -98,7 +98,11 @@ void engine_set_all_null(ENGINE *e) | ||
1908 | e->ctrl = NULL; | ||
1909 | e->load_privkey = NULL; | ||
1910 | e->load_pubkey = NULL; | ||
1911 | + e->check_pkc_availability = NULL; | ||
1912 | + e->engine_init_instance = NULL; | ||
1913 | + e->engine_close_instance = NULL; | ||
1914 | e->cmd_defns = NULL; | ||
1915 | + e->async_map = 0; | ||
1916 | e->flags = 0; | ||
1917 | } | ||
1918 | |||
1919 | @@ -233,6 +237,48 @@ int ENGINE_set_id(ENGINE *e, const char *id) | ||
1920 | return 1; | ||
1921 | } | ||
1922 | |||
1923 | +void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) | ||
1924 | + { | ||
1925 | + e->engine_init_instance = engine_init_instance; | ||
1926 | + } | ||
1927 | + | ||
1928 | +void ENGINE_set_close_instance(ENGINE *e, | ||
1929 | + void (*engine_close_instance)(void *)) | ||
1930 | + { | ||
1931 | + e->engine_close_instance = engine_close_instance; | ||
1932 | + } | ||
1933 | + | ||
1934 | +void ENGINE_set_async_map(ENGINE *e, int async_map) | ||
1935 | + { | ||
1936 | + e->async_map = async_map; | ||
1937 | + } | ||
1938 | + | ||
1939 | +void *ENGINE_init_instance(ENGINE *e) | ||
1940 | + { | ||
1941 | + return e->engine_init_instance(); | ||
1942 | + } | ||
1943 | + | ||
1944 | +void ENGINE_close_instance(ENGINE *e, void *eng_handle) | ||
1945 | + { | ||
1946 | + e->engine_close_instance(eng_handle); | ||
1947 | + } | ||
1948 | + | ||
1949 | +int ENGINE_get_async_map(ENGINE *e) | ||
1950 | + { | ||
1951 | + return e->async_map; | ||
1952 | + } | ||
1953 | + | ||
1954 | +void ENGINE_set_check_pkc_availability(ENGINE *e, | ||
1955 | + int (*check_pkc_availability)(void *eng_handle)) | ||
1956 | + { | ||
1957 | + e->check_pkc_availability = check_pkc_availability; | ||
1958 | + } | ||
1959 | + | ||
1960 | +int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) | ||
1961 | + { | ||
1962 | + return e->check_pkc_availability(eng_handle); | ||
1963 | + } | ||
1964 | + | ||
1965 | int ENGINE_set_name(ENGINE *e, const char *name) | ||
1966 | { | ||
1967 | if(name == NULL) | ||
1968 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h | ||
1969 | index 237a6c9..ccff86a 100644 | ||
1970 | --- a/crypto/engine/engine.h | ||
1971 | +++ b/crypto/engine/engine.h | ||
1972 | @@ -473,6 +473,30 @@ ENGINE *ENGINE_new(void); | ||
1973 | int ENGINE_free(ENGINE *e); | ||
1974 | int ENGINE_up_ref(ENGINE *e); | ||
1975 | int ENGINE_set_id(ENGINE *e, const char *id); | ||
1976 | +void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)); | ||
1977 | +void ENGINE_set_close_instance(ENGINE *e, | ||
1978 | + void (*engine_free_instance)(void *)); | ||
1979 | +/* | ||
1980 | + * Following FLAGS are bitmap store in async_map to set asynchronous interface capability | ||
1981 | + *of the engine | ||
1982 | + */ | ||
1983 | +#define ENGINE_RSA_ASYNC 0x0001 | ||
1984 | +#define ENGINE_DSA_ASYNC 0x0002 | ||
1985 | +#define ENGINE_DH_ASYNC 0x0004 | ||
1986 | +#define ENGINE_ECDSA_ASYNC 0x0008 | ||
1987 | +#define ENGINE_ECDH_ASYNC 0x0010 | ||
1988 | +#define ENGINE_ALLPKC_ASYNC 0x001F | ||
1989 | +/* Engine implementation will set the bitmap based on above flags using following API */ | ||
1990 | +void ENGINE_set_async_map(ENGINE *e, int async_map); | ||
1991 | + /* Application need to check the bitmap based on above flags using following API | ||
1992 | + * to confirm asynchronous methods supported | ||
1993 | + */ | ||
1994 | +int ENGINE_get_async_map(ENGINE *e); | ||
1995 | +void *ENGINE_init_instance(ENGINE *e); | ||
1996 | +void ENGINE_close_instance(ENGINE *e, void *eng_handle); | ||
1997 | +void ENGINE_set_check_pkc_availability(ENGINE *e, | ||
1998 | + int (*check_pkc_availability)(void *eng_handle)); | ||
1999 | +int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle); | ||
2000 | int ENGINE_set_name(ENGINE *e, const char *name); | ||
2001 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); | ||
2002 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); | ||
2003 | diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h | ||
2004 | index 5f269e5..6ef1b15 100644 | ||
2005 | --- a/crypto/rsa/rsa.h | ||
2006 | +++ b/crypto/rsa/rsa.h | ||
2007 | @@ -101,6 +101,29 @@ struct rsa_meth_st | ||
2008 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
2009 | const BIGNUM *m, BN_CTX *ctx, | ||
2010 | BN_MONT_CTX *m_ctx); /* Can be null */ | ||
2011 | + /* | ||
2012 | + * Cookie in the following _async variant must be allocated before | ||
2013 | + * submission and can be freed once its corresponding callback | ||
2014 | + * handler is called | ||
2015 | + */ | ||
2016 | + int (*rsa_pub_enc_asyn)(int flen,const unsigned char *from, | ||
2017 | + unsigned char *to, RSA *rsa, int padding, | ||
2018 | + struct pkc_cookie_s *cookie); | ||
2019 | + int (*rsa_pub_dec_async)(int flen,const unsigned char *from, | ||
2020 | + unsigned char *to, RSA *rsa, int padding, | ||
2021 | + struct pkc_cookie_s *cookie); | ||
2022 | + int (*rsa_priv_enc_async)(int flen,const unsigned char *from, | ||
2023 | + unsigned char *to, RSA *rsa, int padding, | ||
2024 | + struct pkc_cookie_s *cookie); | ||
2025 | + int (*rsa_priv_dec_async)(int flen,const unsigned char *from, | ||
2026 | + unsigned char *to, RSA *rsa, int padding, | ||
2027 | + struct pkc_cookie_s *cookie); | ||
2028 | + int (*rsa_mod_exp_async)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
2029 | + BN_CTX *ctx, struct pkc_cookie_s *cookie); | ||
2030 | + int (*bn_mod_exp_async)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
2031 | + const BIGNUM *m, BN_CTX *ctx, | ||
2032 | + BN_MONT_CTX *m_ctx, struct pkc_cookie_s *cookie); | ||
2033 | + | ||
2034 | int (*init)(RSA *rsa); /* called at new */ | ||
2035 | int (*finish)(RSA *rsa); /* called at free */ | ||
2036 | int flags; /* RSA_METHOD_FLAG_* things */ | ||
2037 | -- | ||
2038 | 2.3.5 | ||
2039 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch new file mode 100644 index 00000000..8908d548 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0010-Removed-local-copy-of-curve_t-type.patch | |||
@@ -0,0 +1,163 @@ | |||
1 | From cd80be25a3da28d23dfcb2762252b413879eaa74 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 17 Apr 2014 06:57:59 +0545 | ||
4 | Subject: [PATCH 10/48] Removed local copy of curve_t type | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | --- | ||
11 | crypto/engine/eng_cryptodev.c | 33 ++++++++++++++------------------- | ||
12 | crypto/engine/eng_cryptodev_ec.h | 7 ------- | ||
13 | 2 files changed, 14 insertions(+), 26 deletions(-) | ||
14 | |||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
16 | index eac5fb6..151774c 100644 | ||
17 | --- a/crypto/engine/eng_cryptodev.c | ||
18 | +++ b/crypto/engine/eng_cryptodev.c | ||
19 | @@ -2504,11 +2504,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { | ||
20 | NULL /* app_data */ | ||
21 | }; | ||
22 | |||
23 | -typedef enum ec_curve_s { | ||
24 | - EC_PRIME, | ||
25 | - EC_BINARY | ||
26 | -} ec_curve_t; | ||
27 | - | ||
28 | /* ENGINE handler for ECDSA Sign */ | ||
29 | static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
30 | int dgst_len, const BIGNUM *in_kinv, | ||
31 | @@ -2527,7 +2522,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
32 | const BIGNUM *order = NULL, *priv_key = NULL; | ||
33 | const EC_GROUP *group = NULL; | ||
34 | struct crypt_kop kop; | ||
35 | - ec_curve_t ec_crv = EC_PRIME; | ||
36 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
37 | |||
38 | memset(&kop, 0, sizeof(kop)); | ||
39 | ecdsa = ecdsa_check(eckey); | ||
40 | @@ -2665,7 +2660,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
41 | else | ||
42 | goto err; | ||
43 | } | ||
44 | - kop.curve_type = ECC_BINARY; | ||
45 | + kop.curve_type = EC_BINARY; | ||
46 | } | ||
47 | |||
48 | /* Calculation of Generator point */ | ||
49 | @@ -2760,7 +2755,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
50 | const EC_POINT *pub_key = NULL; | ||
51 | const BIGNUM *order = NULL; | ||
52 | const EC_GROUP *group = NULL; | ||
53 | - ec_curve_t ec_crv = EC_PRIME; | ||
54 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
55 | struct crypt_kop kop; | ||
56 | |||
57 | memset(&kop, 0, sizeof kop); | ||
58 | @@ -2911,7 +2906,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
59 | else | ||
60 | goto err; | ||
61 | } | ||
62 | - kop.curve_type = ECC_BINARY; | ||
63 | + kop.curve_type = EC_BINARY; | ||
64 | } | ||
65 | |||
66 | /* Calculation of Generator point */ | ||
67 | @@ -3016,7 +3011,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, | ||
68 | const BIGNUM *order = NULL, *priv_key = NULL; | ||
69 | const EC_GROUP *group = NULL; | ||
70 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
71 | - ec_curve_t ec_crv = EC_PRIME; | ||
72 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
73 | |||
74 | if (!(sig->r = BN_new()) || !kop) | ||
75 | goto err; | ||
76 | @@ -3157,7 +3152,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, | ||
77 | else | ||
78 | goto err; | ||
79 | } | ||
80 | - kop->curve_type = ECC_BINARY; | ||
81 | + kop->curve_type = EC_BINARY; | ||
82 | } | ||
83 | |||
84 | /* Calculation of Generator point */ | ||
85 | @@ -3237,7 +3232,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, | ||
86 | const EC_POINT *pub_key = NULL; | ||
87 | const BIGNUM *order = NULL; | ||
88 | const EC_GROUP *group = NULL; | ||
89 | - ec_curve_t ec_crv = EC_PRIME; | ||
90 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
91 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
92 | |||
93 | if (!kop) | ||
94 | @@ -3384,7 +3379,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, | ||
95 | if (ec_crv == EC_BINARY) { | ||
96 | /* copy b' i.e c(b), instead of only b */ | ||
97 | eng_ec_get_cparam(EC_GROUP_get_curve_name(group), ab + q_len, q_len); | ||
98 | - kop->curve_type = ECC_BINARY; | ||
99 | + kop->curve_type = EC_BINARY; | ||
100 | } | ||
101 | |||
102 | /* Calculation of Generator point */ | ||
103 | @@ -3690,7 +3685,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
104 | void *(*KDF) (const void *in, size_t inlen, | ||
105 | void *out, size_t *outlen)) | ||
106 | { | ||
107 | - ec_curve_t ec_crv = EC_PRIME; | ||
108 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
109 | unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
110 | BIGNUM *w_x = NULL, *w_y = NULL; | ||
111 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
112 | @@ -3820,9 +3815,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
113 | else | ||
114 | goto err; | ||
115 | } | ||
116 | - kop.curve_type = ECC_BINARY; | ||
117 | + kop.curve_type = EC_BINARY; | ||
118 | } else | ||
119 | - kop.curve_type = ECC_PRIME; | ||
120 | + kop.curve_type = EC_PRIME; | ||
121 | |||
122 | priv_key_len = r_len; | ||
123 | |||
124 | @@ -3874,7 +3869,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | ||
125 | size_t *outlen), | ||
126 | struct pkc_cookie_s *cookie) | ||
127 | { | ||
128 | - ec_curve_t ec_crv = EC_PRIME; | ||
129 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
130 | unsigned char *q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
131 | BIGNUM *w_x = NULL, *w_y = NULL; | ||
132 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
133 | @@ -4005,9 +4000,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | ||
134 | else | ||
135 | goto err; | ||
136 | } | ||
137 | - kop->curve_type = ECC_BINARY; | ||
138 | + kop->curve_type = EC_BINARY; | ||
139 | } else | ||
140 | - kop->curve_type = ECC_PRIME; | ||
141 | + kop->curve_type = EC_PRIME; | ||
142 | |||
143 | priv_key_len = r_len; | ||
144 | |||
145 | diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h | ||
146 | index af54c51..41a8702 100644 | ||
147 | --- a/crypto/engine/eng_cryptodev_ec.h | ||
148 | +++ b/crypto/engine/eng_cryptodev_ec.h | ||
149 | @@ -287,11 +287,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, | ||
150 | |||
151 | return xy; | ||
152 | } | ||
153 | - | ||
154 | -enum curve_t { | ||
155 | - DISCRETE_LOG, | ||
156 | - ECC_PRIME, | ||
157 | - ECC_BINARY, | ||
158 | - MAX_ECC_TYPE | ||
159 | -}; | ||
160 | #endif | ||
161 | -- | ||
162 | 2.7.0 | ||
163 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch deleted file mode 100644 index 244d230e..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch +++ /dev/null | |||
@@ -1,153 +0,0 @@ | |||
1 | From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hou Zhiqiang <B48286@freescale.com> | ||
3 | Date: Wed, 2 Apr 2014 16:10:43 +0800 | ||
4 | Subject: [PATCH 11/26] Add RSA keygen operation and support gendsa command | ||
5 | with hardware engine | ||
6 | |||
7 | Upstream-status: Pending | ||
8 | |||
9 | Signed-off-by: Hou Zhiqiang <B48286@freescale.com> | ||
10 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | --- | ||
12 | crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++ | ||
13 | 1 file changed, 118 insertions(+) | ||
14 | |||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
16 | index 9f2416e..b2919a8 100644 | ||
17 | --- a/crypto/engine/eng_cryptodev.c | ||
18 | +++ b/crypto/engine/eng_cryptodev.c | ||
19 | @@ -1906,6 +1906,121 @@ err: | ||
20 | return dsaret; | ||
21 | } | ||
22 | |||
23 | +/* Cryptodev RSA Key Gen routine */ | ||
24 | +static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
25 | +{ | ||
26 | + struct crypt_kop kop; | ||
27 | + int ret, fd; | ||
28 | + int p_len, q_len; | ||
29 | + int i; | ||
30 | + | ||
31 | + if ((fd = get_asym_dev_crypto()) < 0) | ||
32 | + return fd; | ||
33 | + | ||
34 | + if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; | ||
35 | + if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; | ||
36 | + if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; | ||
37 | + if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; | ||
38 | + if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; | ||
39 | + if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; | ||
40 | + if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; | ||
41 | + if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; | ||
42 | + | ||
43 | + BN_copy(rsa->e, e); | ||
44 | + | ||
45 | + p_len = (bits+1) / (2 * 8); | ||
46 | + q_len = (bits - p_len * 8) / 8; | ||
47 | + memset(&kop, 0, sizeof kop); | ||
48 | + kop.crk_op = CRK_RSA_GENERATE_KEY; | ||
49 | + | ||
50 | + /* p length */ | ||
51 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
52 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
53 | + goto err; | ||
54 | + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
55 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
56 | + kop.crk_iparams++; | ||
57 | + kop.crk_oparams++; | ||
58 | + /* q length */ | ||
59 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | ||
60 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
61 | + goto err; | ||
62 | + kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | ||
63 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | ||
64 | + kop.crk_iparams++; | ||
65 | + kop.crk_oparams++; | ||
66 | + /* n length */ | ||
67 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); | ||
68 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
69 | + goto err; | ||
70 | + kop.crk_param[kop.crk_iparams].crp_nbits = bits; | ||
71 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0x00, p_len + q_len + 1); | ||
72 | + kop.crk_iparams++; | ||
73 | + kop.crk_oparams++; | ||
74 | + /* d length */ | ||
75 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + q_len + 1, sizeof(char)); | ||
76 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
77 | + goto err; | ||
78 | + kop.crk_param[kop.crk_iparams].crp_nbits = bits; | ||
79 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + q_len + 1); | ||
80 | + kop.crk_iparams++; | ||
81 | + kop.crk_oparams++; | ||
82 | + /* dp1 length */ | ||
83 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
84 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
85 | + goto err; | ||
86 | + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
87 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
88 | + kop.crk_iparams++; | ||
89 | + kop.crk_oparams++; | ||
90 | + /* dq1 length */ | ||
91 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | ||
92 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
93 | + goto err; | ||
94 | + kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | ||
95 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | ||
96 | + kop.crk_iparams++; | ||
97 | + kop.crk_oparams++; | ||
98 | + /* i length */ | ||
99 | + kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
100 | + if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
101 | + goto err; | ||
102 | + kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
103 | + memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
104 | + kop.crk_iparams++; | ||
105 | + kop.crk_oparams++; | ||
106 | + | ||
107 | + if (ioctl(fd, CIOCKEY, &kop) == 0) { | ||
108 | + BN_bin2bn(kop.crk_param[0].crp_p, | ||
109 | + p_len, rsa->p); | ||
110 | + BN_bin2bn(kop.crk_param[1].crp_p, | ||
111 | + q_len, rsa->q); | ||
112 | + BN_bin2bn(kop.crk_param[2].crp_p, | ||
113 | + bits / 8, rsa->n); | ||
114 | + BN_bin2bn(kop.crk_param[3].crp_p, | ||
115 | + bits / 8, rsa->d); | ||
116 | + BN_bin2bn(kop.crk_param[4].crp_p, | ||
117 | + p_len, rsa->dmp1); | ||
118 | + BN_bin2bn(kop.crk_param[5].crp_p, | ||
119 | + q_len, rsa->dmq1); | ||
120 | + BN_bin2bn(kop.crk_param[6].crp_p, | ||
121 | + p_len, rsa->iqmp); | ||
122 | + return 1; | ||
123 | + } | ||
124 | +sw_try: | ||
125 | + { | ||
126 | + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
127 | + ret = (meth->rsa_keygen)(rsa, bits, e, cb); | ||
128 | + } | ||
129 | + return ret; | ||
130 | + | ||
131 | +err: | ||
132 | + for (i = 0; i < CRK_MAXPARAM; i++) | ||
133 | + free(kop.crk_param[i].crp_p); | ||
134 | + return 0; | ||
135 | + | ||
136 | +} | ||
137 | + | ||
138 | /* Cryptodev DSA Key Gen routine */ | ||
139 | static int cryptodev_dsa_keygen(DSA *dsa) | ||
140 | { | ||
141 | @@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void) | ||
142 | cryptodev_rsa.rsa_mod_exp_async = | ||
143 | cryptodev_rsa_nocrt_mod_exp_async; | ||
144 | } | ||
145 | + if (cryptodev_asymfeat & CRF_RSA_GENERATE_KEY) | ||
146 | + cryptodev_rsa.rsa_keygen = | ||
147 | + cryptodev_rsa_keygen; | ||
148 | } | ||
149 | } | ||
150 | |||
151 | -- | ||
152 | 2.3.5 | ||
153 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch new file mode 100644 index 00000000..13aea015 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0011-Modulus-parameter-is-not-populated-by-dhparams.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From f9d9da58818740334ef356d0384d4e88da865dca Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 22 Apr 2014 22:58:33 +0545 | ||
4 | Subject: [PATCH 11/48] Modulus parameter is not populated by dhparams | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | When dhparams are created, modulus parameter required for | ||
9 | private key generation is not populated. So, falling back | ||
10 | to software for proper population of modulus parameters followed | ||
11 | by private key generation | ||
12 | |||
13 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
14 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
15 | --- | ||
16 | crypto/engine/eng_cryptodev.c | 4 ++-- | ||
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
20 | index 151774c..1f1f307 100644 | ||
21 | --- a/crypto/engine/eng_cryptodev.c | ||
22 | +++ b/crypto/engine/eng_cryptodev.c | ||
23 | @@ -3502,7 +3502,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) | ||
24 | kop->crk_op = CRK_DH_GENERATE_KEY; | ||
25 | if (bn2crparam(dh->p, &kop->crk_param[0])) | ||
26 | goto sw_try; | ||
27 | - if (bn2crparam(dh->q, &kop->crk_param[1])) | ||
28 | + if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1])) | ||
29 | goto sw_try; | ||
30 | kop->crk_param[2].crp_p = g; | ||
31 | kop->crk_param[2].crp_nbits = g_len * 8; | ||
32 | @@ -3557,7 +3557,7 @@ static int cryptodev_dh_keygen(DH *dh) | ||
33 | kop.crk_op = CRK_DH_GENERATE_KEY; | ||
34 | if (bn2crparam(dh->p, &kop.crk_param[0])) | ||
35 | goto sw_try; | ||
36 | - if (bn2crparam(dh->q, &kop.crk_param[1])) | ||
37 | + if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) | ||
38 | goto sw_try; | ||
39 | kop.crk_param[2].crp_p = g; | ||
40 | kop.crk_param[2].crp_nbits = g_len * 8; | ||
41 | -- | ||
42 | 2.7.0 | ||
43 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch deleted file mode 100644 index 7f907da4..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-RSA-Keygen-Fix.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Wed, 16 Apr 2014 22:53:04 +0545 | ||
4 | Subject: [PATCH 12/26] RSA Keygen Fix | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | If Kernel driver doesn't support RSA Keygen or same returns | ||
9 | error handling the keygen operation, the keygen is gracefully | ||
10 | handled by software supported rsa_keygen handler | ||
11 | |||
12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
14 | --- | ||
15 | crypto/engine/eng_cryptodev.c | 12 +++++++----- | ||
16 | 1 file changed, 7 insertions(+), 5 deletions(-) | ||
17 | |||
18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
19 | index b2919a8..ed5f20f 100644 | ||
20 | --- a/crypto/engine/eng_cryptodev.c | ||
21 | +++ b/crypto/engine/eng_cryptodev.c | ||
22 | @@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
23 | int i; | ||
24 | |||
25 | if ((fd = get_asym_dev_crypto()) < 0) | ||
26 | - return fd; | ||
27 | + goto sw_try; | ||
28 | |||
29 | if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; | ||
30 | if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; | ||
31 | @@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
32 | /* p length */ | ||
33 | kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | ||
34 | if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
35 | - goto err; | ||
36 | + goto sw_try; | ||
37 | kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | ||
38 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | ||
39 | kop.crk_iparams++; | ||
40 | @@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
41 | /* q length */ | ||
42 | kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | ||
43 | if (!kop.crk_param[kop.crk_iparams].crp_p) | ||
44 | - goto err; | ||
45 | + goto sw_try; | ||
46 | kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | ||
47 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | ||
48 | kop.crk_iparams++; | ||
49 | @@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
50 | } | ||
51 | sw_try: | ||
52 | { | ||
53 | - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); | ||
54 | - ret = (meth->rsa_keygen)(rsa, bits, e, cb); | ||
55 | + const RSA_METHOD *meth = rsa->meth; | ||
56 | + rsa->meth = RSA_PKCS1_SSLeay(); | ||
57 | + ret = RSA_generate_key_ex(rsa, bits, e, cb); | ||
58 | + rsa->meth = meth; | ||
59 | } | ||
60 | return ret; | ||
61 | |||
62 | -- | ||
63 | 2.3.5 | ||
64 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch new file mode 100644 index 00000000..bf36a322 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0012-SW-Backoff-mechanism-for-dsa-keygen.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 18f4dbbba2c0142792b394bec35531cefe277712 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 24 Apr 2014 00:35:34 +0545 | ||
4 | Subject: [PATCH 12/48] SW Backoff mechanism for dsa keygen | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | DSA Keygen is not handled in default openssl dsa method. Due to | ||
9 | same null function pointer in SW DSA method, the backoff for dsa | ||
10 | keygen gives segmentation fault. | ||
11 | |||
12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
14 | --- | ||
15 | crypto/engine/eng_cryptodev.c | 12 ++++++++---- | ||
16 | 1 file changed, 8 insertions(+), 4 deletions(-) | ||
17 | |||
18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
19 | index 1f1f307..db8e02d 100644 | ||
20 | --- a/crypto/engine/eng_cryptodev.c | ||
21 | +++ b/crypto/engine/eng_cryptodev.c | ||
22 | @@ -2175,8 +2175,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) | ||
23 | return ret; | ||
24 | sw_try: | ||
25 | { | ||
26 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
27 | - ret = (meth->dsa_keygen) (dsa); | ||
28 | + const DSA_METHOD *meth = dsa->meth; | ||
29 | + dsa->meth = DSA_OpenSSL(); | ||
30 | + ret = DSA_generate_key(dsa); | ||
31 | + dsa->meth = meth; | ||
32 | } | ||
33 | return ret; | ||
34 | } | ||
35 | @@ -2230,11 +2232,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) | ||
36 | return ret; | ||
37 | sw_try: | ||
38 | { | ||
39 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
40 | + const DSA_METHOD *meth = dsa->meth; | ||
41 | |||
42 | + dsa->meth = DSA_OpenSSL(); | ||
43 | if (kop) | ||
44 | free(kop); | ||
45 | - ret = (meth->dsa_keygen) (dsa); | ||
46 | + ret = DSA_generate_key(dsa); | ||
47 | + dsa->meth = meth; | ||
48 | cookie->pkc_callback(cookie, 0); | ||
49 | } | ||
50 | return ret; | ||
51 | -- | ||
52 | 2.7.0 | ||
53 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch new file mode 100644 index 00000000..12465d7e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Fixed-DH-keygen-pair-generator.patch | |||
@@ -0,0 +1,100 @@ | |||
1 | From 4d5ffd41f423309fc9aaf3621598ca51c5838e31 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 1 May 2014 06:35:45 +0545 | ||
4 | Subject: [PATCH 13/48] Fixed DH keygen pair generator | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Wrong Padding results into keygen length error | ||
9 | |||
10 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
11 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
12 | --- | ||
13 | crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- | ||
14 | 1 file changed, 33 insertions(+), 17 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
17 | index db8e02d..4929ae6 100644 | ||
18 | --- a/crypto/engine/eng_cryptodev.c | ||
19 | +++ b/crypto/engine/eng_cryptodev.c | ||
20 | @@ -3534,44 +3534,60 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) | ||
21 | static int cryptodev_dh_keygen(DH *dh) | ||
22 | { | ||
23 | struct crypt_kop kop; | ||
24 | - int ret = 1, g_len; | ||
25 | - unsigned char *g = NULL; | ||
26 | + int ret = 1, q_len = 0; | ||
27 | + unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; | ||
28 | + BIGNUM *pub_key = NULL, *priv_key = NULL; | ||
29 | + int generate_new_key = 1; | ||
30 | |||
31 | - if (dh->priv_key == NULL) { | ||
32 | - if ((dh->priv_key = BN_new()) == NULL) | ||
33 | - goto sw_try; | ||
34 | - } | ||
35 | + if (dh->priv_key) | ||
36 | + priv_key = dh->priv_key; | ||
37 | |||
38 | - if (dh->pub_key == NULL) { | ||
39 | - if ((dh->pub_key = BN_new()) == NULL) | ||
40 | - goto sw_try; | ||
41 | - } | ||
42 | + if (dh->pub_key) | ||
43 | + pub_key = dh->pub_key; | ||
44 | |||
45 | - g_len = BN_num_bytes(dh->p); | ||
46 | + q_len = BN_num_bytes(dh->p); | ||
47 | /** | ||
48 | * Get generator into a plain buffer. If length is less than | ||
49 | * q_len then add leading padding bytes. | ||
50 | */ | ||
51 | - if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { | ||
52 | + if (spcf_bn2bin_ex(dh->g, &g, &q_len)) { | ||
53 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
54 | + goto sw_try; | ||
55 | + } | ||
56 | + | ||
57 | + if (spcf_bn2bin_ex(dh->p, &q, &q_len)) { | ||
58 | DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
59 | goto sw_try; | ||
60 | } | ||
61 | |||
62 | memset(&kop, 0, sizeof kop); | ||
63 | kop.crk_op = CRK_DH_GENERATE_KEY; | ||
64 | - if (bn2crparam(dh->p, &kop.crk_param[0])) | ||
65 | - goto sw_try; | ||
66 | + kop.crk_param[0].crp_p = q; | ||
67 | + kop.crk_param[0].crp_nbits = q_len * 8; | ||
68 | if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) | ||
69 | goto sw_try; | ||
70 | kop.crk_param[2].crp_p = g; | ||
71 | - kop.crk_param[2].crp_nbits = g_len * 8; | ||
72 | + kop.crk_param[2].crp_nbits = q_len * 8; | ||
73 | kop.crk_iparams = 3; | ||
74 | |||
75 | + s = OPENSSL_malloc(q_len); | ||
76 | + if (!s) { | ||
77 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
78 | + goto sw_try; | ||
79 | + } | ||
80 | + | ||
81 | + w = OPENSSL_malloc(q_len); | ||
82 | + if (!w) { | ||
83 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
84 | + goto sw_try; | ||
85 | + } | ||
86 | + | ||
87 | /* pub_key is or prime length while priv key is of length of order */ | ||
88 | - if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, | ||
89 | - BN_num_bytes(dh->q), dh->priv_key)) | ||
90 | + if (cryptodev_asym(&kop, q_len, w, q_len, s)) | ||
91 | goto sw_try; | ||
92 | |||
93 | + dh->pub_key = BN_bin2bn(w, q_len, pub_key); | ||
94 | + dh->pub_key = BN_bin2bn(s, q_len, priv_key); | ||
95 | return ret; | ||
96 | sw_try: | ||
97 | { | ||
98 | -- | ||
99 | 2.7.0 | ||
100 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch deleted file mode 100644 index c9d8ace8..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0013-Removed-local-copy-of-curve_t-type.patch +++ /dev/null | |||
@@ -1,164 +0,0 @@ | |||
1 | From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 17 Apr 2014 06:57:59 +0545 | ||
4 | Subject: [PATCH 13/26] Removed local copy of curve_t type | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | --- | ||
11 | crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- | ||
12 | crypto/engine/eng_cryptodev_ec.h | 7 ------- | ||
13 | 2 files changed, 14 insertions(+), 27 deletions(-) | ||
14 | |||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
16 | index ed5f20f..5d883fa 100644 | ||
17 | --- a/crypto/engine/eng_cryptodev.c | ||
18 | +++ b/crypto/engine/eng_cryptodev.c | ||
19 | @@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { | ||
20 | NULL /* app_data */ | ||
21 | }; | ||
22 | |||
23 | -typedef enum ec_curve_s | ||
24 | -{ | ||
25 | - EC_PRIME, | ||
26 | - EC_BINARY | ||
27 | -} ec_curve_t; | ||
28 | - | ||
29 | /* ENGINE handler for ECDSA Sign */ | ||
30 | static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | ||
31 | int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | ||
32 | @@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | ||
33 | const BIGNUM *order = NULL, *priv_key=NULL; | ||
34 | const EC_GROUP *group = NULL; | ||
35 | struct crypt_kop kop; | ||
36 | - ec_curve_t ec_crv = EC_PRIME; | ||
37 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
38 | |||
39 | memset(&kop, 0, sizeof(kop)); | ||
40 | ecdsa = ecdsa_check(eckey); | ||
41 | @@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | ||
42 | else | ||
43 | goto err; | ||
44 | } | ||
45 | - kop.curve_type = ECC_BINARY; | ||
46 | + kop.curve_type = EC_BINARY; | ||
47 | } | ||
48 | |||
49 | /* Calculation of Generator point */ | ||
50 | @@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
51 | const EC_POINT *pub_key = NULL; | ||
52 | const BIGNUM *order = NULL; | ||
53 | const EC_GROUP *group=NULL; | ||
54 | - ec_curve_t ec_crv = EC_PRIME; | ||
55 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
56 | struct crypt_kop kop; | ||
57 | |||
58 | memset(&kop, 0, sizeof kop); | ||
59 | @@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
60 | else | ||
61 | goto err; | ||
62 | } | ||
63 | - kop.curve_type = ECC_BINARY; | ||
64 | + kop.curve_type = EC_BINARY; | ||
65 | } | ||
66 | |||
67 | /* Calculation of Generator point */ | ||
68 | @@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, | ||
69 | const BIGNUM *order = NULL, *priv_key=NULL; | ||
70 | const EC_GROUP *group = NULL; | ||
71 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
72 | - ec_curve_t ec_crv = EC_PRIME; | ||
73 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
74 | |||
75 | if (!(sig->r = BN_new()) || !kop) | ||
76 | goto err; | ||
77 | @@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, | ||
78 | else | ||
79 | goto err; | ||
80 | } | ||
81 | - kop->curve_type = ECC_BINARY; | ||
82 | + kop->curve_type = EC_BINARY; | ||
83 | } | ||
84 | |||
85 | /* Calculation of Generator point */ | ||
86 | @@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, | ||
87 | const EC_POINT *pub_key = NULL; | ||
88 | const BIGNUM *order = NULL; | ||
89 | const EC_GROUP *group=NULL; | ||
90 | - ec_curve_t ec_crv = EC_PRIME; | ||
91 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
92 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
93 | |||
94 | if (!kop) | ||
95 | @@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, | ||
96 | /* copy b' i.e c(b), instead of only b */ | ||
97 | eng_ec_get_cparam (EC_GROUP_get_curve_name(group), | ||
98 | ab+q_len, q_len); | ||
99 | - kop->curve_type = ECC_BINARY; | ||
100 | + kop->curve_type = EC_BINARY; | ||
101 | } | ||
102 | |||
103 | /* Calculation of Generator point */ | ||
104 | @@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
105 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | ||
106 | void *out, size_t *outlen)) | ||
107 | { | ||
108 | - ec_curve_t ec_crv = EC_PRIME; | ||
109 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
110 | unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
111 | BIGNUM * w_x = NULL, *w_y = NULL; | ||
112 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
113 | @@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | ||
114 | else | ||
115 | goto err; | ||
116 | } | ||
117 | - kop.curve_type = ECC_BINARY; | ||
118 | + kop.curve_type = EC_BINARY; | ||
119 | } else | ||
120 | - kop.curve_type = ECC_PRIME; | ||
121 | + kop.curve_type = EC_PRIME; | ||
122 | |||
123 | priv_key_len = r_len; | ||
124 | |||
125 | @@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | ||
126 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | ||
127 | void *out, size_t *outlen), struct pkc_cookie_s *cookie) | ||
128 | { | ||
129 | - ec_curve_t ec_crv = EC_PRIME; | ||
130 | + enum ec_curve_t ec_crv = EC_PRIME; | ||
131 | unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | ||
132 | BIGNUM * w_x = NULL, *w_y = NULL; | ||
133 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | ||
134 | @@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | ||
135 | else | ||
136 | goto err; | ||
137 | } | ||
138 | - kop->curve_type = ECC_BINARY; | ||
139 | + kop->curve_type = EC_BINARY; | ||
140 | } else | ||
141 | - kop->curve_type = ECC_PRIME; | ||
142 | + kop->curve_type = EC_PRIME; | ||
143 | |||
144 | priv_key_len = r_len; | ||
145 | |||
146 | diff --git a/crypto/engine/eng_cryptodev_ec.h b/crypto/engine/eng_cryptodev_ec.h | ||
147 | index 77aee71..a4b8da5 100644 | ||
148 | --- a/crypto/engine/eng_cryptodev_ec.h | ||
149 | +++ b/crypto/engine/eng_cryptodev_ec.h | ||
150 | @@ -286,11 +286,4 @@ static inline unsigned char *eng_copy_curve_points(BIGNUM * x, BIGNUM * y, | ||
151 | |||
152 | return xy; | ||
153 | } | ||
154 | - | ||
155 | -enum curve_t { | ||
156 | - DISCRETE_LOG, | ||
157 | - ECC_PRIME, | ||
158 | - ECC_BINARY, | ||
159 | - MAX_ECC_TYPE | ||
160 | -}; | ||
161 | #endif | ||
162 | -- | ||
163 | 2.3.5 | ||
164 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch deleted file mode 100644 index 198bed70..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Tue, 22 Apr 2014 22:58:33 +0545 | ||
4 | Subject: [PATCH 14/26] Modulus parameter is not populated by dhparams | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | When dhparams are created, modulus parameter required for | ||
9 | private key generation is not populated. So, falling back | ||
10 | to software for proper population of modulus parameters followed | ||
11 | by private key generation | ||
12 | |||
13 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
14 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
15 | --- | ||
16 | crypto/engine/eng_cryptodev.c | 4 ++-- | ||
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
20 | index 5d883fa..6d69336 100644 | ||
21 | --- a/crypto/engine/eng_cryptodev.c | ||
22 | +++ b/crypto/engine/eng_cryptodev.c | ||
23 | @@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) | ||
24 | kop->crk_op = CRK_DH_GENERATE_KEY; | ||
25 | if (bn2crparam(dh->p, &kop->crk_param[0])) | ||
26 | goto sw_try; | ||
27 | - if (bn2crparam(dh->q, &kop->crk_param[1])) | ||
28 | + if (!dh->q || bn2crparam(dh->q, &kop->crk_param[1])) | ||
29 | goto sw_try; | ||
30 | kop->crk_param[2].crp_p = g; | ||
31 | kop->crk_param[2].crp_nbits = g_len * 8; | ||
32 | @@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh) | ||
33 | kop.crk_op = CRK_DH_GENERATE_KEY; | ||
34 | if (bn2crparam(dh->p, &kop.crk_param[0])) | ||
35 | goto sw_try; | ||
36 | - if (bn2crparam(dh->q, &kop.crk_param[1])) | ||
37 | + if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) | ||
38 | goto sw_try; | ||
39 | kop.crk_param[2].crp_p = g; | ||
40 | kop.crk_param[2].crp_nbits = g_len * 8; | ||
41 | -- | ||
42 | 2.3.5 | ||
43 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch new file mode 100644 index 00000000..5a8c2d29 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch | |||
@@ -0,0 +1,321 @@ | |||
1 | From 317e3d9870097e6b115dd8c9a13ccb5e5ca76f2e Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 16 Jun 2014 14:06:21 +0300 | ||
4 | Subject: [PATCH 14/48] cryptodev: add support for aes-gcm algorithm offloading | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
7 | --- | ||
8 | apps/speed.c | 6 +- | ||
9 | crypto/engine/eng_cryptodev.c | 236 +++++++++++++++++++++++++++++++++++++++++- | ||
10 | 2 files changed, 240 insertions(+), 2 deletions(-) | ||
11 | |||
12 | diff --git a/apps/speed.c b/apps/speed.c | ||
13 | index 95adcc1..e5e609b 100644 | ||
14 | --- a/apps/speed.c | ||
15 | +++ b/apps/speed.c | ||
16 | @@ -226,7 +226,11 @@ | ||
17 | # endif | ||
18 | |||
19 | # undef BUFSIZE | ||
20 | -# define BUFSIZE ((long)1024*8+1) | ||
21 | +/* The buffer overhead allows GCM tag at the end of the encrypted data. This | ||
22 | + avoids buffer overflows from cryptodev since Linux kernel GCM | ||
23 | + implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() | ||
24 | + which doesn't */ | ||
25 | +#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) | ||
26 | static volatile int run = 0; | ||
27 | |||
28 | static int mr = 0; | ||
29 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
30 | index 4929ae6..d2cdca0 100644 | ||
31 | --- a/crypto/engine/eng_cryptodev.c | ||
32 | +++ b/crypto/engine/eng_cryptodev.c | ||
33 | @@ -2,6 +2,7 @@ | ||
34 | * Copyright (c) 2002 Bob Beck <beck@openbsd.org> | ||
35 | * Copyright (c) 2002 Theo de Raadt | ||
36 | * Copyright (c) 2002 Markus Friedl | ||
37 | + * Copyright (c) 2013-2014 Freescale Semiconductor, Inc. | ||
38 | * All rights reserved. | ||
39 | * | ||
40 | * Redistribution and use in source and binary forms, with or without | ||
41 | @@ -77,8 +78,10 @@ struct dev_crypto_state { | ||
42 | struct session_op d_sess; | ||
43 | int d_fd; | ||
44 | unsigned char *aad; | ||
45 | - unsigned int aad_len; | ||
46 | + int aad_len; | ||
47 | unsigned int len; | ||
48 | + unsigned char *iv; | ||
49 | + int ivlen; | ||
50 | # ifdef USE_CRYPTODEV_DIGESTS | ||
51 | char dummy_mac_key[HASH_MAX_LEN]; | ||
52 | unsigned char digest_res[HASH_MAX_LEN]; | ||
53 | @@ -287,6 +290,9 @@ static struct { | ||
54 | CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 | ||
55 | }, | ||
56 | { | ||
57 | + CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 | ||
58 | + }, | ||
59 | + { | ||
60 | 0, NID_undef, 0, 0, 0 | ||
61 | }, | ||
62 | }; | ||
63 | @@ -325,6 +331,22 @@ static struct { | ||
64 | }; | ||
65 | # endif | ||
66 | |||
67 | +/* increment counter (64-bit int) by 1 */ | ||
68 | +static void ctr64_inc(unsigned char *counter) | ||
69 | +{ | ||
70 | + int n = 8; | ||
71 | + unsigned char c; | ||
72 | + | ||
73 | + do { | ||
74 | + --n; | ||
75 | + c = counter[n]; | ||
76 | + ++c; | ||
77 | + counter[n] = c; | ||
78 | + if (c) | ||
79 | + return; | ||
80 | + } while (n); | ||
81 | +} | ||
82 | + | ||
83 | /* | ||
84 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | ||
85 | */ | ||
86 | @@ -807,6 +829,199 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
87 | } | ||
88 | } | ||
89 | |||
90 | +static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, | ||
91 | + const unsigned char *key, | ||
92 | + const unsigned char *iv, int enc) | ||
93 | +{ | ||
94 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
95 | + struct session_op *sess = &state->d_sess; | ||
96 | + int cipher = -1, i; | ||
97 | + if (!iv && !key) | ||
98 | + return 1; | ||
99 | + | ||
100 | + if (iv) | ||
101 | + memcpy(ctx->iv, iv, ctx->cipher->iv_len); | ||
102 | + | ||
103 | + for (i = 0; ciphers[i].id; i++) | ||
104 | + if (ctx->cipher->nid == ciphers[i].nid && | ||
105 | + ctx->cipher->iv_len <= ciphers[i].ivmax && | ||
106 | + ctx->key_len == ciphers[i].keylen) { | ||
107 | + cipher = ciphers[i].id; | ||
108 | + break; | ||
109 | + } | ||
110 | + | ||
111 | + if (!ciphers[i].id) { | ||
112 | + state->d_fd = -1; | ||
113 | + return 0; | ||
114 | + } | ||
115 | + | ||
116 | + memset(sess, 0, sizeof(struct session_op)); | ||
117 | + | ||
118 | + if ((state->d_fd = get_dev_crypto()) < 0) | ||
119 | + return 0; | ||
120 | + | ||
121 | + sess->key = (unsigned char *)key; | ||
122 | + sess->keylen = ctx->key_len; | ||
123 | + sess->cipher = cipher; | ||
124 | + | ||
125 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | ||
126 | + put_dev_crypto(state->d_fd); | ||
127 | + state->d_fd = -1; | ||
128 | + return 0; | ||
129 | + } | ||
130 | + return 1; | ||
131 | +} | ||
132 | + | ||
133 | +static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
134 | + const unsigned char *in, size_t len) | ||
135 | +{ | ||
136 | + struct crypt_auth_op cryp = { 0 }; | ||
137 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
138 | + struct session_op *sess = &state->d_sess; | ||
139 | + int rv = len; | ||
140 | + | ||
141 | + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? | ||
142 | + EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, | ||
143 | + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) | ||
144 | + return 0; | ||
145 | + | ||
146 | + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
147 | + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
148 | + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
149 | + | ||
150 | + if (ctx->encrypt) { | ||
151 | + len -= EVP_GCM_TLS_TAG_LEN; | ||
152 | + } | ||
153 | + cryp.ses = sess->ses; | ||
154 | + cryp.len = len; | ||
155 | + cryp.src = (unsigned char *)in; | ||
156 | + cryp.dst = out; | ||
157 | + cryp.auth_src = state->aad; | ||
158 | + cryp.auth_len = state->aad_len; | ||
159 | + cryp.iv = ctx->iv; | ||
160 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
161 | + | ||
162 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | ||
163 | + return 0; | ||
164 | + } | ||
165 | + | ||
166 | + if (ctx->encrypt) | ||
167 | + ctr64_inc(state->iv + state->ivlen - 8); | ||
168 | + else | ||
169 | + rv = len - EVP_GCM_TLS_TAG_LEN; | ||
170 | + | ||
171 | + return rv; | ||
172 | +} | ||
173 | + | ||
174 | +static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
175 | + const unsigned char *in, size_t len) | ||
176 | +{ | ||
177 | + struct crypt_auth_op cryp; | ||
178 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
179 | + struct session_op *sess = &state->d_sess; | ||
180 | + | ||
181 | + if (state->d_fd < 0) | ||
182 | + return 0; | ||
183 | + | ||
184 | + if ((len % ctx->cipher->block_size) != 0) | ||
185 | + return 0; | ||
186 | + | ||
187 | + if (state->aad_len >= 0) | ||
188 | + return cryptodev_gcm_tls_cipher(ctx, out, in, len); | ||
189 | + | ||
190 | + memset(&cryp, 0, sizeof(cryp)); | ||
191 | + | ||
192 | + cryp.ses = sess->ses; | ||
193 | + cryp.len = len; | ||
194 | + cryp.src = (unsigned char *)in; | ||
195 | + cryp.dst = out; | ||
196 | + cryp.auth_src = NULL; | ||
197 | + cryp.auth_len = 0; | ||
198 | + cryp.iv = ctx->iv; | ||
199 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
200 | + | ||
201 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | ||
202 | + return 0; | ||
203 | + } | ||
204 | + | ||
205 | + return len; | ||
206 | +} | ||
207 | + | ||
208 | +static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
209 | + void *ptr) | ||
210 | +{ | ||
211 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
212 | + switch (type) { | ||
213 | + case EVP_CTRL_INIT: | ||
214 | + { | ||
215 | + state->ivlen = ctx->cipher->iv_len; | ||
216 | + state->iv = ctx->iv; | ||
217 | + state->aad_len = -1; | ||
218 | + return 1; | ||
219 | + } | ||
220 | + case EVP_CTRL_GCM_SET_IV_FIXED: | ||
221 | + { | ||
222 | + /* Special case: -1 length restores whole IV */ | ||
223 | + if (arg == -1) { | ||
224 | + memcpy(state->iv, ptr, state->ivlen); | ||
225 | + return 1; | ||
226 | + } | ||
227 | + /* | ||
228 | + * Fixed field must be at least 4 bytes and invocation field at | ||
229 | + * least 8. | ||
230 | + */ | ||
231 | + if ((arg < 4) || (state->ivlen - arg) < 8) | ||
232 | + return 0; | ||
233 | + if (arg) | ||
234 | + memcpy(state->iv, ptr, arg); | ||
235 | + if (ctx->encrypt && | ||
236 | + RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) | ||
237 | + return 0; | ||
238 | + return 1; | ||
239 | + } | ||
240 | + case EVP_CTRL_AEAD_TLS1_AAD: | ||
241 | + { | ||
242 | + unsigned int len; | ||
243 | + if (arg != 13) | ||
244 | + return 0; | ||
245 | + | ||
246 | + memcpy(ctx->buf, ptr, arg); | ||
247 | + len = ctx->buf[arg - 2] << 8 | ctx->buf[arg - 1]; | ||
248 | + | ||
249 | + /* Correct length for explicit IV */ | ||
250 | + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
251 | + | ||
252 | + /* If decrypting correct for tag too */ | ||
253 | + if (!ctx->encrypt) | ||
254 | + len -= EVP_GCM_TLS_TAG_LEN; | ||
255 | + | ||
256 | + ctx->buf[arg - 2] = len >> 8; | ||
257 | + ctx->buf[arg - 1] = len & 0xff; | ||
258 | + | ||
259 | + state->aad = ctx->buf; | ||
260 | + state->aad_len = arg; | ||
261 | + state->len = len; | ||
262 | + | ||
263 | + /* Extra padding: tag appended to record */ | ||
264 | + return EVP_GCM_TLS_TAG_LEN; | ||
265 | + } | ||
266 | + case EVP_CTRL_GCM_SET_IV_INV: | ||
267 | + { | ||
268 | + if (ctx->encrypt) | ||
269 | + return 0; | ||
270 | + memcpy(state->iv + state->ivlen - arg, ptr, arg); | ||
271 | + return 1; | ||
272 | + } | ||
273 | + case EVP_CTRL_GCM_IV_GEN: | ||
274 | + if (arg <= 0 || arg > state->ivlen) | ||
275 | + arg = state->ivlen; | ||
276 | + memcpy(ptr, state->iv + state->ivlen - arg, arg); | ||
277 | + return 1; | ||
278 | + default: | ||
279 | + return -1; | ||
280 | + } | ||
281 | +} | ||
282 | + | ||
283 | /* | ||
284 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | ||
285 | * gets called when libcrypto requests a cipher NID. | ||
286 | @@ -947,6 +1162,22 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
287 | NULL | ||
288 | }; | ||
289 | |||
290 | +const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
291 | + NID_aes_128_gcm, | ||
292 | + 1, 16, 12, | ||
293 | + EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 | ||
294 | + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | ||
295 | + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, | ||
296 | + cryptodev_init_gcm_key, | ||
297 | + cryptodev_gcm_cipher, | ||
298 | + cryptodev_cleanup, | ||
299 | + sizeof(struct dev_crypto_state), | ||
300 | + EVP_CIPHER_set_asn1_iv, | ||
301 | + EVP_CIPHER_get_asn1_iv, | ||
302 | + cryptodev_gcm_ctrl, | ||
303 | + NULL | ||
304 | +}; | ||
305 | + | ||
306 | # ifdef CRYPTO_AES_CTR | ||
307 | const EVP_CIPHER cryptodev_aes_ctr = { | ||
308 | NID_aes_128_ctr, | ||
309 | @@ -1041,6 +1272,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
310 | case NID_aes_256_cbc_hmac_sha1: | ||
311 | *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
312 | break; | ||
313 | + case NID_aes_128_gcm: | ||
314 | + *cipher = &cryptodev_aes_128_gcm; | ||
315 | + break; | ||
316 | default: | ||
317 | *cipher = NULL; | ||
318 | break; | ||
319 | -- | ||
320 | 2.7.0 | ||
321 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch deleted file mode 100644 index 59330a1e..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 24 Apr 2014 00:35:34 +0545 | ||
4 | Subject: [PATCH 15/26] SW Backoff mechanism for dsa keygen | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | DSA Keygen is not handled in default openssl dsa method. Due to | ||
9 | same null function pointer in SW DSA method, the backoff for dsa | ||
10 | keygen gives segmentation fault. | ||
11 | |||
12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
14 | --- | ||
15 | crypto/engine/eng_cryptodev.c | 12 ++++++++---- | ||
16 | 1 file changed, 8 insertions(+), 4 deletions(-) | ||
17 | |||
18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
19 | index 6d69336..dab8fea 100644 | ||
20 | --- a/crypto/engine/eng_cryptodev.c | ||
21 | +++ b/crypto/engine/eng_cryptodev.c | ||
22 | @@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) | ||
23 | return ret; | ||
24 | sw_try: | ||
25 | { | ||
26 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
27 | - ret = (meth->dsa_keygen)(dsa); | ||
28 | + const DSA_METHOD *meth = dsa->meth; | ||
29 | + dsa->meth = DSA_OpenSSL(); | ||
30 | + ret = DSA_generate_key(dsa); | ||
31 | + dsa->meth = meth; | ||
32 | } | ||
33 | return ret; | ||
34 | } | ||
35 | @@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) | ||
36 | return ret; | ||
37 | sw_try: | ||
38 | { | ||
39 | - const DSA_METHOD *meth = DSA_OpenSSL(); | ||
40 | + const DSA_METHOD *meth = dsa->meth; | ||
41 | |||
42 | + dsa->meth = DSA_OpenSSL(); | ||
43 | if (kop) | ||
44 | free(kop); | ||
45 | - ret = (meth->dsa_keygen)(dsa); | ||
46 | + ret = DSA_generate_key(dsa); | ||
47 | + dsa->meth = meth; | ||
48 | cookie->pkc_callback(cookie, 0); | ||
49 | } | ||
50 | return ret; | ||
51 | -- | ||
52 | 2.3.5 | ||
53 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch new file mode 100644 index 00000000..623c58b9 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch | |||
@@ -0,0 +1,199 @@ | |||
1 | From 7dd6b35c35b027be8ef0ef2e29a949bc4ce96bbd Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Fri, 9 May 2014 17:54:06 +0300 | ||
4 | Subject: [PATCH 15/48] eng_cryptodev: extend TLS offload with | ||
5 | 3des_cbc_hmac_sha1 | ||
6 | |||
7 | Both obj_mac.h and obj_dat.h were generated using the scripts | ||
8 | from crypto/objects: | ||
9 | |||
10 | $ cd crypto/objects | ||
11 | $ perl objects.pl objects.txt obj_mac.num obj_mac.h | ||
12 | $ perl obj_dat.pl obj_mac.h obj_dat.h | ||
13 | |||
14 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
15 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
16 | --- | ||
17 | crypto/engine/eng_cryptodev.c | 26 ++++++++++++++++++++++++++ | ||
18 | crypto/objects/obj_dat.h | 10 +++++++--- | ||
19 | crypto/objects/obj_mac.h | 4 ++++ | ||
20 | crypto/objects/obj_mac.num | 1 + | ||
21 | crypto/objects/objects.txt | 1 + | ||
22 | ssl/ssl_ciph.c | 4 ++++ | ||
23 | 6 files changed, 43 insertions(+), 3 deletions(-) | ||
24 | |||
25 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
26 | index d2cdca0..8f73a18 100644 | ||
27 | --- a/crypto/engine/eng_cryptodev.c | ||
28 | +++ b/crypto/engine/eng_cryptodev.c | ||
29 | @@ -132,6 +132,7 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, | ||
30 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
31 | void (*f) (void)); | ||
32 | void ENGINE_load_cryptodev(void); | ||
33 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
34 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
35 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
36 | |||
37 | @@ -284,6 +285,9 @@ static struct { | ||
38 | CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0 | ||
39 | }, | ||
40 | { | ||
41 | + CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20 | ||
42 | + }, | ||
43 | + { | ||
44 | CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20 | ||
45 | }, | ||
46 | { | ||
47 | @@ -519,6 +523,9 @@ static int cryptodev_usable_ciphers(const int **nids) | ||
48 | case NID_aes_256_cbc_hmac_sha1: | ||
49 | EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
50 | break; | ||
51 | + case NID_des_ede3_cbc_hmac_sha1: | ||
52 | + EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
53 | + break; | ||
54 | } | ||
55 | } | ||
56 | return count; | ||
57 | @@ -623,6 +630,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
58 | switch (ctx->cipher->nid) { | ||
59 | case NID_aes_128_cbc_hmac_sha1: | ||
60 | case NID_aes_256_cbc_hmac_sha1: | ||
61 | + case NID_des_ede3_cbc_hmac_sha1: | ||
62 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
63 | } | ||
64 | cryp.ses = sess->ses; | ||
65 | @@ -813,6 +821,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
66 | switch (ctx->cipher->nid) { | ||
67 | case NID_aes_128_cbc_hmac_sha1: | ||
68 | case NID_aes_256_cbc_hmac_sha1: | ||
69 | + case NID_des_ede3_cbc_hmac_sha1: | ||
70 | maclen = SHA_DIGEST_LENGTH; | ||
71 | } | ||
72 | |||
73 | @@ -1134,6 +1143,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { | ||
74 | NULL | ||
75 | }; | ||
76 | |||
77 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { | ||
78 | + NID_des_ede3_cbc_hmac_sha1, | ||
79 | + 8, 24, 8, | ||
80 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
81 | + cryptodev_init_aead_key, | ||
82 | + cryptodev_aead_cipher, | ||
83 | + cryptodev_cleanup, | ||
84 | + sizeof(struct dev_crypto_state), | ||
85 | + EVP_CIPHER_set_asn1_iv, | ||
86 | + EVP_CIPHER_get_asn1_iv, | ||
87 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
88 | + NULL | ||
89 | +}; | ||
90 | + | ||
91 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { | ||
92 | NID_aes_128_cbc_hmac_sha1, | ||
93 | 16, 16, 16, | ||
94 | @@ -1255,6 +1278,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
95 | case NID_aes_256_cbc: | ||
96 | *cipher = &cryptodev_aes_256_cbc; | ||
97 | break; | ||
98 | + case NID_des_ede3_cbc_hmac_sha1: | ||
99 | + *cipher = &cryptodev_3des_cbc_hmac_sha1; | ||
100 | + break; | ||
101 | # ifdef CRYPTO_AES_CTR | ||
102 | case NID_aes_128_ctr: | ||
103 | *cipher = &cryptodev_aes_ctr; | ||
104 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
105 | index b7e3cf2..35d1abc 100644 | ||
106 | --- a/crypto/objects/obj_dat.h | ||
107 | +++ b/crypto/objects/obj_dat.h | ||
108 | @@ -62,9 +62,9 @@ | ||
109 | * [including the GNU Public Licence.] | ||
110 | */ | ||
111 | |||
112 | -#define NUM_NID 958 | ||
113 | -#define NUM_SN 951 | ||
114 | -#define NUM_LN 951 | ||
115 | +#define NUM_NID 959 | ||
116 | +#define NUM_SN 952 | ||
117 | +#define NUM_LN 952 | ||
118 | #define NUM_OBJ 890 | ||
119 | |||
120 | static const unsigned char lvalues[6255]={ | ||
121 | @@ -2514,6 +2514,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
122 | NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, | ||
123 | {"jurisdictionC","jurisdictionCountryName", | ||
124 | NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, | ||
125 | +{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", | ||
126 | + NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
127 | }; | ||
128 | |||
129 | static const unsigned int sn_objs[NUM_SN]={ | ||
130 | @@ -2592,6 +2594,7 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
131 | 62, /* "DES-EDE-OFB" */ | ||
132 | 33, /* "DES-EDE3" */ | ||
133 | 44, /* "DES-EDE3-CBC" */ | ||
134 | +958, /* "DES-EDE3-CBC-HMAC-SHA1" */ | ||
135 | 61, /* "DES-EDE3-CFB" */ | ||
136 | 658, /* "DES-EDE3-CFB1" */ | ||
137 | 659, /* "DES-EDE3-CFB8" */ | ||
138 | @@ -3760,6 +3763,7 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
139 | 62, /* "des-ede-ofb" */ | ||
140 | 33, /* "des-ede3" */ | ||
141 | 44, /* "des-ede3-cbc" */ | ||
142 | +958, /* "des-ede3-cbc-hmac-sha1" */ | ||
143 | 61, /* "des-ede3-cfb" */ | ||
144 | 658, /* "des-ede3-cfb1" */ | ||
145 | 659, /* "des-ede3-cfb8" */ | ||
146 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
147 | index 779c309..cb318bc 100644 | ||
148 | --- a/crypto/objects/obj_mac.h | ||
149 | +++ b/crypto/objects/obj_mac.h | ||
150 | @@ -4047,6 +4047,10 @@ | ||
151 | #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" | ||
152 | #define NID_aes_256_cbc_hmac_sha256 950 | ||
153 | |||
154 | +#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" | ||
155 | +#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" | ||
156 | +#define NID_des_ede3_cbc_hmac_sha1 958 | ||
157 | + | ||
158 | #define SN_dhpublicnumber "dhpublicnumber" | ||
159 | #define LN_dhpublicnumber "X9.42 DH" | ||
160 | #define NID_dhpublicnumber 920 | ||
161 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
162 | index 8e5ea83..02d1bb8 100644 | ||
163 | --- a/crypto/objects/obj_mac.num | ||
164 | +++ b/crypto/objects/obj_mac.num | ||
165 | @@ -955,3 +955,4 @@ ct_cert_scts 954 | ||
166 | jurisdictionLocalityName 955 | ||
167 | jurisdictionStateOrProvinceName 956 | ||
168 | jurisdictionCountryName 957 | ||
169 | +des_ede3_cbc_hmac_sha1 958 | ||
170 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
171 | index b57aabb..4e1ff18 100644 | ||
172 | --- a/crypto/objects/objects.txt | ||
173 | +++ b/crypto/objects/objects.txt | ||
174 | @@ -1294,6 +1294,7 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
175 | : AES-128-CBC-HMAC-SHA256 : aes-128-cbc-hmac-sha256 | ||
176 | : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 | ||
177 | : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 | ||
178 | + : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 | ||
179 | |||
180 | ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH | ||
181 | |||
182 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
183 | index 302464e..a379273 100644 | ||
184 | --- a/ssl/ssl_ciph.c | ||
185 | +++ b/ssl/ssl_ciph.c | ||
186 | @@ -668,6 +668,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
187 | c->algorithm_mac == SSL_SHA256 && | ||
188 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) | ||
189 | *enc = evp, *md = NULL; | ||
190 | + else if (c->algorithm_enc == SSL_3DES && | ||
191 | + c->algorithm_mac == SSL_SHA1 && | ||
192 | + (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
193 | + *enc = evp, *md = NULL; | ||
194 | return (1); | ||
195 | } else | ||
196 | return (0); | ||
197 | -- | ||
198 | 2.7.0 | ||
199 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch deleted file mode 100644 index 8923cb63..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch +++ /dev/null | |||
@@ -1,100 +0,0 @@ | |||
1 | From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 1 May 2014 06:35:45 +0545 | ||
4 | Subject: [PATCH 16/26] Fixed DH keygen pair generator | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Wrong Padding results into keygen length error | ||
9 | |||
10 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
11 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
12 | --- | ||
13 | crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- | ||
14 | 1 file changed, 33 insertions(+), 17 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
17 | index dab8fea..13d924f 100644 | ||
18 | --- a/crypto/engine/eng_cryptodev.c | ||
19 | +++ b/crypto/engine/eng_cryptodev.c | ||
20 | @@ -3396,44 +3396,60 @@ sw_try: | ||
21 | static int cryptodev_dh_keygen(DH *dh) | ||
22 | { | ||
23 | struct crypt_kop kop; | ||
24 | - int ret = 1, g_len; | ||
25 | - unsigned char *g = NULL; | ||
26 | + int ret = 1, q_len = 0; | ||
27 | + unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; | ||
28 | + BIGNUM *pub_key = NULL, *priv_key = NULL; | ||
29 | + int generate_new_key = 1; | ||
30 | |||
31 | - if (dh->priv_key == NULL) { | ||
32 | - if ((dh->priv_key=BN_new()) == NULL) | ||
33 | - goto sw_try; | ||
34 | - } | ||
35 | + if (dh->priv_key) | ||
36 | + priv_key = dh->priv_key; | ||
37 | |||
38 | - if (dh->pub_key == NULL) { | ||
39 | - if ((dh->pub_key=BN_new()) == NULL) | ||
40 | - goto sw_try; | ||
41 | - } | ||
42 | + if (dh->pub_key) | ||
43 | + pub_key = dh->pub_key; | ||
44 | |||
45 | - g_len = BN_num_bytes(dh->p); | ||
46 | + q_len = BN_num_bytes(dh->p); | ||
47 | /** | ||
48 | * Get generator into a plain buffer. If length is less than | ||
49 | * q_len then add leading padding bytes. | ||
50 | */ | ||
51 | - if (spcf_bn2bin_ex(dh->g, &g, &g_len)) { | ||
52 | + if (spcf_bn2bin_ex(dh->g, &g, &q_len)) { | ||
53 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
54 | + goto sw_try; | ||
55 | + } | ||
56 | + | ||
57 | + if (spcf_bn2bin_ex(dh->p, &q, &q_len)) { | ||
58 | DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
59 | goto sw_try; | ||
60 | } | ||
61 | |||
62 | memset(&kop, 0, sizeof kop); | ||
63 | kop.crk_op = CRK_DH_GENERATE_KEY; | ||
64 | - if (bn2crparam(dh->p, &kop.crk_param[0])) | ||
65 | - goto sw_try; | ||
66 | + kop.crk_param[0].crp_p = q; | ||
67 | + kop.crk_param[0].crp_nbits = q_len * 8; | ||
68 | if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1])) | ||
69 | goto sw_try; | ||
70 | kop.crk_param[2].crp_p = g; | ||
71 | - kop.crk_param[2].crp_nbits = g_len * 8; | ||
72 | + kop.crk_param[2].crp_nbits = q_len * 8; | ||
73 | kop.crk_iparams = 3; | ||
74 | |||
75 | + s = OPENSSL_malloc (q_len); | ||
76 | + if (!s) { | ||
77 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
78 | + goto sw_try; | ||
79 | + } | ||
80 | + | ||
81 | + w = OPENSSL_malloc (q_len); | ||
82 | + if (!w) { | ||
83 | + DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE); | ||
84 | + goto sw_try; | ||
85 | + } | ||
86 | + | ||
87 | /* pub_key is or prime length while priv key is of length of order */ | ||
88 | - if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key, | ||
89 | - BN_num_bytes(dh->q), dh->priv_key)) | ||
90 | + if (cryptodev_asym(&kop, q_len, w, q_len, s)) | ||
91 | goto sw_try; | ||
92 | |||
93 | + dh->pub_key = BN_bin2bn(w, q_len, pub_key); | ||
94 | + dh->pub_key = BN_bin2bn(s, q_len, priv_key); | ||
95 | return ret; | ||
96 | sw_try: | ||
97 | { | ||
98 | -- | ||
99 | 2.3.5 | ||
100 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 00000000..c5866212 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch | |||
@@ -0,0 +1,338 @@ | |||
1 | From 3f34089ab0a3b31ec6b31a6cbf308ca20c6ef597 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Fri, 22 Jan 2016 11:58:34 +0200 | ||
4 | Subject: [PATCH 16/48] eng_cryptodev: add support for TLSv1.1 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | |||
11 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
12 | kernel driver. | ||
13 | |||
14 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
15 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
16 | --- | ||
17 | crypto/engine/eng_cryptodev.c | 96 ++++++++++++++++++++++++++++++++++++++++++- | ||
18 | crypto/objects/obj_dat.h | 18 ++++++-- | ||
19 | crypto/objects/obj_mac.h | 12 ++++++ | ||
20 | crypto/objects/obj_mac.num | 3 ++ | ||
21 | crypto/objects/objects.txt | 3 ++ | ||
22 | ssl/ssl_ciph.c | 28 ++++++++++--- | ||
23 | 6 files changed, 151 insertions(+), 9 deletions(-) | ||
24 | |||
25 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
26 | index 8f73a18..e37a661 100644 | ||
27 | --- a/crypto/engine/eng_cryptodev.c | ||
28 | +++ b/crypto/engine/eng_cryptodev.c | ||
29 | @@ -66,6 +66,7 @@ void ENGINE_load_cryptodev(void) | ||
30 | # include <sys/ioctl.h> | ||
31 | # include <errno.h> | ||
32 | # include <stdio.h> | ||
33 | +# include <stdbool.h> | ||
34 | # include <unistd.h> | ||
35 | # include <fcntl.h> | ||
36 | # include <stdarg.h> | ||
37 | @@ -135,6 +136,9 @@ void ENGINE_load_cryptodev(void); | ||
38 | const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
39 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
40 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
41 | +const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
42 | +const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
43 | +const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
44 | |||
45 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
46 | { | ||
47 | @@ -294,6 +298,18 @@ static struct { | ||
48 | CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20 | ||
49 | }, | ||
50 | { | ||
51 | + CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, | ||
52 | + 24, 20 | ||
53 | + }, | ||
54 | + { | ||
55 | + CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, | ||
56 | + 20 | ||
57 | + }, | ||
58 | + { | ||
59 | + CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, | ||
60 | + 20 | ||
61 | + }, | ||
62 | + { | ||
63 | CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 | ||
64 | }, | ||
65 | { | ||
66 | @@ -526,6 +542,15 @@ static int cryptodev_usable_ciphers(const int **nids) | ||
67 | case NID_des_ede3_cbc_hmac_sha1: | ||
68 | EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
69 | break; | ||
70 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
71 | + EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1); | ||
72 | + break; | ||
73 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
74 | + EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1); | ||
75 | + break; | ||
76 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
77 | + EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
78 | + break; | ||
79 | } | ||
80 | } | ||
81 | return count; | ||
82 | @@ -631,6 +656,9 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
83 | case NID_aes_128_cbc_hmac_sha1: | ||
84 | case NID_aes_256_cbc_hmac_sha1: | ||
85 | case NID_des_ede3_cbc_hmac_sha1: | ||
86 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
87 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
88 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
89 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
90 | } | ||
91 | cryp.ses = sess->ses; | ||
92 | @@ -810,8 +838,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
93 | struct dev_crypto_state *state = ctx->cipher_data; | ||
94 | unsigned char *p = ptr; | ||
95 | unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; | ||
96 | - unsigned int maclen, padlen; | ||
97 | + unsigned int maclen, padlen, len; | ||
98 | unsigned int bs = ctx->cipher->block_size; | ||
99 | + bool aad_needs_fix = false; | ||
100 | |||
101 | state->aad = ptr; | ||
102 | state->aad_len = arg; | ||
103 | @@ -823,6 +852,20 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
104 | case NID_aes_256_cbc_hmac_sha1: | ||
105 | case NID_des_ede3_cbc_hmac_sha1: | ||
106 | maclen = SHA_DIGEST_LENGTH; | ||
107 | + break; | ||
108 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
109 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
110 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
111 | + maclen = SHA_DIGEST_LENGTH; | ||
112 | + aad_needs_fix = true; | ||
113 | + break; | ||
114 | + } | ||
115 | + | ||
116 | + /* Correct length for AAD Length field */ | ||
117 | + if (ctx->encrypt && aad_needs_fix) { | ||
118 | + len = cryptlen - bs; | ||
119 | + p[arg - 2] = len >> 8; | ||
120 | + p[arg - 1] = len & 0xff; | ||
121 | } | ||
122 | |||
123 | /* space required for encryption (not only TLS padding) */ | ||
124 | @@ -1185,6 +1228,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
125 | NULL | ||
126 | }; | ||
127 | |||
128 | +const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = { | ||
129 | + NID_tls11_des_ede3_cbc_hmac_sha1, | ||
130 | + 8, 24, 8, | ||
131 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
132 | + cryptodev_init_aead_key, | ||
133 | + cryptodev_aead_cipher, | ||
134 | + cryptodev_cleanup, | ||
135 | + sizeof(struct dev_crypto_state), | ||
136 | + EVP_CIPHER_set_asn1_iv, | ||
137 | + EVP_CIPHER_get_asn1_iv, | ||
138 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
139 | + NULL | ||
140 | +}; | ||
141 | + | ||
142 | +const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = { | ||
143 | + NID_tls11_aes_128_cbc_hmac_sha1, | ||
144 | + 16, 16, 16, | ||
145 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
146 | + cryptodev_init_aead_key, | ||
147 | + cryptodev_aead_cipher, | ||
148 | + cryptodev_cleanup, | ||
149 | + sizeof(struct dev_crypto_state), | ||
150 | + EVP_CIPHER_set_asn1_iv, | ||
151 | + EVP_CIPHER_get_asn1_iv, | ||
152 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
153 | + NULL | ||
154 | +}; | ||
155 | + | ||
156 | +const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
157 | + NID_tls11_aes_256_cbc_hmac_sha1, | ||
158 | + 16, 32, 16, | ||
159 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
160 | + cryptodev_init_aead_key, | ||
161 | + cryptodev_aead_cipher, | ||
162 | + cryptodev_cleanup, | ||
163 | + sizeof(struct dev_crypto_state), | ||
164 | + EVP_CIPHER_set_asn1_iv, | ||
165 | + EVP_CIPHER_get_asn1_iv, | ||
166 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
167 | + NULL | ||
168 | +}; | ||
169 | + | ||
170 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
171 | NID_aes_128_gcm, | ||
172 | 1, 16, 12, | ||
173 | @@ -1298,6 +1383,15 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
174 | case NID_aes_256_cbc_hmac_sha1: | ||
175 | *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
176 | break; | ||
177 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
178 | + *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1; | ||
179 | + break; | ||
180 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
181 | + *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
182 | + break; | ||
183 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
184 | + *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
185 | + break; | ||
186 | case NID_aes_128_gcm: | ||
187 | *cipher = &cryptodev_aes_128_gcm; | ||
188 | break; | ||
189 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
190 | index 35d1abc..4dd32a1 100644 | ||
191 | --- a/crypto/objects/obj_dat.h | ||
192 | +++ b/crypto/objects/obj_dat.h | ||
193 | @@ -62,9 +62,9 @@ | ||
194 | * [including the GNU Public Licence.] | ||
195 | */ | ||
196 | |||
197 | -#define NUM_NID 959 | ||
198 | -#define NUM_SN 952 | ||
199 | -#define NUM_LN 952 | ||
200 | +#define NUM_NID 962 | ||
201 | +#define NUM_SN 955 | ||
202 | +#define NUM_LN 955 | ||
203 | #define NUM_OBJ 890 | ||
204 | |||
205 | static const unsigned char lvalues[6255]={ | ||
206 | @@ -2516,6 +2516,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
207 | NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, | ||
208 | {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", | ||
209 | NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
210 | +{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1", | ||
211 | + NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
212 | +{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1", | ||
213 | + NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
214 | +{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
215 | + NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
216 | }; | ||
217 | |||
218 | static const unsigned int sn_objs[NUM_SN]={ | ||
219 | @@ -2705,6 +2711,9 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
220 | 100, /* "SN" */ | ||
221 | 16, /* "ST" */ | ||
222 | 143, /* "SXNetID" */ | ||
223 | +960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
224 | +961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
225 | +959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
226 | 458, /* "UID" */ | ||
227 | 0, /* "UNDEF" */ | ||
228 | 11, /* "X500" */ | ||
229 | @@ -4396,6 +4405,9 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
230 | 459, /* "textEncodedORAddress" */ | ||
231 | 293, /* "textNotice" */ | ||
232 | 106, /* "title" */ | ||
233 | +960, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
234 | +961, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
235 | +959, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
236 | 682, /* "tpBasis" */ | ||
237 | 436, /* "ucl" */ | ||
238 | 0, /* "undefined" */ | ||
239 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
240 | index cb318bc..5930563 100644 | ||
241 | --- a/crypto/objects/obj_mac.h | ||
242 | +++ b/crypto/objects/obj_mac.h | ||
243 | @@ -4051,6 +4051,18 @@ | ||
244 | #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" | ||
245 | #define NID_des_ede3_cbc_hmac_sha1 958 | ||
246 | |||
247 | +#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1" | ||
248 | +#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1" | ||
249 | +#define NID_tls11_des_ede3_cbc_hmac_sha1 959 | ||
250 | + | ||
251 | +#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1" | ||
252 | +#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1" | ||
253 | +#define NID_tls11_aes_128_cbc_hmac_sha1 960 | ||
254 | + | ||
255 | +#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1" | ||
256 | +#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
257 | +#define NID_tls11_aes_256_cbc_hmac_sha1 961 | ||
258 | + | ||
259 | #define SN_dhpublicnumber "dhpublicnumber" | ||
260 | #define LN_dhpublicnumber "X9.42 DH" | ||
261 | #define NID_dhpublicnumber 920 | ||
262 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
263 | index 02d1bb8..02f1728 100644 | ||
264 | --- a/crypto/objects/obj_mac.num | ||
265 | +++ b/crypto/objects/obj_mac.num | ||
266 | @@ -956,3 +956,6 @@ jurisdictionLocalityName 955 | ||
267 | jurisdictionStateOrProvinceName 956 | ||
268 | jurisdictionCountryName 957 | ||
269 | des_ede3_cbc_hmac_sha1 958 | ||
270 | +tls11_des_ede3_cbc_hmac_sha1 959 | ||
271 | +tls11_aes_128_cbc_hmac_sha1 960 | ||
272 | +tls11_aes_256_cbc_hmac_sha1 961 | ||
273 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
274 | index 4e1ff18..cda81da 100644 | ||
275 | --- a/crypto/objects/objects.txt | ||
276 | +++ b/crypto/objects/objects.txt | ||
277 | @@ -1295,6 +1295,9 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
278 | : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 | ||
279 | : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 | ||
280 | : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 | ||
281 | + : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
282 | + : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
283 | + : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
284 | |||
285 | ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH | ||
286 | |||
287 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
288 | index a379273..e3d73ac 100644 | ||
289 | --- a/ssl/ssl_ciph.c | ||
290 | +++ b/ssl/ssl_ciph.c | ||
291 | @@ -652,11 +652,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
292 | c->algorithm_mac == SSL_MD5 && | ||
293 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) | ||
294 | *enc = evp, *md = NULL; | ||
295 | - else if (c->algorithm_enc == SSL_AES128 && | ||
296 | + else if (s->ssl_version == TLS1_VERSION && | ||
297 | + c->algorithm_enc == SSL_AES128 && | ||
298 | c->algorithm_mac == SSL_SHA1 && | ||
299 | (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | ||
300 | *enc = evp, *md = NULL; | ||
301 | - else if (c->algorithm_enc == SSL_AES256 && | ||
302 | + else if (s->ssl_version == TLS1_VERSION && | ||
303 | + c->algorithm_enc == SSL_AES256 && | ||
304 | c->algorithm_mac == SSL_SHA1 && | ||
305 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | ||
306 | *enc = evp, *md = NULL; | ||
307 | @@ -668,9 +670,25 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
308 | c->algorithm_mac == SSL_SHA256 && | ||
309 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) | ||
310 | *enc = evp, *md = NULL; | ||
311 | - else if (c->algorithm_enc == SSL_3DES && | ||
312 | - c->algorithm_mac == SSL_SHA1 && | ||
313 | - (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
314 | + else if (s->ssl_version == TLS1_VERSION && | ||
315 | + c->algorithm_enc == SSL_3DES && | ||
316 | + c->algorithm_mac == SSL_SHA1 && | ||
317 | + (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
318 | + *enc = evp, *md = NULL; | ||
319 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
320 | + c->algorithm_enc == SSL_3DES && | ||
321 | + c->algorithm_mac == SSL_SHA1 && | ||
322 | + (evp = EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1"))) | ||
323 | + *enc = evp, *md = NULL; | ||
324 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
325 | + c->algorithm_enc == SSL_AES128 && | ||
326 | + c->algorithm_mac == SSL_SHA1 && | ||
327 | + (evp = EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1"))) | ||
328 | + *enc = evp, *md = NULL; | ||
329 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
330 | + c->algorithm_enc == SSL_AES256 && | ||
331 | + c->algorithm_mac == SSL_SHA1 && | ||
332 | + (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
333 | *enc = evp, *md = NULL; | ||
334 | return (1); | ||
335 | } else | ||
336 | -- | ||
337 | 2.7.0 | ||
338 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch deleted file mode 100644 index bd9e61ac..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch +++ /dev/null | |||
@@ -1,309 +0,0 @@ | |||
1 | From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 16 Jun 2014 14:06:21 +0300 | ||
4 | Subject: [PATCH 17/26] cryptodev: add support for aes-gcm algorithm offloading | ||
5 | |||
6 | Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 | ||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
8 | Reviewed-on: http://git.am.freescale.net:8181/17226 | ||
9 | --- | ||
10 | apps/speed.c | 6 +- | ||
11 | crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++- | ||
12 | 2 files changed, 233 insertions(+), 2 deletions(-) | ||
13 | |||
14 | diff --git a/apps/speed.c b/apps/speed.c | ||
15 | index 9886ca3..099dede 100644 | ||
16 | --- a/apps/speed.c | ||
17 | +++ b/apps/speed.c | ||
18 | @@ -224,7 +224,11 @@ | ||
19 | #endif | ||
20 | |||
21 | #undef BUFSIZE | ||
22 | -#define BUFSIZE ((long)1024*8+1) | ||
23 | +/* The buffer overhead allows GCM tag at the end of the encrypted data. This | ||
24 | + avoids buffer overflows from cryptodev since Linux kernel GCM | ||
25 | + implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() | ||
26 | + which doesn't */ | ||
27 | +#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) | ||
28 | int run=0; | ||
29 | |||
30 | static int mr=0; | ||
31 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
32 | index 13d924f..4493490 100644 | ||
33 | --- a/crypto/engine/eng_cryptodev.c | ||
34 | +++ b/crypto/engine/eng_cryptodev.c | ||
35 | @@ -78,8 +78,10 @@ struct dev_crypto_state { | ||
36 | struct session_op d_sess; | ||
37 | int d_fd; | ||
38 | unsigned char *aad; | ||
39 | - unsigned int aad_len; | ||
40 | + int aad_len; | ||
41 | unsigned int len; | ||
42 | + unsigned char *iv; | ||
43 | + int ivlen; | ||
44 | |||
45 | #ifdef USE_CRYPTODEV_DIGESTS | ||
46 | char dummy_mac_key[HASH_MAX_LEN]; | ||
47 | @@ -251,6 +253,7 @@ static struct { | ||
48 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, | ||
49 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
50 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
51 | + { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
52 | { 0, NID_undef, 0, 0, 0}, | ||
53 | }; | ||
54 | |||
55 | @@ -271,6 +274,19 @@ static struct { | ||
56 | }; | ||
57 | #endif | ||
58 | |||
59 | +/* increment counter (64-bit int) by 1 */ | ||
60 | +static void ctr64_inc(unsigned char *counter) { | ||
61 | + int n=8; | ||
62 | + unsigned char c; | ||
63 | + | ||
64 | + do { | ||
65 | + --n; | ||
66 | + c = counter[n]; | ||
67 | + ++c; | ||
68 | + counter[n] = c; | ||
69 | + if (c) return; | ||
70 | + } while (n); | ||
71 | +} | ||
72 | /* | ||
73 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | ||
74 | */ | ||
75 | @@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
76 | } | ||
77 | } | ||
78 | |||
79 | +static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, | ||
80 | + const unsigned char *key, const unsigned char *iv, int enc) | ||
81 | +{ | ||
82 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
83 | + struct session_op *sess = &state->d_sess; | ||
84 | + int cipher = -1, i; | ||
85 | + if (!iv && !key) | ||
86 | + return 1; | ||
87 | + | ||
88 | + if (iv) | ||
89 | + memcpy(ctx->iv, iv, ctx->cipher->iv_len); | ||
90 | + | ||
91 | + for (i = 0; ciphers[i].id; i++) | ||
92 | + if (ctx->cipher->nid == ciphers[i].nid && | ||
93 | + ctx->cipher->iv_len <= ciphers[i].ivmax && | ||
94 | + ctx->key_len == ciphers[i].keylen) { | ||
95 | + cipher = ciphers[i].id; | ||
96 | + break; | ||
97 | + } | ||
98 | + | ||
99 | + if (!ciphers[i].id) { | ||
100 | + state->d_fd = -1; | ||
101 | + return 0; | ||
102 | + } | ||
103 | + | ||
104 | + memset(sess, 0, sizeof(struct session_op)); | ||
105 | + | ||
106 | + if ((state->d_fd = get_dev_crypto()) < 0) | ||
107 | + return 0; | ||
108 | + | ||
109 | + sess->key = (unsigned char *) key; | ||
110 | + sess->keylen = ctx->key_len; | ||
111 | + sess->cipher = cipher; | ||
112 | + | ||
113 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | ||
114 | + put_dev_crypto(state->d_fd); | ||
115 | + state->d_fd = -1; | ||
116 | + return 0; | ||
117 | + } | ||
118 | + return 1; | ||
119 | +} | ||
120 | + | ||
121 | +static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
122 | + const unsigned char *in, size_t len) | ||
123 | +{ | ||
124 | + struct crypt_auth_op cryp = {0}; | ||
125 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
126 | + struct session_op *sess = &state->d_sess; | ||
127 | + int rv = len; | ||
128 | + | ||
129 | + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? | ||
130 | + EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, | ||
131 | + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) | ||
132 | + return 0; | ||
133 | + | ||
134 | + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
135 | + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
136 | + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
137 | + | ||
138 | + if (ctx->encrypt) { | ||
139 | + len -= EVP_GCM_TLS_TAG_LEN; | ||
140 | + } | ||
141 | + cryp.ses = sess->ses; | ||
142 | + cryp.len = len; | ||
143 | + cryp.src = (unsigned char*) in; | ||
144 | + cryp.dst = out; | ||
145 | + cryp.auth_src = state->aad; | ||
146 | + cryp.auth_len = state->aad_len; | ||
147 | + cryp.iv = ctx->iv; | ||
148 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
149 | + | ||
150 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | ||
151 | + return 0; | ||
152 | + } | ||
153 | + | ||
154 | + if (ctx->encrypt) | ||
155 | + ctr64_inc(state->iv + state->ivlen - 8); | ||
156 | + else | ||
157 | + rv = len - EVP_GCM_TLS_TAG_LEN; | ||
158 | + | ||
159 | + return rv; | ||
160 | +} | ||
161 | + | ||
162 | +static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
163 | + const unsigned char *in, size_t len) | ||
164 | +{ | ||
165 | + struct crypt_auth_op cryp; | ||
166 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
167 | + struct session_op *sess = &state->d_sess; | ||
168 | + | ||
169 | + if (state->d_fd < 0) | ||
170 | + return 0; | ||
171 | + | ||
172 | + if ((len % ctx->cipher->block_size) != 0) | ||
173 | + return 0; | ||
174 | + | ||
175 | + if (state->aad_len >= 0) | ||
176 | + return cryptodev_gcm_tls_cipher(ctx, out, in, len); | ||
177 | + | ||
178 | + memset(&cryp, 0, sizeof(cryp)); | ||
179 | + | ||
180 | + cryp.ses = sess->ses; | ||
181 | + cryp.len = len; | ||
182 | + cryp.src = (unsigned char*) in; | ||
183 | + cryp.dst = out; | ||
184 | + cryp.auth_src = NULL; | ||
185 | + cryp.auth_len = 0; | ||
186 | + cryp.iv = ctx->iv; | ||
187 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
188 | + | ||
189 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | ||
190 | + return 0; | ||
191 | + } | ||
192 | + | ||
193 | + return len; | ||
194 | +} | ||
195 | + | ||
196 | +static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
197 | + void *ptr) | ||
198 | +{ | ||
199 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
200 | + switch (type) { | ||
201 | + case EVP_CTRL_INIT: | ||
202 | + { | ||
203 | + state->ivlen = ctx->cipher->iv_len; | ||
204 | + state->iv = ctx->iv; | ||
205 | + state->aad_len = -1; | ||
206 | + return 1; | ||
207 | + } | ||
208 | + case EVP_CTRL_GCM_SET_IV_FIXED: | ||
209 | + { | ||
210 | + /* Special case: -1 length restores whole IV */ | ||
211 | + if (arg == -1) | ||
212 | + { | ||
213 | + memcpy(state->iv, ptr, state->ivlen); | ||
214 | + return 1; | ||
215 | + } | ||
216 | + /* Fixed field must be at least 4 bytes and invocation field | ||
217 | + * at least 8. | ||
218 | + */ | ||
219 | + if ((arg < 4) || (state->ivlen - arg) < 8) | ||
220 | + return 0; | ||
221 | + if (arg) | ||
222 | + memcpy(state->iv, ptr, arg); | ||
223 | + if (ctx->encrypt && | ||
224 | + RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) | ||
225 | + return 0; | ||
226 | + return 1; | ||
227 | + } | ||
228 | + case EVP_CTRL_AEAD_TLS1_AAD: | ||
229 | + { | ||
230 | + unsigned int len; | ||
231 | + if (arg != 13) | ||
232 | + return 0; | ||
233 | + | ||
234 | + memcpy(ctx->buf, ptr, arg); | ||
235 | + len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1]; | ||
236 | + | ||
237 | + /* Correct length for explicit IV */ | ||
238 | + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
239 | + | ||
240 | + /* If decrypting correct for tag too */ | ||
241 | + if (!ctx->encrypt) | ||
242 | + len -= EVP_GCM_TLS_TAG_LEN; | ||
243 | + | ||
244 | + ctx->buf[arg-2] = len >> 8; | ||
245 | + ctx->buf[arg-1] = len & 0xff; | ||
246 | + | ||
247 | + state->aad = ctx->buf; | ||
248 | + state->aad_len = arg; | ||
249 | + state->len = len; | ||
250 | + | ||
251 | + /* Extra padding: tag appended to record */ | ||
252 | + return EVP_GCM_TLS_TAG_LEN; | ||
253 | + } | ||
254 | + case EVP_CTRL_GCM_SET_IV_INV: | ||
255 | + { | ||
256 | + if (ctx->encrypt) | ||
257 | + return 0; | ||
258 | + memcpy(state->iv + state->ivlen - arg, ptr, arg); | ||
259 | + return 1; | ||
260 | + } | ||
261 | + case EVP_CTRL_GCM_IV_GEN: | ||
262 | + if (arg <= 0 || arg > state->ivlen) | ||
263 | + arg = state->ivlen; | ||
264 | + memcpy(ptr, state->iv + state->ivlen - arg, arg); | ||
265 | + return 1; | ||
266 | + default: | ||
267 | + return -1; | ||
268 | + } | ||
269 | +} | ||
270 | /* | ||
271 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | ||
272 | * gets called when libcrypto requests a cipher NID. | ||
273 | @@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
274 | cryptodev_cbc_hmac_sha1_ctrl, | ||
275 | NULL | ||
276 | }; | ||
277 | + | ||
278 | +const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
279 | + NID_aes_128_gcm, | ||
280 | + 1, 16, 12, | ||
281 | + EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ | ||
282 | + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | ||
283 | + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, | ||
284 | + cryptodev_init_gcm_key, | ||
285 | + cryptodev_gcm_cipher, | ||
286 | + cryptodev_cleanup, | ||
287 | + sizeof(struct dev_crypto_state), | ||
288 | + EVP_CIPHER_set_asn1_iv, | ||
289 | + EVP_CIPHER_get_asn1_iv, | ||
290 | + cryptodev_gcm_ctrl, | ||
291 | + NULL | ||
292 | +}; | ||
293 | + | ||
294 | /* | ||
295 | * Registered by the ENGINE when used to find out how to deal with | ||
296 | * a particular NID in the ENGINE. this says what we'll do at the | ||
297 | @@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
298 | case NID_aes_256_cbc_hmac_sha1: | ||
299 | *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
300 | break; | ||
301 | + case NID_aes_128_gcm: | ||
302 | + *cipher = &cryptodev_aes_128_gcm; | ||
303 | + break; | ||
304 | default: | ||
305 | *cipher = NULL; | ||
306 | break; | ||
307 | -- | ||
308 | 2.3.5 | ||
309 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 00000000..5e65ec6e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch | |||
@@ -0,0 +1,377 @@ | |||
1 | From 4c1531a088076118ce3c06cb0af15998f0796cb3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:32:35 +0300 | ||
4 | Subject: [PATCH 17/48] eng_cryptodev: add support for TLSv1.2 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | - aes-128-cbc-hmac-sha256 | ||
11 | - aes-256-cbc-hmac-sha256 | ||
12 | |||
13 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
14 | kernel driver. | ||
15 | |||
16 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
17 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
18 | --- | ||
19 | crypto/engine/eng_cryptodev.c | 138 ++++++++++++++++++++++++++++++++++++++++++ | ||
20 | crypto/objects/obj_dat.h | 26 +++++++- | ||
21 | crypto/objects/obj_mac.h | 20 ++++++ | ||
22 | crypto/objects/obj_mac.num | 5 ++ | ||
23 | crypto/objects/objects.txt | 5 ++ | ||
24 | ssl/ssl_ciph.c | 25 ++++++++ | ||
25 | 6 files changed, 216 insertions(+), 3 deletions(-) | ||
26 | |||
27 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
28 | index e37a661..e6f9f16 100644 | ||
29 | --- a/crypto/engine/eng_cryptodev.c | ||
30 | +++ b/crypto/engine/eng_cryptodev.c | ||
31 | @@ -139,6 +139,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
32 | const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
33 | const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
34 | const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
35 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; | ||
36 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
37 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
38 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
39 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
40 | |||
41 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
42 | { | ||
43 | @@ -310,6 +315,26 @@ static struct { | ||
44 | 20 | ||
45 | }, | ||
46 | { | ||
47 | + CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, | ||
48 | + 24, 20 | ||
49 | + }, | ||
50 | + { | ||
51 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, | ||
52 | + 20 | ||
53 | + }, | ||
54 | + { | ||
55 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, | ||
56 | + 20 | ||
57 | + }, | ||
58 | + { | ||
59 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, | ||
60 | + 16, 32 | ||
61 | + }, | ||
62 | + { | ||
63 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, | ||
64 | + 32, 32 | ||
65 | + }, | ||
66 | + { | ||
67 | CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0 | ||
68 | }, | ||
69 | { | ||
70 | @@ -551,6 +576,21 @@ static int cryptodev_usable_ciphers(const int **nids) | ||
71 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
72 | EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
73 | break; | ||
74 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
75 | + EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); | ||
76 | + break; | ||
77 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
78 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); | ||
79 | + break; | ||
80 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
81 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); | ||
82 | + break; | ||
83 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
84 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); | ||
85 | + break; | ||
86 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
87 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); | ||
88 | + break; | ||
89 | } | ||
90 | } | ||
91 | return count; | ||
92 | @@ -659,6 +699,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
93 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
94 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
95 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
96 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
97 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
98 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
99 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
100 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
101 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
102 | } | ||
103 | cryp.ses = sess->ses; | ||
104 | @@ -856,9 +901,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
105 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
106 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
107 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
108 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
109 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
110 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
111 | maclen = SHA_DIGEST_LENGTH; | ||
112 | aad_needs_fix = true; | ||
113 | break; | ||
114 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
115 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
116 | + maclen = SHA256_DIGEST_LENGTH; | ||
117 | + aad_needs_fix = true; | ||
118 | + break; | ||
119 | } | ||
120 | |||
121 | /* Correct length for AAD Length field */ | ||
122 | @@ -1270,6 +1323,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
123 | NULL | ||
124 | }; | ||
125 | |||
126 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { | ||
127 | + NID_tls12_des_ede3_cbc_hmac_sha1, | ||
128 | + 8, 24, 8, | ||
129 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
130 | + cryptodev_init_aead_key, | ||
131 | + cryptodev_aead_cipher, | ||
132 | + cryptodev_cleanup, | ||
133 | + sizeof(struct dev_crypto_state), | ||
134 | + EVP_CIPHER_set_asn1_iv, | ||
135 | + EVP_CIPHER_get_asn1_iv, | ||
136 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
137 | + NULL | ||
138 | +}; | ||
139 | + | ||
140 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { | ||
141 | + NID_tls12_aes_128_cbc_hmac_sha1, | ||
142 | + 16, 16, 16, | ||
143 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
144 | + cryptodev_init_aead_key, | ||
145 | + cryptodev_aead_cipher, | ||
146 | + cryptodev_cleanup, | ||
147 | + sizeof(struct dev_crypto_state), | ||
148 | + EVP_CIPHER_set_asn1_iv, | ||
149 | + EVP_CIPHER_get_asn1_iv, | ||
150 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
151 | + NULL | ||
152 | +}; | ||
153 | + | ||
154 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { | ||
155 | + NID_tls12_aes_256_cbc_hmac_sha1, | ||
156 | + 16, 32, 16, | ||
157 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
158 | + cryptodev_init_aead_key, | ||
159 | + cryptodev_aead_cipher, | ||
160 | + cryptodev_cleanup, | ||
161 | + sizeof(struct dev_crypto_state), | ||
162 | + EVP_CIPHER_set_asn1_iv, | ||
163 | + EVP_CIPHER_get_asn1_iv, | ||
164 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
165 | + NULL | ||
166 | +}; | ||
167 | + | ||
168 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { | ||
169 | + NID_tls12_aes_128_cbc_hmac_sha256, | ||
170 | + 16, 16, 16, | ||
171 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
172 | + cryptodev_init_aead_key, | ||
173 | + cryptodev_aead_cipher, | ||
174 | + cryptodev_cleanup, | ||
175 | + sizeof(struct dev_crypto_state), | ||
176 | + EVP_CIPHER_set_asn1_iv, | ||
177 | + EVP_CIPHER_get_asn1_iv, | ||
178 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
179 | + NULL | ||
180 | +}; | ||
181 | + | ||
182 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { | ||
183 | + NID_tls12_aes_256_cbc_hmac_sha256, | ||
184 | + 16, 32, 16, | ||
185 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
186 | + cryptodev_init_aead_key, | ||
187 | + cryptodev_aead_cipher, | ||
188 | + cryptodev_cleanup, | ||
189 | + sizeof(struct dev_crypto_state), | ||
190 | + EVP_CIPHER_set_asn1_iv, | ||
191 | + EVP_CIPHER_get_asn1_iv, | ||
192 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
193 | + NULL | ||
194 | +}; | ||
195 | + | ||
196 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
197 | NID_aes_128_gcm, | ||
198 | 1, 16, 12, | ||
199 | @@ -1395,6 +1518,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
200 | case NID_aes_128_gcm: | ||
201 | *cipher = &cryptodev_aes_128_gcm; | ||
202 | break; | ||
203 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
204 | + *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; | ||
205 | + break; | ||
206 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
207 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
208 | + break; | ||
209 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
210 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
211 | + break; | ||
212 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
213 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
214 | + break; | ||
215 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
216 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
217 | + break; | ||
218 | default: | ||
219 | *cipher = NULL; | ||
220 | break; | ||
221 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
222 | index 4dd32a1..e3a2505 100644 | ||
223 | --- a/crypto/objects/obj_dat.h | ||
224 | +++ b/crypto/objects/obj_dat.h | ||
225 | @@ -62,9 +62,9 @@ | ||
226 | * [including the GNU Public Licence.] | ||
227 | */ | ||
228 | |||
229 | -#define NUM_NID 962 | ||
230 | -#define NUM_SN 955 | ||
231 | -#define NUM_LN 955 | ||
232 | +#define NUM_NID 967 | ||
233 | +#define NUM_SN 960 | ||
234 | +#define NUM_LN 960 | ||
235 | #define NUM_OBJ 890 | ||
236 | |||
237 | static const unsigned char lvalues[6255]={ | ||
238 | @@ -2522,6 +2522,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
239 | NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
240 | {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
241 | NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
242 | +{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", | ||
243 | + NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
244 | +{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", | ||
245 | + NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
246 | +{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", | ||
247 | + NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
248 | +{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", | ||
249 | + NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, | ||
250 | +{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", | ||
251 | + NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, | ||
252 | }; | ||
253 | |||
254 | static const unsigned int sn_objs[NUM_SN]={ | ||
255 | @@ -2714,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
256 | 960, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
257 | 961, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
258 | 959, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
259 | +963, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ | ||
260 | +965, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ | ||
261 | +964, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ | ||
262 | +966, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ | ||
263 | +962, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ | ||
264 | 458, /* "UID" */ | ||
265 | 0, /* "UNDEF" */ | ||
266 | 11, /* "X500" */ | ||
267 | @@ -4408,6 +4423,11 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
268 | 960, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
269 | 961, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
270 | 959, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
271 | +963, /* "tls12-aes-128-cbc-hmac-sha1" */ | ||
272 | +965, /* "tls12-aes-128-cbc-hmac-sha256" */ | ||
273 | +964, /* "tls12-aes-256-cbc-hmac-sha1" */ | ||
274 | +966, /* "tls12-aes-256-cbc-hmac-sha256" */ | ||
275 | +962, /* "tls12-des-ede3-cbc-hmac-sha1" */ | ||
276 | 682, /* "tpBasis" */ | ||
277 | 436, /* "ucl" */ | ||
278 | 0, /* "undefined" */ | ||
279 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
280 | index 5930563..f4a81cb 100644 | ||
281 | --- a/crypto/objects/obj_mac.h | ||
282 | +++ b/crypto/objects/obj_mac.h | ||
283 | @@ -4063,6 +4063,26 @@ | ||
284 | #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
285 | #define NID_tls11_aes_256_cbc_hmac_sha1 961 | ||
286 | |||
287 | +#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" | ||
288 | +#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" | ||
289 | +#define NID_tls12_des_ede3_cbc_hmac_sha1 962 | ||
290 | + | ||
291 | +#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" | ||
292 | +#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" | ||
293 | +#define NID_tls12_aes_128_cbc_hmac_sha1 963 | ||
294 | + | ||
295 | +#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" | ||
296 | +#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" | ||
297 | +#define NID_tls12_aes_256_cbc_hmac_sha1 964 | ||
298 | + | ||
299 | +#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" | ||
300 | +#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" | ||
301 | +#define NID_tls12_aes_128_cbc_hmac_sha256 965 | ||
302 | + | ||
303 | +#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" | ||
304 | +#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" | ||
305 | +#define NID_tls12_aes_256_cbc_hmac_sha256 966 | ||
306 | + | ||
307 | #define SN_dhpublicnumber "dhpublicnumber" | ||
308 | #define LN_dhpublicnumber "X9.42 DH" | ||
309 | #define NID_dhpublicnumber 920 | ||
310 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
311 | index 02f1728..401be03 100644 | ||
312 | --- a/crypto/objects/obj_mac.num | ||
313 | +++ b/crypto/objects/obj_mac.num | ||
314 | @@ -959,3 +959,8 @@ des_ede3_cbc_hmac_sha1 958 | ||
315 | tls11_des_ede3_cbc_hmac_sha1 959 | ||
316 | tls11_aes_128_cbc_hmac_sha1 960 | ||
317 | tls11_aes_256_cbc_hmac_sha1 961 | ||
318 | +tls12_des_ede3_cbc_hmac_sha1 962 | ||
319 | +tls12_aes_128_cbc_hmac_sha1 963 | ||
320 | +tls12_aes_256_cbc_hmac_sha1 964 | ||
321 | +tls12_aes_128_cbc_hmac_sha256 965 | ||
322 | +tls12_aes_256_cbc_hmac_sha256 966 | ||
323 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
324 | index cda81da..68a8da8 100644 | ||
325 | --- a/crypto/objects/objects.txt | ||
326 | +++ b/crypto/objects/objects.txt | ||
327 | @@ -1298,6 +1298,11 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
328 | : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
329 | : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
330 | : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
331 | + : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 | ||
332 | + : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 | ||
333 | + : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 | ||
334 | + : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 | ||
335 | + : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 | ||
336 | |||
337 | ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH | ||
338 | |||
339 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
340 | index e3d73ac..4698528 100644 | ||
341 | --- a/ssl/ssl_ciph.c | ||
342 | +++ b/ssl/ssl_ciph.c | ||
343 | @@ -690,6 +690,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
344 | c->algorithm_mac == SSL_SHA1 && | ||
345 | (evp = EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
346 | *enc = evp, *md = NULL; | ||
347 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
348 | + c->algorithm_enc == SSL_3DES && | ||
349 | + c->algorithm_mac == SSL_SHA1 && | ||
350 | + (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) | ||
351 | + *enc = evp, *md = NULL; | ||
352 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
353 | + c->algorithm_enc == SSL_AES128 && | ||
354 | + c->algorithm_mac == SSL_SHA1 && | ||
355 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) | ||
356 | + *enc = evp, *md = NULL; | ||
357 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
358 | + c->algorithm_enc == SSL_AES256 && | ||
359 | + c->algorithm_mac == SSL_SHA1 && | ||
360 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) | ||
361 | + *enc = evp, *md = NULL; | ||
362 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
363 | + c->algorithm_enc == SSL_AES128 && | ||
364 | + c->algorithm_mac == SSL_SHA256 && | ||
365 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) | ||
366 | + *enc = evp, *md = NULL; | ||
367 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
368 | + c->algorithm_enc == SSL_AES256 && | ||
369 | + c->algorithm_mac == SSL_SHA256 && | ||
370 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) | ||
371 | + *enc = evp, *md = NULL; | ||
372 | return (1); | ||
373 | } else | ||
374 | return (0); | ||
375 | -- | ||
376 | 2.7.0 | ||
377 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch new file mode 100644 index 00000000..c1f0c9db --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-cryptodev-drop-redundant-function.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From 07d8dad75fb1e4c3487ae560ac51e2141aa0e0c1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Thu, 19 Feb 2015 16:11:53 +0200 | ||
4 | Subject: [PATCH 18/48] cryptodev: drop redundant function | ||
5 | |||
6 | get_dev_crypto already caches the result. Another cache in-between is | ||
7 | useless. | ||
8 | |||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | --- | ||
11 | crypto/engine/eng_cryptodev.c | 17 +++-------------- | ||
12 | 1 file changed, 3 insertions(+), 14 deletions(-) | ||
13 | |||
14 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
15 | index e6f9f16..4cffaf1 100644 | ||
16 | --- a/crypto/engine/eng_cryptodev.c | ||
17 | +++ b/crypto/engine/eng_cryptodev.c | ||
18 | @@ -93,7 +93,6 @@ struct dev_crypto_state { | ||
19 | |||
20 | static u_int32_t cryptodev_asymfeat = 0; | ||
21 | |||
22 | -static int get_asym_dev_crypto(void); | ||
23 | static int open_dev_crypto(void); | ||
24 | static int get_dev_crypto(void); | ||
25 | static int get_cryptodev_ciphers(const int **cnids); | ||
26 | @@ -440,16 +439,6 @@ static void put_dev_crypto(int fd) | ||
27 | # endif | ||
28 | } | ||
29 | |||
30 | -/* Caching version for asym operations */ | ||
31 | -static int get_asym_dev_crypto(void) | ||
32 | -{ | ||
33 | - static int fd = -1; | ||
34 | - | ||
35 | - if (fd == -1) | ||
36 | - fd = get_dev_crypto(); | ||
37 | - return fd; | ||
38 | -} | ||
39 | - | ||
40 | /* | ||
41 | * Find out what ciphers /dev/crypto will let us have a session for. | ||
42 | * XXX note, that some of these openssl doesn't deal with yet! | ||
43 | @@ -1919,7 +1908,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
44 | { | ||
45 | int fd, ret = -1; | ||
46 | |||
47 | - if ((fd = get_asym_dev_crypto()) < 0) | ||
48 | + if ((fd = get_dev_crypto()) < 0) | ||
49 | return (ret); | ||
50 | |||
51 | if (r) { | ||
52 | @@ -2509,7 +2498,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
53 | int p_len, q_len; | ||
54 | int i; | ||
55 | |||
56 | - if ((fd = get_asym_dev_crypto()) < 0) | ||
57 | + if ((fd = get_dev_crypto()) < 0) | ||
58 | goto sw_try; | ||
59 | |||
60 | if (!rsa->n && ((rsa->n = BN_new()) == NULL)) | ||
61 | @@ -4098,7 +4087,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
62 | BIGNUM *temp = NULL; | ||
63 | unsigned char *padded_pub_key = NULL, *p = NULL; | ||
64 | |||
65 | - if ((fd = get_asym_dev_crypto()) < 0) | ||
66 | + if ((fd = get_dev_crypto()) < 0) | ||
67 | goto sw_try; | ||
68 | |||
69 | memset(&kop, 0, sizeof kop); | ||
70 | -- | ||
71 | 2.7.0 | ||
72 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch deleted file mode 100644 index 1118a6fc..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch +++ /dev/null | |||
@@ -1,193 +0,0 @@ | |||
1 | From 21e3ca4ec77f9258aa4001f07faac1c4942b48b4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Fri, 9 May 2014 17:54:06 +0300 | ||
4 | Subject: [PATCH 18/26] eng_cryptodev: extend TLS offload with | ||
5 | 3des_cbc_hmac_sha1 | ||
6 | |||
7 | Both obj_mac.h and obj_dat.h were generated using the scripts | ||
8 | from crypto/objects: | ||
9 | |||
10 | $ cd crypto/objects | ||
11 | $ perl objects.pl objects.txt obj_mac.num obj_mac.h | ||
12 | $ perl obj_dat.pl obj_mac.h obj_dat.h | ||
13 | |||
14 | Change-Id: I94f13cdd09df67e33e6acd3c00aab47cb358ac46 | ||
15 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
16 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
17 | Reviewed-on: http://git.am.freescale.net:8181/34001 | ||
18 | --- | ||
19 | crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++++++++ | ||
20 | crypto/objects/obj_dat.h | 10 +++++++--- | ||
21 | crypto/objects/obj_mac.h | 4 ++++ | ||
22 | crypto/objects/obj_mac.num | 1 + | ||
23 | crypto/objects/objects.txt | 1 + | ||
24 | ssl/ssl_ciph.c | 4 ++++ | ||
25 | 6 files changed, 41 insertions(+), 3 deletions(-) | ||
26 | |||
27 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
28 | index 79b2678..299e84b 100644 | ||
29 | --- a/crypto/engine/eng_cryptodev.c | ||
30 | +++ b/crypto/engine/eng_cryptodev.c | ||
31 | @@ -135,6 +135,7 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
32 | void ENGINE_load_cryptodev(void); | ||
33 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
34 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
35 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
36 | |||
37 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
38 | { | ||
39 | @@ -252,6 +253,7 @@ static struct { | ||
40 | { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, 0}, | ||
41 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, | ||
42 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, | ||
43 | + { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
44 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
45 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
46 | { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
47 | @@ -466,6 +468,9 @@ cryptodev_usable_ciphers(const int **nids) | ||
48 | case NID_aes_256_cbc_hmac_sha1: | ||
49 | EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
50 | break; | ||
51 | + case NID_des_ede3_cbc_hmac_sha1: | ||
52 | + EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
53 | + break; | ||
54 | } | ||
55 | } | ||
56 | return count; | ||
57 | @@ -571,6 +576,7 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
58 | switch (ctx->cipher->nid) { | ||
59 | case NID_aes_128_cbc_hmac_sha1: | ||
60 | case NID_aes_256_cbc_hmac_sha1: | ||
61 | + case NID_des_ede3_cbc_hmac_sha1: | ||
62 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
63 | } | ||
64 | cryp.ses = sess->ses; | ||
65 | @@ -763,6 +769,7 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
66 | switch (ctx->cipher->nid) { | ||
67 | case NID_aes_128_cbc_hmac_sha1: | ||
68 | case NID_aes_256_cbc_hmac_sha1: | ||
69 | + case NID_des_ede3_cbc_hmac_sha1: | ||
70 | maclen = SHA_DIGEST_LENGTH; | ||
71 | } | ||
72 | |||
73 | @@ -1082,6 +1089,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { | ||
74 | NULL | ||
75 | }; | ||
76 | |||
77 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1 = { | ||
78 | + NID_des_ede3_cbc_hmac_sha1, | ||
79 | + 8, 24, 8, | ||
80 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
81 | + cryptodev_init_aead_key, | ||
82 | + cryptodev_aead_cipher, | ||
83 | + cryptodev_cleanup, | ||
84 | + sizeof(struct dev_crypto_state), | ||
85 | + EVP_CIPHER_set_asn1_iv, | ||
86 | + EVP_CIPHER_get_asn1_iv, | ||
87 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
88 | + NULL | ||
89 | +}; | ||
90 | + | ||
91 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { | ||
92 | NID_aes_128_cbc_hmac_sha1, | ||
93 | 16, 16, 16, | ||
94 | @@ -1163,6 +1184,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
95 | case NID_aes_256_cbc: | ||
96 | *cipher = &cryptodev_aes_256_cbc; | ||
97 | break; | ||
98 | + case NID_des_ede3_cbc_hmac_sha1: | ||
99 | + *cipher = &cryptodev_3des_cbc_hmac_sha1; | ||
100 | + break; | ||
101 | case NID_aes_128_cbc_hmac_sha1: | ||
102 | *cipher = &cryptodev_aes_128_cbc_hmac_sha1; | ||
103 | break; | ||
104 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
105 | index bc69665..9f2267a 100644 | ||
106 | --- a/crypto/objects/obj_dat.h | ||
107 | +++ b/crypto/objects/obj_dat.h | ||
108 | @@ -62,9 +62,9 @@ | ||
109 | * [including the GNU Public Licence.] | ||
110 | */ | ||
111 | |||
112 | -#define NUM_NID 920 | ||
113 | -#define NUM_SN 913 | ||
114 | -#define NUM_LN 913 | ||
115 | +#define NUM_NID 921 | ||
116 | +#define NUM_SN 914 | ||
117 | +#define NUM_LN 914 | ||
118 | #define NUM_OBJ 857 | ||
119 | |||
120 | static const unsigned char lvalues[5974]={ | ||
121 | @@ -2399,6 +2399,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
122 | {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", | ||
123 | NID_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
124 | {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, | ||
125 | +{"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", | ||
126 | + NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
127 | }; | ||
128 | |||
129 | static const unsigned int sn_objs[NUM_SN]={ | ||
130 | @@ -2474,6 +2476,7 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
131 | 62, /* "DES-EDE-OFB" */ | ||
132 | 33, /* "DES-EDE3" */ | ||
133 | 44, /* "DES-EDE3-CBC" */ | ||
134 | +920, /* "DES-EDE3-CBC-HMAC-SHA1" */ | ||
135 | 61, /* "DES-EDE3-CFB" */ | ||
136 | 658, /* "DES-EDE3-CFB1" */ | ||
137 | 659, /* "DES-EDE3-CFB8" */ | ||
138 | @@ -3585,6 +3588,7 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
139 | 62, /* "des-ede-ofb" */ | ||
140 | 33, /* "des-ede3" */ | ||
141 | 44, /* "des-ede3-cbc" */ | ||
142 | +920, /* "des-ede3-cbc-hmac-sha1" */ | ||
143 | 61, /* "des-ede3-cfb" */ | ||
144 | 658, /* "des-ede3-cfb1" */ | ||
145 | 659, /* "des-ede3-cfb8" */ | ||
146 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
147 | index b5ea7cd..8751902 100644 | ||
148 | --- a/crypto/objects/obj_mac.h | ||
149 | +++ b/crypto/objects/obj_mac.h | ||
150 | @@ -4030,3 +4030,7 @@ | ||
151 | #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" | ||
152 | #define NID_aes_256_cbc_hmac_sha1 918 | ||
153 | |||
154 | +#define SN_des_ede3_cbc_hmac_sha1 "DES-EDE3-CBC-HMAC-SHA1" | ||
155 | +#define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" | ||
156 | +#define NID_des_ede3_cbc_hmac_sha1 920 | ||
157 | + | ||
158 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
159 | index 1d0a7c8..9d44bb5 100644 | ||
160 | --- a/crypto/objects/obj_mac.num | ||
161 | +++ b/crypto/objects/obj_mac.num | ||
162 | @@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916 | ||
163 | aes_192_cbc_hmac_sha1 917 | ||
164 | aes_256_cbc_hmac_sha1 918 | ||
165 | rsaesOaep 919 | ||
166 | +des_ede3_cbc_hmac_sha1 920 | ||
167 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
168 | index d3bfad7..90d2fc5 100644 | ||
169 | --- a/crypto/objects/objects.txt | ||
170 | +++ b/crypto/objects/objects.txt | ||
171 | @@ -1290,3 +1290,4 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
172 | : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 | ||
173 | : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 | ||
174 | : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 | ||
175 | + : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 | ||
176 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
177 | index 8188ff5..310fe76 100644 | ||
178 | --- a/ssl/ssl_ciph.c | ||
179 | +++ b/ssl/ssl_ciph.c | ||
180 | @@ -639,6 +639,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
181 | c->algorithm_mac == SSL_SHA1 && | ||
182 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | ||
183 | *enc = evp, *md = NULL; | ||
184 | + else if (c->algorithm_enc == SSL_3DES && | ||
185 | + c->algorithm_mac == SSL_SHA1 && | ||
186 | + (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
187 | + *enc = evp, *md = NULL; | ||
188 | return(1); | ||
189 | } | ||
190 | else | ||
191 | -- | ||
192 | 2.3.5 | ||
193 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch new file mode 100644 index 00000000..248d88ec --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-cryptodev-do-not-zero-the-buffer-before-use.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 1f7ef531a010a3a86c9c16f801044b5f01652eb2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Tue, 17 Feb 2015 13:12:53 +0200 | ||
4 | Subject: [PATCH 19/48] cryptodev: do not zero the buffer before use | ||
5 | |||
6 | - The buffer is just about to be overwritten. Zeroing it before that has | ||
7 | no purpose | ||
8 | |||
9 | Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce | ||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | Reviewed-on: http://git.am.freescale.net:8181/34217 | ||
12 | --- | ||
13 | crypto/engine/eng_cryptodev.c | 14 ++++---------- | ||
14 | 1 file changed, 4 insertions(+), 10 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
17 | index 4cffaf1..bbc903b 100644 | ||
18 | --- a/crypto/engine/eng_cryptodev.c | ||
19 | +++ b/crypto/engine/eng_cryptodev.c | ||
20 | @@ -1801,21 +1801,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | ||
21 | static int bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
22 | { | ||
23 | ssize_t bytes, bits; | ||
24 | - u_char *b; | ||
25 | - | ||
26 | - crp->crp_p = NULL; | ||
27 | - crp->crp_nbits = 0; | ||
28 | |||
29 | bits = BN_num_bits(a); | ||
30 | bytes = (bits + 7) / 8; | ||
31 | |||
32 | - b = malloc(bytes); | ||
33 | - if (b == NULL) | ||
34 | - return (1); | ||
35 | - memset(b, 0, bytes); | ||
36 | - | ||
37 | - crp->crp_p = (caddr_t) b; | ||
38 | crp->crp_nbits = bits; | ||
39 | + crp->crp_p = malloc(bytes); | ||
40 | + | ||
41 | + if (crp->crp_p == NULL) | ||
42 | + return (1); | ||
43 | |||
44 | BN_bn2bin(a, crp->crp_p); | ||
45 | return (0); | ||
46 | -- | ||
47 | 2.7.0 | ||
48 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch deleted file mode 100644 index 988d79ea..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch +++ /dev/null | |||
@@ -1,355 +0,0 @@ | |||
1 | From 1de2b740a3bdcd8e98abb5f4e176d46fd817b932 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:30:17 +0300 | ||
4 | Subject: [PATCH 19/26] eng_cryptodev: add support for TLSv1.1 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | |||
11 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
12 | kernel driver. | ||
13 | |||
14 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
15 | Change-Id: Id414f36a528de3f476b72688cf85714787d7ccae | ||
16 | Reviewed-on: http://git.am.freescale.net:8181/34002 | ||
17 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
18 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
19 | --- | ||
20 | crypto/engine/eng_cryptodev.c | 101 ++++++++++++++++++++++++++++++++++++++---- | ||
21 | crypto/objects/obj_dat.h | 18 ++++++-- | ||
22 | crypto/objects/obj_mac.h | 12 +++++ | ||
23 | crypto/objects/obj_mac.num | 3 ++ | ||
24 | crypto/objects/objects.txt | 3 ++ | ||
25 | ssl/ssl_ciph.c | 26 +++++++++-- | ||
26 | 6 files changed, 148 insertions(+), 15 deletions(-) | ||
27 | |||
28 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
29 | index 299e84b..f71ab27 100644 | ||
30 | --- a/crypto/engine/eng_cryptodev.c | ||
31 | +++ b/crypto/engine/eng_cryptodev.c | ||
32 | @@ -66,6 +66,7 @@ ENGINE_load_cryptodev(void) | ||
33 | #include <sys/ioctl.h> | ||
34 | #include <errno.h> | ||
35 | #include <stdio.h> | ||
36 | +#include <stdbool.h> | ||
37 | #include <unistd.h> | ||
38 | #include <fcntl.h> | ||
39 | #include <stdarg.h> | ||
40 | @@ -133,9 +134,12 @@ static int cryptodev_dh_compute_key(unsigned char *key, | ||
41 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
42 | void (*f)(void)); | ||
43 | void ENGINE_load_cryptodev(void); | ||
44 | +const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
45 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
46 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
47 | -const EVP_CIPHER cryptodev_3des_cbc_hmac_sha1; | ||
48 | +const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
49 | +const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
50 | +const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
51 | |||
52 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
53 | { | ||
54 | @@ -256,6 +260,9 @@ static struct { | ||
55 | { CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, NID_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
56 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
57 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
58 | + { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
59 | + { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
60 | + { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
61 | { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
62 | { 0, NID_undef, 0, 0, 0}, | ||
63 | }; | ||
64 | @@ -462,14 +469,23 @@ cryptodev_usable_ciphers(const int **nids) | ||
65 | /* add ciphers specific to cryptodev if found in kernel */ | ||
66 | for(i = 0; i < count; i++) { | ||
67 | switch (*(*nids + i)) { | ||
68 | + case NID_des_ede3_cbc_hmac_sha1: | ||
69 | + EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
70 | + break; | ||
71 | case NID_aes_128_cbc_hmac_sha1: | ||
72 | EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | ||
73 | break; | ||
74 | case NID_aes_256_cbc_hmac_sha1: | ||
75 | EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
76 | break; | ||
77 | - case NID_des_ede3_cbc_hmac_sha1: | ||
78 | - EVP_add_cipher(&cryptodev_3des_cbc_hmac_sha1); | ||
79 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
80 | + EVP_add_cipher(&cryptodev_tls11_3des_cbc_hmac_sha1); | ||
81 | + break; | ||
82 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
83 | + EVP_add_cipher(&cryptodev_tls11_aes_128_cbc_hmac_sha1); | ||
84 | + break; | ||
85 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
86 | + EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
87 | break; | ||
88 | } | ||
89 | } | ||
90 | @@ -574,9 +590,12 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
91 | |||
92 | /* TODO: make a seamless integration with cryptodev flags */ | ||
93 | switch (ctx->cipher->nid) { | ||
94 | + case NID_des_ede3_cbc_hmac_sha1: | ||
95 | case NID_aes_128_cbc_hmac_sha1: | ||
96 | case NID_aes_256_cbc_hmac_sha1: | ||
97 | - case NID_des_ede3_cbc_hmac_sha1: | ||
98 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
99 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
100 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
101 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
102 | } | ||
103 | cryp.ses = sess->ses; | ||
104 | @@ -758,8 +777,9 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
105 | struct dev_crypto_state *state = ctx->cipher_data; | ||
106 | unsigned char *p = ptr; | ||
107 | unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; | ||
108 | - unsigned int maclen, padlen; | ||
109 | + unsigned int maclen, padlen, len; | ||
110 | unsigned int bs = ctx->cipher->block_size; | ||
111 | + bool aad_needs_fix = false; | ||
112 | |||
113 | state->aad = ptr; | ||
114 | state->aad_len = arg; | ||
115 | @@ -767,10 +787,24 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
116 | |||
117 | /* TODO: this should be an extension of EVP_CIPHER struct */ | ||
118 | switch (ctx->cipher->nid) { | ||
119 | + case NID_des_ede3_cbc_hmac_sha1: | ||
120 | case NID_aes_128_cbc_hmac_sha1: | ||
121 | case NID_aes_256_cbc_hmac_sha1: | ||
122 | - case NID_des_ede3_cbc_hmac_sha1: | ||
123 | maclen = SHA_DIGEST_LENGTH; | ||
124 | + break; | ||
125 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
126 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
127 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
128 | + maclen = SHA_DIGEST_LENGTH; | ||
129 | + aad_needs_fix = true; | ||
130 | + break; | ||
131 | + } | ||
132 | + | ||
133 | + /* Correct length for AAD Length field */ | ||
134 | + if (ctx->encrypt && aad_needs_fix) { | ||
135 | + len = cryptlen - bs; | ||
136 | + p[arg-2] = len >> 8; | ||
137 | + p[arg-1] = len & 0xff; | ||
138 | } | ||
139 | |||
140 | /* space required for encryption (not only TLS padding) */ | ||
141 | @@ -1131,6 +1165,48 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
142 | NULL | ||
143 | }; | ||
144 | |||
145 | +const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1 = { | ||
146 | + NID_tls11_des_ede3_cbc_hmac_sha1, | ||
147 | + 8, 24, 8, | ||
148 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
149 | + cryptodev_init_aead_key, | ||
150 | + cryptodev_aead_cipher, | ||
151 | + cryptodev_cleanup, | ||
152 | + sizeof(struct dev_crypto_state), | ||
153 | + EVP_CIPHER_set_asn1_iv, | ||
154 | + EVP_CIPHER_get_asn1_iv, | ||
155 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
156 | + NULL | ||
157 | +}; | ||
158 | + | ||
159 | +const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1 = { | ||
160 | + NID_tls11_aes_128_cbc_hmac_sha1, | ||
161 | + 16, 16, 16, | ||
162 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
163 | + cryptodev_init_aead_key, | ||
164 | + cryptodev_aead_cipher, | ||
165 | + cryptodev_cleanup, | ||
166 | + sizeof(struct dev_crypto_state), | ||
167 | + EVP_CIPHER_set_asn1_iv, | ||
168 | + EVP_CIPHER_get_asn1_iv, | ||
169 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
170 | + NULL | ||
171 | +}; | ||
172 | + | ||
173 | +const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
174 | + NID_tls11_aes_256_cbc_hmac_sha1, | ||
175 | + 16, 32, 16, | ||
176 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
177 | + cryptodev_init_aead_key, | ||
178 | + cryptodev_aead_cipher, | ||
179 | + cryptodev_cleanup, | ||
180 | + sizeof(struct dev_crypto_state), | ||
181 | + EVP_CIPHER_set_asn1_iv, | ||
182 | + EVP_CIPHER_get_asn1_iv, | ||
183 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
184 | + NULL | ||
185 | +}; | ||
186 | + | ||
187 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
188 | NID_aes_128_gcm, | ||
189 | 1, 16, 12, | ||
190 | @@ -1184,6 +1260,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
191 | case NID_aes_256_cbc: | ||
192 | *cipher = &cryptodev_aes_256_cbc; | ||
193 | break; | ||
194 | + case NID_aes_128_gcm: | ||
195 | + *cipher = &cryptodev_aes_128_gcm; | ||
196 | + break; | ||
197 | case NID_des_ede3_cbc_hmac_sha1: | ||
198 | *cipher = &cryptodev_3des_cbc_hmac_sha1; | ||
199 | break; | ||
200 | @@ -1193,8 +1272,14 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
201 | case NID_aes_256_cbc_hmac_sha1: | ||
202 | *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
203 | break; | ||
204 | - case NID_aes_128_gcm: | ||
205 | - *cipher = &cryptodev_aes_128_gcm; | ||
206 | + case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
207 | + *cipher = &cryptodev_tls11_3des_cbc_hmac_sha1; | ||
208 | + break; | ||
209 | + case NID_tls11_aes_128_cbc_hmac_sha1: | ||
210 | + *cipher = &cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
211 | + break; | ||
212 | + case NID_tls11_aes_256_cbc_hmac_sha1: | ||
213 | + *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
214 | break; | ||
215 | default: | ||
216 | *cipher = NULL; | ||
217 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
218 | index 9f2267a..dc89b0a 100644 | ||
219 | --- a/crypto/objects/obj_dat.h | ||
220 | +++ b/crypto/objects/obj_dat.h | ||
221 | @@ -62,9 +62,9 @@ | ||
222 | * [including the GNU Public Licence.] | ||
223 | */ | ||
224 | |||
225 | -#define NUM_NID 921 | ||
226 | -#define NUM_SN 914 | ||
227 | -#define NUM_LN 914 | ||
228 | +#define NUM_NID 924 | ||
229 | +#define NUM_SN 917 | ||
230 | +#define NUM_LN 917 | ||
231 | #define NUM_OBJ 857 | ||
232 | |||
233 | static const unsigned char lvalues[5974]={ | ||
234 | @@ -2401,6 +2401,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
235 | {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, | ||
236 | {"DES-EDE3-CBC-HMAC-SHA1","des-ede3-cbc-hmac-sha1", | ||
237 | NID_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
238 | +{"TLS11-DES-EDE3-CBC-HMAC-SHA1","tls11-des-ede3-cbc-hmac-sha1", | ||
239 | + NID_tls11_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
240 | +{"TLS11-AES-128-CBC-HMAC-SHA1","tls11-aes-128-cbc-hmac-sha1", | ||
241 | + NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
242 | +{"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
243 | + NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
244 | }; | ||
245 | |||
246 | static const unsigned int sn_objs[NUM_SN]={ | ||
247 | @@ -2586,6 +2592,9 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
248 | 100, /* "SN" */ | ||
249 | 16, /* "ST" */ | ||
250 | 143, /* "SXNetID" */ | ||
251 | +922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
252 | +923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
253 | +921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
254 | 458, /* "UID" */ | ||
255 | 0, /* "UNDEF" */ | ||
256 | 11, /* "X500" */ | ||
257 | @@ -4205,6 +4214,9 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
258 | 459, /* "textEncodedORAddress" */ | ||
259 | 293, /* "textNotice" */ | ||
260 | 106, /* "title" */ | ||
261 | +922, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
262 | +923, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
263 | +921, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
264 | 682, /* "tpBasis" */ | ||
265 | 436, /* "ucl" */ | ||
266 | 0, /* "undefined" */ | ||
267 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
268 | index 8751902..f181890 100644 | ||
269 | --- a/crypto/objects/obj_mac.h | ||
270 | +++ b/crypto/objects/obj_mac.h | ||
271 | @@ -4034,3 +4034,15 @@ | ||
272 | #define LN_des_ede3_cbc_hmac_sha1 "des-ede3-cbc-hmac-sha1" | ||
273 | #define NID_des_ede3_cbc_hmac_sha1 920 | ||
274 | |||
275 | +#define SN_tls11_des_ede3_cbc_hmac_sha1 "TLS11-DES-EDE3-CBC-HMAC-SHA1" | ||
276 | +#define LN_tls11_des_ede3_cbc_hmac_sha1 "tls11-des-ede3-cbc-hmac-sha1" | ||
277 | +#define NID_tls11_des_ede3_cbc_hmac_sha1 921 | ||
278 | + | ||
279 | +#define SN_tls11_aes_128_cbc_hmac_sha1 "TLS11-AES-128-CBC-HMAC-SHA1" | ||
280 | +#define LN_tls11_aes_128_cbc_hmac_sha1 "tls11-aes-128-cbc-hmac-sha1" | ||
281 | +#define NID_tls11_aes_128_cbc_hmac_sha1 922 | ||
282 | + | ||
283 | +#define SN_tls11_aes_256_cbc_hmac_sha1 "TLS11-AES-256-CBC-HMAC-SHA1" | ||
284 | +#define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
285 | +#define NID_tls11_aes_256_cbc_hmac_sha1 923 | ||
286 | + | ||
287 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
288 | index 9d44bb5..a02b58c 100644 | ||
289 | --- a/crypto/objects/obj_mac.num | ||
290 | +++ b/crypto/objects/obj_mac.num | ||
291 | @@ -918,3 +918,6 @@ aes_192_cbc_hmac_sha1 917 | ||
292 | aes_256_cbc_hmac_sha1 918 | ||
293 | rsaesOaep 919 | ||
294 | des_ede3_cbc_hmac_sha1 920 | ||
295 | +tls11_des_ede3_cbc_hmac_sha1 921 | ||
296 | +tls11_aes_128_cbc_hmac_sha1 922 | ||
297 | +tls11_aes_256_cbc_hmac_sha1 923 | ||
298 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
299 | index 90d2fc5..1973658 100644 | ||
300 | --- a/crypto/objects/objects.txt | ||
301 | +++ b/crypto/objects/objects.txt | ||
302 | @@ -1291,3 +1291,6 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
303 | : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 | ||
304 | : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 | ||
305 | : DES-EDE3-CBC-HMAC-SHA1 : des-ede3-cbc-hmac-sha1 | ||
306 | + : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
307 | + : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
308 | + : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
309 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
310 | index 310fe76..0408986 100644 | ||
311 | --- a/ssl/ssl_ciph.c | ||
312 | +++ b/ssl/ssl_ciph.c | ||
313 | @@ -631,17 +631,35 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
314 | c->algorithm_mac == SSL_MD5 && | ||
315 | (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) | ||
316 | *enc = evp, *md = NULL; | ||
317 | - else if (c->algorithm_enc == SSL_AES128 && | ||
318 | + else if (s->ssl_version == TLS1_VERSION && | ||
319 | + c->algorithm_enc == SSL_3DES && | ||
320 | + c->algorithm_mac == SSL_SHA1 && | ||
321 | + (evp=EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
322 | + *enc = evp, *md = NULL; | ||
323 | + else if (s->ssl_version == TLS1_VERSION && | ||
324 | + c->algorithm_enc == SSL_AES128 && | ||
325 | c->algorithm_mac == SSL_SHA1 && | ||
326 | (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | ||
327 | *enc = evp, *md = NULL; | ||
328 | - else if (c->algorithm_enc == SSL_AES256 && | ||
329 | + else if (s->ssl_version == TLS1_VERSION && | ||
330 | + c->algorithm_enc == SSL_AES256 && | ||
331 | c->algorithm_mac == SSL_SHA1 && | ||
332 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | ||
333 | *enc = evp, *md = NULL; | ||
334 | - else if (c->algorithm_enc == SSL_3DES && | ||
335 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
336 | + c->algorithm_enc == SSL_3DES && | ||
337 | + c->algorithm_mac == SSL_SHA1 && | ||
338 | + (evp=EVP_get_cipherbyname("TLS11-DES-EDE3-CBC-HMAC-SHA1"))) | ||
339 | + *enc = evp, *md = NULL; | ||
340 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
341 | + c->algorithm_enc == SSL_AES128 && | ||
342 | + c->algorithm_mac == SSL_SHA1 && | ||
343 | + (evp=EVP_get_cipherbyname("TLS11-AES-128-CBC-HMAC-SHA1"))) | ||
344 | + *enc = evp, *md = NULL; | ||
345 | + else if (s->ssl_version == TLS1_1_VERSION && | ||
346 | + c->algorithm_enc == SSL_AES256 && | ||
347 | c->algorithm_mac == SSL_SHA1 && | ||
348 | - (evp = EVP_get_cipherbyname("DES-EDE3-CBC-HMAC-SHA1"))) | ||
349 | + (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
350 | *enc = evp, *md = NULL; | ||
351 | return(1); | ||
352 | } | ||
353 | -- | ||
354 | 2.3.5 | ||
355 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch new file mode 100644 index 00000000..c600bdab --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-cryptodev-clean-up-code-layout.patch | |||
@@ -0,0 +1,73 @@ | |||
1 | From 453c617b10fb2c4e748b5799ab4b00c184470c60 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Wed, 18 Feb 2015 10:39:46 +0200 | ||
4 | Subject: [PATCH 20/48] cryptodev: clean-up code layout | ||
5 | |||
6 | This is just a refactoring that uses else branch to check for malloc failures | ||
7 | |||
8 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
9 | --- | ||
10 | crypto/engine/eng_cryptodev.c | 45 ++++++++++++++++++++----------------------- | ||
11 | 1 file changed, 21 insertions(+), 24 deletions(-) | ||
12 | |||
13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
14 | index bbc903b..14dcddf 100644 | ||
15 | --- a/crypto/engine/eng_cryptodev.c | ||
16 | +++ b/crypto/engine/eng_cryptodev.c | ||
17 | @@ -1865,32 +1865,29 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
18 | fd = *(int *)cookie->eng_handle; | ||
19 | |||
20 | eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); | ||
21 | - | ||
22 | - if (eng_cookie) { | ||
23 | - memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); | ||
24 | - if (r) { | ||
25 | - kop->crk_param[kop->crk_iparams].crp_p = | ||
26 | - calloc(rlen, sizeof(char)); | ||
27 | - if (!kop->crk_param[kop->crk_iparams].crp_p) | ||
28 | - return -ENOMEM; | ||
29 | - kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
30 | - kop->crk_oparams++; | ||
31 | - eng_cookie->r = r; | ||
32 | - eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; | ||
33 | - } | ||
34 | - if (s) { | ||
35 | - kop->crk_param[kop->crk_iparams + 1].crp_p = | ||
36 | - calloc(slen, sizeof(char)); | ||
37 | - if (!kop->crk_param[kop->crk_iparams + 1].crp_p) | ||
38 | - return -ENOMEM; | ||
39 | - kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; | ||
40 | - kop->crk_oparams++; | ||
41 | - eng_cookie->s = s; | ||
42 | - eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; | ||
43 | - } | ||
44 | - } else | ||
45 | + if (!eng_cookie) | ||
46 | return -ENOMEM; | ||
47 | |||
48 | + memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); | ||
49 | + if (r) { | ||
50 | + kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); | ||
51 | + if (!kop->crk_param[kop->crk_iparams].crp_p) | ||
52 | + return -ENOMEM; | ||
53 | + kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
54 | + kop->crk_oparams++; | ||
55 | + eng_cookie->r = r; | ||
56 | + eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; | ||
57 | + } | ||
58 | + if (s) { | ||
59 | + kop->crk_param[kop->crk_iparams + 1].crp_p = | ||
60 | + calloc(slen, sizeof(char)); | ||
61 | + if (!kop->crk_param[kop->crk_iparams + 1].crp_p) | ||
62 | + return -ENOMEM; | ||
63 | + kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; | ||
64 | + kop->crk_oparams++; | ||
65 | + eng_cookie->s = s; | ||
66 | + eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; | ||
67 | + } | ||
68 | eng_cookie->kop = kop; | ||
69 | cookie->eng_cookie = eng_cookie; | ||
70 | return ioctl(fd, CIOCASYMASYNCRYPT, kop); | ||
71 | -- | ||
72 | 2.7.0 | ||
73 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch deleted file mode 100644 index 7370c496..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch +++ /dev/null | |||
@@ -1,359 +0,0 @@ | |||
1 | From a58703e6601fcfcfe69fdb3e7152ed76b40d67e9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:32:35 +0300 | ||
4 | Subject: [PATCH 20/26] eng_cryptodev: add support for TLSv1.2 record offload | ||
5 | |||
6 | Supported cipher suites: | ||
7 | - 3des-ede-cbc-sha | ||
8 | - aes-128-cbc-hmac-sha | ||
9 | - aes-256-cbc-hmac-sha | ||
10 | - aes-128-cbc-hmac-sha256 | ||
11 | - aes-256-cbc-hmac-sha256 | ||
12 | |||
13 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | ||
14 | kernel driver. | ||
15 | |||
16 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
17 | Change-Id: I0ac6953dd62e2655a59d8f3eaefd012b7ecebf55 | ||
18 | Reviewed-on: http://git.am.freescale.net:8181/34003 | ||
19 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
20 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
21 | --- | ||
22 | crypto/engine/eng_cryptodev.c | 123 ++++++++++++++++++++++++++++++++++++++++++ | ||
23 | crypto/objects/obj_dat.h | 26 +++++++-- | ||
24 | crypto/objects/obj_mac.h | 20 +++++++ | ||
25 | crypto/objects/obj_mac.num | 5 ++ | ||
26 | crypto/objects/objects.txt | 5 ++ | ||
27 | ssl/ssl_ciph.c | 25 +++++++++ | ||
28 | 6 files changed, 201 insertions(+), 3 deletions(-) | ||
29 | |||
30 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
31 | index f71ab27..fa5fe1b 100644 | ||
32 | --- a/crypto/engine/eng_cryptodev.c | ||
33 | +++ b/crypto/engine/eng_cryptodev.c | ||
34 | @@ -140,6 +140,11 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
35 | const EVP_CIPHER cryptodev_tls11_3des_cbc_hmac_sha1; | ||
36 | const EVP_CIPHER cryptodev_tls11_aes_128_cbc_hmac_sha1; | ||
37 | const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
38 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1; | ||
39 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
40 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
41 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
42 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
43 | |||
44 | inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
45 | { | ||
46 | @@ -263,6 +268,11 @@ static struct { | ||
47 | { CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, NID_tls11_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
48 | { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
49 | { CRYPTO_TLS11_AES_CBC_HMAC_SHA1, NID_tls11_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
50 | + { CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, NID_tls12_des_ede3_cbc_hmac_sha1, 8, 24, 20}, | ||
51 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
52 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA1, NID_tls12_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
53 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_128_cbc_hmac_sha256, 16, 16, 32}, | ||
54 | + { CRYPTO_TLS12_AES_CBC_HMAC_SHA256, NID_tls12_aes_256_cbc_hmac_sha256, 16, 32, 32}, | ||
55 | { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
56 | { 0, NID_undef, 0, 0, 0}, | ||
57 | }; | ||
58 | @@ -487,6 +497,21 @@ cryptodev_usable_ciphers(const int **nids) | ||
59 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
60 | EVP_add_cipher(&cryptodev_tls11_aes_256_cbc_hmac_sha1); | ||
61 | break; | ||
62 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
63 | + EVP_add_cipher(&cryptodev_tls12_3des_cbc_hmac_sha1); | ||
64 | + break; | ||
65 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
66 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha1); | ||
67 | + break; | ||
68 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
69 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha1); | ||
70 | + break; | ||
71 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
72 | + EVP_add_cipher(&cryptodev_tls12_aes_128_cbc_hmac_sha256); | ||
73 | + break; | ||
74 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
75 | + EVP_add_cipher(&cryptodev_tls12_aes_256_cbc_hmac_sha256); | ||
76 | + break; | ||
77 | } | ||
78 | } | ||
79 | return count; | ||
80 | @@ -596,6 +621,11 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
81 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
82 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
83 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
84 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
85 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
86 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
87 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
88 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
89 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
90 | } | ||
91 | cryp.ses = sess->ses; | ||
92 | @@ -795,9 +825,17 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
93 | case NID_tls11_des_ede3_cbc_hmac_sha1: | ||
94 | case NID_tls11_aes_128_cbc_hmac_sha1: | ||
95 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
96 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
97 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
98 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
99 | maclen = SHA_DIGEST_LENGTH; | ||
100 | aad_needs_fix = true; | ||
101 | break; | ||
102 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
103 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
104 | + maclen = SHA256_DIGEST_LENGTH; | ||
105 | + aad_needs_fix = true; | ||
106 | + break; | ||
107 | } | ||
108 | |||
109 | /* Correct length for AAD Length field */ | ||
110 | @@ -1207,6 +1245,76 @@ const EVP_CIPHER cryptodev_tls11_aes_256_cbc_hmac_sha1 = { | ||
111 | NULL | ||
112 | }; | ||
113 | |||
114 | +const EVP_CIPHER cryptodev_tls12_3des_cbc_hmac_sha1 = { | ||
115 | + NID_tls12_des_ede3_cbc_hmac_sha1, | ||
116 | + 8, 24, 8, | ||
117 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
118 | + cryptodev_init_aead_key, | ||
119 | + cryptodev_aead_cipher, | ||
120 | + cryptodev_cleanup, | ||
121 | + sizeof(struct dev_crypto_state), | ||
122 | + EVP_CIPHER_set_asn1_iv, | ||
123 | + EVP_CIPHER_get_asn1_iv, | ||
124 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
125 | + NULL | ||
126 | +}; | ||
127 | + | ||
128 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha1 = { | ||
129 | + NID_tls12_aes_128_cbc_hmac_sha1, | ||
130 | + 16, 16, 16, | ||
131 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
132 | + cryptodev_init_aead_key, | ||
133 | + cryptodev_aead_cipher, | ||
134 | + cryptodev_cleanup, | ||
135 | + sizeof(struct dev_crypto_state), | ||
136 | + EVP_CIPHER_set_asn1_iv, | ||
137 | + EVP_CIPHER_get_asn1_iv, | ||
138 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
139 | + NULL | ||
140 | +}; | ||
141 | + | ||
142 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1 = { | ||
143 | + NID_tls12_aes_256_cbc_hmac_sha1, | ||
144 | + 16, 32, 16, | ||
145 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
146 | + cryptodev_init_aead_key, | ||
147 | + cryptodev_aead_cipher, | ||
148 | + cryptodev_cleanup, | ||
149 | + sizeof(struct dev_crypto_state), | ||
150 | + EVP_CIPHER_set_asn1_iv, | ||
151 | + EVP_CIPHER_get_asn1_iv, | ||
152 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
153 | + NULL | ||
154 | +}; | ||
155 | + | ||
156 | +const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256 = { | ||
157 | + NID_tls12_aes_128_cbc_hmac_sha256, | ||
158 | + 16, 16, 16, | ||
159 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
160 | + cryptodev_init_aead_key, | ||
161 | + cryptodev_aead_cipher, | ||
162 | + cryptodev_cleanup, | ||
163 | + sizeof(struct dev_crypto_state), | ||
164 | + EVP_CIPHER_set_asn1_iv, | ||
165 | + EVP_CIPHER_get_asn1_iv, | ||
166 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
167 | + NULL | ||
168 | +}; | ||
169 | + | ||
170 | +const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256 = { | ||
171 | + NID_tls12_aes_256_cbc_hmac_sha256, | ||
172 | + 16, 32, 16, | ||
173 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
174 | + cryptodev_init_aead_key, | ||
175 | + cryptodev_aead_cipher, | ||
176 | + cryptodev_cleanup, | ||
177 | + sizeof(struct dev_crypto_state), | ||
178 | + EVP_CIPHER_set_asn1_iv, | ||
179 | + EVP_CIPHER_get_asn1_iv, | ||
180 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
181 | + NULL | ||
182 | +}; | ||
183 | + | ||
184 | const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
185 | NID_aes_128_gcm, | ||
186 | 1, 16, 12, | ||
187 | @@ -1281,6 +1389,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
188 | case NID_tls11_aes_256_cbc_hmac_sha1: | ||
189 | *cipher = &cryptodev_tls11_aes_256_cbc_hmac_sha1; | ||
190 | break; | ||
191 | + case NID_tls12_des_ede3_cbc_hmac_sha1: | ||
192 | + *cipher = &cryptodev_tls12_3des_cbc_hmac_sha1; | ||
193 | + break; | ||
194 | + case NID_tls12_aes_128_cbc_hmac_sha1: | ||
195 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha1; | ||
196 | + break; | ||
197 | + case NID_tls12_aes_256_cbc_hmac_sha1: | ||
198 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
199 | + break; | ||
200 | + case NID_tls12_aes_128_cbc_hmac_sha256: | ||
201 | + *cipher = &cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
202 | + break; | ||
203 | + case NID_tls12_aes_256_cbc_hmac_sha256: | ||
204 | + *cipher = &cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
205 | + break; | ||
206 | default: | ||
207 | *cipher = NULL; | ||
208 | break; | ||
209 | diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h | ||
210 | index dc89b0a..dfe19da 100644 | ||
211 | --- a/crypto/objects/obj_dat.h | ||
212 | +++ b/crypto/objects/obj_dat.h | ||
213 | @@ -62,9 +62,9 @@ | ||
214 | * [including the GNU Public Licence.] | ||
215 | */ | ||
216 | |||
217 | -#define NUM_NID 924 | ||
218 | -#define NUM_SN 917 | ||
219 | -#define NUM_LN 917 | ||
220 | +#define NUM_NID 929 | ||
221 | +#define NUM_SN 922 | ||
222 | +#define NUM_LN 922 | ||
223 | #define NUM_OBJ 857 | ||
224 | |||
225 | static const unsigned char lvalues[5974]={ | ||
226 | @@ -2407,6 +2407,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ | ||
227 | NID_tls11_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
228 | {"TLS11-AES-256-CBC-HMAC-SHA1","tls11-aes-256-cbc-hmac-sha1", | ||
229 | NID_tls11_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
230 | +{"TLS12-DES-EDE3-CBC-HMAC-SHA1","tls12-des-ede3-cbc-hmac-sha1", | ||
231 | + NID_tls12_des_ede3_cbc_hmac_sha1,0,NULL,0}, | ||
232 | +{"TLS12-AES-128-CBC-HMAC-SHA1","tls12-aes-128-cbc-hmac-sha1", | ||
233 | + NID_tls12_aes_128_cbc_hmac_sha1,0,NULL,0}, | ||
234 | +{"TLS12-AES-256-CBC-HMAC-SHA1","tls12-aes-256-cbc-hmac-sha1", | ||
235 | + NID_tls12_aes_256_cbc_hmac_sha1,0,NULL,0}, | ||
236 | +{"TLS12-AES-128-CBC-HMAC-SHA256","tls12-aes-128-cbc-hmac-sha256", | ||
237 | + NID_tls12_aes_128_cbc_hmac_sha256,0,NULL,0}, | ||
238 | +{"TLS12-AES-256-CBC-HMAC-SHA256","tls12-aes-256-cbc-hmac-sha256", | ||
239 | + NID_tls12_aes_256_cbc_hmac_sha256,0,NULL,0}, | ||
240 | }; | ||
241 | |||
242 | static const unsigned int sn_objs[NUM_SN]={ | ||
243 | @@ -2595,6 +2605,11 @@ static const unsigned int sn_objs[NUM_SN]={ | ||
244 | 922, /* "TLS11-AES-128-CBC-HMAC-SHA1" */ | ||
245 | 923, /* "TLS11-AES-256-CBC-HMAC-SHA1" */ | ||
246 | 921, /* "TLS11-DES-EDE3-CBC-HMAC-SHA1" */ | ||
247 | +925, /* "TLS12-AES-128-CBC-HMAC-SHA1" */ | ||
248 | +927, /* "TLS12-AES-128-CBC-HMAC-SHA256" */ | ||
249 | +926, /* "TLS12-AES-256-CBC-HMAC-SHA1" */ | ||
250 | +928, /* "TLS12-AES-256-CBC-HMAC-SHA256" */ | ||
251 | +924, /* "TLS12-DES-EDE3-CBC-HMAC-SHA1" */ | ||
252 | 458, /* "UID" */ | ||
253 | 0, /* "UNDEF" */ | ||
254 | 11, /* "X500" */ | ||
255 | @@ -4217,6 +4232,11 @@ static const unsigned int ln_objs[NUM_LN]={ | ||
256 | 922, /* "tls11-aes-128-cbc-hmac-sha1" */ | ||
257 | 923, /* "tls11-aes-256-cbc-hmac-sha1" */ | ||
258 | 921, /* "tls11-des-ede3-cbc-hmac-sha1" */ | ||
259 | +925, /* "tls12-aes-128-cbc-hmac-sha1" */ | ||
260 | +927, /* "tls12-aes-128-cbc-hmac-sha256" */ | ||
261 | +926, /* "tls12-aes-256-cbc-hmac-sha1" */ | ||
262 | +928, /* "tls12-aes-256-cbc-hmac-sha256" */ | ||
263 | +924, /* "tls12-des-ede3-cbc-hmac-sha1" */ | ||
264 | 682, /* "tpBasis" */ | ||
265 | 436, /* "ucl" */ | ||
266 | 0, /* "undefined" */ | ||
267 | diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h | ||
268 | index f181890..5af125e 100644 | ||
269 | --- a/crypto/objects/obj_mac.h | ||
270 | +++ b/crypto/objects/obj_mac.h | ||
271 | @@ -4046,3 +4046,23 @@ | ||
272 | #define LN_tls11_aes_256_cbc_hmac_sha1 "tls11-aes-256-cbc-hmac-sha1" | ||
273 | #define NID_tls11_aes_256_cbc_hmac_sha1 923 | ||
274 | |||
275 | +#define SN_tls12_des_ede3_cbc_hmac_sha1 "TLS12-DES-EDE3-CBC-HMAC-SHA1" | ||
276 | +#define LN_tls12_des_ede3_cbc_hmac_sha1 "tls12-des-ede3-cbc-hmac-sha1" | ||
277 | +#define NID_tls12_des_ede3_cbc_hmac_sha1 924 | ||
278 | + | ||
279 | +#define SN_tls12_aes_128_cbc_hmac_sha1 "TLS12-AES-128-CBC-HMAC-SHA1" | ||
280 | +#define LN_tls12_aes_128_cbc_hmac_sha1 "tls12-aes-128-cbc-hmac-sha1" | ||
281 | +#define NID_tls12_aes_128_cbc_hmac_sha1 925 | ||
282 | + | ||
283 | +#define SN_tls12_aes_256_cbc_hmac_sha1 "TLS12-AES-256-CBC-HMAC-SHA1" | ||
284 | +#define LN_tls12_aes_256_cbc_hmac_sha1 "tls12-aes-256-cbc-hmac-sha1" | ||
285 | +#define NID_tls12_aes_256_cbc_hmac_sha1 926 | ||
286 | + | ||
287 | +#define SN_tls12_aes_128_cbc_hmac_sha256 "TLS12-AES-128-CBC-HMAC-SHA256" | ||
288 | +#define LN_tls12_aes_128_cbc_hmac_sha256 "tls12-aes-128-cbc-hmac-sha256" | ||
289 | +#define NID_tls12_aes_128_cbc_hmac_sha256 927 | ||
290 | + | ||
291 | +#define SN_tls12_aes_256_cbc_hmac_sha256 "TLS12-AES-256-CBC-HMAC-SHA256" | ||
292 | +#define LN_tls12_aes_256_cbc_hmac_sha256 "tls12-aes-256-cbc-hmac-sha256" | ||
293 | +#define NID_tls12_aes_256_cbc_hmac_sha256 928 | ||
294 | + | ||
295 | diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num | ||
296 | index a02b58c..deeba3a 100644 | ||
297 | --- a/crypto/objects/obj_mac.num | ||
298 | +++ b/crypto/objects/obj_mac.num | ||
299 | @@ -921,3 +921,8 @@ des_ede3_cbc_hmac_sha1 920 | ||
300 | tls11_des_ede3_cbc_hmac_sha1 921 | ||
301 | tls11_aes_128_cbc_hmac_sha1 922 | ||
302 | tls11_aes_256_cbc_hmac_sha1 923 | ||
303 | +tls12_des_ede3_cbc_hmac_sha1 924 | ||
304 | +tls12_aes_128_cbc_hmac_sha1 925 | ||
305 | +tls12_aes_256_cbc_hmac_sha1 926 | ||
306 | +tls12_aes_128_cbc_hmac_sha256 927 | ||
307 | +tls12_aes_256_cbc_hmac_sha256 928 | ||
308 | diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt | ||
309 | index 1973658..6e4ac93 100644 | ||
310 | --- a/crypto/objects/objects.txt | ||
311 | +++ b/crypto/objects/objects.txt | ||
312 | @@ -1294,3 +1294,8 @@ kisa 1 6 : SEED-OFB : seed-ofb | ||
313 | : TLS11-DES-EDE3-CBC-HMAC-SHA1 : tls11-des-ede3-cbc-hmac-sha1 | ||
314 | : TLS11-AES-128-CBC-HMAC-SHA1 : tls11-aes-128-cbc-hmac-sha1 | ||
315 | : TLS11-AES-256-CBC-HMAC-SHA1 : tls11-aes-256-cbc-hmac-sha1 | ||
316 | + : TLS12-DES-EDE3-CBC-HMAC-SHA1 : tls12-des-ede3-cbc-hmac-sha1 | ||
317 | + : TLS12-AES-128-CBC-HMAC-SHA1 : tls12-aes-128-cbc-hmac-sha1 | ||
318 | + : TLS12-AES-256-CBC-HMAC-SHA1 : tls12-aes-256-cbc-hmac-sha1 | ||
319 | + : TLS12-AES-128-CBC-HMAC-SHA256 : tls12-aes-128-cbc-hmac-sha256 | ||
320 | + : TLS12-AES-256-CBC-HMAC-SHA256 : tls12-aes-256-cbc-hmac-sha256 | ||
321 | diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c | ||
322 | index 0408986..77a82f6 100644 | ||
323 | --- a/ssl/ssl_ciph.c | ||
324 | +++ b/ssl/ssl_ciph.c | ||
325 | @@ -661,6 +661,31 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
326 | c->algorithm_mac == SSL_SHA1 && | ||
327 | (evp=EVP_get_cipherbyname("TLS11-AES-256-CBC-HMAC-SHA1"))) | ||
328 | *enc = evp, *md = NULL; | ||
329 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
330 | + c->algorithm_enc == SSL_3DES && | ||
331 | + c->algorithm_mac == SSL_SHA1 && | ||
332 | + (evp=EVP_get_cipherbyname("TLS12-DES-EDE3-CBC-HMAC-SHA1"))) | ||
333 | + *enc = evp, *md = NULL; | ||
334 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
335 | + c->algorithm_enc == SSL_AES128 && | ||
336 | + c->algorithm_mac == SSL_SHA1 && | ||
337 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA1"))) | ||
338 | + *enc = evp, *md = NULL; | ||
339 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
340 | + c->algorithm_enc == SSL_AES256 && | ||
341 | + c->algorithm_mac == SSL_SHA1 && | ||
342 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA1"))) | ||
343 | + *enc = evp, *md = NULL; | ||
344 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
345 | + c->algorithm_enc == SSL_AES128 && | ||
346 | + c->algorithm_mac == SSL_SHA256 && | ||
347 | + (evp=EVP_get_cipherbyname("TLS12-AES-128-CBC-HMAC-SHA256"))) | ||
348 | + *enc = evp, *md = NULL; | ||
349 | + else if (s->ssl_version == TLS1_2_VERSION && | ||
350 | + c->algorithm_enc == SSL_AES256 && | ||
351 | + c->algorithm_mac == SSL_SHA256 && | ||
352 | + (evp=EVP_get_cipherbyname("TLS12-AES-256-CBC-HMAC-SHA256"))) | ||
353 | + *enc = evp, *md = NULL; | ||
354 | return(1); | ||
355 | } | ||
356 | else | ||
357 | -- | ||
358 | 2.3.5 | ||
359 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch new file mode 100644 index 00000000..9c6e503b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-do-not-cache-file-descriptor-in-open.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From d9395f7d876f7dfaaae25867c88d1e1f684589de Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Thu, 19 Feb 2015 16:43:29 +0200 | ||
4 | Subject: [PATCH 21/48] cryptodev: do not cache file descriptor in 'open' | ||
5 | |||
6 | The file descriptor returned by get_dev_crypto is cached after a | ||
7 | successful return. The issue is, it is cached inside 'open_dev_crypto' | ||
8 | which is no longer useful as a general purpose open("/dev/crypto") | ||
9 | function. | ||
10 | |||
11 | This patch is a refactoring that moves the caching operation from | ||
12 | open_dev_crypto to get_dev_crypto and leaves the former as a simpler | ||
13 | function true to its name | ||
14 | |||
15 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
16 | --- | ||
17 | crypto/engine/eng_cryptodev.c | 43 +++++++++++++++++++++---------------------- | ||
18 | 1 file changed, 21 insertions(+), 22 deletions(-) | ||
19 | |||
20 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
21 | index 14dcddf..75fca7f 100644 | ||
22 | --- a/crypto/engine/eng_cryptodev.c | ||
23 | +++ b/crypto/engine/eng_cryptodev.c | ||
24 | @@ -391,45 +391,44 @@ static void ctr64_inc(unsigned char *counter) | ||
25 | } while (n); | ||
26 | } | ||
27 | |||
28 | -/* | ||
29 | - * Return a fd if /dev/crypto seems usable, 0 otherwise. | ||
30 | - */ | ||
31 | static int open_dev_crypto(void) | ||
32 | { | ||
33 | - static int fd = -1; | ||
34 | + int fd; | ||
35 | |||
36 | - if (fd == -1) { | ||
37 | - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | ||
38 | - return (-1); | ||
39 | - /* close on exec */ | ||
40 | - if (fcntl(fd, F_SETFD, 1) == -1) { | ||
41 | - close(fd); | ||
42 | - fd = -1; | ||
43 | - return (-1); | ||
44 | - } | ||
45 | + fd = open("/dev/crypto", O_RDWR, 0); | ||
46 | + if (fd < 0) | ||
47 | + return -1; | ||
48 | + | ||
49 | + /* close on exec */ | ||
50 | + if (fcntl(fd, F_SETFD, 1) == -1) { | ||
51 | + close(fd); | ||
52 | + return -1; | ||
53 | } | ||
54 | - return (fd); | ||
55 | + | ||
56 | + return fd; | ||
57 | } | ||
58 | |||
59 | static int get_dev_crypto(void) | ||
60 | { | ||
61 | - int fd, retfd; | ||
62 | + static int fd = -1; | ||
63 | + int retfd; | ||
64 | |||
65 | - if ((fd = open_dev_crypto()) == -1) | ||
66 | - return (-1); | ||
67 | -# ifndef CRIOGET_NOT_NEEDED | ||
68 | + if (fd == -1) | ||
69 | + fd = open_dev_crypto(); | ||
70 | +# ifdef CRIOGET_NOT_NEEDED | ||
71 | + return fd; | ||
72 | +# else | ||
73 | + if (fd == -1) | ||
74 | + return -1; | ||
75 | if (ioctl(fd, CRIOGET, &retfd) == -1) | ||
76 | return (-1); | ||
77 | - | ||
78 | /* close on exec */ | ||
79 | if (fcntl(retfd, F_SETFD, 1) == -1) { | ||
80 | close(retfd); | ||
81 | return (-1); | ||
82 | } | ||
83 | -# else | ||
84 | - retfd = fd; | ||
85 | + return retfd; | ||
86 | # endif | ||
87 | - return (retfd); | ||
88 | } | ||
89 | |||
90 | static void put_dev_crypto(int fd) | ||
91 | -- | ||
92 | 2.7.0 | ||
93 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch deleted file mode 100644 index 16cc6882..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0021-cryptodev-drop-redundant-function.patch +++ /dev/null | |||
@@ -1,75 +0,0 @@ | |||
1 | From ea4abc255c6c5feec01cb1e30c6082cfe47860e2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Thu, 19 Feb 2015 16:11:53 +0200 | ||
4 | Subject: [PATCH 21/26] cryptodev: drop redundant function | ||
5 | |||
6 | get_dev_crypto already caches the result. Another cache in-between is | ||
7 | useless. | ||
8 | |||
9 | Change-Id: Ibd162529d3fb7a561a17f1a707d5d287c1586a3a | ||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | Reviewed-on: http://git.am.freescale.net:8181/34216 | ||
12 | --- | ||
13 | crypto/engine/eng_cryptodev.c | 18 +++--------------- | ||
14 | 1 file changed, 3 insertions(+), 15 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
17 | index fa5fe1b..1ab5551 100644 | ||
18 | --- a/crypto/engine/eng_cryptodev.c | ||
19 | +++ b/crypto/engine/eng_cryptodev.c | ||
20 | @@ -96,7 +96,6 @@ struct dev_crypto_state { | ||
21 | |||
22 | static u_int32_t cryptodev_asymfeat = 0; | ||
23 | |||
24 | -static int get_asym_dev_crypto(void); | ||
25 | static int open_dev_crypto(void); | ||
26 | static int get_dev_crypto(void); | ||
27 | static int get_cryptodev_ciphers(const int **cnids); | ||
28 | @@ -357,17 +356,6 @@ static void put_dev_crypto(int fd) | ||
29 | #endif | ||
30 | } | ||
31 | |||
32 | -/* Caching version for asym operations */ | ||
33 | -static int | ||
34 | -get_asym_dev_crypto(void) | ||
35 | -{ | ||
36 | - static int fd = -1; | ||
37 | - | ||
38 | - if (fd == -1) | ||
39 | - fd = get_dev_crypto(); | ||
40 | - return fd; | ||
41 | -} | ||
42 | - | ||
43 | /* | ||
44 | * Find out what ciphers /dev/crypto will let us have a session for. | ||
45 | * XXX note, that some of these openssl doesn't deal with yet! | ||
46 | @@ -1796,7 +1784,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | ||
47 | { | ||
48 | int fd, ret = -1; | ||
49 | |||
50 | - if ((fd = get_asym_dev_crypto()) < 0) | ||
51 | + if ((fd = get_dev_crypto()) < 0) | ||
52 | return (ret); | ||
53 | |||
54 | if (r) { | ||
55 | @@ -2374,7 +2362,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | ||
56 | int p_len, q_len; | ||
57 | int i; | ||
58 | |||
59 | - if ((fd = get_asym_dev_crypto()) < 0) | ||
60 | + if ((fd = get_dev_crypto()) < 0) | ||
61 | goto sw_try; | ||
62 | |||
63 | if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; | ||
64 | @@ -3928,7 +3916,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
65 | BIGNUM *temp = NULL; | ||
66 | unsigned char *padded_pub_key = NULL, *p = NULL; | ||
67 | |||
68 | - if ((fd = get_asym_dev_crypto()) < 0) | ||
69 | + if ((fd = get_dev_crypto()) < 0) | ||
70 | goto sw_try; | ||
71 | |||
72 | memset(&kop, 0, sizeof kop); | ||
73 | -- | ||
74 | 2.3.5 | ||
75 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch deleted file mode 100644 index 0b2f0f1b..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | From 75e3e7d600eb72e7374b1ecf5ece7b831bc98ed8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Tue, 17 Feb 2015 13:12:53 +0200 | ||
4 | Subject: [PATCH 22/26] cryptodev: do not zero the buffer before use | ||
5 | |||
6 | - The buffer is just about to be overwritten. Zeroing it before that has | ||
7 | no purpose | ||
8 | |||
9 | Change-Id: I478c31bd2e254561474a7edf5e37980ca04217ce | ||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | Reviewed-on: http://git.am.freescale.net:8181/34217 | ||
12 | --- | ||
13 | crypto/engine/eng_cryptodev.c | 13 ++++--------- | ||
14 | 1 file changed, 4 insertions(+), 9 deletions(-) | ||
15 | |||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
17 | index 1ab5551..dbc5989 100644 | ||
18 | --- a/crypto/engine/eng_cryptodev.c | ||
19 | +++ b/crypto/engine/eng_cryptodev.c | ||
20 | @@ -1681,21 +1681,16 @@ static int | ||
21 | bn2crparam(const BIGNUM *a, struct crparam *crp) | ||
22 | { | ||
23 | ssize_t bytes, bits; | ||
24 | - u_char *b; | ||
25 | - | ||
26 | - crp->crp_p = NULL; | ||
27 | - crp->crp_nbits = 0; | ||
28 | |||
29 | bits = BN_num_bits(a); | ||
30 | bytes = (bits + 7) / 8; | ||
31 | |||
32 | - b = malloc(bytes); | ||
33 | - if (b == NULL) | ||
34 | + crp->crp_nbits = bits; | ||
35 | + crp->crp_p = malloc(bytes); | ||
36 | + | ||
37 | + if (crp->crp_p == NULL) | ||
38 | return (1); | ||
39 | - memset(b, 0, bytes); | ||
40 | |||
41 | - crp->crp_p = (caddr_t) b; | ||
42 | - crp->crp_nbits = bits; | ||
43 | BN_bn2bin(a, crp->crp_p); | ||
44 | return (0); | ||
45 | } | ||
46 | -- | ||
47 | 2.3.5 | ||
48 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch index a48dc6a6..121123d6 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0022-cryptodev-put_dev_crypto-should-be-an-int.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 84a8007b6e92fe4c2696cc9e330207ee03303a20 Mon Sep 17 00:00:00 2001 | 1 | From 79d6976e2ad2e5ac31374bc24ee29ae53f55c0e1 Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Thu, 19 Feb 2015 13:09:32 +0200 | 3 | Date: Thu, 19 Feb 2015 13:09:32 +0200 |
4 | Subject: [PATCH 25/26] cryptodev: put_dev_crypto should be an int | 4 | Subject: [PATCH 22/48] cryptodev: put_dev_crypto should be an int |
5 | 5 | ||
6 | Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043 | 6 | Change-Id: Ie0a83bc07a37132286c098b17ef35d98de74b043 |
7 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 7 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
@@ -11,25 +11,25 @@ Reviewed-on: http://git.am.freescale.net:8181/34220 | |||
11 | 1 file changed, 5 insertions(+), 3 deletions(-) | 11 | 1 file changed, 5 insertions(+), 3 deletions(-) |
12 | 12 | ||
13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
14 | index b74fc7c..c9db27d 100644 | 14 | index 75fca7f..b162646 100644 |
15 | --- a/crypto/engine/eng_cryptodev.c | 15 | --- a/crypto/engine/eng_cryptodev.c |
16 | +++ b/crypto/engine/eng_cryptodev.c | 16 | +++ b/crypto/engine/eng_cryptodev.c |
17 | @@ -347,10 +347,12 @@ static int get_dev_crypto(void) | 17 | @@ -431,10 +431,12 @@ static int get_dev_crypto(void) |
18 | #endif | 18 | # endif |
19 | } | 19 | } |
20 | 20 | ||
21 | -static void put_dev_crypto(int fd) | 21 | -static void put_dev_crypto(int fd) |
22 | +static int put_dev_crypto(int fd) | 22 | +static int put_dev_crypto(int fd) |
23 | { | 23 | { |
24 | -#ifndef CRIOGET_NOT_NEEDED | 24 | -# ifndef CRIOGET_NOT_NEEDED |
25 | - close(fd); | 25 | - close(fd); |
26 | +#ifdef CRIOGET_NOT_NEEDED | 26 | +#ifdef CRIOGET_NOT_NEEDED |
27 | + return 0; | 27 | + return 0; |
28 | +#else | 28 | +#else |
29 | + return close(fd); | 29 | + return close(fd); |
30 | #endif | 30 | # endif |
31 | } | 31 | } |
32 | 32 | ||
33 | -- | 33 | -- |
34 | 2.3.5 | 34 | 2.7.0 |
35 | 35 | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch deleted file mode 100644 index 5ff1c5ca..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-clean-up-code-layout.patch +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | From 4453b06b940fc03a0973cfd96f908e46cce61054 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Wed, 18 Feb 2015 10:39:46 +0200 | ||
4 | Subject: [PATCH 23/26] cryptodev: clean-up code layout | ||
5 | |||
6 | This is just a refactoring that uses else branch to check for malloc failures | ||
7 | |||
8 | Change-Id: I6dc157af36d6ec51a4edfc82cf97fae2e7e83628 | ||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | Reviewed-on: http://git.am.freescale.net:8181/34218 | ||
11 | --- | ||
12 | crypto/engine/eng_cryptodev.c | 42 ++++++++++++++++++++---------------------- | ||
13 | 1 file changed, 20 insertions(+), 22 deletions(-) | ||
14 | |||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
16 | index dbc5989..dceb4f5 100644 | ||
17 | --- a/crypto/engine/eng_cryptodev.c | ||
18 | +++ b/crypto/engine/eng_cryptodev.c | ||
19 | @@ -1745,30 +1745,28 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
20 | fd = *(int *)cookie->eng_handle; | ||
21 | |||
22 | eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); | ||
23 | - | ||
24 | - if (eng_cookie) { | ||
25 | - memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); | ||
26 | - if (r) { | ||
27 | - kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); | ||
28 | - if (!kop->crk_param[kop->crk_iparams].crp_p) | ||
29 | - return -ENOMEM; | ||
30 | - kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
31 | - kop->crk_oparams++; | ||
32 | - eng_cookie->r = r; | ||
33 | - eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; | ||
34 | - } | ||
35 | - if (s) { | ||
36 | - kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); | ||
37 | - if (!kop->crk_param[kop->crk_iparams+1].crp_p) | ||
38 | - return -ENOMEM; | ||
39 | - kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; | ||
40 | - kop->crk_oparams++; | ||
41 | - eng_cookie->s = s; | ||
42 | - eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; | ||
43 | - } | ||
44 | - } else | ||
45 | + if (!eng_cookie) | ||
46 | return -ENOMEM; | ||
47 | |||
48 | + memset(eng_cookie, 0, sizeof(struct cryptodev_cookie_s)); | ||
49 | + if (r) { | ||
50 | + kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); | ||
51 | + if (!kop->crk_param[kop->crk_iparams].crp_p) | ||
52 | + return -ENOMEM; | ||
53 | + kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; | ||
54 | + kop->crk_oparams++; | ||
55 | + eng_cookie->r = r; | ||
56 | + eng_cookie->r_param = kop->crk_param[kop->crk_iparams]; | ||
57 | + } | ||
58 | + if (s) { | ||
59 | + kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); | ||
60 | + if (!kop->crk_param[kop->crk_iparams+1].crp_p) | ||
61 | + return -ENOMEM; | ||
62 | + kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; | ||
63 | + kop->crk_oparams++; | ||
64 | + eng_cookie->s = s; | ||
65 | + eng_cookie->s_param = kop->crk_param[kop->crk_iparams + 1]; | ||
66 | + } | ||
67 | eng_cookie->kop = kop; | ||
68 | cookie->eng_cookie = eng_cookie; | ||
69 | return ioctl(fd, CIOCASYMASYNCRYPT, kop); | ||
70 | -- | ||
71 | 2.3.5 | ||
72 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch index 6527ac8f..1043fbd4 100644 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0023-cryptodev-simplify-cryptodev-pkc-support-code.patch | |||
@@ -1,27 +1,25 @@ | |||
1 | From 787539e7720c99785f6c664a7484842bba08f6ed Mon Sep 17 00:00:00 2001 | 1 | From f99682e0ccaeadb7446d211dfad6dbf8fcd5675f Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Thu, 19 Feb 2015 13:39:52 +0200 | 3 | Date: Thu, 19 Feb 2015 13:39:52 +0200 |
4 | Subject: [PATCH 26/26] cryptodev: simplify cryptodev pkc support code | 4 | Subject: [PATCH 23/48] cryptodev: simplify cryptodev pkc support code |
5 | 5 | ||
6 | - Engine init returns directly a file descriptor instead of a pointer to one | 6 | - Engine init returns directly a file descriptor instead of a pointer to one |
7 | - Similarly, the Engine close will now just close the file | 7 | - Similarly, the Engine close will now just close the file |
8 | 8 | ||
9 | Change-Id: Ief736d0776c7009dee002204fb1d4ce9d31c8787 | ||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 9 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
11 | Reviewed-on: http://git.am.freescale.net:8181/34221 | ||
12 | --- | 10 | --- |
13 | crypto/crypto.h | 2 +- | 11 | crypto/crypto.h | 2 +- |
14 | crypto/engine/eng_cryptodev.c | 35 +++----------------------- | 12 | crypto/engine/eng_cryptodev.c | 43 +++++++---------------------------- |
15 | crypto/engine/eng_int.h | 14 +++-------- | 13 | crypto/engine/eng_int.h | 14 +++--------- |
16 | crypto/engine/eng_lib.c | 57 +++++++++++++++++++++---------------------- | 14 | crypto/engine/eng_lib.c | 53 +++++++++++++++++++++---------------------- |
17 | crypto/engine/engine.h | 13 +++++----- | 15 | crypto/engine/engine.h | 13 +++++------ |
18 | 5 files changed, 42 insertions(+), 79 deletions(-) | 16 | 5 files changed, 44 insertions(+), 81 deletions(-) |
19 | 17 | ||
20 | diff --git a/crypto/crypto.h b/crypto/crypto.h | 18 | diff --git a/crypto/crypto.h b/crypto/crypto.h |
21 | index ce12731..292427e 100644 | 19 | index 2b4ec59..ddb9b69 100644 |
22 | --- a/crypto/crypto.h | 20 | --- a/crypto/crypto.h |
23 | +++ b/crypto/crypto.h | 21 | +++ b/crypto/crypto.h |
24 | @@ -618,7 +618,7 @@ struct pkc_cookie_s { | 22 | @@ -668,7 +668,7 @@ struct pkc_cookie_s { |
25 | * -EINVAL: Parameters Invalid | 23 | * -EINVAL: Parameters Invalid |
26 | */ | 24 | */ |
27 | void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); | 25 | void (*pkc_callback)(struct pkc_cookie_s *cookie, int status); |
@@ -31,77 +29,92 @@ index ce12731..292427e 100644 | |||
31 | 29 | ||
32 | #ifdef __cplusplus | 30 | #ifdef __cplusplus |
33 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 31 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
34 | index c9db27d..f173bde 100644 | 32 | index b162646..1910c89 100644 |
35 | --- a/crypto/engine/eng_cryptodev.c | 33 | --- a/crypto/engine/eng_cryptodev.c |
36 | +++ b/crypto/engine/eng_cryptodev.c | 34 | +++ b/crypto/engine/eng_cryptodev.c |
37 | @@ -1742,7 +1742,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | 35 | @@ -433,10 +433,10 @@ static int get_dev_crypto(void) |
38 | struct pkc_cookie_s *cookie = kop->cookie; | ||
39 | struct cryptodev_cookie_s *eng_cookie; | ||
40 | 36 | ||
41 | - fd = *(int *)cookie->eng_handle; | 37 | static int put_dev_crypto(int fd) |
42 | + fd = cookie->eng_handle; | 38 | { |
39 | -#ifdef CRIOGET_NOT_NEEDED | ||
40 | - return 0; | ||
41 | -#else | ||
42 | - return close(fd); | ||
43 | +# ifdef CRIOGET_NOT_NEEDED | ||
44 | + return 0; | ||
45 | +# else | ||
46 | + return close(fd); | ||
47 | # endif | ||
48 | } | ||
49 | |||
50 | @@ -1863,7 +1863,7 @@ cryptodev_asym_async(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, | ||
51 | struct pkc_cookie_s *cookie = kop->cookie; | ||
52 | struct cryptodev_cookie_s *eng_cookie; | ||
53 | |||
54 | - fd = *(int *)cookie->eng_handle; | ||
55 | + fd = cookie->eng_handle; | ||
43 | 56 | ||
44 | eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); | 57 | eng_cookie = malloc(sizeof(struct cryptodev_cookie_s)); |
45 | if (!eng_cookie) | 58 | if (!eng_cookie) |
46 | @@ -1802,38 +1802,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | 59 | @@ -1926,38 +1926,11 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, |
47 | return (ret); | 60 | return (ret); |
48 | } | 61 | } |
49 | 62 | ||
50 | -/* Close an opened instance of cryptodev engine */ | 63 | -/* Close an opened instance of cryptodev engine */ |
51 | -void cryptodev_close_instance(void *handle) | 64 | -void cryptodev_close_instance(void *handle) |
52 | -{ | 65 | -{ |
53 | - int fd; | 66 | - int fd; |
54 | - | 67 | - |
55 | - if (handle) { | 68 | - if (handle) { |
56 | - fd = *(int *)handle; | 69 | - fd = *(int *)handle; |
57 | - close(fd); | 70 | - close(fd); |
58 | - free(handle); | 71 | - free(handle); |
59 | - } | 72 | - } |
60 | -} | 73 | -} |
61 | - | 74 | - |
62 | -/* Create an instance of cryptodev for asynchronous interface */ | 75 | -/* Create an instance of cryptodev for asynchronous interface */ |
63 | -void *cryptodev_init_instance(void) | 76 | -void *cryptodev_init_instance(void) |
64 | -{ | 77 | -{ |
65 | - int *fd = malloc(sizeof(int)); | 78 | - int *fd = malloc(sizeof(int)); |
66 | - | 79 | - |
67 | - if (fd) { | 80 | - if (fd) { |
68 | - if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { | 81 | - if ((*fd = open("/dev/crypto", O_RDWR, 0)) == -1) { |
69 | - free(fd); | 82 | - free(fd); |
70 | - return NULL; | 83 | - return NULL; |
71 | - } | 84 | - } |
72 | - } | 85 | - } |
73 | - return fd; | 86 | - return fd; |
74 | -} | 87 | -} |
75 | - | 88 | - |
76 | #include <poll.h> | 89 | # include <poll.h> |
77 | 90 | ||
78 | /* Return 0 on success and 1 on failure */ | 91 | /* Return 0 on success and 1 on failure */ |
79 | -int cryptodev_check_availability(void *eng_handle) | 92 | -int cryptodev_check_availability(void *eng_handle) |
80 | +int cryptodev_check_availability(int fd) | 93 | +int cryptodev_check_availability(int fd) |
81 | { | 94 | { |
82 | - int fd = *(int *)eng_handle; | 95 | - int fd = *(int *)eng_handle; |
83 | struct pkc_cookie_list_s cookie_list; | 96 | struct pkc_cookie_list_s cookie_list; |
84 | struct pkc_cookie_s *cookie; | 97 | struct pkc_cookie_s *cookie; |
85 | int i; | 98 | int i; |
86 | @@ -4540,8 +4513,8 @@ ENGINE_load_cryptodev(void) | 99 | @@ -4706,8 +4679,8 @@ void ENGINE_load_cryptodev(void) |
87 | } | 100 | } |
88 | 101 | ||
89 | ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); | 102 | ENGINE_set_check_pkc_availability(engine, cryptodev_check_availability); |
90 | - ENGINE_set_close_instance(engine, cryptodev_close_instance); | 103 | - ENGINE_set_close_instance(engine, cryptodev_close_instance); |
91 | - ENGINE_set_init_instance(engine, cryptodev_init_instance); | 104 | - ENGINE_set_init_instance(engine, cryptodev_init_instance); |
92 | + ENGINE_set_close_instance(engine, put_dev_crypto); | 105 | + ENGINE_set_close_instance(engine, put_dev_crypto); |
93 | + ENGINE_set_open_instance(engine, open_dev_crypto); | 106 | + ENGINE_set_open_instance(engine, open_dev_crypto); |
94 | ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); | 107 | ENGINE_set_async_map(engine, ENGINE_ALLPKC_ASYNC); |
95 | 108 | ||
96 | ENGINE_add(engine); | 109 | ENGINE_add(engine); |
97 | diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h | 110 | diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h |
98 | index 8fc3077..8fb79c0 100644 | 111 | index b698a0c..7541beb 100644 |
99 | --- a/crypto/engine/eng_int.h | 112 | --- a/crypto/engine/eng_int.h |
100 | +++ b/crypto/engine/eng_int.h | 113 | +++ b/crypto/engine/eng_int.h |
101 | @@ -181,23 +181,15 @@ struct engine_st | 114 | @@ -198,23 +198,15 @@ struct engine_st { |
102 | ENGINE_LOAD_KEY_PTR load_pubkey; | 115 | ENGINE_LOAD_KEY_PTR load_privkey; |
103 | 116 | ENGINE_LOAD_KEY_PTR load_pubkey; | |
104 | ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; | 117 | ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; |
105 | - /* | 118 | - /* |
106 | - * Instantiate Engine handle to be passed in check_pkc_availability | 119 | - * Instantiate Engine handle to be passed in check_pkc_availability |
107 | - * Ensure that Engine is instantiated before any pkc asynchronous call. | 120 | - * Ensure that Engine is instantiated before any pkc asynchronous call. |
@@ -126,20 +139,20 @@ index 8fc3077..8fb79c0 100644 | |||
126 | * The following map is used to check if the engine supports asynchronous implementation | 139 | * The following map is used to check if the engine supports asynchronous implementation |
127 | * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous | 140 | * ENGINE_ASYNC_FLAG* for available bitmap. Any application checking for asynchronous |
128 | diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c | 141 | diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c |
129 | index 6fa621c..6c9471b 100644 | 142 | index 0c57e12..4fdcfd6 100644 |
130 | --- a/crypto/engine/eng_lib.c | 143 | --- a/crypto/engine/eng_lib.c |
131 | +++ b/crypto/engine/eng_lib.c | 144 | +++ b/crypto/engine/eng_lib.c |
132 | @@ -99,7 +99,7 @@ void engine_set_all_null(ENGINE *e) | 145 | @@ -101,7 +101,7 @@ void engine_set_all_null(ENGINE *e) |
133 | e->load_privkey = NULL; | 146 | e->load_privkey = NULL; |
134 | e->load_pubkey = NULL; | 147 | e->load_pubkey = NULL; |
135 | e->check_pkc_availability = NULL; | 148 | e->check_pkc_availability = NULL; |
136 | - e->engine_init_instance = NULL; | 149 | - e->engine_init_instance = NULL; |
137 | + e->engine_open_instance = NULL; | 150 | + e->engine_open_instance = NULL; |
138 | e->engine_close_instance = NULL; | 151 | e->engine_close_instance = NULL; |
139 | e->cmd_defns = NULL; | 152 | e->cmd_defns = NULL; |
140 | e->async_map = 0; | 153 | e->async_map = 0; |
141 | @@ -237,47 +237,46 @@ int ENGINE_set_id(ENGINE *e, const char *id) | 154 | @@ -252,46 +252,45 @@ int ENGINE_set_id(ENGINE *e, const char *id) |
142 | return 1; | 155 | return 1; |
143 | } | 156 | } |
144 | 157 | ||
145 | -void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) | 158 | -void ENGINE_set_init_instance(ENGINE *e, void *(*engine_init_instance)(void)) |
@@ -181,43 +194,40 @@ index 6fa621c..6c9471b 100644 | |||
181 | return e->async_map; | 194 | return e->async_map; |
182 | } | 195 | } |
183 | 196 | ||
184 | -void ENGINE_set_check_pkc_availability(ENGINE *e, | ||
185 | - int (*check_pkc_availability)(void *eng_handle)) | ||
186 | - { | ||
187 | - e->check_pkc_availability = check_pkc_availability; | ||
188 | - } | ||
189 | +int ENGINE_open_instance(ENGINE *e) | 197 | +int ENGINE_open_instance(ENGINE *e) |
190 | +{ | 198 | +{ |
191 | + return e->engine_open_instance(); | 199 | + return e->engine_open_instance(); |
192 | +} | 200 | +} |
193 | 201 | + | |
194 | -int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) | ||
195 | - { | ||
196 | - return e->check_pkc_availability(eng_handle); | ||
197 | - } | ||
198 | +int ENGINE_close_instance(ENGINE *e, int fd) | 202 | +int ENGINE_close_instance(ENGINE *e, int fd) |
199 | +{ | 203 | +{ |
200 | + return e->engine_close_instance(fd); | 204 | + return e->engine_close_instance(fd); |
201 | +} | 205 | +} |
202 | + | 206 | + |
203 | +void ENGINE_set_check_pkc_availability(ENGINE *e, | 207 | void ENGINE_set_check_pkc_availability(ENGINE *e, |
208 | - int (*check_pkc_availability)(void *eng_handle)) | ||
209 | - { | ||
210 | - e->check_pkc_availability = check_pkc_availability; | ||
211 | - } | ||
204 | + int (*check_pkc_availability)(int fd)) | 212 | + int (*check_pkc_availability)(int fd)) |
205 | +{ | 213 | +{ |
206 | + e->check_pkc_availability = check_pkc_availability; | 214 | + e->check_pkc_availability = check_pkc_availability; |
207 | +} | 215 | +} |
208 | + | 216 | |
217 | -int ENGINE_check_pkc_availability(ENGINE *e, void *eng_handle) | ||
218 | - { | ||
219 | - return e->check_pkc_availability(eng_handle); | ||
209 | +int ENGINE_check_pkc_availability(ENGINE *e, int fd) | 220 | +int ENGINE_check_pkc_availability(ENGINE *e, int fd) |
210 | +{ | 221 | +{ |
211 | + return e->check_pkc_availability(fd); | 222 | + return e->check_pkc_availability(fd); |
212 | +} | 223 | } |
213 | 224 | ||
214 | int ENGINE_set_name(ENGINE *e, const char *name) | 225 | int ENGINE_set_name(ENGINE *e, const char *name) |
215 | { | ||
216 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h | 226 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h |
217 | index ccff86a..3ba3e97 100644 | 227 | index 4527aa1..f83ee73 100644 |
218 | --- a/crypto/engine/engine.h | 228 | --- a/crypto/engine/engine.h |
219 | +++ b/crypto/engine/engine.h | 229 | +++ b/crypto/engine/engine.h |
220 | @@ -473,9 +473,6 @@ ENGINE *ENGINE_new(void); | 230 | @@ -551,9 +551,6 @@ ENGINE *ENGINE_new(void); |
221 | int ENGINE_free(ENGINE *e); | 231 | int ENGINE_free(ENGINE *e); |
222 | int ENGINE_up_ref(ENGINE *e); | 232 | int ENGINE_up_ref(ENGINE *e); |
223 | int ENGINE_set_id(ENGINE *e, const char *id); | 233 | int ENGINE_set_id(ENGINE *e, const char *id); |
@@ -227,7 +237,7 @@ index ccff86a..3ba3e97 100644 | |||
227 | /* | 237 | /* |
228 | * Following FLAGS are bitmap store in async_map to set asynchronous interface capability | 238 | * Following FLAGS are bitmap store in async_map to set asynchronous interface capability |
229 | *of the engine | 239 | *of the engine |
230 | @@ -492,11 +489,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); | 240 | @@ -570,11 +567,13 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); |
231 | * to confirm asynchronous methods supported | 241 | * to confirm asynchronous methods supported |
232 | */ | 242 | */ |
233 | int ENGINE_get_async_map(ENGINE *e); | 243 | int ENGINE_get_async_map(ENGINE *e); |
@@ -246,5 +256,5 @@ index ccff86a..3ba3e97 100644 | |||
246 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); | 256 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); |
247 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); | 257 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); |
248 | -- | 258 | -- |
249 | 2.3.5 | 259 | 2.7.0 |
250 | 260 | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch new file mode 100644 index 00000000..27ccd95a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-clarify-code-remove-assignments-from-condi.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From cb6842dac159b40acdc755526b0ba0afb61d9d64 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 14 Dec 2015 14:02:00 +0200 | ||
4 | Subject: [PATCH 24/48] cryptodev: clarify code, remove assignments from | ||
5 | conditionals | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 6 ++++-- | ||
10 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index 1910c89..fcfd232 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -1559,14 +1559,16 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
17 | struct session_op *sess = &state->d_sess; | ||
18 | int digest; | ||
19 | |||
20 | - if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef) { | ||
21 | + digest = digest_nid_to_cryptodev(ctx->digest->type); | ||
22 | + if (digest == NID_undef) { | ||
23 | printf("cryptodev_digest_init: Can't get digest \n"); | ||
24 | return (0); | ||
25 | } | ||
26 | |||
27 | memset(state, 0, sizeof(struct dev_crypto_state)); | ||
28 | |||
29 | - if ((state->d_fd = get_dev_crypto()) < 0) { | ||
30 | + state->d_fd = get_dev_crypto(); | ||
31 | + if (state->d_fd < 0) { | ||
32 | printf("cryptodev_digest_init: Can't get Dev \n"); | ||
33 | return (0); | ||
34 | } | ||
35 | -- | ||
36 | 2.7.0 | ||
37 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch deleted file mode 100644 index e798d3e2..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch +++ /dev/null | |||
@@ -1,100 +0,0 @@ | |||
1 | From a44701abd995b3db80001d0c5d88e9ead05972c1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Thu, 19 Feb 2015 16:43:29 +0200 | ||
4 | Subject: [PATCH 24/26] cryptodev: do not cache file descriptor in 'open' | ||
5 | |||
6 | The file descriptor returned by get_dev_crypto is cached after a | ||
7 | successful return. The issue is, it is cached inside 'open_dev_crypto' | ||
8 | which is no longer useful as a general purpose open("/dev/crypto") | ||
9 | function. | ||
10 | |||
11 | This patch is a refactoring that moves the caching operation from | ||
12 | open_dev_crypto to get_dev_crypto and leaves the former as a simpler | ||
13 | function true to its name | ||
14 | |||
15 | Change-Id: I980170969410381973ce75f6679a4a1401738847 | ||
16 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
17 | Reviewed-on: http://git.am.freescale.net:8181/34219 | ||
18 | --- | ||
19 | crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++---------------------- | ||
20 | 1 file changed, 24 insertions(+), 26 deletions(-) | ||
21 | |||
22 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
23 | index dceb4f5..b74fc7c 100644 | ||
24 | --- a/crypto/engine/eng_cryptodev.c | ||
25 | +++ b/crypto/engine/eng_cryptodev.c | ||
26 | @@ -306,47 +306,45 @@ static void ctr64_inc(unsigned char *counter) { | ||
27 | if (c) return; | ||
28 | } while (n); | ||
29 | } | ||
30 | -/* | ||
31 | - * Return a fd if /dev/crypto seems usable, 0 otherwise. | ||
32 | - */ | ||
33 | -static int | ||
34 | -open_dev_crypto(void) | ||
35 | + | ||
36 | +static int open_dev_crypto(void) | ||
37 | { | ||
38 | - static int fd = -1; | ||
39 | + int fd; | ||
40 | |||
41 | - if (fd == -1) { | ||
42 | - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) | ||
43 | - return (-1); | ||
44 | - /* close on exec */ | ||
45 | - if (fcntl(fd, F_SETFD, 1) == -1) { | ||
46 | - close(fd); | ||
47 | - fd = -1; | ||
48 | - return (-1); | ||
49 | - } | ||
50 | + fd = open("/dev/crypto", O_RDWR, 0); | ||
51 | + if ( fd < 0) | ||
52 | + return -1; | ||
53 | + | ||
54 | + /* close on exec */ | ||
55 | + if (fcntl(fd, F_SETFD, 1) == -1) { | ||
56 | + close(fd); | ||
57 | + return -1; | ||
58 | } | ||
59 | - return (fd); | ||
60 | + | ||
61 | + return fd; | ||
62 | } | ||
63 | |||
64 | -static int | ||
65 | -get_dev_crypto(void) | ||
66 | +static int get_dev_crypto(void) | ||
67 | { | ||
68 | - int fd, retfd; | ||
69 | + static int fd = -1; | ||
70 | + int retfd; | ||
71 | |||
72 | - if ((fd = open_dev_crypto()) == -1) | ||
73 | - return (-1); | ||
74 | -#ifndef CRIOGET_NOT_NEEDED | ||
75 | + if (fd == -1) | ||
76 | + fd = open_dev_crypto(); | ||
77 | +#ifdef CRIOGET_NOT_NEEDED | ||
78 | + return fd; | ||
79 | +#else | ||
80 | + if (fd == -1) | ||
81 | + return -1; | ||
82 | if (ioctl(fd, CRIOGET, &retfd) == -1) | ||
83 | return (-1); | ||
84 | - | ||
85 | /* close on exec */ | ||
86 | if (fcntl(retfd, F_SETFD, 1) == -1) { | ||
87 | close(retfd); | ||
88 | return (-1); | ||
89 | } | ||
90 | -#else | ||
91 | - retfd = fd; | ||
92 | + return retfd; | ||
93 | #endif | ||
94 | - return (retfd); | ||
95 | } | ||
96 | |||
97 | static void put_dev_crypto(int fd) | ||
98 | -- | ||
99 | 2.3.5 | ||
100 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch new file mode 100644 index 00000000..ad5c3035 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0025-cryptodev-clean-up-context-state-before-anything-els.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 087ae4ecbaf9cd49a2fcae9cb09c491beabc4c88 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 15 Dec 2015 12:10:37 +0200 | ||
4 | Subject: [PATCH 25/48] cryptodev: clean-up context state before anything else | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 4 ++-- | ||
9 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index fcfd232..16e6fd9 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -1559,14 +1559,14 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
16 | struct session_op *sess = &state->d_sess; | ||
17 | int digest; | ||
18 | |||
19 | + memset(state, 0, sizeof(struct dev_crypto_state)); | ||
20 | + | ||
21 | digest = digest_nid_to_cryptodev(ctx->digest->type); | ||
22 | if (digest == NID_undef) { | ||
23 | printf("cryptodev_digest_init: Can't get digest \n"); | ||
24 | return (0); | ||
25 | } | ||
26 | |||
27 | - memset(state, 0, sizeof(struct dev_crypto_state)); | ||
28 | - | ||
29 | state->d_fd = get_dev_crypto(); | ||
30 | if (state->d_fd < 0) { | ||
31 | printf("cryptodev_digest_init: Can't get Dev \n"); | ||
32 | -- | ||
33 | 2.7.0 | ||
34 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch new file mode 100644 index 00000000..936aafce --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0026-cryptodev-remove-code-duplication-in-digest-operatio.patch | |||
@@ -0,0 +1,155 @@ | |||
1 | From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 14 Dec 2015 17:49:08 +0200 | ||
4 | Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations | ||
5 | |||
6 | This patch simplifies code and removes duplication in digest_update and | ||
7 | digest_final for cryptodev engine. | ||
8 | |||
9 | Note: The current design of eng_cryptodev for digests operations assumes | ||
10 | the presence of all the data before processing (this is suboptimal | ||
11 | with cryptodev-linux because Linux kernel has support for digest-update | ||
12 | operations and there is no need to accumulate the input data). | ||
13 | |||
14 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
15 | --- | ||
16 | crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++--------------------------- | ||
17 | 1 file changed, 28 insertions(+), 48 deletions(-) | ||
18 | |||
19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
20 | index 16e6fd9..048e050 100644 | ||
21 | --- a/crypto/engine/eng_cryptodev.c | ||
22 | +++ b/crypto/engine/eng_cryptodev.c | ||
23 | @@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
24 | static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
25 | size_t count) | ||
26 | { | ||
27 | - struct crypt_op cryp; | ||
28 | struct dev_crypto_state *state = ctx->md_data; | ||
29 | - struct session_op *sess = &state->d_sess; | ||
30 | |||
31 | - if (!data || state->d_fd < 0) { | ||
32 | + if (!data || !count) { | ||
33 | printf("cryptodev_digest_update: illegal inputs \n"); | ||
34 | - return (0); | ||
35 | - } | ||
36 | - | ||
37 | - if (!count) { | ||
38 | - return (0); | ||
39 | + return 0; | ||
40 | } | ||
41 | |||
42 | - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | ||
43 | - /* if application doesn't support one buffer */ | ||
44 | + /* | ||
45 | + * Accumulate input data if it is scattered in several buffers. TODO: | ||
46 | + * Depending on number of calls and data size, this code can be optimized | ||
47 | + * to take advantage of Linux kernel crypto API, balancing between | ||
48 | + * cryptodev calls and accumulating small amounts of data | ||
49 | + */ | ||
50 | + if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { | ||
51 | + state->mac_data = data; | ||
52 | + state->mac_len = count; | ||
53 | + } else { | ||
54 | state->mac_data = | ||
55 | OPENSSL_realloc(state->mac_data, state->mac_len + count); | ||
56 | - | ||
57 | if (!state->mac_data) { | ||
58 | printf("cryptodev_digest_update: realloc failed\n"); | ||
59 | return (0); | ||
60 | @@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
61 | |||
62 | memcpy(state->mac_data + state->mac_len, data, count); | ||
63 | state->mac_len += count; | ||
64 | - | ||
65 | - return (1); | ||
66 | } | ||
67 | |||
68 | - memset(&cryp, 0, sizeof(cryp)); | ||
69 | - | ||
70 | - cryp.ses = sess->ses; | ||
71 | - cryp.flags = 0; | ||
72 | - cryp.len = count; | ||
73 | - cryp.src = (caddr_t) data; | ||
74 | - cryp.dst = NULL; | ||
75 | - cryp.mac = (caddr_t) state->digest_res; | ||
76 | - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | ||
77 | - printf("cryptodev_digest_update: digest failed\n"); | ||
78 | - return (0); | ||
79 | - } | ||
80 | - return (1); | ||
81 | + return 1; | ||
82 | } | ||
83 | |||
84 | static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
85 | @@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
86 | struct dev_crypto_state *state = ctx->md_data; | ||
87 | struct session_op *sess = &state->d_sess; | ||
88 | |||
89 | - int ret = 1; | ||
90 | - | ||
91 | if (!md || state->d_fd < 0) { | ||
92 | printf("cryptodev_digest_final: illegal input\n"); | ||
93 | return (0); | ||
94 | } | ||
95 | |||
96 | - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | ||
97 | - /* if application doesn't support one buffer */ | ||
98 | - memset(&cryp, 0, sizeof(cryp)); | ||
99 | - cryp.ses = sess->ses; | ||
100 | - cryp.flags = 0; | ||
101 | - cryp.len = state->mac_len; | ||
102 | - cryp.src = state->mac_data; | ||
103 | - cryp.dst = NULL; | ||
104 | - cryp.mac = (caddr_t) md; | ||
105 | - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | ||
106 | - printf("cryptodev_digest_final: digest failed\n"); | ||
107 | - return (0); | ||
108 | - } | ||
109 | + memset(&cryp, 0, sizeof(cryp)); | ||
110 | |||
111 | - return 1; | ||
112 | - } | ||
113 | + cryp.ses = sess->ses; | ||
114 | + cryp.flags = 0; | ||
115 | + cryp.len = state->mac_len; | ||
116 | + cryp.src = state->mac_data; | ||
117 | + cryp.mac = md; | ||
118 | |||
119 | - memcpy(md, state->digest_res, ctx->digest->md_size); | ||
120 | + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | ||
121 | + printf("cryptodev_digest_final: digest failed\n"); | ||
122 | + return (0); | ||
123 | + } | ||
124 | |||
125 | - return (ret); | ||
126 | + return (1); | ||
127 | } | ||
128 | |||
129 | static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | ||
130 | @@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | ||
131 | return (0); | ||
132 | } | ||
133 | |||
134 | - if (state->mac_data) { | ||
135 | + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | ||
136 | OPENSSL_free(state->mac_data); | ||
137 | - state->mac_data = NULL; | ||
138 | - state->mac_len = 0; | ||
139 | } | ||
140 | + state->mac_data = NULL; | ||
141 | + state->mac_len = 0; | ||
142 | |||
143 | if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | ||
144 | printf("cryptodev_digest_cleanup: failed to close session\n"); | ||
145 | @@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | ||
146 | } else { | ||
147 | ret = 1; | ||
148 | } | ||
149 | + | ||
150 | put_dev_crypto(state->d_fd); | ||
151 | state->d_fd = -1; | ||
152 | |||
153 | -- | ||
154 | 2.7.0 | ||
155 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch new file mode 100644 index 00000000..46b3ced9 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch | |||
@@ -0,0 +1,108 @@ | |||
1 | From 2187b18ffe4851efcb6465ca02ac036d2fe031b8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 15 Dec 2015 12:23:13 +0200 | ||
4 | Subject: [PATCH 27/48] cryptodev: put all digest ioctls into a single function | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 44 +++++++++++++++++++------------------------ | ||
9 | 1 file changed, 19 insertions(+), 25 deletions(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 048e050..76faa35 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -1577,13 +1577,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
16 | sess->mackeylen = digest_key_length(ctx->digest->type); | ||
17 | sess->mac = digest; | ||
18 | |||
19 | - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | ||
20 | - put_dev_crypto(state->d_fd); | ||
21 | - state->d_fd = -1; | ||
22 | - printf("cryptodev_digest_init: Open session failed\n"); | ||
23 | - return (0); | ||
24 | - } | ||
25 | - | ||
26 | return (1); | ||
27 | } | ||
28 | |||
29 | @@ -1623,6 +1616,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
30 | |||
31 | static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
32 | { | ||
33 | + int ret = 1; | ||
34 | struct crypt_op cryp; | ||
35 | struct dev_crypto_state *state = ctx->md_data; | ||
36 | struct session_op *sess = &state->d_sess; | ||
37 | @@ -1632,6 +1626,11 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
38 | return (0); | ||
39 | } | ||
40 | |||
41 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | ||
42 | + printf("cryptodev_digest_init: Open session failed\n"); | ||
43 | + return (0); | ||
44 | + } | ||
45 | + | ||
46 | memset(&cryp, 0, sizeof(cryp)); | ||
47 | |||
48 | cryp.ses = sess->ses; | ||
49 | @@ -1642,43 +1641,38 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
50 | |||
51 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | ||
52 | printf("cryptodev_digest_final: digest failed\n"); | ||
53 | - return (0); | ||
54 | + ret = 0; | ||
55 | } | ||
56 | |||
57 | - return (1); | ||
58 | + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | ||
59 | + printf("cryptodev_digest_cleanup: failed to close session\n"); | ||
60 | + } | ||
61 | + | ||
62 | + return ret; | ||
63 | } | ||
64 | |||
65 | static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | ||
66 | { | ||
67 | - int ret = 1; | ||
68 | struct dev_crypto_state *state = ctx->md_data; | ||
69 | struct session_op *sess = &state->d_sess; | ||
70 | |||
71 | - if (state == NULL) | ||
72 | + if (state == NULL) { | ||
73 | return 0; | ||
74 | - | ||
75 | - if (state->d_fd < 0) { | ||
76 | - printf("cryptodev_digest_cleanup: illegal input\n"); | ||
77 | - return (0); | ||
78 | } | ||
79 | |||
80 | if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { | ||
81 | OPENSSL_free(state->mac_data); | ||
82 | } | ||
83 | - state->mac_data = NULL; | ||
84 | - state->mac_len = 0; | ||
85 | |||
86 | - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | ||
87 | - printf("cryptodev_digest_cleanup: failed to close session\n"); | ||
88 | - ret = 0; | ||
89 | - } else { | ||
90 | - ret = 1; | ||
91 | + if (state->d_fd >= 0) { | ||
92 | + put_dev_crypto(state->d_fd); | ||
93 | + state->d_fd = -1; | ||
94 | } | ||
95 | |||
96 | - put_dev_crypto(state->d_fd); | ||
97 | - state->d_fd = -1; | ||
98 | + state->mac_data = NULL; | ||
99 | + state->mac_len = 0; | ||
100 | |||
101 | - return (ret); | ||
102 | + return 1; | ||
103 | } | ||
104 | |||
105 | static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) | ||
106 | -- | ||
107 | 2.7.0 | ||
108 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch new file mode 100644 index 00000000..03d1b96a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0028-cryptodev-fix-debug-print-messages.patch | |||
@@ -0,0 +1,90 @@ | |||
1 | From 3dd41691dc8162ec26d188269934689ad834894c Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 15 Dec 2015 12:51:36 +0200 | ||
4 | Subject: [PATCH 28/48] cryptodev: fix debug print messages | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 18 +++++++++--------- | ||
9 | 1 file changed, 9 insertions(+), 9 deletions(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 76faa35..1585009 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -1563,13 +1563,13 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
16 | |||
17 | digest = digest_nid_to_cryptodev(ctx->digest->type); | ||
18 | if (digest == NID_undef) { | ||
19 | - printf("cryptodev_digest_init: Can't get digest \n"); | ||
20 | + printf("%s: Can't get digest\n", __func__); | ||
21 | return (0); | ||
22 | } | ||
23 | |||
24 | state->d_fd = get_dev_crypto(); | ||
25 | if (state->d_fd < 0) { | ||
26 | - printf("cryptodev_digest_init: Can't get Dev \n"); | ||
27 | + printf("%s: Can't get Dev\n", __func__); | ||
28 | return (0); | ||
29 | } | ||
30 | |||
31 | @@ -1586,7 +1586,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
32 | struct dev_crypto_state *state = ctx->md_data; | ||
33 | |||
34 | if (!data || !count) { | ||
35 | - printf("cryptodev_digest_update: illegal inputs \n"); | ||
36 | + printf("%s: illegal inputs\n", __func__); | ||
37 | return 0; | ||
38 | } | ||
39 | |||
40 | @@ -1603,7 +1603,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
41 | state->mac_data = | ||
42 | OPENSSL_realloc(state->mac_data, state->mac_len + count); | ||
43 | if (!state->mac_data) { | ||
44 | - printf("cryptodev_digest_update: realloc failed\n"); | ||
45 | + printf("%s: realloc failed\n", __func__); | ||
46 | return (0); | ||
47 | } | ||
48 | |||
49 | @@ -1622,12 +1622,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
50 | struct session_op *sess = &state->d_sess; | ||
51 | |||
52 | if (!md || state->d_fd < 0) { | ||
53 | - printf("cryptodev_digest_final: illegal input\n"); | ||
54 | + printf("%s: illegal input\n", __func__); | ||
55 | return (0); | ||
56 | } | ||
57 | |||
58 | if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | ||
59 | - printf("cryptodev_digest_init: Open session failed\n"); | ||
60 | + printf("%s: Open session failed\n", __func__); | ||
61 | return (0); | ||
62 | } | ||
63 | |||
64 | @@ -1640,12 +1640,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
65 | cryp.mac = md; | ||
66 | |||
67 | if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | ||
68 | - printf("cryptodev_digest_final: digest failed\n"); | ||
69 | + printf("%s: digest failed\n", __func__); | ||
70 | ret = 0; | ||
71 | } | ||
72 | |||
73 | if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | ||
74 | - printf("cryptodev_digest_cleanup: failed to close session\n"); | ||
75 | + printf("%s: failed to close session\n", __func__); | ||
76 | } | ||
77 | |||
78 | return ret; | ||
79 | @@ -1700,7 +1700,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) | ||
80 | if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { | ||
81 | put_dev_crypto(dstate->d_fd); | ||
82 | dstate->d_fd = -1; | ||
83 | - printf("cryptodev_digest_init: Open session failed\n"); | ||
84 | + printf("%s: Open session failed\n", __func__); | ||
85 | return (0); | ||
86 | } | ||
87 | |||
88 | -- | ||
89 | 2.7.0 | ||
90 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch new file mode 100644 index 00000000..3dc2b922 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch | |||
@@ -0,0 +1,91 @@ | |||
1 | From 3fe44ab50a87106af3349148e81ec8a1d524de82 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 15 Dec 2015 15:43:28 +0200 | ||
4 | Subject: [PATCH 29/48] cryptodev: use CIOCHASH ioctl for digest operations | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 34 +++++++++++----------------------- | ||
9 | 1 file changed, 11 insertions(+), 23 deletions(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 1585009..dc27b55 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -84,6 +84,7 @@ struct dev_crypto_state { | ||
16 | unsigned char *iv; | ||
17 | int ivlen; | ||
18 | # ifdef USE_CRYPTODEV_DIGESTS | ||
19 | + struct hash_op_data hash_op; | ||
20 | char dummy_mac_key[HASH_MAX_LEN]; | ||
21 | unsigned char digest_res[HASH_MAX_LEN]; | ||
22 | char *mac_data; | ||
23 | @@ -1556,7 +1557,7 @@ static int digest_key_length(int nid) | ||
24 | static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
25 | { | ||
26 | struct dev_crypto_state *state = ctx->md_data; | ||
27 | - struct session_op *sess = &state->d_sess; | ||
28 | + struct hash_op_data *hash_op = &state->hash_op; | ||
29 | int digest; | ||
30 | |||
31 | memset(state, 0, sizeof(struct dev_crypto_state)); | ||
32 | @@ -1573,9 +1574,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
33 | return (0); | ||
34 | } | ||
35 | |||
36 | - sess->mackey = state->dummy_mac_key; | ||
37 | - sess->mackeylen = digest_key_length(ctx->digest->type); | ||
38 | - sess->mac = digest; | ||
39 | + hash_op->mac_op = digest; | ||
40 | + hash_op->mackey = state->dummy_mac_key; | ||
41 | + hash_op->mackeylen = digest_key_length(ctx->digest->type); | ||
42 | |||
43 | return (1); | ||
44 | } | ||
45 | @@ -1617,37 +1618,24 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
46 | static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
47 | { | ||
48 | int ret = 1; | ||
49 | - struct crypt_op cryp; | ||
50 | struct dev_crypto_state *state = ctx->md_data; | ||
51 | - struct session_op *sess = &state->d_sess; | ||
52 | + struct hash_op_data *hash_op = &state->hash_op; | ||
53 | |||
54 | if (!md || state->d_fd < 0) { | ||
55 | printf("%s: illegal input\n", __func__); | ||
56 | return (0); | ||
57 | } | ||
58 | |||
59 | - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { | ||
60 | - printf("%s: Open session failed\n", __func__); | ||
61 | - return (0); | ||
62 | - } | ||
63 | - | ||
64 | - memset(&cryp, 0, sizeof(cryp)); | ||
65 | + hash_op->flags = 0; | ||
66 | + hash_op->len = state->mac_len; | ||
67 | + hash_op->src = state->mac_data; | ||
68 | + hash_op->mac_result = md; | ||
69 | |||
70 | - cryp.ses = sess->ses; | ||
71 | - cryp.flags = 0; | ||
72 | - cryp.len = state->mac_len; | ||
73 | - cryp.src = state->mac_data; | ||
74 | - cryp.mac = md; | ||
75 | - | ||
76 | - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { | ||
77 | + if (ioctl(state->d_fd, CIOCHASH, hash_op) < 0) { | ||
78 | printf("%s: digest failed\n", __func__); | ||
79 | ret = 0; | ||
80 | } | ||
81 | |||
82 | - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { | ||
83 | - printf("%s: failed to close session\n", __func__); | ||
84 | - } | ||
85 | - | ||
86 | return ret; | ||
87 | } | ||
88 | |||
89 | -- | ||
90 | 2.7.0 | ||
91 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch new file mode 100644 index 00000000..995a593f --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | From 12fad710349bb72b7f95ee30b40c2e6dfbb5d373 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Wed, 13 Jan 2016 15:18:20 +0200 | ||
4 | Subject: [PATCH 30/48] cryptodev: reduce duplicated efforts for searching | ||
5 | inside digests table | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 44 ++++++++++++++++++------------------------- | ||
10 | 1 file changed, 18 insertions(+), 26 deletions(-) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index dc27b55..30713e5 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -1533,37 +1533,31 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
17 | |||
18 | # ifdef USE_CRYPTODEV_DIGESTS | ||
19 | |||
20 | -/* convert digest type to cryptodev */ | ||
21 | -static int digest_nid_to_cryptodev(int nid) | ||
22 | +static int digest_nid_to_id(int nid) | ||
23 | { | ||
24 | int i; | ||
25 | |||
26 | - for (i = 0; digests[i].id; i++) | ||
27 | - if (digests[i].nid == nid) | ||
28 | - return (digests[i].id); | ||
29 | - return (0); | ||
30 | -} | ||
31 | - | ||
32 | -static int digest_key_length(int nid) | ||
33 | -{ | ||
34 | - int i; | ||
35 | - | ||
36 | - for (i = 0; digests[i].id; i++) | ||
37 | - if (digests[i].nid == nid) | ||
38 | - return digests[i].keylen; | ||
39 | - return (0); | ||
40 | + for (i = 0;; i++) { | ||
41 | + if ((digests[i].nid == nid) || (digests[i].id == 0)) { | ||
42 | + break; | ||
43 | + } | ||
44 | + } | ||
45 | + return i; | ||
46 | } | ||
47 | |||
48 | static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
49 | { | ||
50 | struct dev_crypto_state *state = ctx->md_data; | ||
51 | struct hash_op_data *hash_op = &state->hash_op; | ||
52 | - int digest; | ||
53 | + int id; | ||
54 | |||
55 | memset(state, 0, sizeof(struct dev_crypto_state)); | ||
56 | |||
57 | - digest = digest_nid_to_cryptodev(ctx->digest->type); | ||
58 | - if (digest == NID_undef) { | ||
59 | + id = digest_nid_to_id(ctx->digest->type); | ||
60 | + | ||
61 | + hash_op->mac_op = digests[id].id; | ||
62 | + hash_op->mackeylen = digests[id].keylen; | ||
63 | + if (hash_op->mac_op == 0) { | ||
64 | printf("%s: Can't get digest\n", __func__); | ||
65 | return (0); | ||
66 | } | ||
67 | @@ -1574,11 +1568,9 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) | ||
68 | return (0); | ||
69 | } | ||
70 | |||
71 | - hash_op->mac_op = digest; | ||
72 | hash_op->mackey = state->dummy_mac_key; | ||
73 | - hash_op->mackeylen = digest_key_length(ctx->digest->type); | ||
74 | |||
75 | - return (1); | ||
76 | + return 1; | ||
77 | } | ||
78 | |||
79 | static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
80 | @@ -1668,7 +1660,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) | ||
81 | struct dev_crypto_state *fstate = from->md_data; | ||
82 | struct dev_crypto_state *dstate = to->md_data; | ||
83 | struct session_op *sess; | ||
84 | - int digest; | ||
85 | + int id; | ||
86 | |||
87 | if (dstate == NULL || fstate == NULL) | ||
88 | return 1; | ||
89 | @@ -1677,11 +1669,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) | ||
90 | |||
91 | sess = &dstate->d_sess; | ||
92 | |||
93 | - digest = digest_nid_to_cryptodev(to->digest->type); | ||
94 | + id = digest_nid_to_id(to->digest->type); | ||
95 | |||
96 | sess->mackey = dstate->dummy_mac_key; | ||
97 | - sess->mackeylen = digest_key_length(to->digest->type); | ||
98 | - sess->mac = digest; | ||
99 | + sess->mackeylen = digests[id].keylen; | ||
100 | + sess->mac = digests[id].id; | ||
101 | |||
102 | dstate->d_fd = get_dev_crypto(); | ||
103 | |||
104 | -- | ||
105 | 2.7.0 | ||
106 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch new file mode 100644 index 00000000..fc23e0c1 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0031-cryptodev-remove-not-used-local-variables.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 8cd09ffdfd7d9c25605401f1c0947b1b4acc6e57 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 16:00:22 +0200 | ||
4 | Subject: [PATCH 31/48] cryptodev: remove not used local variables | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 6 +----- | ||
9 | 1 file changed, 1 insertion(+), 5 deletions(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 30713e5..2734500 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -1634,7 +1634,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) | ||
16 | static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) | ||
17 | { | ||
18 | struct dev_crypto_state *state = ctx->md_data; | ||
19 | - struct session_op *sess = &state->d_sess; | ||
20 | |||
21 | if (state == NULL) { | ||
22 | return 0; | ||
23 | @@ -3939,7 +3938,6 @@ static int cryptodev_dh_keygen(DH *dh) | ||
24 | int ret = 1, q_len = 0; | ||
25 | unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL; | ||
26 | BIGNUM *pub_key = NULL, *priv_key = NULL; | ||
27 | - int generate_new_key = 1; | ||
28 | |||
29 | if (dh->priv_key) | ||
30 | priv_key = dh->priv_key; | ||
31 | @@ -4061,11 +4059,9 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, | ||
32 | { | ||
33 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
34 | int ret = 1; | ||
35 | - int fd, p_len; | ||
36 | + int p_len; | ||
37 | unsigned char *padded_pub_key = NULL, *p = NULL; | ||
38 | |||
39 | - fd = *(int *)cookie->eng_handle; | ||
40 | - | ||
41 | memset(kop, 0, sizeof(struct crypt_kop)); | ||
42 | kop->crk_op = CRK_DH_COMPUTE_KEY; | ||
43 | /* inputs: dh->priv_key pub_key dh->p key */ | ||
44 | -- | ||
45 | 2.7.0 | ||
46 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch new file mode 100644 index 00000000..9ff4d361 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0032-cryptodev-hide-not-used-variable-behind-ifndef.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | From 335c80f847eacc573e10ba925b6a645963b16197 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 17:22:49 +0200 | ||
4 | Subject: [PATCH 32/48] cryptodev: hide not used variable behind #ifndef | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 2 ++ | ||
9 | 1 file changed, 2 insertions(+) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 2734500..5a68c76 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -412,7 +412,9 @@ static int open_dev_crypto(void) | ||
16 | static int get_dev_crypto(void) | ||
17 | { | ||
18 | static int fd = -1; | ||
19 | +# ifndef CRIOGET_NOT_NEEDED | ||
20 | int retfd; | ||
21 | +# endif | ||
22 | |||
23 | if (fd == -1) | ||
24 | fd = open_dev_crypto(); | ||
25 | -- | ||
26 | 2.7.0 | ||
27 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch new file mode 100644 index 00000000..82ccebad --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0033-cryptodev-fix-function-declaration-typo.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 03bdddf1495707119e4fa0eda385ecdccf66cbd8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 16:08:25 +0200 | ||
4 | Subject: [PATCH 33/48] cryptodev: fix function declaration typo | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/engine.h | 2 +- | ||
9 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
10 | |||
11 | diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h | ||
12 | index f83ee73..c8efbe1 100644 | ||
13 | --- a/crypto/engine/engine.h | ||
14 | +++ b/crypto/engine/engine.h | ||
15 | @@ -569,7 +569,7 @@ void ENGINE_set_async_map(ENGINE *e, int async_map); | ||
16 | int ENGINE_get_async_map(ENGINE *e); | ||
17 | int ENGINE_open_instance(ENGINE *e); | ||
18 | int ENGINE_close_instance(ENGINE *e, int fd); | ||
19 | -void ENGINE_set_init_instance(ENGINE *e, int(*engine_init_instance)(void)); | ||
20 | +void ENGINE_set_open_instance(ENGINE *e, int(*engine_open_instance)(void)); | ||
21 | void ENGINE_set_close_instance(ENGINE *e, int(*engine_close_instance)(int)); | ||
22 | void ENGINE_set_check_pkc_availability(ENGINE *e, | ||
23 | int (*check_pkc_availability)(int fd)); | ||
24 | -- | ||
25 | 2.7.0 | ||
26 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch new file mode 100644 index 00000000..84268c58 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0034-cryptodev-fix-incorrect-function-signature.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 7012cf33a00618749319b1903f48ee3a35f5887b Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 16:12:54 +0200 | ||
4 | Subject: [PATCH 34/48] cryptodev: fix incorrect function signature | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 2 +- | ||
9 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 5a68c76..cec6938 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -3148,7 +3148,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign(const unsigned char *dgst, | ||
16 | } | ||
17 | |||
18 | static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | ||
19 | - ECDSA_SIG *sig, EC_KEY *eckey) | ||
20 | + const ECDSA_SIG *sig, EC_KEY *eckey) | ||
21 | { | ||
22 | BIGNUM *m = NULL, *p = NULL, *a = NULL, *b = NULL; | ||
23 | BIGNUM *x = NULL, *y = NULL, *w_x = NULL, *w_y = NULL; | ||
24 | -- | ||
25 | 2.7.0 | ||
26 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch new file mode 100644 index 00000000..0e90d82b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch | |||
@@ -0,0 +1,110 @@ | |||
1 | From 82612e3c4161ed6e10379841b953a0f56e557be4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 16:21:46 +0200 | ||
4 | Subject: [PATCH 35/48] cryptodev: fix warnings on excess elements in struct | ||
5 | initializer | ||
6 | |||
7 | The initialization data for these structures had either missing or excess | ||
8 | values and did not match the structure definitions. | ||
9 | |||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
11 | --- | ||
12 | crypto/dh/dh.h | 6 +++--- | ||
13 | crypto/dsa/dsa.h | 11 ++++++----- | ||
14 | crypto/engine/eng_cryptodev.c | 11 ++++++----- | ||
15 | 3 files changed, 15 insertions(+), 13 deletions(-) | ||
16 | |||
17 | diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h | ||
18 | index 31dd762..11c6c7d 100644 | ||
19 | --- a/crypto/dh/dh.h | ||
20 | +++ b/crypto/dh/dh.h | ||
21 | @@ -123,9 +123,9 @@ struct dh_method { | ||
22 | int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
23 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
24 | BN_MONT_CTX *m_ctx); | ||
25 | - int (*compute_key_async)(unsigned char *key,const BIGNUM *pub_key,DH *dh, | ||
26 | - struct pkc_cookie_s *cookie); | ||
27 | - int (*generate_key_async)(DH *dh, struct pkc_cookie_s *cookie); | ||
28 | + int (*compute_key_async) (unsigned char *key, const BIGNUM *pub_key, | ||
29 | + DH *dh, struct pkc_cookie_s * cookie); | ||
30 | + int (*generate_key_async) (DH *dh, struct pkc_cookie_s * cookie); | ||
31 | int (*init) (DH *dh); | ||
32 | int (*finish) (DH *dh); | ||
33 | int flags; | ||
34 | diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h | ||
35 | index 8584731..ab52add 100644 | ||
36 | --- a/crypto/dsa/dsa.h | ||
37 | +++ b/crypto/dsa/dsa.h | ||
38 | @@ -139,10 +139,11 @@ struct dsa_method { | ||
39 | /* Can be null */ | ||
40 | int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
41 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
42 | - int (*dsa_do_sign_async)(const unsigned char *dgst, int dlen, DSA *dsa, | ||
43 | - DSA_SIG *sig, struct pkc_cookie_s *cookie); | ||
44 | - int (*dsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
45 | - DSA_SIG *sig, DSA *dsa, struct pkc_cookie_s *cookie); | ||
46 | + int (*dsa_do_sign_async) (const unsigned char *dgst, int dlen, DSA *dsa, | ||
47 | + DSA_SIG *sig, struct pkc_cookie_s * cookie); | ||
48 | + int (*dsa_do_verify_async) (const unsigned char *dgst, int dgst_len, | ||
49 | + DSA_SIG *sig, DSA *dsa, | ||
50 | + struct pkc_cookie_s * cookie); | ||
51 | int (*init) (DSA *dsa); | ||
52 | int (*finish) (DSA *dsa); | ||
53 | int flags; | ||
54 | @@ -154,7 +155,7 @@ struct dsa_method { | ||
55 | BN_GENCB *cb); | ||
56 | /* If this is non-NULL, it is used to generate DSA keys */ | ||
57 | int (*dsa_keygen) (DSA *dsa); | ||
58 | - int (*dsa_keygen_async)(DSA *dsa, struct pkc_cookie_s *cookie); | ||
59 | + int (*dsa_keygen_async) (DSA *dsa, struct pkc_cookie_s * cookie); | ||
60 | }; | ||
61 | |||
62 | struct dsa_st { | ||
63 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
64 | index cec6938..407ea62 100644 | ||
65 | --- a/crypto/engine/eng_cryptodev.c | ||
66 | +++ b/crypto/engine/eng_cryptodev.c | ||
67 | @@ -2892,11 +2892,13 @@ static DSA_METHOD cryptodev_dsa = { | ||
68 | NULL, | ||
69 | NULL, | ||
70 | NULL, | ||
71 | - NULL, | ||
72 | NULL, /* init */ | ||
73 | NULL, /* finish */ | ||
74 | 0, /* flags */ | ||
75 | - NULL /* app_data */ | ||
76 | + NULL, /* app_data */ | ||
77 | + NULL, | ||
78 | + NULL, | ||
79 | + NULL | ||
80 | }; | ||
81 | |||
82 | static ECDSA_METHOD cryptodev_ecdsa = { | ||
83 | @@ -2906,7 +2908,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { | ||
84 | NULL, | ||
85 | NULL, | ||
86 | NULL, | ||
87 | - NULL, | ||
88 | 0, /* flags */ | ||
89 | NULL /* app_data */ | ||
90 | }; | ||
91 | @@ -4483,14 +4484,14 @@ static DH_METHOD cryptodev_dh = { | ||
92 | NULL, | ||
93 | NULL, | ||
94 | 0, /* flags */ | ||
95 | - NULL /* app_data */ | ||
96 | + NULL, /* app_data */ | ||
97 | + NULL, /* generate_params */ | ||
98 | }; | ||
99 | |||
100 | static ECDH_METHOD cryptodev_ecdh = { | ||
101 | "cryptodev ECDH method", | ||
102 | NULL, /* cryptodev_ecdh_compute_key */ | ||
103 | NULL, | ||
104 | - NULL, | ||
105 | 0, /* flags */ | ||
106 | NULL /* app_data */ | ||
107 | }; | ||
108 | -- | ||
109 | 2.7.0 | ||
110 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch new file mode 100644 index 00000000..94b9f0f6 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0036-cryptodev-fix-free-on-error-path.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 8ccc9b12954b7eb299020a1b15d9d1e5735779df Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 16:36:33 +0200 | ||
4 | Subject: [PATCH 36/48] cryptodev: fix free on error path | ||
5 | |||
6 | This was most likely a typo that escaped code review | ||
7 | |||
8 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
9 | --- | ||
10 | crypto/ecdsa/ecs_locl.h | 4 ++-- | ||
11 | crypto/engine/eng_cryptodev.c | 2 +- | ||
12 | 2 files changed, 3 insertions(+), 3 deletions(-) | ||
13 | |||
14 | diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h | ||
15 | index 9b28c04..c3843c6 100644 | ||
16 | --- a/crypto/ecdsa/ecs_locl.h | ||
17 | +++ b/crypto/ecdsa/ecs_locl.h | ||
18 | @@ -74,10 +74,10 @@ struct ecdsa_method { | ||
19 | BIGNUM **r); | ||
20 | int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len, | ||
21 | const ECDSA_SIG *sig, EC_KEY *eckey); | ||
22 | - int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, | ||
23 | + int (*ecdsa_do_sign_async)(const unsigned char *dgst, int dgst_len, | ||
24 | const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey, | ||
25 | ECDSA_SIG *sig, struct pkc_cookie_s *cookie); | ||
26 | - int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
27 | + int (*ecdsa_do_verify_async)(const unsigned char *dgst, int dgst_len, | ||
28 | const ECDSA_SIG *sig, EC_KEY *eckey, struct pkc_cookie_s *cookie); | ||
29 | # if 0 | ||
30 | int (*init) (EC_KEY *eckey); | ||
31 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
32 | index 407ea62..1b1fdc7 100644 | ||
33 | --- a/crypto/engine/eng_cryptodev.c | ||
34 | +++ b/crypto/engine/eng_cryptodev.c | ||
35 | @@ -3424,7 +3424,7 @@ static int cryptodev_ecdsa_do_sign_async(const unsigned char *dgst, | ||
36 | if (!(sig->r = BN_new()) || !kop) | ||
37 | goto err; | ||
38 | if ((sig->s = BN_new()) == NULL) { | ||
39 | - BN_free(r); | ||
40 | + BN_free(sig->r); | ||
41 | goto err; | ||
42 | } | ||
43 | |||
44 | -- | ||
45 | 2.7.0 | ||
46 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch new file mode 100644 index 00000000..2e9567b3 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0037-cryptodev-fix-return-value-on-error.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From b3d3b86063e65b84ce53f4653295e3f6a83d5794 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 16:55:32 +0200 | ||
4 | Subject: [PATCH 37/48] cryptodev: fix return value on error | ||
5 | |||
6 | Even though we're on error path, the operation is taken care of on | ||
7 | software; return success (ret is 1) | ||
8 | |||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
10 | --- | ||
11 | crypto/engine/eng_cryptodev.c | 1 - | ||
12 | 1 file changed, 1 deletion(-) | ||
13 | |||
14 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
15 | index 1b1fdc7..8cd3aa3 100644 | ||
16 | --- a/crypto/engine/eng_cryptodev.c | ||
17 | +++ b/crypto/engine/eng_cryptodev.c | ||
18 | @@ -2755,7 +2755,6 @@ cryptodev_dsa_do_sign_async(const unsigned char *dgst, int dlen, DSA *dsa, | ||
19 | sig->s = dsaret->s; | ||
20 | /* Call user callback immediately */ | ||
21 | cookie->pkc_callback(cookie, 0); | ||
22 | - ret = dsaret; | ||
23 | } | ||
24 | return ret; | ||
25 | } | ||
26 | -- | ||
27 | 2.7.0 | ||
28 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch new file mode 100644 index 00000000..6e083bad --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0038-cryptodev-match-types-with-cryptodev.h.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From dcc3254b6dbb8627dd710fa58585542b98c80394 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 17:11:43 +0200 | ||
4 | Subject: [PATCH 38/48] cryptodev: match types with cryptodev.h | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 4 ++-- | ||
9 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 8cd3aa3..4613d2d 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -85,9 +85,9 @@ struct dev_crypto_state { | ||
16 | int ivlen; | ||
17 | # ifdef USE_CRYPTODEV_DIGESTS | ||
18 | struct hash_op_data hash_op; | ||
19 | - char dummy_mac_key[HASH_MAX_LEN]; | ||
20 | + unsigned char dummy_mac_key[HASH_MAX_LEN]; | ||
21 | unsigned char digest_res[HASH_MAX_LEN]; | ||
22 | - char *mac_data; | ||
23 | + unsigned char *mac_data; | ||
24 | int mac_len; | ||
25 | # endif | ||
26 | }; | ||
27 | -- | ||
28 | 2.7.0 | ||
29 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch new file mode 100644 index 00000000..916c47e9 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0039-cryptodev-explicitly-discard-const-qualifier.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From 605210c8ae9241cad6c4ec071f5193bf3e83b2d4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 17:15:25 +0200 | ||
4 | Subject: [PATCH 39/48] cryptodev: explicitly discard const qualifier | ||
5 | |||
6 | The const qualifier is discarded by the assignment as a result of how | ||
7 | the variables are defined. This patch drops the const qualifier | ||
8 | explicitly to avoid build errors. | ||
9 | |||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
11 | --- | ||
12 | crypto/engine/eng_cryptodev.c | 2 +- | ||
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
16 | index 4613d2d..2791ca3 100644 | ||
17 | --- a/crypto/engine/eng_cryptodev.c | ||
18 | +++ b/crypto/engine/eng_cryptodev.c | ||
19 | @@ -1592,7 +1592,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, | ||
20 | * cryptodev calls and accumulating small amounts of data | ||
21 | */ | ||
22 | if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { | ||
23 | - state->mac_data = data; | ||
24 | + state->mac_data = (void *)data; | ||
25 | state->mac_len = count; | ||
26 | } else { | ||
27 | state->mac_data = | ||
28 | -- | ||
29 | 2.7.0 | ||
30 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch new file mode 100644 index 00000000..2c61d9b8 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0040-cryptodev-replace-caddr_t-with-void.patch | |||
@@ -0,0 +1,95 @@ | |||
1 | From 45429e5ea075867f9219a6fcb233677d062a4451 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 9 Feb 2016 11:28:23 +0200 | ||
4 | Subject: [PATCH 40/48] cryptodev: replace caddr_t with void * | ||
5 | |||
6 | This avoids warnings such as "pointer targets in assignment differ in | ||
7 | signedness" when compiling the code | ||
8 | |||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
10 | --- | ||
11 | crypto/engine/eng_cryptodev.c | 22 +++++++++++----------- | ||
12 | 1 file changed, 11 insertions(+), 11 deletions(-) | ||
13 | |||
14 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
15 | index 2791ca3..f172173 100644 | ||
16 | --- a/crypto/engine/eng_cryptodev.c | ||
17 | +++ b/crypto/engine/eng_cryptodev.c | ||
18 | @@ -460,8 +460,8 @@ static int get_cryptodev_ciphers(const int **cnids) | ||
19 | return (0); | ||
20 | } | ||
21 | memset(&sess, 0, sizeof(sess)); | ||
22 | - sess.key = (caddr_t) "123456789abcdefghijklmno"; | ||
23 | - sess.mackey = (caddr_t) "123456789ABCDEFGHIJKLMNO"; | ||
24 | + sess.key = (void *)"123456789abcdefghijklmno"; | ||
25 | + sess.mackey = (void *)"123456789ABCDEFGHIJKLMNO"; | ||
26 | |||
27 | for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | ||
28 | if (ciphers[i].nid == NID_undef) | ||
29 | @@ -501,7 +501,7 @@ static int get_cryptodev_digests(const int **cnids) | ||
30 | return (0); | ||
31 | } | ||
32 | memset(&sess, 0, sizeof(sess)); | ||
33 | - sess.mackey = (caddr_t) "123456789abcdefghijklmno"; | ||
34 | + sess.mackey = (void *)"123456789abcdefghijklmno"; | ||
35 | for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { | ||
36 | if (digests[i].nid == NID_undef) | ||
37 | continue; | ||
38 | @@ -633,14 +633,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
39 | cryp.ses = sess->ses; | ||
40 | cryp.flags = 0; | ||
41 | cryp.len = inl; | ||
42 | - cryp.src = (caddr_t) in; | ||
43 | - cryp.dst = (caddr_t) out; | ||
44 | + cryp.src = (void *)in; | ||
45 | + cryp.dst = (void *)out; | ||
46 | cryp.mac = 0; | ||
47 | |||
48 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
49 | |||
50 | if (ctx->cipher->iv_len) { | ||
51 | - cryp.iv = (caddr_t) ctx->iv; | ||
52 | + cryp.iv = (void *)ctx->iv; | ||
53 | if (!ctx->encrypt) { | ||
54 | iiv = in + inl - ctx->cipher->iv_len; | ||
55 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
56 | @@ -701,15 +701,15 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
57 | } | ||
58 | cryp.ses = sess->ses; | ||
59 | cryp.len = state->len; | ||
60 | - cryp.src = (caddr_t) in; | ||
61 | - cryp.dst = (caddr_t) out; | ||
62 | + cryp.src = (void *)in; | ||
63 | + cryp.dst = (void *)out; | ||
64 | cryp.auth_src = state->aad; | ||
65 | cryp.auth_len = state->aad_len; | ||
66 | |||
67 | cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
68 | |||
69 | if (ctx->cipher->iv_len) { | ||
70 | - cryp.iv = (caddr_t) ctx->iv; | ||
71 | + cryp.iv = (void *)ctx->iv; | ||
72 | if (!ctx->encrypt) { | ||
73 | iiv = in + len - ctx->cipher->iv_len; | ||
74 | memcpy(save_iv, iiv, ctx->cipher->iv_len); | ||
75 | @@ -761,7 +761,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
76 | if ((state->d_fd = get_dev_crypto()) < 0) | ||
77 | return (0); | ||
78 | |||
79 | - sess->key = (caddr_t) key; | ||
80 | + sess->key = (void *)key; | ||
81 | sess->keylen = ctx->key_len; | ||
82 | sess->cipher = cipher; | ||
83 | |||
84 | @@ -804,7 +804,7 @@ static int cryptodev_init_aead_key(EVP_CIPHER_CTX *ctx, | ||
85 | |||
86 | memset(sess, 0, sizeof(struct session_op)); | ||
87 | |||
88 | - sess->key = (caddr_t) key; | ||
89 | + sess->key = (void *)key; | ||
90 | sess->keylen = ctx->key_len; | ||
91 | sess->cipher = cipher; | ||
92 | |||
93 | -- | ||
94 | 2.7.0 | ||
95 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch new file mode 100644 index 00000000..55250454 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From f10d471839dff079a23d79d1b4ecb3e3e6529283 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 17:04:25 +0200 | ||
4 | Subject: [PATCH 41/48] cryptodev: check for errors inside | ||
5 | cryptodev_rsa_mod_exp | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 24 ++++++++++++++++++------ | ||
10 | 1 file changed, 18 insertions(+), 6 deletions(-) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index f172173..695848d 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -2054,12 +2054,24 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | ||
17 | kop.crk_status = 0; | ||
18 | kop.crk_op = CRK_MOD_EXP_CRT; | ||
19 | f_len = BN_num_bytes(rsa->n); | ||
20 | - spcf_bn2bin_ex(I, &f, &f_len); | ||
21 | - spcf_bn2bin(rsa->p, &p, &p_len); | ||
22 | - spcf_bn2bin(rsa->q, &q, &q_len); | ||
23 | - spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); | ||
24 | - spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); | ||
25 | - spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); | ||
26 | + if (spcf_bn2bin_ex(I, &f, &f_len) != 0) { | ||
27 | + goto err; | ||
28 | + } | ||
29 | + if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) { | ||
30 | + goto err; | ||
31 | + } | ||
32 | + if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) { | ||
33 | + goto err; | ||
34 | + } | ||
35 | + if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) { | ||
36 | + goto err; | ||
37 | + } | ||
38 | + if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) { | ||
39 | + goto err; | ||
40 | + } | ||
41 | + if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) { | ||
42 | + goto err; | ||
43 | + } | ||
44 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
45 | kop.crk_param[0].crp_p = p; | ||
46 | kop.crk_param[0].crp_nbits = p_len * 8; | ||
47 | -- | ||
48 | 2.7.0 | ||
49 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch new file mode 100644 index 00000000..218accb1 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch | |||
@@ -0,0 +1,69 @@ | |||
1 | From 402a2e4da471728fa537462d7a13aa35955cd6d8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 9 Feb 2016 11:47:52 +0200 | ||
4 | Subject: [PATCH 42/48] cryptodev: check for errors inside | ||
5 | cryptodev_rsa_mod_exp_async | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 33 +++++++++++++++++++++++++-------- | ||
10 | 1 file changed, 25 insertions(+), 8 deletions(-) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index 695848d..8e84972 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -2109,25 +2109,42 @@ static int | ||
17 | cryptodev_rsa_mod_exp_async(BIGNUM *r0, const BIGNUM *I, RSA *rsa, | ||
18 | BN_CTX *ctx, struct pkc_cookie_s *cookie) | ||
19 | { | ||
20 | - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
21 | + struct crypt_kop *kop; | ||
22 | int ret = 1, f_len, p_len, q_len; | ||
23 | unsigned char *f = NULL, *p = NULL, *q = NULL, *dp = NULL, *dq = | ||
24 | NULL, *c = NULL; | ||
25 | |||
26 | - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp || !kop) { | ||
27 | + if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { | ||
28 | return (0); | ||
29 | } | ||
30 | |||
31 | + kop = malloc(sizeof(struct crypt_kop)); | ||
32 | + if (kop == NULL) { | ||
33 | + goto err; | ||
34 | + } | ||
35 | + | ||
36 | kop->crk_oparams = 0; | ||
37 | kop->crk_status = 0; | ||
38 | kop->crk_op = CRK_MOD_EXP_CRT; | ||
39 | f_len = BN_num_bytes(rsa->n); | ||
40 | - spcf_bn2bin_ex(I, &f, &f_len); | ||
41 | - spcf_bn2bin(rsa->p, &p, &p_len); | ||
42 | - spcf_bn2bin(rsa->q, &q, &q_len); | ||
43 | - spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len); | ||
44 | - spcf_bn2bin_ex(rsa->iqmp, &c, &p_len); | ||
45 | - spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len); | ||
46 | + if (spcf_bn2bin_ex(I, &f, &f_len) != 0) { | ||
47 | + goto err; | ||
48 | + } | ||
49 | + if (spcf_bn2bin(rsa->p, &p, &p_len) != 0) { | ||
50 | + goto err; | ||
51 | + } | ||
52 | + if (spcf_bn2bin(rsa->q, &q, &q_len) != 0) { | ||
53 | + goto err; | ||
54 | + } | ||
55 | + if (spcf_bn2bin_ex(rsa->dmp1, &dp, &p_len) != 0) { | ||
56 | + goto err; | ||
57 | + } | ||
58 | + if (spcf_bn2bin_ex(rsa->iqmp, &c, &p_len) != 0) { | ||
59 | + goto err; | ||
60 | + } | ||
61 | + if (spcf_bn2bin_ex(rsa->dmq1, &dq, &q_len) != 0) { | ||
62 | + goto err; | ||
63 | + } | ||
64 | /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ | ||
65 | kop->crk_param[0].crp_p = p; | ||
66 | kop->crk_param[0].crp_nbits = p_len * 8; | ||
67 | -- | ||
68 | 2.7.0 | ||
69 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch new file mode 100644 index 00000000..931141de --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From c8a5f714d35c3bd63d2511ad69e0661a7d1d5dcd Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 9 Feb 2016 11:53:22 +0200 | ||
4 | Subject: [PATCH 43/48] cryptodev: check for errors inside | ||
5 | cryptodev_dh_compute_key | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 15 +++++++++++---- | ||
10 | 1 file changed, 11 insertions(+), 4 deletions(-) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index 8e84972..55b2047 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -4043,11 +4043,15 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
17 | memset(&kop, 0, sizeof kop); | ||
18 | kop.crk_op = CRK_DH_COMPUTE_KEY; | ||
19 | /* inputs: dh->priv_key pub_key dh->p key */ | ||
20 | - spcf_bn2bin(dh->p, &p, &p_len); | ||
21 | - spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); | ||
22 | - if (bn2crparam(dh->priv_key, &kop.crk_param[0])) | ||
23 | + if (spcf_bn2bin(dh->p, &p, &p_len) != 0) { | ||
24 | goto sw_try; | ||
25 | - | ||
26 | + } | ||
27 | + if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) { | ||
28 | + goto sw_try; | ||
29 | + } | ||
30 | + if (bn2crparam(dh->priv_key, &kop.crk_param[0]) != 0) { | ||
31 | + goto sw_try; | ||
32 | + } | ||
33 | kop.crk_param[1].crp_p = padded_pub_key; | ||
34 | kop.crk_param[1].crp_nbits = p_len * 8; | ||
35 | kop.crk_param[2].crp_p = p; | ||
36 | @@ -4074,10 +4078,13 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
37 | kop.crk_param[3].crp_p = NULL; | ||
38 | zapparams(&kop); | ||
39 | return (dhret); | ||
40 | + | ||
41 | sw_try: | ||
42 | { | ||
43 | const DH_METHOD *meth = DH_OpenSSL(); | ||
44 | |||
45 | + free(p); | ||
46 | + free(padded_pub_key); | ||
47 | dhret = (meth->compute_key) (key, pub_key, dh); | ||
48 | } | ||
49 | return (dhret); | ||
50 | -- | ||
51 | 2.7.0 | ||
52 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch new file mode 100644 index 00000000..be996435 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | From 42a1c45091ab7996c4411f3dd74539c908c63208 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 9 Feb 2016 11:53:33 +0200 | ||
4 | Subject: [PATCH 44/48] cryptodev: check for errors inside | ||
5 | cryptodev_dh_compute_key_async | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 29 +++++++++++++++++++++-------- | ||
10 | 1 file changed, 21 insertions(+), 8 deletions(-) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index 55b2047..e0f9d4b 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -4095,19 +4095,28 @@ static int | ||
17 | cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, | ||
18 | DH *dh, struct pkc_cookie_s *cookie) | ||
19 | { | ||
20 | - struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | ||
21 | + struct crypt_kop *kop; | ||
22 | int ret = 1; | ||
23 | int p_len; | ||
24 | unsigned char *padded_pub_key = NULL, *p = NULL; | ||
25 | |||
26 | + kop = malloc(sizeof(struct crypt_kop)); | ||
27 | + if (kop == NULL) { | ||
28 | + goto err; | ||
29 | + } | ||
30 | + | ||
31 | memset(kop, 0, sizeof(struct crypt_kop)); | ||
32 | kop->crk_op = CRK_DH_COMPUTE_KEY; | ||
33 | /* inputs: dh->priv_key pub_key dh->p key */ | ||
34 | - spcf_bn2bin(dh->p, &p, &p_len); | ||
35 | - spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len); | ||
36 | - | ||
37 | - if (bn2crparam(dh->priv_key, &kop->crk_param[0])) | ||
38 | + if (spcf_bn2bin(dh->p, &p, &p_len) != 0) { | ||
39 | + goto err; | ||
40 | + } | ||
41 | + if (spcf_bn2bin_ex(pub_key, &padded_pub_key, &p_len) != 0) { | ||
42 | goto err; | ||
43 | + } | ||
44 | + if (bn2crparam(dh->priv_key, &kop->crk_param[0]) != 0) { | ||
45 | + goto err; | ||
46 | + } | ||
47 | kop->crk_param[1].crp_p = padded_pub_key; | ||
48 | kop->crk_param[1].crp_nbits = p_len * 8; | ||
49 | kop->crk_param[2].crp_p = p; | ||
50 | @@ -4119,16 +4128,20 @@ cryptodev_dh_compute_key_async(unsigned char *key, const BIGNUM *pub_key, | ||
51 | kop->crk_param[3].crp_nbits = p_len * 8; | ||
52 | kop->crk_oparams = 1; | ||
53 | |||
54 | - if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) | ||
55 | + if (cryptodev_asym_async(kop, 0, NULL, 0, NULL)) { | ||
56 | goto err; | ||
57 | + } | ||
58 | |||
59 | return p_len; | ||
60 | err: | ||
61 | { | ||
62 | const DH_METHOD *meth = DH_OpenSSL(); | ||
63 | - | ||
64 | - if (kop) | ||
65 | + free(p); | ||
66 | + free(padded_pub_key); | ||
67 | + if (kop) { | ||
68 | free(kop); | ||
69 | + } | ||
70 | + | ||
71 | ret = (meth->compute_key) (key, pub_key, dh); | ||
72 | /* Call user cookie handler */ | ||
73 | cookie->pkc_callback(cookie, 0); | ||
74 | -- | ||
75 | 2.7.0 | ||
76 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch new file mode 100644 index 00000000..11f1a541 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0045-cryptodev-change-signature-for-conversion-functions.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From 528e4965e536d31cdccb11abe5e04db28a1008a8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 9 Feb 2016 12:11:32 +0200 | ||
4 | Subject: [PATCH 45/48] cryptodev: change signature for conversion functions | ||
5 | |||
6 | These functions are called with const BIGNUMs, so we change the | ||
7 | signatures to avoid compilation warnings | ||
8 | |||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
10 | --- | ||
11 | crypto/engine/eng_cryptodev.c | 4 ++-- | ||
12 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
13 | |||
14 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
15 | index e0f9d4b..3024a68 100644 | ||
16 | --- a/crypto/engine/eng_cryptodev.c | ||
17 | +++ b/crypto/engine/eng_cryptodev.c | ||
18 | @@ -145,7 +145,7 @@ const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha1; | ||
19 | const EVP_CIPHER cryptodev_tls12_aes_128_cbc_hmac_sha256; | ||
20 | const EVP_CIPHER cryptodev_tls12_aes_256_cbc_hmac_sha256; | ||
21 | |||
22 | -inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
23 | +inline int spcf_bn2bin(const BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
24 | { | ||
25 | int len; | ||
26 | unsigned char *p; | ||
27 | @@ -167,7 +167,7 @@ inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
28 | return 0; | ||
29 | } | ||
30 | |||
31 | -inline int spcf_bn2bin_ex(BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
32 | +inline int spcf_bn2bin_ex(const BIGNUM *bn, unsigned char **bin, int *bin_len) | ||
33 | { | ||
34 | int len; | ||
35 | unsigned char *p; | ||
36 | -- | ||
37 | 2.7.0 | ||
38 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch new file mode 100644 index 00000000..e7a5aa32 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From b27823ac9f460c96a72d9003e2e134c1288ac85f Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Tue, 9 Feb 2016 12:13:59 +0200 | ||
4 | Subject: [PATCH 46/48] cryptodev: add explicit cast for known BIGNUM values | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
7 | --- | ||
8 | crypto/engine/eng_cryptodev.c | 2 +- | ||
9 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
10 | |||
11 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
12 | index 3024a68..539be62 100644 | ||
13 | --- a/crypto/engine/eng_cryptodev.c | ||
14 | +++ b/crypto/engine/eng_cryptodev.c | ||
15 | @@ -4014,7 +4014,7 @@ static int cryptodev_dh_keygen(DH *dh) | ||
16 | } | ||
17 | |||
18 | /* pub_key is or prime length while priv key is of length of order */ | ||
19 | - if (cryptodev_asym(&kop, q_len, w, q_len, s)) | ||
20 | + if (cryptodev_asym(&kop, q_len, (BIGNUM *)w, q_len, (BIGNUM *)s)) | ||
21 | goto sw_try; | ||
22 | |||
23 | dh->pub_key = BN_bin2bn(w, q_len, pub_key); | ||
24 | -- | ||
25 | 2.7.0 | ||
26 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch new file mode 100644 index 00000000..2163998b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0047-cryptodev-treat-all-build-warnings-as-errors.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 596735ad86a3dae987e19c21ef22259179966fc6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Mon, 8 Feb 2016 15:15:02 +0200 | ||
4 | Subject: [PATCH 47/48] cryptodev: treat all build warnings as errors | ||
5 | |||
6 | This patch has the purpose of maintaining a higher level of code quality. | ||
7 | |||
8 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
9 | --- | ||
10 | crypto/engine/Makefile | 2 +- | ||
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile | ||
14 | index 426388e..010f21d 100644 | ||
15 | --- a/crypto/engine/Makefile | ||
16 | +++ b/crypto/engine/Makefile | ||
17 | @@ -10,7 +10,7 @@ CFLAG=-g | ||
18 | MAKEFILE= Makefile | ||
19 | AR= ar r | ||
20 | |||
21 | -CFLAGS= $(INCLUDES) $(CFLAG) | ||
22 | +CFLAGS= -Wall -Werror $(INCLUDES) $(CFLAG) | ||
23 | |||
24 | GENERAL=Makefile | ||
25 | TEST= enginetest.c | ||
26 | -- | ||
27 | 2.7.0 | ||
28 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch new file mode 100644 index 00000000..d7b84e6a --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 116bd4f6f1ee5acdb997d414902d9646b24df1be Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@nxp.com> | ||
3 | Date: Wed, 6 Apr 2016 15:22:58 +0300 | ||
4 | Subject: [PATCH 48/48] fix 'maclen is used uninitialized' warning on some | ||
5 | compilers | ||
6 | |||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> | ||
8 | --- | ||
9 | crypto/engine/eng_cryptodev.c | 4 ++++ | ||
10 | 1 file changed, 4 insertions(+) | ||
11 | |||
12 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
13 | index 539be62..35b71b0 100644 | ||
14 | --- a/crypto/engine/eng_cryptodev.c | ||
15 | +++ b/crypto/engine/eng_cryptodev.c | ||
16 | @@ -905,6 +905,10 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, | ||
17 | maclen = SHA256_DIGEST_LENGTH; | ||
18 | aad_needs_fix = true; | ||
19 | break; | ||
20 | + default: | ||
21 | + fprintf(stderr, "%s: unsupported NID: %d\n", | ||
22 | + __func__, ctx->cipher->nid); | ||
23 | + return -1; | ||
24 | } | ||
25 | |||
26 | /* Correct length for AAD Length field */ | ||
27 | -- | ||
28 | 2.7.0 | ||
29 | |||
diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest b/recipes-connectivity/openssl/openssl-qoriq/run-ptest new file mode 100755 index 00000000..3b20fce1 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/sh | ||
2 | make -k runtest | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb deleted file mode 100644 index 3b9d56eb..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq_1.0.1i.bb +++ /dev/null | |||
@@ -1,96 +0,0 @@ | |||
1 | require openssl-qoriq.inc | ||
2 | |||
3 | # For target side versions of openssl enable support for cryptodev Linux driver | ||
4 | # if they are available. | ||
5 | DEPENDS_class-target += "cryptodev-linux" | ||
6 | CFLAG_class-target += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" | ||
7 | |||
8 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" | ||
9 | |||
10 | export DIRS = "crypto ssl apps engines" | ||
11 | export OE_LDFLAGS="${LDFLAGS}" | ||
12 | |||
13 | SRC_URI += "file://configure-targets.patch \ | ||
14 | file://shared-libs.patch \ | ||
15 | file://oe-ldflags.patch \ | ||
16 | file://engines-install-in-libdir-ssl.patch \ | ||
17 | file://openssl-fix-link.patch \ | ||
18 | file://debian/version-script.patch \ | ||
19 | file://debian/pic.patch \ | ||
20 | file://debian/c_rehash-compat.patch \ | ||
21 | file://debian/ca.patch \ | ||
22 | file://debian/make-targets.patch \ | ||
23 | file://debian/no-rpath.patch \ | ||
24 | file://debian/man-dir.patch \ | ||
25 | file://debian/man-section.patch \ | ||
26 | file://debian/no-symbolic.patch \ | ||
27 | file://debian/debian-targets.patch \ | ||
28 | file://openssl_fix_for_x32.patch \ | ||
29 | file://fix-cipher-des-ede3-cfb1.patch \ | ||
30 | file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ | ||
31 | file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ | ||
32 | file://initial-aarch64-bits.patch \ | ||
33 | file://find.pl \ | ||
34 | file://openssl-fix-des.pod-error.patch \ | ||
35 | " | ||
36 | |||
37 | SRC_URI_append_class-target = "\ | ||
38 | file://qoriq/0001-remove-double-initialization-of-cryptodev-engine.patch \ | ||
39 | file://qoriq/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ | ||
40 | file://qoriq/0003-cryptodev-fix-algorithm-registration.patch \ | ||
41 | file://qoriq/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch \ | ||
42 | file://qoriq/0005-ECC-Support-header-for-Cryptodev-Engine.patch \ | ||
43 | file://qoriq/0006-Fixed-private-key-support-for-DH.patch \ | ||
44 | file://qoriq/0007-Fixed-private-key-support-for-DH.patch \ | ||
45 | file://qoriq/0008-Initial-support-for-PKC-in-cryptodev-engine.patch \ | ||
46 | file://qoriq/0009-Added-hwrng-dev-file-as-source-of-RNG.patch \ | ||
47 | file://qoriq/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ | ||
48 | file://qoriq/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ | ||
49 | file://qoriq/0012-RSA-Keygen-Fix.patch \ | ||
50 | file://qoriq/0013-Removed-local-copy-of-curve_t-type.patch \ | ||
51 | file://qoriq/0014-Modulus-parameter-is-not-populated-by-dhparams.patch \ | ||
52 | file://qoriq/0015-SW-Backoff-mechanism-for-dsa-keygen.patch \ | ||
53 | file://qoriq/0016-Fixed-DH-keygen-pair-generator.patch \ | ||
54 | file://qoriq/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ | ||
55 | file://qoriq/0018-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \ | ||
56 | file://qoriq/0019-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \ | ||
57 | file://qoriq/0020-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \ | ||
58 | file://qoriq/0021-cryptodev-drop-redundant-function.patch \ | ||
59 | file://qoriq/0022-cryptodev-do-not-zero-the-buffer-before-use.patch \ | ||
60 | file://qoriq/0023-cryptodev-clean-up-code-layout.patch \ | ||
61 | file://qoriq/0024-cryptodev-do-not-cache-file-descriptor-in-open.patch \ | ||
62 | file://qoriq/0025-cryptodev-put_dev_crypto-should-be-an-int.patch \ | ||
63 | file://qoriq/0026-cryptodev-simplify-cryptodev-pkc-support-code.patch \ | ||
64 | " | ||
65 | |||
66 | SRC_URI[md5sum] = "c8dc151a671b9b92ff3e4c118b174972" | ||
67 | SRC_URI[sha256sum] = "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7" | ||
68 | |||
69 | PACKAGES =+ " \ | ||
70 | ${PN}-engines-dbg \ | ||
71 | ${PN}-engines \ | ||
72 | " | ||
73 | |||
74 | FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" | ||
75 | FILES_${PN}-engines-dbg = "${libdir}/engines/.debug ${libdir}/ssl/engines/.debug" | ||
76 | |||
77 | PARALLEL_MAKE = "" | ||
78 | PARALLEL_MAKEINST = "" | ||
79 | |||
80 | # Digest offloading through cryptodev is not recommended because of the | ||
81 | # performance penalty of the Openssl engine interface. Openssl generates a huge | ||
82 | # number of calls to digest functions for even a small amount of work data. | ||
83 | # For example there are 70 calls to cipher code and over 10000 to digest code | ||
84 | # when downloading only 10 files of 700 bytes each. | ||
85 | # Do not build OpenSSL with cryptodev digest support until engine digest | ||
86 | # interface gets some rework: | ||
87 | CFLAG_class-target := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}" | ||
88 | |||
89 | do_configure_prepend() { | ||
90 | cp ${WORKDIR}/find.pl ${S}/util/find.pl | ||
91 | } | ||
92 | |||
93 | |||
94 | RDEPENDS_${PN}_class-target += "cryptodev-module" | ||
95 | |||
96 | COMPATIBLE_MACHINE = "(qoriq)" | ||
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb new file mode 100644 index 00000000..deb4fd7c --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq_1.0.2h.bb | |||
@@ -0,0 +1,111 @@ | |||
1 | require openssl-qoriq.inc | ||
2 | |||
3 | DISABLE_STATIC = "" | ||
4 | RRECOMMENDS_libcrypto += "cryptodev-module" | ||
5 | COMPATIBLE_MACHINE = "(qoriq)" | ||
6 | |||
7 | # For target side versions of openssl enable support for OCF Linux driver | ||
8 | # if they are available. | ||
9 | DEPENDS += "cryptodev-linux" | ||
10 | |||
11 | CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" | ||
12 | |||
13 | LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" | ||
14 | |||
15 | export DIRS = "crypto ssl apps engines" | ||
16 | export OE_LDFLAGS="${LDFLAGS}" | ||
17 | |||
18 | SRC_URI += "file://find.pl;subdir=${BP}/util/ \ | ||
19 | file://run-ptest \ | ||
20 | file://openssl-c_rehash.sh \ | ||
21 | file://configure-targets.patch \ | ||
22 | file://shared-libs.patch \ | ||
23 | file://oe-ldflags.patch \ | ||
24 | file://engines-install-in-libdir-ssl.patch \ | ||
25 | file://debian1.0.2/block_diginotar.patch \ | ||
26 | file://debian1.0.2/block_digicert_malaysia.patch \ | ||
27 | file://debian/ca.patch \ | ||
28 | file://debian/c_rehash-compat.patch \ | ||
29 | file://debian/debian-targets.patch \ | ||
30 | file://debian/man-dir.patch \ | ||
31 | file://debian/man-section.patch \ | ||
32 | file://debian/no-rpath.patch \ | ||
33 | file://debian/no-symbolic.patch \ | ||
34 | file://debian/pic.patch \ | ||
35 | file://debian1.0.2/version-script.patch \ | ||
36 | file://openssl_fix_for_x32.patch \ | ||
37 | file://fix-cipher-des-ede3-cfb1.patch \ | ||
38 | file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ | ||
39 | file://openssl-fix-des.pod-error.patch \ | ||
40 | file://Makefiles-ptest.patch \ | ||
41 | file://ptest-deps.patch \ | ||
42 | file://openssl-1.0.2a-x32-asm.patch \ | ||
43 | file://ptest_makefile_deps.patch \ | ||
44 | file://configure-musl-target.patch \ | ||
45 | file://parallel.patch \ | ||
46 | " | ||
47 | SRC_URI += "file://0001-remove-double-initialization-of-cryptodev-engine.patch \ | ||
48 | file://0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch \ | ||
49 | file://0003-cryptodev-fix-algorithm-registration.patch \ | ||
50 | file://0004-ECC-Support-header-for-Cryptodev-Engine.patch \ | ||
51 | file://0005-Initial-support-for-PKC-in-cryptodev-engine.patch \ | ||
52 | file://0006-Added-hwrng-dev-file-as-source-of-RNG.patch \ | ||
53 | file://0007-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch \ | ||
54 | file://0008-Add-RSA-keygen-operation-and-support-gendsa-command-.patch \ | ||
55 | file://0009-RSA-Keygen-Fix.patch \ | ||
56 | file://0010-Removed-local-copy-of-curve_t-type.patch \ | ||
57 | file://0011-Modulus-parameter-is-not-populated-by-dhparams.patch \ | ||
58 | file://0012-SW-Backoff-mechanism-for-dsa-keygen.patch \ | ||
59 | file://0013-Fixed-DH-keygen-pair-generator.patch \ | ||
60 | file://0014-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch \ | ||
61 | file://0015-eng_cryptodev-extend-TLS-offload-with-3des_cbc_hmac_.patch \ | ||
62 | file://0016-eng_cryptodev-add-support-for-TLSv1.1-record-offload.patch \ | ||
63 | file://0017-eng_cryptodev-add-support-for-TLSv1.2-record-offload.patch \ | ||
64 | file://0018-cryptodev-drop-redundant-function.patch \ | ||
65 | file://0019-cryptodev-do-not-zero-the-buffer-before-use.patch \ | ||
66 | file://0020-cryptodev-clean-up-code-layout.patch \ | ||
67 | file://0021-cryptodev-do-not-cache-file-descriptor-in-open.patch \ | ||
68 | file://0022-cryptodev-put_dev_crypto-should-be-an-int.patch \ | ||
69 | file://0023-cryptodev-simplify-cryptodev-pkc-support-code.patch \ | ||
70 | file://0024-cryptodev-clarify-code-remove-assignments-from-condi.patch \ | ||
71 | file://0025-cryptodev-clean-up-context-state-before-anything-els.patch \ | ||
72 | file://0026-cryptodev-remove-code-duplication-in-digest-operatio.patch \ | ||
73 | file://0027-cryptodev-put-all-digest-ioctls-into-a-single-functi.patch \ | ||
74 | file://0028-cryptodev-fix-debug-print-messages.patch \ | ||
75 | file://0029-cryptodev-use-CIOCHASH-ioctl-for-digest-operations.patch \ | ||
76 | file://0030-cryptodev-reduce-duplicated-efforts-for-searching-in.patch \ | ||
77 | file://0031-cryptodev-remove-not-used-local-variables.patch \ | ||
78 | file://0032-cryptodev-hide-not-used-variable-behind-ifndef.patch \ | ||
79 | file://0033-cryptodev-fix-function-declaration-typo.patch \ | ||
80 | file://0034-cryptodev-fix-incorrect-function-signature.patch \ | ||
81 | file://0035-cryptodev-fix-warnings-on-excess-elements-in-struct-.patch \ | ||
82 | file://0036-cryptodev-fix-free-on-error-path.patch \ | ||
83 | file://0037-cryptodev-fix-return-value-on-error.patch \ | ||
84 | file://0038-cryptodev-match-types-with-cryptodev.h.patch \ | ||
85 | file://0039-cryptodev-explicitly-discard-const-qualifier.patch \ | ||
86 | file://0040-cryptodev-replace-caddr_t-with-void.patch \ | ||
87 | file://0041-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \ | ||
88 | file://0042-cryptodev-check-for-errors-inside-cryptodev_rsa_mod_.patch \ | ||
89 | file://0043-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \ | ||
90 | file://0044-cryptodev-check-for-errors-inside-cryptodev_dh_compu.patch \ | ||
91 | file://0045-cryptodev-change-signature-for-conversion-functions.patch \ | ||
92 | file://0046-cryptodev-add-explicit-cast-for-known-BIGNUM-values.patch \ | ||
93 | file://0047-cryptodev-treat-all-build-warnings-as-errors.patch \ | ||
94 | file://0048-fix-maclen-is-used-uninitialized-warning-on-some-com.patch \ | ||
95 | " | ||
96 | |||
97 | SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" | ||
98 | SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" | ||
99 | |||
100 | PACKAGES =+ "${PN}-engines" | ||
101 | FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" | ||
102 | |||
103 | # The crypto_use_bigint patch means that perl's bignum module needs to be | ||
104 | # installed, but some distributions (for example Fedora 23) don't ship it by | ||
105 | # default. As the resulting error is very misleading check for bignum before | ||
106 | # building. | ||
107 | do_configure_prepend() { | ||
108 | if ! perl -Mbigint -e true; then | ||
109 | bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." | ||
110 | fi | ||
111 | } | ||