diff options
Diffstat (limited to 'recipes-connectivity/openssl/openssl-fsl')
18 files changed, 606 insertions, 243 deletions
diff --git a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch index eae6878..233cf6e 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0001-remove-double-initialization-of-cryptodev-engine.patch | |||
@@ -1,20 +1,20 @@ | |||
1 | From f174dd904fb4995a89eed53be3e2ebf7bee25a9b Mon Sep 17 00:00:00 2001 | 1 | From 9297e3834518ff0558d6e7004a62adfd107e659a Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Tue, 10 Sep 2013 12:46:46 +0300 | 3 | Date: Tue, 10 Sep 2013 12:46:46 +0300 |
4 | Subject: [PATCH][fsl 01/15] remove double initialization of cryptodev engine | 4 | Subject: [PATCH 01/17] remove double initialization of cryptodev engine |
5 | |||
6 | Upstream-status: Pending | ||
7 | 5 | ||
8 | cryptodev engine is initialized together with the other engines in | 6 | cryptodev engine is initialized together with the other engines in |
9 | ENGINE_load_builtin_engines. The initialization done through | 7 | ENGINE_load_builtin_engines. The initialization done through |
10 | OpenSSL_add_all_algorithms is redundant. | 8 | OpenSSL_add_all_algorithms is redundant. |
11 | 9 | ||
10 | Change-Id: Ic9488500967595543ff846f147b36f383db7cb27 | ||
12 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 11 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
12 | Reviewed-on: http://git.am.freescale.net:8181/17222 | ||
13 | --- | 13 | --- |
14 | crypto/engine/eng_all.c | 11 ----------- | 14 | crypto/engine/eng_all.c | 11 ----------- |
15 | crypto/engine/engine.h | 4 ---- | 15 | crypto/engine/engine.h | 4 ---- |
16 | crypto/evp/c_all.c | 5 ----- | 16 | crypto/evp/c_all.c | 5 ----- |
17 | util/libeay.num | 2 +- | 17 | util/libeay.num | 2 +- |
18 | 4 files changed, 1 insertion(+), 21 deletions(-) | 18 | 4 files changed, 1 insertion(+), 21 deletions(-) |
19 | 19 | ||
20 | diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c | 20 | diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c |
@@ -79,5 +79,5 @@ index aa86b2b..ae50040 100755 | |||
79 | EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES | 79 | EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES |
80 | FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: | 80 | FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: |
81 | -- | 81 | -- |
82 | 1.7.9.7 | 82 | 1.8.3.1 |
83 | 83 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch index dd99ca9..0b77bfa 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0003-add-support-for-TLS-algorithms-offload.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0002-eng_cryptodev-add-support-for-TLS-algorithms-offload.patch | |||
@@ -1,20 +1,23 @@ | |||
1 | From 1a8886909afc7e4c9e8539644c815baee8ee4816 Mon Sep 17 00:00:00 2001 | 1 | From dfd6ba263dc25ea2a4bbc32448b24ca2b1fc40e8 Mon Sep 17 00:00:00 2001 |
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | 2 | From: Cristian Stoica <cristian.stoica@freescale.com> |
3 | Date: Thu, 29 Aug 2013 16:51:18 +0300 | 3 | Date: Thu, 29 Aug 2013 16:51:18 +0300 |
4 | Subject: [PATCH][fsl 03/15] add support for TLS algorithms offload | 4 | Subject: [PATCH 02/17] eng_cryptodev: add support for TLS algorithms offload |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | - aes-128-cbc-hmac-sha1 |
7 | - aes-256-cbc-hmac-sha1 | ||
7 | 8 | ||
8 | Requires TLS patches on cryptodev and TLS algorithm support in Linux | 9 | Requires TLS patches on cryptodev and TLS algorithm support in Linux |
9 | kernel driver. | 10 | kernel driver. |
10 | 11 | ||
12 | Change-Id: I43048caa348414daddd6c1a5cdc55e769ac1945f | ||
11 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | 13 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> |
14 | Reviewed-on: http://git.am.freescale.net:8181/17223 | ||
12 | --- | 15 | --- |
13 | crypto/engine/eng_cryptodev.c | 204 ++++++++++++++++++++++++++++++++++++++--- | 16 | crypto/engine/eng_cryptodev.c | 222 +++++++++++++++++++++++++++++++++++++++--- |
14 | 1 file changed, 193 insertions(+), 11 deletions(-) | 17 | 1 file changed, 211 insertions(+), 11 deletions(-) |
15 | 18 | ||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
17 | index 5a715ac..123613d 100644 | 20 | index 5a715ac..7588a28 100644 |
18 | --- a/crypto/engine/eng_cryptodev.c | 21 | --- a/crypto/engine/eng_cryptodev.c |
19 | +++ b/crypto/engine/eng_cryptodev.c | 22 | +++ b/crypto/engine/eng_cryptodev.c |
20 | @@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) | 23 | @@ -72,6 +72,9 @@ ENGINE_load_cryptodev(void) |
@@ -27,7 +30,7 @@ index 5a715ac..123613d 100644 | |||
27 | 30 | ||
28 | #ifdef USE_CRYPTODEV_DIGESTS | 31 | #ifdef USE_CRYPTODEV_DIGESTS |
29 | char dummy_mac_key[HASH_MAX_LEN]; | 32 | char dummy_mac_key[HASH_MAX_LEN]; |
30 | @@ -140,17 +143,19 @@ static struct { | 33 | @@ -140,17 +143,20 @@ static struct { |
31 | int nid; | 34 | int nid; |
32 | int ivmax; | 35 | int ivmax; |
33 | int keylen; | 36 | int keylen; |
@@ -53,11 +56,12 @@ index 5a715ac..123613d 100644 | |||
53 | + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, | 56 | + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, |
54 | + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, | 57 | + { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, |
55 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | 58 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, |
59 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
56 | + { 0, NID_undef, 0, 0, 0}, | 60 | + { 0, NID_undef, 0, 0, 0}, |
57 | }; | 61 | }; |
58 | 62 | ||
59 | #ifdef USE_CRYPTODEV_DIGESTS | 63 | #ifdef USE_CRYPTODEV_DIGESTS |
60 | @@ -250,13 +255,15 @@ get_cryptodev_ciphers(const int **cnids) | 64 | @@ -250,13 +256,15 @@ get_cryptodev_ciphers(const int **cnids) |
61 | } | 65 | } |
62 | memset(&sess, 0, sizeof(sess)); | 66 | memset(&sess, 0, sizeof(sess)); |
63 | sess.key = (caddr_t)"123456789abcdefghijklmno"; | 67 | sess.key = (caddr_t)"123456789abcdefghijklmno"; |
@@ -74,7 +78,7 @@ index 5a715ac..123613d 100644 | |||
74 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && | 78 | if (ioctl(fd, CIOCGSESSION, &sess) != -1 && |
75 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) | 79 | ioctl(fd, CIOCFSESSION, &sess.ses) != -1) |
76 | nids[count++] = ciphers[i].nid; | 80 | nids[count++] = ciphers[i].nid; |
77 | @@ -414,6 +421,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 81 | @@ -414,6 +422,67 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
78 | return (1); | 82 | return (1); |
79 | } | 83 | } |
80 | 84 | ||
@@ -100,11 +104,11 @@ index 5a715ac..123613d 100644 | |||
100 | + /* TODO: make a seamless integration with cryptodev flags */ | 104 | + /* TODO: make a seamless integration with cryptodev flags */ |
101 | + switch (ctx->cipher->nid) { | 105 | + switch (ctx->cipher->nid) { |
102 | + case NID_aes_128_cbc_hmac_sha1: | 106 | + case NID_aes_128_cbc_hmac_sha1: |
107 | + case NID_aes_256_cbc_hmac_sha1: | ||
103 | + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | 108 | + cryp.flags = COP_FLAG_AEAD_TLS_TYPE; |
104 | + } | 109 | + } |
105 | + cryp.ses = sess->ses; | 110 | + cryp.ses = sess->ses; |
106 | + cryp.len = state->len; | 111 | + cryp.len = state->len; |
107 | + cryp.dst_len = len; | ||
108 | + cryp.src = (caddr_t) in; | 112 | + cryp.src = (caddr_t) in; |
109 | + cryp.dst = (caddr_t) out; | 113 | + cryp.dst = (caddr_t) out; |
110 | + cryp.auth_src = state->aad; | 114 | + cryp.auth_src = state->aad; |
@@ -142,7 +146,7 @@ index 5a715ac..123613d 100644 | |||
142 | static int | 146 | static int |
143 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 147 | cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
144 | const unsigned char *iv, int enc) | 148 | const unsigned char *iv, int enc) |
145 | @@ -452,6 +520,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 149 | @@ -452,6 +521,45 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
146 | return (1); | 150 | return (1); |
147 | } | 151 | } |
148 | 152 | ||
@@ -188,7 +192,7 @@ index 5a715ac..123613d 100644 | |||
188 | /* | 192 | /* |
189 | * free anything we allocated earlier when initting a | 193 | * free anything we allocated earlier when initting a |
190 | * session, and close the session. | 194 | * session, and close the session. |
191 | @@ -488,6 +595,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) | 195 | @@ -488,6 +596,63 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) |
192 | return (ret); | 196 | return (ret); |
193 | } | 197 | } |
194 | 198 | ||
@@ -224,7 +228,6 @@ index 5a715ac..123613d 100644 | |||
224 | + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; | 228 | + unsigned int cryptlen = p[arg - 2] << 8 | p[arg - 1]; |
225 | + unsigned int maclen, padlen; | 229 | + unsigned int maclen, padlen; |
226 | + unsigned int bs = ctx->cipher->block_size; | 230 | + unsigned int bs = ctx->cipher->block_size; |
227 | + int j; | ||
228 | + | 231 | + |
229 | + state->aad = ptr; | 232 | + state->aad = ptr; |
230 | + state->aad_len = arg; | 233 | + state->aad_len = arg; |
@@ -233,6 +236,7 @@ index 5a715ac..123613d 100644 | |||
233 | + /* TODO: this should be an extension of EVP_CIPHER struct */ | 236 | + /* TODO: this should be an extension of EVP_CIPHER struct */ |
234 | + switch (ctx->cipher->nid) { | 237 | + switch (ctx->cipher->nid) { |
235 | + case NID_aes_128_cbc_hmac_sha1: | 238 | + case NID_aes_128_cbc_hmac_sha1: |
239 | + case NID_aes_256_cbc_hmac_sha1: | ||
236 | + maclen = SHA_DIGEST_LENGTH; | 240 | + maclen = SHA_DIGEST_LENGTH; |
237 | + } | 241 | + } |
238 | + | 242 | + |
@@ -252,7 +256,7 @@ index 5a715ac..123613d 100644 | |||
252 | /* | 256 | /* |
253 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | 257 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine |
254 | * gets called when libcrypto requests a cipher NID. | 258 | * gets called when libcrypto requests a cipher NID. |
255 | @@ -600,6 +764,20 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { | 259 | @@ -600,6 +765,33 @@ const EVP_CIPHER cryptodev_aes_256_cbc = { |
256 | NULL | 260 | NULL |
257 | }; | 261 | }; |
258 | 262 | ||
@@ -270,27 +274,44 @@ index 5a715ac..123613d 100644 | |||
270 | + NULL | 274 | + NULL |
271 | +}; | 275 | +}; |
272 | + | 276 | + |
277 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
278 | + NID_aes_256_cbc_hmac_sha1, | ||
279 | + 16, 32, 16, | ||
280 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
281 | + cryptodev_init_aead_key, | ||
282 | + cryptodev_aead_cipher, | ||
283 | + cryptodev_cleanup, | ||
284 | + sizeof(struct dev_crypto_state), | ||
285 | + EVP_CIPHER_set_asn1_iv, | ||
286 | + EVP_CIPHER_get_asn1_iv, | ||
287 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
288 | + NULL | ||
289 | +}; | ||
273 | /* | 290 | /* |
274 | * Registered by the ENGINE when used to find out how to deal with | 291 | * Registered by the ENGINE when used to find out how to deal with |
275 | * a particular NID in the ENGINE. this says what we'll do at the | 292 | * a particular NID in the ENGINE. this says what we'll do at the |
276 | @@ -637,6 +815,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | 293 | @@ -637,6 +829,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
277 | case NID_aes_256_cbc: | 294 | case NID_aes_256_cbc: |
278 | *cipher = &cryptodev_aes_256_cbc; | 295 | *cipher = &cryptodev_aes_256_cbc; |
279 | break; | 296 | break; |
280 | + case NID_aes_128_cbc_hmac_sha1: | 297 | + case NID_aes_128_cbc_hmac_sha1: |
281 | + *cipher = &cryptodev_aes_128_cbc_hmac_sha1; | 298 | + *cipher = &cryptodev_aes_128_cbc_hmac_sha1; |
282 | + break; | 299 | + break; |
300 | + case NID_aes_256_cbc_hmac_sha1: | ||
301 | + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
302 | + break; | ||
283 | default: | 303 | default: |
284 | *cipher = NULL; | 304 | *cipher = NULL; |
285 | break; | 305 | break; |
286 | @@ -1384,6 +1565,7 @@ ENGINE_load_cryptodev(void) | 306 | @@ -1384,6 +1582,8 @@ ENGINE_load_cryptodev(void) |
287 | } | 307 | } |
288 | put_dev_crypto(fd); | 308 | put_dev_crypto(fd); |
289 | 309 | ||
290 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | 310 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); |
311 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
291 | if (!ENGINE_set_id(engine, "cryptodev") || | 312 | if (!ENGINE_set_id(engine, "cryptodev") || |
292 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | 313 | !ENGINE_set_name(engine, "BSD cryptodev engine") || |
293 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | 314 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || |
294 | -- | 315 | -- |
295 | 1.7.9.7 | 316 | 1.8.3.1 |
296 | 317 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch new file mode 100644 index 0000000..b31668e --- /dev/null +++ b/recipes-connectivity/openssl/openssl-fsl/0003-cryptodev-fix-algorithm-registration.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From 084fa469a8fef530d71a0870364df1c7997f6465 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Thu, 31 Jul 2014 14:06:19 +0300 | ||
4 | Subject: [PATCH 03/17] cryptodev: fix algorithm registration | ||
5 | |||
6 | Cryptodev specific algorithms must register only if available in kernel. | ||
7 | |||
8 | Change-Id: Iec5af8f4f3138357e4b96f2ec1627278134e4808 | ||
9 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | Reviewed-on: http://git.am.freescale.net:8181/15326 | ||
11 | Reviewed-by: Horia Ioan Geanta Neag <horia.geanta@freescale.com> | ||
12 | Reviewed-on: http://git.am.freescale.net:8181/17224 | ||
13 | --- | ||
14 | crypto/engine/eng_cryptodev.c | 20 +++++++++++++++++--- | ||
15 | 1 file changed, 17 insertions(+), 3 deletions(-) | ||
16 | |||
17 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
18 | index 7588a28..e3eb98b 100644 | ||
19 | --- a/crypto/engine/eng_cryptodev.c | ||
20 | +++ b/crypto/engine/eng_cryptodev.c | ||
21 | @@ -133,6 +133,8 @@ static int cryptodev_dh_compute_key(unsigned char *key, | ||
22 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | ||
23 | void (*f)(void)); | ||
24 | void ENGINE_load_cryptodev(void); | ||
25 | +const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; | ||
26 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
27 | |||
28 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | ||
29 | { 0, NULL, NULL, 0 } | ||
30 | @@ -342,7 +344,21 @@ get_cryptodev_digests(const int **cnids) | ||
31 | static int | ||
32 | cryptodev_usable_ciphers(const int **nids) | ||
33 | { | ||
34 | - return (get_cryptodev_ciphers(nids)); | ||
35 | + int i, count; | ||
36 | + | ||
37 | + count = get_cryptodev_ciphers(nids); | ||
38 | + /* add ciphers specific to cryptodev if found in kernel */ | ||
39 | + for(i = 0; i < count; i++) { | ||
40 | + switch (*(*nids + i)) { | ||
41 | + case NID_aes_128_cbc_hmac_sha1: | ||
42 | + EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | ||
43 | + break; | ||
44 | + case NID_aes_256_cbc_hmac_sha1: | ||
45 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
46 | + break; | ||
47 | + } | ||
48 | + } | ||
49 | + return count; | ||
50 | } | ||
51 | |||
52 | static int | ||
53 | @@ -1582,8 +1598,6 @@ ENGINE_load_cryptodev(void) | ||
54 | } | ||
55 | put_dev_crypto(fd); | ||
56 | |||
57 | - EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | ||
58 | - EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
59 | if (!ENGINE_set_id(engine, "cryptodev") || | ||
60 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | ||
61 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | ||
62 | -- | ||
63 | 1.8.3.1 | ||
64 | |||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch new file mode 100644 index 0000000..af30ad3 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-fsl/0004-linux-pcc-make-it-more-robust-and-recognize-KERNEL_B.patch | |||
@@ -0,0 +1,74 @@ | |||
1 | From 7d770f0324498d1fa78300cc5cecc8c1dcd3b788 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andy Polyakov <appro@openssl.org> | ||
3 | Date: Sun, 21 Oct 2012 18:19:41 +0000 | ||
4 | Subject: [PATCH 04/17] linux-pcc: make it more robust and recognize | ||
5 | KERNEL_BITS variable. | ||
6 | |||
7 | (cherry picked from commit 78c3e20579d3baa159c8b51b59d415b6e521614b) | ||
8 | |||
9 | Change-Id: I769c466f052305681ab54a1b6545d94c7fbf5a9d | ||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | --- | ||
12 | config | 19 +++++++++++++------ | ||
13 | crypto/ppccap.c | 7 +++++++ | ||
14 | 2 files changed, 20 insertions(+), 6 deletions(-) | ||
15 | |||
16 | diff --git a/config b/config | ||
17 | index 41fa2a6..f37b9e6 100755 | ||
18 | --- a/config | ||
19 | +++ b/config | ||
20 | @@ -587,13 +587,20 @@ case "$GUESSOS" in | ||
21 | fi | ||
22 | ;; | ||
23 | ppc64-*-linux2) | ||
24 | - echo "WARNING! If you wish to build 64-bit library, then you have to" | ||
25 | - echo " invoke './Configure linux-ppc64' *manually*." | ||
26 | - if [ "$TEST" = "false" -a -t 1 ]; then | ||
27 | - echo " You have about 5 seconds to press Ctrl-C to abort." | ||
28 | - (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 | ||
29 | + if [ -z "$KERNEL_BITS" ]; then | ||
30 | + echo "WARNING! If you wish to build 64-bit library, then you have to" | ||
31 | + echo " invoke './Configure linux-ppc64' *manually*." | ||
32 | + if [ "$TEST" = "false" -a -t 1 ]; then | ||
33 | + echo " You have about 5 seconds to press Ctrl-C to abort." | ||
34 | + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 | ||
35 | + fi | ||
36 | + fi | ||
37 | + if [ "$KERNEL_BITS" = "64" ]; then | ||
38 | + OUT="linux-ppc64" | ||
39 | + else | ||
40 | + OUT="linux-ppc" | ||
41 | + (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" | ||
42 | fi | ||
43 | - OUT="linux-ppc" | ||
44 | ;; | ||
45 | ppc-*-linux2) OUT="linux-ppc" ;; | ||
46 | ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; | ||
47 | diff --git a/crypto/ppccap.c b/crypto/ppccap.c | ||
48 | index f71ba66..531f1b3 100644 | ||
49 | --- a/crypto/ppccap.c | ||
50 | +++ b/crypto/ppccap.c | ||
51 | @@ -4,6 +4,9 @@ | ||
52 | #include <setjmp.h> | ||
53 | #include <signal.h> | ||
54 | #include <unistd.h> | ||
55 | +#ifdef __linux | ||
56 | +#include <sys/utsname.h> | ||
57 | +#endif | ||
58 | #include <crypto.h> | ||
59 | #include <openssl/bn.h> | ||
60 | |||
61 | @@ -102,6 +105,10 @@ void OPENSSL_cpuid_setup(void) | ||
62 | |||
63 | if (sizeof(size_t)==4) | ||
64 | { | ||
65 | +#ifdef __linux | ||
66 | + struct utsname uts; | ||
67 | + if (uname(&uts)==0 && strcmp(uts.machine,"ppc64")==0) | ||
68 | +#endif | ||
69 | if (sigsetjmp(ill_jmp,1) == 0) | ||
70 | { | ||
71 | OPENSSL_ppc64_probe(); | ||
72 | -- | ||
73 | 1.8.3.1 | ||
74 | |||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch index 717a345..cfcf4a6 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0002-ECC-Support-header-for-Cryptodev-Engine.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0005-ECC-Support-header-for-Cryptodev-Engine.patch | |||
@@ -1,13 +1,13 @@ | |||
1 | From 154601fba4907a7eb3f98e670d62cfa15a767500 Mon Sep 17 00:00:00 2001 | 1 | From 15abbcd740eafbf2a46b5da24be76acf4982743d Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 11 Mar 2014 05:56:54 +0545 | 3 | Date: Tue, 11 Mar 2014 05:56:54 +0545 |
4 | Subject: [PATCH][fsl 02/15] ECC Support header for Cryptodev Engine | 4 | Subject: [PATCH 05/17] ECC Support header for Cryptodev Engine |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
9 | --- | 9 | --- |
10 | crypto/engine/eng_cryptodev_ec.h | 296 ++++++++++++++++++++++++++++++++++++++ | 10 | crypto/engine/eng_cryptodev_ec.h | 296 +++++++++++++++++++++++++++++++++++++++ |
11 | 1 file changed, 296 insertions(+) | 11 | 1 file changed, 296 insertions(+) |
12 | create mode 100644 crypto/engine/eng_cryptodev_ec.h | 12 | create mode 100644 crypto/engine/eng_cryptodev_ec.h |
13 | 13 | ||
@@ -314,5 +314,5 @@ index 0000000..77aee71 | |||
314 | +}; | 314 | +}; |
315 | +#endif | 315 | +#endif |
316 | -- | 316 | -- |
317 | 1.7.9.7 | 317 | 1.8.3.1 |
318 | 318 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch index 607f603..41f48a2 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0004-Fixed-private-key-support-for-DH.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0006-Fixed-private-key-support-for-DH.patch | |||
@@ -1,13 +1,13 @@ | |||
1 | From c994fa6c5eb9b684dd6aff45dd5e8eb98237c31e Mon Sep 17 00:00:00 2001 | 1 | From 39a9e609290a8a1163a721915bcde0c7cf8f92f7 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 11 Mar 2014 05:57:47 +0545 | 3 | Date: Tue, 11 Mar 2014 05:57:47 +0545 |
4 | Subject: [PATCH][fsl 04/15] Fixed private key support for DH | 4 | Subject: [PATCH 06/17] Fixed private key support for DH |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
9 | --- | 9 | --- |
10 | crypto/dh/dh_ameth.c | 7 +++++++ | 10 | crypto/dh/dh_ameth.c | 7 +++++++ |
11 | 1 file changed, 7 insertions(+) | 11 | 1 file changed, 7 insertions(+) |
12 | 12 | ||
13 | diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c | 13 | diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c |
@@ -29,5 +29,5 @@ index 02ec2d4..ed32004 100644 | |||
29 | return 1; | 29 | return 1; |
30 | } | 30 | } |
31 | -- | 31 | -- |
32 | 1.7.9.7 | 32 | 1.8.3.1 |
33 | 33 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch index 06dff88..f507fff 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0005-Fixed-private-key-support-for-DH.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0007-Fixed-private-key-support-for-DH.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 408bdb2a3971edd6a949f5a93bd44d0a6f3eb823 Mon Sep 17 00:00:00 2001 | 1 | From 8322e4157bf49d992b5b9e460f2c0785865dd1c1 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Thu, 20 Mar 2014 19:55:51 -0500 | 3 | Date: Thu, 20 Mar 2014 19:55:51 -0500 |
4 | Subject: [PATCH][fsl 05/15] Fixed private key support for DH | 4 | Subject: [PATCH 07/17] Fixed private key support for DH |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
@@ -9,7 +9,7 @@ Required Length of the DH result is not returned in dh method in openssl | |||
9 | 9 | ||
10 | Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 10 | Tested-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
11 | --- | 11 | --- |
12 | crypto/dh/dh_ameth.c | 7 ------- | 12 | crypto/dh/dh_ameth.c | 7 ------- |
13 | 1 file changed, 7 deletions(-) | 13 | 1 file changed, 7 deletions(-) |
14 | 14 | ||
15 | diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c | 15 | diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c |
@@ -31,5 +31,5 @@ index ed32004..02ec2d4 100644 | |||
31 | return 1; | 31 | return 1; |
32 | } | 32 | } |
33 | -- | 33 | -- |
34 | 1.7.9.7 | 34 | 1.8.3.1 |
35 | 35 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch index b5ac55d..6903c88 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0006-Initial-support-for-PKC-in-cryptodev-engine.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0008-Initial-support-for-PKC-in-cryptodev-engine.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 8e9a39aab2fce48c117460eb1d14bcc02be6de6c Mon Sep 17 00:00:00 2001 | 1 | From 107a10d45db0f2e58482f698add04ed9183f7268 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 11 Mar 2014 06:29:52 +0545 | 3 | Date: Tue, 11 Mar 2014 06:29:52 +0545 |
4 | Subject: [PATCH][fsl 06/15] Initial support for PKC in cryptodev engine | 4 | Subject: [PATCH 08/17] Initial support for PKC in cryptodev engine |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
@@ -11,7 +11,7 @@ Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | |||
11 | 1 file changed, 1183 insertions(+), 160 deletions(-) | 11 | 1 file changed, 1183 insertions(+), 160 deletions(-) |
12 | 12 | ||
13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 13 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
14 | index 123613d..88caec1 100644 | 14 | index e3eb98b..7ee314b 100644 |
15 | --- a/crypto/engine/eng_cryptodev.c | 15 | --- a/crypto/engine/eng_cryptodev.c |
16 | +++ b/crypto/engine/eng_cryptodev.c | 16 | +++ b/crypto/engine/eng_cryptodev.c |
17 | @@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) | 17 | @@ -54,11 +54,14 @@ ENGINE_load_cryptodev(void) |
@@ -39,7 +39,7 @@ index 123613d..88caec1 100644 | |||
39 | 39 | ||
40 | struct dev_crypto_state { | 40 | struct dev_crypto_state { |
41 | struct session_op d_sess; | 41 | struct session_op d_sess; |
42 | @@ -116,24 +121,112 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, | 42 | @@ -116,18 +121,10 @@ static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, |
43 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, | 43 | static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, |
44 | RSA *rsa, BN_CTX *ctx); | 44 | RSA *rsa, BN_CTX *ctx); |
45 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); | 45 | static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); |
@@ -58,8 +58,9 @@ index 123613d..88caec1 100644 | |||
58 | static int cryptodev_dh_compute_key(unsigned char *key, | 58 | static int cryptodev_dh_compute_key(unsigned char *key, |
59 | const BIGNUM *pub_key, DH *dh); | 59 | const BIGNUM *pub_key, DH *dh); |
60 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, | 60 | static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, |
61 | void (*f)(void)); | 61 | @@ -136,6 +133,102 @@ void ENGINE_load_cryptodev(void); |
62 | void ENGINE_load_cryptodev(void); | 62 | const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1; |
63 | const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1; | ||
63 | 64 | ||
64 | +inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) | 65 | +inline int spcf_bn2bin(BIGNUM *bn, unsigned char **bin, int *bin_len) |
65 | +{ | 66 | +{ |
@@ -160,7 +161,7 @@ index 123613d..88caec1 100644 | |||
160 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { | 161 | static const ENGINE_CMD_DEFN cryptodev_defns[] = { |
161 | { 0, NULL, NULL, 0 } | 162 | { 0, NULL, NULL, 0 } |
162 | }; | 163 | }; |
163 | @@ -1106,7 +1199,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, | 164 | @@ -1139,7 +1232,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, |
164 | static int | 165 | static int |
165 | bn2crparam(const BIGNUM *a, struct crparam *crp) | 166 | bn2crparam(const BIGNUM *a, struct crparam *crp) |
166 | { | 167 | { |
@@ -168,7 +169,7 @@ index 123613d..88caec1 100644 | |||
168 | ssize_t bytes, bits; | 169 | ssize_t bytes, bits; |
169 | u_char *b; | 170 | u_char *b; |
170 | 171 | ||
171 | @@ -1123,15 +1215,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) | 172 | @@ -1156,15 +1248,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) |
172 | 173 | ||
173 | crp->crp_p = (caddr_t) b; | 174 | crp->crp_p = (caddr_t) b; |
174 | crp->crp_nbits = bits; | 175 | crp->crp_nbits = bits; |
@@ -185,7 +186,7 @@ index 123613d..88caec1 100644 | |||
185 | return (0); | 186 | return (0); |
186 | } | 187 | } |
187 | 188 | ||
188 | @@ -1139,22 +1223,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) | 189 | @@ -1172,22 +1256,14 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) |
189 | static int | 190 | static int |
190 | crparam2bn(struct crparam *crp, BIGNUM *a) | 191 | crparam2bn(struct crparam *crp, BIGNUM *a) |
191 | { | 192 | { |
@@ -210,7 +211,7 @@ index 123613d..88caec1 100644 | |||
210 | 211 | ||
211 | return (0); | 212 | return (0); |
212 | } | 213 | } |
213 | @@ -1202,6 +1278,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | 214 | @@ -1235,6 +1311,32 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) |
214 | return (ret); | 215 | return (ret); |
215 | } | 216 | } |
216 | 217 | ||
@@ -243,7 +244,7 @@ index 123613d..88caec1 100644 | |||
243 | static int | 244 | static int |
244 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 245 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
245 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | 246 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) |
246 | @@ -1217,9 +1319,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 247 | @@ -1250,9 +1352,9 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
247 | return (ret); | 248 | return (ret); |
248 | } | 249 | } |
249 | 250 | ||
@@ -255,7 +256,7 @@ index 123613d..88caec1 100644 | |||
255 | /* inputs: a^p % m */ | 256 | /* inputs: a^p % m */ |
256 | if (bn2crparam(a, &kop.crk_param[0])) | 257 | if (bn2crparam(a, &kop.crk_param[0])) |
257 | goto err; | 258 | goto err; |
258 | @@ -1260,28 +1362,38 @@ static int | 259 | @@ -1293,28 +1395,38 @@ static int |
259 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | 260 | cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
260 | { | 261 | { |
261 | struct crypt_kop kop; | 262 | struct crypt_kop kop; |
@@ -308,7 +309,7 @@ index 123613d..88caec1 100644 | |||
308 | kop.crk_iparams = 6; | 309 | kop.crk_iparams = 6; |
309 | 310 | ||
310 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { | 311 | if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { |
311 | @@ -1317,90 +1429,117 @@ static RSA_METHOD cryptodev_rsa = { | 312 | @@ -1350,90 +1462,117 @@ static RSA_METHOD cryptodev_rsa = { |
312 | NULL /* rsa_verify */ | 313 | NULL /* rsa_verify */ |
313 | }; | 314 | }; |
314 | 315 | ||
@@ -488,7 +489,7 @@ index 123613d..88caec1 100644 | |||
488 | } | 489 | } |
489 | 490 | ||
490 | static int | 491 | static int |
491 | @@ -1408,42 +1547,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, | 492 | @@ -1441,42 +1580,179 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, |
492 | DSA_SIG *sig, DSA *dsa) | 493 | DSA_SIG *sig, DSA *dsa) |
493 | { | 494 | { |
494 | struct crypt_kop kop; | 495 | struct crypt_kop kop; |
@@ -686,7 +687,7 @@ index 123613d..88caec1 100644 | |||
686 | static DSA_METHOD cryptodev_dsa = { | 687 | static DSA_METHOD cryptodev_dsa = { |
687 | "cryptodev DSA method", | 688 | "cryptodev DSA method", |
688 | NULL, | 689 | NULL, |
689 | @@ -1457,12 +1733,543 @@ static DSA_METHOD cryptodev_dsa = { | 690 | @@ -1490,12 +1766,543 @@ static DSA_METHOD cryptodev_dsa = { |
690 | NULL /* app_data */ | 691 | NULL /* app_data */ |
691 | }; | 692 | }; |
692 | 693 | ||
@@ -1235,7 +1236,7 @@ index 123613d..88caec1 100644 | |||
1235 | } | 1236 | } |
1236 | 1237 | ||
1237 | static int | 1238 | static int |
1238 | @@ -1470,43 +2277,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | 1239 | @@ -1503,43 +2310,234 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) |
1239 | { | 1240 | { |
1240 | struct crypt_kop kop; | 1241 | struct crypt_kop kop; |
1241 | int dhret = 1; | 1242 | int dhret = 1; |
@@ -1488,7 +1489,7 @@ index 123613d..88caec1 100644 | |||
1488 | static DH_METHOD cryptodev_dh = { | 1489 | static DH_METHOD cryptodev_dh = { |
1489 | "cryptodev DH method", | 1490 | "cryptodev DH method", |
1490 | NULL, /* cryptodev_dh_generate_key */ | 1491 | NULL, /* cryptodev_dh_generate_key */ |
1491 | @@ -1518,6 +2516,14 @@ static DH_METHOD cryptodev_dh = { | 1492 | @@ -1551,6 +2549,14 @@ static DH_METHOD cryptodev_dh = { |
1492 | NULL /* app_data */ | 1493 | NULL /* app_data */ |
1493 | }; | 1494 | }; |
1494 | 1495 | ||
@@ -1503,7 +1504,7 @@ index 123613d..88caec1 100644 | |||
1503 | /* | 1504 | /* |
1504 | * ctrl right now is just a wrapper that doesn't do much | 1505 | * ctrl right now is just a wrapper that doesn't do much |
1505 | * but I expect we'll want some options soon. | 1506 | * but I expect we'll want some options soon. |
1506 | @@ -1602,25 +2608,42 @@ ENGINE_load_cryptodev(void) | 1507 | @@ -1634,25 +2640,42 @@ ENGINE_load_cryptodev(void) |
1507 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | 1508 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); |
1508 | if (cryptodev_asymfeat & CRF_DSA_SIGN) | 1509 | if (cryptodev_asymfeat & CRF_DSA_SIGN) |
1509 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; | 1510 | cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; |
@@ -1559,5 +1560,5 @@ index 123613d..88caec1 100644 | |||
1559 | } | 1560 | } |
1560 | 1561 | ||
1561 | -- | 1562 | -- |
1562 | 1.7.9.7 | 1563 | 1.8.3.1 |
1563 | 1564 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch index afe9f7c..6a69c32 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0007-Added-hwrng-dev-file-as-source-of-RNG.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0009-Added-hwrng-dev-file-as-source-of-RNG.patch | |||
@@ -1,13 +1,13 @@ | |||
1 | From 6ee6f7acad9824244b32ac23248f1d12f2c2b201 Mon Sep 17 00:00:00 2001 | 1 | From 81c4c62a4f5f5542843381bfb34e39a6171d5cdd Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 11 Mar 2014 06:42:59 +0545 | 3 | Date: Tue, 11 Mar 2014 06:42:59 +0545 |
4 | Subject: [PATCH][fsl 07/15] Added hwrng dev file as source of RNG | 4 | Subject: [PATCH 09/17] Added hwrng dev file as source of RNG |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
9 | --- | 9 | --- |
10 | e_os.h | 2 +- | 10 | e_os.h | 2 +- |
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | 11 | 1 file changed, 1 insertion(+), 1 deletion(-) |
12 | 12 | ||
13 | diff --git a/e_os.h b/e_os.h | 13 | diff --git a/e_os.h b/e_os.h |
@@ -24,5 +24,5 @@ index 6a0aad1..57c0563 100644 | |||
24 | #ifndef DEVRANDOM_EGD | 24 | #ifndef DEVRANDOM_EGD |
25 | /* set this to a comma-seperated list of 'egd' sockets to try out. These | 25 | /* set this to a comma-seperated list of 'egd' sockets to try out. These |
26 | -- | 26 | -- |
27 | 1.7.9.7 | 27 | 1.8.3.1 |
28 | 28 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch b/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch deleted file mode 100644 index a417884..0000000 --- a/recipes-connectivity/openssl/openssl-fsl/0009-eng_cryptodev-extend-TLS-offload-with-new-algorithms.patch +++ /dev/null | |||
@@ -1,106 +0,0 @@ | |||
1 | From 6555c11c9f62fc37c60bb335cfeb5c9d641e493a Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Fri, 21 Mar 2014 16:22:27 +0200 | ||
4 | Subject: [PATCH][fsl 09/15] eng_cryptodev: extend TLS offload with new | ||
5 | algorithms | ||
6 | |||
7 | Upstream-status: Pending | ||
8 | |||
9 | - aes-192-cbc-hmac-sha1 | ||
10 | - aes-256-cbc-hmac-sha1 | ||
11 | |||
12 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
13 | --- | ||
14 | crypto/engine/eng_cryptodev.c | 41 +++++++++++++++++++++++++++++++++++++++++ | ||
15 | 1 file changed, 41 insertions(+) | ||
16 | |||
17 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
18 | index c5e8fb3..e2d4c53 100644 | ||
19 | --- a/crypto/engine/eng_cryptodev.c | ||
20 | +++ b/crypto/engine/eng_cryptodev.c | ||
21 | @@ -248,6 +248,8 @@ static struct { | ||
22 | { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, 0}, | ||
23 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, | ||
24 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
25 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_192_cbc_hmac_sha1, 16, 24, 20}, | ||
26 | + { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
27 | { 0, NID_undef, 0, 0, 0}, | ||
28 | }; | ||
29 | |||
30 | @@ -536,6 +538,8 @@ static int cryptodev_aead_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
31 | /* TODO: make a seamless integration with cryptodev flags */ | ||
32 | switch (ctx->cipher->nid) { | ||
33 | case NID_aes_128_cbc_hmac_sha1: | ||
34 | + case NID_aes_192_cbc_hmac_sha1: | ||
35 | + case NID_aes_256_cbc_hmac_sha1: | ||
36 | cryp.flags = COP_FLAG_AEAD_TLS_TYPE; | ||
37 | } | ||
38 | cryp.ses = sess->ses; | ||
39 | @@ -729,6 +733,8 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
40 | /* TODO: this should be an extension of EVP_CIPHER struct */ | ||
41 | switch (ctx->cipher->nid) { | ||
42 | case NID_aes_128_cbc_hmac_sha1: | ||
43 | + case NID_aes_192_cbc_hmac_sha1: | ||
44 | + case NID_aes_256_cbc_hmac_sha1: | ||
45 | maclen = SHA_DIGEST_LENGTH; | ||
46 | } | ||
47 | |||
48 | @@ -871,6 +877,33 @@ const EVP_CIPHER cryptodev_aes_128_cbc_hmac_sha1 = { | ||
49 | NULL | ||
50 | }; | ||
51 | |||
52 | +const EVP_CIPHER cryptodev_aes_192_cbc_hmac_sha1 = { | ||
53 | + NID_aes_192_cbc_hmac_sha1, | ||
54 | + 16, 24, 16, | ||
55 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
56 | + cryptodev_init_aead_key, | ||
57 | + cryptodev_aead_cipher, | ||
58 | + cryptodev_cleanup, | ||
59 | + sizeof(struct dev_crypto_state), | ||
60 | + EVP_CIPHER_set_asn1_iv, | ||
61 | + EVP_CIPHER_get_asn1_iv, | ||
62 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
63 | + NULL | ||
64 | +}; | ||
65 | + | ||
66 | +const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
67 | + NID_aes_256_cbc_hmac_sha1, | ||
68 | + 16, 32, 16, | ||
69 | + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_AEAD_CIPHER, | ||
70 | + cryptodev_init_aead_key, | ||
71 | + cryptodev_aead_cipher, | ||
72 | + cryptodev_cleanup, | ||
73 | + sizeof(struct dev_crypto_state), | ||
74 | + EVP_CIPHER_set_asn1_iv, | ||
75 | + EVP_CIPHER_get_asn1_iv, | ||
76 | + cryptodev_cbc_hmac_sha1_ctrl, | ||
77 | + NULL | ||
78 | +}; | ||
79 | /* | ||
80 | * Registered by the ENGINE when used to find out how to deal with | ||
81 | * a particular NID in the ENGINE. this says what we'll do at the | ||
82 | @@ -911,6 +944,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
83 | case NID_aes_128_cbc_hmac_sha1: | ||
84 | *cipher = &cryptodev_aes_128_cbc_hmac_sha1; | ||
85 | break; | ||
86 | + case NID_aes_192_cbc_hmac_sha1: | ||
87 | + *cipher = &cryptodev_aes_192_cbc_hmac_sha1; | ||
88 | + break; | ||
89 | + case NID_aes_256_cbc_hmac_sha1: | ||
90 | + *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
91 | + break; | ||
92 | default: | ||
93 | *cipher = NULL; | ||
94 | break; | ||
95 | @@ -3830,6 +3869,8 @@ ENGINE_load_cryptodev(void) | ||
96 | put_dev_crypto(fd); | ||
97 | |||
98 | EVP_add_cipher(&cryptodev_aes_128_cbc_hmac_sha1); | ||
99 | + EVP_add_cipher(&cryptodev_aes_192_cbc_hmac_sha1); | ||
100 | + EVP_add_cipher(&cryptodev_aes_256_cbc_hmac_sha1); | ||
101 | if (!ENGINE_set_id(engine, "cryptodev") || | ||
102 | !ENGINE_set_name(engine, "BSD cryptodev engine") || | ||
103 | !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || | ||
104 | -- | ||
105 | 1.7.9.7 | ||
106 | |||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch index d8b5d95..b7702d1 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0008-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0010-Asynchronous-interface-added-for-PKC-cryptodev-inter.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 68f8054c5a1f72e40884782d2d548892406d6049 Mon Sep 17 00:00:00 2001 | 1 | From a933e6341fd8989bdd82f8a5446b6f04aa00eef9 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 11 Mar 2014 07:14:30 +0545 | 3 | Date: Tue, 11 Mar 2014 07:14:30 +0545 |
4 | Subject: [PATCH][fsl 08/15] Asynchronous interface added for PKC cryptodev | 4 | Subject: [PATCH 10/17] Asynchronous interface added for PKC cryptodev |
5 | interface | 5 | interface |
6 | 6 | ||
7 | Upstream-status: Pending | 7 | Upstream-status: Pending |
@@ -116,10 +116,10 @@ index cb3be13..eb0ebe0 100644 | |||
116 | int (*init)(EC_KEY *eckey); | 116 | int (*init)(EC_KEY *eckey); |
117 | int (*finish)(EC_KEY *eckey); | 117 | int (*finish)(EC_KEY *eckey); |
118 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 118 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
119 | index 88caec1..c5e8fb3 100644 | 119 | index 7ee314b..9f2416e 100644 |
120 | --- a/crypto/engine/eng_cryptodev.c | 120 | --- a/crypto/engine/eng_cryptodev.c |
121 | +++ b/crypto/engine/eng_cryptodev.c | 121 | +++ b/crypto/engine/eng_cryptodev.c |
122 | @@ -1248,6 +1248,56 @@ zapparams(struct crypt_kop *kop) | 122 | @@ -1281,6 +1281,56 @@ zapparams(struct crypt_kop *kop) |
123 | } | 123 | } |
124 | } | 124 | } |
125 | 125 | ||
@@ -176,7 +176,7 @@ index 88caec1..c5e8fb3 100644 | |||
176 | static int | 176 | static int |
177 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) | 177 | cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) |
178 | { | 178 | { |
179 | @@ -1304,6 +1354,44 @@ void *cryptodev_init_instance(void) | 179 | @@ -1337,6 +1387,44 @@ void *cryptodev_init_instance(void) |
180 | return fd; | 180 | return fd; |
181 | } | 181 | } |
182 | 182 | ||
@@ -221,7 +221,7 @@ index 88caec1..c5e8fb3 100644 | |||
221 | static int | 221 | static int |
222 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 222 | cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
223 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | 223 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) |
224 | @@ -1349,6 +1437,63 @@ err: | 224 | @@ -1382,6 +1470,63 @@ err: |
225 | } | 225 | } |
226 | 226 | ||
227 | static int | 227 | static int |
@@ -285,7 +285,7 @@ index 88caec1..c5e8fb3 100644 | |||
285 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | 285 | cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
286 | { | 286 | { |
287 | int r; | 287 | int r; |
288 | @@ -1413,6 +1558,62 @@ err: | 288 | @@ -1446,6 +1591,62 @@ err: |
289 | return (ret); | 289 | return (ret); |
290 | } | 290 | } |
291 | 291 | ||
@@ -348,7 +348,7 @@ index 88caec1..c5e8fb3 100644 | |||
348 | static RSA_METHOD cryptodev_rsa = { | 348 | static RSA_METHOD cryptodev_rsa = { |
349 | "cryptodev RSA method", | 349 | "cryptodev RSA method", |
350 | NULL, /* rsa_pub_enc */ | 350 | NULL, /* rsa_pub_enc */ |
351 | @@ -1421,6 +1622,12 @@ static RSA_METHOD cryptodev_rsa = { | 351 | @@ -1454,6 +1655,12 @@ static RSA_METHOD cryptodev_rsa = { |
352 | NULL, /* rsa_priv_dec */ | 352 | NULL, /* rsa_priv_dec */ |
353 | NULL, | 353 | NULL, |
354 | NULL, | 354 | NULL, |
@@ -361,7 +361,7 @@ index 88caec1..c5e8fb3 100644 | |||
361 | NULL, /* init */ | 361 | NULL, /* init */ |
362 | NULL, /* finish */ | 362 | NULL, /* finish */ |
363 | 0, /* flags */ | 363 | 0, /* flags */ |
364 | @@ -1718,126 +1925,424 @@ sw_try: | 364 | @@ -1751,126 +1958,424 @@ sw_try: |
365 | return ret; | 365 | return ret; |
366 | } | 366 | } |
367 | 367 | ||
@@ -875,7 +875,7 @@ index 88caec1..c5e8fb3 100644 | |||
875 | goto err; | 875 | goto err; |
876 | } | 876 | } |
877 | } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { | 877 | } else if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_characteristic_two_field) { |
878 | @@ -2162,63 +2667,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | 878 | @@ -2195,63 +2700,581 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, |
879 | } | 879 | } |
880 | 880 | ||
881 | /** | 881 | /** |
@@ -1507,7 +1507,7 @@ index 88caec1..c5e8fb3 100644 | |||
1507 | return ret; | 1507 | return ret; |
1508 | } | 1508 | } |
1509 | 1509 | ||
1510 | @@ -2327,6 +3350,54 @@ sw_try: | 1510 | @@ -2360,6 +3383,54 @@ sw_try: |
1511 | return (dhret); | 1511 | return (dhret); |
1512 | } | 1512 | } |
1513 | 1513 | ||
@@ -1562,7 +1562,7 @@ index 88caec1..c5e8fb3 100644 | |||
1562 | int cryptodev_ecdh_compute_key(void *out, size_t outlen, | 1562 | int cryptodev_ecdh_compute_key(void *out, size_t outlen, |
1563 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | 1563 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, |
1564 | void *out, size_t *outlen)) | 1564 | void *out, size_t *outlen)) |
1565 | @@ -2504,6 +3575,190 @@ err: | 1565 | @@ -2537,6 +3608,190 @@ err: |
1566 | return ret; | 1566 | return ret; |
1567 | } | 1567 | } |
1568 | 1568 | ||
@@ -1753,7 +1753,7 @@ index 88caec1..c5e8fb3 100644 | |||
1753 | 1753 | ||
1754 | static DH_METHOD cryptodev_dh = { | 1754 | static DH_METHOD cryptodev_dh = { |
1755 | "cryptodev DH method", | 1755 | "cryptodev DH method", |
1756 | @@ -2512,6 +3767,8 @@ static DH_METHOD cryptodev_dh = { | 1756 | @@ -2545,6 +3800,8 @@ static DH_METHOD cryptodev_dh = { |
1757 | NULL, | 1757 | NULL, |
1758 | NULL, | 1758 | NULL, |
1759 | NULL, | 1759 | NULL, |
@@ -1762,7 +1762,7 @@ index 88caec1..c5e8fb3 100644 | |||
1762 | 0, /* flags */ | 1762 | 0, /* flags */ |
1763 | NULL /* app_data */ | 1763 | NULL /* app_data */ |
1764 | }; | 1764 | }; |
1765 | @@ -2520,6 +3777,7 @@ static ECDH_METHOD cryptodev_ecdh = { | 1765 | @@ -2553,6 +3810,7 @@ static ECDH_METHOD cryptodev_ecdh = { |
1766 | "cryptodev ECDH method", | 1766 | "cryptodev ECDH method", |
1767 | NULL, /* cryptodev_ecdh_compute_key */ | 1767 | NULL, /* cryptodev_ecdh_compute_key */ |
1768 | NULL, | 1768 | NULL, |
@@ -1770,7 +1770,7 @@ index 88caec1..c5e8fb3 100644 | |||
1770 | 0, /* flags */ | 1770 | 0, /* flags */ |
1771 | NULL /* app_data */ | 1771 | NULL /* app_data */ |
1772 | }; | 1772 | }; |
1773 | @@ -2593,12 +3851,19 @@ ENGINE_load_cryptodev(void) | 1773 | @@ -2625,12 +3883,19 @@ ENGINE_load_cryptodev(void) |
1774 | cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; | 1774 | cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; |
1775 | if (cryptodev_asymfeat & CRF_MOD_EXP) { | 1775 | if (cryptodev_asymfeat & CRF_MOD_EXP) { |
1776 | cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; | 1776 | cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; |
@@ -1792,7 +1792,7 @@ index 88caec1..c5e8fb3 100644 | |||
1792 | } | 1792 | } |
1793 | } | 1793 | } |
1794 | 1794 | ||
1795 | @@ -2606,12 +3871,21 @@ ENGINE_load_cryptodev(void) | 1795 | @@ -2638,12 +3903,21 @@ ENGINE_load_cryptodev(void) |
1796 | const DSA_METHOD *meth = DSA_OpenSSL(); | 1796 | const DSA_METHOD *meth = DSA_OpenSSL(); |
1797 | 1797 | ||
1798 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); | 1798 | memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); |
@@ -1817,7 +1817,7 @@ index 88caec1..c5e8fb3 100644 | |||
1817 | } | 1817 | } |
1818 | 1818 | ||
1819 | if (ENGINE_set_DH(engine, &cryptodev_dh)){ | 1819 | if (ENGINE_set_DH(engine, &cryptodev_dh)){ |
1820 | @@ -2620,10 +3894,15 @@ ENGINE_load_cryptodev(void) | 1820 | @@ -2652,10 +3926,15 @@ ENGINE_load_cryptodev(void) |
1821 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | 1821 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { |
1822 | cryptodev_dh.compute_key = | 1822 | cryptodev_dh.compute_key = |
1823 | cryptodev_dh_compute_key; | 1823 | cryptodev_dh_compute_key; |
@@ -1833,7 +1833,7 @@ index 88caec1..c5e8fb3 100644 | |||
1833 | } | 1833 | } |
1834 | } | 1834 | } |
1835 | 1835 | ||
1836 | @@ -2632,10 +3911,14 @@ ENGINE_load_cryptodev(void) | 1836 | @@ -2664,10 +3943,14 @@ ENGINE_load_cryptodev(void) |
1837 | memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); | 1837 | memcpy(&cryptodev_ecdsa, meth, sizeof(ECDSA_METHOD)); |
1838 | if (cryptodev_asymfeat & CRF_DSA_SIGN) { | 1838 | if (cryptodev_asymfeat & CRF_DSA_SIGN) { |
1839 | cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; | 1839 | cryptodev_ecdsa.ecdsa_do_sign = cryptodev_ecdsa_do_sign; |
@@ -1848,7 +1848,7 @@ index 88caec1..c5e8fb3 100644 | |||
1848 | } | 1848 | } |
1849 | } | 1849 | } |
1850 | 1850 | ||
1851 | @@ -2644,9 +3927,16 @@ ENGINE_load_cryptodev(void) | 1851 | @@ -2676,9 +3959,16 @@ ENGINE_load_cryptodev(void) |
1852 | memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); | 1852 | memcpy(&cryptodev_ecdh, ecdh_meth, sizeof(ECDH_METHOD)); |
1853 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { | 1853 | if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) { |
1854 | cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; | 1854 | cryptodev_ecdh.compute_key = cryptodev_ecdh_compute_key; |
@@ -2035,5 +2035,5 @@ index 5f269e5..6ef1b15 100644 | |||
2035 | int (*finish)(RSA *rsa); /* called at free */ | 2035 | int (*finish)(RSA *rsa); /* called at free */ |
2036 | int flags; /* RSA_METHOD_FLAG_* things */ | 2036 | int flags; /* RSA_METHOD_FLAG_* things */ |
2037 | -- | 2037 | -- |
2038 | 1.7.9.7 | 2038 | 1.8.3.1 |
2039 | 2039 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch index 4eaaeaa..5e74298 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0010-Add-RSA-keygen-operation-and-support-gendsa-command-.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0011-Add-RSA-keygen-operation-and-support-gendsa-command-.patch | |||
@@ -1,22 +1,22 @@ | |||
1 | From a08f27a22d2c78f058b63dd2565925ca92ad08b2 Mon Sep 17 00:00:00 2001 | 1 | From e4fc051f8ae1c093b25ca346c2ec351ff3b700d1 Mon Sep 17 00:00:00 2001 |
2 | From: Hou Zhiqiang <B48286@freescale.com> | 2 | From: Hou Zhiqiang <B48286@freescale.com> |
3 | Date: Wed, 2 Apr 2014 16:10:43 +0800 | 3 | Date: Wed, 2 Apr 2014 16:10:43 +0800 |
4 | Subject: [PATCH][fsl 10/15] Add RSA keygen operation and support gendsa | 4 | Subject: [PATCH 11/17] Add RSA keygen operation and support gendsa command |
5 | command with hardware engine | 5 | with hardware engine |
6 | 6 | ||
7 | Upstream-status: Pending | 7 | Upstream-status: Pending |
8 | 8 | ||
9 | Signed-off-by: Hou Zhiqiang <B48286@freescale.com> | 9 | Signed-off-by: Hou Zhiqiang <B48286@freescale.com> |
10 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | 10 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> |
11 | --- | 11 | --- |
12 | crypto/engine/eng_cryptodev.c | 118 +++++++++++++++++++++++++++++++++++++++++ | 12 | crypto/engine/eng_cryptodev.c | 118 ++++++++++++++++++++++++++++++++++++++++++ |
13 | 1 file changed, 118 insertions(+) | 13 | 1 file changed, 118 insertions(+) |
14 | 14 | ||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
16 | index e2d4c53..0a6567c 100644 | 16 | index 9f2416e..b2919a8 100644 |
17 | --- a/crypto/engine/eng_cryptodev.c | 17 | --- a/crypto/engine/eng_cryptodev.c |
18 | +++ b/crypto/engine/eng_cryptodev.c | 18 | +++ b/crypto/engine/eng_cryptodev.c |
19 | @@ -1912,6 +1912,121 @@ err: | 19 | @@ -1906,6 +1906,121 @@ err: |
20 | return dsaret; | 20 | return dsaret; |
21 | } | 21 | } |
22 | 22 | ||
@@ -138,7 +138,7 @@ index e2d4c53..0a6567c 100644 | |||
138 | /* Cryptodev DSA Key Gen routine */ | 138 | /* Cryptodev DSA Key Gen routine */ |
139 | static int cryptodev_dsa_keygen(DSA *dsa) | 139 | static int cryptodev_dsa_keygen(DSA *dsa) |
140 | { | 140 | { |
141 | @@ -3905,6 +4020,9 @@ ENGINE_load_cryptodev(void) | 141 | @@ -3896,6 +4011,9 @@ ENGINE_load_cryptodev(void) |
142 | cryptodev_rsa.rsa_mod_exp_async = | 142 | cryptodev_rsa.rsa_mod_exp_async = |
143 | cryptodev_rsa_nocrt_mod_exp_async; | 143 | cryptodev_rsa_nocrt_mod_exp_async; |
144 | } | 144 | } |
@@ -149,5 +149,5 @@ index e2d4c53..0a6567c 100644 | |||
149 | } | 149 | } |
150 | 150 | ||
151 | -- | 151 | -- |
152 | 1.7.9.7 | 152 | 1.8.3.1 |
153 | 153 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch index b2d636a..4489973 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0011-RSA-Keygen-Fix.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0012-RSA-Keygen-Fix.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From f44fc935d5bc601cd625a64a366e64b19f2bb730 Mon Sep 17 00:00:00 2001 | 1 | From ac777f046da7151386d667391362ecb553ceee90 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Wed, 16 Apr 2014 22:53:04 +0545 | 3 | Date: Wed, 16 Apr 2014 22:53:04 +0545 |
4 | Subject: [PATCH][fsl 11/15] RSA Keygen Fix | 4 | Subject: [PATCH 12/17] RSA Keygen Fix |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
@@ -12,14 +12,14 @@ handled by software supported rsa_keygen handler | |||
12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | 13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> |
14 | --- | 14 | --- |
15 | crypto/engine/eng_cryptodev.c | 12 +++++++----- | 15 | crypto/engine/eng_cryptodev.c | 12 +++++++----- |
16 | 1 file changed, 7 insertions(+), 5 deletions(-) | 16 | 1 file changed, 7 insertions(+), 5 deletions(-) |
17 | 17 | ||
18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
19 | index 0a6567c..5d54f7e 100644 | 19 | index b2919a8..ed5f20f 100644 |
20 | --- a/crypto/engine/eng_cryptodev.c | 20 | --- a/crypto/engine/eng_cryptodev.c |
21 | +++ b/crypto/engine/eng_cryptodev.c | 21 | +++ b/crypto/engine/eng_cryptodev.c |
22 | @@ -1921,7 +1921,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | 22 | @@ -1915,7 +1915,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) |
23 | int i; | 23 | int i; |
24 | 24 | ||
25 | if ((fd = get_asym_dev_crypto()) < 0) | 25 | if ((fd = get_asym_dev_crypto()) < 0) |
@@ -28,7 +28,7 @@ index 0a6567c..5d54f7e 100644 | |||
28 | 28 | ||
29 | if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; | 29 | if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; |
30 | if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; | 30 | if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; |
31 | @@ -1942,7 +1942,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | 31 | @@ -1936,7 +1936,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) |
32 | /* p length */ | 32 | /* p length */ |
33 | kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); | 33 | kop.crk_param[kop.crk_iparams].crp_p = calloc(p_len + 1, sizeof(char)); |
34 | if (!kop.crk_param[kop.crk_iparams].crp_p) | 34 | if (!kop.crk_param[kop.crk_iparams].crp_p) |
@@ -37,7 +37,7 @@ index 0a6567c..5d54f7e 100644 | |||
37 | kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; | 37 | kop.crk_param[kop.crk_iparams].crp_nbits = p_len * 8; |
38 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); | 38 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, p_len + 1); |
39 | kop.crk_iparams++; | 39 | kop.crk_iparams++; |
40 | @@ -1950,7 +1950,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | 40 | @@ -1944,7 +1944,7 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) |
41 | /* q length */ | 41 | /* q length */ |
42 | kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); | 42 | kop.crk_param[kop.crk_iparams].crp_p = calloc(q_len + 1, sizeof(char)); |
43 | if (!kop.crk_param[kop.crk_iparams].crp_p) | 43 | if (!kop.crk_param[kop.crk_iparams].crp_p) |
@@ -46,7 +46,7 @@ index 0a6567c..5d54f7e 100644 | |||
46 | kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; | 46 | kop.crk_param[kop.crk_iparams].crp_nbits = q_len * 8; |
47 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); | 47 | memset(kop.crk_param[kop.crk_iparams].crp_p, 0xff, q_len + 1); |
48 | kop.crk_iparams++; | 48 | kop.crk_iparams++; |
49 | @@ -2015,8 +2015,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) | 49 | @@ -2009,8 +2009,10 @@ static int cryptodev_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) |
50 | } | 50 | } |
51 | sw_try: | 51 | sw_try: |
52 | { | 52 | { |
@@ -60,5 +60,5 @@ index 0a6567c..5d54f7e 100644 | |||
60 | return ret; | 60 | return ret; |
61 | 61 | ||
62 | -- | 62 | -- |
63 | 1.7.9.7 | 63 | 1.8.3.1 |
64 | 64 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch index 077b08e..183f3fb 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0012-Removed-local-copy-of-curve_t-type.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0013-Removed-local-copy-of-curve_t-type.patch | |||
@@ -1,22 +1,22 @@ | |||
1 | From 7a6848210c3b2f42aed4de60646e0e63c0e35fcb Mon Sep 17 00:00:00 2001 | 1 | From 6aaa306cdf878250d7b6eaf30978de313653886b Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Thu, 17 Apr 2014 06:57:59 +0545 | 3 | Date: Thu, 17 Apr 2014 06:57:59 +0545 |
4 | Subject: [PATCH][fsl 12/15] Removed local copy of curve_t type | 4 | Subject: [PATCH 13/17] Removed local copy of curve_t type |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
9 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | 9 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> |
10 | --- | 10 | --- |
11 | crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- | 11 | crypto/engine/eng_cryptodev.c | 34 ++++++++++++++-------------------- |
12 | crypto/engine/eng_cryptodev_ec.h | 7 ------- | 12 | crypto/engine/eng_cryptodev_ec.h | 7 ------- |
13 | 2 files changed, 14 insertions(+), 27 deletions(-) | 13 | 2 files changed, 14 insertions(+), 27 deletions(-) |
14 | 14 | ||
15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 15 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
16 | index 5d54f7e..33447c8 100644 | 16 | index ed5f20f..5d883fa 100644 |
17 | --- a/crypto/engine/eng_cryptodev.c | 17 | --- a/crypto/engine/eng_cryptodev.c |
18 | +++ b/crypto/engine/eng_cryptodev.c | 18 | +++ b/crypto/engine/eng_cryptodev.c |
19 | @@ -2404,12 +2404,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { | 19 | @@ -2398,12 +2398,6 @@ static ECDSA_METHOD cryptodev_ecdsa = { |
20 | NULL /* app_data */ | 20 | NULL /* app_data */ |
21 | }; | 21 | }; |
22 | 22 | ||
@@ -29,7 +29,7 @@ index 5d54f7e..33447c8 100644 | |||
29 | /* ENGINE handler for ECDSA Sign */ | 29 | /* ENGINE handler for ECDSA Sign */ |
30 | static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | 30 | static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, |
31 | int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) | 31 | int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) |
32 | @@ -2426,7 +2420,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | 32 | @@ -2420,7 +2414,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, |
33 | const BIGNUM *order = NULL, *priv_key=NULL; | 33 | const BIGNUM *order = NULL, *priv_key=NULL; |
34 | const EC_GROUP *group = NULL; | 34 | const EC_GROUP *group = NULL; |
35 | struct crypt_kop kop; | 35 | struct crypt_kop kop; |
@@ -38,7 +38,7 @@ index 5d54f7e..33447c8 100644 | |||
38 | 38 | ||
39 | memset(&kop, 0, sizeof(kop)); | 39 | memset(&kop, 0, sizeof(kop)); |
40 | ecdsa = ecdsa_check(eckey); | 40 | ecdsa = ecdsa_check(eckey); |
41 | @@ -2559,7 +2553,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, | 41 | @@ -2553,7 +2547,7 @@ static ECDSA_SIG *cryptodev_ecdsa_do_sign( const unsigned char *dgst, |
42 | else | 42 | else |
43 | goto err; | 43 | goto err; |
44 | } | 44 | } |
@@ -47,7 +47,7 @@ index 5d54f7e..33447c8 100644 | |||
47 | } | 47 | } |
48 | 48 | ||
49 | /* Calculation of Generator point */ | 49 | /* Calculation of Generator point */ |
50 | @@ -2653,7 +2647,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | 50 | @@ -2647,7 +2641,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, |
51 | const EC_POINT *pub_key = NULL; | 51 | const EC_POINT *pub_key = NULL; |
52 | const BIGNUM *order = NULL; | 52 | const BIGNUM *order = NULL; |
53 | const EC_GROUP *group=NULL; | 53 | const EC_GROUP *group=NULL; |
@@ -56,7 +56,7 @@ index 5d54f7e..33447c8 100644 | |||
56 | struct crypt_kop kop; | 56 | struct crypt_kop kop; |
57 | 57 | ||
58 | memset(&kop, 0, sizeof kop); | 58 | memset(&kop, 0, sizeof kop); |
59 | @@ -2798,7 +2792,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, | 59 | @@ -2792,7 +2786,7 @@ static int cryptodev_ecdsa_verify(const unsigned char *dgst, int dgst_len, |
60 | else | 60 | else |
61 | goto err; | 61 | goto err; |
62 | } | 62 | } |
@@ -65,7 +65,7 @@ index 5d54f7e..33447c8 100644 | |||
65 | } | 65 | } |
66 | 66 | ||
67 | /* Calculation of Generator point */ | 67 | /* Calculation of Generator point */ |
68 | @@ -2899,7 +2893,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, | 68 | @@ -2893,7 +2887,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, |
69 | const BIGNUM *order = NULL, *priv_key=NULL; | 69 | const BIGNUM *order = NULL, *priv_key=NULL; |
70 | const EC_GROUP *group = NULL; | 70 | const EC_GROUP *group = NULL; |
71 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | 71 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); |
@@ -74,7 +74,7 @@ index 5d54f7e..33447c8 100644 | |||
74 | 74 | ||
75 | if (!(sig->r = BN_new()) || !kop) | 75 | if (!(sig->r = BN_new()) || !kop) |
76 | goto err; | 76 | goto err; |
77 | @@ -3035,7 +3029,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, | 77 | @@ -3029,7 +3023,7 @@ static int cryptodev_ecdsa_do_sign_async( const unsigned char *dgst, |
78 | else | 78 | else |
79 | goto err; | 79 | goto err; |
80 | } | 80 | } |
@@ -83,7 +83,7 @@ index 5d54f7e..33447c8 100644 | |||
83 | } | 83 | } |
84 | 84 | ||
85 | /* Calculation of Generator point */ | 85 | /* Calculation of Generator point */ |
86 | @@ -3111,7 +3105,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, | 86 | @@ -3105,7 +3099,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, |
87 | const EC_POINT *pub_key = NULL; | 87 | const EC_POINT *pub_key = NULL; |
88 | const BIGNUM *order = NULL; | 88 | const BIGNUM *order = NULL; |
89 | const EC_GROUP *group=NULL; | 89 | const EC_GROUP *group=NULL; |
@@ -92,7 +92,7 @@ index 5d54f7e..33447c8 100644 | |||
92 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); | 92 | struct crypt_kop *kop = malloc(sizeof(struct crypt_kop)); |
93 | 93 | ||
94 | if (!kop) | 94 | if (!kop) |
95 | @@ -3253,7 +3247,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, | 95 | @@ -3247,7 +3241,7 @@ static int cryptodev_ecdsa_verify_async(const unsigned char *dgst, int dgst_len, |
96 | /* copy b' i.e c(b), instead of only b */ | 96 | /* copy b' i.e c(b), instead of only b */ |
97 | eng_ec_get_cparam (EC_GROUP_get_curve_name(group), | 97 | eng_ec_get_cparam (EC_GROUP_get_curve_name(group), |
98 | ab+q_len, q_len); | 98 | ab+q_len, q_len); |
@@ -101,7 +101,7 @@ index 5d54f7e..33447c8 100644 | |||
101 | } | 101 | } |
102 | 102 | ||
103 | /* Calculation of Generator point */ | 103 | /* Calculation of Generator point */ |
104 | @@ -3558,7 +3552,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | 104 | @@ -3552,7 +3546,7 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, |
105 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | 105 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, |
106 | void *out, size_t *outlen)) | 106 | void *out, size_t *outlen)) |
107 | { | 107 | { |
@@ -110,7 +110,7 @@ index 5d54f7e..33447c8 100644 | |||
110 | unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | 110 | unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; |
111 | BIGNUM * w_x = NULL, *w_y = NULL; | 111 | BIGNUM * w_x = NULL, *w_y = NULL; |
112 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | 112 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; |
113 | @@ -3684,9 +3678,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, | 113 | @@ -3678,9 +3672,9 @@ int cryptodev_ecdh_compute_key(void *out, size_t outlen, |
114 | else | 114 | else |
115 | goto err; | 115 | goto err; |
116 | } | 116 | } |
@@ -122,7 +122,7 @@ index 5d54f7e..33447c8 100644 | |||
122 | 122 | ||
123 | priv_key_len = r_len; | 123 | priv_key_len = r_len; |
124 | 124 | ||
125 | @@ -3735,7 +3729,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | 125 | @@ -3729,7 +3723,7 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, |
126 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, | 126 | const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF)(const void *in, size_t inlen, |
127 | void *out, size_t *outlen), struct pkc_cookie_s *cookie) | 127 | void *out, size_t *outlen), struct pkc_cookie_s *cookie) |
128 | { | 128 | { |
@@ -131,7 +131,7 @@ index 5d54f7e..33447c8 100644 | |||
131 | unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; | 131 | unsigned char * q = NULL, *w_xy = NULL, *ab = NULL, *s = NULL, *r = NULL; |
132 | BIGNUM * w_x = NULL, *w_y = NULL; | 132 | BIGNUM * w_x = NULL, *w_y = NULL; |
133 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; | 133 | int q_len = 0, ab_len = 0, pub_key_len = 0, r_len = 0, priv_key_len = 0; |
134 | @@ -3863,9 +3857,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, | 134 | @@ -3857,9 +3851,9 @@ int cryptodev_ecdh_compute_key_async(void *out, size_t outlen, |
135 | else | 135 | else |
136 | goto err; | 136 | goto err; |
137 | } | 137 | } |
@@ -160,5 +160,5 @@ index 77aee71..a4b8da5 100644 | |||
160 | -}; | 160 | -}; |
161 | #endif | 161 | #endif |
162 | -- | 162 | -- |
163 | 1.7.9.7 | 163 | 1.8.3.1 |
164 | 164 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch index 11f0622..46846f8 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0013-Modulus-parameter-is-not-populated-by-dhparams.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0014-Modulus-parameter-is-not-populated-by-dhparams.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 8aabfeb1308188a46d3f370cd757de130e73eb9b Mon Sep 17 00:00:00 2001 | 1 | From 14623ca9e417ccef1ad3f4138acfac0ebe682f1f Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Tue, 22 Apr 2014 22:58:33 +0545 | 3 | Date: Tue, 22 Apr 2014 22:58:33 +0545 |
4 | Subject: [PATCH][fsl 13/15] Modulus parameter is not populated by dhparams | 4 | Subject: [PATCH 14/17] Modulus parameter is not populated by dhparams |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
@@ -13,14 +13,14 @@ by private key generation | |||
13 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 13 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
14 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | 14 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> |
15 | --- | 15 | --- |
16 | crypto/engine/eng_cryptodev.c | 4 ++-- | 16 | crypto/engine/eng_cryptodev.c | 4 ++-- |
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | 17 | 1 file changed, 2 insertions(+), 2 deletions(-) |
18 | 18 | ||
19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 19 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
20 | index 33447c8..8de8f09 100644 | 20 | index 5d883fa..6d69336 100644 |
21 | --- a/crypto/engine/eng_cryptodev.c | 21 | --- a/crypto/engine/eng_cryptodev.c |
22 | +++ b/crypto/engine/eng_cryptodev.c | 22 | +++ b/crypto/engine/eng_cryptodev.c |
23 | @@ -3370,7 +3370,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) | 23 | @@ -3364,7 +3364,7 @@ static int cryptodev_dh_keygen_async(DH *dh, struct pkc_cookie_s *cookie) |
24 | kop->crk_op = CRK_DH_GENERATE_KEY; | 24 | kop->crk_op = CRK_DH_GENERATE_KEY; |
25 | if (bn2crparam(dh->p, &kop->crk_param[0])) | 25 | if (bn2crparam(dh->p, &kop->crk_param[0])) |
26 | goto sw_try; | 26 | goto sw_try; |
@@ -29,7 +29,7 @@ index 33447c8..8de8f09 100644 | |||
29 | goto sw_try; | 29 | goto sw_try; |
30 | kop->crk_param[2].crp_p = g; | 30 | kop->crk_param[2].crp_p = g; |
31 | kop->crk_param[2].crp_nbits = g_len * 8; | 31 | kop->crk_param[2].crp_nbits = g_len * 8; |
32 | @@ -3425,7 +3425,7 @@ static int cryptodev_dh_keygen(DH *dh) | 32 | @@ -3419,7 +3419,7 @@ static int cryptodev_dh_keygen(DH *dh) |
33 | kop.crk_op = CRK_DH_GENERATE_KEY; | 33 | kop.crk_op = CRK_DH_GENERATE_KEY; |
34 | if (bn2crparam(dh->p, &kop.crk_param[0])) | 34 | if (bn2crparam(dh->p, &kop.crk_param[0])) |
35 | goto sw_try; | 35 | goto sw_try; |
@@ -39,5 +39,5 @@ index 33447c8..8de8f09 100644 | |||
39 | kop.crk_param[2].crp_p = g; | 39 | kop.crk_param[2].crp_p = g; |
40 | kop.crk_param[2].crp_nbits = g_len * 8; | 40 | kop.crk_param[2].crp_nbits = g_len * 8; |
41 | -- | 41 | -- |
42 | 1.7.9.7 | 42 | 1.8.3.1 |
43 | 43 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch index e5aa1ba..c20f9d7 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0014-SW-Backoff-mechanism-for-dsa-keygen.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0015-SW-Backoff-mechanism-for-dsa-keygen.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 8b1ed323d08dce8b6e303ce63a82337543e9187f Mon Sep 17 00:00:00 2001 | 1 | From 10be401a33e6ebcc325d6747914c70595cd53d0a Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Thu, 24 Apr 2014 00:35:34 +0545 | 3 | Date: Thu, 24 Apr 2014 00:35:34 +0545 |
4 | Subject: [PATCH][fsl 14/15] SW Backoff mechanism for dsa keygen | 4 | Subject: [PATCH 15/17] SW Backoff mechanism for dsa keygen |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
@@ -12,14 +12,14 @@ keygen gives segmentation fault. | |||
12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 12 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | 13 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> |
14 | --- | 14 | --- |
15 | crypto/engine/eng_cryptodev.c | 12 ++++++++---- | 15 | crypto/engine/eng_cryptodev.c | 12 ++++++++---- |
16 | 1 file changed, 8 insertions(+), 4 deletions(-) | 16 | 1 file changed, 8 insertions(+), 4 deletions(-) |
17 | 17 | ||
18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 18 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
19 | index 8de8f09..7c2661f 100644 | 19 | index 6d69336..dab8fea 100644 |
20 | --- a/crypto/engine/eng_cryptodev.c | 20 | --- a/crypto/engine/eng_cryptodev.c |
21 | +++ b/crypto/engine/eng_cryptodev.c | 21 | +++ b/crypto/engine/eng_cryptodev.c |
22 | @@ -2075,8 +2075,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) | 22 | @@ -2069,8 +2069,10 @@ static int cryptodev_dsa_keygen(DSA *dsa) |
23 | return ret; | 23 | return ret; |
24 | sw_try: | 24 | sw_try: |
25 | { | 25 | { |
@@ -32,7 +32,7 @@ index 8de8f09..7c2661f 100644 | |||
32 | } | 32 | } |
33 | return ret; | 33 | return ret; |
34 | } | 34 | } |
35 | @@ -2130,11 +2132,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) | 35 | @@ -2124,11 +2126,13 @@ static int cryptodev_dsa_keygen_async(DSA *dsa, struct pkc_cookie_s *cookie) |
36 | return ret; | 36 | return ret; |
37 | sw_try: | 37 | sw_try: |
38 | { | 38 | { |
@@ -49,5 +49,5 @@ index 8de8f09..7c2661f 100644 | |||
49 | } | 49 | } |
50 | return ret; | 50 | return ret; |
51 | -- | 51 | -- |
52 | 1.7.9.7 | 52 | 1.8.3.1 |
53 | 53 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch index 99e6094..abcc2ef 100644 --- a/recipes-connectivity/openssl/openssl-fsl/0015-Fixed-DH-keygen-pair-generator.patch +++ b/recipes-connectivity/openssl/openssl-fsl/0016-Fixed-DH-keygen-pair-generator.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | From 9dfc18846063a110070782ede699c513b30257e5 Mon Sep 17 00:00:00 2001 | 1 | From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001 |
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | 2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> |
3 | Date: Thu, 1 May 2014 06:35:45 +0545 | 3 | Date: Thu, 1 May 2014 06:35:45 +0545 |
4 | Subject: [PATCH][fsl 15/15] Fixed DH keygen pair generator | 4 | Subject: [PATCH 16/17] Fixed DH keygen pair generator |
5 | 5 | ||
6 | Upstream-status: Pending | 6 | Upstream-status: Pending |
7 | 7 | ||
@@ -10,14 +10,14 @@ Wrong Padding results into keygen length error | |||
10 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | 10 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> |
11 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | 11 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> |
12 | --- | 12 | --- |
13 | crypto/engine/eng_cryptodev.c | 50 +++++++++++++++++++++++++++-------------- | 13 | crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++--------------- |
14 | 1 file changed, 33 insertions(+), 17 deletions(-) | 14 | 1 file changed, 33 insertions(+), 17 deletions(-) |
15 | 15 | ||
16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | 16 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c |
17 | index 7c2661f..703eee4 100644 | 17 | index dab8fea..13d924f 100644 |
18 | --- a/crypto/engine/eng_cryptodev.c | 18 | --- a/crypto/engine/eng_cryptodev.c |
19 | +++ b/crypto/engine/eng_cryptodev.c | 19 | +++ b/crypto/engine/eng_cryptodev.c |
20 | @@ -3402,44 +3402,60 @@ sw_try: | 20 | @@ -3396,44 +3396,60 @@ sw_try: |
21 | static int cryptodev_dh_keygen(DH *dh) | 21 | static int cryptodev_dh_keygen(DH *dh) |
22 | { | 22 | { |
23 | struct crypt_kop kop; | 23 | struct crypt_kop kop; |
@@ -96,5 +96,5 @@ index 7c2661f..703eee4 100644 | |||
96 | sw_try: | 96 | sw_try: |
97 | { | 97 | { |
98 | -- | 98 | -- |
99 | 1.7.9.7 | 99 | 1.8.3.1 |
100 | 100 | ||
diff --git a/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch new file mode 100644 index 0000000..a71bb45 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-fsl/0017-cryptodev-add-support-for-aes-gcm-algorithm-offloadi.patch | |||
@@ -0,0 +1,309 @@ | |||
1 | From 11b55103463bac614e00d74e9f196ec4ec6bade1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 16 Jun 2014 14:06:21 +0300 | ||
4 | Subject: [PATCH 17/17] cryptodev: add support for aes-gcm algorithm offloading | ||
5 | |||
6 | Change-Id: I3b77dc5ef8b8f707309549244a02852d95b36168 | ||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
8 | Reviewed-on: http://git.am.freescale.net:8181/17226 | ||
9 | --- | ||
10 | apps/speed.c | 6 +- | ||
11 | crypto/engine/eng_cryptodev.c | 229 +++++++++++++++++++++++++++++++++++++++++- | ||
12 | 2 files changed, 233 insertions(+), 2 deletions(-) | ||
13 | |||
14 | diff --git a/apps/speed.c b/apps/speed.c | ||
15 | index 9886ca3..099dede 100644 | ||
16 | --- a/apps/speed.c | ||
17 | +++ b/apps/speed.c | ||
18 | @@ -224,7 +224,11 @@ | ||
19 | #endif | ||
20 | |||
21 | #undef BUFSIZE | ||
22 | -#define BUFSIZE ((long)1024*8+1) | ||
23 | +/* The buffer overhead allows GCM tag at the end of the encrypted data. This | ||
24 | + avoids buffer overflows from cryptodev since Linux kernel GCM | ||
25 | + implementation allways adds the tag - unlike e_aes.c:aes_gcm_cipher() | ||
26 | + which doesn't */ | ||
27 | +#define BUFSIZE ((long)1024*8 + EVP_GCM_TLS_TAG_LEN) | ||
28 | int run=0; | ||
29 | |||
30 | static int mr=0; | ||
31 | diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c | ||
32 | index 13d924f..4493490 100644 | ||
33 | --- a/crypto/engine/eng_cryptodev.c | ||
34 | +++ b/crypto/engine/eng_cryptodev.c | ||
35 | @@ -78,8 +78,10 @@ struct dev_crypto_state { | ||
36 | struct session_op d_sess; | ||
37 | int d_fd; | ||
38 | unsigned char *aad; | ||
39 | - unsigned int aad_len; | ||
40 | + int aad_len; | ||
41 | unsigned int len; | ||
42 | + unsigned char *iv; | ||
43 | + int ivlen; | ||
44 | |||
45 | #ifdef USE_CRYPTODEV_DIGESTS | ||
46 | char dummy_mac_key[HASH_MAX_LEN]; | ||
47 | @@ -251,6 +253,7 @@ static struct { | ||
48 | { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, 0}, | ||
49 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_128_cbc_hmac_sha1, 16, 16, 20}, | ||
50 | { CRYPTO_TLS10_AES_CBC_HMAC_SHA1, NID_aes_256_cbc_hmac_sha1, 16, 32, 20}, | ||
51 | + { CRYPTO_AES_GCM, NID_aes_128_gcm, 16, 16, 0}, | ||
52 | { 0, NID_undef, 0, 0, 0}, | ||
53 | }; | ||
54 | |||
55 | @@ -271,6 +274,19 @@ static struct { | ||
56 | }; | ||
57 | #endif | ||
58 | |||
59 | +/* increment counter (64-bit int) by 1 */ | ||
60 | +static void ctr64_inc(unsigned char *counter) { | ||
61 | + int n=8; | ||
62 | + unsigned char c; | ||
63 | + | ||
64 | + do { | ||
65 | + --n; | ||
66 | + c = counter[n]; | ||
67 | + ++c; | ||
68 | + counter[n] = c; | ||
69 | + if (c) return; | ||
70 | + } while (n); | ||
71 | +} | ||
72 | /* | ||
73 | * Return a fd if /dev/crypto seems usable, 0 otherwise. | ||
74 | */ | ||
75 | @@ -762,6 +778,197 @@ static int cryptodev_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
76 | } | ||
77 | } | ||
78 | |||
79 | +static int cryptodev_init_gcm_key(EVP_CIPHER_CTX *ctx, | ||
80 | + const unsigned char *key, const unsigned char *iv, int enc) | ||
81 | +{ | ||
82 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
83 | + struct session_op *sess = &state->d_sess; | ||
84 | + int cipher = -1, i; | ||
85 | + if (!iv && !key) | ||
86 | + return 1; | ||
87 | + | ||
88 | + if (iv) | ||
89 | + memcpy(ctx->iv, iv, ctx->cipher->iv_len); | ||
90 | + | ||
91 | + for (i = 0; ciphers[i].id; i++) | ||
92 | + if (ctx->cipher->nid == ciphers[i].nid && | ||
93 | + ctx->cipher->iv_len <= ciphers[i].ivmax && | ||
94 | + ctx->key_len == ciphers[i].keylen) { | ||
95 | + cipher = ciphers[i].id; | ||
96 | + break; | ||
97 | + } | ||
98 | + | ||
99 | + if (!ciphers[i].id) { | ||
100 | + state->d_fd = -1; | ||
101 | + return 0; | ||
102 | + } | ||
103 | + | ||
104 | + memset(sess, 0, sizeof(struct session_op)); | ||
105 | + | ||
106 | + if ((state->d_fd = get_dev_crypto()) < 0) | ||
107 | + return 0; | ||
108 | + | ||
109 | + sess->key = (unsigned char *) key; | ||
110 | + sess->keylen = ctx->key_len; | ||
111 | + sess->cipher = cipher; | ||
112 | + | ||
113 | + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { | ||
114 | + put_dev_crypto(state->d_fd); | ||
115 | + state->d_fd = -1; | ||
116 | + return 0; | ||
117 | + } | ||
118 | + return 1; | ||
119 | +} | ||
120 | + | ||
121 | +static int cryptodev_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
122 | + const unsigned char *in, size_t len) | ||
123 | +{ | ||
124 | + struct crypt_auth_op cryp = {0}; | ||
125 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
126 | + struct session_op *sess = &state->d_sess; | ||
127 | + int rv = len; | ||
128 | + | ||
129 | + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? | ||
130 | + EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, | ||
131 | + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) | ||
132 | + return 0; | ||
133 | + | ||
134 | + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
135 | + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
136 | + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
137 | + | ||
138 | + if (ctx->encrypt) { | ||
139 | + len -= EVP_GCM_TLS_TAG_LEN; | ||
140 | + } | ||
141 | + cryp.ses = sess->ses; | ||
142 | + cryp.len = len; | ||
143 | + cryp.src = (unsigned char*) in; | ||
144 | + cryp.dst = out; | ||
145 | + cryp.auth_src = state->aad; | ||
146 | + cryp.auth_len = state->aad_len; | ||
147 | + cryp.iv = ctx->iv; | ||
148 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
149 | + | ||
150 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | ||
151 | + return 0; | ||
152 | + } | ||
153 | + | ||
154 | + if (ctx->encrypt) | ||
155 | + ctr64_inc(state->iv + state->ivlen - 8); | ||
156 | + else | ||
157 | + rv = len - EVP_GCM_TLS_TAG_LEN; | ||
158 | + | ||
159 | + return rv; | ||
160 | +} | ||
161 | + | ||
162 | +static int cryptodev_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
163 | + const unsigned char *in, size_t len) | ||
164 | +{ | ||
165 | + struct crypt_auth_op cryp; | ||
166 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
167 | + struct session_op *sess = &state->d_sess; | ||
168 | + | ||
169 | + if (state->d_fd < 0) | ||
170 | + return 0; | ||
171 | + | ||
172 | + if ((len % ctx->cipher->block_size) != 0) | ||
173 | + return 0; | ||
174 | + | ||
175 | + if (state->aad_len >= 0) | ||
176 | + return cryptodev_gcm_tls_cipher(ctx, out, in, len); | ||
177 | + | ||
178 | + memset(&cryp, 0, sizeof(cryp)); | ||
179 | + | ||
180 | + cryp.ses = sess->ses; | ||
181 | + cryp.len = len; | ||
182 | + cryp.src = (unsigned char*) in; | ||
183 | + cryp.dst = out; | ||
184 | + cryp.auth_src = NULL; | ||
185 | + cryp.auth_len = 0; | ||
186 | + cryp.iv = ctx->iv; | ||
187 | + cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; | ||
188 | + | ||
189 | + if (ioctl(state->d_fd, CIOCAUTHCRYPT, &cryp) == -1) { | ||
190 | + return 0; | ||
191 | + } | ||
192 | + | ||
193 | + return len; | ||
194 | +} | ||
195 | + | ||
196 | +static int cryptodev_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, | ||
197 | + void *ptr) | ||
198 | +{ | ||
199 | + struct dev_crypto_state *state = ctx->cipher_data; | ||
200 | + switch (type) { | ||
201 | + case EVP_CTRL_INIT: | ||
202 | + { | ||
203 | + state->ivlen = ctx->cipher->iv_len; | ||
204 | + state->iv = ctx->iv; | ||
205 | + state->aad_len = -1; | ||
206 | + return 1; | ||
207 | + } | ||
208 | + case EVP_CTRL_GCM_SET_IV_FIXED: | ||
209 | + { | ||
210 | + /* Special case: -1 length restores whole IV */ | ||
211 | + if (arg == -1) | ||
212 | + { | ||
213 | + memcpy(state->iv, ptr, state->ivlen); | ||
214 | + return 1; | ||
215 | + } | ||
216 | + /* Fixed field must be at least 4 bytes and invocation field | ||
217 | + * at least 8. | ||
218 | + */ | ||
219 | + if ((arg < 4) || (state->ivlen - arg) < 8) | ||
220 | + return 0; | ||
221 | + if (arg) | ||
222 | + memcpy(state->iv, ptr, arg); | ||
223 | + if (ctx->encrypt && | ||
224 | + RAND_bytes(state->iv + arg, state->ivlen - arg) <= 0) | ||
225 | + return 0; | ||
226 | + return 1; | ||
227 | + } | ||
228 | + case EVP_CTRL_AEAD_TLS1_AAD: | ||
229 | + { | ||
230 | + unsigned int len; | ||
231 | + if (arg != 13) | ||
232 | + return 0; | ||
233 | + | ||
234 | + memcpy(ctx->buf, ptr, arg); | ||
235 | + len=ctx->buf[arg-2] << 8 | ctx->buf[arg-1]; | ||
236 | + | ||
237 | + /* Correct length for explicit IV */ | ||
238 | + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
239 | + | ||
240 | + /* If decrypting correct for tag too */ | ||
241 | + if (!ctx->encrypt) | ||
242 | + len -= EVP_GCM_TLS_TAG_LEN; | ||
243 | + | ||
244 | + ctx->buf[arg-2] = len >> 8; | ||
245 | + ctx->buf[arg-1] = len & 0xff; | ||
246 | + | ||
247 | + state->aad = ctx->buf; | ||
248 | + state->aad_len = arg; | ||
249 | + state->len = len; | ||
250 | + | ||
251 | + /* Extra padding: tag appended to record */ | ||
252 | + return EVP_GCM_TLS_TAG_LEN; | ||
253 | + } | ||
254 | + case EVP_CTRL_GCM_SET_IV_INV: | ||
255 | + { | ||
256 | + if (ctx->encrypt) | ||
257 | + return 0; | ||
258 | + memcpy(state->iv + state->ivlen - arg, ptr, arg); | ||
259 | + return 1; | ||
260 | + } | ||
261 | + case EVP_CTRL_GCM_IV_GEN: | ||
262 | + if (arg <= 0 || arg > state->ivlen) | ||
263 | + arg = state->ivlen; | ||
264 | + memcpy(ptr, state->iv + state->ivlen - arg, arg); | ||
265 | + return 1; | ||
266 | + default: | ||
267 | + return -1; | ||
268 | + } | ||
269 | +} | ||
270 | /* | ||
271 | * libcrypto EVP stuff - this is how we get wired to EVP so the engine | ||
272 | * gets called when libcrypto requests a cipher NID. | ||
273 | @@ -901,6 +1108,23 @@ const EVP_CIPHER cryptodev_aes_256_cbc_hmac_sha1 = { | ||
274 | cryptodev_cbc_hmac_sha1_ctrl, | ||
275 | NULL | ||
276 | }; | ||
277 | + | ||
278 | +const EVP_CIPHER cryptodev_aes_128_gcm = { | ||
279 | + NID_aes_128_gcm, | ||
280 | + 1, 16, 12, | ||
281 | + EVP_CIPH_GCM_MODE | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ | ||
282 | + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | ||
283 | + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, | ||
284 | + cryptodev_init_gcm_key, | ||
285 | + cryptodev_gcm_cipher, | ||
286 | + cryptodev_cleanup, | ||
287 | + sizeof(struct dev_crypto_state), | ||
288 | + EVP_CIPHER_set_asn1_iv, | ||
289 | + EVP_CIPHER_get_asn1_iv, | ||
290 | + cryptodev_gcm_ctrl, | ||
291 | + NULL | ||
292 | +}; | ||
293 | + | ||
294 | /* | ||
295 | * Registered by the ENGINE when used to find out how to deal with | ||
296 | * a particular NID in the ENGINE. this says what we'll do at the | ||
297 | @@ -944,6 +1168,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | ||
298 | case NID_aes_256_cbc_hmac_sha1: | ||
299 | *cipher = &cryptodev_aes_256_cbc_hmac_sha1; | ||
300 | break; | ||
301 | + case NID_aes_128_gcm: | ||
302 | + *cipher = &cryptodev_aes_128_gcm; | ||
303 | + break; | ||
304 | default: | ||
305 | *cipher = NULL; | ||
306 | break; | ||
307 | -- | ||
308 | 1.8.3.1 | ||
309 | |||