1 files changed, 100 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
new file mode 100644
index 0000000..8923cb6
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
+From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
+From: Yashpal Dutta <yashpal.dutta@freescale.com>
+Date: Thu, 1 May 2014 06:35:45 +0545
+Subject: [PATCH 16/26] Fixed DH keygen pair generator
+Upstream-status: Pending
+Wrong Padding results into keygen length error
+Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index dab8fea..13d924f 100644
+--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
+@@ -3396,44 +3396,60 @@ sw_try:
+ static int cryptodev_dh_keygen(DH *dh)
+ {
+        struct crypt_kop kop;
+-       int ret = 1, g_len;
+-       unsigned char *g = NULL;
+       int ret = 1, q_len = 0;
+       unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
+       BIGNUM *pub_key = NULL, *priv_key = NULL;
+       int generate_new_key = 1;
+ 
+-       if (dh->priv_key == NULL)       {
+-               if ((dh->priv_key=BN_new()) == NULL)
+-                       goto sw_try;
+-       }
+       if (dh->priv_key)
+               priv_key = dh->priv_key;
+ 
+-       if (dh->pub_key == NULL) {
+-               if ((dh->pub_key=BN_new()) == NULL)
+-                       goto sw_try;
+-       }
+       if (dh->pub_key)
+               pub_key = dh->pub_key;
+ 
+-       g_len = BN_num_bytes(dh->p);
+       q_len = BN_num_bytes(dh->p);
+        /**
+         * Get generator into a plain buffer. If length is less than
+         * q_len then add leading padding bytes.
+         */
+-       if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
+       if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+               goto sw_try;
+       }
+
+       if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
+                DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+                goto sw_try;
+        }
+ 
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_GENERATE_KEY;
+-       if (bn2crparam(dh->p, &kop.crk_param[0]))
+-               goto sw_try;
+       kop.crk_param[0].crp_p = q;
+       kop.crk_param[0].crp_nbits = q_len * 8;
+        if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
+                goto sw_try;
+        kop.crk_param[2].crp_p = g;
+-       kop.crk_param[2].crp_nbits = g_len * 8;
+       kop.crk_param[2].crp_nbits = q_len * 8;
+        kop.crk_iparams = 3;
+ 
+       s = OPENSSL_malloc (q_len);
+       if (!s) {
+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+               goto sw_try;
+       }
+
+       w = OPENSSL_malloc (q_len);
+       if (!w) {
+               DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+               goto sw_try;
+       }
+
+        /* pub_key is or prime length while priv key is of length of order */
+-       if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
+-           BN_num_bytes(dh->q), dh->priv_key))
+       if (cryptodev_asym(&kop, q_len, w, q_len, s))
+            goto sw_try;
+ 
+       dh->pub_key = BN_bin2bn(w, q_len, pub_key);
+       dh->pub_key = BN_bin2bn(s, q_len, priv_key);
+        return ret;
+ sw_try:
+        {
+-- 
+2.3.5

diff --git a/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch new file mode 100644 index 0000000..8923cb6 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/qoriq/0016-Fixed-DH-keygen-pair-generator.patch
@@ -0,0 +1,100 @@
	1	From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
	2	From: Yashpal Dutta <yashpal.dutta@freescale.com>
	3	Date: Thu, 1 May 2014 06:35:45 +0545
	4	Subject: [PATCH 16/26] Fixed DH keygen pair generator
	5
	6	Upstream-status: Pending
	7
	8	Wrong Padding results into keygen length error
	9
	10	Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
	11	Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
	12	---
	13	crypto/engine/eng_cryptodev.c \| 50 ++++++++++++++++++++++++++++---------------
	14	1 file changed, 33 insertions(+), 17 deletions(-)
	15
	16	diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
	17	index dab8fea..13d924f 100644
	18	--- a/crypto/engine/eng_cryptodev.c
	19	+++ b/crypto/engine/eng_cryptodev.c
	20	@@ -3396,44 +3396,60 @@ sw_try:
	21	static int cryptodev_dh_keygen(DH *dh)
	22	{
	23	struct crypt_kop kop;
	24	- int ret = 1, g_len;
	25	- unsigned char *g = NULL;
	26	+ int ret = 1, q_len = 0;
	27	+ unsigned char q = NULL, g = NULL, s = NULL, w = NULL;
	28	+ BIGNUM pub_key = NULL, priv_key = NULL;
	29	+ int generate_new_key = 1;
	30
	31	- if (dh->priv_key == NULL) {
	32	- if ((dh->priv_key=BN_new()) == NULL)
	33	- goto sw_try;
	34	- }
	35	+ if (dh->priv_key)
	36	+ priv_key = dh->priv_key;
	37
	38	- if (dh->pub_key == NULL) {
	39	- if ((dh->pub_key=BN_new()) == NULL)
	40	- goto sw_try;
	41	- }
	42	+ if (dh->pub_key)
	43	+ pub_key = dh->pub_key;
	44
	45	- g_len = BN_num_bytes(dh->p);
	46	+ q_len = BN_num_bytes(dh->p);
	47	/**
	48	* Get generator into a plain buffer. If length is less than
	49	* q_len then add leading padding bytes.
	50	*/
	51	- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
	52	+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
	53	+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
	54	+ goto sw_try;
	55	+ }
	56	+
	57	+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
	58	DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
	59	goto sw_try;
	60	}
	61
	62	memset(&kop, 0, sizeof kop);
	63	kop.crk_op = CRK_DH_GENERATE_KEY;
	64	- if (bn2crparam(dh->p, &kop.crk_param[0]))
	65	- goto sw_try;
	66	+ kop.crk_param[0].crp_p = q;
	67	+ kop.crk_param[0].crp_nbits = q_len * 8;
	68	if (!dh->q \|\| bn2crparam(dh->q, &kop.crk_param[1]))
	69	goto sw_try;
	70	kop.crk_param[2].crp_p = g;
	71	- kop.crk_param[2].crp_nbits = g_len * 8;
	72	+ kop.crk_param[2].crp_nbits = q_len * 8;
	73	kop.crk_iparams = 3;
	74
	75	+ s = OPENSSL_malloc (q_len);
	76	+ if (!s) {
	77	+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
	78	+ goto sw_try;
	79	+ }
	80	+
	81	+ w = OPENSSL_malloc (q_len);
	82	+ if (!w) {
	83	+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
	84	+ goto sw_try;
	85	+ }
	86	+
	87	/* pub_key is or prime length while priv key is of length of order */
	88	- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
	89	- BN_num_bytes(dh->q), dh->priv_key))
	90	+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
	91	goto sw_try;
	92
	93	+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
	94	+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
	95	return ret;
	96	sw_try:
	97	{
	98	--
	99	2.3.5
	100